Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
4ec3792a
Commit
4ec3792a
authored
Jun 06, 2004
by
David S. Miller
Browse files
Options
Browse Files
Download
Plain Diff
Merge davem@nuts.davemloft.net:/disk1/BK/net-2.6
into kernel.bkbits.net:/home/davem/net-2.6
parents
b9371f43
90ff6d1c
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
44 additions
and
30 deletions
+44
-30
include/linux/netfilter.h
include/linux/netfilter.h
+6
-0
include/linux/netfilter_arp.h
include/linux/netfilter_arp.h
+1
-0
include/linux/netfilter_ipv4/ip_tables.h
include/linux/netfilter_ipv4/ip_tables.h
+8
-0
include/linux/netfilter_ipv6/ip6_tables.h
include/linux/netfilter_ipv6/ip6_tables.h
+2
-0
net/ipv4/netfilter/arp_tables.c
net/ipv4/netfilter/arp_tables.c
+8
-8
net/ipv4/netfilter/ip_tables.c
net/ipv4/netfilter/ip_tables.c
+10
-12
net/ipv6/netfilter/ip6_tables.c
net/ipv6/netfilter/ip6_tables.c
+9
-10
No files found.
include/linux/netfilter.h
View file @
4ec3792a
...
...
@@ -171,6 +171,12 @@ extern void nf_reinject(struct sk_buff *skb,
struct
nf_info
*
info
,
unsigned
int
verdict
);
extern
inline
struct
ipt_target
*
ipt_find_target_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
);
extern
inline
struct
ip6t_target
*
ip6t_find_target_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
);
extern
inline
struct
arpt_target
*
arpt_find_target_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
);
extern
void
(
*
ip_ct_attach
)(
struct
sk_buff
*
,
struct
nf_ct_info
*
);
#ifdef CONFIG_NETFILTER_DEBUG
...
...
include/linux/netfilter_arp.h
View file @
4ec3792a
...
...
@@ -17,4 +17,5 @@
#define NF_ARP_FORWARD 2
#define NF_ARP_NUMHOOKS 3
static
DECLARE_MUTEX
(
arpt_mutex
);
#endif
/* __LINUX_ARP_NETFILTER_H */
include/linux/netfilter_ipv4/ip_tables.h
View file @
4ec3792a
...
...
@@ -283,6 +283,8 @@ struct ipt_get_entries
struct
ipt_entry
entrytable
[
0
];
};
extern
struct
semaphore
ipt_mutex
;
/* Standard return verdict, or do jump. */
#define IPT_STANDARD_TARGET ""
/* Error verdict. */
...
...
@@ -334,6 +336,7 @@ ipt_get_target(struct ipt_entry *e)
/*
* Main firewall chains definitions and global var's definitions.
*/
static
DECLARE_MUTEX
(
ipt_mutex
);
#ifdef __KERNEL__
#include <linux/init.h>
...
...
@@ -406,6 +409,11 @@ struct ipt_target
struct
module
*
me
;
};
extern
struct
ipt_target
*
ipt_find_target_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
);
extern
struct
arpt_target
*
arpt_find_target_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
);
extern
int
ipt_register_target
(
struct
ipt_target
*
target
);
extern
void
ipt_unregister_target
(
struct
ipt_target
*
target
);
...
...
include/linux/netfilter_ipv6/ip6_tables.h
View file @
4ec3792a
...
...
@@ -106,6 +106,8 @@ struct ip6t_counters
u_int64_t
pcnt
,
bcnt
;
/* Packet and byte counters */
};
static
DECLARE_MUTEX
(
ip6t_mutex
);
/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
#define IP6T_F_PROTO 0x01
/* Set if rule cares about upper
protocols */
...
...
net/ipv4/netfilter/arp_tables.c
View file @
4ec3792a
...
...
@@ -56,7 +56,6 @@ do { \
#endif
#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
static
DECLARE_MUTEX
(
arpt_mutex
);
#define ASSERT_READ_LOCK(x) ARP_NF_ASSERT(down_trylock(&arpt_mutex) != 0)
#define ASSERT_WRITE_LOCK(x) ARP_NF_ASSERT(down_trylock(&arpt_mutex) != 0)
...
...
@@ -388,12 +387,12 @@ find_inlist_lock(struct list_head *head,
}
#endif
static
inline
struct
arpt_table
*
find_table_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
)
static
inline
struct
arpt_table
*
arpt_
find_table_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
)
{
return
find_inlist_lock
(
&
arpt_tables
,
name
,
"arptable_"
,
error
,
mutex
);
}
st
atic
inline
struct
arpt_target
*
find_target_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
)
st
ruct
arpt_target
*
arpt_
find_target_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
)
{
return
find_inlist_lock
(
&
arpt_target
,
name
,
"arpt_"
,
error
,
mutex
);
}
...
...
@@ -543,7 +542,7 @@ static inline int check_entry(struct arpt_entry *e, const char *name, unsigned i
}
t
=
arpt_get_target
(
e
);
target
=
find_target_lock
(
t
->
u
.
user
.
name
,
&
ret
,
&
arpt_mutex
);
target
=
arpt_
find_target_lock
(
t
->
u
.
user
.
name
,
&
ret
,
&
arpt_mutex
);
if
(
!
target
)
{
duprintf
(
"check_entry: `%s' not found
\n
"
,
t
->
u
.
user
.
name
);
goto
out
;
...
...
@@ -843,7 +842,7 @@ static int get_entries(const struct arpt_get_entries *entries,
int
ret
;
struct
arpt_table
*
t
;
t
=
find_table_lock
(
entries
->
name
,
&
ret
,
&
arpt_mutex
);
t
=
arpt_
find_table_lock
(
entries
->
name
,
&
ret
,
&
arpt_mutex
);
if
(
t
)
{
duprintf
(
"t->private->number = %u
\n
"
,
t
->
private
->
number
);
...
...
@@ -909,7 +908,7 @@ static int do_replace(void __user *user, unsigned int len)
duprintf
(
"arp_tables: Translated table
\n
"
);
t
=
find_table_lock
(
tmp
.
name
,
&
ret
,
&
arpt_mutex
);
t
=
arpt_
find_table_lock
(
tmp
.
name
,
&
ret
,
&
arpt_mutex
);
if
(
!
t
)
goto
free_newinfo_counters_untrans
;
...
...
@@ -1002,7 +1001,7 @@ static int do_add_counters(void __user *user, unsigned int len)
goto
free
;
}
t
=
find_table_lock
(
tmp
.
name
,
&
ret
,
&
arpt_mutex
);
t
=
arpt_
find_table_lock
(
tmp
.
name
,
&
ret
,
&
arpt_mutex
);
if
(
!
t
)
goto
free
;
...
...
@@ -1075,7 +1074,7 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
break
;
}
name
[
ARPT_TABLE_MAXNAMELEN
-
1
]
=
'\0'
;
t
=
find_table_lock
(
name
,
&
ret
,
&
arpt_mutex
);
t
=
arpt_
find_table_lock
(
name
,
&
ret
,
&
arpt_mutex
);
if
(
t
)
{
struct
arpt_getinfo
info
;
...
...
@@ -1323,6 +1322,7 @@ static void __exit fini(void)
EXPORT_SYMBOL
(
arpt_register_table
);
EXPORT_SYMBOL
(
arpt_unregister_table
);
EXPORT_SYMBOL
(
arpt_do_table
);
EXPORT_SYMBOL
(
arpt_find_target_lock
);
EXPORT_SYMBOL
(
arpt_register_target
);
EXPORT_SYMBOL
(
arpt_unregister_target
);
...
...
net/ipv4/netfilter/ip_tables.c
View file @
4ec3792a
...
...
@@ -61,9 +61,6 @@ do { \
#endif
#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
/* Mutex protects lists (only traversed in user context). */
static
DECLARE_MUTEX
(
ipt_mutex
);
/* Must have mutex */
#define ASSERT_READ_LOCK(x) IP_NF_ASSERT(down_trylock(&ipt_mutex) != 0)
#define ASSERT_WRITE_LOCK(x) IP_NF_ASSERT(down_trylock(&ipt_mutex) != 0)
...
...
@@ -418,7 +415,7 @@ find_inlist_lock_noload(struct list_head *head,
{
void
*
ret
;
#if 0
#if 0
duprintf("find_inlist: searching for `%s' in %s.\n",
name, head == &ipt_target ? "ipt_target"
: head == &ipt_match ? "ipt_match"
...
...
@@ -461,7 +458,7 @@ find_inlist_lock(struct list_head *head,
#endif
static
inline
struct
ipt_table
*
find_table_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
)
ipt_
find_table_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
)
{
return
find_inlist_lock
(
&
ipt_tables
,
name
,
"iptable_"
,
error
,
mutex
);
}
...
...
@@ -472,8 +469,8 @@ find_match_lock(const char *name, int *error, struct semaphore *mutex)
return
find_inlist_lock
(
&
ipt_match
,
name
,
"ipt_"
,
error
,
mutex
);
}
st
atic
inline
st
ruct
ipt_target
*
find_target_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
)
struct
ipt_target
*
ipt_
find_target_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
)
{
return
find_inlist_lock
(
&
ipt_target
,
name
,
"ipt_"
,
error
,
mutex
);
}
...
...
@@ -688,7 +685,7 @@ check_entry(struct ipt_entry *e, const char *name, unsigned int size,
goto
cleanup_matches
;
t
=
ipt_get_target
(
e
);
target
=
find_target_lock
(
t
->
u
.
user
.
name
,
&
ret
,
&
ipt_mutex
);
target
=
ipt_
find_target_lock
(
t
->
u
.
user
.
name
,
&
ret
,
&
ipt_mutex
);
if
(
!
target
)
{
duprintf
(
"check_entry: `%s' not found
\n
"
,
t
->
u
.
user
.
name
);
goto
cleanup_matches
;
...
...
@@ -1025,7 +1022,7 @@ get_entries(const struct ipt_get_entries *entries,
int
ret
;
struct
ipt_table
*
t
;
t
=
find_table_lock
(
entries
->
name
,
&
ret
,
&
ipt_mutex
);
t
=
ipt_
find_table_lock
(
entries
->
name
,
&
ret
,
&
ipt_mutex
);
if
(
t
)
{
duprintf
(
"t->private->number = %u
\n
"
,
t
->
private
->
number
);
...
...
@@ -1092,7 +1089,7 @@ do_replace(void __user *user, unsigned int len)
duprintf
(
"ip_tables: Translated table
\n
"
);
t
=
find_table_lock
(
tmp
.
name
,
&
ret
,
&
ipt_mutex
);
t
=
ipt_
find_table_lock
(
tmp
.
name
,
&
ret
,
&
ipt_mutex
);
if
(
!
t
)
goto
free_newinfo_counters_untrans
;
...
...
@@ -1195,7 +1192,7 @@ do_add_counters(void __user *user, unsigned int len)
goto
free
;
}
t
=
find_table_lock
(
tmp
.
name
,
&
ret
,
&
ipt_mutex
);
t
=
ipt_
find_table_lock
(
tmp
.
name
,
&
ret
,
&
ipt_mutex
);
if
(
!
t
)
goto
free
;
...
...
@@ -1270,7 +1267,7 @@ do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
break
;
}
name
[
IPT_TABLE_MAXNAMELEN
-
1
]
=
'\0'
;
t
=
find_table_lock
(
name
,
&
ret
,
&
ipt_mutex
);
t
=
ipt_
find_table_lock
(
name
,
&
ret
,
&
ipt_mutex
);
if
(
t
)
{
struct
ipt_getinfo
info
;
...
...
@@ -1855,6 +1852,7 @@ EXPORT_SYMBOL(ipt_unregister_match);
EXPORT_SYMBOL
(
ipt_do_table
);
EXPORT_SYMBOL
(
ipt_register_target
);
EXPORT_SYMBOL
(
ipt_unregister_target
);
EXPORT_SYMBOL
(
ipt_find_target_lock
);
module_init
(
init
);
module_exit
(
fini
);
net/ipv6/netfilter/ip6_tables.c
View file @
4ec3792a
...
...
@@ -66,8 +66,6 @@ do { \
#endif
#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
/* Mutex protects lists (only traversed in user context). */
static
DECLARE_MUTEX
(
ip6t_mutex
);
/* Must have mutex */
#define ASSERT_READ_LOCK(x) IP_NF_ASSERT(down_trylock(&ip6t_mutex) != 0)
...
...
@@ -544,7 +542,7 @@ find_inlist_lock(struct list_head *head,
#endif
static
inline
struct
ip6t_table
*
find_table_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
)
ip6t_
find_table_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
)
{
return
find_inlist_lock
(
&
ip6t_tables
,
name
,
"ip6table_"
,
error
,
mutex
);
}
...
...
@@ -555,8 +553,8 @@ find_match_lock(const char *name, int *error, struct semaphore *mutex)
return
find_inlist_lock
(
&
ip6t_match
,
name
,
"ip6t_"
,
error
,
mutex
);
}
st
atic
inline
st
ruct
ip6t_target
*
find_target_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
)
struct
ip6t_target
*
ip6t_
find_target_lock
(
const
char
*
name
,
int
*
error
,
struct
semaphore
*
mutex
)
{
return
find_inlist_lock
(
&
ip6t_target
,
name
,
"ip6t_"
,
error
,
mutex
);
}
...
...
@@ -771,7 +769,7 @@ check_entry(struct ip6t_entry *e, const char *name, unsigned int size,
goto
cleanup_matches
;
t
=
ip6t_get_target
(
e
);
target
=
find_target_lock
(
t
->
u
.
user
.
name
,
&
ret
,
&
ip6t_mutex
);
target
=
ip6t_
find_target_lock
(
t
->
u
.
user
.
name
,
&
ret
,
&
ip6t_mutex
);
if
(
!
target
)
{
duprintf
(
"check_entry: `%s' not found
\n
"
,
t
->
u
.
user
.
name
);
goto
cleanup_matches
;
...
...
@@ -1111,7 +1109,7 @@ get_entries(const struct ip6t_get_entries *entries,
int
ret
;
struct
ip6t_table
*
t
;
t
=
find_table_lock
(
entries
->
name
,
&
ret
,
&
ip6t_mutex
);
t
=
ip6t_
find_table_lock
(
entries
->
name
,
&
ret
,
&
ip6t_mutex
);
if
(
t
)
{
duprintf
(
"t->private->number = %u
\n
"
,
t
->
private
->
number
);
...
...
@@ -1174,7 +1172,7 @@ do_replace(void __user *user, unsigned int len)
duprintf
(
"ip_tables: Translated table
\n
"
);
t
=
find_table_lock
(
tmp
.
name
,
&
ret
,
&
ip6t_mutex
);
t
=
ip6t_
find_table_lock
(
tmp
.
name
,
&
ret
,
&
ip6t_mutex
);
if
(
!
t
)
goto
free_newinfo_counters_untrans
;
...
...
@@ -1276,7 +1274,7 @@ do_add_counters(void __user *user, unsigned int len)
goto
free
;
}
t
=
find_table_lock
(
tmp
.
name
,
&
ret
,
&
ip6t_mutex
);
t
=
ip6t_
find_table_lock
(
tmp
.
name
,
&
ret
,
&
ip6t_mutex
);
if
(
!
t
)
goto
free
;
...
...
@@ -1351,7 +1349,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
break
;
}
name
[
IP6T_TABLE_MAXNAMELEN
-
1
]
=
'\0'
;
t
=
find_table_lock
(
name
,
&
ret
,
&
ip6t_mutex
);
t
=
ip6t_
find_table_lock
(
name
,
&
ret
,
&
ip6t_mutex
);
if
(
t
)
{
struct
ip6t_getinfo
info
;
...
...
@@ -1964,6 +1962,7 @@ static void __exit fini(void)
EXPORT_SYMBOL
(
ip6t_register_table
);
EXPORT_SYMBOL
(
ip6t_unregister_table
);
EXPORT_SYMBOL
(
ip6t_do_table
);
EXPORT_SYMBOL
(
ip6t_find_target_lock
);
EXPORT_SYMBOL
(
ip6t_register_match
);
EXPORT_SYMBOL
(
ip6t_unregister_match
);
EXPORT_SYMBOL
(
ip6t_register_target
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment