Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6

author: David S. Miller <davem@davemloft.net> 2009-09-10 21:17:09 -0400
committer: David S. Miller <davem@davemloft.net> 2009-09-10 21:17:09 -0400
commit: 9a0da0d19c573e01aded6ac17747d2efc5b1115f (patch)
tree: 76294327bae4b3e45b16c690bda4b24951f237cf /net/bridge
parent: ec282e9225be924479d4880b51f13524795bd8d3 (diff)
parent: 8a56df0ae1690f8f42a3c6c4532f4b06f93febea (diff)
7 files changed, 24 insertions, 38 deletions
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 4fde7425077d..907a82e9023d 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -359,7 +359,7 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb)
                                },
                                .proto = 0,
                        };
-                        struct in_device *in_dev = in_dev_get(dev);
+                        struct in_device *in_dev = __in_dev_get_rcu(dev);
                        /* If err equals -EHOSTUNREACH the error is due to a
                         * martian destination or due to the fact that
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index a94f3cc377c0..e4ea3fdd1d41 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -50,14 +50,6 @@ struct arppayload
        unsigned char ip_dst[4];
 };
-static void print_MAC(const unsigned char *p)
-{
-        int i;
-        for (i = 0; i < ETH_ALEN; i++, p++)
-                printk("%02x%c", *p, i == ETH_ALEN - 1 ? ' ':':');
-}
 static void
 print_ports(const struct sk_buff *skb, uint8_t protocol, int offset)
 {
@@ -88,14 +80,11 @@ ebt_log_packet(u_int8_t pf, unsigned int hooknum,
        unsigned int bitmask;
        spin_lock_bh(&ebt_log_lock);
-        printk("<%c>%s IN=%s OUT=%s MAC source = ", '0' + loginfo->u.log.level,
+        printk("<%c>%s IN=%s OUT=%s MAC source = %pM MAC dest = %pM proto = 0x%04x",
-               prefix, in ? in->name : "", out ? out->name : "");
+               '0' + loginfo->u.log.level, prefix,
+               in ? in->name : "", out ? out->name : "",
-        print_MAC(eth_hdr(skb)->h_source);
+               eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
-        printk("MAC dest = ");
+               ntohs(eth_hdr(skb)->h_proto));
-        print_MAC(eth_hdr(skb)->h_dest);
-        printk("proto = 0x%04x", ntohs(eth_hdr(skb)->h_proto));
        if (loginfo->type == NF_LOG_TYPE_LOG)
                bitmask = loginfo->u.log.logflags;
@@ -171,12 +160,8 @@ ebt_log_packet(u_int8_t pf, unsigned int hooknum,
                                printk(" INCOMPLETE ARP payload");
                                goto out;
                        }
-                        printk(" ARP MAC SRC=");
+                        printk(" ARP MAC SRC=%pM ARP IP SRC=%pI4 ARP MAC DST=%pM ARP IP DST=%pI4",
-                        print_MAC(ap->mac_src);
+                                        ap->mac_src, ap->ip_src, ap->mac_dst, ap->ip_dst);
-                        printk(" ARP IP SRC=%pI4", ap->ip_src);
-                        printk(" ARP MAC DST=");
-                        print_MAC(ap->mac_dst);
-                        printk(" ARP IP DST=%pI4", ap->ip_dst);
                }
        }
 out:
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
index 133eeae45a4f..ce50688a6431 100644
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -266,7 +266,7 @@ static bool ebt_ulog_tg_check(const struct xt_tgchk_param *par)
        if (uloginfo->qthreshold > EBT_ULOG_MAX_QLEN)
                uloginfo->qthreshold = EBT_ULOG_MAX_QLEN;
-        return 0;
+        return true;
 }
 static struct xt_target ebt_ulog_tg_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c
index c751111440f8..d32ab13e728c 100644
--- a/net/bridge/netfilter/ebtable_broute.c
+++ b/net/bridge/netfilter/ebtable_broute.c
@@ -41,7 +41,7 @@ static int check(const struct ebt_table_info *info, unsigned int valid_hooks)
        return 0;
 }
-static struct ebt_table broute_table =
+static const struct ebt_table broute_table =
 {
        .name           = "broute",
        .table          = &initial_table,
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c
index a5eea72938a6..60b1a6ca7185 100644
--- a/net/bridge/netfilter/ebtable_filter.c
+++ b/net/bridge/netfilter/ebtable_filter.c
@@ -50,7 +50,7 @@ static int check(const struct ebt_table_info *info, unsigned int valid_hooks)
        return 0;
 }
-static struct ebt_table frame_filter =
+static const struct ebt_table frame_filter =
 {
        .name           = "filter",
        .table          = &initial_table,
@@ -77,21 +77,21 @@ static struct nf_hook_ops ebt_ops_filter[] __read_mostly = {
        {
                .hook           = ebt_in_hook,
                .owner          = THIS_MODULE,
-                .pf             = PF_BRIDGE,
+                .pf             = NFPROTO_BRIDGE,
                .hooknum        = NF_BR_LOCAL_IN,
                .priority       = NF_BR_PRI_FILTER_BRIDGED,
        },
        {
                .hook           = ebt_in_hook,
                .owner          = THIS_MODULE,
-                .pf             = PF_BRIDGE,
+                .pf             = NFPROTO_BRIDGE,
                .hooknum        = NF_BR_FORWARD,
                .priority       = NF_BR_PRI_FILTER_BRIDGED,
        },
        {
                .hook           = ebt_out_hook,
                .owner          = THIS_MODULE,
-                .pf             = PF_BRIDGE,
+                .pf             = NFPROTO_BRIDGE,
                .hooknum        = NF_BR_LOCAL_OUT,
                .priority       = NF_BR_PRI_FILTER_OTHER,
        },
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c
index 6024c551f9a9..4a98804203b0 100644
--- a/net/bridge/netfilter/ebtable_nat.c
+++ b/net/bridge/netfilter/ebtable_nat.c
@@ -77,21 +77,21 @@ static struct nf_hook_ops ebt_ops_nat[] __read_mostly = {
        {
                .hook           = ebt_nat_out,
                .owner          = THIS_MODULE,
-                .pf             = PF_BRIDGE,
+                .pf             = NFPROTO_BRIDGE,
                .hooknum        = NF_BR_LOCAL_OUT,
                .priority       = NF_BR_PRI_NAT_DST_OTHER,
        },
        {
                .hook           = ebt_nat_out,
                .owner          = THIS_MODULE,
-                .pf             = PF_BRIDGE,
+                .pf             = NFPROTO_BRIDGE,
                .hooknum        = NF_BR_POST_ROUTING,
                .priority       = NF_BR_PRI_NAT_SRC,
        },
        {
                .hook           = ebt_nat_in,
                .owner          = THIS_MODULE,
-                .pf             = PF_BRIDGE,
+                .pf             = NFPROTO_BRIDGE,
                .hooknum        = NF_BR_PRE_ROUTING,
                .priority       = NF_BR_PRI_NAT_DST_BRIDGED,
        },
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 37928d5f2840..bd1c65425d4f 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -1103,23 +1103,24 @@ free_newinfo:
        return ret;
 }
-struct ebt_table *ebt_register_table(struct net *net, struct ebt_table *table)
+struct ebt_table *
+ebt_register_table(struct net *net, const struct ebt_table *input_table)
 {
        struct ebt_table_info *newinfo;
-        struct ebt_table *t;
+        struct ebt_table *t, *table;
        struct ebt_replace_kernel *repl;
        int ret, i, countersize;
        void *p;
-        if (!table || !(repl = table->table) || !repl->entries ||
+        if (input_table == NULL || (repl = input_table->table) == NULL ||
-            repl->entries_size == 0 ||
+            repl->entries == 0 || repl->entries_size == 0 ||
-            repl->counters || table->private) {
+            repl->counters != NULL || input_table->private != NULL) {
                BUGPRINT("Bad table data for ebt_register_table!!!\n");
                return ERR_PTR(-EINVAL);
        }
        /* Don't add one table to multiple lists. */
-        table = kmemdup(table, sizeof(struct ebt_table), GFP_KERNEL);
+        table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL);
        if (!table) {
                ret = -ENOMEM;
                goto out;
author	David S. Miller <davem@davemloft.net>	2009-09-10 21:17:09 -0400
committer	David S. Miller <davem@davemloft.net>	2009-09-10 21:17:09 -0400
commit	9a0da0d19c573e01aded6ac17747d2efc5b1115f (patch)
tree	76294327bae4b3e45b16c690bda4b24951f237cf /net/bridge
parent	ec282e9225be924479d4880b51f13524795bd8d3 (diff)
parent	8a56df0ae1690f8f42a3c6c4532f4b06f93febea (diff)

diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 4fde7425077d..907a82e9023d 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c
@@ -359,7 +359,7 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb)
359	},	359	},
360	.proto = 0,	360	.proto = 0,
361	};	361	};
362	struct in_device *in_dev = in_dev_get(dev);	362	struct in_device *in_dev = __in_dev_get_rcu(dev);
363		363
364	/* If err equals -EHOSTUNREACH the error is due to a	364	/* If err equals -EHOSTUNREACH the error is due to a
365	* martian destination or due to the fact that	365	* martian destination or due to the fact that


diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c index a94f3cc377c0..e4ea3fdd1d41 100644 --- a/net/bridge/netfilter/ebt_log.c +++ b/net/bridge/netfilter/ebt_log.c
@@ -50,14 +50,6 @@ struct arppayload
50	unsigned char ip_dst[4];	50	unsigned char ip_dst[4];
51	};	51	};
52		52
53	static void print_MAC(const unsigned char *p)
54	{
55	int i;
56
57	for (i = 0; i < ETH_ALEN; i++, p++)
58	printk("%02x%c", *p, i == ETH_ALEN - 1 ? ' ':':');
59	}
60
61	static void	53	static void
62	print_ports(const struct sk_buff *skb, uint8_t protocol, int offset)	54	print_ports(const struct sk_buff *skb, uint8_t protocol, int offset)
63	{	55	{
@@ -88,14 +80,11 @@ ebt_log_packet(u_int8_t pf, unsigned int hooknum,
88	unsigned int bitmask;	80	unsigned int bitmask;
89		81
90	spin_lock_bh(&ebt_log_lock);	82	spin_lock_bh(&ebt_log_lock);
91	printk("<%c>%s IN=%s OUT=%s MAC source = ", '0' + loginfo->u.log.level,	83	printk("<%c>%s IN=%s OUT=%s MAC source = %pM MAC dest = %pM proto = 0x%04x",
92	prefix, in ? in->name : "", out ? out->name : "");	84	'0' + loginfo->u.log.level, prefix,
93		85	in ? in->name : "", out ? out->name : "",
94	print_MAC(eth_hdr(skb)->h_source);	86	eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
95	printk("MAC dest = ");	87	ntohs(eth_hdr(skb)->h_proto));
96	print_MAC(eth_hdr(skb)->h_dest);
97
98	printk("proto = 0x%04x", ntohs(eth_hdr(skb)->h_proto));
99		88
100	if (loginfo->type == NF_LOG_TYPE_LOG)	89	if (loginfo->type == NF_LOG_TYPE_LOG)
101	bitmask = loginfo->u.log.logflags;	90	bitmask = loginfo->u.log.logflags;
@@ -171,12 +160,8 @@ ebt_log_packet(u_int8_t pf, unsigned int hooknum,
171	printk(" INCOMPLETE ARP payload");	160	printk(" INCOMPLETE ARP payload");
172	goto out;	161	goto out;
173	}	162	}
174	printk(" ARP MAC SRC=");	163	printk(" ARP MAC SRC=%pM ARP IP SRC=%pI4 ARP MAC DST=%pM ARP IP DST=%pI4",
175	print_MAC(ap->mac_src);	164	ap->mac_src, ap->ip_src, ap->mac_dst, ap->ip_dst);
176	printk(" ARP IP SRC=%pI4", ap->ip_src);
177	printk(" ARP MAC DST=");
178	print_MAC(ap->mac_dst);
179	printk(" ARP IP DST=%pI4", ap->ip_dst);
180	}	165	}
181	}	166	}
182	out:	167	out:


diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c index 133eeae45a4f..ce50688a6431 100644 --- a/net/bridge/netfilter/ebt_ulog.c +++ b/net/bridge/netfilter/ebt_ulog.c
@@ -266,7 +266,7 @@ static bool ebt_ulog_tg_check(const struct xt_tgchk_param *par)
266	if (uloginfo->qthreshold > EBT_ULOG_MAX_QLEN)	266	if (uloginfo->qthreshold > EBT_ULOG_MAX_QLEN)
267	uloginfo->qthreshold = EBT_ULOG_MAX_QLEN;	267	uloginfo->qthreshold = EBT_ULOG_MAX_QLEN;
268		268
269	return 0;	269	return true;
270	}	270	}
271		271
272	static struct xt_target ebt_ulog_tg_reg __read_mostly = {	272	static struct xt_target ebt_ulog_tg_reg __read_mostly = {


diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c index c751111440f8..d32ab13e728c 100644 --- a/net/bridge/netfilter/ebtable_broute.c +++ b/net/bridge/netfilter/ebtable_broute.c
@@ -41,7 +41,7 @@ static int check(const struct ebt_table_info *info, unsigned int valid_hooks)
41	return 0;	41	return 0;
42	}	42	}
43		43
44	static struct ebt_table broute_table =	44	static const struct ebt_table broute_table =
45	{	45	{
46	.name = "broute",	46	.name = "broute",
47	.table = &initial_table,	47	.table = &initial_table,


diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c index a5eea72938a6..60b1a6ca7185 100644 --- a/net/bridge/netfilter/ebtable_filter.c +++ b/net/bridge/netfilter/ebtable_filter.c
@@ -50,7 +50,7 @@ static int check(const struct ebt_table_info *info, unsigned int valid_hooks)
50	return 0;	50	return 0;
51	}	51	}
52		52
53	static struct ebt_table frame_filter =	53	static const struct ebt_table frame_filter =
54	{	54	{
55	.name = "filter",	55	.name = "filter",
56	.table = &initial_table,	56	.table = &initial_table,
@@ -77,21 +77,21 @@ static struct nf_hook_ops ebt_ops_filter[] __read_mostly = {
77	{	77	{
78	.hook = ebt_in_hook,	78	.hook = ebt_in_hook,
79	.owner = THIS_MODULE,	79	.owner = THIS_MODULE,
80	.pf = PF_BRIDGE,	80	.pf = NFPROTO_BRIDGE,
81	.hooknum = NF_BR_LOCAL_IN,	81	.hooknum = NF_BR_LOCAL_IN,
82	.priority = NF_BR_PRI_FILTER_BRIDGED,	82	.priority = NF_BR_PRI_FILTER_BRIDGED,
83	},	83	},
84	{	84	{
85	.hook = ebt_in_hook,	85	.hook = ebt_in_hook,
86	.owner = THIS_MODULE,	86	.owner = THIS_MODULE,
87	.pf = PF_BRIDGE,	87	.pf = NFPROTO_BRIDGE,
88	.hooknum = NF_BR_FORWARD,	88	.hooknum = NF_BR_FORWARD,
89	.priority = NF_BR_PRI_FILTER_BRIDGED,	89	.priority = NF_BR_PRI_FILTER_BRIDGED,
90	},	90	},
91	{	91	{
92	.hook = ebt_out_hook,	92	.hook = ebt_out_hook,
93	.owner = THIS_MODULE,	93	.owner = THIS_MODULE,
94	.pf = PF_BRIDGE,	94	.pf = NFPROTO_BRIDGE,
95	.hooknum = NF_BR_LOCAL_OUT,	95	.hooknum = NF_BR_LOCAL_OUT,
96	.priority = NF_BR_PRI_FILTER_OTHER,	96	.priority = NF_BR_PRI_FILTER_OTHER,
97	},	97	},


diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c index 6024c551f9a9..4a98804203b0 100644 --- a/net/bridge/netfilter/ebtable_nat.c +++ b/net/bridge/netfilter/ebtable_nat.c
@@ -77,21 +77,21 @@ static struct nf_hook_ops ebt_ops_nat[] __read_mostly = {
77	{	77	{
78	.hook = ebt_nat_out,	78	.hook = ebt_nat_out,
79	.owner = THIS_MODULE,	79	.owner = THIS_MODULE,
80	.pf = PF_BRIDGE,	80	.pf = NFPROTO_BRIDGE,
81	.hooknum = NF_BR_LOCAL_OUT,	81	.hooknum = NF_BR_LOCAL_OUT,
82	.priority = NF_BR_PRI_NAT_DST_OTHER,	82	.priority = NF_BR_PRI_NAT_DST_OTHER,
83	},	83	},
84	{	84	{
85	.hook = ebt_nat_out,	85	.hook = ebt_nat_out,
86	.owner = THIS_MODULE,	86	.owner = THIS_MODULE,
87	.pf = PF_BRIDGE,	87	.pf = NFPROTO_BRIDGE,
88	.hooknum = NF_BR_POST_ROUTING,	88	.hooknum = NF_BR_POST_ROUTING,
89	.priority = NF_BR_PRI_NAT_SRC,	89	.priority = NF_BR_PRI_NAT_SRC,
90	},	90	},
91	{	91	{
92	.hook = ebt_nat_in,	92	.hook = ebt_nat_in,
93	.owner = THIS_MODULE,	93	.owner = THIS_MODULE,
94	.pf = PF_BRIDGE,	94	.pf = NFPROTO_BRIDGE,
95	.hooknum = NF_BR_PRE_ROUTING,	95	.hooknum = NF_BR_PRE_ROUTING,
96	.priority = NF_BR_PRI_NAT_DST_BRIDGED,	96	.priority = NF_BR_PRI_NAT_DST_BRIDGED,
97	},	97	},


diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 37928d5f2840..bd1c65425d4f 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c
@@ -1103,23 +1103,24 @@ free_newinfo:
1103	return ret;	1103	return ret;
1104	}	1104	}
1105		1105
1106	struct ebt_table ebt_register_table(struct net net, struct ebt_table *table)	1106	struct ebt_table *
		1107	ebt_register_table(struct net net, const struct ebt_table input_table)
1107	{	1108	{
1108	struct ebt_table_info *newinfo;	1109	struct ebt_table_info *newinfo;
1109	struct ebt_table *t;	1110	struct ebt_table t, table;
1110	struct ebt_replace_kernel *repl;	1111	struct ebt_replace_kernel *repl;
1111	int ret, i, countersize;	1112	int ret, i, countersize;
1112	void *p;	1113	void *p;
1113		1114
1114	if (!table \|\| !(repl = table->table) \|\| !repl->entries \|\|	1115	if (input_table == NULL \|\| (repl = input_table->table) == NULL \|\|
1115	repl->entries_size == 0 \|\|	1116	repl->entries == 0 \|\| repl->entries_size == 0 \|\|
1116	repl->counters \|\| table->private) {	1117	repl->counters != NULL \|\| input_table->private != NULL) {
1117	BUGPRINT("Bad table data for ebt_register_table!!!\n");	1118	BUGPRINT("Bad table data for ebt_register_table!!!\n");
1118	return ERR_PTR(-EINVAL);	1119	return ERR_PTR(-EINVAL);
1119	}	1120	}
1120		1121
1121	/* Don't add one table to multiple lists. */	1122	/* Don't add one table to multiple lists. */
1122	table = kmemdup(table, sizeof(struct ebt_table), GFP_KERNEL);	1123	table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL);
1123	if (!table) {	1124	if (!table) {
1124	ret = -ENOMEM;	1125	ret = -ENOMEM;
1125	goto out;	1126	goto out;