diff options
author | David S. Miller <davem@davemloft.net> | 2010-05-13 17:14:10 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-05-13 17:14:10 -0400 |
commit | e7874c996b8591f59d78efa519031dab5b58723b (patch) | |
tree | 14aa8dea0c33de9d22ef8177fb242c9d80d693de /net/ipv4 | |
parent | 4a6346d4ea63b5e1390babf22f1cc0f113d8082b (diff) | |
parent | 736d58e3a2245ac2779fe0f278f8735bcf33ca8d (diff) |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 76 | ||||
-rw-r--r-- | net/ipv4/netfilter/arpt_mangle.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_queue.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 137 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_ECN.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_LOG.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_MASQUERADE.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_NETMAP.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_REDIRECT.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_REJECT.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_ULOG.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_addrtype.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_ah.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_ecn.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_filter.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 10 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_h323.c | 16 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_rule.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_snmp_basic.c | 16 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_standalone.c | 4 |
21 files changed, 130 insertions, 166 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 07a69905939..1ac01b12862 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -49,12 +49,7 @@ MODULE_DESCRIPTION("arptables core"); | |||
49 | #endif | 49 | #endif |
50 | 50 | ||
51 | #ifdef CONFIG_NETFILTER_DEBUG | 51 | #ifdef CONFIG_NETFILTER_DEBUG |
52 | #define ARP_NF_ASSERT(x) \ | 52 | #define ARP_NF_ASSERT(x) WARN_ON(!(x)) |
53 | do { \ | ||
54 | if (!(x)) \ | ||
55 | printk("ARP_NF_ASSERT: %s:%s:%u\n", \ | ||
56 | __func__, __FILE__, __LINE__); \ | ||
57 | } while(0) | ||
58 | #else | 53 | #else |
59 | #define ARP_NF_ASSERT(x) | 54 | #define ARP_NF_ASSERT(x) |
60 | #endif | 55 | #endif |
@@ -224,10 +219,10 @@ static inline int arp_checkentry(const struct arpt_arp *arp) | |||
224 | } | 219 | } |
225 | 220 | ||
226 | static unsigned int | 221 | static unsigned int |
227 | arpt_error(struct sk_buff *skb, const struct xt_target_param *par) | 222 | arpt_error(struct sk_buff *skb, const struct xt_action_param *par) |
228 | { | 223 | { |
229 | if (net_ratelimit()) | 224 | if (net_ratelimit()) |
230 | printk("arp_tables: error: '%s'\n", | 225 | pr_err("arp_tables: error: '%s'\n", |
231 | (const char *)par->targinfo); | 226 | (const char *)par->targinfo); |
232 | 227 | ||
233 | return NF_DROP; | 228 | return NF_DROP; |
@@ -260,12 +255,11 @@ unsigned int arpt_do_table(struct sk_buff *skb, | |||
260 | static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); | 255 | static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); |
261 | unsigned int verdict = NF_DROP; | 256 | unsigned int verdict = NF_DROP; |
262 | const struct arphdr *arp; | 257 | const struct arphdr *arp; |
263 | bool hotdrop = false; | ||
264 | struct arpt_entry *e, *back; | 258 | struct arpt_entry *e, *back; |
265 | const char *indev, *outdev; | 259 | const char *indev, *outdev; |
266 | void *table_base; | 260 | void *table_base; |
267 | const struct xt_table_info *private; | 261 | const struct xt_table_info *private; |
268 | struct xt_target_param tgpar; | 262 | struct xt_action_param acpar; |
269 | 263 | ||
270 | if (!pskb_may_pull(skb, arp_hdr_len(skb->dev))) | 264 | if (!pskb_may_pull(skb, arp_hdr_len(skb->dev))) |
271 | return NF_DROP; | 265 | return NF_DROP; |
@@ -280,10 +274,11 @@ unsigned int arpt_do_table(struct sk_buff *skb, | |||
280 | e = get_entry(table_base, private->hook_entry[hook]); | 274 | e = get_entry(table_base, private->hook_entry[hook]); |
281 | back = get_entry(table_base, private->underflow[hook]); | 275 | back = get_entry(table_base, private->underflow[hook]); |
282 | 276 | ||
283 | tgpar.in = in; | 277 | acpar.in = in; |
284 | tgpar.out = out; | 278 | acpar.out = out; |
285 | tgpar.hooknum = hook; | 279 | acpar.hooknum = hook; |
286 | tgpar.family = NFPROTO_ARP; | 280 | acpar.family = NFPROTO_ARP; |
281 | acpar.hotdrop = false; | ||
287 | 282 | ||
288 | arp = arp_hdr(skb); | 283 | arp = arp_hdr(skb); |
289 | do { | 284 | do { |
@@ -333,9 +328,9 @@ unsigned int arpt_do_table(struct sk_buff *skb, | |||
333 | /* Targets which reenter must return | 328 | /* Targets which reenter must return |
334 | * abs. verdicts | 329 | * abs. verdicts |
335 | */ | 330 | */ |
336 | tgpar.target = t->u.kernel.target; | 331 | acpar.target = t->u.kernel.target; |
337 | tgpar.targinfo = t->data; | 332 | acpar.targinfo = t->data; |
338 | verdict = t->u.kernel.target->target(skb, &tgpar); | 333 | verdict = t->u.kernel.target->target(skb, &acpar); |
339 | 334 | ||
340 | /* Target might have changed stuff. */ | 335 | /* Target might have changed stuff. */ |
341 | arp = arp_hdr(skb); | 336 | arp = arp_hdr(skb); |
@@ -345,10 +340,10 @@ unsigned int arpt_do_table(struct sk_buff *skb, | |||
345 | else | 340 | else |
346 | /* Verdict */ | 341 | /* Verdict */ |
347 | break; | 342 | break; |
348 | } while (!hotdrop); | 343 | } while (!acpar.hotdrop); |
349 | xt_info_rdunlock_bh(); | 344 | xt_info_rdunlock_bh(); |
350 | 345 | ||
351 | if (hotdrop) | 346 | if (acpar.hotdrop) |
352 | return NF_DROP; | 347 | return NF_DROP; |
353 | else | 348 | else |
354 | return verdict; | 349 | return verdict; |
@@ -390,7 +385,7 @@ static int mark_source_chains(const struct xt_table_info *newinfo, | |||
390 | int visited = e->comefrom & (1 << hook); | 385 | int visited = e->comefrom & (1 << hook); |
391 | 386 | ||
392 | if (e->comefrom & (1 << NF_ARP_NUMHOOKS)) { | 387 | if (e->comefrom & (1 << NF_ARP_NUMHOOKS)) { |
393 | printk("arptables: loop hook %u pos %u %08X.\n", | 388 | pr_notice("arptables: loop hook %u pos %u %08X.\n", |
394 | hook, pos, e->comefrom); | 389 | hook, pos, e->comefrom); |
395 | return 0; | 390 | return 0; |
396 | } | 391 | } |
@@ -1828,22 +1823,23 @@ void arpt_unregister_table(struct xt_table *table) | |||
1828 | } | 1823 | } |
1829 | 1824 | ||
1830 | /* The built-in targets: standard (NULL) and error. */ | 1825 | /* The built-in targets: standard (NULL) and error. */ |
1831 | static struct xt_target arpt_standard_target __read_mostly = { | 1826 | static struct xt_target arpt_builtin_tg[] __read_mostly = { |
1832 | .name = ARPT_STANDARD_TARGET, | 1827 | { |
1833 | .targetsize = sizeof(int), | 1828 | .name = ARPT_STANDARD_TARGET, |
1834 | .family = NFPROTO_ARP, | 1829 | .targetsize = sizeof(int), |
1830 | .family = NFPROTO_ARP, | ||
1835 | #ifdef CONFIG_COMPAT | 1831 | #ifdef CONFIG_COMPAT |
1836 | .compatsize = sizeof(compat_int_t), | 1832 | .compatsize = sizeof(compat_int_t), |
1837 | .compat_from_user = compat_standard_from_user, | 1833 | .compat_from_user = compat_standard_from_user, |
1838 | .compat_to_user = compat_standard_to_user, | 1834 | .compat_to_user = compat_standard_to_user, |
1839 | #endif | 1835 | #endif |
1840 | }; | 1836 | }, |
1841 | 1837 | { | |
1842 | static struct xt_target arpt_error_target __read_mostly = { | 1838 | .name = ARPT_ERROR_TARGET, |
1843 | .name = ARPT_ERROR_TARGET, | 1839 | .target = arpt_error, |
1844 | .target = arpt_error, | 1840 | .targetsize = ARPT_FUNCTION_MAXNAMELEN, |
1845 | .targetsize = ARPT_FUNCTION_MAXNAMELEN, | 1841 | .family = NFPROTO_ARP, |
1846 | .family = NFPROTO_ARP, | 1842 | }, |
1847 | }; | 1843 | }; |
1848 | 1844 | ||
1849 | static struct nf_sockopt_ops arpt_sockopts = { | 1845 | static struct nf_sockopt_ops arpt_sockopts = { |
@@ -1887,12 +1883,9 @@ static int __init arp_tables_init(void) | |||
1887 | goto err1; | 1883 | goto err1; |
1888 | 1884 | ||
1889 | /* Noone else will be downing sem now, so we won't sleep */ | 1885 | /* Noone else will be downing sem now, so we won't sleep */ |
1890 | ret = xt_register_target(&arpt_standard_target); | 1886 | ret = xt_register_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg)); |
1891 | if (ret < 0) | 1887 | if (ret < 0) |
1892 | goto err2; | 1888 | goto err2; |
1893 | ret = xt_register_target(&arpt_error_target); | ||
1894 | if (ret < 0) | ||
1895 | goto err3; | ||
1896 | 1889 | ||
1897 | /* Register setsockopt */ | 1890 | /* Register setsockopt */ |
1898 | ret = nf_register_sockopt(&arpt_sockopts); | 1891 | ret = nf_register_sockopt(&arpt_sockopts); |
@@ -1903,9 +1896,7 @@ static int __init arp_tables_init(void) | |||
1903 | return 0; | 1896 | return 0; |
1904 | 1897 | ||
1905 | err4: | 1898 | err4: |
1906 | xt_unregister_target(&arpt_error_target); | 1899 | xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg)); |
1907 | err3: | ||
1908 | xt_unregister_target(&arpt_standard_target); | ||
1909 | err2: | 1900 | err2: |
1910 | unregister_pernet_subsys(&arp_tables_net_ops); | 1901 | unregister_pernet_subsys(&arp_tables_net_ops); |
1911 | err1: | 1902 | err1: |
@@ -1915,8 +1906,7 @@ err1: | |||
1915 | static void __exit arp_tables_fini(void) | 1906 | static void __exit arp_tables_fini(void) |
1916 | { | 1907 | { |
1917 | nf_unregister_sockopt(&arpt_sockopts); | 1908 | nf_unregister_sockopt(&arpt_sockopts); |
1918 | xt_unregister_target(&arpt_error_target); | 1909 | xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg)); |
1919 | xt_unregister_target(&arpt_standard_target); | ||
1920 | unregister_pernet_subsys(&arp_tables_net_ops); | 1910 | unregister_pernet_subsys(&arp_tables_net_ops); |
1921 | } | 1911 | } |
1922 | 1912 | ||
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c index 4b51a027f30..e1be7dd1171 100644 --- a/net/ipv4/netfilter/arpt_mangle.c +++ b/net/ipv4/netfilter/arpt_mangle.c | |||
@@ -9,7 +9,7 @@ MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>"); | |||
9 | MODULE_DESCRIPTION("arptables arp payload mangle target"); | 9 | MODULE_DESCRIPTION("arptables arp payload mangle target"); |
10 | 10 | ||
11 | static unsigned int | 11 | static unsigned int |
12 | target(struct sk_buff *skb, const struct xt_target_param *par) | 12 | target(struct sk_buff *skb, const struct xt_action_param *par) |
13 | { | 13 | { |
14 | const struct arpt_mangle *mangle = par->targinfo; | 14 | const struct arpt_mangle *mangle = par->targinfo; |
15 | const struct arphdr *arp; | 15 | const struct arphdr *arp; |
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c index c838238104f..a4e5fc5df4b 100644 --- a/net/ipv4/netfilter/ip_queue.c +++ b/net/ipv4/netfilter/ip_queue.c | |||
@@ -461,7 +461,6 @@ __ipq_rcv_skb(struct sk_buff *skb) | |||
461 | 461 | ||
462 | if (flags & NLM_F_ACK) | 462 | if (flags & NLM_F_ACK) |
463 | netlink_ack(skb, nlh, 0); | 463 | netlink_ack(skb, nlh, 0); |
464 | return; | ||
465 | } | 464 | } |
466 | 465 | ||
467 | static void | 466 | static void |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 3e6af1036fb..63958f3394a 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -51,12 +51,7 @@ MODULE_DESCRIPTION("IPv4 packet filter"); | |||
51 | #endif | 51 | #endif |
52 | 52 | ||
53 | #ifdef CONFIG_NETFILTER_DEBUG | 53 | #ifdef CONFIG_NETFILTER_DEBUG |
54 | #define IP_NF_ASSERT(x) \ | 54 | #define IP_NF_ASSERT(x) WARN_ON(!(x)) |
55 | do { \ | ||
56 | if (!(x)) \ | ||
57 | printk("IP_NF_ASSERT: %s:%s:%u\n", \ | ||
58 | __func__, __FILE__, __LINE__); \ | ||
59 | } while(0) | ||
60 | #else | 55 | #else |
61 | #define IP_NF_ASSERT(x) | 56 | #define IP_NF_ASSERT(x) |
62 | #endif | 57 | #endif |
@@ -165,7 +160,7 @@ ip_checkentry(const struct ipt_ip *ip) | |||
165 | } | 160 | } |
166 | 161 | ||
167 | static unsigned int | 162 | static unsigned int |
168 | ipt_error(struct sk_buff *skb, const struct xt_target_param *par) | 163 | ipt_error(struct sk_buff *skb, const struct xt_action_param *par) |
169 | { | 164 | { |
170 | if (net_ratelimit()) | 165 | if (net_ratelimit()) |
171 | pr_info("error: `%s'\n", (const char *)par->targinfo); | 166 | pr_info("error: `%s'\n", (const char *)par->targinfo); |
@@ -173,21 +168,6 @@ ipt_error(struct sk_buff *skb, const struct xt_target_param *par) | |||
173 | return NF_DROP; | 168 | return NF_DROP; |
174 | } | 169 | } |
175 | 170 | ||
176 | /* Performance critical - called for every packet */ | ||
177 | static inline bool | ||
178 | do_match(const struct ipt_entry_match *m, const struct sk_buff *skb, | ||
179 | struct xt_match_param *par) | ||
180 | { | ||
181 | par->match = m->u.kernel.match; | ||
182 | par->matchinfo = m->data; | ||
183 | |||
184 | /* Stop iteration if it doesn't match */ | ||
185 | if (!m->u.kernel.match->match(skb, par)) | ||
186 | return true; | ||
187 | else | ||
188 | return false; | ||
189 | } | ||
190 | |||
191 | /* Performance critical */ | 171 | /* Performance critical */ |
192 | static inline struct ipt_entry * | 172 | static inline struct ipt_entry * |
193 | get_entry(const void *base, unsigned int offset) | 173 | get_entry(const void *base, unsigned int offset) |
@@ -323,7 +303,6 @@ ipt_do_table(struct sk_buff *skb, | |||
323 | { | 303 | { |
324 | static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); | 304 | static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); |
325 | const struct iphdr *ip; | 305 | const struct iphdr *ip; |
326 | bool hotdrop = false; | ||
327 | /* Initializing verdict to NF_DROP keeps gcc happy. */ | 306 | /* Initializing verdict to NF_DROP keeps gcc happy. */ |
328 | unsigned int verdict = NF_DROP; | 307 | unsigned int verdict = NF_DROP; |
329 | const char *indev, *outdev; | 308 | const char *indev, *outdev; |
@@ -331,8 +310,7 @@ ipt_do_table(struct sk_buff *skb, | |||
331 | struct ipt_entry *e, **jumpstack; | 310 | struct ipt_entry *e, **jumpstack; |
332 | unsigned int *stackptr, origptr, cpu; | 311 | unsigned int *stackptr, origptr, cpu; |
333 | const struct xt_table_info *private; | 312 | const struct xt_table_info *private; |
334 | struct xt_match_param mtpar; | 313 | struct xt_action_param acpar; |
335 | struct xt_target_param tgpar; | ||
336 | 314 | ||
337 | /* Initialization */ | 315 | /* Initialization */ |
338 | ip = ip_hdr(skb); | 316 | ip = ip_hdr(skb); |
@@ -344,13 +322,13 @@ ipt_do_table(struct sk_buff *skb, | |||
344 | * things we don't know, ie. tcp syn flag or ports). If the | 322 | * things we don't know, ie. tcp syn flag or ports). If the |
345 | * rule is also a fragment-specific rule, non-fragments won't | 323 | * rule is also a fragment-specific rule, non-fragments won't |
346 | * match it. */ | 324 | * match it. */ |
347 | mtpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET; | 325 | acpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET; |
348 | mtpar.thoff = ip_hdrlen(skb); | 326 | acpar.thoff = ip_hdrlen(skb); |
349 | mtpar.hotdrop = &hotdrop; | 327 | acpar.hotdrop = false; |
350 | mtpar.in = tgpar.in = in; | 328 | acpar.in = in; |
351 | mtpar.out = tgpar.out = out; | 329 | acpar.out = out; |
352 | mtpar.family = tgpar.family = NFPROTO_IPV4; | 330 | acpar.family = NFPROTO_IPV4; |
353 | mtpar.hooknum = tgpar.hooknum = hook; | 331 | acpar.hooknum = hook; |
354 | 332 | ||
355 | IP_NF_ASSERT(table->valid_hooks & (1 << hook)); | 333 | IP_NF_ASSERT(table->valid_hooks & (1 << hook)); |
356 | xt_info_rdlock_bh(); | 334 | xt_info_rdlock_bh(); |
@@ -373,15 +351,18 @@ ipt_do_table(struct sk_buff *skb, | |||
373 | 351 | ||
374 | IP_NF_ASSERT(e); | 352 | IP_NF_ASSERT(e); |
375 | if (!ip_packet_match(ip, indev, outdev, | 353 | if (!ip_packet_match(ip, indev, outdev, |
376 | &e->ip, mtpar.fragoff)) { | 354 | &e->ip, acpar.fragoff)) { |
377 | no_match: | 355 | no_match: |
378 | e = ipt_next_entry(e); | 356 | e = ipt_next_entry(e); |
379 | continue; | 357 | continue; |
380 | } | 358 | } |
381 | 359 | ||
382 | xt_ematch_foreach(ematch, e) | 360 | xt_ematch_foreach(ematch, e) { |
383 | if (do_match(ematch, skb, &mtpar) != 0) | 361 | acpar.match = ematch->u.kernel.match; |
362 | acpar.matchinfo = ematch->data; | ||
363 | if (!acpar.match->match(skb, &acpar)) | ||
384 | goto no_match; | 364 | goto no_match; |
365 | } | ||
385 | 366 | ||
386 | ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1); | 367 | ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1); |
387 | 368 | ||
@@ -434,11 +415,10 @@ ipt_do_table(struct sk_buff *skb, | |||
434 | continue; | 415 | continue; |
435 | } | 416 | } |
436 | 417 | ||
437 | tgpar.target = t->u.kernel.target; | 418 | acpar.target = t->u.kernel.target; |
438 | tgpar.targinfo = t->data; | 419 | acpar.targinfo = t->data; |
439 | |||
440 | 420 | ||
441 | verdict = t->u.kernel.target->target(skb, &tgpar); | 421 | verdict = t->u.kernel.target->target(skb, &acpar); |
442 | /* Target might have changed stuff. */ | 422 | /* Target might have changed stuff. */ |
443 | ip = ip_hdr(skb); | 423 | ip = ip_hdr(skb); |
444 | if (verdict == IPT_CONTINUE) | 424 | if (verdict == IPT_CONTINUE) |
@@ -446,7 +426,7 @@ ipt_do_table(struct sk_buff *skb, | |||
446 | else | 426 | else |
447 | /* Verdict */ | 427 | /* Verdict */ |
448 | break; | 428 | break; |
449 | } while (!hotdrop); | 429 | } while (!acpar.hotdrop); |
450 | xt_info_rdunlock_bh(); | 430 | xt_info_rdunlock_bh(); |
451 | pr_debug("Exiting %s; resetting sp from %u to %u\n", | 431 | pr_debug("Exiting %s; resetting sp from %u to %u\n", |
452 | __func__, *stackptr, origptr); | 432 | __func__, *stackptr, origptr); |
@@ -454,7 +434,7 @@ ipt_do_table(struct sk_buff *skb, | |||
454 | #ifdef DEBUG_ALLOW_ALL | 434 | #ifdef DEBUG_ALLOW_ALL |
455 | return NF_ACCEPT; | 435 | return NF_ACCEPT; |
456 | #else | 436 | #else |
457 | if (hotdrop) | 437 | if (acpar.hotdrop) |
458 | return NF_DROP; | 438 | return NF_DROP; |
459 | else return verdict; | 439 | else return verdict; |
460 | #endif | 440 | #endif |
@@ -486,7 +466,7 @@ mark_source_chains(const struct xt_table_info *newinfo, | |||
486 | int visited = e->comefrom & (1 << hook); | 466 | int visited = e->comefrom & (1 << hook); |
487 | 467 | ||
488 | if (e->comefrom & (1 << NF_INET_NUMHOOKS)) { | 468 | if (e->comefrom & (1 << NF_INET_NUMHOOKS)) { |
489 | printk("iptables: loop hook %u pos %u %08X.\n", | 469 | pr_err("iptables: loop hook %u pos %u %08X.\n", |
490 | hook, pos, e->comefrom); | 470 | hook, pos, e->comefrom); |
491 | return 0; | 471 | return 0; |
492 | } | 472 | } |
@@ -591,7 +571,7 @@ check_entry(const struct ipt_entry *e, const char *name) | |||
591 | const struct ipt_entry_target *t; | 571 | const struct ipt_entry_target *t; |
592 | 572 | ||
593 | if (!ip_checkentry(&e->ip)) { | 573 | if (!ip_checkentry(&e->ip)) { |
594 | duprintf("ip check failed %p %s.\n", e, name); | 574 | duprintf("ip check failed %p %s.\n", e, par->match->name); |
595 | return -EINVAL; | 575 | return -EINVAL; |
596 | } | 576 | } |
597 | 577 | ||
@@ -618,7 +598,7 @@ check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par) | |||
618 | ret = xt_check_match(par, m->u.match_size - sizeof(*m), | 598 | ret = xt_check_match(par, m->u.match_size - sizeof(*m), |
619 | ip->proto, ip->invflags & IPT_INV_PROTO); | 599 | ip->proto, ip->invflags & IPT_INV_PROTO); |
620 | if (ret < 0) { | 600 | if (ret < 0) { |
621 | duprintf("check failed for `%s'.\n", par.match->name); | 601 | duprintf("check failed for `%s'.\n", par->match->name); |
622 | return ret; | 602 | return ret; |
623 | } | 603 | } |
624 | return 0; | 604 | return 0; |
@@ -2152,7 +2132,7 @@ icmp_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code, | |||
2152 | } | 2132 | } |
2153 | 2133 | ||
2154 | static bool | 2134 | static bool |
2155 | icmp_match(const struct sk_buff *skb, const struct xt_match_param *par) | 2135 | icmp_match(const struct sk_buff *skb, struct xt_action_param *par) |
2156 | { | 2136 | { |
2157 | const struct icmphdr *ic; | 2137 | const struct icmphdr *ic; |
2158 | struct icmphdr _icmph; | 2138 | struct icmphdr _icmph; |
@@ -2168,7 +2148,7 @@ icmp_match(const struct sk_buff *skb, const struct xt_match_param *par) | |||
2168 | * can't. Hence, no choice but to drop. | 2148 | * can't. Hence, no choice but to drop. |
2169 | */ | 2149 | */ |
2170 | duprintf("Dropping evil ICMP tinygram.\n"); | 2150 | duprintf("Dropping evil ICMP tinygram.\n"); |
2171 | *par->hotdrop = true; | 2151 | par->hotdrop = true; |
2172 | return false; | 2152 | return false; |
2173 | } | 2153 | } |
2174 | 2154 | ||
@@ -2187,23 +2167,23 @@ static int icmp_checkentry(const struct xt_mtchk_param *par) | |||
2187 | return (icmpinfo->invflags & ~IPT_ICMP_INV) ? -EINVAL : 0; | 2167 | return (icmpinfo->invflags & ~IPT_ICMP_INV) ? -EINVAL : 0; |
2188 | } | 2168 | } |
2189 | 2169 | ||
2190 | /* The built-in targets: standard (NULL) and error. */ | 2170 | static struct xt_target ipt_builtin_tg[] __read_mostly = { |
2191 | static struct xt_target ipt_standard_target __read_mostly = { | 2171 | { |
2192 | .name = IPT_STANDARD_TARGET, | 2172 | .name = IPT_STANDARD_TARGET, |
2193 | .targetsize = sizeof(int), | 2173 | .targetsize = sizeof(int), |
2194 | .family = NFPROTO_IPV4, | 2174 | .family = NFPROTO_IPV4, |
2195 | #ifdef CONFIG_COMPAT | 2175 | #ifdef CONFIG_COMPAT |
2196 | .compatsize = sizeof(compat_int_t), | 2176 | .compatsize = sizeof(compat_int_t), |
2197 | .compat_from_user = compat_standard_from_user, | 2177 | .compat_from_user = compat_standard_from_user, |
2198 | .compat_to_user = compat_standard_to_user, | 2178 | .compat_to_user = compat_standard_to_user, |
2199 | #endif | 2179 | #endif |
2200 | }; | 2180 | }, |
2201 | 2181 | { | |
2202 | static struct xt_target ipt_error_target __read_mostly = { | 2182 | .name = IPT_ERROR_TARGET, |
2203 | .name = IPT_ERROR_TARGET, | 2183 | .target = ipt_error, |
2204 | .target = ipt_error, | 2184 | .targetsize = IPT_FUNCTION_MAXNAMELEN, |
2205 | .targetsize = IPT_FUNCTION_MAXNAMELEN, | 2185 | .family = NFPROTO_IPV4, |
2206 | .family = NFPROTO_IPV4, | 2186 | }, |
2207 | }; | 2187 | }; |
2208 | 2188 | ||
2209 | static struct nf_sockopt_ops ipt_sockopts = { | 2189 | static struct nf_sockopt_ops ipt_sockopts = { |
@@ -2223,13 +2203,15 @@ static struct nf_sockopt_ops ipt_sockopts = { | |||
2223 | .owner = THIS_MODULE, | 2203 | .owner = THIS_MODULE, |
2224 | }; | 2204 | }; |
2225 | 2205 | ||
2226 | static struct xt_match icmp_matchstruct __read_mostly = { | 2206 | static struct xt_match ipt_builtin_mt[] __read_mostly = { |
2227 | .name = "icmp", | 2207 | { |
2228 | .match = icmp_match, | 2208 | .name = "icmp", |
2229 | .matchsize = sizeof(struct ipt_icmp), | 2209 | .match = icmp_match, |
2230 | .checkentry = icmp_checkentry, | 2210 | .matchsize = sizeof(struct ipt_icmp), |
2231 | .proto = IPPROTO_ICMP, | 2211 | .checkentry = icmp_checkentry, |
2232 | .family = NFPROTO_IPV4, | 2212 | .proto = IPPROTO_ICMP, |
2213 | .family = NFPROTO_IPV4, | ||
2214 | }, | ||
2233 | }; | 2215 | }; |
2234 | 2216 | ||
2235 | static int __net_init ip_tables_net_init(struct net *net) | 2217 | static int __net_init ip_tables_net_init(struct net *net) |
@@ -2256,13 +2238,10 @@ static int __init ip_tables_init(void) | |||
2256 | goto err1; | 2238 | goto err1; |
2257 | 2239 | ||
2258 | /* Noone else will be downing sem now, so we won't sleep */ | 2240 | /* Noone else will be downing sem now, so we won't sleep */ |
2259 | ret = xt_register_target(&ipt_standard_target); | 2241 | ret = xt_register_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg)); |
2260 | if (ret < 0) | 2242 | if (ret < 0) |
2261 | goto err2; | 2243 | goto err2; |
2262 | ret = xt_register_target(&ipt_error_target); | 2244 | ret = xt_register_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt)); |
2263 | if (ret < 0) | ||
2264 | goto err3; | ||
2265 | ret = xt_register_match(&icmp_matchstruct); | ||
2266 | if (ret < 0) | 2245 | if (ret < 0) |
2267 | goto err4; | 2246 | goto err4; |
2268 | 2247 | ||
@@ -2275,11 +2254,9 @@ static int __init ip_tables_init(void) | |||
2275 | return 0; | 2254 | return 0; |
2276 | 2255 | ||
2277 | err5: | 2256 | err5: |
2278 | xt_unregister_match(&icmp_matchstruct); | 2257 | xt_unregister_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt)); |
2279 | err4: | 2258 | err4: |
2280 | xt_unregister_target(&ipt_error_target); | 2259 | xt_unregister_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg)); |
2281 | err3: | ||
2282 | xt_unregister_target(&ipt_standard_target); | ||
2283 | err2: | 2260 | err2: |
2284 | unregister_pernet_subsys(&ip_tables_net_ops); | 2261 | unregister_pernet_subsys(&ip_tables_net_ops); |
2285 | err1: | 2262 | err1: |
@@ -2290,10 +2267,8 @@ static void __exit ip_tables_fini(void) | |||
2290 | { | 2267 | { |
2291 | nf_unregister_sockopt(&ipt_sockopts); | 2268 | nf_unregister_sockopt(&ipt_sockopts); |
2292 | 2269 | ||
2293 | xt_unregister_match(&icmp_matchstruct); | 2270 | xt_unregister_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt)); |
2294 | xt_unregister_target(&ipt_error_target); | 2271 | xt_unregister_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg)); |
2295 | xt_unregister_target(&ipt_standard_target); | ||
2296 | |||
2297 | unregister_pernet_subsys(&ip_tables_net_ops); | 2272 | unregister_pernet_subsys(&ip_tables_net_ops); |
2298 | } | 2273 | } |
2299 | 2274 | ||
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c index 8815d458de4..f91c94b9a79 100644 --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c | |||
@@ -282,7 +282,7 @@ clusterip_responsible(const struct clusterip_config *config, u_int32_t hash) | |||
282 | ***********************************************************************/ | 282 | ***********************************************************************/ |
283 | 283 | ||
284 | static unsigned int | 284 | static unsigned int |
285 | clusterip_tg(struct sk_buff *skb, const struct xt_target_param *par) | 285 | clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par) |
286 | { | 286 | { |
287 | const struct ipt_clusterip_tgt_info *cipinfo = par->targinfo; | 287 | const struct ipt_clusterip_tgt_info *cipinfo = par->targinfo; |
288 | struct nf_conn *ct; | 288 | struct nf_conn *ct; |
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index 563049f31ae..4bf3dc49ad1 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c | |||
@@ -77,7 +77,7 @@ set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo) | |||
77 | } | 77 | } |
78 | 78 | ||
79 | static unsigned int | 79 | static unsigned int |
80 | ecn_tg(struct sk_buff *skb, const struct xt_target_param *par) | 80 | ecn_tg(struct sk_buff *skb, const struct xt_action_param *par) |
81 | { | 81 | { |
82 | const struct ipt_ECN_info *einfo = par->targinfo; | 82 | const struct ipt_ECN_info *einfo = par->targinfo; |
83 | 83 | ||
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c index 3bd35f37081..5234f4f3499 100644 --- a/net/ipv4/netfilter/ipt_LOG.c +++ b/net/ipv4/netfilter/ipt_LOG.c | |||
@@ -425,7 +425,7 @@ ipt_log_packet(u_int8_t pf, | |||
425 | } | 425 | } |
426 | 426 | ||
427 | static unsigned int | 427 | static unsigned int |
428 | log_tg(struct sk_buff *skb, const struct xt_target_param *par) | 428 | log_tg(struct sk_buff *skb, const struct xt_action_param *par) |
429 | { | 429 | { |
430 | const struct ipt_log_info *loginfo = par->targinfo; | 430 | const struct ipt_log_info *loginfo = par->targinfo; |
431 | struct nf_loginfo li; | 431 | struct nf_loginfo li; |
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c index 02b1bc47799..d2ed9dc74eb 100644 --- a/net/ipv4/netfilter/ipt_MASQUERADE.c +++ b/net/ipv4/netfilter/ipt_MASQUERADE.c | |||
@@ -44,7 +44,7 @@ static int masquerade_tg_check(const struct xt_tgchk_param *par) | |||
44 | } | 44 | } |
45 | 45 | ||
46 | static unsigned int | 46 | static unsigned int |
47 | masquerade_tg(struct sk_buff *skb, const struct xt_target_param *par) | 47 | masquerade_tg(struct sk_buff *skb, const struct xt_action_param *par) |
48 | { | 48 | { |
49 | struct nf_conn *ct; | 49 | struct nf_conn *ct; |
50 | struct nf_conn_nat *nat; | 50 | struct nf_conn_nat *nat; |
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c index 708c7f8f7ee..f43867d1697 100644 --- a/net/ipv4/netfilter/ipt_NETMAP.c +++ b/net/ipv4/netfilter/ipt_NETMAP.c | |||
@@ -38,7 +38,7 @@ static int netmap_tg_check(const struct xt_tgchk_param *par) | |||
38 | } | 38 | } |
39 | 39 | ||
40 | static unsigned int | 40 | static unsigned int |
41 | netmap_tg(struct sk_buff *skb, const struct xt_target_param *par) | 41 | netmap_tg(struct sk_buff *skb, const struct xt_action_param *par) |
42 | { | 42 | { |
43 | struct nf_conn *ct; | 43 | struct nf_conn *ct; |
44 | enum ip_conntrack_info ctinfo; | 44 | enum ip_conntrack_info ctinfo; |
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c index 3cf10191652..18a0656505a 100644 --- a/net/ipv4/netfilter/ipt_REDIRECT.c +++ b/net/ipv4/netfilter/ipt_REDIRECT.c | |||
@@ -42,7 +42,7 @@ static int redirect_tg_check(const struct xt_tgchk_param *par) | |||
42 | } | 42 | } |
43 | 43 | ||
44 | static unsigned int | 44 | static unsigned int |
45 | redirect_tg(struct sk_buff *skb, const struct xt_target_param *par) | 45 | redirect_tg(struct sk_buff *skb, const struct xt_action_param *par) |
46 | { | 46 | { |
47 | struct nf_conn *ct; | 47 | struct nf_conn *ct; |
48 | enum ip_conntrack_info ctinfo; | 48 | enum ip_conntrack_info ctinfo; |
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index a86135a2805..f5f4a888e4e 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c | |||
@@ -136,7 +136,7 @@ static inline void send_unreach(struct sk_buff *skb_in, int code) | |||
136 | } | 136 | } |
137 | 137 | ||
138 | static unsigned int | 138 | static unsigned int |
139 | reject_tg(struct sk_buff *skb, const struct xt_target_param *par) | 139 | reject_tg(struct sk_buff *skb, const struct xt_action_param *par) |
140 | { | 140 | { |
141 | const struct ipt_reject_info *reject = par->targinfo; | 141 | const struct ipt_reject_info *reject = par->targinfo; |
142 | 142 | ||
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index 8f60749e87a..446e0f467a1 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c | |||
@@ -276,7 +276,7 @@ alloc_failure: | |||
276 | } | 276 | } |
277 | 277 | ||
278 | static unsigned int | 278 | static unsigned int |
279 | ulog_tg(struct sk_buff *skb, const struct xt_target_param *par) | 279 | ulog_tg(struct sk_buff *skb, const struct xt_action_param *par) |
280 | { | 280 | { |
281 | ipt_ulog_packet(par->hooknum, skb, par->in, par->out, | 281 | ipt_ulog_packet(par->hooknum, skb, par->in, par->out, |
282 | par->targinfo, NULL); | 282 | par->targinfo, NULL); |
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c index e4b8f2bf8aa..db8bff0fb86 100644 --- a/net/ipv4/netfilter/ipt_addrtype.c +++ b/net/ipv4/netfilter/ipt_addrtype.c | |||
@@ -30,7 +30,7 @@ static inline bool match_type(struct net *net, const struct net_device *dev, | |||
30 | } | 30 | } |
31 | 31 | ||
32 | static bool | 32 | static bool |
33 | addrtype_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par) | 33 | addrtype_mt_v0(const struct sk_buff *skb, struct xt_action_param *par) |
34 | { | 34 | { |
35 | struct net *net = dev_net(par->in ? par->in : par->out); | 35 | struct net *net = dev_net(par->in ? par->in : par->out); |
36 | const struct ipt_addrtype_info *info = par->matchinfo; | 36 | const struct ipt_addrtype_info *info = par->matchinfo; |
@@ -48,7 +48,7 @@ addrtype_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par) | |||
48 | } | 48 | } |
49 | 49 | ||
50 | static bool | 50 | static bool |
51 | addrtype_mt_v1(const struct sk_buff *skb, const struct xt_match_param *par) | 51 | addrtype_mt_v1(const struct sk_buff *skb, struct xt_action_param *par) |
52 | { | 52 | { |
53 | struct net *net = dev_net(par->in ? par->in : par->out); | 53 | struct net *net = dev_net(par->in ? par->in : par->out); |
54 | const struct ipt_addrtype_info_v1 *info = par->matchinfo; | 54 | const struct ipt_addrtype_info_v1 *info = par->matchinfo; |
diff --git a/net/ipv4/netfilter/ipt_ah.c b/net/ipv4/netfilter/ipt_ah.c index 9f981020489..14a2aa8b8a1 100644 --- a/net/ipv4/netfilter/ipt_ah.c +++ b/net/ipv4/netfilter/ipt_ah.c | |||
@@ -30,7 +30,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert) | |||
30 | return r; | 30 | return r; |
31 | } | 31 | } |
32 | 32 | ||
33 | static bool ah_mt(const struct sk_buff *skb, const struct xt_match_param *par) | 33 | static bool ah_mt(const struct sk_buff *skb, struct xt_action_param *par) |
34 | { | 34 | { |
35 | struct ip_auth_hdr _ahdr; | 35 | struct ip_auth_hdr _ahdr; |
36 | const struct ip_auth_hdr *ah; | 36 | const struct ip_auth_hdr *ah; |
@@ -46,7 +46,7 @@ static bool ah_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
46 | * can't. Hence, no choice but to drop. | 46 | * can't. Hence, no choice but to drop. |
47 | */ | 47 | */ |
48 | pr_debug("Dropping evil AH tinygram.\n"); | 48 | pr_debug("Dropping evil AH tinygram.\n"); |
49 | *par->hotdrop = true; | 49 | par->hotdrop = true; |
50 | return 0; | 50 | return 0; |
51 | } | 51 | } |
52 | 52 | ||
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c index 32e24100d8d..af6e9c77834 100644 --- a/net/ipv4/netfilter/ipt_ecn.c +++ b/net/ipv4/netfilter/ipt_ecn.c | |||
@@ -67,7 +67,7 @@ static inline bool match_tcp(const struct sk_buff *skb, | |||
67 | return true; | 67 | return true; |
68 | } | 68 | } |
69 | 69 | ||
70 | static bool ecn_mt(const struct sk_buff *skb, const struct xt_match_param *par) | 70 | static bool ecn_mt(const struct sk_buff *skb, struct xt_action_param *par) |
71 | { | 71 | { |
72 | const struct ipt_ecn_info *info = par->matchinfo; | 72 | const struct ipt_ecn_info *info = par->matchinfo; |
73 | 73 | ||
@@ -78,7 +78,7 @@ static bool ecn_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
78 | if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) { | 78 | if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) { |
79 | if (ip_hdr(skb)->protocol != IPPROTO_TCP) | 79 | if (ip_hdr(skb)->protocol != IPPROTO_TCP) |
80 | return false; | 80 | return false; |
81 | if (!match_tcp(skb, info, par->hotdrop)) | 81 | if (!match_tcp(skb, info, &par->hotdrop)) |
82 | return false; | 82 | return false; |
83 | } | 83 | } |
84 | 84 | ||
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index 55392466daa..c37641e819f 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c | |||
@@ -89,7 +89,7 @@ static int __init iptable_filter_init(void) | |||
89 | int ret; | 89 | int ret; |
90 | 90 | ||
91 | if (forward < 0 || forward > NF_MAX_VERDICT) { | 91 | if (forward < 0 || forward > NF_MAX_VERDICT) { |
92 | printk("iptables forward must be 0 or 1\n"); | 92 | pr_err("iptables forward must be 0 or 1\n"); |
93 | return -EINVAL; | 93 | return -EINVAL; |
94 | } | 94 | } |
95 | 95 | ||
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 2bb1f87051c..5a03c02af99 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
@@ -382,32 +382,32 @@ static int __init nf_conntrack_l3proto_ipv4_init(void) | |||
382 | 382 | ||
383 | ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_tcp4); | 383 | ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_tcp4); |
384 | if (ret < 0) { | 384 | if (ret < 0) { |
385 | printk("nf_conntrack_ipv4: can't register tcp.\n"); | 385 | pr_err("nf_conntrack_ipv4: can't register tcp.\n"); |
386 | goto cleanup_sockopt; | 386 | goto cleanup_sockopt; |
387 | } | 387 | } |
388 | 388 | ||
389 | ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_udp4); | 389 | ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_udp4); |
390 | if (ret < 0) { | 390 | if (ret < 0) { |
391 | printk("nf_conntrack_ipv4: can't register udp.\n"); | 391 | pr_err("nf_conntrack_ipv4: can't register udp.\n"); |
392 | goto cleanup_tcp; | 392 | goto cleanup_tcp; |
393 | } | 393 | } |
394 | 394 | ||
395 | ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_icmp); | 395 | ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_icmp); |
396 | if (ret < 0) { | 396 | if (ret < 0) { |
397 | printk("nf_conntrack_ipv4: can't register icmp.\n"); | 397 | pr_err("nf_conntrack_ipv4: can't register icmp.\n"); |
398 | goto cleanup_udp; | 398 | goto cleanup_udp; |
399 | } | 399 | } |
400 | 400 | ||
401 | ret = nf_conntrack_l3proto_register(&nf_conntrack_l3proto_ipv4); | 401 | ret = nf_conntrack_l3proto_register(&nf_conntrack_l3proto_ipv4); |
402 | if (ret < 0) { | 402 | if (ret < 0) { |
403 | printk("nf_conntrack_ipv4: can't register ipv4\n"); | 403 | pr_err("nf_conntrack_ipv4: can't register ipv4\n"); |
404 | goto cleanup_icmp; | 404 | goto cleanup_icmp; |
405 | } | 405 | } |
406 | 406 | ||
407 | ret = nf_register_hooks(ipv4_conntrack_ops, | 407 | ret = nf_register_hooks(ipv4_conntrack_ops, |
408 | ARRAY_SIZE(ipv4_conntrack_ops)); | 408 | ARRAY_SIZE(ipv4_conntrack_ops)); |
409 | if (ret < 0) { | 409 | if (ret < 0) { |
410 | printk("nf_conntrack_ipv4: can't register hooks.\n"); | 410 | pr_err("nf_conntrack_ipv4: can't register hooks.\n"); |
411 | goto cleanup_ipv4; | 411 | goto cleanup_ipv4; |
412 | } | 412 | } |
413 | #if defined(CONFIG_PROC_FS) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) | 413 | #if defined(CONFIG_PROC_FS) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) |
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c index d4c061874f8..5045196d853 100644 --- a/net/ipv4/netfilter/nf_nat_h323.c +++ b/net/ipv4/netfilter/nf_nat_h323.c | |||
@@ -43,7 +43,7 @@ static int set_addr(struct sk_buff *skb, | |||
43 | addroff, sizeof(buf), | 43 | addroff, sizeof(buf), |
44 | (char *) &buf, sizeof(buf))) { | 44 | (char *) &buf, sizeof(buf))) { |
45 | if (net_ratelimit()) | 45 | if (net_ratelimit()) |
46 | printk("nf_nat_h323: nf_nat_mangle_tcp_packet" | 46 | pr_notice("nf_nat_h323: nf_nat_mangle_tcp_packet" |
47 | " error\n"); | 47 | " error\n"); |
48 | return -1; | 48 | return -1; |
49 | } | 49 | } |
@@ -59,7 +59,7 @@ static int set_addr(struct sk_buff *skb, | |||
59 | addroff, sizeof(buf), | 59 | addroff, sizeof(buf), |
60 | (char *) &buf, sizeof(buf))) { | 60 | (char *) &buf, sizeof(buf))) { |
61 | if (net_ratelimit()) | 61 | if (net_ratelimit()) |
62 | printk("nf_nat_h323: nf_nat_mangle_udp_packet" | 62 | pr_notice("nf_nat_h323: nf_nat_mangle_udp_packet" |
63 | " error\n"); | 63 | " error\n"); |
64 | return -1; | 64 | return -1; |
65 | } | 65 | } |
@@ -215,7 +215,7 @@ static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, | |||
215 | /* Run out of expectations */ | 215 | /* Run out of expectations */ |
216 | if (i >= H323_RTP_CHANNEL_MAX) { | 216 | if (i >= H323_RTP_CHANNEL_MAX) { |
217 | if (net_ratelimit()) | 217 | if (net_ratelimit()) |
218 | printk("nf_nat_h323: out of expectations\n"); | 218 | pr_notice("nf_nat_h323: out of expectations\n"); |
219 | return 0; | 219 | return 0; |
220 | } | 220 | } |
221 | 221 | ||
@@ -234,7 +234,7 @@ static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, | |||
234 | 234 | ||
235 | if (nated_port == 0) { /* No port available */ | 235 | if (nated_port == 0) { /* No port available */ |
236 | if (net_ratelimit()) | 236 | if (net_ratelimit()) |
237 | printk("nf_nat_h323: out of RTP ports\n"); | 237 | pr_notice("nf_nat_h323: out of RTP ports\n"); |
238 | return 0; | 238 | return 0; |
239 | } | 239 | } |
240 | 240 | ||
@@ -291,7 +291,7 @@ static int nat_t120(struct sk_buff *skb, struct nf_conn *ct, | |||
291 | 291 | ||
292 | if (nated_port == 0) { /* No port available */ | 292 | if (nated_port == 0) { /* No port available */ |
293 | if (net_ratelimit()) | 293 | if (net_ratelimit()) |
294 | printk("nf_nat_h323: out of TCP ports\n"); | 294 | pr_notice("nf_nat_h323: out of TCP ports\n"); |
295 | return 0; | 295 | return 0; |
296 | } | 296 | } |
297 | 297 | ||
@@ -341,7 +341,7 @@ static int nat_h245(struct sk_buff *skb, struct nf_conn *ct, | |||
341 | 341 | ||
342 | if (nated_port == 0) { /* No port available */ | 342 | if (nated_port == 0) { /* No port available */ |
343 | if (net_ratelimit()) | 343 | if (net_ratelimit()) |
344 | printk("nf_nat_q931: out of TCP ports\n"); | 344 | pr_notice("nf_nat_q931: out of TCP ports\n"); |
345 | return 0; | 345 | return 0; |
346 | } | 346 | } |
347 | 347 | ||
@@ -425,7 +425,7 @@ static int nat_q931(struct sk_buff *skb, struct nf_conn *ct, | |||
425 | 425 | ||
426 | if (nated_port == 0) { /* No port available */ | 426 | if (nated_port == 0) { /* No port available */ |
427 | if (net_ratelimit()) | 427 | if (net_ratelimit()) |
428 | printk("nf_nat_ras: out of TCP ports\n"); | 428 | pr_notice("nf_nat_ras: out of TCP ports\n"); |
429 | return 0; | 429 | return 0; |
430 | } | 430 | } |
431 | 431 | ||
@@ -507,7 +507,7 @@ static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct, | |||
507 | 507 | ||
508 | if (nated_port == 0) { /* No port available */ | 508 | if (nated_port == 0) { /* No port available */ |
509 | if (net_ratelimit()) | 509 | if (net_ratelimit()) |
510 | printk("nf_nat_q931: out of TCP ports\n"); | 510 | pr_notice("nf_nat_q931: out of TCP ports\n"); |
511 | return 0; | 511 | return 0; |
512 | } | 512 | } |
513 | 513 | ||
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index b48a0fc3d9e..98ed78281ae 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c | |||
@@ -39,7 +39,7 @@ static const struct xt_table nat_table = { | |||
39 | 39 | ||
40 | /* Source NAT */ | 40 | /* Source NAT */ |
41 | static unsigned int | 41 | static unsigned int |
42 | ipt_snat_target(struct sk_buff *skb, const struct xt_target_param *par) | 42 | ipt_snat_target(struct sk_buff *skb, const struct xt_action_param *par) |
43 | { | 43 | { |
44 | struct nf_conn *ct; | 44 | struct nf_conn *ct; |
45 | enum ip_conntrack_info ctinfo; | 45 | enum ip_conntrack_info ctinfo; |
@@ -58,7 +58,7 @@ ipt_snat_target(struct sk_buff *skb, const struct xt_target_param *par) | |||
58 | } | 58 | } |
59 | 59 | ||
60 | static unsigned int | 60 | static unsigned int |
61 | ipt_dnat_target(struct sk_buff *skb, const struct xt_target_param *par) | 61 | ipt_dnat_target(struct sk_buff *skb, const struct xt_action_param *par) |
62 | { | 62 | { |
63 | struct nf_conn *ct; | 63 | struct nf_conn *ct; |
64 | enum ip_conntrack_info ctinfo; | 64 | enum ip_conntrack_info ctinfo; |
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c index 4d85b6e55f2..1679e2c0963 100644 --- a/net/ipv4/netfilter/nf_nat_snmp_basic.c +++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c | |||
@@ -401,7 +401,7 @@ static unsigned char asn1_octets_decode(struct asn1_ctx *ctx, | |||
401 | *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC); | 401 | *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC); |
402 | if (*octets == NULL) { | 402 | if (*octets == NULL) { |
403 | if (net_ratelimit()) | 403 | if (net_ratelimit()) |
404 | printk("OOM in bsalg (%d)\n", __LINE__); | 404 | pr_notice("OOM in bsalg (%d)\n", __LINE__); |
405 | return 0; | 405 | return 0; |
406 | } | 406 | } |
407 | 407 | ||
@@ -452,7 +452,7 @@ static unsigned char asn1_oid_decode(struct asn1_ctx *ctx, | |||
452 | *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC); | 452 | *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC); |
453 | if (*oid == NULL) { | 453 | if (*oid == NULL) { |
454 | if (net_ratelimit()) | 454 | if (net_ratelimit()) |
455 | printk("OOM in bsalg (%d)\n", __LINE__); | 455 | pr_notice("OOM in bsalg (%d)\n", __LINE__); |
456 | return 0; | 456 | return 0; |
457 | } | 457 | } |
458 | 458 | ||
@@ -729,7 +729,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx, | |||
729 | if (*obj == NULL) { | 729 | if (*obj == NULL) { |
730 | kfree(id); | 730 | kfree(id); |
731 | if (net_ratelimit()) | 731 | if (net_ratelimit()) |
732 | printk("OOM in bsalg (%d)\n", __LINE__); | 732 | pr_notice("OOM in bsalg (%d)\n", __LINE__); |
733 | return 0; | 733 | return 0; |
734 | } | 734 | } |
735 | (*obj)->syntax.l[0] = l; | 735 | (*obj)->syntax.l[0] = l; |
@@ -746,7 +746,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx, | |||
746 | kfree(p); | 746 | kfree(p); |
747 | kfree(id); | 747 | kfree(id); |
748 | if (net_ratelimit()) | 748 | if (net_ratelimit()) |
749 | printk("OOM in bsalg (%d)\n", __LINE__); | 749 | pr_notice("OOM in bsalg (%d)\n", __LINE__); |
750 | return 0; | 750 | return 0; |
751 | } | 751 | } |
752 | memcpy((*obj)->syntax.c, p, len); | 752 | memcpy((*obj)->syntax.c, p, len); |
@@ -761,7 +761,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx, | |||
761 | if (*obj == NULL) { | 761 | if (*obj == NULL) { |
762 | kfree(id); | 762 | kfree(id); |
763 | if (net_ratelimit()) | 763 | if (net_ratelimit()) |
764 | printk("OOM in bsalg (%d)\n", __LINE__); | 764 | pr_notice("OOM in bsalg (%d)\n", __LINE__); |
765 | return 0; | 765 | return 0; |
766 | } | 766 | } |
767 | if (!asn1_null_decode(ctx, end)) { | 767 | if (!asn1_null_decode(ctx, end)) { |
@@ -782,7 +782,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx, | |||
782 | kfree(lp); | 782 | kfree(lp); |
783 | kfree(id); | 783 | kfree(id); |
784 | if (net_ratelimit()) | 784 | if (net_ratelimit()) |
785 | printk("OOM in bsalg (%d)\n", __LINE__); | 785 | pr_notice("OOM in bsalg (%d)\n", __LINE__); |
786 | return 0; | 786 | return 0; |
787 | } | 787 | } |
788 | memcpy((*obj)->syntax.ul, lp, len); | 788 | memcpy((*obj)->syntax.ul, lp, len); |
@@ -803,7 +803,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx, | |||
803 | kfree(p); | 803 | kfree(p); |
804 | kfree(id); | 804 | kfree(id); |
805 | if (net_ratelimit()) | 805 | if (net_ratelimit()) |
806 | printk("OOM in bsalg (%d)\n", __LINE__); | 806 | pr_notice("OOM in bsalg (%d)\n", __LINE__); |
807 | return 0; | 807 | return 0; |
808 | } | 808 | } |
809 | memcpy((*obj)->syntax.uc, p, len); | 809 | memcpy((*obj)->syntax.uc, p, len); |
@@ -821,7 +821,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx, | |||
821 | if (*obj == NULL) { | 821 | if (*obj == NULL) { |
822 | kfree(id); | 822 | kfree(id); |
823 | if (net_ratelimit()) | 823 | if (net_ratelimit()) |
824 | printk("OOM in bsalg (%d)\n", __LINE__); | 824 | pr_notice("OOM in bsalg (%d)\n", __LINE__); |
825 | return 0; | 825 | return 0; |
826 | } | 826 | } |
827 | (*obj)->syntax.ul[0] = ul; | 827 | (*obj)->syntax.ul[0] = ul; |
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c index 84c7974f583..beb25819c9c 100644 --- a/net/ipv4/netfilter/nf_nat_standalone.c +++ b/net/ipv4/netfilter/nf_nat_standalone.c | |||
@@ -293,12 +293,12 @@ static int __init nf_nat_standalone_init(void) | |||
293 | #endif | 293 | #endif |
294 | ret = nf_nat_rule_init(); | 294 | ret = nf_nat_rule_init(); |
295 | if (ret < 0) { | 295 | if (ret < 0) { |
296 | printk("nf_nat_init: can't setup rules.\n"); | 296 | pr_err("nf_nat_init: can't setup rules.\n"); |
297 | goto cleanup_decode_session; | 297 | goto cleanup_decode_session; |
298 | } | 298 | } |
299 | ret = nf_register_hooks(nf_nat_ops, ARRAY_SIZE(nf_nat_ops)); | 299 | ret = nf_register_hooks(nf_nat_ops, ARRAY_SIZE(nf_nat_ops)); |
300 | if (ret < 0) { | 300 | if (ret < 0) { |
301 | printk("nf_nat_init: can't register hooks.\n"); | 301 | pr_err("nf_nat_init: can't register hooks.\n"); |
302 | goto cleanup_rule_init; | 302 | goto cleanup_rule_init; |
303 | } | 303 | } |
304 | return ret; | 304 | return ret; |