Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
8bee4bad
Commit
8bee4bad
authored
Mar 17, 2010
by
Jan Engelhardt
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
netfilter: xt extensions: use pr_<level>
Signed-off-by:
Jan Engelhardt
<
jengelh@medozas.de
>
parent
be91fd5e
Changes
21
Show whitespace changes
Inline
Side-by-side
Showing
21 changed files
with
88 additions
and
107 deletions
+88
-107
net/netfilter/xt_CONNSECMARK.c
net/netfilter/xt_CONNSECMARK.c
+6
-7
net/netfilter/xt_DSCP.c
net/netfilter/xt_DSCP.c
+2
-2
net/netfilter/xt_HL.c
net/netfilter/xt_HL.c
+4
-6
net/netfilter/xt_LED.c
net/netfilter/xt_LED.c
+4
-6
net/netfilter/xt_SECMARK.c
net/netfilter/xt_SECMARK.c
+10
-10
net/netfilter/xt_TCPMSS.c
net/netfilter/xt_TCPMSS.c
+9
-9
net/netfilter/xt_cluster.c
net/netfilter/xt_cluster.c
+6
-5
net/netfilter/xt_connbytes.c
net/netfilter/xt_connbytes.c
+3
-2
net/netfilter/xt_connlimit.c
net/netfilter/xt_connlimit.c
+3
-2
net/netfilter/xt_connmark.c
net/netfilter/xt_connmark.c
+4
-4
net/netfilter/xt_conntrack.c
net/netfilter/xt_conntrack.c
+3
-3
net/netfilter/xt_dscp.c
net/netfilter/xt_dscp.c
+2
-2
net/netfilter/xt_hashlimit.c
net/netfilter/xt_hashlimit.c
+8
-10
net/netfilter/xt_helper.c
net/netfilter/xt_helper.c
+3
-3
net/netfilter/xt_hl.c
net/netfilter/xt_hl.c
+0
-12
net/netfilter/xt_limit.c
net/netfilter/xt_limit.c
+3
-3
net/netfilter/xt_osf.c
net/netfilter/xt_osf.c
+4
-4
net/netfilter/xt_physdev.c
net/netfilter/xt_physdev.c
+4
-4
net/netfilter/xt_policy.c
net/netfilter/xt_policy.c
+5
-8
net/netfilter/xt_recent.c
net/netfilter/xt_recent.c
+3
-3
net/netfilter/xt_state.c
net/netfilter/xt_state.c
+2
-2
No files found.
net/netfilter/xt_CONNSECMARK.c
View file @
8bee4bad
...
@@ -15,6 +15,7 @@
...
@@ -15,6 +15,7 @@
* published by the Free Software Foundation.
* published by the Free Software Foundation.
*
*
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/x_tables.h>
...
@@ -22,8 +23,6 @@
...
@@ -22,8 +23,6 @@
#include <net/netfilter/nf_conntrack.h>
#include <net/netfilter/nf_conntrack.h>
#include <net/netfilter/nf_conntrack_ecache.h>
#include <net/netfilter/nf_conntrack_ecache.h>
#define PFX "CONNSECMARK: "
MODULE_LICENSE
(
"GPL"
);
MODULE_LICENSE
(
"GPL"
);
MODULE_AUTHOR
(
"James Morris <jmorris@redhat.com>"
);
MODULE_AUTHOR
(
"James Morris <jmorris@redhat.com>"
);
MODULE_DESCRIPTION
(
"Xtables: target for copying between connection and security mark"
);
MODULE_DESCRIPTION
(
"Xtables: target for copying between connection and security mark"
);
...
@@ -91,7 +90,7 @@ static bool connsecmark_tg_check(const struct xt_tgchk_param *par)
...
@@ -91,7 +90,7 @@ static bool connsecmark_tg_check(const struct xt_tgchk_param *par)
if
(
strcmp
(
par
->
table
,
"mangle"
)
!=
0
&&
if
(
strcmp
(
par
->
table
,
"mangle"
)
!=
0
&&
strcmp
(
par
->
table
,
"security"
)
!=
0
)
{
strcmp
(
par
->
table
,
"security"
)
!=
0
)
{
pr
intk
(
KERN_INFO
PFX
"target only valid in the
\'
mangle
\'
"
pr
_info
(
"target only valid in the
\'
mangle
\'
"
"or
\'
security
\'
tables, not
\'
%s
\'
.
\n
"
,
par
->
table
);
"or
\'
security
\'
tables, not
\'
%s
\'
.
\n
"
,
par
->
table
);
return
false
;
return
false
;
}
}
...
@@ -102,13 +101,13 @@ static bool connsecmark_tg_check(const struct xt_tgchk_param *par)
...
@@ -102,13 +101,13 @@ static bool connsecmark_tg_check(const struct xt_tgchk_param *par)
break
;
break
;
default:
default:
pr
intk
(
KERN_INFO
PFX
"invalid mode: %hu
\n
"
,
info
->
mode
);
pr
_info
(
"invalid mode: %hu
\n
"
,
info
->
mode
);
return
false
;
return
false
;
}
}
if
(
nf_ct_l3proto_try_module_get
(
par
->
family
)
<
0
)
{
if
(
nf_ct_l3proto_try_module_get
(
par
->
family
)
<
0
)
{
pr
intk
(
KERN_WARNING
"can't load conntrack support for "
pr
_info
(
"cannot load conntrack support for proto=%u
\n
"
,
"proto=%u
\n
"
,
par
->
family
);
par
->
family
);
return
false
;
return
false
;
}
}
return
true
;
return
true
;
...
...
net/netfilter/xt_DSCP.c
View file @
8bee4bad
...
@@ -9,7 +9,7 @@
...
@@ -9,7 +9,7 @@
*
*
* See RFC2474 for a description of the DSCP field within the IP Header.
* See RFC2474 for a description of the DSCP field within the IP Header.
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/ip.h>
...
@@ -65,7 +65,7 @@ static bool dscp_tg_check(const struct xt_tgchk_param *par)
...
@@ -65,7 +65,7 @@ static bool dscp_tg_check(const struct xt_tgchk_param *par)
const
struct
xt_DSCP_info
*
info
=
par
->
targinfo
;
const
struct
xt_DSCP_info
*
info
=
par
->
targinfo
;
if
(
info
->
dscp
>
XT_DSCP_MAX
)
{
if
(
info
->
dscp
>
XT_DSCP_MAX
)
{
pr
intk
(
KERN_WARNING
"DSCP:
dscp %x out of range
\n
"
,
info
->
dscp
);
pr
_info
(
"
dscp %x out of range
\n
"
,
info
->
dscp
);
return
false
;
return
false
;
}
}
return
true
;
return
true
;
...
...
net/netfilter/xt_HL.c
View file @
8bee4bad
...
@@ -9,7 +9,7 @@
...
@@ -9,7 +9,7 @@
* it under the terms of the GNU General Public License version 2 as
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
* published by the Free Software Foundation.
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/ip.h>
...
@@ -106,8 +106,7 @@ static bool ttl_tg_check(const struct xt_tgchk_param *par)
...
@@ -106,8 +106,7 @@ static bool ttl_tg_check(const struct xt_tgchk_param *par)
const
struct
ipt_TTL_info
*
info
=
par
->
targinfo
;
const
struct
ipt_TTL_info
*
info
=
par
->
targinfo
;
if
(
info
->
mode
>
IPT_TTL_MAXMODE
)
{
if
(
info
->
mode
>
IPT_TTL_MAXMODE
)
{
printk
(
KERN_WARNING
"ipt_TTL: invalid or unknown Mode %u
\n
"
,
pr_info
(
"TTL: invalid or unknown mode %u
\n
"
,
info
->
mode
);
info
->
mode
);
return
false
;
return
false
;
}
}
if
(
info
->
mode
!=
IPT_TTL_SET
&&
info
->
ttl
==
0
)
if
(
info
->
mode
!=
IPT_TTL_SET
&&
info
->
ttl
==
0
)
...
@@ -120,12 +119,11 @@ static bool hl_tg6_check(const struct xt_tgchk_param *par)
...
@@ -120,12 +119,11 @@ static bool hl_tg6_check(const struct xt_tgchk_param *par)
const
struct
ip6t_HL_info
*
info
=
par
->
targinfo
;
const
struct
ip6t_HL_info
*
info
=
par
->
targinfo
;
if
(
info
->
mode
>
IP6T_HL_MAXMODE
)
{
if
(
info
->
mode
>
IP6T_HL_MAXMODE
)
{
printk
(
KERN_WARNING
"ip6t_HL: invalid or unknown Mode %u
\n
"
,
pr_info
(
"invalid or unknown mode %u
\n
"
,
info
->
mode
);
info
->
mode
);
return
false
;
return
false
;
}
}
if
(
info
->
mode
!=
IP6T_HL_SET
&&
info
->
hop_limit
==
0
)
{
if
(
info
->
mode
!=
IP6T_HL_SET
&&
info
->
hop_limit
==
0
)
{
pr
intk
(
KERN_WARNING
"ip6t_HL: increment/decrement doesn'
t "
pr
_info
(
"increment/decrement does no
t "
"make sense with value 0
\n
"
);
"make sense with value 0
\n
"
);
return
false
;
return
false
;
}
}
...
...
net/netfilter/xt_LED.c
View file @
8bee4bad
...
@@ -18,7 +18,7 @@
...
@@ -18,7 +18,7 @@
* 02110-1301 USA.
* 02110-1301 USA.
*
*
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/x_tables.h>
...
@@ -87,7 +87,7 @@ static bool led_tg_check(const struct xt_tgchk_param *par)
...
@@ -87,7 +87,7 @@ static bool led_tg_check(const struct xt_tgchk_param *par)
int
err
;
int
err
;
if
(
ledinfo
->
id
[
0
]
==
'\0'
)
{
if
(
ledinfo
->
id
[
0
]
==
'\0'
)
{
pr
intk
(
KERN_ERR
KBUILD_MODNAME
":
No 'id' parameter given.
\n
"
);
pr
_info
(
"
No 'id' parameter given.
\n
"
);
return
false
;
return
false
;
}
}
...
@@ -99,11 +99,9 @@ static bool led_tg_check(const struct xt_tgchk_param *par)
...
@@ -99,11 +99,9 @@ static bool led_tg_check(const struct xt_tgchk_param *par)
err
=
led_trigger_register
(
&
ledinternal
->
netfilter_led_trigger
);
err
=
led_trigger_register
(
&
ledinternal
->
netfilter_led_trigger
);
if
(
err
)
{
if
(
err
)
{
printk
(
KERN_CRIT
KBUILD_MODNAME
pr_warning
(
"led_trigger_register() failed
\n
"
);
": led_trigger_register() failed
\n
"
);
if
(
err
==
-
EEXIST
)
if
(
err
==
-
EEXIST
)
printk
(
KERN_ERR
KBUILD_MODNAME
pr_warning
(
"Trigger name is already in use.
\n
"
);
": Trigger name is already in use.
\n
"
);
goto
exit_alloc
;
goto
exit_alloc
;
}
}
...
...
net/netfilter/xt_SECMARK.c
View file @
8bee4bad
...
@@ -12,6 +12,7 @@
...
@@ -12,6 +12,7 @@
* published by the Free Software Foundation.
* published by the Free Software Foundation.
*
*
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
#include <linux/selinux.h>
#include <linux/selinux.h>
...
@@ -59,20 +60,19 @@ static bool checkentry_selinux(struct xt_secmark_target_info *info)
...
@@ -59,20 +60,19 @@ static bool checkentry_selinux(struct xt_secmark_target_info *info)
err
=
selinux_string_to_sid
(
sel
->
selctx
,
&
sel
->
selsid
);
err
=
selinux_string_to_sid
(
sel
->
selctx
,
&
sel
->
selsid
);
if
(
err
)
{
if
(
err
)
{
if
(
err
==
-
EINVAL
)
if
(
err
==
-
EINVAL
)
pr
intk
(
KERN_INFO
PFX
"invalid SELinux context
\'
%s
\'\n
"
,
pr
_info
(
"invalid SELinux context
\'
%s
\'\n
"
,
sel
->
selctx
);
sel
->
selctx
);
return
false
;
return
false
;
}
}
if
(
!
sel
->
selsid
)
{
if
(
!
sel
->
selsid
)
{
printk
(
KERN_INFO
PFX
"unable to map SELinux context
\'
%s
\'\n
"
,
pr_info
(
"unable to map SELinux context
\'
%s
\'\n
"
,
sel
->
selctx
);
sel
->
selctx
);
return
false
;
return
false
;
}
}
err
=
selinux_secmark_relabel_packet_permission
(
sel
->
selsid
);
err
=
selinux_secmark_relabel_packet_permission
(
sel
->
selsid
);
if
(
err
)
{
if
(
err
)
{
pr
intk
(
KERN_INFO
PFX
"unable to obtain relabeling permission
\n
"
);
pr
_info
(
"unable to obtain relabeling permission
\n
"
);
return
false
;
return
false
;
}
}
...
@@ -86,13 +86,13 @@ static bool secmark_tg_check(const struct xt_tgchk_param *par)
...
@@ -86,13 +86,13 @@ static bool secmark_tg_check(const struct xt_tgchk_param *par)
if
(
strcmp
(
par
->
table
,
"mangle"
)
!=
0
&&
if
(
strcmp
(
par
->
table
,
"mangle"
)
!=
0
&&
strcmp
(
par
->
table
,
"security"
)
!=
0
)
{
strcmp
(
par
->
table
,
"security"
)
!=
0
)
{
pr
intk
(
KERN_INFO
PFX
"target only valid in the
\'
mangle
\'
"
pr
_info
(
"target only valid in the
\'
mangle
\'
"
"or
\'
security
\'
tables, not
\'
%s
\'
.
\n
"
,
par
->
table
);
"or
\'
security
\'
tables, not
\'
%s
\'
.
\n
"
,
par
->
table
);
return
false
;
return
false
;
}
}
if
(
mode
&&
mode
!=
info
->
mode
)
{
if
(
mode
&&
mode
!=
info
->
mode
)
{
pr
intk
(
KERN_INFO
PFX
"mode already set to %hu cannot mix with "
pr
_info
(
"mode already set to %hu cannot mix with "
"rules for mode %hu
\n
"
,
mode
,
info
->
mode
);
"rules for mode %hu
\n
"
,
mode
,
info
->
mode
);
return
false
;
return
false
;
}
}
...
@@ -104,7 +104,7 @@ static bool secmark_tg_check(const struct xt_tgchk_param *par)
...
@@ -104,7 +104,7 @@ static bool secmark_tg_check(const struct xt_tgchk_param *par)
break
;
break
;
default:
default:
pr
intk
(
KERN_INFO
PFX
"invalid mode: %hu
\n
"
,
info
->
mode
);
pr
_info
(
"invalid mode: %hu
\n
"
,
info
->
mode
);
return
false
;
return
false
;
}
}
...
...
net/netfilter/xt_TCPMSS.c
View file @
8bee4bad
...
@@ -7,7 +7,7 @@
...
@@ -7,7 +7,7 @@
* it under the terms of the GNU General Public License version 2 as
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
* published by the Free Software Foundation.
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/ip.h>
...
@@ -67,14 +67,14 @@ tcpmss_mangle_packet(struct sk_buff *skb,
...
@@ -67,14 +67,14 @@ tcpmss_mangle_packet(struct sk_buff *skb,
if
(
info
->
mss
==
XT_TCPMSS_CLAMP_PMTU
)
{
if
(
info
->
mss
==
XT_TCPMSS_CLAMP_PMTU
)
{
if
(
dst_mtu
(
skb_dst
(
skb
))
<=
minlen
)
{
if
(
dst_mtu
(
skb_dst
(
skb
))
<=
minlen
)
{
if
(
net_ratelimit
())
if
(
net_ratelimit
())
pr
intk
(
KERN_ERR
"xt_TCPMSS: "
pr
_err
(
"xt_TCPMSS: "
"unknown or invalid path-MTU (%u)
\n
"
,
"unknown or invalid path-MTU (%u)
\n
"
,
dst_mtu
(
skb_dst
(
skb
)));
dst_mtu
(
skb_dst
(
skb
)));
return
-
1
;
return
-
1
;
}
}
if
(
in_mtu
<=
minlen
)
{
if
(
in_mtu
<=
minlen
)
{
if
(
net_ratelimit
())
if
(
net_ratelimit
())
pr
intk
(
KERN_ERR
"xt_TCPMSS: unknown or "
pr
_err
(
"xt_TCPMSS: unknown or "
"invalid path-MTU (%u)
\n
"
,
in_mtu
);
"invalid path-MTU (%u)
\n
"
,
in_mtu
);
return
-
1
;
return
-
1
;
}
}
...
@@ -245,14 +245,14 @@ static bool tcpmss_tg4_check(const struct xt_tgchk_param *par)
...
@@ -245,14 +245,14 @@ static bool tcpmss_tg4_check(const struct xt_tgchk_param *par)
(
par
->
hook_mask
&
~
((
1
<<
NF_INET_FORWARD
)
|
(
par
->
hook_mask
&
~
((
1
<<
NF_INET_FORWARD
)
|
(
1
<<
NF_INET_LOCAL_OUT
)
|
(
1
<<
NF_INET_LOCAL_OUT
)
|
(
1
<<
NF_INET_POST_ROUTING
)))
!=
0
)
{
(
1
<<
NF_INET_POST_ROUTING
)))
!=
0
)
{
pr
intk
(
"xt_TCPMSS:
path-MTU clamping only supported in "
pr
_info
(
"
path-MTU clamping only supported in "
"FORWARD, OUTPUT and POSTROUTING hooks
\n
"
);
"FORWARD, OUTPUT and POSTROUTING hooks
\n
"
);
return
false
;
return
false
;
}
}
xt_ematch_foreach
(
ematch
,
e
)
xt_ematch_foreach
(
ematch
,
e
)
if
(
find_syn_match
(
ematch
))
if
(
find_syn_match
(
ematch
))
return
true
;
return
true
;
pr
intk
(
"xt_TCPMSS:
Only works on TCP SYN packets
\n
"
);
pr
_info
(
"
Only works on TCP SYN packets
\n
"
);
return
false
;
return
false
;
}
}
...
