[NETFILTER]: nf_nat: kill helper and seq_adjust hooks

Connection tracking helpers (specifically FTP) need to be called before NAT sequence numbers adjustments are performed to be able to compare them against previously seen ones. We've introduced two new hooks around 2.6.11 to maintain this ordering when NAT modules were changed to get called from conntrack helpers directly. The cost of netfilter hooks is quite high and sequence number adjustments are only rarely needed however. Add a RCU-protected sequence number adjustment function pointer and call it from IPv4 conntrack after calling the helper. Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Patrick McHardy <kaber@trash.net> 2008-04-14 09:15:52 (GMT)
committer: Patrick McHardy <kaber@trash.net> 2008-04-14 09:15:52 (GMT)
commit: dd13b010368f85dfa59364ba87bfe8ae930b2832 (patch)
tree: f7f0a8fa77858674564aeb614499f40dd3c6dcd8 /include/linux/netfilter_ipv4.h
parent: 55871d04793d9c069ee277b1e98794b88d92ed80 (diff)
download: linux-fsl-qoriq-dd13b010368f85dfa59364ba87bfe8ae930b2832.tar.xz
1 files changed, 0 insertions, 2 deletions
diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h
index 9a10092..650318b 100644
--- a/include/linux/netfilter_ipv4.h
+++ b/include/linux/netfilter_ipv4.h
@@ -62,8 +62,6 @@ enum nf_ip_hook_priorities {
 	NF_IP_PRI_FILTER = 0,
 	NF_IP_PRI_NAT_SRC = 100,
 	NF_IP_PRI_SELINUX_LAST = 225,
-	NF_IP_PRI_CONNTRACK_HELPER = INT_MAX - 2,
-	NF_IP_PRI_NAT_SEQ_ADJUST = INT_MAX - 1,
 	NF_IP_PRI_CONNTRACK_CONFIRM = INT_MAX,
 	NF_IP_PRI_LAST = INT_MAX,
 };
author	Patrick McHardy <kaber@trash.net>	2008-04-14 09:15:52 (GMT)
committer	Patrick McHardy <kaber@trash.net>	2008-04-14 09:15:52 (GMT)
commit	dd13b010368f85dfa59364ba87bfe8ae930b2832 (patch)
tree	f7f0a8fa77858674564aeb614499f40dd3c6dcd8 /include/linux/netfilter_ipv4.h
parent	55871d04793d9c069ee277b1e98794b88d92ed80 (diff)
download	linux-fsl-qoriq-dd13b010368f85dfa59364ba87bfe8ae930b2832.tar.xz