Richard Knutsson [EMAIL PROTECTED] wrote:
diff -Narup a/drivers/net/dgrs.c b/drivers/net/dgrs.c
--- a/drivers/net/dgrs.c2005-11-19 20:17:51.0 +0100
+++ b/drivers/net/dgrs.c2005-11-19 20:29:52.0 +0100
@@ -1458,6 +1458,8 @@ static struct pci_driver
Herbert Xu wrote:
Richard Knutsson [EMAIL PROTECTED] wrote:
diff -Narup a/drivers/net/dgrs.c b/drivers/net/dgrs.c
--- a/drivers/net/dgrs.c2005-11-19 20:17:51.0 +0100
+++ b/drivers/net/dgrs.c2005-11-19 20:29:52.0 +0100
@@ -1458,6 +1458,8 @@ static struct
[IPV6]: Replace dst_output by ip6_dst_output
Preparation for netfilter IPsec support.
Signed-off-by: Patrick McHardy [EMAIL PROTECTED]
---
commit 73f59ffcebcd0a08f6a405c8522074e8b5892b73
tree 4be1e3bb174f611fa57ee6e1b8d9187e784c85ad
parent 4eb320a6444a9035da8a83e4886b3691a2ea98f7
author Patrick
[NETFILTER]: Export ip6_masked_addrcmp, don't pass IPv6 addresses on stack
Signed-off-by: Patrick McHardy [EMAIL PROTECTED]
---
commit 055c50b770e63ced784808ae22ef339724b1a44c
tree b8dc07727bb80b83c5b236f4157ed588927f46da
parent 8b46eb2d8365ab18cc965f37681033162a834fe5
author Patrick McHardy
[NETFILTER]: Use conntrack information to determine if packet was NATed
Preparation for full IPsec support for NAT:
Use conntrack information instead of saving the saving and comparing the
addresses to determine if a packet was NATed and needs to be rerouted to
make it easier to extend the key.
[NETFILTER]: Call POST_ROUTING hook before fragmentation
Call POST_ROUTING hook before fragmentation to get rid of the okfn use
in ip_refrag and save the useless fragmentation/defragmentation step
when NAT is used.
The patch introduces one user-visible change, the POSTROUTING chain
in the mangle
[NETFILTER]: Remove okfn usage in ip_vs_core.c
okfn should only be used from different contexts to avoid deep call stacks,
i.e. by nf_queue.
Acked-by: Julian Anastasov [EMAIL PROTECTED]
Signed-off-by: Patrick McHardy [EMAIL PROTECTED]
---
commit ebb0baec0a5e909d4acf16a15601f013093fefb3
tree
[IPV4]: Replace dst_output by ip_dst_output
Preparation for netfilter IPsec support.
Signed-off-by: Patrick McHardy [EMAIL PROTECTED]
---
commit 4eb320a6444a9035da8a83e4886b3691a2ea98f7
tree d31f7b331e06e1e598593c4095be7713e6fd3ba0
parent d3c70d774e32c4d6f4cc6b8b0b73678aa14a9932
author Patrick
[NETFILTER]: Add ipt_policy/ip6t_policy matches
Signed-off-by: Patrick McHardy [EMAIL PROTECTED]
---
commit ff88b88efc987d1267eccf01e16880458d189a25
tree 53c34259c195cf64903940f151becd967bcce74d
parent 055c50b770e63ced784808ae22ef339724b1a44c
author Patrick McHardy [EMAIL PROTECTED] Sat, 19 Nov
This is the latest netfilter/IPsec patchset. Its purpose is to make
IPsec look as much as a normal tunnel device to netfilter as possible
and to enable NAT support.
It consists of basically five parts:
- output hooks:
Currently on the output path netfilter sees the plain text packet in
Am Sonntag, 20. November 2005 17:31 schrieb Patrick McHardy:
Hi!
- policy lookups after NAT:
When NAT changes a packet it already calls ip_route_me_harder, which
reroutes the packet and does a new policy lookup. It only looks at
the IP addresses however, changing the port numbers require a
Joerg Platte wrote:
Am Sonntag, 20. November 2005 17:31 schrieb Patrick McHardy:
Hi!
- policy lookups after NAT:
When NAT changes a packet it already calls ip_route_me_harder, which
reroutes the packet and does a new policy lookup. It only looks at
the IP addresses however, changing the port
Has anything changed recently in how e1000 handles checksum
offload ? My desktop box has been rock solid for months,
but the last few weeks I've noticed a lot of timeouts
over http etc.
Further investigation with ethereal showed incorrect tcp checksums
on certain packets.
Disabling rx/tx offload
Dave Jones [EMAIL PROTECTED] wrote:
Has anything changed recently in how e1000 handles checksum
offload ? My desktop box has been rock solid for months,
but the last few weeks I've noticed a lot of timeouts
over http etc.
Further investigation with ethereal showed incorrect tcp checksums
On Mon, Nov 21, 2005 at 08:07:20AM +1100, Herbert Xu wrote:
Dave Jones [EMAIL PROTECTED] wrote:
Has anything changed recently in how e1000 handles checksum
offload ? My desktop box has been rock solid for months,
but the last few weeks I've noticed a lot of timeouts
over http etc.
On Mon, Nov 21, 2005 at 08:25:14AM +1100, Herbert Xu wrote:
On Sun, Nov 20, 2005 at 04:21:32PM -0500, Dave Jones wrote:
Hmm, that does make sense.
Maybe the problem exists elsewhere, as thinking more about it,
it's only certain sites that seem to have the problem
(I notice it
Am Sonntag, 20. November 2005 19:07 schrieb Patrick McHardy:
Hi!
You're right, that's the reason. Since the patches touch quite a lot of
code they won't make it in 2.6.15, though.
Hmm, I can wait for 2.6.16. But I tried to figure out what's going wrong a
couple of days. Now I know I'll just
Hi, Patrick,
From: Patrick McHardy [EMAIL PROTECTED]
Date: Sun, 20 Nov 2005 17:31:36 +0100
[IPV4/6]: Netfilter IPsec input hooks
When the innermost transform uses transport mode the decapsulated packet
is not visible to netfilter. Pass the packet through the PRE_ROUTING and
LOCAL_IN hooks
Applied, thanks Patrick.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Harald Welte [EMAIL PROTECTED]
Date: Sat, 19 Nov 2005 23:23:29 +0100
[NETFILTER] fixed dependencies between modules related with ip_conntrack
- IP_NF_CONNTRACK_MARK is bool and depends on only IP_NF_CONNTRACK
which is tristate. If a variable depends on IP_NF_CONNTRACK_MARK and
From: Harald Welte [EMAIL PROTECTED]
Date: Sat, 19 Nov 2005 11:39:08 +0100
[NETFILTER] Remove ARRAY_SIZE duplicate
Signed-off-by: Nicolas Kaiser [EMAIL PROTECTED]
Signed-off-by: Harald Welte [EMAIL PROTECTED]
Applied, thanks Harald.
-
To unsubscribe from this list: send the line unsubscribe
From: Patrick McHardy [EMAIL PROTECTED]
Date: Sat, 19 Nov 2005 06:51:27 +0100
Save a few bytes in struct sk_buff.
I nearly forgot we still had that wart around after the
SKB diet stuff.
Patch applied, thanks a lot.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body
From: Randy.Dunlap [EMAIL PROTECTED]
Date: Fri, 18 Nov 2005 23:07:35 -0800
Fix kernel-doc warnings in network files.
Signed-off-by: Randy Dunlap [EMAIL PROTECTED]
Applied, thanks Randy.
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL
Yasuyuki KOZAKAI wrote:
At first, now I could agree to use same name for hooks before/after xfrm
processing, if it's important to keep compatibility than to avoid difficulty
to use. Even now I think it's confusing to pass packets before/after xfrm to
same hook, and believe it's ideal to use
From: Patrick McHardy [EMAIL PROTECTED]
Date: Mon, 21 Nov 2005 07:52:36 +0100
I don't see why it is confusing. Plain text packets are visible before
encapsulation (and they have to be because we don't necessarily know
if packets will be encapsulated at the time the hooks are called in
case
David S. Miller [EMAIL PROTECTED] wrote:
I've read over Patrick's two most recent postings of these patches
and I think they are generally sane and I cannot find any holes in
them. Herbert brought up the legitimate concern about defragmentation,
but I think that's a detail and does not take
26 matches
Mail list logo
