search for: ip_conntrack_standalone

...ld this have been my problem? . . . CC [M] net/ipv4/ipvs/ip_vs_nq.o CC [M] net/ipv4/ipvs/ip_vs_ftp.o scripts/Makefile.build:52: kbuild: net/ipv4/netfilter/Makefile - Usage of export-objs is obsolete in 2.6. Please fix! LD net/ipv4/netfilter/built-in.o CC [M] net/ipv4/netfilter/ip_conntrack_standalone.o In file included from include/linux/netfilter_ipv4/ip_conntrack.h:32, from net/ipv4/netfilter/ip_conntrack_standalone.c:35: include/linux/netfilter_ipv4/ip_conntrack_talk.h:7:43: error: linux/netfilter_ipv4/lockhelp.h: No such file or directory In file included from include/linu...

...t_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)) { ip_ct_refresh(conntrack, UDP_STREAM_TIMEOUT); /* Also, more likely to be important, and not a probe */ set_bit(IPS_ASSURED_BIT, &conntrack->status); diff -urN --exclude-from=3Ddiff.exclude linux-2.4.20-base/net/ipv4/netfilte= r/ip_conntrack_standalone.c linux-2.4.20-del/net/ipv4/netfilter/ip_conntrac= k_standalone.c --- linux-2.4.20-base/net/ipv4/netfilter/ip_conntrack_standalone.c Fri Nov = 29 00:53:15 2002 +++ linux-2.4.20-del/net/ipv4/netfilter/ip_conntrack_standalone.c Fri Feb 2= 1 21:10:37 2003 @@ -77,7 +77,7 @@ } =20 static unsigned int...

...lter/ip_conntrack_core.c patching file net/ipv4/netfilter/ip_conntrack_proto_tcp.c Hunk #1 FAILED at 192. 1 out of 1 hunk FAILED -- saving rejects to file net/ipv4/netfilter/ip_conntrack_proto_tcp.c.rej patching file net/ipv4/netfilter/ip_conntrack_proto_udp.c patching file net/ipv4/netfilter/ip_conntrack_standalone.c I used the patch from https://bugzilla.netfilter.org/cgi-bin/bugzilla/showattachment.cgi?attach_id=8 against a clean 2.4.20-kernel, but there seems to be missing one line. I modified the patch to include this line also, but I can't test it at the moment... ------- You are receiving...

...2]: Cambiando a directorio `/usr/src/linux-2.4.19/net/ipv4/netfilter' make[2]: Se elimina la dependencia circular /usr/src/linux-2.4.19/include/linux/netfilter_ipv4/ip_conntrack_helper.h <- /usr/src/linux-2.4.19/include/linux/netfilter_ipv4/ip_conntrack.h. ld -m elf_i386 -r -o ip_conntrack.o ip_conntrack_standalone.o ip_conntrack_core.o ip_conntrack_proto_generic.o ip_conntrack_proto_tcp.o ip_conntrack_proto_udp.o ip_conntrack_proto_icmp.o ld -m elf_i386 -r -o iptable_nat.o ip_nat_standalone.o ip_nat_rule.o ip_nat_core.o ip_nat_helper.o ip_nat_proto_unknown.o ip_nat_proto_tcp.o ip_nat_proto_udp.o ip_nat_proto...

...t, arrive very close together, then only the first one accepted by our software actually makes it back out to the wire; the others are silently dropped. Analysis We instrumented the kernel to find out where the drop was occurring. The code doing the dropping was ip_refrag() in net/ipv4/netfilter/ip_conntrack_standalone.c, specifically: /* We've seen it coming out the other side: confirm */ if (ip_confirm(hooknum, pskb, in, out, okfn) != NF_ACCEPT) return NF_DROP; The dropping is caused by a race between the first packet of a given tuple making it to confirmed state, and the a...

...every future iptables release to prevent this from happening again. The two bugs fixed from 1.2.6 are: 1) if you use the patch-o-matic/base/conntrack.patch, libipt_conntrack.c do= es not compile due to a typo. 2) if you use the patch-o-matic/submitted/ip_conntrack_protocol_unregister patch, ip_conntrack_standalone.c does not compile. Version 1.2.6a fixes both of bugs, it can be obtained from: http://www.netfilter.org/files/iptables-1.2.6a.tar.bz2 http://netfilter.samba.org/files/iptables-1.2.6a.tar.bz2 ftp://ftp.netfilter.org/pub/iptables/iptables-1.2.6a.tar.bz2 =09 More information can be found at the...

...-120,6 +120,7 @@ static int udp_error(struct sk_buff *skb * and moreover root might send raw packets. * FIXME: Source route IP option packets --RR */ @@ -103836,7 +103839,7 @@ : skb_checksum(skb, iph->ihl*4, udplen, 0))) { diff -Nurp pristine-linux-2.6.12/net/ipv4/netfilter/ip_conntrack_standalone.c linux-2.6.12-xen/net/ipv4/netfilter/ip_conntrack_standalone.c --- pristine-linux-2.6.12/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-06-17 21:48:29.000000000 +0200 -+++ linux-2.6.12-xen/net/ipv4/netfilter/ip_conntrack_standalone.c 2006-02-17 00:45:18.237520832 +0100 ++++ linux-2.6.12-xen/ne...

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=71 ------- Additional Comments From laforge@netfilter.org 2003-03-30 21:18 ------- First of all: You didn't even specify the particular kernel version you are running, not even mentioning which versions of which patches you are using (if any). Secondly, I don't see anything strange in this setup. DNAT with FTP sessions