From: Patrick McHardy <kaber@trash.net>
Date: Wed, 3 Feb 2010 12:48:53 +0000 (+0100)
Subject: netfilter: nf_conntrack: split up IPCT_STATUS event
X-Git-Tag: v2.6.34-rc1~233^2~303^2~33
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=858b31330054a9ad259feceea0ad1ce5385c47f0;p=pandora-kernel.git

netfilter: nf_conntrack: split up IPCT_STATUS event

Split up the IPCT_STATUS event into an IPCT_REPLY event, which is generated
when the IPS_SEEN_REPLY bit is set, and an IPCT_ASSURED event, which is
generated when the IPS_ASSURED bit is set.

In combination with a following patch to support selective event delivery,
this can be used for "sparse" conntrack replication: start replicating the
conntrack entry after it reached the ASSURED state and that way it's SYN-flood
resistant.

Signed-off-by: Patrick McHardy <kaber@trash.net>
---

Reading git-diff-tree failed