1
linux/net/ipv4/netfilter
Jan Engelhardt f3c5c1bfd4 netfilter: xtables: make ip_tables reentrant
Currently, the table traverser stores return addresses in the ruleset
itself (struct ip6t_entry->comefrom). This has a well-known drawback:
the jumpstack is overwritten on reentry, making it necessary for
targets to return absolute verdicts. Also, the ruleset (which might
be heavy memory-wise) needs to be replicated for each CPU that can
possibly invoke ip6t_do_table.

This patch decouples the jumpstack from struct ip6t_entry and instead
puts it into xt_table_info. Not being restricted by 'comefrom'
anymore, we can set up a stack as needed. By default, there is room
allocated for two entries into the traverser.

arp_tables is not touched though, because there is just one/two
modules and further patches seek to collapse the table traverser
anyhow.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2010-04-19 16:05:10 +02:00
..
arp_tables.c netfilter: xtables: make ip_tables reentrant 2010-04-19 16:05:10 +02:00
arpt_mangle.c netfilter: xtables: change xt_target.checkentry return type 2010-03-25 16:04:33 +01:00
arptable_filter.c netfilter: xtables: generate initial table on-demand 2010-02-10 17:50:47 +01:00
ip_queue.c netfilter: only do skb_checksum_help on CHECKSUM_PARTIAL in ip_queue 2010-04-08 14:52:28 +02:00
ip_tables.c netfilter: xtables: make ip_tables reentrant 2010-04-19 16:05:10 +02:00
ipt_addrtype.c netfilter: xtables: change matches to return error code 2010-03-25 16:55:24 +01:00
ipt_ah.c netfilter: xtables: change matches to return error code 2010-03-25 16:55:24 +01:00
ipt_CLUSTERIP.c netfilter: CLUSTERIP: clusterip_seq_stop() fix 2010-04-01 12:54:09 +02:00
ipt_ecn.c netfilter: xtables: change matches to return error code 2010-03-25 16:55:24 +01:00
ipt_ECN.c netfilter: xtables: change targets to return error code 2010-03-25 16:55:49 +01:00
ipt_LOG.c netfilter: ipt_LOG/ip6t_LOG: use more appropriate log level as default 2010-04-15 19:09:01 +02:00
ipt_MASQUERADE.c netfilter: xtables: change targets to return error code 2010-03-25 16:55:49 +01:00
ipt_NETMAP.c netfilter: xtables: change targets to return error code 2010-03-25 16:55:49 +01:00
ipt_REDIRECT.c netfilter: xtables: change targets to return error code 2010-03-25 16:55:49 +01:00
ipt_REJECT.c netfilter: xtables: change targets to return error code 2010-03-25 16:55:49 +01:00
ipt_ULOG.c netfilter: xtables: change targets to return error code 2010-03-25 16:55:49 +01:00
iptable_filter.c netfilter: xtables: generate initial table on-demand 2010-02-10 17:50:47 +01:00
iptable_mangle.c netfilter: iptables: remove unused function arguments 2010-02-15 16:56:51 +01:00
iptable_raw.c netfilter: xtables: generate initial table on-demand 2010-02-10 17:50:47 +01:00
iptable_security.c netfilter: xtables: generate initial table on-demand 2010-02-10 17:50:47 +01:00
Kconfig netfilter: Kconfig spelling fixes (trivial) 2009-03-16 15:17:23 +01:00
Makefile netfilter: Combine ipt_ttl and ip6t_hl source 2009-02-18 18:39:31 +01:00
nf_conntrack_l3proto_ipv4_compat.c netfilter: nf_conntrack: fix hash resizing with namespaces 2010-02-08 11:18:07 -08:00
nf_conntrack_l3proto_ipv4.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_proto_icmp.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_defrag_ipv4.c netfilter: nf_defrag_ipv4: fix compilation error with NF_CONNTRACK=n 2010-02-18 19:04:44 +01:00
nf_nat_amanda.c
nf_nat_core.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_nat_ftp.c netfilter: nf_nat_ftp: remove (*mangle[]) array and functions, use %pI4 2010-01-11 11:49:51 +01:00
nf_nat_h323.c netfilter: remove unused headers in net/ipv4/netfilter/nf_nat_h323.c 2010-03-19 16:04:10 +01:00
nf_nat_helper.c netfilter: nf_nat: support mangling a single TCP packet multiple times 2010-02-11 12:27:09 +01:00
nf_nat_irc.c net: replace NIPQUAD() in net/ipv4/netfilter/ 2008-10-31 00:53:08 -07:00
nf_nat_pptp.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_nat_proto_common.c nf_nat: use secure_ipv4_port_ephemeral() for NAT port randomization 2008-08-18 21:32:32 -07:00
nf_nat_proto_dccp.c [NETFILTER]: nf_conntrack: const annotations in nf_conntrack_sctp, nf_nat_proto_gre 2008-04-14 11:15:54 +02:00
nf_nat_proto_gre.c [NETFILTER]: nf_conntrack: const annotations in nf_conntrack_sctp, nf_nat_proto_gre 2008-04-14 11:15:54 +02:00
nf_nat_proto_icmp.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_sctp.c netfilter: Fix extra semi-colon in skb_walk_frags() changes. 2009-06-09 18:05:28 -07:00
nf_nat_proto_tcp.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_udp.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_udplite.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_unknown.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_rule.c netfilter: xtables: change targets to return error code 2010-03-25 16:55:49 +01:00
nf_nat_sip.c netfilter: nf_nat_sip: add TCP support 2010-02-11 12:29:38 +01:00
nf_nat_snmp_basic.c netfilter: SNMP NAT: correct the size argument to kzalloc 2010-01-04 15:21:31 +01:00
nf_nat_standalone.c netfilter: fix some coding styles and remove moduleparam.h 2010-04-13 11:25:41 +02:00
nf_nat_tftp.c netfilter: fix some coding styles and remove moduleparam.h 2010-04-13 11:25:41 +02:00