diff options
author | Florian Westphal <fw@strlen.de> | 2018-02-09 09:52:01 -0500 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-02-14 15:05:34 -0500 |
commit | 11f7aee2326f37f9d3abba27bb61d92ec09fbfde (patch) | |
tree | 45493fe9e6f3089541de38e83248e96a2bb3461b | |
parent | 1b6cd67191e16a66f69c9881d878204c3143f03f (diff) |
netfilter: xt_CT: use pr ratelimiting
checkpatch complains about line > 80 but this would require splitting
"literal" over two lines which is worse.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | net/netfilter/xt_CT.c | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c index 5a152e2acfd5..8790190c6feb 100644 --- a/net/netfilter/xt_CT.c +++ b/net/netfilter/xt_CT.c | |||
@@ -82,15 +82,14 @@ xt_ct_set_helper(struct nf_conn *ct, const char *helper_name, | |||
82 | 82 | ||
83 | proto = xt_ct_find_proto(par); | 83 | proto = xt_ct_find_proto(par); |
84 | if (!proto) { | 84 | if (!proto) { |
85 | pr_info("You must specify a L4 protocol, and not use " | 85 | pr_info_ratelimited("You must specify a L4 protocol and not use inversions on it\n"); |
86 | "inversions on it.\n"); | ||
87 | return -ENOENT; | 86 | return -ENOENT; |
88 | } | 87 | } |
89 | 88 | ||
90 | helper = nf_conntrack_helper_try_module_get(helper_name, par->family, | 89 | helper = nf_conntrack_helper_try_module_get(helper_name, par->family, |
91 | proto); | 90 | proto); |
92 | if (helper == NULL) { | 91 | if (helper == NULL) { |
93 | pr_info("No such helper \"%s\"\n", helper_name); | 92 | pr_info_ratelimited("No such helper \"%s\"\n", helper_name); |
94 | return -ENOENT; | 93 | return -ENOENT; |
95 | } | 94 | } |
96 | 95 | ||
@@ -124,6 +123,7 @@ xt_ct_set_timeout(struct nf_conn *ct, const struct xt_tgchk_param *par, | |||
124 | const struct nf_conntrack_l4proto *l4proto; | 123 | const struct nf_conntrack_l4proto *l4proto; |
125 | struct ctnl_timeout *timeout; | 124 | struct ctnl_timeout *timeout; |
126 | struct nf_conn_timeout *timeout_ext; | 125 | struct nf_conn_timeout *timeout_ext; |
126 | const char *errmsg = NULL; | ||
127 | int ret = 0; | 127 | int ret = 0; |
128 | u8 proto; | 128 | u8 proto; |
129 | 129 | ||
@@ -131,29 +131,29 @@ xt_ct_set_timeout(struct nf_conn *ct, const struct xt_tgchk_param *par, | |||
131 | timeout_find_get = rcu_dereference(nf_ct_timeout_find_get_hook); | 131 | timeout_find_get = rcu_dereference(nf_ct_timeout_find_get_hook); |
132 | if (timeout_find_get == NULL) { | 132 | if (timeout_find_get == NULL) { |
133 | ret = -ENOENT; | 133 | ret = -ENOENT; |
134 | pr_info("Timeout policy base is empty\n"); | 134 | errmsg = "Timeout policy base is empty"; |
135 | goto out; | 135 | goto out; |
136 | } | 136 | } |
137 | 137 | ||
138 | proto = xt_ct_find_proto(par); | 138 | proto = xt_ct_find_proto(par); |
139 | if (!proto) { | 139 | if (!proto) { |
140 | ret = -EINVAL; | 140 | ret = -EINVAL; |
141 | pr_info("You must specify a L4 protocol, and not use " | 141 | errmsg = "You must specify a L4 protocol and not use inversions on it"; |
142 | "inversions on it.\n"); | ||
143 | goto out; | 142 | goto out; |
144 | } | 143 | } |
145 | 144 | ||
146 | timeout = timeout_find_get(par->net, timeout_name); | 145 | timeout = timeout_find_get(par->net, timeout_name); |
147 | if (timeout == NULL) { | 146 | if (timeout == NULL) { |
148 | ret = -ENOENT; | 147 | ret = -ENOENT; |
149 | pr_info("No such timeout policy \"%s\"\n", timeout_name); | 148 | pr_info_ratelimited("No such timeout policy \"%s\"\n", |
149 | timeout_name); | ||
150 | goto out; | 150 | goto out; |
151 | } | 151 | } |
152 | 152 | ||
153 | if (timeout->l3num != par->family) { | 153 | if (timeout->l3num != par->family) { |
154 | ret = -EINVAL; | 154 | ret = -EINVAL; |
155 | pr_info("Timeout policy `%s' can only be used by L3 protocol " | 155 | pr_info_ratelimited("Timeout policy `%s' can only be used by L%d protocol number %d\n", |
156 | "number %d\n", timeout_name, timeout->l3num); | 156 | timeout_name, 3, timeout->l3num); |
157 | goto err_put_timeout; | 157 | goto err_put_timeout; |
158 | } | 158 | } |
159 | /* Make sure the timeout policy matches any existing protocol tracker, | 159 | /* Make sure the timeout policy matches any existing protocol tracker, |
@@ -162,9 +162,8 @@ xt_ct_set_timeout(struct nf_conn *ct, const struct xt_tgchk_param *par, | |||
162 | l4proto = __nf_ct_l4proto_find(par->family, proto); | 162 | l4proto = __nf_ct_l4proto_find(par->family, proto); |
163 | if (timeout->l4proto->l4proto != l4proto->l4proto) { | 163 | if (timeout->l4proto->l4proto != l4proto->l4proto) { |
164 | ret = -EINVAL; | 164 | ret = -EINVAL; |
165 | pr_info("Timeout policy `%s' can only be used by L4 protocol " | 165 | pr_info_ratelimited("Timeout policy `%s' can only be used by L%d protocol number %d\n", |
166 | "number %d\n", | 166 | timeout_name, 4, timeout->l4proto->l4proto); |
167 | timeout_name, timeout->l4proto->l4proto); | ||
168 | goto err_put_timeout; | 167 | goto err_put_timeout; |
169 | } | 168 | } |
170 | timeout_ext = nf_ct_timeout_ext_add(ct, timeout, GFP_ATOMIC); | 169 | timeout_ext = nf_ct_timeout_ext_add(ct, timeout, GFP_ATOMIC); |
@@ -180,6 +179,8 @@ err_put_timeout: | |||
180 | __xt_ct_tg_timeout_put(timeout); | 179 | __xt_ct_tg_timeout_put(timeout); |
181 | out: | 180 | out: |
182 | rcu_read_unlock(); | 181 | rcu_read_unlock(); |
182 | if (errmsg) | ||
183 | pr_info_ratelimited("%s\n", errmsg); | ||
183 | return ret; | 184 | return ret; |
184 | #else | 185 | #else |
185 | return -EOPNOTSUPP; | 186 | return -EOPNOTSUPP; |