From f8c50e97880f3354bb9f6caf590802fa393d483b Mon Sep 17 00:00:00 2001 From: victek Date: Fri, 27 Sep 2013 05:47:48 +0200 Subject: [PATCH] kernel: netfilter: nf_conntrack: fix event flooding in GRE protocol tracker nvram: delete non used variables. --- .../src-rt/linux/linux-2.6/net/ipv4/netfilter.c | 3 +- .../net/netfilter/nf_conntrack_proto_gre.c | 4 +-- release/src/router/nvram/defaults.c | 38 ++++++++++++++++++---- 3 files changed, 35 insertions(+), 10 deletions(-) diff --git a/release/src-rt/linux/linux-2.6/net/ipv4/netfilter.c b/release/src-rt/linux/linux-2.6/net/ipv4/netfilter.c index ebae967917..ff72a623c1 100644 --- a/release/src-rt/linux/linux-2.6/net/ipv4/netfilter.c +++ b/release/src-rt/linux/linux-2.6/net/ipv4/netfilter.c @@ -68,7 +68,8 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type) /* Change in oif may mean change in hh_len. */ hh_len = skb->dst->dev->hard_header_len; if (skb_headroom(skb) < hh_len && - pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC)) + pskb_expand_head(skb, HH_DATA_ALIGN(hh_len - skb_headroom(skb)), + 0, GFP_ATOMIC)) return -1; return 0; diff --git a/release/src-rt/linux/linux-2.6/net/netfilter/nf_conntrack_proto_gre.c b/release/src-rt/linux/linux-2.6/net/netfilter/nf_conntrack_proto_gre.c index 71ac8cf5d8..970f0a1205 100644 --- a/release/src-rt/linux/linux-2.6/net/netfilter/nf_conntrack_proto_gre.c +++ b/release/src-rt/linux/linux-2.6/net/netfilter/nf_conntrack_proto_gre.c @@ -233,8 +233,8 @@ static int gre_packet(struct nf_conn *ct, nf_ct_refresh_acct(ct, ctinfo, skb, ct->proto.gre.stream_timeout); /* Also, more likely to be important, and not a probe. */ - set_bit(IPS_ASSURED_BIT, &ct->status); - nf_conntrack_event_cache(IPCT_STATUS, skb); + if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status)) + nf_conntrack_event_cache(IPCT_STATUS, skb); } else nf_ct_refresh_acct(ct, ctinfo, skb, ct->proto.gre.timeout); diff --git a/release/src/router/nvram/defaults.c b/release/src/router/nvram/defaults.c index 8532c261fa..6f826bbdec 100644 --- a/release/src/router/nvram/defaults.c +++ b/release/src/router/nvram/defaults.c @@ -446,7 +446,7 @@ const defaults_t defaults[] = { { "block_wan_limit", "1" }, { "block_wan_limit_icmp", "1" }, { "block_wan_limit_tr", "5" }, - { "multicast_pass", "0" }, // enable multicast proxy + { "multicast_pass", "0" }, // enable igmpproxy/multicast proxy #ifdef TCONFIG_VLAN { "multicast_lan", "0" }, // on LAN (br0) { "multicast_lan1", "0" }, // on LAN1 (br1) @@ -549,12 +549,6 @@ const defaults_t defaults[] = { { "ne_vbeta", "6" }, // " { "ne_vgamma", "2" }, // " -// qos-bw-limiter - { "qosl_enable", "0" }, -// { "qosl_obw", "" }, //unused - used qos_obw -// { "qosl_ibw", "" }, //unused - used qos_obw - { "qosl_rules", "" }, - // access restrictions { "rruleN", "0" }, { "rrule0", "0|1320|300|31|||word text\n^begins-with.domain.\n.ends-with.net$\n^www.exact-domain.net$|0|example" }, @@ -1037,6 +1031,36 @@ const defaults_t defaults[] = { #endif // 0 +// new_qoslimit + { "new_qoslimit_enable", "0" }, + { "new_qoslimit_rules", "" }, + { "qosl_enable", "0" }, + { "qosl_tcp", "0" },//unlimited + { "qosl_udp", "0" },//unlimited + { "qosl_dlc", "" }, + { "qosl_ulc", "" }, + { "qosl_dlr", "" }, + { "qosl_ulr", "" }, + { "limit_br1_enable", "0" }, + { "limit_br1_dlc", "" }, + { "limit_br1_ulc", "" }, + { "limit_br1_dlr", "" }, + { "limit_br1_ulr", "" }, + { "limit_br1_prio", "2" }, + { "limit_br2_enable", "0" }, + { "limit_br2_dlc", "" }, + { "limit_br2_ulc", "" }, + { "limit_br2_dlr", "" }, + { "limit_br2_ulr", "" }, + { "limit_br2_prio", "2" }, + { "limit_br3_enable", "0" }, + { "limit_br3_dlc", "" }, + { "limit_br3_ulc", "" }, + { "limit_br3_dlr", "" }, + { "limit_br3_ulr", "" }, + { "limit_br3_prio", "2" }, + + // arpbind { "arpbind_enable", "0" }, { "arpbind_only", "0" }, -- 2.11.4.GIT