aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2010-05-13 17:14:10 -0400
committerDavid S. Miller <davem@davemloft.net>2010-05-13 17:14:10 -0400
commite7874c996b8591f59d78efa519031dab5b58723b (patch)
tree14aa8dea0c33de9d22ef8177fb242c9d80d693de /net/ipv4
parent4a6346d4ea63b5e1390babf22f1cc0f113d8082b (diff)
parent736d58e3a2245ac2779fe0f278f8735bcf33ca8d (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/netfilter/arp_tables.c76
-rw-r--r--net/ipv4/netfilter/arpt_mangle.c2
-rw-r--r--net/ipv4/netfilter/ip_queue.c1
-rw-r--r--net/ipv4/netfilter/ip_tables.c137
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c2
-rw-r--r--net/ipv4/netfilter/ipt_ECN.c2
-rw-r--r--net/ipv4/netfilter/ipt_LOG.c2
-rw-r--r--net/ipv4/netfilter/ipt_MASQUERADE.c2
-rw-r--r--net/ipv4/netfilter/ipt_NETMAP.c2
-rw-r--r--net/ipv4/netfilter/ipt_REDIRECT.c2
-rw-r--r--net/ipv4/netfilter/ipt_REJECT.c2
-rw-r--r--net/ipv4/netfilter/ipt_ULOG.c2
-rw-r--r--net/ipv4/netfilter/ipt_addrtype.c4
-rw-r--r--net/ipv4/netfilter/ipt_ah.c4
-rw-r--r--net/ipv4/netfilter/ipt_ecn.c4
-rw-r--r--net/ipv4/netfilter/iptable_filter.c2
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c10
-rw-r--r--net/ipv4/netfilter/nf_nat_h323.c16
-rw-r--r--net/ipv4/netfilter/nf_nat_rule.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_snmp_basic.c16
-rw-r--r--net/ipv4/netfilter/nf_nat_standalone.c4
21 files changed, 130 insertions, 166 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 07a69905939..1ac01b12862 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -49,12 +49,7 @@ MODULE_DESCRIPTION("arptables core");
49#endif 49#endif
50 50
51#ifdef CONFIG_NETFILTER_DEBUG 51#ifdef CONFIG_NETFILTER_DEBUG
52#define ARP_NF_ASSERT(x) \ 52#define ARP_NF_ASSERT(x) WARN_ON(!(x))
53do { \
54 if (!(x)) \
55 printk("ARP_NF_ASSERT: %s:%s:%u\n", \
56 __func__, __FILE__, __LINE__); \
57} while(0)
58#else 53#else
59#define ARP_NF_ASSERT(x) 54#define ARP_NF_ASSERT(x)
60#endif 55#endif
@@ -224,10 +219,10 @@ static inline int arp_checkentry(const struct arpt_arp *arp)
224} 219}
225 220
226static unsigned int 221static unsigned int
227arpt_error(struct sk_buff *skb, const struct xt_target_param *par) 222arpt_error(struct sk_buff *skb, const struct xt_action_param *par)
228{ 223{
229 if (net_ratelimit()) 224 if (net_ratelimit())
230 printk("arp_tables: error: '%s'\n", 225 pr_err("arp_tables: error: '%s'\n",
231 (const char *)par->targinfo); 226 (const char *)par->targinfo);
232 227
233 return NF_DROP; 228 return NF_DROP;
@@ -260,12 +255,11 @@ unsigned int arpt_do_table(struct sk_buff *skb,
260 static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); 255 static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));
261 unsigned int verdict = NF_DROP; 256 unsigned int verdict = NF_DROP;
262 const struct arphdr *arp; 257 const struct arphdr *arp;
263 bool hotdrop = false;
264 struct arpt_entry *e, *back; 258 struct arpt_entry *e, *back;
265 const char *indev, *outdev; 259 const char *indev, *outdev;
266 void *table_base; 260 void *table_base;
267 const struct xt_table_info *private; 261 const struct xt_table_info *private;
268 struct xt_target_param tgpar; 262 struct xt_action_param acpar;
269 263
270 if (!pskb_may_pull(skb, arp_hdr_len(skb->dev))) 264 if (!pskb_may_pull(skb, arp_hdr_len(skb->dev)))
271 return NF_DROP; 265 return NF_DROP;
@@ -280,10 +274,11 @@ unsigned int arpt_do_table(struct sk_buff *skb,
280 e = get_entry(table_base, private->hook_entry[hook]); 274 e = get_entry(table_base, private->hook_entry[hook]);
281 back = get_entry(table_base, private->underflow[hook]); 275 back = get_entry(table_base, private->underflow[hook]);
282 276
283 tgpar.in = in; 277 acpar.in = in;
284 tgpar.out = out; 278 acpar.out = out;
285 tgpar.hooknum = hook; 279 acpar.hooknum = hook;
286 tgpar.family = NFPROTO_ARP; 280 acpar.family = NFPROTO_ARP;
281 acpar.hotdrop = false;
287 282
288 arp = arp_hdr(skb); 283 arp = arp_hdr(skb);
289 do { 284 do {
@@ -333,9 +328,9 @@ unsigned int arpt_do_table(struct sk_buff *skb,
333 /* Targets which reenter must return 328 /* Targets which reenter must return
334 * abs. verdicts 329 * abs. verdicts
335 */ 330 */
336 tgpar.target = t->u.kernel.target; 331 acpar.target = t->u.kernel.target;
337 tgpar.targinfo = t->data; 332 acpar.targinfo = t->data;
338 verdict = t->u.kernel.target->target(skb, &tgpar); 333 verdict = t->u.kernel.target->target(skb, &acpar);
339 334
340 /* Target might have changed stuff. */ 335 /* Target might have changed stuff. */
341 arp = arp_hdr(skb); 336 arp = arp_hdr(skb);
@@ -345,10 +340,10 @@ unsigned int arpt_do_table(struct sk_buff *skb,
345 else 340 else
346 /* Verdict */ 341 /* Verdict */
347 break; 342 break;
348 } while (!hotdrop); 343 } while (!acpar.hotdrop);
349 xt_info_rdunlock_bh(); 344 xt_info_rdunlock_bh();
350 345
351 if (hotdrop) 346 if (acpar.hotdrop)
352 return NF_DROP; 347 return NF_DROP;
353 else 348 else
354 return verdict; 349 return verdict;
@@ -390,7 +385,7 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
390 int visited = e->comefrom & (1 << hook); 385 int visited = e->comefrom & (1 << hook);
391 386
392 if (e->comefrom & (1 << NF_ARP_NUMHOOKS)) { 387 if (e->comefrom & (1 << NF_ARP_NUMHOOKS)) {
393 printk("arptables: loop hook %u pos %u %08X.\n", 388 pr_notice("arptables: loop hook %u pos %u %08X.\n",
394 hook, pos, e->comefrom); 389 hook, pos, e->comefrom);
395 return 0; 390 return 0;
396 } 391 }
@@ -1828,22 +1823,23 @@ void arpt_unregister_table(struct xt_table *table)
1828} 1823}
1829 1824
1830/* The built-in targets: standard (NULL) and error. */ 1825/* The built-in targets: standard (NULL) and error. */
1831static struct xt_target arpt_standard_target __read_mostly = { 1826static struct xt_target arpt_builtin_tg[] __read_mostly = {
1832 .name = ARPT_STANDARD_TARGET, 1827 {
1833 .targetsize = sizeof(int), 1828 .name = ARPT_STANDARD_TARGET,
1834 .family = NFPROTO_ARP, 1829 .targetsize = sizeof(int),
1830 .family = NFPROTO_ARP,
1835#ifdef CONFIG_COMPAT 1831#ifdef CONFIG_COMPAT
1836 .compatsize = sizeof(compat_int_t), 1832 .compatsize = sizeof(compat_int_t),
1837 .compat_from_user = compat_standard_from_user, 1833 .compat_from_user = compat_standard_from_user,
1838 .compat_to_user = compat_standard_to_user, 1834 .compat_to_user = compat_standard_to_user,
1839#endif 1835#endif
1840}; 1836 },
1841 1837 {
1842static struct xt_target arpt_error_target __read_mostly = { 1838 .name = ARPT_ERROR_TARGET,
1843 .name = ARPT_ERROR_TARGET, 1839 .target = arpt_error,
1844 .target = arpt_error, 1840 .targetsize = ARPT_FUNCTION_MAXNAMELEN,
1845 .targetsize = ARPT_FUNCTION_MAXNAMELEN, 1841 .family = NFPROTO_ARP,
1846 .family = NFPROTO_ARP, 1842 },
1847}; 1843};
1848 1844
1849static struct nf_sockopt_ops arpt_sockopts = { 1845static struct nf_sockopt_ops arpt_sockopts = {
@@ -1887,12 +1883,9 @@ static int __init arp_tables_init(void)
1887 goto err1; 1883 goto err1;
1888 1884
1889 /* Noone else will be downing sem now, so we won't sleep */ 1885 /* Noone else will be downing sem now, so we won't sleep */
1890 ret = xt_register_target(&arpt_standard_target); 1886 ret = xt_register_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
1891 if (ret < 0) 1887 if (ret < 0)
1892 goto err2; 1888 goto err2;
1893 ret = xt_register_target(&arpt_error_target);
1894 if (ret < 0)
1895 goto err3;
1896 1889
1897 /* Register setsockopt */ 1890 /* Register setsockopt */
1898 ret = nf_register_sockopt(&arpt_sockopts); 1891 ret = nf_register_sockopt(&arpt_sockopts);
@@ -1903,9 +1896,7 @@ static int __init arp_tables_init(void)
1903 return 0; 1896 return 0;
1904 1897
1905err4: 1898err4:
1906 xt_unregister_target(&arpt_error_target); 1899 xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
1907err3:
1908 xt_unregister_target(&arpt_standard_target);
1909err2: 1900err2:
1910 unregister_pernet_subsys(&arp_tables_net_ops); 1901 unregister_pernet_subsys(&arp_tables_net_ops);
1911err1: 1902err1:
@@ -1915,8 +1906,7 @@ err1:
1915static void __exit arp_tables_fini(void) 1906static void __exit arp_tables_fini(void)
1916{ 1907{
1917 nf_unregister_sockopt(&arpt_sockopts); 1908 nf_unregister_sockopt(&arpt_sockopts);
1918 xt_unregister_target(&arpt_error_target); 1909 xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
1919 xt_unregister_target(&arpt_standard_target);
1920 unregister_pernet_subsys(&arp_tables_net_ops); 1910 unregister_pernet_subsys(&arp_tables_net_ops);
1921} 1911}
1922 1912
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c
index 4b51a027f30..e1be7dd1171 100644
--- a/net/ipv4/netfilter/arpt_mangle.c
+++ b/net/ipv4/netfilter/arpt_mangle.c
@@ -9,7 +9,7 @@ MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>");
9MODULE_DESCRIPTION("arptables arp payload mangle target"); 9MODULE_DESCRIPTION("arptables arp payload mangle target");
10 10
11static unsigned int 11static unsigned int
12target(struct sk_buff *skb, const struct xt_target_param *par) 12target(struct sk_buff *skb, const struct xt_action_param *par)
13{ 13{
14 const struct arpt_mangle *mangle = par->targinfo; 14 const struct arpt_mangle *mangle = par->targinfo;
15 const struct arphdr *arp; 15 const struct arphdr *arp;
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index c838238104f..a4e5fc5df4b 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -461,7 +461,6 @@ __ipq_rcv_skb(struct sk_buff *skb)
461 461
462 if (flags & NLM_F_ACK) 462 if (flags & NLM_F_ACK)
463 netlink_ack(skb, nlh, 0); 463 netlink_ack(skb, nlh, 0);
464 return;
465} 464}
466 465
467static void 466static void
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 3e6af1036fb..63958f3394a 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -51,12 +51,7 @@ MODULE_DESCRIPTION("IPv4 packet filter");
51#endif 51#endif
52 52
53#ifdef CONFIG_NETFILTER_DEBUG 53#ifdef CONFIG_NETFILTER_DEBUG
54#define IP_NF_ASSERT(x) \ 54#define IP_NF_ASSERT(x) WARN_ON(!(x))
55do { \
56 if (!(x)) \
57 printk("IP_NF_ASSERT: %s:%s:%u\n", \
58 __func__, __FILE__, __LINE__); \
59} while(0)
60#else 55#else
61#define IP_NF_ASSERT(x) 56#define IP_NF_ASSERT(x)
62#endif 57#endif
@@ -165,7 +160,7 @@ ip_checkentry(const struct ipt_ip *ip)
165} 160}
166 161
167static unsigned int 162static unsigned int
168ipt_error(struct sk_buff *skb, const struct xt_target_param *par) 163ipt_error(struct sk_buff *skb, const struct xt_action_param *par)
169{ 164{
170 if (net_ratelimit()) 165 if (net_ratelimit())
171 pr_info("error: `%s'\n", (const char *)par->targinfo); 166 pr_info("error: `%s'\n", (const char *)par->targinfo);
@@ -173,21 +168,6 @@ ipt_error(struct sk_buff *skb, const struct xt_target_param *par)
173 return NF_DROP; 168 return NF_DROP;
174} 169}
175 170
176/* Performance critical - called for every packet */
177static inline bool
178do_match(const struct ipt_entry_match *m, const struct sk_buff *skb,
179 struct xt_match_param *par)
180{
181 par->match = m->u.kernel.match;
182 par->matchinfo = m->data;
183
184 /* Stop iteration if it doesn't match */
185 if (!m->u.kernel.match->match(skb, par))
186 return true;
187 else
188 return false;
189}
190
191/* Performance critical */ 171/* Performance critical */
192static inline struct ipt_entry * 172static inline struct ipt_entry *
193get_entry(const void *base, unsigned int offset) 173get_entry(const void *base, unsigned int offset)
@@ -323,7 +303,6 @@ ipt_do_table(struct sk_buff *skb,
323{ 303{
324 static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); 304 static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));
325 const struct iphdr *ip; 305 const struct iphdr *ip;
326 bool hotdrop = false;
327 /* Initializing verdict to NF_DROP keeps gcc happy. */ 306 /* Initializing verdict to NF_DROP keeps gcc happy. */
328 unsigned int verdict = NF_DROP; 307 unsigned int verdict = NF_DROP;
329 const char *indev, *outdev; 308 const char *indev, *outdev;
@@ -331,8 +310,7 @@ ipt_do_table(struct sk_buff *skb,
331 struct ipt_entry *e, **jumpstack; 310 struct ipt_entry *e, **jumpstack;
332 unsigned int *stackptr, origptr, cpu; 311 unsigned int *stackptr, origptr, cpu;
333 const struct xt_table_info *private; 312 const struct xt_table_info *private;
334 struct xt_match_param mtpar; 313 struct xt_action_param acpar;
335 struct xt_target_param tgpar;
336 314
337 /* Initialization */ 315 /* Initialization */
338 ip = ip_hdr(skb); 316 ip = ip_hdr(skb);
@@ -344,13 +322,13 @@ ipt_do_table(struct sk_buff *skb,
344 * things we don't know, ie. tcp syn flag or ports). If the 322 * things we don't know, ie. tcp syn flag or ports). If the
345 * rule is also a fragment-specific rule, non-fragments won't 323 * rule is also a fragment-specific rule, non-fragments won't
346 * match it. */ 324 * match it. */
347 mtpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET; 325 acpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET;
348 mtpar.thoff = ip_hdrlen(skb); 326 acpar.thoff = ip_hdrlen(skb);
349 mtpar.hotdrop = &hotdrop; 327 acpar.hotdrop = false;
350 mtpar.in = tgpar.in = in; 328 acpar.in = in;
351 mtpar.out = tgpar.out = out; 329 acpar.out = out;
352 mtpar.family = tgpar.family = NFPROTO_IPV4; 330 acpar.family = NFPROTO_IPV4;
353 mtpar.hooknum = tgpar.hooknum = hook; 331 acpar.hooknum = hook;
354 332
355 IP_NF_ASSERT(table->valid_hooks & (1 << hook)); 333 IP_NF_ASSERT(table->valid_hooks & (1 << hook));
356 xt_info_rdlock_bh(); 334 xt_info_rdlock_bh();
@@ -373,15 +351,18 @@ ipt_do_table(struct sk_buff *skb,
373 351
374 IP_NF_ASSERT(e); 352 IP_NF_ASSERT(e);
375 if (!ip_packet_match(ip, indev, outdev, 353 if (!ip_packet_match(ip, indev, outdev,
376 &e->ip, mtpar.fragoff)) { 354 &e->ip, acpar.fragoff)) {
377 no_match: 355 no_match:
378 e = ipt_next_entry(e); 356 e = ipt_next_entry(e);
379 continue; 357 continue;
380 } 358 }
381 359
382 xt_ematch_foreach(ematch, e) 360 xt_ematch_foreach(ematch, e) {
383 if (do_match(ematch, skb, &mtpar) != 0) 361 acpar.match = ematch->u.kernel.match;
362 acpar.matchinfo = ematch->data;
363 if (!acpar.match->match(skb, &acpar))
384 goto no_match; 364 goto no_match;
365 }
385 366
386 ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1); 367 ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1);
387 368
@@ -434,11 +415,10 @@ ipt_do_table(struct sk_buff *skb,
434 continue; 415 continue;
435 } 416 }
436 417
437 tgpar.target = t->u.kernel.target; 418 acpar.target = t->u.kernel.target;
438 tgpar.targinfo = t->data; 419 acpar.targinfo = t->data;
439
440 420
441 verdict = t->u.kernel.target->target(skb, &tgpar); 421 verdict = t->u.kernel.target->target(skb, &acpar);
442 /* Target might have changed stuff. */ 422 /* Target might have changed stuff. */
443 ip = ip_hdr(skb); 423 ip = ip_hdr(skb);
444 if (verdict == IPT_CONTINUE) 424 if (verdict == IPT_CONTINUE)
@@ -446,7 +426,7 @@ ipt_do_table(struct sk_buff *skb,
446 else 426 else
447 /* Verdict */ 427 /* Verdict */
448 break; 428 break;
449 } while (!hotdrop); 429 } while (!acpar.hotdrop);
450 xt_info_rdunlock_bh(); 430 xt_info_rdunlock_bh();
451 pr_debug("Exiting %s; resetting sp from %u to %u\n", 431 pr_debug("Exiting %s; resetting sp from %u to %u\n",
452 __func__, *stackptr, origptr); 432 __func__, *stackptr, origptr);
@@ -454,7 +434,7 @@ ipt_do_table(struct sk_buff *skb,
454#ifdef DEBUG_ALLOW_ALL 434#ifdef DEBUG_ALLOW_ALL
455 return NF_ACCEPT; 435 return NF_ACCEPT;
456#else 436#else
457 if (hotdrop) 437 if (acpar.hotdrop)
458 return NF_DROP; 438 return NF_DROP;
459 else return verdict; 439 else return verdict;
460#endif 440#endif
@@ -486,7 +466,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
486 int visited = e->comefrom & (1 << hook); 466 int visited = e->comefrom & (1 << hook);
487 467
488 if (e->comefrom & (1 << NF_INET_NUMHOOKS)) { 468 if (e->comefrom & (1 << NF_INET_NUMHOOKS)) {
489 printk("iptables: loop hook %u pos %u %08X.\n", 469 pr_err("iptables: loop hook %u pos %u %08X.\n",
490 hook, pos, e->comefrom); 470 hook, pos, e->comefrom);
491 return 0; 471 return 0;
492 } 472 }
@@ -591,7 +571,7 @@ check_entry(const struct ipt_entry *e, const char *name)
591 const struct ipt_entry_target *t; 571 const struct ipt_entry_target *t;
592 572
593 if (!ip_checkentry(&e->ip)) { 573 if (!ip_checkentry(&e->ip)) {
594 duprintf("ip check failed %p %s.\n", e, name); 574 duprintf("ip check failed %p %s.\n", e, par->match->name);
595 return -EINVAL; 575 return -EINVAL;
596 } 576 }
597 577
@@ -618,7 +598,7 @@ check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par)
618 ret = xt_check_match(par, m->u.match_size - sizeof(*m), 598 ret = xt_check_match(par, m->u.match_size - sizeof(*m),
619 ip->proto, ip->invflags & IPT_INV_PROTO); 599 ip->proto, ip->invflags & IPT_INV_PROTO);
620 if (ret < 0) { 600 if (ret < 0) {
621 duprintf("check failed for `%s'.\n", par.match->name); 601 duprintf("check failed for `%s'.\n", par->match->name);
622 return ret; 602 return ret;
623 } 603 }
624 return 0; 604 return 0;
@@ -2152,7 +2132,7 @@ icmp_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code,
2152} 2132}
2153 2133
2154static bool 2134static bool
2155icmp_match(const struct sk_buff *skb, const struct xt_match_param *par) 2135icmp_match(const struct sk_buff *skb, struct xt_action_param *par)
2156{ 2136{
2157 const struct icmphdr *ic; 2137 const struct icmphdr *ic;
2158 struct icmphdr _icmph; 2138 struct icmphdr _icmph;
@@ -2168,7 +2148,7 @@ icmp_match(const struct sk_buff *skb, const struct xt_match_param *par)
2168 * can't. Hence, no choice but to drop. 2148 * can't. Hence, no choice but to drop.
2169 */ 2149 */
2170 duprintf("Dropping evil ICMP tinygram.\n"); 2150 duprintf("Dropping evil ICMP tinygram.\n");
2171 *par->hotdrop = true; 2151 par->hotdrop = true;
2172 return false; 2152 return false;
2173 } 2153 }
2174 2154
@@ -2187,23 +2167,23 @@ static int icmp_checkentry(const struct xt_mtchk_param *par)
2187 return (icmpinfo->invflags & ~IPT_ICMP_INV) ? -EINVAL : 0; 2167 return (icmpinfo->invflags & ~IPT_ICMP_INV) ? -EINVAL : 0;
2188} 2168}
2189 2169
2190/* The built-in targets: standard (NULL) and error. */ 2170static struct xt_target ipt_builtin_tg[] __read_mostly = {
2191static struct xt_target ipt_standard_target __read_mostly = { 2171 {
2192 .name = IPT_STANDARD_TARGET, 2172 .name = IPT_STANDARD_TARGET,
2193 .targetsize = sizeof(int), 2173 .targetsize = sizeof(int),
2194 .family = NFPROTO_IPV4, 2174 .family = NFPROTO_IPV4,
2195#ifdef CONFIG_COMPAT 2175#ifdef CONFIG_COMPAT
2196 .compatsize = sizeof(compat_int_t), 2176 .compatsize = sizeof(compat_int_t),
2197 .compat_from_user = compat_standard_from_user, 2177 .compat_from_user = compat_standard_from_user,
2198 .compat_to_user = compat_standard_to_user, 2178 .compat_to_user = compat_standard_to_user,
2199#endif 2179#endif
2200}; 2180 },
2201 2181 {
2202static struct xt_target ipt_error_target __read_mostly = { 2182 .name = IPT_ERROR_TARGET,
2203 .name = IPT_ERROR_TARGET, 2183 .target = ipt_error,
2204 .target = ipt_error, 2184 .targetsize = IPT_FUNCTION_MAXNAMELEN,
2205 .targetsize = IPT_FUNCTION_MAXNAMELEN, 2185 .family = NFPROTO_IPV4,
2206 .family = NFPROTO_IPV4, 2186 },
2207}; 2187};
2208 2188
2209static struct nf_sockopt_ops ipt_sockopts = { 2189static struct nf_sockopt_ops ipt_sockopts = {
@@ -2223,13 +2203,15 @@ static struct nf_sockopt_ops ipt_sockopts = {
2223 .owner = THIS_MODULE, 2203 .owner = THIS_MODULE,
2224}; 2204};
2225 2205
2226static struct xt_match icmp_matchstruct __read_mostly = { 2206static struct xt_match ipt_builtin_mt[] __read_mostly = {
2227 .name = "icmp", 2207 {
2228 .match = icmp_match, 2208 .name = "icmp",
2229 .matchsize = sizeof(struct ipt_icmp), 2209 .match = icmp_match,
2230 .checkentry = icmp_checkentry, 2210 .matchsize = sizeof(struct ipt_icmp),
2231 .proto = IPPROTO_ICMP, 2211 .checkentry = icmp_checkentry,
2232 .family = NFPROTO_IPV4, 2212 .proto = IPPROTO_ICMP,
2213 .family = NFPROTO_IPV4,
2214 },
2233}; 2215};
2234 2216
2235static int __net_init ip_tables_net_init(struct net *net) 2217static int __net_init ip_tables_net_init(struct net *net)
@@ -2256,13 +2238,10 @@ static int __init ip_tables_init(void)
2256 goto err1; 2238 goto err1;
2257 2239
2258 /* Noone else will be downing sem now, so we won't sleep */ 2240 /* Noone else will be downing sem now, so we won't sleep */
2259 ret = xt_register_target(&ipt_standard_target); 2241 ret = xt_register_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg));
2260 if (ret < 0) 2242 if (ret < 0)
2261 goto err2; 2243 goto err2;
2262 ret = xt_register_target(&ipt_error_target); 2244 ret = xt_register_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt));
2263 if (ret < 0)
2264 goto err3;
2265 ret = xt_register_match(&icmp_matchstruct);
2266 if (ret < 0) 2245 if (ret < 0)
2267 goto err4; 2246 goto err4;
2268 2247
@@ -2275,11 +2254,9 @@ static int __init ip_tables_init(void)
2275 return 0; 2254 return 0;
2276 2255
2277err5: 2256err5:
2278 xt_unregister_match(&icmp_matchstruct); 2257 xt_unregister_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt));
2279err4: 2258err4:
2280 xt_unregister_target(&ipt_error_target); 2259 xt_unregister_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg));
2281err3:
2282 xt_unregister_target(&ipt_standard_target);
2283err2: 2260err2:
2284 unregister_pernet_subsys(&ip_tables_net_ops); 2261 unregister_pernet_subsys(&ip_tables_net_ops);
2285err1: 2262err1:
@@ -2290,10 +2267,8 @@ static void __exit ip_tables_fini(void)
2290{ 2267{
2291 nf_unregister_sockopt(&ipt_sockopts); 2268 nf_unregister_sockopt(&ipt_sockopts);
2292 2269
2293 xt_unregister_match(&icmp_matchstruct); 2270 xt_unregister_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt));
2294 xt_unregister_target(&ipt_error_target); 2271 xt_unregister_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg));
2295 xt_unregister_target(&ipt_standard_target);
2296
2297 unregister_pernet_subsys(&ip_tables_net_ops); 2272 unregister_pernet_subsys(&ip_tables_net_ops);
2298} 2273}
2299 2274
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 8815d458de4..f91c94b9a79 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -282,7 +282,7 @@ clusterip_responsible(const struct clusterip_config *config, u_int32_t hash)
282 ***********************************************************************/ 282 ***********************************************************************/
283 283
284static unsigned int 284static unsigned int
285clusterip_tg(struct sk_buff *skb, const struct xt_target_param *par) 285clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par)
286{ 286{
287 const struct ipt_clusterip_tgt_info *cipinfo = par->targinfo; 287 const struct ipt_clusterip_tgt_info *cipinfo = par->targinfo;
288 struct nf_conn *ct; 288 struct nf_conn *ct;
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index 563049f31ae..4bf3dc49ad1 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -77,7 +77,7 @@ set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
77} 77}
78 78
79static unsigned int 79static unsigned int
80ecn_tg(struct sk_buff *skb, const struct xt_target_param *par) 80ecn_tg(struct sk_buff *skb, const struct xt_action_param *par)
81{ 81{
82 const struct ipt_ECN_info *einfo = par->targinfo; 82 const struct ipt_ECN_info *einfo = par->targinfo;
83 83
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index 3bd35f37081..5234f4f3499 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -425,7 +425,7 @@ ipt_log_packet(u_int8_t pf,
425} 425}
426 426
427static unsigned int 427static unsigned int
428log_tg(struct sk_buff *skb, const struct xt_target_param *par) 428log_tg(struct sk_buff *skb, const struct xt_action_param *par)
429{ 429{
430 const struct ipt_log_info *loginfo = par->targinfo; 430 const struct ipt_log_info *loginfo = par->targinfo;
431 struct nf_loginfo li; 431 struct nf_loginfo li;
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 02b1bc47799..d2ed9dc74eb 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -44,7 +44,7 @@ static int masquerade_tg_check(const struct xt_tgchk_param *par)
44} 44}
45 45
46static unsigned int 46static unsigned int
47masquerade_tg(struct sk_buff *skb, const struct xt_target_param *par) 47masquerade_tg(struct sk_buff *skb, const struct xt_action_param *par)
48{ 48{
49 struct nf_conn *ct; 49 struct nf_conn *ct;
50 struct nf_conn_nat *nat; 50 struct nf_conn_nat *nat;
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index 708c7f8f7ee..f43867d1697 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -38,7 +38,7 @@ static int netmap_tg_check(const struct xt_tgchk_param *par)
38} 38}
39 39
40static unsigned int 40static unsigned int
41netmap_tg(struct sk_buff *skb, const struct xt_target_param *par) 41netmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
42{ 42{
43 struct nf_conn *ct; 43 struct nf_conn *ct;
44 enum ip_conntrack_info ctinfo; 44 enum ip_conntrack_info ctinfo;
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index 3cf10191652..18a0656505a 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -42,7 +42,7 @@ static int redirect_tg_check(const struct xt_tgchk_param *par)
42} 42}
43 43
44static unsigned int 44static unsigned int
45redirect_tg(struct sk_buff *skb, const struct xt_target_param *par) 45redirect_tg(struct sk_buff *skb, const struct xt_action_param *par)
46{ 46{
47 struct nf_conn *ct; 47 struct nf_conn *ct;
48 enum ip_conntrack_info ctinfo; 48 enum ip_conntrack_info ctinfo;
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index a86135a2805..f5f4a888e4e 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -136,7 +136,7 @@ static inline void send_unreach(struct sk_buff *skb_in, int code)
136} 136}
137 137
138static unsigned int 138static unsigned int
139reject_tg(struct sk_buff *skb, const struct xt_target_param *par) 139reject_tg(struct sk_buff *skb, const struct xt_action_param *par)
140{ 140{
141 const struct ipt_reject_info *reject = par->targinfo; 141 const struct ipt_reject_info *reject = par->targinfo;
142 142
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index 8f60749e87a..446e0f467a1 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -276,7 +276,7 @@ alloc_failure:
276} 276}
277 277
278static unsigned int 278static unsigned int
279ulog_tg(struct sk_buff *skb, const struct xt_target_param *par) 279ulog_tg(struct sk_buff *skb, const struct xt_action_param *par)
280{ 280{
281 ipt_ulog_packet(par->hooknum, skb, par->in, par->out, 281 ipt_ulog_packet(par->hooknum, skb, par->in, par->out,
282 par->targinfo, NULL); 282 par->targinfo, NULL);
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c
index e4b8f2bf8aa..db8bff0fb86 100644
--- a/net/ipv4/netfilter/ipt_addrtype.c
+++ b/net/ipv4/netfilter/ipt_addrtype.c
@@ -30,7 +30,7 @@ static inline bool match_type(struct net *net, const struct net_device *dev,
30} 30}
31 31
32static bool 32static bool
33addrtype_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par) 33addrtype_mt_v0(const struct sk_buff *skb, struct xt_action_param *par)
34{ 34{
35 struct net *net = dev_net(par->in ? par->in : par->out); 35 struct net *net = dev_net(par->in ? par->in : par->out);
36 const struct ipt_addrtype_info *info = par->matchinfo; 36 const struct ipt_addrtype_info *info = par->matchinfo;
@@ -48,7 +48,7 @@ addrtype_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par)
48} 48}
49 49
50static bool 50static bool
51addrtype_mt_v1(const struct sk_buff *skb, const struct xt_match_param *par) 51addrtype_mt_v1(const struct sk_buff *skb, struct xt_action_param *par)
52{ 52{
53 struct net *net = dev_net(par->in ? par->in : par->out); 53 struct net *net = dev_net(par->in ? par->in : par->out);
54 const struct ipt_addrtype_info_v1 *info = par->matchinfo; 54 const struct ipt_addrtype_info_v1 *info = par->matchinfo;
diff --git a/net/ipv4/netfilter/ipt_ah.c b/net/ipv4/netfilter/ipt_ah.c
index 9f981020489..14a2aa8b8a1 100644
--- a/net/ipv4/netfilter/ipt_ah.c
+++ b/net/ipv4/netfilter/ipt_ah.c
@@ -30,7 +30,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
30 return r; 30 return r;
31} 31}
32 32
33static bool ah_mt(const struct sk_buff *skb, const struct xt_match_param *par) 33static bool ah_mt(const struct sk_buff *skb, struct xt_action_param *par)
34{ 34{
35 struct ip_auth_hdr _ahdr; 35 struct ip_auth_hdr _ahdr;
36 const struct ip_auth_hdr *ah; 36 const struct ip_auth_hdr *ah;
@@ -46,7 +46,7 @@ static bool ah_mt(const struct sk_buff *skb, const struct xt_match_param *par)
46 * can't. Hence, no choice but to drop. 46 * can't. Hence, no choice but to drop.
47 */ 47 */
48 pr_debug("Dropping evil AH tinygram.\n"); 48 pr_debug("Dropping evil AH tinygram.\n");
49 *par->hotdrop = true; 49 par->hotdrop = true;
50 return 0; 50 return 0;
51 } 51 }
52 52
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c
index 32e24100d8d..af6e9c77834 100644
--- a/net/ipv4/netfilter/ipt_ecn.c
+++ b/net/ipv4/netfilter/ipt_ecn.c
@@ -67,7 +67,7 @@ static inline bool match_tcp(const struct sk_buff *skb,
67 return true; 67 return true;
68} 68}
69 69
70static bool ecn_mt(const struct sk_buff *skb, const struct xt_match_param *par) 70static bool ecn_mt(const struct sk_buff *skb, struct xt_action_param *par)
71{ 71{
72 const struct ipt_ecn_info *info = par->matchinfo; 72 const struct ipt_ecn_info *info = par->matchinfo;
73 73
@@ -78,7 +78,7 @@ static bool ecn_mt(const struct sk_buff *skb, const struct xt_match_param *par)
78 if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) { 78 if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) {
79 if (ip_hdr(skb)->protocol != IPPROTO_TCP) 79 if (ip_hdr(skb)->protocol != IPPROTO_TCP)
80 return false; 80 return false;
81 if (!match_tcp(skb, info, par->hotdrop)) 81 if (!match_tcp(skb, info, &par->hotdrop))
82 return false; 82 return false;
83 } 83 }
84 84
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index 55392466daa..c37641e819f 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -89,7 +89,7 @@ static int __init iptable_filter_init(void)
89 int ret; 89 int ret;
90 90
91 if (forward < 0 || forward > NF_MAX_VERDICT) { 91 if (forward < 0 || forward > NF_MAX_VERDICT) {
92 printk("iptables forward must be 0 or 1\n"); 92 pr_err("iptables forward must be 0 or 1\n");
93 return -EINVAL; 93 return -EINVAL;
94 } 94 }
95 95
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 2bb1f87051c..5a03c02af99 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -382,32 +382,32 @@ static int __init nf_conntrack_l3proto_ipv4_init(void)
382 382
383 ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_tcp4); 383 ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_tcp4);
384 if (ret < 0) { 384 if (ret < 0) {
385 printk("nf_conntrack_ipv4: can't register tcp.\n"); 385 pr_err("nf_conntrack_ipv4: can't register tcp.\n");
386 goto cleanup_sockopt; 386 goto cleanup_sockopt;
387 } 387 }
388 388
389 ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_udp4); 389 ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_udp4);
390 if (ret < 0) { 390 if (ret < 0) {
391 printk("nf_conntrack_ipv4: can't register udp.\n"); 391 pr_err("nf_conntrack_ipv4: can't register udp.\n");
392 goto cleanup_tcp; 392 goto cleanup_tcp;
393 } 393 }
394 394
395 ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_icmp); 395 ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_icmp);
396 if (ret < 0) { 396 if (ret < 0) {
397 printk("nf_conntrack_ipv4: can't register icmp.\n"); 397 pr_err("nf_conntrack_ipv4: can't register icmp.\n");
398 goto cleanup_udp; 398 goto cleanup_udp;
399 } 399 }
400 400
401 ret = nf_conntrack_l3proto_register(&nf_conntrack_l3proto_ipv4); 401 ret = nf_conntrack_l3proto_register(&nf_conntrack_l3proto_ipv4);
402 if (ret < 0) { 402 if (ret < 0) {
403 printk("nf_conntrack_ipv4: can't register ipv4\n"); 403 pr_err("nf_conntrack_ipv4: can't register ipv4\n");
404 goto cleanup_icmp; 404 goto cleanup_icmp;
405 } 405 }
406 406
407 ret = nf_register_hooks(ipv4_conntrack_ops, 407 ret = nf_register_hooks(ipv4_conntrack_ops,
408 ARRAY_SIZE(ipv4_conntrack_ops)); 408 ARRAY_SIZE(ipv4_conntrack_ops));
409 if (ret < 0) { 409 if (ret < 0) {
410 printk("nf_conntrack_ipv4: can't register hooks.\n"); 410 pr_err("nf_conntrack_ipv4: can't register hooks.\n");
411 goto cleanup_ipv4; 411 goto cleanup_ipv4;
412 } 412 }
413#if defined(CONFIG_PROC_FS) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) 413#if defined(CONFIG_PROC_FS) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
index d4c061874f8..5045196d853 100644
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
@@ -43,7 +43,7 @@ static int set_addr(struct sk_buff *skb,
43 addroff, sizeof(buf), 43 addroff, sizeof(buf),
44 (char *) &buf, sizeof(buf))) { 44 (char *) &buf, sizeof(buf))) {
45 if (net_ratelimit()) 45 if (net_ratelimit())
46 printk("nf_nat_h323: nf_nat_mangle_tcp_packet" 46 pr_notice("nf_nat_h323: nf_nat_mangle_tcp_packet"
47 " error\n"); 47 " error\n");
48 return -1; 48 return -1;
49 } 49 }
@@ -59,7 +59,7 @@ static int set_addr(struct sk_buff *skb,
59 addroff, sizeof(buf), 59 addroff, sizeof(buf),
60 (char *) &buf, sizeof(buf))) { 60 (char *) &buf, sizeof(buf))) {
61 if (net_ratelimit()) 61 if (net_ratelimit())
62 printk("nf_nat_h323: nf_nat_mangle_udp_packet" 62 pr_notice("nf_nat_h323: nf_nat_mangle_udp_packet"
63 " error\n"); 63 " error\n");
64 return -1; 64 return -1;
65 } 65 }
@@ -215,7 +215,7 @@ static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
215 /* Run out of expectations */ 215 /* Run out of expectations */
216 if (i >= H323_RTP_CHANNEL_MAX) { 216 if (i >= H323_RTP_CHANNEL_MAX) {
217 if (net_ratelimit()) 217 if (net_ratelimit())
218 printk("nf_nat_h323: out of expectations\n"); 218 pr_notice("nf_nat_h323: out of expectations\n");
219 return 0; 219 return 0;
220 } 220 }
221 221
@@ -234,7 +234,7 @@ static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
234 234
235 if (nated_port == 0) { /* No port available */ 235 if (nated_port == 0) { /* No port available */
236 if (net_ratelimit()) 236 if (net_ratelimit())
237 printk("nf_nat_h323: out of RTP ports\n"); 237 pr_notice("nf_nat_h323: out of RTP ports\n");
238 return 0; 238 return 0;
239 } 239 }
240 240
@@ -291,7 +291,7 @@ static int nat_t120(struct sk_buff *skb, struct nf_conn *ct,
291 291
292 if (nated_port == 0) { /* No port available */ 292 if (nated_port == 0) { /* No port available */
293 if (net_ratelimit()) 293 if (net_ratelimit())
294 printk("nf_nat_h323: out of TCP ports\n"); 294 pr_notice("nf_nat_h323: out of TCP ports\n");
295 return 0; 295 return 0;
296 } 296 }
297 297
@@ -341,7 +341,7 @@ static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
341 341
342 if (nated_port == 0) { /* No port available */ 342 if (nated_port == 0) { /* No port available */
343 if (net_ratelimit()) 343 if (net_ratelimit())
344 printk("nf_nat_q931: out of TCP ports\n"); 344 pr_notice("nf_nat_q931: out of TCP ports\n");
345 return 0; 345 return 0;
346 } 346 }
347 347
@@ -425,7 +425,7 @@ static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
425 425
426 if (nated_port == 0) { /* No port available */ 426 if (nated_port == 0) { /* No port available */
427 if (net_ratelimit()) 427 if (net_ratelimit())
428 printk("nf_nat_ras: out of TCP ports\n"); 428 pr_notice("nf_nat_ras: out of TCP ports\n");
429 return 0; 429 return 0;
430 } 430 }
431 431
@@ -507,7 +507,7 @@ static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
507 507
508 if (nated_port == 0) { /* No port available */ 508 if (nated_port == 0) { /* No port available */
509 if (net_ratelimit()) 509 if (net_ratelimit())
510 printk("nf_nat_q931: out of TCP ports\n"); 510 pr_notice("nf_nat_q931: out of TCP ports\n");
511 return 0; 511 return 0;
512 } 512 }
513 513
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index b48a0fc3d9e..98ed78281ae 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -39,7 +39,7 @@ static const struct xt_table nat_table = {
39 39
40/* Source NAT */ 40/* Source NAT */
41static unsigned int 41static unsigned int
42ipt_snat_target(struct sk_buff *skb, const struct xt_target_param *par) 42ipt_snat_target(struct sk_buff *skb, const struct xt_action_param *par)
43{ 43{
44 struct nf_conn *ct; 44 struct nf_conn *ct;
45 enum ip_conntrack_info ctinfo; 45 enum ip_conntrack_info ctinfo;
@@ -58,7 +58,7 @@ ipt_snat_target(struct sk_buff *skb, const struct xt_target_param *par)
58} 58}
59 59
60static unsigned int 60static unsigned int
61ipt_dnat_target(struct sk_buff *skb, const struct xt_target_param *par) 61ipt_dnat_target(struct sk_buff *skb, const struct xt_action_param *par)
62{ 62{
63 struct nf_conn *ct; 63 struct nf_conn *ct;
64 enum ip_conntrack_info ctinfo; 64 enum ip_conntrack_info ctinfo;
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
index 4d85b6e55f2..1679e2c0963 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
@@ -401,7 +401,7 @@ static unsigned char asn1_octets_decode(struct asn1_ctx *ctx,
401 *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC); 401 *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC);
402 if (*octets == NULL) { 402 if (*octets == NULL) {
403 if (net_ratelimit()) 403 if (net_ratelimit())
404 printk("OOM in bsalg (%d)\n", __LINE__); 404 pr_notice("OOM in bsalg (%d)\n", __LINE__);
405 return 0; 405 return 0;
406 } 406 }
407 407
@@ -452,7 +452,7 @@ static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
452 *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC); 452 *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC);
453 if (*oid == NULL) { 453 if (*oid == NULL) {
454 if (net_ratelimit()) 454 if (net_ratelimit())
455 printk("OOM in bsalg (%d)\n", __LINE__); 455 pr_notice("OOM in bsalg (%d)\n", __LINE__);
456 return 0; 456 return 0;
457 } 457 }
458 458
@@ -729,7 +729,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
729 if (*obj == NULL) { 729 if (*obj == NULL) {
730 kfree(id); 730 kfree(id);
731 if (net_ratelimit()) 731 if (net_ratelimit())
732 printk("OOM in bsalg (%d)\n", __LINE__); 732 pr_notice("OOM in bsalg (%d)\n", __LINE__);
733 return 0; 733 return 0;
734 } 734 }
735 (*obj)->syntax.l[0] = l; 735 (*obj)->syntax.l[0] = l;
@@ -746,7 +746,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
746 kfree(p); 746 kfree(p);
747 kfree(id); 747 kfree(id);
748 if (net_ratelimit()) 748 if (net_ratelimit())
749 printk("OOM in bsalg (%d)\n", __LINE__); 749 pr_notice("OOM in bsalg (%d)\n", __LINE__);
750 return 0; 750 return 0;
751 } 751 }
752 memcpy((*obj)->syntax.c, p, len); 752 memcpy((*obj)->syntax.c, p, len);
@@ -761,7 +761,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
761 if (*obj == NULL) { 761 if (*obj == NULL) {
762 kfree(id); 762 kfree(id);
763 if (net_ratelimit()) 763 if (net_ratelimit())
764 printk("OOM in bsalg (%d)\n", __LINE__); 764 pr_notice("OOM in bsalg (%d)\n", __LINE__);
765 return 0; 765 return 0;
766 } 766 }
767 if (!asn1_null_decode(ctx, end)) { 767 if (!asn1_null_decode(ctx, end)) {
@@ -782,7 +782,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
782 kfree(lp); 782 kfree(lp);
783 kfree(id); 783 kfree(id);
784 if (net_ratelimit()) 784 if (net_ratelimit())
785 printk("OOM in bsalg (%d)\n", __LINE__); 785 pr_notice("OOM in bsalg (%d)\n", __LINE__);
786 return 0; 786 return 0;
787 } 787 }
788 memcpy((*obj)->syntax.ul, lp, len); 788 memcpy((*obj)->syntax.ul, lp, len);
@@ -803,7 +803,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
803 kfree(p); 803 kfree(p);
804 kfree(id); 804 kfree(id);
805 if (net_ratelimit()) 805 if (net_ratelimit())
806 printk("OOM in bsalg (%d)\n", __LINE__); 806 pr_notice("OOM in bsalg (%d)\n", __LINE__);
807 return 0; 807 return 0;
808 } 808 }
809 memcpy((*obj)->syntax.uc, p, len); 809 memcpy((*obj)->syntax.uc, p, len);
@@ -821,7 +821,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
821 if (*obj == NULL) { 821 if (*obj == NULL) {
822 kfree(id); 822 kfree(id);
823 if (net_ratelimit()) 823 if (net_ratelimit())
824 printk("OOM in bsalg (%d)\n", __LINE__); 824 pr_notice("OOM in bsalg (%d)\n", __LINE__);
825 return 0; 825 return 0;
826 } 826 }
827 (*obj)->syntax.ul[0] = ul; 827 (*obj)->syntax.ul[0] = ul;
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index 84c7974f583..beb25819c9c 100644
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -293,12 +293,12 @@ static int __init nf_nat_standalone_init(void)
293#endif 293#endif
294 ret = nf_nat_rule_init(); 294 ret = nf_nat_rule_init();
295 if (ret < 0) { 295 if (ret < 0) {
296 printk("nf_nat_init: can't setup rules.\n"); 296 pr_err("nf_nat_init: can't setup rules.\n");
297 goto cleanup_decode_session; 297 goto cleanup_decode_session;
298 } 298 }
299 ret = nf_register_hooks(nf_nat_ops, ARRAY_SIZE(nf_nat_ops)); 299 ret = nf_register_hooks(nf_nat_ops, ARRAY_SIZE(nf_nat_ops));
300 if (ret < 0) { 300 if (ret < 0) {
301 printk("nf_nat_init: can't register hooks.\n"); 301 pr_err("nf_nat_init: can't register hooks.\n");
302 goto cleanup_rule_init; 302 goto cleanup_rule_init;
303 } 303 }
304 return ret; 304 return ret;