From: Rusty Russell <rusty@rustcorp.com.au> To: netfilter-devel@lists.samba.org, netfilter@lists.samba.org Subject: [PATCH] Proposed patch for 2.4.4 Date: Sun, 22 Apr 2001 17:11:59 +1000 This largish patch (against 2.4.3), hence it's mimencoded. Will be posted to Linus shortly if it's OK (it needs testing by volunteers still, please!): Fixes: (1) FTP fix: use "loose=1" to ip_conntrack_ftp for old behaviour. That user is still out there... (2) conntrack SMP fix: should prevent nasty races Double kfree & boom, DELETE messages... (3) mtr ICMP fix: stop mtr showing massive packet loss Untracked replies dropped by NAT... (4) NAT module reload fix Reloading the NAT module could get old NAT data. (5) MASQ dynamic address fix Just shows I never use dial-on-demand... [ Not the one in patch-o-matic: that breaks PPP ] Changes: (1) Untracked packets ACCEPTED by NAT Conntrack now drops packet itself if OOM. (2) conntrack helpers see all packets protocol->new now returns TRUE or FALSE. (3) balance tweak More balanced when NATting to a range of addresses. (4) ftp multi patch Harald's FTP multiport patch. (5) nat+conntrack hashsize Slightly modified so ipchains.o should work: nat uses ip_conntrack's hash size value. (6) seqoffset patch (7) IRC Finally... Omitted: (1) dropped table patch I'm adding dropped calls everywhere (eg. packet filtering code), but it's taking time. Thanks! Rusty. -- Premature optmztion is rt of all evl. --DK