AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-01-21 11:48:06 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6

Browse Source
This commit is contained in:
David S. Miller 2010-05-13 14:14:10 -07:00
commit e7874c996b
123 changed files with 384 additions and 455 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
include/linux/netfilter/x_tables.h
View File

@ -183,29 +183,39 @@ struct xt_counters_info {
#include <linux/netdevice.h>
/**
* struct xt_match_param - parameters for match extensions' match functions
* struct xt_action_param - parameters for matches/targets
*
* @match: the match extension
* @target: the target extension
* @matchinfo: per-match data
* @targetinfo: per-target data
* @in: input netdevice
* @out: output netdevice
* @match: struct xt_match through which this function was invoked
* @matchinfo: per-match data
* @fragoff: packet is a fragment, this is the data offset
* @thoff: position of transport header relative to skb->data
* @hook: hook number given packet came from
* @family: Actual NFPROTO_* through which the function is invoked
* (helpful when match->family == NFPROTO_UNSPEC)
*
* Fields written to by extensions:
*
* @hotdrop: drop packet if we had inspection problems
* Network namespace obtainable using dev_net(in/out)
*/
struct xt_match_param {
struct xt_action_param {
union {
const struct xt_match *match;
const struct xt_target *target;
};
union {
const void *matchinfo, *targinfo;
};
const struct net_device *in, *out;
const struct xt_match *match;
const void *matchinfo;
int fragoff;
unsigned int thoff;
unsigned int hooknum;
u_int8_t family;
bool *hotdrop;
bool hotdrop;
};
/**
@ -242,23 +252,6 @@ struct xt_mtdtor_param {
u_int8_t family;
};
/**
* struct xt_target_param - parameters for target extensions' target functions
*
* @hooknum: hook through which this target was invoked
* @target: struct xt_target through which this function was invoked
* @targinfo: per-target data
*
* Other fields see above.
*/
struct xt_target_param {
const struct net_device *in, *out;
const struct xt_target *target;
const void *targinfo;
unsigned int hooknum;
u_int8_t family;
};
/**
* struct xt_tgchk_param - parameters for target extensions'
* checkentry functions
@ -298,7 +291,7 @@ struct xt_match {
non-linear skb, using skb_header_pointer and
skb_ip_make_writable. */
bool (*match)(const struct sk_buff *skb,
const struct xt_match_param *);
struct xt_action_param *);
/* Called when user tries to insert an entry of this type. */
int (*checkentry)(const struct xt_mtchk_param *);
@ -335,7 +328,7 @@ struct xt_target {
must now handle non-linear skbs, using skb_copy_bits and
skb_ip_make_writable. */
unsigned int (*target)(struct sk_buff *skb,
const struct xt_target_param *);
const struct xt_action_param *);
/* Called when user tries to insert an entry of this type:
hook_mask is a bitmask of hooks from which it can be

2
net/bridge/br_netfilter.c
View File

@ -643,10 +643,10 @@ static int br_nf_forward_finish(struct sk_buff *skb)
skb->pkt_type = PACKET_OTHERHOST;
nf_bridge->mask ^= BRNF_PKT_TYPE;
}
nf_bridge_update_protocol(skb);
} else {
in = *((struct net_device **)(skb->cb));
}
nf_bridge_update_protocol(skb);
nf_bridge_push_encap_header(skb);
NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, in,

2
net/bridge/netfilter/ebt_802_3.c
View File

@ -13,7 +13,7 @@
#include <linux/netfilter_bridge/ebt_802_3.h>
static bool
ebt_802_3_mt(const struct sk_buff *skb, const struct xt_match_param *par)
ebt_802_3_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ebt_802_3_info *info = par->matchinfo;
const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb);

2
net/bridge/netfilter/ebt_among.c
View File

@ -129,7 +129,7 @@ static int get_ip_src(const struct sk_buff *skb, __be32 *addr)
}
static bool
ebt_among_mt(const struct sk_buff *skb, const struct xt_match_param *par)
ebt_among_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ebt_among_info *info = par->matchinfo;
const char *dmac, *smac;

2
net/bridge/netfilter/ebt_arp.c
View File

@ -16,7 +16,7 @@
#include <linux/netfilter_bridge/ebt_arp.h>
static bool
ebt_arp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
ebt_arp_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ebt_arp_info *info = par->matchinfo;
const struct arphdr *ah;

2
net/bridge/netfilter/ebt_arpreply.c
View File

@ -16,7 +16,7 @@
#include <linux/netfilter_bridge/ebt_arpreply.h>
static unsigned int
ebt_arpreply_tg(struct sk_buff *skb, const struct xt_target_param *par)
ebt_arpreply_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ebt_arpreply_info *info = par->targinfo;
const __be32 *siptr, *diptr;

2
net/bridge/netfilter/ebt_dnat.c
View File

@ -15,7 +15,7 @@
#include <linux/netfilter_bridge/ebt_nat.h>
static unsigned int
ebt_dnat_tg(struct sk_buff *skb, const struct xt_target_param *par)
ebt_dnat_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ebt_nat_info *info = par->targinfo;

2
net/bridge/netfilter/ebt_ip.c
View File

@ -25,7 +25,7 @@ struct tcpudphdr {
};
static bool
ebt_ip_mt(const struct sk_buff *skb, const struct xt_match_param *par)
ebt_ip_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ebt_ip_info *info = par->matchinfo;
const struct iphdr *ih;

2
net/bridge/netfilter/ebt_ip6.c
View File

@ -28,7 +28,7 @@ struct tcpudphdr {
};
static bool
ebt_ip6_mt(const struct sk_buff *skb, const struct xt_match_param *par)
ebt_ip6_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ebt_ip6_info *info = par->matchinfo;
const struct ipv6hdr *ih6;

2
net/bridge/netfilter/ebt_limit.c
View File

@ -32,7 +32,7 @@ static DEFINE_SPINLOCK(limit_lock);
#define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ)
static bool
ebt_limit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
ebt_limit_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
struct ebt_limit_info *info = (void *)par->matchinfo;
unsigned long now = jiffies;

2
net/bridge/netfilter/ebt_log.c
View File

@ -171,7 +171,7 @@ ebt_log_packet(u_int8_t pf, unsigned int hooknum,
}
static unsigned int
ebt_log_tg(struct sk_buff *skb, const struct xt_target_param *par)
ebt_log_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ebt_log_info *info = par->targinfo;
struct nf_loginfo li;

2
net/bridge/netfilter/ebt_mark.c
View File

@ -19,7 +19,7 @@
#include <linux/netfilter_bridge/ebt_mark_t.h>
static unsigned int
ebt_mark_tg(struct sk_buff *skb, const struct xt_target_param *par)
ebt_mark_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ebt_mark_t_info *info = par->targinfo;
int action = info->target & -16;

2
net/bridge/netfilter/ebt_mark_m.c
View File

@ -13,7 +13,7 @@
#include <linux/netfilter_bridge/ebt_mark_m.h>
static bool
ebt_mark_mt(const struct sk_buff *skb, const struct xt_match_param *par)
ebt_mark_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ebt_mark_m_info *info = par->matchinfo;

2
net/bridge/netfilter/ebt_nflog.c
View File

@ -20,7 +20,7 @@
#include <net/netfilter/nf_log.h>
static unsigned int
ebt_nflog_tg(struct sk_buff *skb, const struct xt_target_param *par)
ebt_nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ebt_nflog_info *info = par->targinfo;
struct nf_loginfo li;

2
net/bridge/netfilter/ebt_pkttype.c
View File

@ -13,7 +13,7 @@
#include <linux/netfilter_bridge/ebt_pkttype.h>
static bool
ebt_pkttype_mt(const struct sk_buff *skb, const struct xt_match_param *par)
ebt_pkttype_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ebt_pkttype_info *info = par->matchinfo;

2
net/bridge/netfilter/ebt_redirect.c
View File

@ -16,7 +16,7 @@
#include <linux/netfilter_bridge/ebt_redirect.h>
static unsigned int
ebt_redirect_tg(struct sk_buff *skb, const struct xt_target_param *par)
ebt_redirect_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ebt_redirect_info *info = par->targinfo;

2
net/bridge/netfilter/ebt_snat.c
View File

@ -17,7 +17,7 @@
#include <linux/netfilter_bridge/ebt_nat.h>
static unsigned int
ebt_snat_tg(struct sk_buff *skb, const struct xt_target_param *par)
ebt_snat_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ebt_nat_info *info = par->targinfo;

2
net/bridge/netfilter/ebt_stp.c
View File

@ -120,7 +120,7 @@ static bool ebt_filter_config(const struct ebt_stp_info *info,
}
static bool
ebt_stp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
ebt_stp_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ebt_stp_info *info = par->matchinfo;
const struct stp_header *sp;

2
net/bridge/netfilter/ebt_ulog.c
View File

@ -243,7 +243,7 @@ static void ebt_log_packet(u_int8_t pf, unsigned int hooknum,
}
static unsigned int
ebt_ulog_tg(struct sk_buff *skb, const struct xt_target_param *par)
ebt_ulog_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
ebt_ulog_packet(par->hooknum, skb, par->in, par->out,
par->targinfo, NULL);

2
net/bridge/netfilter/ebt_vlan.c
View File

@ -36,7 +36,7 @@ MODULE_LICENSE("GPL");
#define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; }
static bool
ebt_vlan_mt(const struct sk_buff *skb, const struct xt_match_param *par)
ebt_vlan_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ebt_vlan_info *info = par->matchinfo;
const struct vlan_hdr *fp;

33
net/bridge/netfilter/ebtables.c
View File

@ -86,7 +86,7 @@ static struct xt_target ebt_standard_target = {
static inline int
ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
struct xt_target_param *par)
struct xt_action_param *par)
{
par->target = w->u.watcher;
par->targinfo = w->data;
@ -95,8 +95,9 @@ ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
return 0;
}
static inline int ebt_do_match (struct ebt_entry_match *m,
const struct sk_buff *skb, struct xt_match_param *par)
static inline int
ebt_do_match(struct ebt_entry_match *m, const struct sk_buff *skb,
struct xt_action_param *par)
{
par->match = m->u.match;
par->matchinfo = m->data;
@ -185,15 +186,13 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
struct ebt_entries *chaininfo;
const char *base;
const struct ebt_table_info *private;
bool hotdrop = false;
struct xt_match_param mtpar;
struct xt_target_param tgpar;
struct xt_action_param acpar;
mtpar.family = tgpar.family = NFPROTO_BRIDGE;
mtpar.in = tgpar.in = in;
mtpar.out = tgpar.out = out;
mtpar.hotdrop = &hotdrop;
mtpar.hooknum = tgpar.hooknum = hook;
acpar.family = NFPROTO_BRIDGE;
acpar.in = in;
acpar.out = out;
acpar.hotdrop = false;
acpar.hooknum = hook;
read_lock_bh(&table->lock);
private = table->private;
@ -214,9 +213,9 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
if (ebt_basic_match(point, eth_hdr(skb), in, out))
goto letscontinue;
if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &acpar) != 0)
goto letscontinue;
if (hotdrop) {
if (acpar.hotdrop) {
read_unlock_bh(&table->lock);
return NF_DROP;
}
@ -227,7 +226,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
/* these should only watch: not modify, nor tell us
what to do with the packet */
EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &acpar);
t = (struct ebt_entry_target *)
(((char *)point) + point->target_offset);
@ -235,9 +234,9 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
if (!t->u.target->target)
verdict = ((struct ebt_standard_target *)t)->verdict;
else {
tgpar.target = t->u.target;
tgpar.targinfo = t->data;
verdict = t->u.target->target(skb, &tgpar);
acpar.target = t->u.target;
acpar.targinfo = t->data;
verdict = t->u.target->target(skb, &acpar);
}
if (verdict == EBT_ACCEPT) {
read_unlock_bh(&table->lock);

76
net/ipv4/netfilter/arp_tables.c
View File

@ -49,12 +49,7 @@ MODULE_DESCRIPTION("arptables core");
#endif
#ifdef CONFIG_NETFILTER_DEBUG
#define ARP_NF_ASSERT(x) \
do { \
if (!(x)) \
printk("ARP_NF_ASSERT: %s:%s:%u\n", \
__func__, __FILE__, __LINE__); \
} while(0)
#define ARP_NF_ASSERT(x) WARN_ON(!(x))
#else
#define ARP_NF_ASSERT(x)
#endif
@ -224,10 +219,10 @@ static inline int arp_checkentry(const struct arpt_arp *arp)
}
static unsigned int
arpt_error(struct sk_buff *skb, const struct xt_target_param *par)
arpt_error(struct sk_buff *skb, const struct xt_action_param *par)
{
if (net_ratelimit())
printk("arp_tables: error: '%s'\n",
pr_err("arp_tables: error: '%s'\n",
(const char *)par->targinfo);
return NF_DROP;
@ -260,12 +255,11 @@ unsigned int arpt_do_table(struct sk_buff *skb,
static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));
unsigned int verdict = NF_DROP;
const struct arphdr *arp;
bool hotdrop = false;
struct arpt_entry *e, *back;
const char *indev, *outdev;
void *table_base;
const struct xt_table_info *private;
struct xt_target_param tgpar;
struct xt_action_param acpar;
if (!pskb_may_pull(skb, arp_hdr_len(skb->dev)))
return NF_DROP;
@ -280,10 +274,11 @@ unsigned int arpt_do_table(struct sk_buff *skb,
e = get_entry(table_base, private->hook_entry[hook]);
back = get_entry(table_base, private->underflow[hook]);
tgpar.in = in;
tgpar.out = out;
tgpar.hooknum = hook;
tgpar.family = NFPROTO_ARP;
acpar.in = in;
acpar.out = out;
acpar.hooknum = hook;
acpar.family = NFPROTO_ARP;
acpar.hotdrop = false;
arp = arp_hdr(skb);
do {
@ -333,9 +328,9 @@ unsigned int arpt_do_table(struct sk_buff *skb,
/* Targets which reenter must return
* abs. verdicts
*/
tgpar.target = t->u.kernel.target;
tgpar.targinfo = t->data;
verdict = t->u.kernel.target->target(skb, &tgpar);
acpar.target = t->u.kernel.target;
acpar.targinfo = t->data;
verdict = t->u.kernel.target->target(skb, &acpar);
/* Target might have changed stuff. */
arp = arp_hdr(skb);
@ -345,10 +340,10 @@ unsigned int arpt_do_table(struct sk_buff *skb,
else
/* Verdict */
break;
} while (!hotdrop);
} while (!acpar.hotdrop);
xt_info_rdunlock_bh();
if (hotdrop)
if (acpar.hotdrop)
return NF_DROP;
else
return verdict;
@ -390,7 +385,7 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
int visited = e->comefrom & (1 << hook);
if (e->comefrom & (1 << NF_ARP_NUMHOOKS)) {
printk("arptables: loop hook %u pos %u %08X.\n",
pr_notice("arptables: loop hook %u pos %u %08X.\n",
hook, pos, e->comefrom);
return 0;
}
@ -1828,22 +1823,23 @@ void arpt_unregister_table(struct xt_table *table)
}
/* The built-in targets: standard (NULL) and error. */
static struct xt_target arpt_standard_target __read_mostly = {
.name = ARPT_STANDARD_TARGET,
.targetsize = sizeof(int),
.family = NFPROTO_ARP,
static struct xt_target arpt_builtin_tg[] __read_mostly = {
{
.name = ARPT_STANDARD_TARGET,
.targetsize = sizeof(int),
.family = NFPROTO_ARP,
#ifdef CONFIG_COMPAT
.compatsize = sizeof(compat_int_t),
.compat_from_user = compat_standard_from_user,
.compat_to_user = compat_standard_to_user,
.compatsize = sizeof(compat_int_t),
.compat_from_user = compat_standard_from_user,
.compat_to_user = compat_standard_to_user,
#endif
};
static struct xt_target arpt_error_target __read_mostly = {
.name = ARPT_ERROR_TARGET,
.target = arpt_error,
.targetsize = ARPT_FUNCTION_MAXNAMELEN,
.family = NFPROTO_ARP,
},
{
.name = ARPT_ERROR_TARGET,
.target = arpt_error,
.targetsize = ARPT_FUNCTION_MAXNAMELEN,
.family = NFPROTO_ARP,
},
};
static struct nf_sockopt_ops arpt_sockopts = {
@ -1887,12 +1883,9 @@ static int __init arp_tables_init(void)
goto err1;
/* Noone else will be downing sem now, so we won't sleep */
ret = xt_register_target(&arpt_standard_target);
ret = xt_register_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
if (ret < 0)
goto err2;
ret = xt_register_target(&arpt_error_target);
if (ret < 0)
goto err3;
/* Register setsockopt */
ret = nf_register_sockopt(&arpt_sockopts);
@ -1903,9 +1896,7 @@ static int __init arp_tables_init(void)
return 0;
err4:
xt_unregister_target(&arpt_error_target);
err3:
xt_unregister_target(&arpt_standard_target);
xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
err2:
unregister_pernet_subsys(&arp_tables_net_ops);
err1:
@ -1915,8 +1906,7 @@ static int __init arp_tables_init(void)
static void __exit arp_tables_fini(void)
{
nf_unregister_sockopt(&arpt_sockopts);
xt_unregister_target(&arpt_error_target);
xt_unregister_target(&arpt_standard_target);
xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
unregister_pernet_subsys(&arp_tables_net_ops);
}

2
net/ipv4/netfilter/arpt_mangle.c
View File

@ -9,7 +9,7 @@ MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>");
MODULE_DESCRIPTION("arptables arp payload mangle target");
static unsigned int
target(struct sk_buff *skb, const struct xt_target_param *par)
target(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct arpt_mangle *mangle = par->targinfo;
const struct arphdr *arp;

1
net/ipv4/netfilter/ip_queue.c
View File

@ -461,7 +461,6 @@ __ipq_rcv_skb(struct sk_buff *skb)
if (flags & NLM_F_ACK)
netlink_ack(skb, nlh, 0);
return;
}
static void

137
net/ipv4/netfilter/ip_tables.c
View File

@ -51,12 +51,7 @@ MODULE_DESCRIPTION("IPv4 packet filter");
#endif
#ifdef CONFIG_NETFILTER_DEBUG
#define IP_NF_ASSERT(x) \
do { \
if (!(x)) \
printk("IP_NF_ASSERT: %s:%s:%u\n", \
__func__, __FILE__, __LINE__); \
} while(0)
#define IP_NF_ASSERT(x) WARN_ON(!(x))
#else
#define IP_NF_ASSERT(x)
#endif
@ -165,7 +160,7 @@ ip_checkentry(const struct ipt_ip *ip)
}
static unsigned int
ipt_error(struct sk_buff *skb, const struct xt_target_param *par)
ipt_error(struct sk_buff *skb, const struct xt_action_param *par)
{
if (net_ratelimit())
pr_info("error: `%s'\n", (const char *)par->targinfo);
@ -173,21 +168,6 @@ ipt_error(struct sk_buff *skb, const struct xt_target_param *par)
return NF_DROP;
}
/* Performance critical - called for every packet */
static inline bool
do_match(const struct ipt_entry_match *m, const struct sk_buff *skb,
struct xt_match_param *par)
{
par->match = m->u.kernel.match;
par->matchinfo = m->data;
/* Stop iteration if it doesn't match */
if (!m->u.kernel.match->match(skb, par))
return true;
else
return false;
}
/* Performance critical */
static inline struct ipt_entry *
get_entry(const void *base, unsigned int offset)
@ -323,7 +303,6 @@ ipt_do_table(struct sk_buff *skb,
{
static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));
const struct iphdr *ip;
bool hotdrop = false;
/* Initializing verdict to NF_DROP keeps gcc happy. */
unsigned int verdict = NF_DROP;
const char *indev, *outdev;
@ -331,8 +310,7 @@ ipt_do_table(struct sk_buff *skb,
struct ipt_entry *e, **jumpstack;
unsigned int *stackptr, origptr, cpu;
const struct xt_table_info *private;
struct xt_match_param mtpar;
struct xt_target_param tgpar;
struct xt_action_param acpar;
/* Initialization */
ip = ip_hdr(skb);
@ -344,13 +322,13 @@ ipt_do_table(struct sk_buff *skb,
* things we don't know, ie. tcp syn flag or ports). If the
* rule is also a fragment-specific rule, non-fragments won't
* match it. */
mtpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET;
mtpar.thoff = ip_hdrlen(skb);
mtpar.hotdrop = &hotdrop;
mtpar.in = tgpar.in = in;
mtpar.out = tgpar.out = out;
mtpar.family = tgpar.family = NFPROTO_IPV4;
mtpar.hooknum = tgpar.hooknum = hook;
acpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET;
acpar.thoff = ip_hdrlen(skb);
acpar.hotdrop = false;
acpar.in = in;
acpar.out = out;
acpar.family = NFPROTO_IPV4;
acpar.hooknum = hook;
IP_NF_ASSERT(table->valid_hooks & (1 << hook));
xt_info_rdlock_bh();
@ -373,15 +351,18 @@ ipt_do_table(struct sk_buff *skb,
IP_NF_ASSERT(e);
if (!ip_packet_match(ip, indev, outdev,
&e->ip, mtpar.fragoff)) {
&e->ip, acpar.fragoff)) {
no_match:
e = ipt_next_entry(e);
continue;
}
xt_ematch_foreach(ematch, e)
if (do_match(ematch, skb, &mtpar) != 0)
xt_ematch_foreach(ematch, e) {
acpar.match = ematch->u.kernel.match;
acpar.matchinfo = ematch->data;
if (!acpar.match->match(skb, &acpar))
goto no_match;
}
ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1);
@ -434,11 +415,10 @@ ipt_do_table(struct sk_buff *skb,
continue;
}
tgpar.target = t->u.kernel.target;
tgpar.targinfo = t->data;
acpar.target = t->u.kernel.target;
acpar.targinfo = t->data;
verdict = t->u.kernel.target->target(skb, &tgpar);
verdict = t->u.kernel.target->target(skb, &acpar);
/* Target might have changed stuff. */
ip = ip_hdr(skb);
if (verdict == IPT_CONTINUE)
@ -446,7 +426,7 @@ ipt_do_table(struct sk_buff *skb,
else
/* Verdict */
break;
} while (!hotdrop);
} while (!acpar.hotdrop);
xt_info_rdunlock_bh();
pr_debug("Exiting %s; resetting sp from %u to %u\n",
__func__, *stackptr, origptr);
@ -454,7 +434,7 @@ ipt_do_table(struct sk_buff *skb,
#ifdef DEBUG_ALLOW_ALL
return NF_ACCEPT;
#else
if (hotdrop)
if (acpar.hotdrop)
return NF_DROP;
else return verdict;
#endif
@ -486,7 +466,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
int visited = e->comefrom & (1 << hook);
if (e->comefrom & (1 << NF_INET_NUMHOOKS)) {
printk("iptables: loop hook %u pos %u %08X.\n",
pr_err("iptables: loop hook %u pos %u %08X.\n",
hook, pos, e->comefrom);
return 0;
}
@ -591,7 +571,7 @@ check_entry(const struct ipt_entry *e, const char *name)
const struct ipt_entry_target *t;
if (!ip_checkentry(&e->ip)) {
duprintf("ip check failed %p %s.\n", e, name);
duprintf("ip check failed %p %s.\n", e, par->match->name);
return -EINVAL;
}
@ -618,7 +598,7 @@ check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par)
ret = xt_check_match(par, m->u.match_size - sizeof(*m),
ip->proto, ip->invflags & IPT_INV_PROTO);
if (ret < 0) {
duprintf("check failed for `%s'.\n", par.match->name);
duprintf("check failed for `%s'.\n", par->match->name);
return ret;
}
return 0;
@ -2152,7 +2132,7 @@ icmp_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code,
}
static bool
icmp_match(const struct sk_buff *skb, const struct xt_match_param *par)
icmp_match(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct icmphdr *ic;
struct icmphdr _icmph;
@ -2168,7 +2148,7 @@ icmp_match(const struct sk_buff *skb, const struct xt_match_param *par)
* can't. Hence, no choice but to drop.
*/
duprintf("Dropping evil ICMP tinygram.\n");
*par->hotdrop = true;
par->hotdrop = true;
return false;
}
@ -2187,23 +2167,23 @@ static int icmp_checkentry(const struct xt_mtchk_param *par)
return (icmpinfo->invflags & ~IPT_ICMP_INV) ? -EINVAL : 0;
}
/* The built-in targets: standard (NULL) and error. */
static struct xt_target ipt_standard_target __read_mostly = {
.name = IPT_STANDARD_TARGET,
.targetsize = sizeof(int),
.family = NFPROTO_IPV4,
static struct xt_target ipt_builtin_tg[] __read_mostly = {
{
.name = IPT_STANDARD_TARGET,
.targetsize = sizeof(int),
.family = NFPROTO_IPV4,
#ifdef CONFIG_COMPAT
.compatsize = sizeof(compat_int_t),
.compat_from_user = compat_standard_from_user,
.compat_to_user = compat_standard_to_user,
.compatsize = sizeof(compat_int_t),
.compat_from_user = compat_standard_from_user,
.compat_to_user = compat_standard_to_user,
#endif
};
static struct xt_target ipt_error_target __read_mostly = {
.name = IPT_ERROR_TARGET,
.target = ipt_error,
.targetsize = IPT_FUNCTION_MAXNAMELEN,
.family = NFPROTO_IPV4,
},
{
.name = IPT_ERROR_TARGET,
.target = ipt_error,
.targetsize = IPT_FUNCTION_MAXNAMELEN,
.family = NFPROTO_IPV4,
},
};
static struct nf_sockopt_ops ipt_sockopts = {
@ -2223,13 +2203,15 @@ static struct nf_sockopt_ops ipt_sockopts = {
.owner = THIS_MODULE,
};
static struct xt_match icmp_matchstruct __read_mostly = {
.name = "icmp",
.match = icmp_match,
.matchsize = sizeof(struct ipt_icmp),
.checkentry = icmp_checkentry,
.proto = IPPROTO_ICMP,
.family = NFPROTO_IPV4,
static struct xt_match ipt_builtin_mt[] __read_mostly = {
{
.name = "icmp",
.match = icmp_match,
.matchsize = sizeof(struct ipt_icmp),
.checkentry = icmp_checkentry,
.proto = IPPROTO_ICMP,
.family = NFPROTO_IPV4,
},
};
static int __net_init ip_tables_net_init(struct net *net)
@ -2256,13 +2238,10 @@ static int __init ip_tables_init(void)
goto err1;
/* Noone else will be downing sem now, so we won't sleep */
ret = xt_register_target(&ipt_standard_target);
ret = xt_register_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg));
if (ret < 0)
goto err2;
ret = xt_register_target(&ipt_error_target);
if (ret < 0)
goto err3;
ret = xt_register_match(&icmp_matchstruct);
ret = xt_register_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt));
if (ret < 0)
goto err4;
@ -2275,11 +2254,9 @@ static int __init ip_tables_init(void)
return 0;
err5:
xt_unregister_match(&icmp_matchstruct);
xt_unregister_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt));
err4:
xt_unregister_target(&ipt_error_target);
err3:
xt_unregister_target(&ipt_standard_target);
xt_unregister_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg));
err2:
unregister_pernet_subsys(&ip_tables_net_ops);
err1:
@ -2290,10 +2267,8 @@ static void __exit ip_tables_fini(void)
{
nf_unregister_sockopt(&ipt_sockopts);
xt_unregister_match(&icmp_matchstruct);
xt_unregister_target(&ipt_error_target);
xt_unregister_target(&ipt_standard_target);
xt_unregister_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt));
xt_unregister_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg));
unregister_pernet_subsys(&ip_tables_net_ops);
}

2
net/ipv4/netfilter/ipt_CLUSTERIP.c
View File

@ -282,7 +282,7 @@ clusterip_responsible(const struct clusterip_config *config, u_int32_t hash)
***********************************************************************/
static unsigned int
clusterip_tg(struct sk_buff *skb, const struct xt_target_param *par)
clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ipt_clusterip_tgt_info *cipinfo = par->targinfo;
struct nf_conn *ct;

2
net/ipv4/netfilter/ipt_ECN.c
View File

@ -77,7 +77,7 @@ set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
}
static unsigned int
ecn_tg(struct sk_buff *skb, const struct xt_target_param *par)
ecn_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ipt_ECN_info *einfo = par->targinfo;

2
net/ipv4/netfilter/ipt_LOG.c
View File

@ -425,7 +425,7 @@ ipt_log_packet(u_int8_t pf,
}
static unsigned int
log_tg(struct sk_buff *skb, const struct xt_target_param *par)
log_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ipt_log_info *loginfo = par->targinfo;
struct nf_loginfo li;

2
net/ipv4/netfilter/ipt_MASQUERADE.c
View File

@ -44,7 +44,7 @@ static int masquerade_tg_check(const struct xt_tgchk_param *par)
}
static unsigned int
masquerade_tg(struct sk_buff *skb, const struct xt_target_param *par)
masquerade_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
struct nf_conn *ct;
struct nf_conn_nat *nat;

2
net/ipv4/netfilter/ipt_NETMAP.c
View File

@ -38,7 +38,7 @@ static int netmap_tg_check(const struct xt_tgchk_param *par)
}
static unsigned int
netmap_tg(struct sk_buff *skb, const struct xt_target_param *par)
netmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
struct nf_conn *ct;
enum ip_conntrack_info ctinfo;

2
net/ipv4/netfilter/ipt_REDIRECT.c
View File

@ -42,7 +42,7 @@ static int redirect_tg_check(const struct xt_tgchk_param *par)
}
static unsigned int
redirect_tg(struct sk_buff *skb, const struct xt_target_param *par)
redirect_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
struct nf_conn *ct;
enum ip_conntrack_info ctinfo;

2
net/ipv4/netfilter/ipt_REJECT.c
View File

@ -136,7 +136,7 @@ static inline void send_unreach(struct sk_buff *skb_in, int code)
}
static unsigned int
reject_tg(struct sk_buff *skb, const struct xt_target_param *par)
reject_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ipt_reject_info *reject = par->targinfo;

2
net/ipv4/netfilter/ipt_ULOG.c
View File

@ -276,7 +276,7 @@ static void ipt_ulog_packet(unsigned int hooknum,
}
static unsigned int
ulog_tg(struct sk_buff *skb, const struct xt_target_param *par)
ulog_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
ipt_ulog_packet(par->hooknum, skb, par->in, par->out,
par->targinfo, NULL);

4
net/ipv4/netfilter/ipt_addrtype.c
View File

@ -30,7 +30,7 @@ static inline bool match_type(struct net *net, const struct net_device *dev,
}
static bool
addrtype_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par)
addrtype_mt_v0(const struct sk_buff *skb, struct xt_action_param *par)
{
struct net *net = dev_net(par->in ? par->in : par->out);
const struct ipt_addrtype_info *info = par->matchinfo;
@ -48,7 +48,7 @@ addrtype_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par)
}
static bool
addrtype_mt_v1(const struct sk_buff *skb, const struct xt_match_param *par)
addrtype_mt_v1(const struct sk_buff *skb, struct xt_action_param *par)
{
struct net *net = dev_net(par->in ? par->in : par->out);
const struct ipt_addrtype_info_v1 *info = par->matchinfo;

4
net/ipv4/netfilter/ipt_ah.c
View File

@ -30,7 +30,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
return r;
}
static bool ah_mt(const struct sk_buff *skb, const struct xt_match_param *par)
static bool ah_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
struct ip_auth_hdr _ahdr;
const struct ip_auth_hdr *ah;
@ -46,7 +46,7 @@ static bool ah_mt(const struct sk_buff *skb, const struct xt_match_param *par)
* can't. Hence, no choice but to drop.
*/
pr_debug("Dropping evil AH tinygram.\n");
*par->hotdrop = true;
par->hotdrop = true;
return 0;
}

4
net/ipv4/netfilter/ipt_ecn.c
View File

@ -67,7 +67,7 @@ static inline bool match_tcp(const struct sk_buff *skb,
return true;
}
static bool ecn_mt(const struct sk_buff *skb, const struct xt_match_param *par)
static bool ecn_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ipt_ecn_info *info = par->matchinfo;
@ -78,7 +78,7 @@ static bool ecn_mt(const struct sk_buff *skb, const struct xt_match_param *par)
if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) {
if (ip_hdr(skb)->protocol != IPPROTO_TCP)
return false;
if (!match_tcp(skb, info, par->hotdrop))
if (!match_tcp(skb, info, &par->hotdrop))
return false;
}

2
net/ipv4/netfilter/iptable_filter.c
View File

@ -89,7 +89,7 @@ static int __init iptable_filter_init(void)
int ret;
if (forward < 0 || forward > NF_MAX_VERDICT) {
printk("iptables forward must be 0 or 1\n");
pr_err("iptables forward must be 0 or 1\n");
return -EINVAL;
}

10
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
View File

@ -382,32 +382,32 @@ static int __init nf_conntrack_l3proto_ipv4_init(void)
ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_tcp4);
if (ret < 0) {
printk("nf_conntrack_ipv4: can't register tcp.\n");
pr_err("nf_conntrack_ipv4: can't register tcp.\n");
goto cleanup_sockopt;
}
ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_udp4);
if (ret < 0) {
printk("nf_conntrack_ipv4: can't register udp.\n");
pr_err("nf_conntrack_ipv4: can't register udp.\n");
goto cleanup_tcp;
}
ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_icmp);
if (ret < 0) {
printk("nf_conntrack_ipv4: can't register icmp.\n");
pr_err("nf_conntrack_ipv4: can't register icmp.\n");
goto cleanup_udp;
}
ret = nf_conntrack_l3proto_register(&nf_conntrack_l3proto_ipv4);
if (ret < 0) {
printk("nf_conntrack_ipv4: can't register ipv4\n");
pr_err("nf_conntrack_ipv4: can't register ipv4\n");
goto cleanup_icmp;
}
ret = nf_register_hooks(ipv4_conntrack_ops,
ARRAY_SIZE(ipv4_conntrack_ops));
if (ret < 0) {
printk("nf_conntrack_ipv4: can't register hooks.\n");
pr_err("nf_conntrack_ipv4: can't register hooks.\n");
goto cleanup_ipv4;
}
#if defined(CONFIG_PROC_FS) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)

16
net/ipv4/netfilter/nf_nat_h323.c
View File

@ -43,7 +43,7 @@ static int set_addr(struct sk_buff *skb,
addroff, sizeof(buf),
(char *) &buf, sizeof(buf))) {
if (net_ratelimit())
printk("nf_nat_h323: nf_nat_mangle_tcp_packet"
pr_notice("nf_nat_h323: nf_nat_mangle_tcp_packet"
" error\n");
return -1;
}
@ -59,7 +59,7 @@ static int set_addr(struct sk_buff *skb,
addroff, sizeof(buf),
(char *) &buf, sizeof(buf))) {
if (net_ratelimit())
printk("nf_nat_h323: nf_nat_mangle_udp_packet"
pr_notice("nf_nat_h323: nf_nat_mangle_udp_packet"
" error\n");
return -1;
}
@ -215,7 +215,7 @@ static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
/* Run out of expectations */
if (i >= H323_RTP_CHANNEL_MAX) {
if (net_ratelimit())
printk("nf_nat_h323: out of expectations\n");
pr_notice("nf_nat_h323: out of expectations\n");
return 0;
}
@ -234,7 +234,7 @@ static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
if (nated_port == 0) { /* No port available */
if (net_ratelimit())
printk("nf_nat_h323: out of RTP ports\n");
pr_notice("nf_nat_h323: out of RTP ports\n");
return 0;
}
@ -291,7 +291,7 @@ static int nat_t120(struct sk_buff *skb, struct nf_conn *ct,
if (nated_port == 0) { /* No port available */
if (net_ratelimit())
printk("nf_nat_h323: out of TCP ports\n");
pr_notice("nf_nat_h323: out of TCP ports\n");
return 0;
}
@ -341,7 +341,7 @@ static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
if (nated_port == 0) { /* No port available */
if (net_ratelimit())
printk("nf_nat_q931: out of TCP ports\n");
pr_notice("nf_nat_q931: out of TCP ports\n");
return 0;
}
@ -425,7 +425,7 @@ static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
if (nated_port == 0) { /* No port available */
if (net_ratelimit())
printk("nf_nat_ras: out of TCP ports\n");
pr_notice("nf_nat_ras: out of TCP ports\n");
return 0;
}
@ -507,7 +507,7 @@ static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
if (nated_port == 0) { /* No port available */
if (net_ratelimit())
printk("nf_nat_q931: out of TCP ports\n");
pr_notice("nf_nat_q931: out of TCP ports\n");
return 0;
}

4
net/ipv4/netfilter/nf_nat_rule.c
View File

@ -39,7 +39,7 @@ static const struct xt_table nat_table = {
/* Source NAT */
static unsigned int
ipt_snat_target(struct sk_buff *skb, const struct xt_target_param *par)
ipt_snat_target(struct sk_buff *skb, const struct xt_action_param *par)
{
struct nf_conn *ct;
enum ip_conntrack_info ctinfo;
@ -58,7 +58,7 @@ ipt_snat_target(struct sk_buff *skb, const struct xt_target_param *par)
}
static unsigned int
ipt_dnat_target(struct sk_buff *skb, const struct xt_target_param *par)
ipt_dnat_target(struct sk_buff *skb, const struct xt_action_param *par)
{
struct nf_conn *ct;
enum ip_conntrack_info ctinfo;

16
net/ipv4/netfilter/nf_nat_snmp_basic.c
View File

@ -401,7 +401,7 @@ static unsigned char asn1_octets_decode(struct asn1_ctx *ctx,
*octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC);
if (*octets == NULL) {
if (net_ratelimit())
printk("OOM in bsalg (%d)\n", __LINE__);
pr_notice("OOM in bsalg (%d)\n", __LINE__);
return 0;
}
@ -452,7 +452,7 @@ static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
*oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC);
if (*oid == NULL) {
if (net_ratelimit())
printk("OOM in bsalg (%d)\n", __LINE__);
pr_notice("OOM in bsalg (%d)\n", __LINE__);
return 0;
}
@ -729,7 +729,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
if (*obj == NULL) {
kfree(id);
if (net_ratelimit())
printk("OOM in bsalg (%d)\n", __LINE__);
pr_notice("OOM in bsalg (%d)\n", __LINE__);
return 0;
}
(*obj)->syntax.l[0] = l;
@ -746,7 +746,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
kfree(p);
kfree(id);
if (net_ratelimit())
printk("OOM in bsalg (%d)\n", __LINE__);
pr_notice("OOM in bsalg (%d)\n", __LINE__);
return 0;
}
memcpy((*obj)->syntax.c, p, len);
@ -761,7 +761,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
if (*obj == NULL) {
kfree(id);
if (net_ratelimit())
printk("OOM in bsalg (%d)\n", __LINE__);
pr_notice("OOM in bsalg (%d)\n", __LINE__);
return 0;
}
if (!asn1_null_decode(ctx, end)) {
@ -782,7 +782,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
kfree(lp);
kfree(id);
if (net_ratelimit())
printk("OOM in bsalg (%d)\n", __LINE__);
pr_notice("OOM in bsalg (%d)\n", __LINE__);
return 0;
}
memcpy((*obj)->syntax.ul, lp, len);
@ -803,7 +803,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
kfree(p);
kfree(id);
if (net_ratelimit())
printk("OOM in bsalg (%d)\n", __LINE__);
pr_notice("OOM in bsalg (%d)\n", __LINE__);
return 0;
}
memcpy((*obj)->syntax.uc, p, len);
@ -821,7 +821,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
if (*obj == NULL) {
kfree(id);
if (net_ratelimit())
printk("OOM in bsalg (%d)\n", __LINE__);
pr_notice("OOM in bsalg (%d)\n", __LINE__);
return 0;
}
(*obj)->syntax.ul[0] = ul;

4
net/ipv4/netfilter/nf_nat_standalone.c
View File

@ -293,12 +293,12 @@ static int __init nf_nat_standalone_init(void)
#endif
ret = nf_nat_rule_init();
if (ret < 0) {
printk("nf_nat_init: can't setup rules.\n");
pr_err("nf_nat_init: can't setup rules.\n");
goto cleanup_decode_session;
}
ret = nf_register_hooks(nf_nat_ops, ARRAY_SIZE(nf_nat_ops));
if (ret < 0) {
printk("nf_nat_init: can't register hooks.\n");
pr_err("nf_nat_init: can't register hooks.\n");
goto cleanup_rule_init;
}
return ret;

1
net/ipv6/netfilter/ip6_queue.c
View File

@ -462,7 +462,6 @@ __ipq_rcv_skb(struct sk_buff *skb)
if (flags & NLM_F_ACK)
netlink_ack(skb, nlh, 0);
return;
}
static void

127
net/ipv6/netfilter/ip6_tables.c
View File

@ -52,12 +52,7 @@ MODULE_DESCRIPTION("IPv6 packet filter");
#endif
#ifdef CONFIG_NETFILTER_DEBUG
#define IP_NF_ASSERT(x) \
do { \
if (!(x)) \
printk("IP_NF_ASSERT: %s:%s:%u\n", \
__func__, __FILE__, __LINE__); \
} while(0)
#define IP_NF_ASSERT(x) WARN_ON(!(x))
#else
#define IP_NF_ASSERT(x)
#endif
@ -197,7 +192,7 @@ ip6_checkentry(const struct ip6t_ip6 *ipv6)
}
static unsigned int
ip6t_error(struct sk_buff *skb, const struct xt_target_param *par)
ip6t_error(struct sk_buff *skb, const struct xt_action_param *par)
{
if (net_ratelimit())
pr_info("error: `%s'\n", (const char *)par->targinfo);
@ -205,21 +200,6 @@ ip6t_error(struct sk_buff *skb, const struct xt_target_param *par)
return NF_DROP;
}
/* Performance critical - called for every packet */
static inline bool
do_match(const struct ip6t_entry_match *m, const struct sk_buff *skb,
struct xt_match_param *par)
{
par->match = m->u.kernel.match;
par->matchinfo = m->data;
/* Stop iteration if it doesn't match */
if (!m->u.kernel.match->match(skb, par))
return true;
else
return false;
}
static inline struct ip6t_entry *
get_entry(const void *base, unsigned int offset)
{
@ -352,7 +332,6 @@ ip6t_do_table(struct sk_buff *skb,
struct xt_table *table)
{
static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));
bool hotdrop = false;
/* Initializing verdict to NF_DROP keeps gcc happy. */
unsigned int verdict = NF_DROP;
const char *indev, *outdev;
@ -360,8 +339,7 @@ ip6t_do_table(struct sk_buff *skb,
struct ip6t_entry *e, **jumpstack;
unsigned int *stackptr, origptr, cpu;
const struct xt_table_info *private;
struct xt_match_param mtpar;
struct xt_target_param tgpar;
struct xt_action_param acpar;
/* Initialization */
indev = in ? in->name : nulldevname;
@ -372,11 +350,11 @@ ip6t_do_table(struct sk_buff *skb,
* things we don't know, ie. tcp syn flag or ports). If the
* rule is also a fragment-specific rule, non-fragments won't
* match it. */
mtpar.hotdrop = &hotdrop;
mtpar.in = tgpar.in = in;
mtpar.out = tgpar.out = out;
mtpar.family = tgpar.family = NFPROTO_IPV6;
mtpar.hooknum = tgpar.hooknum = hook;
acpar.hotdrop = false;
acpar.in = in;
acpar.out = out;
acpar.family = NFPROTO_IPV6;
acpar.hooknum = hook;
IP_NF_ASSERT(table->valid_hooks & (1 << hook));
@ -396,15 +374,18 @@ ip6t_do_table(struct sk_buff *skb,
IP_NF_ASSERT(e);
if (!ip6_packet_match(skb, indev, outdev, &e->ipv6,
&mtpar.thoff, &mtpar.fragoff, &hotdrop)) {
&acpar.thoff, &acpar.fragoff, &acpar.hotdrop)) {
no_match:
e = ip6t_next_entry(e);
continue;
}
xt_ematch_foreach(ematch, e)
if (do_match(ematch, skb, &mtpar) != 0)
xt_ematch_foreach(ematch, e) {
acpar.match = ematch->u.kernel.match;
acpar.matchinfo = ematch->data;
if (!acpar.match->match(skb, &acpar))
goto no_match;
}
ADD_COUNTER(e->counters,
ntohs(ipv6_hdr(skb)->payload_len) +
@ -451,16 +432,16 @@ ip6t_do_table(struct sk_buff *skb,
continue;
}
tgpar.target = t->u.kernel.target;
tgpar.targinfo = t->data;
acpar.target = t->u.kernel.target;
acpar.targinfo = t->data;
verdict = t->u.kernel.target->target(skb, &tgpar);
verdict = t->u.kernel.target->target(skb, &acpar);
if (verdict == IP6T_CONTINUE)
e = ip6t_next_entry(e);
else
/* Verdict */
break;
} while (!hotdrop);
} while (!acpar.hotdrop);
xt_info_rdunlock_bh();
*stackptr = origptr;
@ -468,7 +449,7 @@ ip6t_do_table(struct sk_buff *skb,
#ifdef DEBUG_ALLOW_ALL
return NF_ACCEPT;
#else
if (hotdrop)
if (acpar.hotdrop)
return NF_DROP;
else return verdict;
#endif
@ -500,7 +481,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
int visited = e->comefrom & (1 << hook);
if (e->comefrom & (1 << NF_INET_NUMHOOKS)) {
printk("iptables: loop hook %u pos %u %08X.\n",
pr_err("iptables: loop hook %u pos %u %08X.\n",
hook, pos, e->comefrom);
return 0;
}
@ -2167,7 +2148,7 @@ icmp6_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code,
}
static bool
icmp6_match(const struct sk_buff *skb, const struct xt_match_param *par)
icmp6_match(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct icmp6hdr *ic;
struct icmp6hdr _icmph;
@ -2183,7 +2164,7 @@ icmp6_match(const struct sk_buff *skb, const struct xt_match_param *par)
* can't. Hence, no choice but to drop.
*/
duprintf("Dropping evil ICMP tinygram.\n");
*par->hotdrop = true;
par->hotdrop = true;
return false;
}
@ -2204,22 +2185,23 @@ static int icmp6_checkentry(const struct xt_mtchk_param *par)
}
/* The built-in targets: standard (NULL) and error. */
static struct xt_target ip6t_standard_target __read_mostly = {
.name = IP6T_STANDARD_TARGET,
.targetsize = sizeof(int),
.family = NFPROTO_IPV6,
static struct xt_target ip6t_builtin_tg[] __read_mostly = {
{
.name = IP6T_STANDARD_TARGET,
.targetsize = sizeof(int),
.family = NFPROTO_IPV6,
#ifdef CONFIG_COMPAT
.compatsize = sizeof(compat_int_t),
.compat_from_user = compat_standard_from_user,
.compat_to_user = compat_standard_to_user,
.compatsize = sizeof(compat_int_t),
.compat_from_user = compat_standard_from_user,
.compat_to_user = compat_standard_to_user,
#endif
};
static struct xt_target ip6t_error_target __read_mostly = {
.name = IP6T_ERROR_TARGET,
.target = ip6t_error,
.targetsize = IP6T_FUNCTION_MAXNAMELEN,
.family = NFPROTO_IPV6,
},
{
.name = IP6T_ERROR_TARGET,
.target = ip6t_error,
.targetsize = IP6T_FUNCTION_MAXNAMELEN,
.family = NFPROTO_IPV6,
},
};
static struct nf_sockopt_ops ip6t_sockopts = {
@ -2239,13 +2221,15 @@ static struct nf_sockopt_ops ip6t_sockopts = {
.owner = THIS_MODULE,
};
static struct xt_match icmp6_matchstruct __read_mostly = {
.name = "icmp6",
.match = icmp6_match,
.matchsize = sizeof(struct ip6t_icmp),
.checkentry = icmp6_checkentry,
.proto = IPPROTO_ICMPV6,
.family = NFPROTO_IPV6,
static struct xt_match ip6t_builtin_mt[] __read_mostly = {
{
.name = "icmp6",
.match = icmp6_match,
.matchsize = sizeof(struct ip6t_icmp),
.checkentry = icmp6_checkentry,
.proto = IPPROTO_ICMPV6,
.family = NFPROTO_IPV6,
},
};
static int __net_init ip6_tables_net_init(struct net *net)
@ -2272,13 +2256,10 @@ static int __init ip6_tables_init(void)
goto err1;
/* Noone else will be downing sem now, so we won't sleep */
ret = xt_register_target(&ip6t_standard_target);
ret = xt_register_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg));
if (ret < 0)
goto err2;
ret = xt_register_target(&ip6t_error_target);
if (ret < 0)
goto err3;
ret = xt_register_match(&icmp6_matchstruct);
ret = xt_register_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt));
if (ret < 0)
goto err4;
@ -2291,11 +2272,9 @@ static int __init ip6_tables_init(void)
return 0;
err5:
xt_unregister_match(&icmp6_matchstruct);
xt_unregister_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt));
err4:
xt_unregister_target(&ip6t_error_target);
err3:
xt_unregister_target(&ip6t_standard_target);
xt_unregister_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg));
err2:
unregister_pernet_subsys(&ip6_tables_net_ops);
err1:
@ -2306,10 +2285,8 @@ static void __exit ip6_tables_fini(void)
{
nf_unregister_sockopt(&ip6t_sockopts);
xt_unregister_match(&icmp6_matchstruct);
xt_unregister_target(&ip6t_error_target);
xt_unregister_target(&ip6t_standard_target);
xt_unregister_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt));
xt_unregister_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg));
unregister_pernet_subsys(&ip6_tables_net_ops);
}

2
net/ipv6/netfilter/ip6t_LOG.c
View File

@ -436,7 +436,7 @@ ip6t_log_packet(u_int8_t pf,
}
static unsigned int
log_tg6(struct sk_buff *skb, const struct xt_target_param *par)
log_tg6(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ip6t_log_info *loginfo = par->targinfo;
struct nf_loginfo li;

2
net/ipv6/netfilter/ip6t_REJECT.c
View File

@ -175,7 +175,7 @@ send_unreach(struct net *net, struct sk_buff *skb_in, unsigned char code,
}
static unsigned int
reject_tg6(struct sk_buff *skb, const struct xt_target_param *par)
reject_tg6(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ip6t_reject_info *reject = par->targinfo;
struct net *net = dev_net((par->in != NULL) ? par->in : par->out);

6
net/ipv6/netfilter/ip6t_ah.c
View File

@ -36,7 +36,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
return r;
}
static bool ah_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
static bool ah_mt6(const struct sk_buff *skb, struct xt_action_param *par)
{
struct ip_auth_hdr _ah;
const struct ip_auth_hdr *ah;
@ -48,13 +48,13 @@ static bool ah_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
err = ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL);
if (err < 0) {
if (err != -ENOENT)
*par->hotdrop = true;
par->hotdrop = true;
return false;
}
ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
if (ah == NULL) {
*par->hotdrop = true;
par->hotdrop = true;
return false;
}

4
net/ipv6/netfilter/ip6t_eui64.c
View File

@ -20,14 +20,14 @@ MODULE_LICENSE("GPL");
MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
static bool
eui64_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
eui64_mt6(const struct sk_buff *skb, struct xt_action_param *par)
{
unsigned char eui64[8];
if (!(skb_mac_header(skb) >= skb->head &&
skb_mac_header(skb) + ETH_HLEN <= skb->data) &&
par->fragoff != 0) {
*par->hotdrop = true;
par->hotdrop = true;
return false;
}

6
net/ipv6/netfilter/ip6t_frag.c
View File

@ -35,7 +35,7 @@ id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
}
static bool
frag_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
frag_mt6(const struct sk_buff *skb, struct xt_action_param *par)
{
struct frag_hdr _frag;
const struct frag_hdr *fh;
@ -46,13 +46,13 @@ frag_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
err = ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL);
if (err < 0) {
if (err != -ENOENT)
*par->hotdrop = true;
par->hotdrop = true;
return false;
}
fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
if (fh == NULL) {
*par->hotdrop = true;
par->hotdrop = true;
return false;
}

6
net/ipv6/netfilter/ip6t_hbh.c
View File

@ -44,7 +44,7 @@ MODULE_ALIAS("ip6t_dst");
static struct xt_match hbh_mt6_reg[] __read_mostly;
static bool
hbh_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
hbh_mt6(const struct sk_buff *skb, struct xt_action_param *par)
{
struct ipv6_opt_hdr _optsh;
const struct ipv6_opt_hdr *oh;
@ -65,13 +65,13 @@ hbh_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
NEXTHDR_HOP : NEXTHDR_DEST, NULL);
if (err < 0) {
if (err != -ENOENT)
*par->hotdrop = true;
par->hotdrop = true;
return false;
}
oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
if (oh == NULL) {
*par->hotdrop = true;
par->hotdrop = true;
return false;
}

2
net/ipv6/netfilter/ip6t_ipv6header.c
View File

@ -27,7 +27,7 @@ MODULE_DESCRIPTION("Xtables: IPv6 header types match");
MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
static bool
ipv6header_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
ipv6header_mt6(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ip6t_ipv6header_info *info = par->matchinfo;
unsigned int temp;

6
net/ipv6/netfilter/ip6t_mh.c
View File

@ -32,7 +32,7 @@ type_match(u_int8_t min, u_int8_t max, u_int8_t type, bool invert)
return (type >= min && type <= max) ^ invert;
}
static bool mh_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
static bool mh_mt6(const struct sk_buff *skb, struct xt_action_param *par)
{
struct ip6_mh _mh;
const struct ip6_mh *mh;
@ -47,14 +47,14 @@ static bool mh_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
/* We've been asked to examine this packet, and we
can't. Hence, no choice but to drop. */
pr_debug("Dropping evil MH tinygram.\n");
*par->hotdrop = true;
par->hotdrop = true;
return false;
}
if (mh->ip6mh_proto != IPPROTO_NONE) {
pr_debug("Dropping invalid MH Payload Proto: %u\n",
mh->ip6mh_proto);
*par->hotdrop = true;
par->hotdrop = true;
return false;
}

6
net/ipv6/netfilter/ip6t_rt.c
View File

@ -36,7 +36,7 @@ segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
return r;
}
static bool rt_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
static bool rt_mt6(const struct sk_buff *skb, struct xt_action_param *par)
{
struct ipv6_rt_hdr _route;
const struct ipv6_rt_hdr *rh;
@ -52,13 +52,13 @@ static bool rt_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
err = ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL);
if (err < 0) {
if (err != -ENOENT)
*par->hotdrop = true;
par->hotdrop = true;
return false;
}
rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
if (rh == NULL) {
*par->hotdrop = true;
par->hotdrop = true;
return false;
}

2
net/ipv6/netfilter/ip6table_filter.c
View File

@ -81,7 +81,7 @@ static int __init ip6table_filter_init(void)
int ret;
if (forward < 0 || forward > NF_MAX_VERDICT) {
printk("iptables forward must be 0 or 1\n");
pr_err("iptables forward must be 0 or 1\n");
return -EINVAL;
}

2
net/ipv6/netfilter/ip6table_mangle.c
View File

@ -43,7 +43,7 @@ ip6t_mangle_out(struct sk_buff *skb, const struct net_device *out)
if (skb->len < sizeof(struct iphdr) ||
ip_hdrlen(skb) < sizeof(struct iphdr)) {
if (net_ratelimit())
printk("ip6t_hook: happy cracking.\n");
pr_warning("ip6t_hook: happy cracking.\n");
return NF_ACCEPT;
}
#endif

14
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
View File

@ -280,7 +280,7 @@ static unsigned int ipv6_conntrack_local(unsigned int hooknum,
/* root is playing with raw sockets. */
if (skb->len < sizeof(struct ipv6hdr)) {
if (net_ratelimit())
printk("ipv6_conntrack_local: packet too short\n");
pr_notice("ipv6_conntrack_local: packet too short\n");
return NF_ACCEPT;
}
return __ipv6_conntrack_in(dev_net(out), hooknum, skb, okfn);
@ -406,37 +406,37 @@ static int __init nf_conntrack_l3proto_ipv6_init(void)
ret = nf_ct_frag6_init();
if (ret < 0) {
printk("nf_conntrack_ipv6: can't initialize frag6.\n");
pr_err("nf_conntrack_ipv6: can't initialize frag6.\n");
return ret;
}
ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_tcp6);
if (ret < 0) {
printk("nf_conntrack_ipv6: can't register tcp.\n");
pr_err("nf_conntrack_ipv6: can't register tcp.\n");
goto cleanup_frag6;
}
ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_udp6);
if (ret < 0) {
printk("nf_conntrack_ipv6: can't register udp.\n");
pr_err("nf_conntrack_ipv6: can't register udp.\n");
goto cleanup_tcp;
}
ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_icmpv6);
if (ret < 0) {
printk("nf_conntrack_ipv6: can't register icmpv6.\n");
pr_err("nf_conntrack_ipv6: can't register icmpv6.\n");
goto cleanup_udp;
}
ret = nf_conntrack_l3proto_register(&nf_conntrack_l3proto_ipv6);
if (ret < 0) {
printk("nf_conntrack_ipv6: can't register ipv6\n");
pr_err("nf_conntrack_ipv6: can't register ipv6\n");
goto cleanup_icmpv6;
}
ret = nf_register_hooks(ipv6_conntrack_ops,
ARRAY_SIZE(ipv6_conntrack_ops));
if (ret < 0) {
printk("nf_conntrack_ipv6: can't register pre-routing defrag "
pr_err("nf_conntrack_ipv6: can't register pre-routing defrag "
"hook.\n");
goto cleanup_ipv6;
}

2
net/netfilter/nf_conntrack_amanda.c
View File

@ -108,7 +108,7 @@ static int amanda_help(struct sk_buff *skb,
dataoff = protoff + sizeof(struct udphdr);
if (dataoff >= skb->len) {
if (net_ratelimit())
printk("amanda_help: skblen = %u\n", skb->len);
printk(KERN_ERR "amanda_help: skblen = %u\n", skb->len);
return NF_ACCEPT;
}

2
net/netfilter/nf_conntrack_core.c
View File

@ -1335,7 +1335,7 @@ static int nf_conntrack_init_init_net(void)
}
nf_conntrack_max = max_factor * nf_conntrack_htable_size;
printk("nf_conntrack version %s (%u buckets, %d max)\n",
printk(KERN_INFO "nf_conntrack version %s (%u buckets, %d max)\n",
NF_CONNTRACK_VERSION, nf_conntrack_htable_size,
nf_conntrack_max);

4
net/netfilter/nf_conntrack_ftp.c
View File

@ -573,8 +573,8 @@ static int __init nf_conntrack_ftp_init(void)
ftp[i][j].tuple.src.l3num, ports[i]);
ret = nf_conntrack_helper_register(&ftp[i][j]);
if (ret) {
printk("nf_ct_ftp: failed to register helper "
" for pf: %d port: %d\n",
printk(KERN_ERR "nf_ct_ftp: failed to register"
" helper for pf: %d port: %d\n",
ftp[i][j].tuple.src.l3num, ports[i]);
nf_conntrack_ftp_fini();
return ret;

6
net/netfilter/nf_conntrack_h323_main.c
View File

@ -607,7 +607,7 @@ static int h245_help(struct sk_buff *skb, unsigned int protoff,
drop:
spin_unlock_bh(&nf_h323_lock);
if (net_ratelimit())
printk("nf_ct_h245: packet dropped\n");
pr_info("nf_ct_h245: packet dropped\n");
return NF_DROP;
}
@ -1152,7 +1152,7 @@ static int q931_help(struct sk_buff *skb, unsigned int protoff,
drop:
spin_unlock_bh(&nf_h323_lock);
if (net_ratelimit())
printk("nf_ct_q931: packet dropped\n");
pr_info("nf_ct_q931: packet dropped\n");
return NF_DROP;
}
@ -1727,7 +1727,7 @@ static int ras_help(struct sk_buff *skb, unsigned int protoff,
drop:
spin_unlock_bh(&nf_h323_lock);
if (net_ratelimit())
printk("nf_ct_ras: packet dropped\n");
pr_info("nf_ct_ras: packet dropped\n");
return NF_DROP;
}

4
net/netfilter/nf_conntrack_irc.c
View File

@ -235,7 +235,7 @@ static int __init nf_conntrack_irc_init(void)
char *tmpname;
if (max_dcc_channels < 1) {
printk("nf_ct_irc: max_dcc_channels must not be zero\n");
printk(KERN_ERR "nf_ct_irc: max_dcc_channels must not be zero\n");
return -EINVAL;
}
@ -267,7 +267,7 @@ static int __init nf_conntrack_irc_init(void)
ret = nf_conntrack_helper_register(&irc[i]);
if (ret) {
printk("nf_ct_irc: failed to register helper "
printk(KERN_ERR "nf_ct_irc: failed to register helper "
"for pf: %u port: %u\n",
irc[i].tuple.src.l3num, ports[i]);
nf_conntrack_irc_fini();

13
net/netfilter/nf_conntrack_netlink.c
View File

@ -2057,29 +2057,29 @@ static int __init ctnetlink_init(void)
{
int ret;
printk("ctnetlink v%s: registering with nfnetlink.\n", version);
pr_info("ctnetlink v%s: registering with nfnetlink.\n", version);
ret = nfnetlink_subsys_register(&ctnl_subsys);
if (ret < 0) {
printk("ctnetlink_init: cannot register with nfnetlink.\n");
pr_err("ctnetlink_init: cannot register with nfnetlink.\n");
goto err_out;
}
ret = nfnetlink_subsys_register(&ctnl_exp_subsys);
if (ret < 0) {
printk("ctnetlink_init: cannot register exp with nfnetlink.\n");
pr_err("ctnetlink_init: cannot register exp with nfnetlink.\n");
goto err_unreg_subsys;
}
#ifdef CONFIG_NF_CONNTRACK_EVENTS
ret = nf_conntrack_register_notifier(&ctnl_notifier);
if (ret < 0) {
printk("ctnetlink_init: cannot register notifier.\n");
pr_err("ctnetlink_init: cannot register notifier.\n");
goto err_unreg_exp_subsys;
}
ret = nf_ct_expect_register_notifier(&ctnl_notifier_exp);
if (ret < 0) {
printk("ctnetlink_init: cannot expect register notifier.\n");
pr_err("ctnetlink_init: cannot expect register notifier.\n");
goto err_unreg_notifier;
}
#endif
@ -2100,7 +2100,7 @@ static int __init ctnetlink_init(void)
static void __exit ctnetlink_exit(void)
{
printk("ctnetlink: unregistering from nfnetlink.\n");
pr_info("ctnetlink: unregistering from nfnetlink.\n");
#ifdef CONFIG_NF_CONNTRACK_EVENTS
nf_ct_expect_unregister_notifier(&ctnl_notifier_exp);
@ -2109,7 +2109,6 @@ static void __exit ctnetlink_exit(void)
nfnetlink_subsys_unregister(&ctnl_exp_subsys);
nfnetlink_subsys_unregister(&ctnl_subsys);
return;
}
module_init(ctnetlink_init);

4
net/netfilter/nf_conntrack_proto_sctp.c
View File

@ -717,12 +717,12 @@ static int __init nf_conntrack_proto_sctp_init(void)
ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_sctp4);
if (ret) {
printk("nf_conntrack_l4proto_sctp4: protocol register failed\n");
pr_err("nf_conntrack_l4proto_sctp4: protocol register failed\n");
goto out;
}
ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_sctp6);
if (ret) {
printk("nf_conntrack_l4proto_sctp6: protocol register failed\n");
pr_err("nf_conntrack_l4proto_sctp6: protocol register failed\n");
goto cleanup_sctp4;
}

4
net/netfilter/nf_conntrack_sip.c
View File

@ -1549,8 +1549,8 @@ static int __init nf_conntrack_sip_init(void)
ret = nf_conntrack_helper_register(&sip[i][j]);
if (ret) {
printk("nf_ct_sip: failed to register helper "
"for pf: %u port: %u\n",
printk(KERN_ERR "nf_ct_sip: failed to register"
" helper for pf: %u port: %u\n",
sip[i][j].tuple.src.l3num, ports[i]);
nf_conntrack_sip_fini();
return ret;

2
net/netfilter/nf_conntrack_standalone.c
View File

@ -446,7 +446,7 @@ static int nf_conntrack_standalone_init_sysctl(struct net *net)
if (net_eq(net, &init_net))
unregister_sysctl_table(nf_ct_netfilter_header);
out:
printk("nf_conntrack: can't register to sysctl.\n");
printk(KERN_ERR "nf_conntrack: can't register to sysctl.\n");
return -ENOMEM;
}

4
net/netfilter/nf_conntrack_tftp.c
View File

@ -138,8 +138,8 @@ static int __init nf_conntrack_tftp_init(void)
ret = nf_conntrack_helper_register(&tftp[i][j]);
if (ret) {
printk("nf_ct_tftp: failed to register helper "
"for pf: %u port: %u\n",
printk(KERN_ERR "nf_ct_tftp: failed to register"
" helper for pf: %u port: %u\n",
tftp[i][j].tuple.src.l3num, ports[i]);
nf_conntrack_tftp_fini();
return ret;

2
net/netfilter/nf_internals.h
View File

@ -6,7 +6,7 @@
#include <linux/netdevice.h>
#ifdef CONFIG_NETFILTER_DEBUG
#define NFDEBUG(format, args...) printk(format , ## args)
#define NFDEBUG(format, args...) printk(KERN_DEBUG format , ## args)
#else
#define NFDEBUG(format, args...)
#endif

1
net/netfilter/nf_queue.c
View File

@ -279,7 +279,6 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
}
rcu_read_unlock();
kfree(entry);
return;
}
EXPORT_SYMBOL(nf_reinject);

4
net/netfilter/nfnetlink.c
View File

@ -212,13 +212,13 @@ static struct pernet_operations nfnetlink_net_ops = {
static int __init nfnetlink_init(void)
{
printk("Netfilter messages via NETLINK v%s.\n", nfversion);
pr_info("Netfilter messages via NETLINK v%s.\n", nfversion);
return register_pernet_subsys(&nfnetlink_net_ops);
}
static void __exit nfnetlink_exit(void)
{
printk("Removing netfilter NETLINK layer.\n");
pr_info("Removing netfilter NETLINK layer.\n");
unregister_pernet_subsys(&nfnetlink_net_ops);
}
module_init(nfnetlink_init);

4
net/netfilter/nfnetlink_log.c
View File

@ -297,7 +297,7 @@ nfulnl_alloc_skb(unsigned int inst_size, unsigned int pkt_size)
n = max(inst_size, pkt_size);
skb = alloc_skb(n, GFP_ATOMIC);
if (!skb) {
PRINTR("nfnetlink_log: can't alloc whole buffer (%u bytes)\n",
pr_notice("nfnetlink_log: can't alloc whole buffer (%u bytes)\n",
inst_size);
if (n > pkt_size) {
@ -306,7 +306,7 @@ nfulnl_alloc_skb(unsigned int inst_size, unsigned int pkt_size)
skb = alloc_skb(pkt_size, GFP_ATOMIC);
if (!skb)
PRINTR("nfnetlink_log: can't even alloc %u "
pr_err("nfnetlink_log: can't even alloc %u "
"bytes\n", pkt_size);
}
}

2
net/netfilter/xt_CLASSIFY.c
View File

@ -27,7 +27,7 @@ MODULE_ALIAS("ipt_CLASSIFY");
MODULE_ALIAS("ip6t_CLASSIFY");
static unsigned int
classify_tg(struct sk_buff *skb, const struct xt_target_param *par)
classify_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_classify_target_info *clinfo = par->targinfo;

2
net/netfilter/xt_CONNSECMARK.c
View File

@ -64,7 +64,7 @@ static void secmark_restore(struct sk_buff *skb)
}
static unsigned int
connsecmark_tg(struct sk_buff *skb, const struct xt_target_param *par)
connsecmark_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_connsecmark_target_info *info = par->targinfo;

2
net/netfilter/xt_CT.c
View File

@ -20,7 +20,7 @@
#include <net/netfilter/nf_conntrack_zones.h>
static unsigned int xt_ct_target(struct sk_buff *skb,
const struct xt_target_param *par)
const struct xt_action_param *par)
{
const struct xt_ct_target_info *info = par->targinfo;
struct nf_conn *ct = info->ct;

8
net/netfilter/xt_DSCP.c
View File

@ -28,7 +28,7 @@ MODULE_ALIAS("ipt_TOS");
MODULE_ALIAS("ip6t_TOS");
static unsigned int
dscp_tg(struct sk_buff *skb, const struct xt_target_param *par)
dscp_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_DSCP_info *dinfo = par->targinfo;
u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
@ -45,7 +45,7 @@ dscp_tg(struct sk_buff *skb, const struct xt_target_param *par)
}
static unsigned int
dscp_tg6(struct sk_buff *skb, const struct xt_target_param *par)
dscp_tg6(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_DSCP_info *dinfo = par->targinfo;
u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT;
@ -72,7 +72,7 @@ static int dscp_tg_check(const struct xt_tgchk_param *par)
}
static unsigned int
tos_tg(struct sk_buff *skb, const struct xt_target_param *par)
tos_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_tos_target_info *info = par->targinfo;
struct iphdr *iph = ip_hdr(skb);
@ -92,7 +92,7 @@ tos_tg(struct sk_buff *skb, const struct xt_target_param *par)
}
static unsigned int
tos_tg6(struct sk_buff *skb, const struct xt_target_param *par)
tos_tg6(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_tos_target_info *info = par->targinfo;
struct ipv6hdr *iph = ipv6_hdr(skb);

4
net/netfilter/xt_HL.c
View File

@ -26,7 +26,7 @@ MODULE_DESCRIPTION("Xtables: Hoplimit/TTL Limit field modification target");
MODULE_LICENSE("GPL");
static unsigned int
ttl_tg(struct sk_buff *skb, const struct xt_target_param *par)
ttl_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
struct iphdr *iph;
const struct ipt_TTL_info *info = par->targinfo;
@ -66,7 +66,7 @@ ttl_tg(struct sk_buff *skb, const struct xt_target_param *par)
}
static unsigned int
hl_tg6(struct sk_buff *skb, const struct xt_target_param *par)
hl_tg6(struct sk_buff *skb, const struct xt_action_param *par)
{
struct ipv6hdr *ip6h;
const struct ip6t_HL_info *info = par->targinfo;

2
net/netfilter/xt_LED.c
View File

@ -49,7 +49,7 @@ struct xt_led_info_internal {
};
static unsigned int
led_tg(struct sk_buff *skb, const struct xt_target_param *par)
led_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_led_info *ledinfo = par->targinfo;
struct xt_led_info_internal *ledinternal = ledinfo->internal_data;

2
net/netfilter/xt_NFLOG.c
View File

@ -22,7 +22,7 @@ MODULE_ALIAS("ipt_NFLOG");
MODULE_ALIAS("ip6t_NFLOG");
static unsigned int
nflog_tg(struct sk_buff *skb, const struct xt_target_param *par)
nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_nflog_info *info = par->targinfo;
struct nf_loginfo li;

4
net/netfilter/xt_NFQUEUE.c
View File

@ -31,7 +31,7 @@ static u32 jhash_initval __read_mostly;
static bool rnd_inited __read_mostly;
static unsigned int
nfqueue_tg(struct sk_buff *skb, const struct xt_target_param *par)
nfqueue_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_NFQ_info *tinfo = par->targinfo;
@ -65,7 +65,7 @@ static u32 hash_v6(const struct sk_buff *skb)
#endif
static unsigned int
nfqueue_tg_v1(struct sk_buff *skb, const struct xt_target_param *par)
nfqueue_tg_v1(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_NFQ_info_v1 *info = par->targinfo;
u32 queue = info->queuenum;

2
net/netfilter/xt_NOTRACK.c
View File

@ -13,7 +13,7 @@ MODULE_ALIAS("ipt_NOTRACK");
MODULE_ALIAS("ip6t_NOTRACK");
static unsigned int
notrack_tg(struct sk_buff *skb, const struct xt_target_param *par)
notrack_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
/* Previously seen (loopback)? Ignore. */
if (skb->nfct != NULL)

2
net/netfilter/xt_RATEEST.c
View File

@ -73,7 +73,7 @@ void xt_rateest_put(struct xt_rateest *est)
EXPORT_SYMBOL_GPL(xt_rateest_put);
static unsigned int
xt_rateest_tg(struct sk_buff *skb, const struct xt_target_param *par)
xt_rateest_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_rateest_target_info *info = par->targinfo;
struct gnet_stats_basic_packed *stats = &info->est->bstats;

2
net/netfilter/xt_SECMARK.c
View File

@ -30,7 +30,7 @@ MODULE_ALIAS("ip6t_SECMARK");
static u8 mode;
static unsigned int
secmark_tg(struct sk_buff *skb, const struct xt_target_param *par)
secmark_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
u32 secmark = 0;
const struct xt_secmark_target_info *info = par->targinfo;

4
net/netfilter/xt_TCPMSS.c
View File

@ -172,7 +172,7 @@ static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
}
static unsigned int
tcpmss_tg4(struct sk_buff *skb, const struct xt_target_param *par)
tcpmss_tg4(struct sk_buff *skb, const struct xt_action_param *par)
{
struct iphdr *iph = ip_hdr(skb);
__be16 newlen;
@ -195,7 +195,7 @@ tcpmss_tg4(struct sk_buff *skb, const struct xt_target_param *par)
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
static unsigned int
tcpmss_tg6(struct sk_buff *skb, const struct xt_target_param *par)
tcpmss_tg6(struct sk_buff *skb, const struct xt_action_param *par)
{
struct ipv6hdr *ipv6h = ipv6_hdr(skb);
u8 nexthdr;

4
net/netfilter/xt_TCPOPTSTRIP.c
View File

@ -74,7 +74,7 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb,
}
static unsigned int
tcpoptstrip_tg4(struct sk_buff *skb, const struct xt_target_param *par)
tcpoptstrip_tg4(struct sk_buff *skb, const struct xt_action_param *par)
{
return tcpoptstrip_mangle_packet(skb, par->targinfo, ip_hdrlen(skb),
sizeof(struct iphdr) + sizeof(struct tcphdr));
@ -82,7 +82,7 @@ tcpoptstrip_tg4(struct sk_buff *skb, const struct xt_target_param *par)
#if defined(CONFIG_IP6_NF_MANGLE) || defined(CONFIG_IP6_NF_MANGLE_MODULE)
static unsigned int
tcpoptstrip_tg6(struct sk_buff *skb, const struct xt_target_param *par)
tcpoptstrip_tg6(struct sk_buff *skb, const struct xt_action_param *par)
{
struct ipv6hdr *ipv6h = ipv6_hdr(skb);
int tcphoff;

4
net/netfilter/xt_TEE.c
View File

@ -84,7 +84,7 @@ tee_tg_route4(struct sk_buff *skb, const struct xt_tee_tginfo *info)
}
static unsigned int
tee_tg4(struct sk_buff *skb, const struct xt_target_param *par)
tee_tg4(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_tee_tginfo *info = par->targinfo;
struct iphdr *iph;
@ -165,7 +165,7 @@ tee_tg_route6(struct sk_buff *skb, const struct xt_tee_tginfo *info)
}
static unsigned int
tee_tg6(struct sk_buff *skb, const struct xt_target_param *par)
tee_tg6(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_tee_tginfo *info = par->targinfo;

2
net/netfilter/xt_TPROXY.c
View File

@ -25,7 +25,7 @@
#include <net/netfilter/nf_tproxy_core.h>
static unsigned int
tproxy_tg(struct sk_buff *skb, const struct xt_target_param *par)
tproxy_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct iphdr *iph = ip_hdr(skb);
const struct xt_tproxy_target_info *tgi = par->targinfo;

2
net/netfilter/xt_TRACE.c
View File

@ -11,7 +11,7 @@ MODULE_ALIAS("ipt_TRACE");
MODULE_ALIAS("ip6t_TRACE");
static unsigned int
trace_tg(struct sk_buff *skb, const struct xt_target_param *par)
trace_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
skb->nf_trace = 1;
return XT_CONTINUE;

2
net/netfilter/xt_cluster.c
View File

@ -86,7 +86,7 @@ xt_cluster_is_multicast_addr(const struct sk_buff *skb, u_int8_t family)
}
static bool
xt_cluster_mt(const struct sk_buff *skb, const struct xt_match_param *par)
xt_cluster_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
struct sk_buff *pskb = (struct sk_buff *)skb;
const struct xt_cluster_match_info *info = par->matchinfo;

2
net/netfilter/xt_comment.c
View File

@ -16,7 +16,7 @@ MODULE_ALIAS("ipt_comment");
MODULE_ALIAS("ip6t_comment");
static bool
comment_mt(const struct sk_buff *skb, const struct xt_match_param *par)
comment_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
/* We always match */
return true;

2
net/netfilter/xt_connbytes.c
View File

@ -18,7 +18,7 @@ MODULE_ALIAS("ipt_connbytes");
MODULE_ALIAS("ip6t_connbytes");
static bool
connbytes_mt(const struct sk_buff *skb, const struct xt_match_param *par)
connbytes_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct xt_connbytes_info *sinfo = par->matchinfo;
const struct nf_conn *ct;

6
net/netfilter/xt_connlimit.c
View File

@ -173,7 +173,7 @@ static int count_them(struct net *net,
}
static bool
connlimit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
connlimit_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
struct net *net = dev_net(par->in ? par->in : par->out);
const struct xt_connlimit_info *info = par->matchinfo;
@ -206,14 +206,14 @@ connlimit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
if (connections < 0) {
/* kmalloc failed, drop it entirely */
*par->hotdrop = true;
par->hotdrop = true;
return false;
}
return (connections > info->limit) ^ info->inverse;
hotdrop:
*par->hotdrop = true;
par->hotdrop = true;
return false;
}

4
net/netfilter/xt_connmark.c
View File

@ -37,7 +37,7 @@ MODULE_ALIAS("ipt_connmark");
MODULE_ALIAS("ip6t_connmark");
static unsigned int
connmark_tg(struct sk_buff *skb, const struct xt_target_param *par)
connmark_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_connmark_tginfo1 *info = par->targinfo;
enum ip_conntrack_info ctinfo;
@ -91,7 +91,7 @@ static void connmark_tg_destroy(const struct xt_tgdtor_param *par)
}
static bool
connmark_mt(const struct sk_buff *skb, const struct xt_match_param *par)
connmark_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct xt_connmark_mtinfo1 *info = par->matchinfo;
enum ip_conntrack_info ctinfo;

6
net/netfilter/xt_conntrack.c
View File

@ -113,7 +113,7 @@ ct_proto_port_check(const struct xt_conntrack_mtinfo2 *info,
}
static bool
conntrack_mt(const struct sk_buff *skb, const struct xt_match_param *par,
conntrack_mt(const struct sk_buff *skb, struct xt_action_param *par,
u16 state_mask, u16 status_mask)
{
const struct xt_conntrack_mtinfo2 *info = par->matchinfo;
@ -191,7 +191,7 @@ conntrack_mt(const struct sk_buff *skb, const struct xt_match_param *par,
}
static bool
conntrack_mt_v1(const struct sk_buff *skb, const struct xt_match_param *par)
conntrack_mt_v1(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct xt_conntrack_mtinfo1 *info = par->matchinfo;
@ -199,7 +199,7 @@ conntrack_mt_v1(const struct sk_buff *skb, const struct xt_match_param *par)
}
static bool
conntrack_mt_v2(const struct sk_buff *skb, const struct xt_match_param *par)
conntrack_mt_v2(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct xt_conntrack_mtinfo2 *info = par->matchinfo;

6
net/netfilter/xt_dccp.c
View File

@ -96,7 +96,7 @@ match_option(u_int8_t option, const struct sk_buff *skb, unsigned int protoff,
}
static bool
dccp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
dccp_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct xt_dccp_info *info = par->matchinfo;
const struct dccp_hdr *dh;
@ -107,7 +107,7 @@ dccp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
dh = skb_header_pointer(skb, par->thoff, sizeof(_dh), &_dh);
if (dh == NULL) {
*par->hotdrop = true;
par->hotdrop = true;
return false;
}
@ -120,7 +120,7 @@ dccp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
&& DCCHECK(match_types(dh, info->typemask),
XT_DCCP_TYPE, info->flags, info->invflags)
&& DCCHECK(match_option(info->option, skb, par->thoff, dh,
par->hotdrop),
&par->hotdrop),
XT_DCCP_OPTION, info->flags, info->invflags);
}

6
net/netfilter/xt_dscp.c
View File

@ -25,7 +25,7 @@ MODULE_ALIAS("ipt_tos");
MODULE_ALIAS("ip6t_tos");
static bool
dscp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
dscp_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct xt_dscp_info *info = par->matchinfo;
u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
@ -34,7 +34,7 @@ dscp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
}
static bool
dscp_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
dscp_mt6(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct xt_dscp_info *info = par->matchinfo;
u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT;
@ -54,7 +54,7 @@ static int dscp_mt_check(const struct xt_mtchk_param *par)
return 0;
}
static bool tos_mt(const struct sk_buff *skb, const struct xt_match_param *par)
static bool tos_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct xt_tos_match_info *info = par->matchinfo;

4
net/netfilter/xt_esp.c
View File

@ -36,7 +36,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
return r;
}
static bool esp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
static bool esp_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ip_esp_hdr *eh;
struct ip_esp_hdr _esp;
@ -52,7 +52,7 @@ static bool esp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
* can't. Hence, no choice but to drop.
*/
pr_debug("Dropping evil ESP tinygram.\n");
*par->hotdrop = true;
par->hotdrop = true;
return false;
}

4
net/netfilter/xt_hashlimit.c
View File

@ -516,7 +516,7 @@ hashlimit_init_dst(const struct xt_hashlimit_htable *hinfo,
}
static bool
hashlimit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
hashlimit_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct xt_hashlimit_mtinfo1 *info = par->matchinfo;
struct xt_hashlimit_htable *hinfo = info->hinfo;
@ -562,7 +562,7 @@ hashlimit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
return info->cfg.mode & XT_HASHLIMIT_INVERT;
hotdrop:
*par->hotdrop = true;
par->hotdrop = true;
return false;
}

2
net/netfilter/xt_helper.c
View File

@ -24,7 +24,7 @@ MODULE_ALIAS("ip6t_helper");
static bool
helper_mt(const struct sk_buff *skb, const struct xt_match_param *par)
helper_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct xt_helper_info *info = par->matchinfo;
const struct nf_conn *ct;

4
net/netfilter/xt_hl.c
View File

@ -25,7 +25,7 @@ MODULE_LICENSE("GPL");
MODULE_ALIAS("ipt_ttl");
MODULE_ALIAS("ip6t_hl");
static bool ttl_mt(const struct sk_buff *skb, const struct xt_match_param *par)
static bool ttl_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ipt_ttl_info *info = par->matchinfo;
const u8 ttl = ip_hdr(skb)->ttl;
@ -44,7 +44,7 @@ static bool ttl_mt(const struct sk_buff *skb, const struct xt_match_param *par)
return false;
}
static bool hl_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
static bool hl_mt6(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ip6t_hl_info *info = par->matchinfo;
const struct ipv6hdr *ip6h = ipv6_hdr(skb);

4
net/netfilter/xt_iprange.c
View File

@ -17,7 +17,7 @@
#include <linux/netfilter/xt_iprange.h>
static bool
iprange_mt4(const struct sk_buff *skb, const struct xt_match_param *par)
iprange_mt4(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct xt_iprange_mtinfo *info = par->matchinfo;
const struct iphdr *iph = ip_hdr(skb);
@ -68,7 +68,7 @@ iprange_ipv6_sub(const struct in6_addr *a, const struct in6_addr *b)
}
static bool
iprange_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
iprange_mt6(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct xt_iprange_mtinfo *info = par->matchinfo;
const struct ipv6hdr *iph = ipv6_hdr(skb);

4
net/netfilter/xt_length.c
View File

@ -21,7 +21,7 @@ MODULE_ALIAS("ipt_length");
MODULE_ALIAS("ip6t_length");
static bool
length_mt(const struct sk_buff *skb, const struct xt_match_param *par)
length_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct xt_length_info *info = par->matchinfo;
u_int16_t pktlen = ntohs(ip_hdr(skb)->tot_len);
@ -30,7 +30,7 @@ length_mt(const struct sk_buff *skb, const struct xt_match_param *par)
}
static bool
length_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
length_mt6(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct xt_length_info *info = par->matchinfo;
const u_int16_t pktlen = ntohs(ipv6_hdr(skb)->payload_len) +

Some files were not shown because too many files have changed in this diff Show More