aboutsummaryrefslogtreecommitdiffstats
path: root/package/firewall
Commit message (Expand)AuthorAgeFilesLines
* packages: sort network related packages into package/network/Felix Fietkau2012-10-1017-1885/+0
* firewall: also set up nat reflection rules for redirects with proto all and/o...Jo-Philipp Wich2012-07-092-2/+3
* firewall: allow incoming ICMPv6 router-advertisement and neighbor-advertiseme...Jo-Philipp Wich2012-06-082-1/+3
* /etc/functions.sh => /lib/functions.shJo-Philipp Wich2012-06-052-2/+2
* firewall: fix nat reflection after netifd status format change - use /lib/fun...Jo-Philipp Wich2012-05-282-48/+10
* firewall: rework interface address determination to skip ipv6 addressesJo-Philipp Wich2012-05-161-9/+19
* firewall: fix nat reflection after netifd switch (#11460)Jo-Philipp Wich2012-05-162-4/+34
* minor change: adjust formatting of firewall.configMirko Vogt2012-04-211-13/+13
* firewall: revert processing order of redirects and rules, ensures that rules ...Jo-Philipp Wich2012-03-182-4/+4
* firewall: fix fw__uci_state_del() procedure (#11132)Jo-Philipp Wich2012-03-132-3/+3
* firewall: allow ICMPv6 type 129 (echo reply) - this fixes basic ICMPv6 in cas...Jo-Philipp Wich2012-02-252-1/+3
* firewall: bail out if uci is used in firewall include filesJo-Philipp Wich2012-02-232-2/+8
* iptables: make it possible to dynamically configure built-in statically linke...Felix Fietkau2012-02-221-1/+1
* firewall: don't filter IPv4 ICMP types (#10928)Jo-Philipp Wich2012-02-072-5/+2
* firewall: add support for "local" port forwards which target an internal addr...Jo-Philipp Wich2012-01-082-4/+15
* firewall: - introduce per-section "option enabled" which defaults to "1" - us...Jo-Philipp Wich2011-12-203-2/+11
* firewall: add DHCPv6 default rule (#10381)Jo-Philipp Wich2011-11-092-1/+13
* firewall: relocate TCPMSS rules into mangle table, add code to selectively cl...Jo-Philipp Wich2011-10-294-7/+21
* firewall: do not produce 0.0.0.0/0 if a symbolic masq_src or masq_dest is giv...Jo-Philipp Wich2011-10-273-4/+7
* firewall: prevent ip6tables -t nat rules (#10265)Jo-Philipp Wich2011-10-232-2/+3
* firewall: fix another instance of unquoted "*"Jo-Philipp Wich2011-10-222-2/+2
* firewall: fix possible expansion of "*" when rules with "option src *" are pr...Jo-Philipp Wich2011-10-222-6/+11
* firewall: do not check for module availability, let iptables fail if a featur...Jo-Philipp Wich2011-10-222-16/+2
* firewall: make ESTABLISHED,RELATED rules match before INVALID, use conntrack ...Jo-Philipp Wich2011-09-012-9/+9
* firewall: further tune ICMPv6 default rules according to RFC4890 (#9893)Jo-Philipp Wich2011-08-143-2/+18
* firewall: prevent redundant rules if multiple ports and multiple icmp types a...Jo-Philipp Wich2011-07-262-8/+17
* firewall: fix serious bug in state var handling (#9746)Jo-Philipp Wich2011-07-202-3/+3
* firewall: rework state variable handling, use uci_toggle_state() where applic...Jo-Philipp Wich2011-07-152-18/+25
* firewall: make sure that -m mac is used with --mac-source, follow up to r27508Jo-Philipp Wich2011-07-072-2/+2
* firewall: also correct another variable missed in previous commitDaniel Dickinson2011-07-071-1/+1
* firewall: fix wrong variable names for protocol command line parameter - were...Daniel Dickinson2011-07-071-2/+2
* firewall: - solve scoping issues when multiple values are used, thanks Daniel...Jo-Philipp Wich2011-07-064-30/+26
* firewall: fix udp rules for tcpudp proto rules using src_port and dest_port a...Daniel Dickinson2011-07-061-0/+7
* firewall: fix port range quirk in previous commitJo-Philipp Wich2011-07-011-2/+2
* firewall: properly handle negated ports in nat reflectionJo-Philipp Wich2011-07-012-5/+13
* firewall: refine default ICMPv6 rules to better conform with RFC4890, do not ...Jo-Philipp Wich2011-06-301-13/+2
* firewall: restore local port relocation ability from r26617Jo-Philipp Wich2011-06-301-3/+3
* firewall: - allow multiple ports, protocols, macs, icmp types per rule - impl...Jo-Philipp Wich2011-06-306-74/+220
* firewall: ensure that fw_get_subnet4() sets an empty value if no (valid) IPv4...Jo-Philipp Wich2011-06-161-0/+1
* firewall: allow symbolic names of interfaces and aliases in masq_src and masq...Jo-Philipp Wich2011-06-163-3/+28
