X-Git-Url: https://git.pld-linux.org/?a=blobdiff_plain;f=kernel-layer7.patch;h=b7390a088f5546dcd0f3b19e466d02ef692ef520;hb=7c5fbea72f111afa38e34dbf1c05d24cc9facd0c;hp=1c9aa8e9774067a35967dff2a12a167fbd2cb0d7;hpb=7eafdf330601e21a3c580c1193cf04178a458e29;p=packages%2Fkernel.git

diff --git a/kernel-layer7.patch b/kernel-layer7.patch
index 1c9aa8e9..b7390a08 100644
--- a/kernel-layer7.patch
+++ b/kernel-layer7.patch
@@ -2050,7 +2050,7 @@
 --- linux-2.6.28-stock/net/netfilter/nf_conntrack_core.c	2009-01-07 16:05:35.000000000 -0600
 +++ linux-2.6.28/net/netfilter/nf_conntrack_core.c	2009-01-07 16:07:31.000000000 -0600
 @@ -201,6 +201,14 @@ destroy_conntrack(struct nf_conntrack *n
- 	 * too. */
+ 	 */
  	nf_ct_remove_expectations(ct);
  
 +	#if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
@@ -2061,14 +2061,14 @@
 +	#endif
 +
 +
- 	/* We overload first tuple to link into unconfirmed list. */
- 	if (!nf_ct_is_confirmed(ct)) {
- 		BUG_ON(hlist_unhashed(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnode));
+ 	nf_ct_del_from_dying_or_unconfirmed_list(ct);
+ 
+ 	local_bh_enable();
 --- linux-2.6.28-stock/net/netfilter/nf_conntrack_standalone.c	2009-01-07 16:05:35.000000000 -0600
 +++ linux-2.6.28/net/netfilter/nf_conntrack_standalone.c	2009-01-07 16:07:31.000000000 -0600
 @@ -165,6 +165,12 @@ static int ct_seq_show(struct seq_file *
- 		return -ENOSPC;
- #endif
+ 	ct_show_zone(s, ct, NF_CT_DEFAULT_ZONE_DIR);
+ 	ct_show_delta_time(s, ct);
  
 +#if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
 +	if(ct->layer7.app_proto &&
@@ -2076,17 +2076,17 @@
 +		return -ENOSPC;
 +#endif
 +
- 	if (seq_printf(s, "use=%u\n", atomic_read(&ct->ct_general.use)))
- 		return -ENOSPC;
+ 	seq_printf(s, "use=%u\n", atomic_read(&ct->ct_general.use));
  
+ 	if (seq_has_overflowed(s))
 --- linux-2.6.28-stock/include/net/netfilter/nf_conntrack.h	2009-01-07 16:05:30.000000000 -0600
 +++ linux-2.6.28/include/net/netfilter/nf_conntrack.h	2009-01-07 16:07:31.000000000 -0600
-@@ -118,6 +118,22 @@ struct nf_conn
- 	struct net *ct_net;
- #endif
+@@ -120,6 +120,22 @@ struct nf_conn {
+ 	/* Extensions */
+ 	struct nf_ct_ext *ext;
  
 +#if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || \
-+    defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
++	defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
 +	struct {
 +		/*
 +		 * e.g. "http". NULL before decision. "unknown" after decision
@@ -2103,7 +2103,7 @@
 +
  	/* Storage reserved for other modules, must be the last member */
  	union nf_conntrack_proto proto;
- 
+ };
 --- linux-2.6.28-stock/include/linux/netfilter/xt_layer7.h	1969-12-31 18:00:00.000000000 -0600
 +++ linux-2.6.28/include/linux/netfilter/xt_layer7.h	2009-01-07 16:07:31.000000000 -0600
 @@ -0,0 +1,13 @@