diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-10-08 05:35:08 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:08 -0400 |
| commit | c2a2c7e0cc39e7f9336cd67e8307a110bdba82f3 (patch) | |
| tree | 7f9636ad72ab8f2309b2d5b3ca74f8c074ac807a /net/ipv4 | |
| parent | c04d05529a6e0bf97183a2caf76a0c7f07f5b78c (diff) | |
netfilter: netns nf_conntrack: per-netns net.netfilter.nf_conntrack_log_invalid sysctl
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 75871b1dd8a8..af69acc1d0f8 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
| @@ -278,7 +278,7 @@ static ctl_table ip_ct_sysctl_table[] = { | |||
| 278 | { | 278 | { |
| 279 | .ctl_name = NET_IPV4_NF_CONNTRACK_LOG_INVALID, | 279 | .ctl_name = NET_IPV4_NF_CONNTRACK_LOG_INVALID, |
| 280 | .procname = "ip_conntrack_log_invalid", | 280 | .procname = "ip_conntrack_log_invalid", |
| 281 | .data = &nf_ct_log_invalid, | 281 | .data = &init_net.ct.sysctl_log_invalid, |
| 282 | .maxlen = sizeof(unsigned int), | 282 | .maxlen = sizeof(unsigned int), |
| 283 | .mode = 0644, | 283 | .mode = 0644, |
| 284 | .proc_handler = &proc_dointvec_minmax, | 284 | .proc_handler = &proc_dointvec_minmax, |
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c index ace66cbf9215..4e8879220222 100644 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c | |||
| @@ -181,7 +181,7 @@ icmp_error(struct net *net, struct sk_buff *skb, unsigned int dataoff, | |||
| 181 | /* Not enough header? */ | 181 | /* Not enough header? */ |
| 182 | icmph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_ih), &_ih); | 182 | icmph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_ih), &_ih); |
| 183 | if (icmph == NULL) { | 183 | if (icmph == NULL) { |
| 184 | if (LOG_INVALID(IPPROTO_ICMP)) | 184 | if (LOG_INVALID(net, IPPROTO_ICMP)) |
| 185 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, | 185 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, |
| 186 | "nf_ct_icmp: short packet "); | 186 | "nf_ct_icmp: short packet "); |
| 187 | return -NF_ACCEPT; | 187 | return -NF_ACCEPT; |
| @@ -190,7 +190,7 @@ icmp_error(struct net *net, struct sk_buff *skb, unsigned int dataoff, | |||
| 190 | /* See ip_conntrack_proto_tcp.c */ | 190 | /* See ip_conntrack_proto_tcp.c */ |
| 191 | if (net->ct.sysctl_checksum && hooknum == NF_INET_PRE_ROUTING && | 191 | if (net->ct.sysctl_checksum && hooknum == NF_INET_PRE_ROUTING && |
| 192 | nf_ip_checksum(skb, hooknum, dataoff, 0)) { | 192 | nf_ip_checksum(skb, hooknum, dataoff, 0)) { |
| 193 | if (LOG_INVALID(IPPROTO_ICMP)) | 193 | if (LOG_INVALID(net, IPPROTO_ICMP)) |
| 194 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, | 194 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, |
| 195 | "nf_ct_icmp: bad HW ICMP checksum "); | 195 | "nf_ct_icmp: bad HW ICMP checksum "); |
| 196 | return -NF_ACCEPT; | 196 | return -NF_ACCEPT; |
| @@ -203,7 +203,7 @@ icmp_error(struct net *net, struct sk_buff *skb, unsigned int dataoff, | |||
| 203 | * discarded. | 203 | * discarded. |
| 204 | */ | 204 | */ |
| 205 | if (icmph->type > NR_ICMP_TYPES) { | 205 | if (icmph->type > NR_ICMP_TYPES) { |
| 206 | if (LOG_INVALID(IPPROTO_ICMP)) | 206 | if (LOG_INVALID(net, IPPROTO_ICMP)) |
| 207 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, | 207 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, |
| 208 | "nf_ct_icmp: invalid ICMP type "); | 208 | "nf_ct_icmp: invalid ICMP type "); |
| 209 | return -NF_ACCEPT; | 209 | return -NF_ACCEPT; |