@@ -267,14 +267,14 @@ static bool tcpmss_tg6_check(const struct xt_tgchk_param *par)
...
@@ -267,14 +267,14 @@ static bool tcpmss_tg6_check(const struct xt_tgchk_param *par)
(
par
->
hook_mask
&
~
((
1
<<
NF_INET_FORWARD
)
|
(
par
->
hook_mask
&
~
((
1
<<
NF_INET_FORWARD
)
|
(
1
<<
NF_INET_LOCAL_OUT
)
|
(
1
<<
NF_INET_LOCAL_OUT
)
|
(
1
<<
NF_INET_POST_ROUTING
)))
!=
0
)
{
(
1
<<
NF_INET_POST_ROUTING
)))
!=
0
)
{
pr
intk
(
"xt_TCPMSS:
path-MTU clamping only supported in "
pr
_info
(
"
path-MTU clamping only supported in "
"FORWARD, OUTPUT and POSTROUTING hooks
\n
"
);
"FORWARD, OUTPUT and POSTROUTING hooks
\n
"
);
return
false
;
return
false
;
}
}
xt_ematch_foreach
(
ematch
,
e
)
xt_ematch_foreach
(
ematch
,
e
)
if
(
find_syn_match
(
ematch
))
if
(
find_syn_match
(
ematch
))
return
true
;
return
true
;
pr
intk
(
"xt_TCPMSS:
Only works on TCP SYN packets
\n
"
);
pr
_info
(
"
Only works on TCP SYN packets
\n
"
);
return
false
;
return
false
;
}
}
#endif
#endif
...
...
net/netfilter/xt_cluster.c
View file @
8bee4bad
...
@@ -5,6 +5,7 @@
...
@@ -5,6 +5,7 @@
* it under the terms of the GNU General Public License version 2 as
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
* published by the Free Software Foundation.
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
#include <linux/jhash.h>
#include <linux/jhash.h>
...
@@ -136,13 +137,13 @@ static bool xt_cluster_mt_checkentry(const struct xt_mtchk_param *par)
...
@@ -136,13 +137,13 @@ static bool xt_cluster_mt_checkentry(const struct xt_mtchk_param *par)
struct
xt_cluster_match_info
*
info
=
par
->
matchinfo
;
struct
xt_cluster_match_info
*
info
=
par
->
matchinfo
;
if
(
info
->
total_nodes
>
XT_CLUSTER_NODES_MAX
)
{
if
(
info
->
total_nodes
>
XT_CLUSTER_NODES_MAX
)
{
pr
intk
(
KERN_ERR
"xt_cluster:
you have exceeded the maximum "
pr
_info
(
"
you have exceeded the maximum "
"number of cluster nodes (%u > %u)
\n
"
,
"number of cluster nodes (%u > %u)
\n
"
,
info
->
total_nodes
,
XT_CLUSTER_NODES_MAX
);
info
->
total_nodes
,
XT_CLUSTER_NODES_MAX
);
return
false
;
return
false
;
}
}
if
(
info
->
node_mask
>=
(
1ULL
<<
info
->
total_nodes
))
{
if
(
info
->
node_mask
>=
(
1ULL
<<
info
->
total_nodes
))
{
pr
intk
(
KERN_ERR
"xt_cluster:
this node mask cannot be "
pr
_info
(
"
this node mask cannot be "
"higher than the total number of nodes
\n
"
);
"higher than the total number of nodes
\n
"
);
return
false
;
return
false
;
}
}
...
...
net/netfilter/xt_connbytes.c
View file @
8bee4bad
/* Kernel module to match connection tracking byte counter.
/* Kernel module to match connection tracking byte counter.
* GPL (C) 2002 Martin Devera (devik@cdi.cz).
* GPL (C) 2002 Martin Devera (devik@cdi.cz).
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/module.h>
#include <linux/bitops.h>
#include <linux/bitops.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
...
@@ -107,8 +108,8 @@ static bool connbytes_mt_check(const struct xt_mtchk_param *par)
...
@@ -107,8 +108,8 @@ static bool connbytes_mt_check(const struct xt_mtchk_param *par)
return
false
;
return
false
;
if
(
nf_ct_l3proto_try_module_get
(
par
->
family
)
<
0
)
{
if
(
nf_ct_l3proto_try_module_get
(
par
->
family
)
<
0
)
{
pr
intk
(
KERN_WARNING
"can't load conntrack support for "
pr
_info
(
"cannot load conntrack support for proto=%u
\n
"
,
"proto=%u
\n
"
,
par
->
family
);
par
->
family
);
return
false
;
return
false
;
}
}
...
...
net/netfilter/xt_connlimit.c
View file @
8bee4bad
...
@@ -11,6 +11,7 @@
...
@@ -11,6 +11,7 @@
* Kernel module to match connection tracking information.
* Kernel module to match connection tracking information.
* GPL (C) 1999 Rusty Russell (rusty@rustcorp.com.au).
* GPL (C) 1999 Rusty Russell (rusty@rustcorp.com.au).
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/in.h>
#include <linux/in.h>
#include <linux/in6.h>
#include <linux/in6.h>
#include <linux/ip.h>
#include <linux/ip.h>
...
@@ -225,7 +226,7 @@ static bool connlimit_mt_check(const struct xt_mtchk_param *par)
...
@@ -225,7 +226,7 @@ static bool connlimit_mt_check(const struct xt_mtchk_param *par)
connlimit_rnd_inited
=
true
;
connlimit_rnd_inited
=
true
;
}
}
if
(
nf_ct_l3proto_try_module_get
(
par
->
family
)
<
0
)
{
if
(
nf_ct_l3proto_try_module_get
(
par
->
family
)
<
0
)
{
pr
intk
(
KERN_WARNING
"cannot load conntrack support for "
pr
_info
(
"cannot load conntrack support for "
"address family %u
\n
"
,
par
->
family
);
"address family %u
\n
"
,
par
->
family
);
return
false
;
return
false
;
}
}
...
...
net/netfilter/xt_connmark.c
View file @
8bee4bad
...
@@ -77,8 +77,8 @@ connmark_tg(struct sk_buff *skb, const struct xt_target_param *par)
...
@@ -77,8 +77,8 @@ connmark_tg(struct sk_buff *skb, const struct xt_target_param *par)
static
bool
connmark_tg_check
(
const
struct
xt_tgchk_param
*
par
)
static
bool
connmark_tg_check
(
const
struct
xt_tgchk_param
*
par
)
{
{
if
(
nf_ct_l3proto_try_module_get
(
par
->
family
)
<
0
)
{
if
(
nf_ct_l3proto_try_module_get
(
par
->
family
)
<
0
)
{
pr
intk
(
KERN_WARNING
"cannot load conntrack support for "
pr
_info
(
"cannot load conntrack support for proto=%u
\n
"
,
"proto=%u
\n
"
,
par
->
family
);
par
->
family
);
return
false
;
return
false
;
}
}
return
true
;
return
true
;
...
@@ -106,8 +106,8 @@ connmark_mt(const struct sk_buff *skb, const struct xt_match_param *par)
...
@@ -106,8 +106,8 @@ connmark_mt(const struct sk_buff *skb, const struct xt_match_param *par)
static
bool
connmark_mt_check
(
const
struct
xt_mtchk_param
*
par
)
static
bool
connmark_mt_check
(
const
struct
xt_mtchk_param
*
par
)
{
{
if
(
nf_ct_l3proto_try_module_get
(
par
->
family
)
<
0
)
{
if
(
nf_ct_l3proto_try_module_get
(
par
->
family
)
<
0
)
{
pr
intk
(
KERN_WARNING
"cannot load conntrack support for "
pr
_info
(
"cannot load conntrack support for proto=%u
\n
"
,
"proto=%u
\n
"
,
par
->
family
);
par
->
family
);
return
false
;
return
false
;
}
}
return
true
;
return
true
;
...
...
net/netfilter/xt_conntrack.c
View file @
8bee4bad
...
@@ -9,7 +9,7 @@
...
@@ -9,7 +9,7 @@
* it under the terms of the GNU General Public License version 2 as
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
* published by the Free Software Foundation.
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
#include <net/ipv6.h>
#include <net/ipv6.h>
...
@@ -209,8 +209,8 @@ conntrack_mt_v2(const struct sk_buff *skb, const struct xt_match_param *par)
...
@@ -209,8 +209,8 @@ conntrack_mt_v2(const struct sk_buff *skb, const struct xt_match_param *par)
static
bool
conntrack_mt_check
(
const
struct
xt_mtchk_param
*
par
)
static
bool
conntrack_mt_check
(
const
struct
xt_mtchk_param
*
par
)
{
{
if
(
nf_ct_l3proto_try_module_get
(
par
->
family
)
<
0
)
{
if
(
nf_ct_l3proto_try_module_get
(
par
->
family
)
<
0
)
{
pr
intk
(
KERN_WARNING
"can't load conntrack support for "
pr
_info
(
"cannot load conntrack support for proto=%u
\n
"
,
"proto=%u
\n
"
,
par
->
family
);
par
->
family
);
return
false
;
return
false
;
}
}
return
true
;
return
true
;
...
...
net/netfilter/xt_dscp.c
View file @
8bee4bad
...
@@ -6,7 +6,7 @@
...
@@ -6,7 +6,7 @@
* it under the terms of the GNU General Public License version 2 as
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
* published by the Free Software Foundation.
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/ip.h>
...
@@ -47,7 +47,7 @@ static bool dscp_mt_check(const struct xt_mtchk_param *par)
...
@@ -47,7 +47,7 @@ static bool dscp_mt_check(const struct xt_mtchk_param *par)
const
struct
xt_dscp_info
*
info
=
par
->
matchinfo
;
const
struct
xt_dscp_info
*
info
=
par
->
matchinfo
;
if
(
info
->
dscp
>
XT_DSCP_MAX
)
{
if
(
info
->
dscp
>
XT_DSCP_MAX
)
{
pr
intk
(
KERN_ERR
"xt_dscp:
dscp %x out of range
\n
"
,
info
->
dscp
);
pr
_info
(
"
dscp %x out of range
\n
"
,
info
->
dscp
);
return
false
;
return
false
;
}
}
...
...
net/netfilter/xt_hashlimit.c
View file @
8bee4bad
...
@@ -7,6 +7,7 @@
...
@@ -7,6 +7,7 @@
*
*
* Development of this code was funded by Astaro AG, http://www.astaro.com/
* Development of this code was funded by Astaro AG, http://www.astaro.com/
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/module.h>
#include <linux/spinlock.h>
#include <linux/spinlock.h>
#include <linux/random.h>
#include <linux/random.h>
...
@@ -166,17 +167,14 @@ dsthash_alloc_init(struct xt_hashlimit_htable *ht,
...
@@ -166,17 +167,14 @@ dsthash_alloc_init(struct xt_hashlimit_htable *ht,
if
(
ht
->
cfg
.
max
&&
ht
->
count
>=
ht
->
cfg
.
max
)
{
if
(
ht
->
cfg
.
max
&&
ht
->
count
>=
ht
->
cfg
.
max
)
{
/* FIXME: do something. question is what.. */
/* FIXME: do something. question is what.. */
if
(
net_ratelimit
())
if
(
net_ratelimit
())
printk
(
KERN_WARNING
pr_err
(
"max count of %u reached
\n
"
,
ht
->
cfg
.
max
);
"xt_hashlimit: max count of %u reached
\n
"
,
ht
->
cfg
.
max
);
return
NULL
;
return
NULL
;
}
}
ent
=
kmem_cache_alloc
(
hashlimit_cachep
,
GFP_ATOMIC
);
ent
=
kmem_cache_alloc
(
hashlimit_cachep
,
GFP_ATOMIC
);
if
(
!
ent
)
{
if
(
!
ent
)
{
if
(
net_ratelimit
())
if
(
net_ratelimit
())
printk
(
KERN_ERR
pr_err
(
"cannot allocate dsthash_ent
\n
"
);
"xt_hashlimit: can't allocate dsthash_ent
\n
"
);
return
NULL
;
return
NULL
;
}
}
memcpy
(
&
ent
->
dst
,
dst
,
sizeof
(
ent
->
dst
));
memcpy
(
&
ent
->
dst
,
dst
,
sizeof
(
ent
->
dst
));
...
@@ -681,7 +679,7 @@ static bool hashlimit_mt_check_v0(const struct xt_mtchk_param *par)
...
@@ -681,7 +679,7 @@ static bool hashlimit_mt_check_v0(const struct xt_mtchk_param *par)
/* Check for overflow. */
/* Check for overflow. */
if
(
r
->
cfg
.
burst
==
0
||
if
(
r
->
cfg
.
burst
==
0
||
user2credits
(
r
->
cfg
.
avg
*
r
->
cfg
.
burst
)
<
user2credits
(
r
->
cfg
.
avg
))
{
user2credits
(
r
->
cfg
.
avg
*
r
->
cfg
.
burst
)
<
user2credits
(
r
->
cfg
.
avg
))
{
pr
intk
(
KERN_ERR
"xt_hashlimit:
overflow, try lower: %u/%u
\n
"
,
pr
_info
(
"
overflow, try lower: %u/%u
\n
"
,
r
->
cfg
.
avg
,
r
->
cfg
.
burst
);
r
->
cfg
.
avg
,
r
->
cfg
.
burst
);
return
false
;
return
false
;
}
}
...
@@ -718,7 +716,7 @@ static bool hashlimit_mt_check(const struct xt_mtchk_param *par)
...
@@ -718,7 +716,7 @@ static bool hashlimit_mt_check(const struct xt_mtchk_param *par)
if
(
info
->
cfg
.
burst
==
0
||
if
(
info
->
cfg
.
burst
==
0
||
user2credits
(
info
->
cfg
.
avg
*
info
->
cfg
.
burst
)
<
user2credits
(
info
->
cfg
.
avg
*
info
->
cfg
.
burst
)
<
user2credits
(
info
->
cfg
.
avg
))
{
user2credits
(
info
->
cfg
.
avg
))
{
pr
intk
(
KERN_ERR
"xt_hashlimit:
overflow, try lower: %u/%u
\n
"
,
pr
_info
(
"
overflow, try lower: %u/%u
\n
"
,
info
->
cfg
.
avg
,
info
->
cfg
.
burst
);
info
->
cfg
.
avg
,
info
->
cfg
.
burst
);
return
false
;
return
false
;
}
}
...
@@ -1018,7 +1016,7 @@ static int __init hashlimit_mt_init(void)
...
@@ -1018,7 +1016,7 @@ static int __init hashlimit_mt_init(void)
sizeof
(
struct
dsthash_ent
),
0
,
0
,
sizeof
(
struct
dsthash_ent
),
0
,
0
,
NULL
);
NULL
);
if
(
!
hashlimit_cachep
)
{
if
(
!
hashlimit_cachep
)
{
pr
intk
(
KERN_ERR
"xt_hashlimit:
unable to create slab cache
\n
"
);
pr
_warning
(
"
unable to create slab cache
\n
"
);
goto
err2
;
goto
err2
;
}
}
return
0
;
return
0
;
...
...
net/netfilter/xt_helper.c
View file @
8bee4bad
...
@@ -6,7 +6,7 @@
...
@@ -6,7 +6,7 @@
* it under the terms of the GNU General Public License version 2 as
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
* published by the Free Software Foundation.
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
#include <linux/netfilter.h>
#include <linux/netfilter.h>
...
@@ -59,8 +59,8 @@ static bool helper_mt_check(const struct xt_mtchk_param *par)
...
@@ -59,8 +59,8 @@ static bool helper_mt_check(const struct xt_mtchk_param *par)
struct
xt_helper_info
*
info
=
par
->
matchinfo
;
struct
xt_helper_info
*
info
=
par
->
matchinfo
;
if
(
nf_ct_l3proto_try_module_get
(
par
->
family
)
<
0
)
{
if
(
nf_ct_l3proto_try_module_get
(
par
->
family
)
<
0
)
{
pr
intk
(
KERN_WARNING
"can't load conntrack support for "
pr
_info
(
"cannot load conntrack support for proto=%u
\n
"
,
"proto=%u
\n
"
,
par
->
family
);
par
->
family
);
return
false
;
return
false
;
}
}
info
->
name
[
29
]
=
'\0'
;
info
->
name
[
29
]
=
'\0'
;
...
...
net/netfilter/xt_hl.c
View file @
8bee4bad
...
@@ -39,10 +39,6 @@ static bool ttl_mt(const struct sk_buff *skb, const struct xt_match_param *par)
...
@@ -39,10 +39,6 @@ static bool ttl_mt(const struct sk_buff *skb, const struct xt_match_param *par)
return
ttl
<
info
->
ttl
;
return
ttl
<
info
->
ttl
;
case
IPT_TTL_GT
:
case
IPT_TTL_GT
:
return
ttl
>
info
->
ttl
;
return
ttl
>
info
->
ttl
;
default:
printk
(
KERN_WARNING
"ipt_ttl: unknown mode %d
\n
"
,
info
->
mode
);
return
false
;
}
}
return
false
;
return
false
;
...
@@ -56,20 +52,12 @@ static bool hl_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
...
@@ -56,20 +52,12 @@ static bool hl_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
switch
(
info
->
mode
)
{
switch
(
info
->
mode
)
{
case
IP6T_HL_EQ
:
case
IP6T_HL_EQ
:
return
ip6h
->
hop_limit
==
info
->
hop_limit
;
return
ip6h
->
hop_limit
==
info
->
hop_limit
;
break
;
case
IP6T_HL_NE
:
case
IP6T_HL_NE
:
return
ip6h
->
hop_limit
!=
info
->
hop_limit
;
return
ip6h
->
hop_limit
!=
info
->
hop_limit
;
break
;
case
IP6T_HL_LT
:
case
IP6T_HL_LT
:
return
ip6h
->
hop_limit
<
info
->
hop_limit
;
return
ip6h
->
hop_limit
<
info
->
hop_limit
;
break
;
case
IP6T_HL_GT
:
case
IP6T_HL_GT
:
return
ip6h
->
hop_limit
>
info
->
hop_limit
;
return
ip6h
->
hop_limit
>
info
->
hop_limit
;
break
;
default:
printk
(
KERN_WARNING
"ip6t_hl: unknown mode %d
\n
"
,
info
->
mode
);
return
false
;
}
}
return
false
;
return
false
;
...
...
net/netfilter/xt_limit.c
View file @
8bee4bad
...
@@ -5,7 +5,7 @@
...
@@ -5,7 +5,7 @@
* it under the terms of the GNU General Public License version 2 as
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
* published by the Free Software Foundation.
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
#include <linux/spinlock.h>
#include <linux/spinlock.h>
...
@@ -105,7 +105,7 @@ static bool limit_mt_check(const struct xt_mtchk_param *par)
...
@@ -105,7 +105,7 @@ static bool limit_mt_check(const struct xt_mtchk_param *par)
/* Check for overflow. */
/* Check for overflow. */
if
(
r
->
burst
==
0
if
(
r
->
burst
==
0
||
user2credits
(
r
->
avg
*
r
->
burst
)
<
user2credits
(
r
->
avg
))
{
||
user2credits
(
r
->
avg
*
r
->
burst
)
<
user2credits
(
r
->
avg
))
{
pr
intk
(
"Overflow in xt_limit
, try lower: %u/%u
\n
"
,
pr
_info
(
"Overflow
, try lower: %u/%u
\n
"
,
r
->
avg
,
r
->
burst
);
r
->
avg
,
r
->
burst
);
return
false
;
return
false
;
}
}
...
...
net/netfilter/xt_osf.c
View file @
8bee4bad
...
@@ -16,7 +16,7 @@
...
@@ -16,7 +16,7 @@
* along with this program; if not, write to the Free Software
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/kernel.h>
...
@@ -382,14 +382,14 @@ static int __init xt_osf_init(void)
...
@@ -382,14 +382,14 @@ static int __init xt_osf_init(void)
err
=
nfnetlink_subsys_register
(
&
xt_osf_nfnetlink
);
err
=
nfnetlink_subsys_register
(
&
xt_osf_nfnetlink
);
if
(
err
<
0
)
{
if
(
err
<
0
)
{
pr
intk
(
KERN_ERR
"Failed (%d) to register OSF nsfnetlink helper.
\n
"
,
err
);
pr
_err
(
"Failed to register OSF nsfnetlink helper (%d)
\n
"
,
err
);
goto
err_out_exit
;
goto
err_out_exit
;
}
}
err
=
xt_register_match
(
&
xt_osf_match
);
err
=
xt_register_match
(
&
xt_osf_match
);
if
(
err
)
{
if
(
err
)
{
pr
intk
(
KERN_ERR
"Failed (%d)
to register OS fingerprint "
pr
_err
(
"Failed
to register OS fingerprint "
"matching module.
\n
"
,
err
);
"matching module (%d)
\n
"
,
err
);
goto
err_out_remove
;
goto
err_out_remove
;
}
}
...
...
net/netfilter/xt_physdev.c
View file @
8bee4bad
...
@@ -7,7 +7,7 @@
...
@@ -7,7 +7,7 @@
* it under the terms of the GNU General Public License version 2 as
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
* published by the Free Software Foundation.
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
#include <linux/netfilter_bridge.h>
#include <linux/netfilter_bridge.h>
...
@@ -95,9 +95,9 @@ static bool physdev_mt_check(const struct xt_mtchk_param *par)
...
@@ -95,9 +95,9 @@ static bool physdev_mt_check(const struct xt_mtchk_param *par)
info
->
invert
&
XT_PHYSDEV_OP_BRIDGED
)
&&
info
->
invert
&
XT_PHYSDEV_OP_BRIDGED
)
&&
par
->
hook_mask
&
((
1
<<
NF_INET_LOCAL_OUT
)
|
par
->
hook_mask
&
((
1
<<
NF_INET_LOCAL_OUT
)
|
(
1
<<
NF_INET_FORWARD
)
|
(
1
<<
NF_INET_POST_ROUTING
)))
{
(
1
<<
NF_INET_FORWARD
)
|
(
1
<<
NF_INET_POST_ROUTING
)))
{
pr
intk
(
KERN_WARNING
"physdev match: using --physdev-out in the
"
pr
_info
(
"using --physdev-out in the OUTPUT, FORWARD and
"
"OUTPUT, FORWARD and POSTROUTING chains for non-bridged
"
"POSTROUTING chains for non-bridged traffic is not
"
"traffic is not
supported anymore.
\n
"
);
"
supported anymore.
\n
"
);
if
(
par
->
hook_mask
&
(
1
<<
NF_INET_LOCAL_OUT
))
if
(
par
->
hook_mask
&
(
1
<<
NF_INET_LOCAL_OUT
))
return
false
;
return
false
;
}
}
...
...
net/netfilter/xt_policy.c
View file @
8bee4bad
...
@@ -6,7 +6,7 @@
...
@@ -6,7 +6,7 @@
* it under the terms of the GNU General Public License version 2 as
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
* published by the Free Software Foundation.
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/kernel.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
...
@@ -133,24 +133,21 @@ static bool policy_mt_check(const struct xt_mtchk_param *par)
...
@@ -133,24 +133,21 @@ static bool policy_mt_check(const struct xt_mtchk_param *par)
const
struct
xt_policy_info
*
info
=
par
->
matchinfo
;
const
struct
xt_policy_info
*
info
=
par
->
matchinfo
;
if
(
!
(
info
->
flags
&
(
XT_POLICY_MATCH_IN
|
XT_POLICY_MATCH_OUT
)))
{
if
(
!
(
info
->
flags
&
(
XT_POLICY_MATCH_IN
|
XT_POLICY_MATCH_OUT
)))
{
printk
(
KERN_ERR
"xt_policy: neither incoming nor "
pr_info
(
"neither incoming nor outgoing policy selected
\n
"
);
"outgoing policy selected
\n
"
);
return
false
;
return
false
;
}
}
if
(
par
->
hook_mask
&
((
1
<<
NF_INET_PRE_ROUTING
)
|
if
(
par
->
hook_mask
&
((
1
<<
NF_INET_PRE_ROUTING
)
|
(
1
<<
NF_INET_LOCAL_IN
))
&&
info
->
flags
&
XT_POLICY_MATCH_OUT
)
{
(
1
<<
NF_INET_LOCAL_IN
))
&&
info
->
flags
&
XT_POLICY_MATCH_OUT
)
{
printk
(
KERN_ERR
"xt_policy: output policy not valid in "
pr_info
(
"output policy not valid in PREROUTING and INPUT
\n
"
);
"PRE_ROUTING and INPUT
\n
"
);
return
false
;
return
false
;
}
}
if
(
par
->
hook_mask
&
((
1
<<
NF_INET_POST_ROUTING
)
|
if
(
par
->
hook_mask
&
((
1
<<
NF_INET_POST_ROUTING
)
|
(
1
<<
NF_INET_LOCAL_OUT
))
&&
info
->
flags
&
XT_POLICY_MATCH_IN
)
{
(
1
<<
NF_INET_LOCAL_OUT
))
&&
info
->
flags
&
XT_POLICY_MATCH_IN
)
{
printk
(
KERN_ERR
"xt_policy: input policy not valid in "
pr_info
(
"input policy not valid in POSTROUTING and OUTPUT
\n
"
);
"POST_ROUTING and OUTPUT
\n
"
);
return
false
;
return
false
;
}
}
if
(
info
->
len
>
XT_POLICY_MAX_ELEM
)
{
if
(
info
->
len
>
XT_POLICY_MAX_ELEM
)
{
pr
intk
(
KERN_ERR
"xt_policy:
too many policy elements
\n
"
);
pr
_info
(
"
too many policy elements
\n
"
);
return
false
;
return
false
;
}
}
return
true
;
return
true
;
...
...
net/netfilter/xt_recent.c
View file @
8bee4bad
...
@@ -12,6 +12,7 @@
...
@@ -12,6 +12,7 @@
* Author: Stephen Frost <sfrost@snowman.net>
* Author: Stephen Frost <sfrost@snowman.net>
* Copyright 2002-2003, Stephen Frost, 2.5.x port by laforge@netfilter.org
* Copyright 2002-2003, Stephen Frost, 2.5.x port by laforge@netfilter.org
*/
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/init.h>
#include <linux/init.h>
#include <linux/ip.h>
#include <linux/ip.h>
#include <linux/ipv6.h>
#include <linux/ipv6.h>
...
@@ -520,7 +521,7 @@ recent_mt_proc_write(struct file *file, const char __user *input,
...
@@ -520,7 +521,7 @@ recent_mt_proc_write(struct file *file, const char __user *input,
add
=
true
;
add
=
true
;
break
;
break
;
default:
default:
pr
intk
(
KERN_INFO
KBUILD_MODNAME
": Need +ip, -ip or /
\n
"
);
pr
_info
(
"Need
\"
+ip
\"
,
\"
-ip
\"
or
\"
/
\"
\n
"
);
return
-
EINVAL
;
return
-
EINVAL
;
}
}
...
@@ -535,8 +536,7 @@ recent_mt_proc_write(struct file *file, const char __user *input,
...
@@ -535,8 +536,7 @@ recent_mt_proc_write(struct file *file, const char __user *input,
}
}
if
(
!
succ
)
{
if
(
!
succ
)
{
printk
(
KERN_INFO
KBUILD_MODNAME
": illegal address written "
pr_info
(
"illegal address written to procfs
\n
"
);
"to procfs
\n
"
);
return
-
EINVAL
;
return
-
EINVAL
;
}
}
...
...
net/netfilter/xt_state.c
View file @
8bee4bad
...
@@ -40,8 +40,8 @@ state_mt(const struct sk_buff *skb, const struct xt_match_param *par)
...
@@ -40,8 +40,8 @@ state_mt(const struct sk_buff *skb, const struct xt_match_param *par)
static
bool
state_mt_check
(
const
struct
xt_mtchk_param
*
par
)
static
bool
state_mt_check
(
const
struct
xt_mtchk_param
*
par
)
{
{
if
(
nf_ct_l3proto_try_module_get
(
par
->
family
)
<
0
)
{
if
(
nf_ct_l3proto_try_module_get
(
par
->
family
)
<
0
)
{
pr
intk
(
KERN_WARNING
"can't load conntrack support for "
pr
_info
(
"cannot load conntrack support for proto=%u
\n
"
,
"proto=%u
\n
"
,
par
->
family
);
par
->
family
);
return
false
;
return
false
;
}
}
return
true
;
return
true
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment