SAFE public projects git trees. - safe/jmp/linux-2.6/commit

author	Patrick McHardy <kaber@trash.net>
	Wed, 3 Feb 2010 12:48:53 +0000 (13:48 +0100)
committer	Patrick McHardy <kaber@trash.net>
	Wed, 3 Feb 2010 12:48:53 +0000 (13:48 +0100)
commit	858b31330054a9ad259feceea0ad1ce5385c47f0
tree	642349680ff9c29d506dd7661bbc8b724209fbf5	tree \| snapshot
parent	add67461240c1dadc7c8d97e66f8f92b556ca523	commit \| diff

netfilter: nf_conntrack: split up IPCT_STATUS event

Split up the IPCT_STATUS event into an IPCT_REPLY event, which is generated
when the IPS_SEEN_REPLY bit is set, and an IPCT_ASSURED event, which is
generated when the IPS_ASSURED bit is set.

In combination with a following patch to support selective event delivery,
this can be used for "sparse" conntrack replication: start replicating the
conntrack entry after it reached the ASSURED state and that way it's SYN-flood
resistant.

Signed-off-by: Patrick McHardy <kaber@trash.net>

include/net/netfilter/nf_conntrack_ecache.h		diff \| blob \| history
net/netfilter/nf_conntrack_core.c		diff \| blob \| history
net/netfilter/nf_conntrack_netlink.c		diff \| blob \| history
net/netfilter/nf_conntrack_proto_gre.c		diff \| blob \| history
net/netfilter/nf_conntrack_proto_sctp.c		diff \| blob \| history
net/netfilter/nf_conntrack_proto_tcp.c		diff \| blob \| history
net/netfilter/nf_conntrack_proto_udp.c		diff \| blob \| history
net/netfilter/nf_conntrack_proto_udplite.c		diff \| blob \| history