* firewall: explictely mention network in default configuration, makes it less ...Jo-Philipp Wich2011-05-201-0/+2
* firewall: revert accidential committed changes from r26805Jo-Philipp Wich2011-05-021-39/+11
* firewall: provide examples of ssh port relocation on firewall and IPsec passt...Jo-Philipp Wich2011-05-022-11/+61
* firewall: prevent excessive uci state data aggregation (#9152)Jo-Philipp Wich2011-04-202-1/+3
* firewall: allow local redirection of portsJo-Philipp Wich2011-04-121-3/+2
* firewall: prevent duplicate values in interface state varsJo-Philipp Wich2011-03-302-2/+5
* Keep firewall.user during sysupgradesTravis Kemen2011-03-202-0/+3
* firewall: move include sourcing into a subshell, this makes the firewall init...Jo-Philipp Wich2011-03-022-3/+5
* firewall: fix rule generation for v4 or v6 only zones (#8955)Jo-Philipp Wich2011-03-012-2/+5
* firewall: fix wrong rule order if multiple protocols are usedJo-Philipp Wich2011-01-272-4/+4
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-19 07:46:59 +0000
nc">file_operations afs_file_operations = { .open = afs_open, .release = afs_release, .llseek = generic_file_llseek, .read = do_sync_read, .write = do_sync_write, .aio_read = generic_file_aio_read, .aio_write = afs_file_write, .mmap = generic_file_readonly_mmap, .splice_read = generic_file_splice_read, .fsync = afs_fsync, .lock = afs_lock, .flock = afs_flock, }; const struct inode_operations afs_file_inode_operations = { .getattr = afs_getattr, .setattr = afs_setattr, .permission = afs_permission, }; const struct address_space_operations afs_fs_aops = { .readpage = afs_readpage, .readpages = afs_readpages, .set_page_dirty = afs_set_page_dirty, .launder_page = afs_launder_page, .releasepage = afs_releasepage, .invalidatepage = afs_invalidatepage, .write_begin = afs_write_begin, .write_end = afs_write_end, .writepage = afs_writepage, .writepages = afs_writepages, }; /* * open an AFS file or directory and attach a key to it */ int afs_open(struct inode *inode, struct file *file) { struct afs_vnode *vnode = AFS_FS_I(inode); struct key *key; int ret; _enter("{%x:%u},", vnode->fid.vid, vnode->fid.vnode); key = afs_request_key(vnode->volume->cell); if (IS_ERR(key)) { _leave(" = %ld [key]", PTR_ERR(key)); return PTR_ERR(key); } ret = afs_validate(vnode, key); if (ret < 0) { _leave(" = %d [val]", ret); return ret; } file->private_data = key; _leave(" = 0"); return 0; } /* * release an AFS file or directory and discard its key */ int afs_release(struct inode *inode, struct file *file) { struct afs_vnode *vnode = AFS_FS_I(inode); _enter("{%x:%u},", vnode->fid.vid, vnode->fid.vnode); key_put(file->private_data); _leave(" = 0"); return 0; } #ifdef CONFIG_AFS_FSCACHE /* * deal with notification that a page was read from the cache */ static void afs_file_readpage_read_complete(struct page *page, void *data, int error) { _enter("%p,%p,%d", page, data, error); /* if the read completes with an error, we just unlock the page and let * the VM reissue the readpage */ if (!error) SetPageUptodate(page); unlock_page(page); } #endif /* * read page from file, directory or symlink, given a key to use */ int afs_page_filler(void *data, struct page *page) { struct inode *inode = page->mapping->host; struct afs_vnode *vnode = AFS_FS_I(inode); struct key *key = data; size_t len; off_t offset; int ret; _enter("{%x},{%lu},{%lu}", key_serial(key), inode->i_ino, page->index); BUG_ON(!PageLocked(page)); ret = -ESTALE; if (test_bit(AFS_VNODE_DELETED, &vnode->flags)) goto error; /* is it cached? */ #ifdef CONFIG_AFS_FSCACHE ret = fscache_read_or_alloc_page(vnode->cache, page, afs_file_readpage_read_complete, NULL, GFP_KERNEL); #else ret = -ENOBUFS; #endif switch (ret) { /* read BIO submitted (page in cache) */ case 0: break; /* page not yet cached */ case -ENODATA: _debug("cache said ENODATA"); goto go_on; /* page will not be cached */ case -ENOBUFS: _debug("cache said ENOBUFS"); default: go_on: offset = page->index << PAGE_CACHE_SHIFT; len = min_t(size_t, i_size_read(inode) - offset, PAGE_SIZE); /* read the contents of the file from the server into the * page */ ret = afs_vnode_fetch_data(vnode, key, offset, len, page); if (ret < 0) { if (ret == -ENOENT) { _debug("got NOENT from server" " - marking file deleted and stale"); set_bit(AFS_VNODE_DELETED, &vnode->flags); ret = -ESTALE; } #ifdef CONFIG_AFS_FSCACHE fscache_uncache_page(vnode->cache, page); #endif BUG_ON(PageFsCache(page)); goto error; } SetPageUptodate(page); /* send the page to the cache */ #ifdef CONFIG_AFS_FSCACHE if (PageFsCache(page) && fscache_write_page(vnode->cache, page, GFP_KERNEL) != 0) { fscache_uncache_page(vnode->cache, page); BUG_ON(PageFsCache(page)); } #endif unlock_page(page); } _leave(" = 0"); return 0; error: SetPageError(page); unlock_page(page); _leave(" = %d", ret); return ret; } /* * read page from file, directory or symlink, given a file to nominate the key * to be used */ static int afs_readpage(struct file *file, struct page *page) { struct key *key; int ret; if (file) { key = file->private_data; ASSERT(key != NULL); ret = afs_page_filler(key, page); } else { struct inode *inode = page->mapping->host; key = afs_request_key(AFS_FS_S(inode->i_sb)->volume->cell); if (IS_ERR(key)) { ret = PTR_ERR(key); } else { ret = afs_page_filler(key, page); key_put(key); } } return ret; } /* * read a set of pages */ static int afs_readpages(struct file *file, struct address_space *mapping, struct list_head *pages, unsigned nr_pages) { struct key *key = file->private_data; struct afs_vnode *vnode; int ret = 0; _enter("{%d},{%lu},,%d", key_serial(key), mapping->host->i_ino, nr_pages); ASSERT(key != NULL); vnode = AFS_FS_I(mapping->host); if (vnode->flags & AFS_VNODE_DELETED) { _leave(" = -ESTALE"); return -ESTALE; } /* attempt to read as many of the pages as possible */ #ifdef CONFIG_AFS_FSCACHE ret = fscache_read_or_alloc_pages(vnode->cache, mapping, pages, &nr_pages, afs_file_readpage_read_complete, NULL, mapping_gfp_mask(mapping)); #else ret = -ENOBUFS; #endif switch (ret) { /* all pages are being read from the cache */ case 0: BUG_ON(!list_empty(pages)); BUG_ON(nr_pages != 0); _leave(" = 0 [reading all]"); return 0; /* there were pages that couldn't be read from the cache */ case -ENODATA: case -ENOBUFS: break; /* other error */ default: _leave(" = %d", ret); return ret; } /* load the missing pages from the network */ ret = read_cache_pages(mapping, pages, afs_page_filler, key); _leave(" = %d [netting]", ret); return ret; } /* * write back a dirty page */ static int afs_launder_page(struct page *page) { _enter("{%lu}", page->index); return 0; } /* * invalidate part or all of a page * - release a page and clean up its private data if offset is 0 (indicating * the entire page) */ static void afs_invalidatepage(struct page *page, unsigned long offset) { struct afs_writeback *wb = (struct afs_writeback *) page_private(page); _enter("{%lu},%lu", page->index, offset); BUG_ON(!PageLocked(page)); /* we clean up only if the entire page is being invalidated */ if (offset == 0) { #ifdef CONFIG_AFS_FSCACHE if (PageFsCache(page)) { struct afs_vnode *vnode = AFS_FS_I(page->mapping->host); fscache_wait_on_page_write(vnode->cache, page); fscache_uncache_page(vnode->cache, page); } #endif if (PagePrivate(page)) { if (wb && !PageWriteback(page)) { set_page_private(page, 0); afs_put_writeback(wb); } if (!page_private(page)) ClearPagePrivate(page); } } _leave(""); } /* * release a page and clean up its private state if it's not busy * - return true if the page can now be released, false if not */ static int afs_releasepage(struct page *page, gfp_t gfp_flags) { struct afs_writeback *wb = (struct afs_writeback *) page_private(page); struct afs_vnode *vnode = AFS_FS_I(page->mapping->host); _enter("{{%x:%u}[%lu],%lx},%x", vnode->fid.vid, vnode->fid.vnode, page->index, page->flags, gfp_flags); /* deny if page is being written to the cache and the caller hasn't * elected to wait */ #ifdef CONFIG_AFS_FSCACHE if (!fscache_maybe_release_page(vnode->cache, page, gfp_flags)) { _leave(" = F [cache busy]"); return 0; } #endif if (PagePrivate(page)) { if (wb) { set_page_private(page, 0); afs_put_writeback(wb); } ClearPagePrivate(page); } /* indicate that the page can be released */ _leave(" = T"); return 1; }
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-19 07:46:58 +0000