xt_SYSRQ.c:156:3: error: too many arguments to function 'handle_sysrq'
Linux kernel commit v2.6.36-rc3~19^2~5 changed it and finally removed
the last unused argument.
This adds a "CHECKSUM" target, which can be used in the iptables mangle
table.
You can use this target to compute and fill in the checksum in a packet
that lacks a checksum. This is particularly useful, if you need to work
around old applications such as dhcp clients, that do not work well with
checksum offloads, but don't want to disable checksum offload in your
device.
The problem happens in the field with virtualized applications. For
reference, see Red Hat bz 605555, as well as
http://www.spinics.net/lists/kvm/msg37660.html
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Patrick McHardy explains in [1] that locally-generated packets (such
as the clones xt_TEE will create) usually start with no iif and no
mark value, and even if cloned packets are a little more special than
locally-generated ones, let's do it that way.
[1] http://marc.info/?l=netfilter-devel&m=127012289008156&w=2
After testing I decide to write my patch to bittorrent GET commands
from xt_ipp2p.c because old procedure is useless for modified and/or
private trackers.
BTW: info_hash may be 3rd argument, passkey (private trackers) may be
1st argument (or not) etc. so we need to search.
There is another mistake in the code. I have checked the Gnutella
protocol specification -- looks like the line separation is 0x0d-0x0a
and not 0x0a-0x0d (it seemed obvious but I was not sure and thought
they cannot have possibly got that wrong...). It would certainly
explain why I have never seen a match on any of my systems.
Report by: Christian Blum <chrblum@users.sourceforge.net>
"I have found that they panic in an interrupt within xt_ipp2p, function
search_all_gnu(). It's a bounds checking problem; when I add this [a
check for plen >= 65535] at the beginning [of the function] the
servers run fine (very similar to find_all_kazaa())."
It is no longer possible to specify gc_expir_time with a time lower
than its default value (65000 msecs). This is to avoid running
peer_gc() earlier than 1 minute [well, 65 s actually] in the future,
which would otherwise render anti-spoof protection in SPA mode
non-functional.
ip_set.c:42:8: warning: type defaults to 'int' in declaration of
'DECLARE_MUTEX'
2.6.31-rt has cleaned up the naming mess in semaphore.h. Without
making use of #if hackery, we can use struct semaphore as declaration
plus an explicit sema_init() call.
