In message <199912041642.TAA31099@xxxxxxxxxxxxx> you write:
> Paul, I am sorry, but it is principial position. Code must be optimal,
> fragmention by ip_fragment() is deprecated. It is usable, but programmer
> _must_ take care of fragmentation itself exactly to feel that he does
> something wrong.
Linus, please apply.
OK. This means that my conntrack code needs to *refragment* as the
very last thing (eg. `ip_fragment(skb, ip_finish_output2)').
This means that ip_fragment() needs to copy skb->dev, and that the
hooks need access to the okfn for this special case. Pretty icky, but
fragmentation always is.
--- linux-2.3-official/net/ipv4/ip_output.c Tue Nov 30 17:58:59 1999
+++ linux-2.3/net/ipv4/ip_output.c Thu Dec 16 17:36:17 1999
@@ -850,6 +854,7 @@
if (skb->sk)
skb_set_owner_w(skb2, skb->sk);
skb2->dst = dst_clone(skb->dst);
+ skb2->dev = skb->dev;
/*
* Copy the packet header into the new buffer.
diff -urN --minimal --exclude *.lds --exclude autoconf.h --exclude compile.h
--exclude version.h --exclude .* --exclude *.[oa] --exclude *.orig --exclude
config --exclude asm --exclude modules --exclude *.[Ss] --exclude System.map
--exclude consolemap_deftbl.c --exclude *~ --exclude TAGS --exclude tags
--exclude modversions.h --exclude install-kernel
linux-2.3-official/include/linux/netfilter.h linux-2.3/include/linux/netfilter.h
--- linux-2.3-official/include/linux/netfilter.h Fri Dec 10 18:40:14 1999
+++ linux-2.3/include/linux/netfilter.h Sun Dec 12 17:04:37 1999
@@ -36,7 +36,8 @@
typedef unsigned int nf_hookfn(unsigned int hooknum,
struct sk_buff **skb,
const struct net_device *in,
- const struct net_device *out);
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *));
typedef unsigned int nf_cacheflushfn(const void *packet,
const struct net_device *in,
diff -urN --minimal --exclude *.lds --exclude autoconf.h --exclude compile.h
--exclude version.h --exclude .* --exclude *.[oa] --exclude *.orig --exclude
config --exclude asm --exclude modules --exclude *.[Ss] --exclude System.map
--exclude consolemap_deftbl.c --exclude *~ --exclude TAGS --exclude tags
--exclude modversions.h --exclude install-kernel
linux-2.3-official/net/core/netfilter.c linux-2.3/net/core/netfilter.c
--- linux-2.3-official/net/core/netfilter.c Tue Nov 30 17:58:19 1999
+++ linux-2.3/net/core/netfilter.c Sun Dec 12 17:07:22 1999
@@ -353,11 +353,12 @@
int hook,
const struct net_device *indev,
const struct net_device *outdev,
- struct list_head **i)
+ struct list_head **i,
+ int (*okfn)(struct sk_buff *))
{
for (*i = (*i)->next; *i != head; *i = (*i)->next) {
struct nf_hook_ops *elem = (struct nf_hook_ops *)*i;
- switch (elem->hook(hook, skb, indev, outdev)) {
+ switch (elem->hook(hook, skb, indev, outdev, okfn)) {
case NF_QUEUE:
NFDEBUG("nf_iterate: NF_QUEUE for %p.\n", *skb);
return NF_QUEUE;
@@ -471,7 +472,7 @@
read_lock_bh(&nf_lock);
elem = &nf_hooks[pf][hook];
verdict = nf_iterate(&nf_hooks[pf][hook], &skb, hook, indev,
- outdev, &elem);
+ outdev, &elem, okfn);
if (verdict == NF_QUEUE) {
NFDEBUG("nf_hook: Verdict = QUEUE.\n");
nf_queue(skb, elem, pf, hook, indev, outdev, okfn);
@@ -553,7 +554,8 @@
skb->nfmark = mark;
verdict = nf_iterate(&nf_hooks[info->pf][info->hook],
&skb, info->hook,
- info->indev, info->outdev, &elem);
+ info->indev, info->outdev, &elem,
+ info->okfn);
}
if (verdict == NF_QUEUE) {
--
Hacking time.
|