return len;
}
+
+static int
+clear_dns_conntracks(u_int32_t dns_serverip)
+{
+ unsigned int i,ret;
+ struct list_head *e;
+// struct ip_conntrack_expect *expect;
+ struct ip_conntrack_tuple_hash *hash;
+ struct ip_conntrack *conntrack;
+ struct ip_conntrack_protocol *proto;
+ ret = 0;
+ READ_LOCK(&ip_conntrack_lock);
+ /* Traverse hash; print originals then reply. */
+ for (i = 0; i < ip_conntrack_htable_size; i++)
+ {
+ list_for_each(e,&ip_conntrack_hash[i])
+ {
+ hash = (struct ip_conntrack_tuple_hash *)e;
+ conntrack = hash->ctrack;
+ proto = __ip_ct_find_proto(conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum);
+
+
+ if ((1/*dns_serverip ==conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple->dst.ip*/)&&
+ (53 == conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.udp.port)&&
+ (17 == proto->proto))
+ {
+ WRITE_LOCK(&ip_conntrack_lock);
+ if (del_timer(&(conntrack->timeout)))
+ {
+ conntrack->timeout.expires = jiffies;
+ add_timer(&(conntrack->timeout));
+ }
+
+ WRITE_UNLOCK(&ip_conntrack_lock);
+ }
+ }
+ }
+
+#if 0 //in dns, there is not expected ip_conntracks
+ /* Now iterate through expecteds. */
+ READ_LOCK(&ip_conntrack_expect_tuple_lock);
+ list_for_each(e, &ip_conntrack_expect_list)
+ {
+ expect = (struct ip_conntrack_expect *)e;
+ if((dns_serverip == expect->tuple.
+
+ if (expect->expectant->helper->timeout)
+ len = sprintf(buffer, "EXPECTING: %lu ",
+ timer_pending(&expect->timeout)
+ ? (expect->timeout.expires - jiffies)/HZ : 0);
+ else
+ len = sprintf(buffer, "EXPECTING: - ");
+ len += sprintf(buffer + len, "use=%u proto=%u ",
+ atomic_read(&expect->use), expect->tuple.dst.protonum);
+ len += print_tuple(buffer + len, &expect->tuple,
+ __ip_ct_find_proto(expect->tuple.dst.protonum));
+ len += sprintf(buffer + len, "\n");
+ return len;
+ }
+
+ READ_UNLOCK(&ip_conntrack_expect_tuple_lock);
+#endif
+ READ_UNLOCK(&ip_conntrack_lock);
+
+ return ret;
+}
static unsigned int ip_confirm(unsigned int hooknum,
struct sk_buff **pskb,
const struct net_device *in,
/* We've seen it coming out the other side: confirm it */
return ip_conntrack_confirm(*pskb);
}
+#if defined(CONFIG_MIPS_BRCM)
+#define IGMP_RIP_ROUTER htonl(0xE0000009L)
+#define IGMP_UPNP_ROUTER htonl(0xEFFFFFFAL)
+#endif
static unsigned int ip_conntrack_defrag(unsigned int hooknum,
struct sk_buff **pskb,
if ((*pskb)->nfct)
return NF_ACCEPT;
- /* Gather fragments. */
- if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
- *pskb = ip_ct_gather_frags(*pskb);
+ if ( MULTICAST((*pskb)->nh.iph->daddr))
+ return NF_ACCEPT;
+
+
+ //if ((*pskb)->nh.iph->daddr == IGMP_RIP_ROUTER || (*pskb)->nh.iph->daddr == IGMP_UPNP_ROUTER)) {
+ /* Gather fragments. */
+ if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
+ *pskb = ip_ct_gather_frags(*pskb);
if (!*pskb)
return NF_STOLEN;
- }
+ }
+ //}
return NF_ACCEPT;
}
goto cleanup_nothing;
proc = proc_net_create("ip_conntrack", 0440, list_conntracks);
+
+ proc = proc_net_create("ip_clear_dnsconntrack",0644,clear_dns_conntracks);
if (!proc) goto cleanup_init;
proc->owner = THIS_MODULE;
nf_unregister_hook(&ip_conntrack_defrag_ops);
cleanup_proc:
proc_net_remove("ip_conntrack");
+ proc_net_remove("ip_clear_dnsconntrack");
cleanup_init:
ip_conntrack_cleanup();
cleanup_nothing: