Commit ff67e4e4 authored by Jan Engelhardt's avatar Jan Engelhardt

netfilter: xt extensions: use pr_<level> (2)

Supplement to 1159683e.

Downgrade the log level to INFO for most checkentry messages as they
are, IMO, just an extra information to the -EINVAL code that is
returned as part of a parameter "constraint violation". Leave errors
to real errors, such as being unable to create a LED trigger.
Signed-off-by: default avatarJan Engelhardt <jengelh@medozas.de>
parent 0d345455
...@@ -7,6 +7,7 @@ ...@@ -7,6 +7,7 @@
* August, 2003 * August, 2003
* *
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/ip.h> #include <linux/ip.h>
#include <linux/if_arp.h> #include <linux/if_arp.h>
#include <linux/module.h> #include <linux/module.h>
...@@ -186,21 +187,17 @@ static bool ebt_among_mt_check(const struct xt_mtchk_param *par) ...@@ -186,21 +187,17 @@ static bool ebt_among_mt_check(const struct xt_mtchk_param *par)
expected_length += ebt_mac_wormhash_size(wh_src); expected_length += ebt_mac_wormhash_size(wh_src);
if (em->match_size != EBT_ALIGN(expected_length)) { if (em->match_size != EBT_ALIGN(expected_length)) {
printk(KERN_WARNING pr_info("wrong size: %d against expected %d, rounded to %Zd\n",
"ebtables: among: wrong size: %d "
"against expected %d, rounded to %Zd\n",
em->match_size, expected_length, em->match_size, expected_length,
EBT_ALIGN(expected_length)); EBT_ALIGN(expected_length));
return false; return false;
} }
if (wh_dst && (err = ebt_mac_wormhash_check_integrity(wh_dst))) { if (wh_dst && (err = ebt_mac_wormhash_check_integrity(wh_dst))) {
printk(KERN_WARNING pr_info("dst integrity fail: %x\n", -err);
"ebtables: among: dst integrity fail: %x\n", -err);
return false; return false;
} }
if (wh_src && (err = ebt_mac_wormhash_check_integrity(wh_src))) { if (wh_src && (err = ebt_mac_wormhash_check_integrity(wh_src))) {
printk(KERN_WARNING pr_info("src integrity fail: %x\n", -err);
"ebtables: among: src integrity fail: %x\n", -err);
return false; return false;
} }
return true; return true;
......
...@@ -10,6 +10,7 @@ ...@@ -10,6 +10,7 @@
* September, 2003 * September, 2003
* *
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>
#include <linux/netdevice.h> #include <linux/netdevice.h>
#include <linux/spinlock.h> #include <linux/spinlock.h>
...@@ -71,7 +72,7 @@ static bool ebt_limit_mt_check(const struct xt_mtchk_param *par) ...@@ -71,7 +72,7 @@ static bool ebt_limit_mt_check(const struct xt_mtchk_param *par)
/* Check for overflow. */ /* Check for overflow. */
if (info->burst == 0 || if (info->burst == 0 ||
user2credits(info->avg * info->burst) < user2credits(info->avg)) { user2credits(info->avg * info->burst) < user2credits(info->avg)) {
printk("Overflow in ebt_limit, try lower: %u/%u\n", pr_info("overflow, try lower: %u/%u\n",
info->avg, info->burst); info->avg, info->burst);
return false; return false;
} }
......
...@@ -27,7 +27,7 @@ ...@@ -27,7 +27,7 @@
* flushed even if it is not full yet. * flushed even if it is not full yet.
* *
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>
#include <linux/spinlock.h> #include <linux/spinlock.h>
#include <linux/socket.h> #include <linux/socket.h>
...@@ -43,9 +43,6 @@ ...@@ -43,9 +43,6 @@
#include <net/sock.h> #include <net/sock.h>
#include "../br_private.h" #include "../br_private.h"
#define PRINTR(format, args...) do { if (net_ratelimit()) \
printk(format , ## args); } while (0)
static unsigned int nlbufsiz = NLMSG_GOODSIZE; static unsigned int nlbufsiz = NLMSG_GOODSIZE;
module_param(nlbufsiz, uint, 0600); module_param(nlbufsiz, uint, 0600);
MODULE_PARM_DESC(nlbufsiz, "netlink buffer size (number of bytes) " MODULE_PARM_DESC(nlbufsiz, "netlink buffer size (number of bytes) "
...@@ -106,14 +103,13 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size) ...@@ -106,14 +103,13 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size)
n = max(size, nlbufsiz); n = max(size, nlbufsiz);
skb = alloc_skb(n, GFP_ATOMIC); skb = alloc_skb(n, GFP_ATOMIC);
if (!skb) { if (!skb) {
PRINTR(KERN_ERR "ebt_ulog: can't alloc whole buffer " pr_debug("cannot alloc whole buffer of size %ub!\n", n);
"of size %ub!\n", n);
if (n > size) { if (n > size) {
/* try to allocate only as much as we need for /* try to allocate only as much as we need for
* current packet */ * current packet */
skb = alloc_skb(size, GFP_ATOMIC); skb = alloc_skb(size, GFP_ATOMIC);
if (!skb) if (!skb)
PRINTR(KERN_ERR "ebt_ulog: can't even allocate " pr_debug("cannot even allocate "
"buffer of size %ub\n", size); "buffer of size %ub\n", size);
} }
} }
...@@ -141,8 +137,7 @@ static void ebt_ulog_packet(unsigned int hooknr, const struct sk_buff *skb, ...@@ -141,8 +137,7 @@ static void ebt_ulog_packet(unsigned int hooknr, const struct sk_buff *skb,
size = NLMSG_SPACE(sizeof(*pm) + copy_len); size = NLMSG_SPACE(sizeof(*pm) + copy_len);
if (size > nlbufsiz) { if (size > nlbufsiz) {
PRINTR("ebt_ulog: Size %Zd needed, but nlbufsiz=%d\n", pr_debug("Size %Zd needed, but nlbufsiz=%d\n", size, nlbufsiz);
size, nlbufsiz);
return; return;
} }
...@@ -216,7 +211,7 @@ static void ebt_ulog_packet(unsigned int hooknr, const struct sk_buff *skb, ...@@ -216,7 +211,7 @@ static void ebt_ulog_packet(unsigned int hooknr, const struct sk_buff *skb,
return; return;
nlmsg_failure: nlmsg_failure:
printk(KERN_CRIT "ebt_ulog: error during NLMSG_PUT. This should " pr_debug("error during NLMSG_PUT. This should "
"not happen, please report to author.\n"); "not happen, please report to author.\n");
goto unlock; goto unlock;
alloc_failure: alloc_failure:
...@@ -291,7 +286,7 @@ static int __init ebt_ulog_init(void) ...@@ -291,7 +286,7 @@ static int __init ebt_ulog_init(void)
int i; int i;
if (nlbufsiz >= 128*1024) { if (nlbufsiz >= 128*1024) {
printk(KERN_NOTICE "ebt_ulog: Netlink buffer has to be <= 128kB," pr_warning("Netlink buffer has to be <= 128kB,"
" please try a smaller nlbufsiz parameter.\n"); " please try a smaller nlbufsiz parameter.\n");
return -EINVAL; return -EINVAL;
} }
......
...@@ -26,17 +26,12 @@ ...@@ -26,17 +26,12 @@
#include <linux/netfilter_bridge/ebtables.h> #include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_vlan.h> #include <linux/netfilter_bridge/ebt_vlan.h>
static int debug;
#define MODULE_VERS "0.6" #define MODULE_VERS "0.6"
module_param(debug, int, 0);
MODULE_PARM_DESC(debug, "debug=1 is turn on debug messages");
MODULE_AUTHOR("Nick Fedchik <nick@fedchik.org.ua>"); MODULE_AUTHOR("Nick Fedchik <nick@fedchik.org.ua>");
MODULE_DESCRIPTION("Ebtables: 802.1Q VLAN tag match"); MODULE_DESCRIPTION("Ebtables: 802.1Q VLAN tag match");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
#define DEBUG_MSG(args...) if (debug) printk (KERN_DEBUG "ebt_vlan: " args)
#define GET_BITMASK(_BIT_MASK_) info->bitmask & _BIT_MASK_ #define GET_BITMASK(_BIT_MASK_) info->bitmask & _BIT_MASK_
#define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; } #define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; }
...@@ -91,23 +86,22 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par) ...@@ -91,23 +86,22 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par)
/* Is it 802.1Q frame checked? */ /* Is it 802.1Q frame checked? */
if (e->ethproto != htons(ETH_P_8021Q)) { if (e->ethproto != htons(ETH_P_8021Q)) {
DEBUG_MSG pr_debug("passed entry proto %2.4X is not 802.1Q (8100)\n",
("passed entry proto %2.4X is not 802.1Q (8100)\n", ntohs(e->ethproto));
(unsigned short) ntohs(e->ethproto));
return false; return false;
} }
/* Check for bitmask range /* Check for bitmask range
* True if even one bit is out of mask */ * True if even one bit is out of mask */
if (info->bitmask & ~EBT_VLAN_MASK) { if (info->bitmask & ~EBT_VLAN_MASK) {
DEBUG_MSG("bitmask %2X is out of mask (%2X)\n", pr_debug("bitmask %2X is out of mask (%2X)\n",
info->bitmask, EBT_VLAN_MASK); info->bitmask, EBT_VLAN_MASK);
return false; return false;
} }
/* Check for inversion flags range */ /* Check for inversion flags range */
if (info->invflags & ~EBT_VLAN_MASK) { if (info->invflags & ~EBT_VLAN_MASK) {
DEBUG_MSG("inversion flags %2X is out of mask (%2X)\n", pr_debug("inversion flags %2X is out of mask (%2X)\n",
info->invflags, EBT_VLAN_MASK); info->invflags, EBT_VLAN_MASK);
return false; return false;
} }
...@@ -121,8 +115,7 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par) ...@@ -121,8 +115,7 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par)
if (GET_BITMASK(EBT_VLAN_ID)) { if (GET_BITMASK(EBT_VLAN_ID)) {
if (!!info->id) { /* if id!=0 => check vid range */ if (!!info->id) { /* if id!=0 => check vid range */
if (info->id > VLAN_GROUP_ARRAY_LEN) { if (info->id > VLAN_GROUP_ARRAY_LEN) {
DEBUG_MSG pr_debug("id %d is out of range (1-4096)\n",
("id %d is out of range (1-4096)\n",
info->id); info->id);
return false; return false;
} }
...@@ -137,7 +130,7 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par) ...@@ -137,7 +130,7 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par)
if (GET_BITMASK(EBT_VLAN_PRIO)) { if (GET_BITMASK(EBT_VLAN_PRIO)) {
if ((unsigned char) info->prio > 7) { if ((unsigned char) info->prio > 7) {
DEBUG_MSG("prio %d is out of range (0-7)\n", pr_debug("prio %d is out of range (0-7)\n",
info->prio); info->prio);
return false; return false;
} }
...@@ -147,9 +140,8 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par) ...@@ -147,9 +140,8 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par)
* if_ether.h: ETH_ZLEN 60 - Min. octets in frame sans FCS */ * if_ether.h: ETH_ZLEN 60 - Min. octets in frame sans FCS */
if (GET_BITMASK(EBT_VLAN_ENCAP)) { if (GET_BITMASK(EBT_VLAN_ENCAP)) {
if ((unsigned short) ntohs(info->encap) < ETH_ZLEN) { if ((unsigned short) ntohs(info->encap) < ETH_ZLEN) {
DEBUG_MSG pr_debug("encap frame length %d is less than "
("encap frame length %d is less than minimal\n", "minimal\n", ntohs(info->encap));
ntohs(info->encap));
return false; return false;
} }
} }
...@@ -169,9 +161,7 @@ static struct xt_match ebt_vlan_mt_reg __read_mostly = { ...@@ -169,9 +161,7 @@ static struct xt_match ebt_vlan_mt_reg __read_mostly = {
static int __init ebt_vlan_init(void) static int __init ebt_vlan_init(void)
{ {
DEBUG_MSG("ebtables 802.1Q extension module v" pr_debug("ebtables 802.1Q extension module v" MODULE_VERS "\n");
MODULE_VERS "\n");
DEBUG_MSG("module debug=%d\n", !!debug);
return xt_register_match(&ebt_vlan_mt_reg); return xt_register_match(&ebt_vlan_mt_reg);
} }
......
...@@ -14,8 +14,7 @@ ...@@ -14,8 +14,7 @@
* as published by the Free Software Foundation; either version * as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version. * 2 of the License, or (at your option) any later version.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/kmod.h> #include <linux/kmod.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/vmalloc.h> #include <linux/vmalloc.h>
...@@ -2127,7 +2126,7 @@ static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base, ...@@ -2127,7 +2126,7 @@ static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base,
return ret; return ret;
new_offset += ret; new_offset += ret;
if (offsets_update && new_offset) { if (offsets_update && new_offset) {
pr_debug("ebtables: change offset %d to %d\n", pr_debug("change offset %d to %d\n",
offsets_update[i], offsets[j] + new_offset); offsets_update[i], offsets[j] + new_offset);
offsets_update[i] = offsets[j] + new_offset; offsets_update[i] = offsets[j] + new_offset;
} }
......
...@@ -39,13 +39,13 @@ MODULE_DESCRIPTION("IPv4 packet filter"); ...@@ -39,13 +39,13 @@ MODULE_DESCRIPTION("IPv4 packet filter");
/*#define DEBUG_IP_FIREWALL_USER*/ /*#define DEBUG_IP_FIREWALL_USER*/
#ifdef DEBUG_IP_FIREWALL #ifdef DEBUG_IP_FIREWALL
#define dprintf(format, args...) printk(format , ## args) #define dprintf(format, args...) pr_info(format , ## args)
#else #else
#define dprintf(format, args...) #define dprintf(format, args...)
#endif #endif
#ifdef DEBUG_IP_FIREWALL_USER #ifdef DEBUG_IP_FIREWALL_USER
#define duprintf(format, args...) printk(format , ## args) #define duprintf(format, args...) pr_info(format , ## args)
#else #else
#define duprintf(format, args...) #define duprintf(format, args...)
#endif #endif
...@@ -168,8 +168,7 @@ static unsigned int ...@@ -168,8 +168,7 @@ static unsigned int
ipt_error(struct sk_buff *skb, const struct xt_target_param *par) ipt_error(struct sk_buff *skb, const struct xt_target_param *par)
{ {
if (net_ratelimit()) if (net_ratelimit())
printk("ip_tables: error: `%s'\n", pr_info("error: `%s'\n", (const char *)par->targinfo);
(const char *)par->targinfo);
return NF_DROP; return NF_DROP;
} }
...@@ -591,7 +590,7 @@ check_entry(const struct ipt_entry *e, const char *name) ...@@ -591,7 +590,7 @@ check_entry(const struct ipt_entry *e, const char *name)
const struct ipt_entry_target *t; const struct ipt_entry_target *t;
if (!ip_checkentry(&e->ip)) { if (!ip_checkentry(&e->ip)) {
duprintf("ip_tables: ip check failed %p %s.\n", e, name); duprintf("ip check failed %p %s.\n", e, name);
return -EINVAL; return -EINVAL;
} }
...@@ -618,8 +617,7 @@ check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par) ...@@ -618,8 +617,7 @@ check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par)
ret = xt_check_match(par, m->u.match_size - sizeof(*m), ret = xt_check_match(par, m->u.match_size - sizeof(*m),
ip->proto, ip->invflags & IPT_INV_PROTO); ip->proto, ip->invflags & IPT_INV_PROTO);
if (ret < 0) { if (ret < 0) {
duprintf("ip_tables: check failed for `%s'.\n", duprintf("check failed for `%s'.\n", par.match->name);
par.match->name);
return ret; return ret;
} }
return 0; return 0;
...@@ -667,7 +665,7 @@ static int check_target(struct ipt_entry *e, struct net *net, const char *name) ...@@ -667,7 +665,7 @@ static int check_target(struct ipt_entry *e, struct net *net, const char *name)
ret = xt_check_target(&par, t->u.target_size - sizeof(*t), ret = xt_check_target(&par, t->u.target_size - sizeof(*t),
e->ip.proto, e->ip.invflags & IPT_INV_PROTO); e->ip.proto, e->ip.invflags & IPT_INV_PROTO);
if (ret < 0) { if (ret < 0) {
duprintf("ip_tables: check failed for `%s'.\n", duprintf("check failed for `%s'.\n",
t->u.kernel.target->name); t->u.kernel.target->name);
return ret; return ret;
} }
...@@ -1311,7 +1309,7 @@ do_replace(struct net *net, const void __user *user, unsigned int len) ...@@ -1311,7 +1309,7 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
if (ret != 0) if (ret != 0)
goto free_newinfo; goto free_newinfo;
duprintf("ip_tables: Translated table\n"); duprintf("Translated table\n");
ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo, ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo,
tmp.num_counters, tmp.counters); tmp.num_counters, tmp.counters);
...@@ -2276,7 +2274,7 @@ static int __init ip_tables_init(void) ...@@ -2276,7 +2274,7 @@ static int __init ip_tables_init(void)
if (ret < 0) if (ret < 0)
goto err5; goto err5;
printk(KERN_INFO "ip_tables: (C) 2000-2006 Netfilter Core Team\n"); pr_info("(C) 2000-2006 Netfilter Core Team\n");
return 0; return 0;
err5: err5:
......
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
* published by the Free Software Foundation. * published by the Free Software Foundation.
* *
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>
#include <linux/proc_fs.h> #include <linux/proc_fs.h>
#include <linux/jhash.h> #include <linux/jhash.h>
...@@ -238,8 +239,7 @@ clusterip_hashfn(const struct sk_buff *skb, ...@@ -238,8 +239,7 @@ clusterip_hashfn(const struct sk_buff *skb,
break; break;
default: default:
if (net_ratelimit()) if (net_ratelimit())
printk(KERN_NOTICE "CLUSTERIP: unknown protocol `%u'\n", pr_info("unknown protocol %u\n", iph->protocol);
iph->protocol);
sport = dport = 0; sport = dport = 0;
} }
...@@ -261,7 +261,7 @@ clusterip_hashfn(const struct sk_buff *skb, ...@@ -261,7 +261,7 @@ clusterip_hashfn(const struct sk_buff *skb,
hashval = 0; hashval = 0;
/* This cannot happen, unless the check function wasn't called /* This cannot happen, unless the check function wasn't called
* at rule load time */ * at rule load time */
printk("CLUSTERIP: unknown mode `%u'\n", config->hash_mode); pr_info("unknown mode %u\n", config->hash_mode);
BUG(); BUG();
break; break;
} }
...@@ -294,7 +294,7 @@ clusterip_tg(struct sk_buff *skb, const struct xt_target_param *par) ...@@ -294,7 +294,7 @@ clusterip_tg(struct sk_buff *skb, const struct xt_target_param *par)
ct = nf_ct_get(skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo);
if (ct == NULL) { if (ct == NULL) {
printk(KERN_ERR "CLUSTERIP: no conntrack!\n"); pr_info("no conntrack!\n");
/* FIXME: need to drop invalid ones, since replies /* FIXME: need to drop invalid ones, since replies
* to outgoing connections of other nodes will be * to outgoing connections of other nodes will be
* marked as INVALID */ * marked as INVALID */
...@@ -357,14 +357,13 @@ static bool clusterip_tg_check(const struct xt_tgchk_param *par) ...@@ -357,14 +357,13 @@ static bool clusterip_tg_check(const struct xt_tgchk_param *par)
if (cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP && if (cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP &&
cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT && cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT &&
cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) { cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) {
printk(KERN_WARNING "CLUSTERIP: unknown mode `%u'\n", pr_info("unknown mode %u\n", cipinfo->hash_mode);
cipinfo->hash_mode);
return false; return false;
} }
if (e->ip.dmsk.s_addr != htonl(0xffffffff) || if (e->ip.dmsk.s_addr != htonl(0xffffffff) ||
e->ip.dst.s_addr == 0) { e->ip.dst.s_addr == 0) {
printk(KERN_ERR "CLUSTERIP: Please specify destination IP\n"); pr_info("Please specify destination IP\n");
return false; return false;
} }
...@@ -373,26 +372,28 @@ static bool clusterip_tg_check(const struct xt_tgchk_param *par) ...@@ -373,26 +372,28 @@ static bool clusterip_tg_check(const struct xt_tgchk_param *par)
config = clusterip_config_find_get(e->ip.dst.s_addr, 1); config = clusterip_config_find_get(e->ip.dst.s_addr, 1);
if (!config) { if (!config) {
if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) { if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) {
printk(KERN_WARNING "CLUSTERIP: no config found for %pI4, need 'new'\n", &e->ip.dst.s_addr); pr_info("no config found for %pI4, need 'new'\n",
&e->ip.dst.s_addr);
return false; return false;
} else { } else {
struct net_device *dev; struct net_device *dev;
if (e->ip.iniface[0] == '\0') { if (e->ip.iniface[0] == '\0') {
printk(KERN_WARNING "CLUSTERIP: Please specify an interface name\n"); pr_info("Please specify an interface name\n");
return false; return false;
} }
dev = dev_get_by_name(&init_net, e->ip.iniface); dev = dev_get_by_name(&init_net, e->ip.iniface);
if (!dev) { if (!dev) {
printk(KERN_WARNING "CLUSTERIP: no such interface %s\n", e->ip.iniface); pr_info("no such interface %s\n",
e->ip.iniface);
return false; return false;
} }
config = clusterip_config_init(cipinfo, config = clusterip_config_init(cipinfo,
e->ip.dst.s_addr, dev); e->ip.dst.s_addr, dev);
if (!config) { if (!config) {
printk(KERN_WARNING "CLUSTERIP: cannot allocate config\n"); pr_info("cannot allocate config\n");
dev_put(dev); dev_put(dev);
return false; return false;
} }
...@@ -402,8 +403,8 @@ static bool clusterip_tg_check(const struct xt_tgchk_param *par) ...@@ -402,8 +403,8 @@ static bool clusterip_tg_check(const struct xt_tgchk_param *par)
cipinfo->config = config; cipinfo->config = config;
if (nf_ct_l3proto_try_module_get(par->family) < 0) { if (nf_ct_l3proto_try_module_get(par->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for " pr_info("cannot load conntrack support for proto=%u\n",
"proto=%u\n", par->family); par->family);
return false; return false;
} }
...@@ -478,7 +479,7 @@ static void arp_print(struct arp_payload *payload) ...@@ -478,7 +479,7 @@ static void arp_print(struct arp_payload *payload)
} }
hbuffer[--k]='\0'; hbuffer[--k]='\0';
printk("src %pI4@%s, dst %pI4\n", pr_debug("src %pI4@%s, dst %pI4\n",
&payload->src_ip, hbuffer, &payload->dst_ip); &payload->src_ip, hbuffer, &payload->dst_ip);
} }
#endif #endif
...@@ -518,7 +519,7 @@ arp_mangle(unsigned int hook, ...@@ -518,7 +519,7 @@ arp_mangle(unsigned int hook,
* this wouldn't work, since we didn't subscribe the mcast group on * this wouldn't work, since we didn't subscribe the mcast group on
* other interfaces */ * other interfaces */
if (c->dev != out) { if (c->dev != out) {
pr_debug("CLUSTERIP: not mangling arp reply on different " pr_debug("not mangling arp reply on different "
"interface: cip'%s'-skb'%s'\n", "interface: cip'%s'-skb'%s'\n",
c->dev->name, out->name); c->dev->name, out->name);
clusterip_config_put(c); clusterip_config_put(c);
...@@ -529,7 +530,7 @@ arp_mangle(unsigned int hook, ...@@ -529,7 +530,7 @@ arp_mangle(unsigned int hook,
memcpy(payload->src_hw, c->clustermac, arp->ar_hln); memcpy(payload->src_hw, c->clustermac, arp->ar_hln);
#ifdef DEBUG #ifdef DEBUG
pr_debug(KERN_DEBUG "CLUSTERIP mangled arp reply: "); pr_debug("mangled arp reply: ");
arp_print(payload); arp_print(payload);
#endif #endif
...@@ -705,13 +706,13 @@ static int __init clusterip_tg_init(void) ...@@ -705,13 +706,13 @@ static int __init clusterip_tg_init(void)
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
clusterip_procdir = proc_mkdir("ipt_CLUSTERIP", init_net.proc_net); clusterip_procdir = proc_mkdir("ipt_CLUSTERIP", init_net.proc_net);
if (!clusterip_procdir) { if (!clusterip_procdir) {
printk(KERN_ERR "CLUSTERIP: Unable to proc dir entry\n"); pr_err("Unable to proc dir entry\n");
ret = -ENOMEM; ret = -ENOMEM;
goto cleanup_hook; goto cleanup_hook;
} }
#endif /* CONFIG_PROC_FS */ #endif /* CONFIG_PROC_FS */
printk(KERN_NOTICE "ClusterIP Version %s loaded successfully\n", pr_info("ClusterIP Version %s loaded successfully\n",
CLUSTERIP_VERSION); CLUSTERIP_VERSION);
return 0; return 0;
...@@ -726,8 +727,7 @@ static int __init clusterip_tg_init(void) ...@@ -726,8 +727,7 @@ static int __init clusterip_tg_init(void)
static void __exit clusterip_tg_exit(void) static void __exit clusterip_tg_exit(void)
{ {
printk(KERN_NOTICE "ClusterIP Version %s unloading\n", pr_info("ClusterIP Version %s unloading\n", CLUSTERIP_VERSION);
CLUSTERIP_VERSION);
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
remove_proc_entry(clusterip_procdir->name, clusterip_procdir->parent); remove_proc_entry(clusterip_procdir->name, clusterip_procdir->parent);
#endif #endif
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. * published by the Free Software Foundation.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/in.h> #include <linux/in.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
...@@ -99,19 +99,16 @@ static bool ecn_tg_check(const struct xt_tgchk_param *par) ...@@ -99,19 +99,16 @@ static bool ecn_tg_check(const struct xt_tgchk_param *par)
const struct ipt_entry *e = par->entryinfo; const struct ipt_entry *e = par->entryinfo;
if (einfo->operation & IPT_ECN_OP_MASK) { if (einfo->operation & IPT_ECN_OP_MASK) {
printk(KERN_WARNING "ECN: unsupported ECN operation %x\n", pr_info("unsupported ECN operation %x\n", einfo->operation);
einfo->operation);
return false; return false;
} }
if (einfo->ip_ect & ~IPT_ECN_IP_MASK) { if (einfo->ip_ect & ~IPT_ECN_IP_MASK) {
printk(KERN_WARNING "ECN: new ECT codepoint %x out of mask\n", pr_info("new ECT codepoint %x out of mask\n", einfo->ip_ect);
einfo->ip_ect);
return false; return false;
} }
if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) && if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) &&
(e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) { (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) {
printk(KERN_WARNING "ECN: cannot use TCP operations on a " pr_info("cannot use TCP operations on a non-tcp rule\n");
"non-tcp rule\n");
return false; return false;
} }
return true; return true;
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. * published by the Free Software Foundation.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>
#include <linux/spinlock.h> #include <linux/spinlock.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
...@@ -444,12 +444,11 @@ static bool log_tg_check(const struct xt_tgchk_param *par) ...@@ -444,12 +444,11 @@ static bool log_tg_check(const struct xt_tgchk_param *par)
const struct ipt_log_info *loginfo = par->targinfo; const struct ipt_log_info *loginfo = par->targinfo;
if (loginfo->level >= 8) { if (loginfo->level >= 8) {
pr_debug("LOG: level %u >= 8\n", loginfo->level); pr_debug("level %u >= 8\n", loginfo->level);
return false; return false;
} }
if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
pr_debug("LOG: prefix term %i\n", pr_debug("prefix is not null-terminated\n");
loginfo->prefix[sizeof(loginfo->prefix)-1]);
return false; return false;
} }
return true; return true;
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. * published by the Free Software Foundation.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/types.h> #include <linux/types.h>
#include <linux/inetdevice.h> #include <linux/inetdevice.h>
#include <linux/ip.h> #include <linux/ip.h>
...@@ -33,11 +33,11 @@ static bool masquerade_tg_check(const struct xt_tgchk_param *par) ...@@ -33,11 +33,11 @@ static bool masquerade_tg_check(const struct xt_tgchk_param *par)
const struct nf_nat_multi_range_compat *mr = par->targinfo; const struct nf_nat_multi_range_compat *mr = par->targinfo;
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
pr_debug("masquerade_check: bad MAP_IPS.\n"); pr_debug("bad MAP_IPS.\n");
return false; return false;
} }
if (mr->rangesize != 1) { if (mr->rangesize != 1) {
pr_debug("masquerade_check: bad rangesize %u\n", mr->rangesize); pr_debug("bad rangesize %u\n", mr->rangesize);
return false; return false;
} }
return true; return true;
...@@ -72,7 +72,7 @@ masquerade_tg(struct sk_buff *skb, const struct xt_target_param *par) ...@@ -72,7 +72,7 @@ masquerade_tg(struct sk_buff *skb, const struct xt_target_param *par)
rt = skb_rtable(skb); rt = skb_rtable(skb);
newsrc = inet_select_addr(par->out, rt->rt_gateway, RT_SCOPE_UNIVERSE); newsrc = inet_select_addr(par->out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
if (!newsrc) { if (!newsrc) {
printk("MASQUERADE: %s ate my IP address\n", par->out->name); pr_info("%s ate my IP address\n", par->out->name);
return NF_DROP; return NF_DROP;
} }
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. * published by the Free Software Foundation.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/ip.h> #include <linux/ip.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/netdevice.h> #include <linux/netdevice.h>
...@@ -27,11 +27,11 @@ static bool netmap_tg_check(const struct xt_tgchk_param *par) ...@@ -27,11 +27,11 @@ static bool netmap_tg_check(const struct xt_tgchk_param *par)
const struct nf_nat_multi_range_compat *mr = par->targinfo; const struct nf_nat_multi_range_compat *mr = par->targinfo;
if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) { if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) {
pr_debug("NETMAP:check: bad MAP_IPS.\n"); pr_debug("bad MAP_IPS.\n");
return false; return false;
} }
if (mr->rangesize != 1) { if (mr->rangesize != 1) {
pr_debug("NETMAP:check: bad rangesize %u.\n", mr->rangesize); pr_debug("bad rangesize %u.\n", mr->rangesize);
return false; return false;
} }
return true; return true;
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. * published by the Free Software Foundation.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/types.h> #include <linux/types.h>
#include <linux/ip.h> #include <linux/ip.h>
#include <linux/timer.h> #include <linux/timer.h>
...@@ -31,11 +31,11 @@ static bool redirect_tg_check(const struct xt_tgchk_param *par) ...@@ -31,11 +31,11 @@ static bool redirect_tg_check(const struct xt_tgchk_param *par)
const struct nf_nat_multi_range_compat *mr = par->targinfo; const struct nf_nat_multi_range_compat *mr = par->targinfo;
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
pr_debug("redirect_check: bad MAP_IPS.\n"); pr_debug("bad MAP_IPS.\n");
return false; return false;
} }
if (mr->rangesize != 1) { if (mr->rangesize != 1) {
pr_debug("redirect_check: bad rangesize %u.\n", mr->rangesize); pr_debug("bad rangesize %u.\n", mr->rangesize);
return false; return false;
} }
return true; return true;
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. * published by the Free Software Foundation.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <linux/ip.h> #include <linux/ip.h>
...@@ -180,13 +180,13 @@ static bool reject_tg_check(const struct xt_tgchk_param *par) ...@@ -180,13 +180,13 @@ static bool reject_tg_check(const struct xt_tgchk_param *par)
const struct ipt_entry *e = par->entryinfo; const struct ipt_entry *e = par->entryinfo;
if (rejinfo->with == IPT_ICMP_ECHOREPLY) { if (rejinfo->with == IPT_ICMP_ECHOREPLY) {
printk("ipt_REJECT: ECHOREPLY no longer supported.\n"); pr_info("ECHOREPLY no longer supported.\n");
return false; return false;
} else if (rejinfo->with == IPT_TCP_RESET) { } else if (rejinfo->with == IPT_TCP_RESET) {
/* Must specify that it's a TCP packet */ /* Must specify that it's a TCP packet */
if (e->ip.proto != IPPROTO_TCP || if (e->ip.proto != IPPROTO_TCP ||
(e->ip.invflags & XT_INV_PROTO)) { (e->ip.invflags & XT_INV_PROTO)) {
printk("ipt_REJECT: TCP_RESET invalid for non-tcp\n"); pr_info("TCP_RESET invalid for non-tcp\n");
return false; return false;
} }
} }
......
...@@ -29,7 +29,7 @@ ...@@ -29,7 +29,7 @@
* Specify, after how many hundredths of a second the queue should be * Specify, after how many hundredths of a second the queue should be
* flushed even if it is not full yet. * flushed even if it is not full yet.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>
#include <linux/spinlock.h> #include <linux/spinlock.h>
#include <linux/socket.h> #include <linux/socket.h>
...@@ -56,8 +56,6 @@ MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_NFLOG); ...@@ -56,8 +56,6 @@ MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_NFLOG);
#define ULOG_NL_EVENT 111 /* Harald's favorite number */ #define ULOG_NL_EVENT 111 /* Harald's favorite number */
#define ULOG_MAXNLGROUPS 32 /* numer of nlgroups */ #define ULOG_MAXNLGROUPS 32 /* numer of nlgroups */
#define PRINTR(format, args...) do { if (net_ratelimit()) printk(format , ## args); } while (0)
static unsigned int nlbufsiz = NLMSG_GOODSIZE; static unsigned int nlbufsiz = NLMSG_GOODSIZE;
module_param(nlbufsiz, uint, 0400); module_param(nlbufsiz, uint, 0400);
MODULE_PARM_DESC(nlbufsiz, "netlink buffer size"); MODULE_PARM_DESC(nlbufsiz, "netlink buffer size");
...@@ -90,12 +88,12 @@ static void ulog_send(unsigned int nlgroupnum) ...@@ -90,12 +88,12 @@ static void ulog_send(unsigned int nlgroupnum)
ulog_buff_t *ub = &ulog_buffers[nlgroupnum]; ulog_buff_t *ub = &ulog_buffers[nlgroupnum];
if (timer_pending(&ub->timer)) { if (timer_pending(&ub->timer)) {
pr_debug("ipt_ULOG: ulog_send: timer was pending, deleting\n"); pr_debug("ulog_send: timer was pending, deleting\n");
del_timer(&ub->timer); del_timer(&ub->timer);
} }
if (!ub->skb) { if (!ub->skb) {
pr_debug("ipt_ULOG: ulog_send: nothing to send\n"); pr_debug("ulog_send: nothing to send\n");
return; return;
} }
...@@ -104,7 +102,7 @@ static void ulog_send(unsigned int nlgroupnum) ...@@ -104,7 +102,7 @@ static void ulog_send(unsigned int nlgroupnum)
ub->lastnlh->nlmsg_type = NLMSG_DONE; ub->lastnlh->nlmsg_type = NLMSG_DONE;
NETLINK_CB(ub->skb).dst_group = nlgroupnum + 1; NETLINK_CB(ub->skb).dst_group = nlgroupnum + 1;
pr_debug("ipt_ULOG: throwing %d packets to netlink group %u\n", pr_debug("throwing %d packets to netlink group %u\n",
ub->qlen, nlgroupnum + 1); ub->qlen, nlgroupnum + 1);
netlink_broadcast(nflognl, ub->skb, 0, nlgroupnum + 1, GFP_ATOMIC); netlink_broadcast(nflognl, ub->skb, 0, nlgroupnum + 1, GFP_ATOMIC);
...@@ -117,7 +115,7 @@ static void ulog_send(unsigned int nlgroupnum) ...@@ -117,7 +115,7 @@ static void ulog_send(unsigned int nlgroupnum)
/* timer function to flush queue in flushtimeout time */ /* timer function to flush queue in flushtimeout time */
static void ulog_timer(unsigned long data) static void ulog_timer(unsigned long data)
{ {
pr_debug("ipt_ULOG: timer function called, calling ulog_send\n"); pr_debug("timer function called, calling ulog_send\n");
/* lock to protect against somebody modifying our structure /* lock to protect against somebody modifying our structure
* from ipt_ulog_target at the same time */ * from ipt_ulog_target at the same time */
...@@ -138,7 +136,7 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size) ...@@ -138,7 +136,7 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size)
n = max(size, nlbufsiz); n = max(size, nlbufsiz);
skb = alloc_skb(n, GFP_ATOMIC); skb = alloc_skb(n, GFP_ATOMIC);
if (!skb) { if (!skb) {
PRINTR("ipt_ULOG: can't alloc whole buffer %ub!\n", n); pr_debug("cannot alloc whole buffer %ub!\n", n);
if (n > size) { if (n > size) {
/* try to allocate only as much as we need for /* try to allocate only as much as we need for
...@@ -146,8 +144,7 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size) ...@@ -146,8 +144,7 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size)
skb = alloc_skb(size, GFP_ATOMIC); skb = alloc_skb(size, GFP_ATOMIC);
if (!skb) if (!skb)
PRINTR("ipt_ULOG: can't even allocate %ub\n", pr_debug("cannot even allocate %ub\n", size);
size);
} }
} }
...@@ -198,8 +195,7 @@ static void ipt_ulog_packet(unsigned int hooknum, ...@@ -198,8 +195,7 @@ static void ipt_ulog_packet(unsigned int hooknum,
goto alloc_failure; goto alloc_failure;
} }
pr_debug("ipt_ULOG: qlen %d, qthreshold %Zu\n", ub->qlen, pr_debug("qlen %d, qthreshold %Zu\n", ub->qlen, loginfo->qthreshold);
loginfo->qthreshold);
/* NLMSG_PUT contains a hidden goto nlmsg_failure !!! */ /* NLMSG_PUT contains a hidden goto nlmsg_failure !!! */
nlh = NLMSG_PUT(ub->skb, 0, ub->qlen, ULOG_NL_EVENT, nlh = NLMSG_PUT(ub->skb, 0, ub->qlen, ULOG_NL_EVENT,
...@@ -272,11 +268,9 @@ static void ipt_ulog_packet(unsigned int hooknum, ...@@ -272,11 +268,9 @@ static void ipt_ulog_packet(unsigned int hooknum,
return; return;
nlmsg_failure: nlmsg_failure:
PRINTR("ipt_ULOG: error during NLMSG_PUT\n"); pr_debug("error during NLMSG_PUT\n");
alloc_failure: alloc_failure:
PRINTR("ipt_ULOG: Error building netlink message\n"); pr_debug("Error building netlink message\n");
spin_unlock_bh(&ulog_lock); spin_unlock_bh(&ulog_lock);
} }
...@@ -318,12 +312,11 @@ static bool ulog_tg_check(const struct xt_tgchk_param *par) ...@@ -318,12 +312,11 @@ static bool ulog_tg_check(const struct xt_tgchk_param *par)
const struct ipt_ulog_info *loginfo = par->targinfo; const struct ipt_ulog_info *loginfo = par->targinfo;
if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
pr_debug("ipt_ULOG: prefix term %i\n", pr_debug("prefix not null-terminated\n");
loginfo->prefix[sizeof(loginfo->prefix) - 1]);
return false; return false;
} }
if (loginfo->qthreshold > ULOG_MAX_QLEN) { if (loginfo->qthreshold > ULOG_MAX_QLEN) {
pr_debug("ipt_ULOG: queue threshold %Zu > MAX_QLEN\n", pr_debug("queue threshold %Zu > MAX_QLEN\n",
loginfo->qthreshold); loginfo->qthreshold);
return false; return false;
} }
...@@ -389,10 +382,10 @@ static int __init ulog_tg_init(void) ...@@ -389,10 +382,10 @@ static int __init ulog_tg_init(void)
{ {
int ret, i; int ret, i;
pr_debug("ipt_ULOG: init module\n"); pr_debug("init module\n");
if (nlbufsiz > 128*1024) { if (nlbufsiz > 128*1024) {
printk("Netlink buffer has to be <= 128kB\n"); pr_warning("Netlink buffer has to be <= 128kB\n");
return -EINVAL; return -EINVAL;
} }
...@@ -422,7 +415,7 @@ static void __exit ulog_tg_exit(void) ...@@ -422,7 +415,7 @@ static void __exit ulog_tg_exit(void)
ulog_buff_t *ub; ulog_buff_t *ub;
int i; int i;
pr_debug("ipt_ULOG: cleanup_module\n"); pr_debug("cleanup_module\n");
if (nflog) if (nflog)
nf_log_unregister(&ipt_ulog_logger); nf_log_unregister(&ipt_ulog_logger);
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. * published by the Free Software Foundation.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/kernel.h> #include <linux/kernel.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
...@@ -76,7 +76,7 @@ static bool addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par) ...@@ -76,7 +76,7 @@ static bool addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par)
if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN && if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN &&
info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) { info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
printk(KERN_ERR "ipt_addrtype: both incoming and outgoing " pr_info("both incoming and outgoing "
"interface limitation cannot be selected\n"); "interface limitation cannot be selected\n");
return false; return false;
} }
...@@ -84,16 +84,16 @@ static bool addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par) ...@@ -84,16 +84,16 @@ static bool addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par)
if (par->hook_mask & ((1 << NF_INET_PRE_ROUTING) | if (par->hook_mask & ((1 << NF_INET_PRE_ROUTING) |
(1 << NF_INET_LOCAL_IN)) && (1 << NF_INET_LOCAL_IN)) &&
info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) { info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
printk(KERN_ERR "ipt_addrtype: output interface limitation " pr_info("output interface limitation "
"not valid in PRE_ROUTING and INPUT\n"); "not valid in PREROUTING and INPUT\n");
return false; return false;
} }
if (par->hook_mask & ((1 << NF_INET_POST_ROUTING) | if (par->hook_mask & ((1 << NF_INET_POST_ROUTING) |
(1 << NF_INET_LOCAL_OUT)) && (1 << NF_INET_LOCAL_OUT)) &&
info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) { info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) {
printk(KERN_ERR "ipt_addrtype: input interface limitation " pr_info("input interface limitation "
"not valid in POST_ROUTING and OUTPUT\n"); "not valid in POSTROUTING and OUTPUT\n");
return false; return false;
} }
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. * published by the Free Software Foundation.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/in.h> #include <linux/in.h>
#include <linux/ip.h> #include <linux/ip.h>
#include <net/ip.h> #include <net/ip.h>
...@@ -98,8 +98,7 @@ static bool ecn_mt_check(const struct xt_mtchk_param *par) ...@@ -98,8 +98,7 @@ static bool ecn_mt_check(const struct xt_mtchk_param *par)
if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR) && if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR) &&
ip->proto != IPPROTO_TCP) { ip->proto != IPPROTO_TCP) {
printk(KERN_WARNING "ipt_ecn: can't match TCP bits in rule for" pr_info("cannot match TCP bits in rule for non-tcp packets\n");
" non-tcp packets\n");
return false; return false;
} }
......
...@@ -7,6 +7,7 @@ ...@@ -7,6 +7,7 @@
*/ */
/* Everything about the rules for NAT. */ /* Everything about the rules for NAT. */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/types.h> #include <linux/types.h>
#include <linux/ip.h> #include <linux/ip.h>
#include <linux/netfilter.h> #include <linux/netfilter.h>
...@@ -79,7 +80,7 @@ static bool ipt_snat_checkentry(const struct xt_tgchk_param *par) ...@@ -79,7 +80,7 @@ static bool ipt_snat_checkentry(const struct xt_tgchk_param *par)
/* Must be a valid range */ /* Must be a valid range */
if (mr->rangesize != 1) { if (mr->rangesize != 1) {
printk("SNAT: multiple ranges no longer supported\n"); pr_info("SNAT: multiple ranges no longer supported\n");
return false; return false;
} }
return true; return true;
...@@ -91,7 +92,7 @@ static bool ipt_dnat_checkentry(const struct xt_tgchk_param *par) ...@@ -91,7 +92,7 @@ static bool ipt_dnat_checkentry(const struct xt_tgchk_param *par)
/* Must be a valid range */ /* Must be a valid range */
if (mr->rangesize != 1) { if (mr->rangesize != 1) {
printk("DNAT: multiple ranges no longer supported\n"); pr_info("DNAT: multiple ranges no longer supported\n");
return false; return false;
} }
return true; return true;
......
...@@ -40,13 +40,13 @@ MODULE_DESCRIPTION("IPv6 packet filter"); ...@@ -40,13 +40,13 @@ MODULE_DESCRIPTION("IPv6 packet filter");
/*#define DEBUG_IP_FIREWALL_USER*/ /*#define DEBUG_IP_FIREWALL_USER*/
#ifdef DEBUG_IP_FIREWALL #ifdef DEBUG_IP_FIREWALL
#define dprintf(format, args...) printk(format , ## args) #define dprintf(format, args...) pr_info(format , ## args)
#else #else
#define dprintf(format, args...) #define dprintf(format, args...)
#endif #endif
#ifdef DEBUG_IP_FIREWALL_USER #ifdef DEBUG_IP_FIREWALL_USER
#define duprintf(format, args...) printk(format , ## args) #define duprintf(format, args...) pr_info(format , ## args)
#else #else
#define duprintf(format, args...) #define duprintf(format, args...)
#endif #endif
...@@ -200,8 +200,7 @@ static unsigned int ...@@ -200,8 +200,7 @@ static unsigned int
ip6t_error(struct sk_buff *skb, const struct xt_target_param *par) ip6t_error(struct sk_buff *skb, const struct xt_target_param *par)
{ {
if (net_ratelimit()) if (net_ratelimit())
printk("ip6_tables: error: `%s'\n", pr_info("error: `%s'\n", (const char *)par->targinfo);
(const char *)par->targinfo);
return NF_DROP; return NF_DROP;
} }
...@@ -2308,7 +2307,7 @@ static int __init ip6_tables_init(void) ...@@ -2308,7 +2307,7 @@ static int __init ip6_tables_init(void)
if (ret < 0) if (ret < 0)
goto err5; goto err5;
printk(KERN_INFO "ip6_tables: (C) 2000-2006 Netfilter Core Team\n"); pr_info("(C) 2000-2006 Netfilter Core Team\n");
return 0; return 0;
err5: err5:
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. * published by the Free Software Foundation.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <linux/if_arp.h> #include <linux/if_arp.h>
...@@ -456,12 +456,11 @@ static bool log_tg6_check(const struct xt_tgchk_param *par) ...@@ -456,12 +456,11 @@ static bool log_tg6_check(const struct xt_tgchk_param *par)
const struct ip6t_log_info *loginfo = par->targinfo; const struct ip6t_log_info *loginfo = par->targinfo;
if (loginfo->level >= 8) { if (loginfo->level >= 8) {
pr_debug("LOG: level %u >= 8\n", loginfo->level); pr_debug("level %u >= 8\n", loginfo->level);
return false; return false;
} }
if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
pr_debug("LOG: prefix term %i\n", pr_debug("prefix not null-terminated\n");
loginfo->prefix[sizeof(loginfo->prefix)-1]);
return false; return false;
} }
return true; return true;
......
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
* as published by the Free Software Foundation; either version * as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version. * 2 of the License, or (at your option) any later version.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <linux/icmpv6.h> #include <linux/icmpv6.h>
...@@ -49,7 +49,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb) ...@@ -49,7 +49,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
if ((!(ipv6_addr_type(&oip6h->saddr) & IPV6_ADDR_UNICAST)) || if ((!(ipv6_addr_type(&oip6h->saddr) & IPV6_ADDR_UNICAST)) ||
(!(ipv6_addr_type(&oip6h->daddr) & IPV6_ADDR_UNICAST))) { (!(ipv6_addr_type(&oip6h->daddr) & IPV6_ADDR_UNICAST))) {
pr_debug("ip6t_REJECT: addr is not unicast.\n"); pr_debug("addr is not unicast.\n");
return; return;
} }
...@@ -57,7 +57,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb) ...@@ -57,7 +57,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
tcphoff = ipv6_skip_exthdr(oldskb, ((u8*)(oip6h+1) - oldskb->data), &proto); tcphoff = ipv6_skip_exthdr(oldskb, ((u8*)(oip6h+1) - oldskb->data), &proto);
if ((tcphoff < 0) || (tcphoff > oldskb->len)) { if ((tcphoff < 0) || (tcphoff > oldskb->len)) {
pr_debug("ip6t_REJECT: Can't get TCP header.\n"); pr_debug("Cannot get TCP header.\n");
return; return;
} }
...@@ -65,7 +65,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb) ...@@ -65,7 +65,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
/* IP header checks: fragment, too short. */ /* IP header checks: fragment, too short. */
if (proto != IPPROTO_TCP || otcplen < sizeof(struct tcphdr)) { if (proto != IPPROTO_TCP || otcplen < sizeof(struct tcphdr)) {
pr_debug("ip6t_REJECT: proto(%d) != IPPROTO_TCP, " pr_debug("proto(%d) != IPPROTO_TCP, "
"or too short. otcplen = %d\n", "or too short. otcplen = %d\n",
proto, otcplen); proto, otcplen);
return; return;
...@@ -76,14 +76,14 @@ static void send_reset(struct net *net, struct sk_buff *oldskb) ...@@ -76,14 +76,14 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
/* No RST for RST. */ /* No RST for RST. */
if (otcph.rst) { if (otcph.rst) {
pr_debug("ip6t_REJECT: RST is set\n"); pr_debug("RST is set\n");
return; return;
} }
/* Check checksum. */ /* Check checksum. */
if (csum_ipv6_magic(&oip6h->saddr, &oip6h->daddr, otcplen, IPPROTO_TCP, if (csum_ipv6_magic(&oip6h->saddr, &oip6h->daddr, otcplen, IPPROTO_TCP,
skb_checksum(oldskb, tcphoff, otcplen, 0))) { skb_checksum(oldskb, tcphoff, otcplen, 0))) {
pr_debug("ip6t_REJECT: TCP checksum is invalid\n"); pr_debug("TCP checksum is invalid\n");
return; return;
} }
...@@ -107,7 +107,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb) ...@@ -107,7 +107,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
if (!nskb) { if (!nskb) {
if (net_ratelimit()) if (net_ratelimit())
printk("ip6t_REJECT: Can't alloc skb\n"); pr_debug("cannot alloc skb\n");
dst_release(dst); dst_release(dst);
return; return;
} }
...@@ -206,7 +206,7 @@ reject_tg6(struct sk_buff *skb, const struct xt_target_param *par) ...@@ -206,7 +206,7 @@ reject_tg6(struct sk_buff *skb, const struct xt_target_param *par)
break; break;
default: default:
if (net_ratelimit()) if (net_ratelimit())
printk(KERN_WARNING "ip6t_REJECT: case %u not handled yet\n", reject->with); pr_info("case %u not handled yet\n", reject->with);
break; break;
} }
...@@ -219,13 +219,13 @@ static bool reject_tg6_check(const struct xt_tgchk_param *par) ...@@ -219,13 +219,13 @@ static bool reject_tg6_check(const struct xt_tgchk_param *par)
const struct ip6t_entry *e = par->entryinfo; const struct ip6t_entry *e = par->entryinfo;
if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) { if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) {
printk("ip6t_REJECT: ECHOREPLY is not supported.\n"); pr_info("ECHOREPLY is not supported.\n");
return false; return false;
} else if (rejinfo->with == IP6T_TCP_RESET) { } else if (rejinfo->with == IP6T_TCP_RESET) {
/* Must specify that it's a TCP packet */ /* Must specify that it's a TCP packet */
if (e->ipv6.proto != IPPROTO_TCP || if (e->ipv6.proto != IPPROTO_TCP ||
(e->ipv6.invflags & XT_INV_PROTO)) { (e->ipv6.invflags & XT_INV_PROTO)) {
printk("ip6t_REJECT: TCP_RESET illegal for non-tcp\n"); pr_info("TCP_RESET illegal for non-tcp\n");
return false; return false;
} }
} }
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. * published by the Free Software Foundation.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <linux/ip.h> #include <linux/ip.h>
...@@ -29,7 +29,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert) ...@@ -29,7 +29,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
{ {
bool r; bool r;
pr_debug("ah spi_match:%c 0x%x <= 0x%x <= 0x%x", pr_debug("spi_match:%c 0x%x <= 0x%x <= 0x%x\n",
invert ? '!' : ' ', min, spi, max); invert ? '!' : ' ', min, spi, max);
r = (spi >= min && spi <= max) ^ invert; r = (spi >= min && spi <= max) ^ invert;
pr_debug(" result %s\n", r ? "PASS" : "FAILED"); pr_debug(" result %s\n", r ? "PASS" : "FAILED");
...@@ -92,7 +92,7 @@ static bool ah_mt6_check(const struct xt_mtchk_param *par) ...@@ -92,7 +92,7 @@ static bool ah_mt6_check(const struct xt_mtchk_param *par)
const struct ip6t_ah *ahinfo = par->matchinfo; const struct ip6t_ah *ahinfo = par->matchinfo;
if (ahinfo->invflags & ~IP6T_AH_INV_MASK) { if (ahinfo->invflags & ~IP6T_AH_INV_MASK) {
pr_debug("ip6t_ah: unknown flags %X\n", ahinfo->invflags); pr_debug("unknown flags %X\n", ahinfo->invflags);
return false; return false;
} }
return true; return true;
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. * published by the Free Software Foundation.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <linux/ipv6.h> #include <linux/ipv6.h>
...@@ -27,7 +27,7 @@ static inline bool ...@@ -27,7 +27,7 @@ static inline bool
id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert) id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
{ {
bool r; bool r;
pr_debug("frag id_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ', pr_debug("id_match:%c 0x%x <= 0x%x <= 0x%x\n", invert ? '!' : ' ',
min, id, max); min, id, max);
r = (id >= min && id <= max) ^ invert; r = (id >= min && id <= max) ^ invert;
pr_debug(" result %s\n", r ? "PASS" : "FAILED"); pr_debug(" result %s\n", r ? "PASS" : "FAILED");
...@@ -107,7 +107,7 @@ static bool frag_mt6_check(const struct xt_mtchk_param *par) ...@@ -107,7 +107,7 @@ static bool frag_mt6_check(const struct xt_mtchk_param *par)
const struct ip6t_frag *fraginfo = par->matchinfo; const struct ip6t_frag *fraginfo = par->matchinfo;
if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) { if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) {
pr_debug("ip6t_frag: unknown flags %X\n", fraginfo->invflags); pr_debug("unknown flags %X\n", fraginfo->invflags);
return false; return false;
} }
return true; return true;
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. * published by the Free Software Foundation.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <linux/ipv6.h> #include <linux/ipv6.h>
...@@ -169,12 +169,12 @@ static bool hbh_mt6_check(const struct xt_mtchk_param *par) ...@@ -169,12 +169,12 @@ static bool hbh_mt6_check(const struct xt_mtchk_param *par)
const struct ip6t_opts *optsinfo = par->matchinfo; const struct ip6t_opts *optsinfo = par->matchinfo;
if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) { if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
pr_debug("ip6t_opts: unknown flags %X\n", optsinfo->invflags); pr_debug("unknown flags %X\n", optsinfo->invflags);
return false; return false;
} }
if (optsinfo->flags & IP6T_OPTS_NSTRICT) { if (optsinfo->flags & IP6T_OPTS_NSTRICT) {
pr_debug("ip6t_opts: Not strict - not implemented"); pr_debug("Not strict - not implemented");
return false; return false;
} }
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. * published by the Free Software Foundation.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <linux/ipv6.h> #include <linux/ipv6.h>
...@@ -29,7 +29,7 @@ static inline bool ...@@ -29,7 +29,7 @@ static inline bool
segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert) segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
{ {
bool r; bool r;
pr_debug("rt segsleft_match:%c 0x%x <= 0x%x <= 0x%x", pr_debug("segsleft_match:%c 0x%x <= 0x%x <= 0x%x\n",
invert ? '!' : ' ', min, id, max); invert ? '!' : ' ', min, id, max);
r = (id >= min && id <= max) ^ invert; r = (id >= min && id <= max) ^ invert;
pr_debug(" result %s\n", r ? "PASS" : "FAILED"); pr_debug(" result %s\n", r ? "PASS" : "FAILED");
...@@ -188,7 +188,7 @@ static bool rt_mt6_check(const struct xt_mtchk_param *par) ...@@ -188,7 +188,7 @@ static bool rt_mt6_check(const struct xt_mtchk_param *par)
const struct ip6t_rt *rtinfo = par->matchinfo; const struct ip6t_rt *rtinfo = par->matchinfo;
if (rtinfo->invflags & ~IP6T_RT_INV_MASK) { if (rtinfo->invflags & ~IP6T_RT_INV_MASK) {
pr_debug("ip6t_rt: unknown flags %X\n", rtinfo->invflags); pr_debug("unknown flags %X\n", rtinfo->invflags);
return false; return false;
} }
if ((rtinfo->flags & (IP6T_RT_RES | IP6T_RT_FST_MASK)) && if ((rtinfo->flags & (IP6T_RT_RES | IP6T_RT_FST_MASK)) &&
......
...@@ -67,15 +67,14 @@ tcpmss_mangle_packet(struct sk_buff *skb, ...@@ -67,15 +67,14 @@ tcpmss_mangle_packet(struct sk_buff *skb,
if (info->mss == XT_TCPMSS_CLAMP_PMTU) { if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
if (dst_mtu(skb_dst(skb)) <= minlen) { if (dst_mtu(skb_dst(skb)) <= minlen) {
if (net_ratelimit()) if (net_ratelimit())
pr_err("xt_TCPMSS: " pr_err("unknown or invalid path-MTU (%u)\n",
"unknown or invalid path-MTU (%u)\n",
dst_mtu(skb_dst(skb))); dst_mtu(skb_dst(skb)));
return -1; return -1;
} }
if (in_mtu <= minlen) { if (in_mtu <= minlen) {
if (net_ratelimit()) if (net_ratelimit())
pr_err("xt_TCPMSS: unknown or " pr_err("unknown or invalid path-MTU (%u)\n",
"invalid path-MTU (%u)\n", in_mtu); in_mtu);
return -1; return -1;
} }
newmss = min(dst_mtu(skb_dst(skb)), in_mtu) - minlen; newmss = min(dst_mtu(skb_dst(skb)), in_mtu) - minlen;
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
* published by the Free Software Foundation. * published by the Free Software Foundation.
* *
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <linux/ip.h> #include <linux/ip.h>
...@@ -67,7 +67,7 @@ static bool tproxy_tg_check(const struct xt_tgchk_param *par) ...@@ -67,7 +67,7 @@ static bool tproxy_tg_check(const struct xt_tgchk_param *par)
&& !(i->invflags & IPT_INV_PROTO)) && !(i->invflags & IPT_INV_PROTO))
return true; return true;
pr_info("xt_TPROXY: Can be used only in combination with " pr_info("Can be used only in combination with "
"either -p tcp or -p udp\n"); "either -p tcp or -p udp\n");
return false; return false;
} }
......
...@@ -29,7 +29,7 @@ static inline bool ...@@ -29,7 +29,7 @@ static inline bool
spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert) spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
{ {
bool r; bool r;
pr_debug("esp spi_match:%c 0x%x <= 0x%x <= 0x%x\n", pr_debug("spi_match:%c 0x%x <= 0x%x <= 0x%x\n",
invert ? '!' : ' ', min, spi, max); invert ? '!' : ' ', min, spi, max);
r = (spi >= min && spi <= max) ^ invert; r = (spi >= min && spi <= max) ^ invert;
pr_debug(" result %s\n", r ? "PASS" : "FAILED"); pr_debug(" result %s\n", r ? "PASS" : "FAILED");
......
...@@ -8,6 +8,7 @@ ...@@ -8,6 +8,7 @@
* it under the terms of the GNU General Public License version 2 as * it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. * published by the Free Software Foundation.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <linux/ip.h> #include <linux/ip.h>
......
...@@ -321,8 +321,8 @@ static bool recent_mt_check(const struct xt_mtchk_param *par) ...@@ -321,8 +321,8 @@ static bool recent_mt_check(const struct xt_mtchk_param *par)
hash_rnd_inited = true; hash_rnd_inited = true;
} }
if (info->check_set & ~XT_RECENT_VALID_FLAGS) { if (info->check_set & ~XT_RECENT_VALID_FLAGS) {
pr_info(KBUILD_MODNAME ": Unsupported user space flags " pr_info("Unsupported user space flags (%08x)\n",
"(%08x)\n", info->check_set); info->check_set);
return false; return false;
} }
if (hweight8(info->check_set & if (hweight8(info->check_set &
...@@ -336,7 +336,7 @@ static bool recent_mt_check(const struct xt_mtchk_param *par) ...@@ -336,7 +336,7 @@ static bool recent_mt_check(const struct xt_mtchk_param *par)
if ((info->check_set & XT_RECENT_REAP) && !info->seconds) if ((info->check_set & XT_RECENT_REAP) && !info->seconds)
return false; return false;
if (info->hit_count > ip_pkt_list_tot) { if (info->hit_count > ip_pkt_list_tot) {
pr_info(KBUILD_MODNAME ": hitcount (%u) is larger than " pr_info("hitcount (%u) is larger than "
"packets to be remembered (%u)\n", "packets to be remembered (%u)\n",
info->hit_count, ip_pkt_list_tot); info->hit_count, ip_pkt_list_tot);
return false; return false;
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
* published by the Free Software Foundation. * published by the Free Software Foundation.
* *
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h> #include <linux/module.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <linux/netfilter/x_tables.h> #include <linux/netfilter/x_tables.h>
...@@ -165,8 +165,7 @@ socket_match(const struct sk_buff *skb, const struct xt_match_param *par, ...@@ -165,8 +165,7 @@ socket_match(const struct sk_buff *skb, const struct xt_match_param *par,
sk = NULL; sk = NULL;
} }
pr_debug("socket match: proto %u %08x:%u -> %08x:%u " pr_debug("proto %u %08x:%u -> %08x:%u (orig %08x:%u) sock %p\n",
"(orig %08x:%u) sock %p\n",
protocol, ntohl(saddr), ntohs(sport), protocol, ntohl(saddr), ntohs(sport),
ntohl(daddr), ntohs(dport), ntohl(daddr), ntohs(dport),
ntohl(iph->daddr), hp ? ntohs(hp->dest) : 0, sk); ntohl(iph->daddr), hp ? ntohs(hp->dest) : 0, sk);
......
...@@ -223,7 +223,7 @@ static bool time_mt_check(const struct xt_mtchk_param *par) ...@@ -223,7 +223,7 @@ static bool time_mt_check(const struct xt_mtchk_param *par)
if (info->daytime_start > XT_TIME_MAX_DAYTIME || if (info->daytime_start > XT_TIME_MAX_DAYTIME ||
info->daytime_stop > XT_TIME_MAX_DAYTIME) { info->daytime_stop > XT_TIME_MAX_DAYTIME) {
printk(KERN_WARNING "xt_time: invalid argument - start or " pr_info("invalid argument - start or "
"stop time greater than 23:59:59\n"); "stop time greater than 23:59:59\n");
return false; return false;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment