X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=kernel-layer7.patch;h=c06af650d6250d059ee10c47da6f5022850fa4eb;hb=dbd15e1ddf260d744160f50480502f3b9145d438;hp=991dd4bf401637d9c8938e6d33ea290d78afdba4;hpb=bd014f2d5af961f0c14ff2df20e1501ac0f12646;p=packages%2Fkernel.git

diff --git a/kernel-layer7.patch b/kernel-layer7.patch
index 991dd4bf..c06af650 100644
--- a/kernel-layer7.patch
+++ b/kernel-layer7.patch
@@ -118,7 +118,7 @@
 +	acct = nf_conn_acct_find(ct);
 +	if (!acct)
 +		return 0;
-+	return (acct[IP_CT_DIR_ORIGINAL].packets + acct[IP_CT_DIR_REPLY].packets);
++	return (atomic64_read(&acct[IP_CT_DIR_ORIGINAL].packets) + atomic64_read(&acct[IP_CT_DIR_REPLY].packets));
 +#endif
 +}
 +
@@ -2061,14 +2061,14 @@
 +	#endif
 +
 +
- 	/* We overload first tuple to link into unconfirmed list. */
- 	if (!nf_ct_is_confirmed(ct)) {
- 		BUG_ON(hlist_unhashed(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnode));
+ 	/* We overload first tuple to link into unconfirmed or dying list.*/
+ 	BUG_ON(hlist_nulls_unhashed(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode));
+ 	hlist_nulls_del_rcu(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode);
 --- linux-2.6.28-stock/net/netfilter/nf_conntrack_standalone.c	2009-01-07 16:05:35.000000000 -0600
 +++ linux-2.6.28/net/netfilter/nf_conntrack_standalone.c	2009-01-07 16:07:31.000000000 -0600
 @@ -165,6 +165,12 @@ static int ct_seq_show(struct seq_file *
- 		return -ENOSPC;
- #endif
+ 
+ 	ct_show_delta_time(s, ct);
  
 +#if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
 +	if(ct->layer7.app_proto &&
@@ -2076,17 +2076,17 @@
 +		return -ENOSPC;
 +#endif
 +
- 	if (seq_printf(s, "use=%u\n", atomic_read(&ct->ct_general.use)))
- 		return -ENOSPC;
+ 	seq_printf(s, "use=%u\n", atomic_read(&ct->ct_general.use));
  
+ 	if (seq_has_overflowed(s))
 --- linux-2.6.28-stock/include/net/netfilter/nf_conntrack.h	2009-01-07 16:05:30.000000000 -0600
 +++ linux-2.6.28/include/net/netfilter/nf_conntrack.h	2009-01-07 16:07:31.000000000 -0600
-@@ -118,6 +118,22 @@ struct nf_conn
- 	struct net *ct_net;
- #endif
+@@ -120,6 +120,22 @@ struct nf_conn {
+ 	/* Extensions */
+ 	struct nf_ct_ext *ext;
  
 +#if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || \
-+    defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
++	defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
 +	struct {
 +		/*
 +		 * e.g. "http". NULL before decision. "unknown" after decision
@@ -2103,7 +2103,7 @@
 +
  	/* Storage reserved for other modules, must be the last member */
  	union nf_conntrack_proto proto;
- 
+ };
 --- linux-2.6.28-stock/include/linux/netfilter/xt_layer7.h	1969-12-31 18:00:00.000000000 -0600
 +++ linux-2.6.28/include/linux/netfilter/xt_layer7.h	2009-01-07 16:07:31.000000000 -0600
 @@ -0,0 +1,13 @@