Re: [PATCH] Warn people that ipchains and ipfwadm are going away.
From: Patrick McHardy
Date: Tue Sep 21 2004 - 19:18:31 EST
Marc Ballarin wrote:
On Tue, 21 Sep 2004 15:36:00 -0700
"David S. Miller" <davem@xxxxxxxxxxxxx> wrote:
You can't have ipchains and iptables loaded at the same time.
You must first manually unload iptables, then you can
successfully load the ipchains module.
Yes, I know, something seems strange here.
Fixed by this patch. The conntrack protocols need ip_ct_log_invalid
which is defined in ip_conntrack_standalone, so ip_conntrack is
loaded automatically before ipchains. This patch moves it over to
ip_conntrack_core.
Dave, please apply on top of the other netfilter patches.
Regards
Patrick
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/09/22 02:04:02+02:00 kaber@xxxxxxxxxxxx
# {NETFILTER]: Move ip_ct_log_invalid to ip_conntrack_core.c
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
#
# net/ipv4/netfilter/ip_conntrack_standalone.c
# 2004/09/22 02:03:37+02:00 kaber@xxxxxxxxxxxx +0 -2
# {NETFILTER]: Move ip_ct_log_invalid to ip_conntrack_core.c
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
#
# net/ipv4/netfilter/ip_conntrack_core.c
# 2004/09/22 02:03:37+02:00 kaber@xxxxxxxxxxxx +1 -0
# {NETFILTER]: Move ip_ct_log_invalid to ip_conntrack_core.c
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
#
diff -Nru a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
--- a/net/ipv4/netfilter/ip_conntrack_core.c 2004-09-22 02:10:28 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_core.c 2004-09-22 02:10:28 +02:00
@@ -74,6 +74,7 @@
static kmem_cache_t *ip_conntrack_cachep;
static kmem_cache_t *ip_conntrack_expect_cachep;
struct ip_conntrack ip_conntrack_untracked;
+unsigned int ip_ct_log_invalid;
DEFINE_PER_CPU(struct ip_conntrack_stat, ip_conntrack_stat);
diff -Nru a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-09-22 02:10:28 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-09-22 02:10:28 +02:00
@@ -48,8 +48,6 @@
extern atomic_t ip_conntrack_count;
DECLARE_PER_CPU(struct ip_conntrack_stat, ip_conntrack_stat);
-unsigned int ip_ct_log_invalid = 0;
-
static int kill_proto(const struct ip_conntrack *i, void *data)
{
return (i->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum ==