search for: ctinfo

...struct tcphdr *tcph,=20 } =09 =20 -/* TCP SACK sequence number adjustment, return 0 if sack found and adjuste= d */ -static inline int +/* TCP SACK sequence number adjustment. */ +static inline void ip_nat_sack_adjust(struct sk_buff *skb, - struct ip_conntrack *ct, - enum ip_conntrack_info ctinfo) + struct ip_conntrack *ct, + enum ip_conntrack_info ctinfo) { - struct iphdr *iph; struct tcphdr *tcph; - unsigned char *ptr; - int length, dir, sack_adjusted =3D 0; + unsigned char *ptr, *optend; + unsigned int dir; =20 - iph =3D skb->nh.iph; - tcph =3D (void *)iph + iph->ihl*4;...

...} else { /* Once we've had two way comms, always ESTABLISHED. */ - if (h->ctrack->status & IPS_SEEN_REPLY) { + if (test_bit(IPS_SEEN_REPLY_BIT, &h->ctrack->status)) { DEBUGP("ip_conntrack_in: normal packet for %p\n", h->ctrack); *ctinfo =3D IP_CT_ESTABLISHED; - } else if (h->ctrack->status & IPS_EXPECTED) { + } else if (test_bit(IPS_EXPECTED_BIT, &h->ctrack->status)) { DEBUGP("ip_conntrack_in: related packet for %p\n", h->ctrack); *ctinfo =3D IP_CT_RELATED; diff -urN --exclude-...

...er box. * if the connection is not initiated, but accepted As SNAT happens at NF_IP_POST_ROUTING, reply translation will be performed at NF_IP_PRE_ROUTING. The following DEBUG output shows what happens (enabled DEBUGP at the top of ip_nat_core.c): icmp reply translation, ct=c3617480, hooknum=0, ctinfo=4 icmp_reply_translation: translating error c396f260 hook 0 dir REPLY, num_manips=2 icmp_reply: manip 0 dir ORIG hook 4 icmp_reply: manip 1 dir REPLY hook 0 icmp_reply: outer DST -> 192.168.131.124 As it seems the inner manip is not called, as it is registered to hook 4 (POST_ROUTING, ORIG) As...

Hello, I'm having problem setting up filtering traffic for a virtual machine managed by libvirt. Strange thing is, such a setup has been working fine for me on an older version of distro (namely, opensuse 11.3 w/updates, kernel 2.6.34, libvirt 0.8.8) but refused to work on shiny new opensuse 12.4 (kernel 3.7.10, libvirt 1.0.2). The definition of filter in question is pretty simple: