Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says: ==================== The following batch contains Netfilter/IPVS updates for net-next, they are: * Enforce policy to several nfnetlink subsystem, from Daniel Borkmann. * Use xt_socket to match the third packet (to perform simplistic socket-based stateful filtering), from Eric Dumazet. * Avoid large timeout for picked up from the middle TCP flows, from Florian Westphal. * Exclude IPVS from struct net if IPVS is disabled and removal of unnecessary included header file, from JunweiZhang. * Release SCTP connection immediately under load, to mimic current TCP behaviour, from Julian Anastasov. * Replace and enhance SCTP state machine, from Julian Anastasov. * Add tweak to reduce sync traffic in the presence of persistence, also from Julian Anastasov. * Add tweak for the IPVS SH scheduler not to reject connections directed to a server, choose a new one instead, from Alexander Frolkin. * Add support for sloppy TCP and SCTP modes, that creates state information on any packet, not only initial handshake packets, from Alexander Frolkin. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
4e144d3a80
29 changed files with 531 additions and 822 deletions
|
@ -20,6 +20,12 @@
|
|||
#define IP_VS_SVC_F_PERSISTENT 0x0001 /* persistent port */
|
||||
#define IP_VS_SVC_F_HASHED 0x0002 /* hashed entry */
|
||||
#define IP_VS_SVC_F_ONEPACKET 0x0004 /* one-packet scheduling */
|
||||
#define IP_VS_SVC_F_SCHED1 0x0008 /* scheduler flag 1 */
|
||||
#define IP_VS_SVC_F_SCHED2 0x0010 /* scheduler flag 2 */
|
||||
#define IP_VS_SVC_F_SCHED3 0x0020 /* scheduler flag 3 */
|
||||
|
||||
#define IP_VS_SVC_F_SCHED_SH_FALLBACK IP_VS_SVC_F_SCHED1 /* SH fallback */
|
||||
#define IP_VS_SVC_F_SCHED_SH_PORT IP_VS_SVC_F_SCHED2 /* SH use port */
|
||||
|
||||
/*
|
||||
* Destination Server Flags
|
||||
|
|
|
@ -105,5 +105,7 @@ enum nfqnl_attr_config {
|
|||
#define NFQA_SKB_CSUMNOTREADY (1 << 0)
|
||||
/* packet is GSO (i.e., exceeds device mtu) */
|
||||
#define NFQA_SKB_GSO (1 << 1)
|
||||
/* csum not validated (incoming device doesn't support hw checksum, etc.) */
|
||||
#define NFQA_SKB_CSUM_NOTVERIFIED (1 << 2)
|
||||
|
||||
#endif /* _NFNETLINK_QUEUE_H */
|
||||
|
|
|
@ -5,10 +5,17 @@
|
|||
|
||||
enum {
|
||||
XT_SOCKET_TRANSPARENT = 1 << 0,
|
||||
XT_SOCKET_NOWILDCARD = 1 << 1,
|
||||
};
|
||||
|
||||
struct xt_socket_mtinfo1 {
|
||||
__u8 flags;
|
||||
};
|
||||
#define XT_SOCKET_FLAGS_V1 XT_SOCKET_TRANSPARENT
|
||||
|
||||
struct xt_socket_mtinfo2 {
|
||||
__u8 flags;
|
||||
};
|
||||
#define XT_SOCKET_FLAGS_V2 (XT_SOCKET_TRANSPARENT | XT_SOCKET_NOWILDCARD)
|
||||
|
||||
#endif /* _XT_SOCKET_H */
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue