netfilter: xt extensions: use pr_<level> (2)

Supplement to 1159683ef48469de71dc26f0ee1a9c30d131cf89. Downgrade the log level to INFO for most checkentry messages as they are, IMO, just an extra information to the -EINVAL code that is returned as part of a parameter "constraint violation". Leave errors to real errors, such as being unable to create a LED trigger. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2010-03-19 16:08:16 -0400
committer: Jan Engelhardt <jengelh@medozas.de> 2010-03-25 10:00:04 -0400
commit: ff67e4e42bd178b1179c4d8e5c1fde18758ce84f (patch)
tree: 5d4cc857d4bac40c3d78f90f8e21f12c424737a4 /net/ipv6
parent: 0d34545563f99886b997be7da63f0e8084af3bc5 (diff)
7 files changed, 29 insertions, 31 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 9210e312edf1..1b2414e03a34 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -40,13 +40,13 @@ MODULE_DESCRIPTION("IPv6 packet filter");
 /*#define DEBUG_IP_FIREWALL_USER*/
 #ifdef DEBUG_IP_FIREWALL
-#define dprintf(format, args...)  printk(format , ## args)
+#define dprintf(format, args...) pr_info(format , ## args)
 #else
 #define dprintf(format, args...)
 #endif
 #ifdef DEBUG_IP_FIREWALL_USER
-#define duprintf(format, args...) printk(format , ## args)
+#define duprintf(format, args...) pr_info(format , ## args)
 #else
 #define duprintf(format, args...)
 #endif
@@ -200,8 +200,7 @@ static unsigned int
 ip6t_error(struct sk_buff *skb, const struct xt_target_param *par)
 {
        if (net_ratelimit())
-                printk("ip6_tables: error: `%s'\n",
+                pr_info("error: `%s'\n", (const char *)par->targinfo);
-                       (const char *)par->targinfo);
        return NF_DROP;
 }
@@ -2308,7 +2307,7 @@ static int __init ip6_tables_init(void)
        if (ret < 0)
                goto err5;
-        printk(KERN_INFO "ip6_tables: (C) 2000-2006 Netfilter Core Team\n");
+        pr_info("(C) 2000-2006 Netfilter Core Team\n");
        return 0;
 err5:
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
index e16c0c7d086d..5a79883220e0 100644
--- a/net/ipv6/netfilter/ip6t_LOG.c
+++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -9,7 +9,7 @@
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/if_arp.h>
@@ -456,12 +456,11 @@ static bool log_tg6_check(const struct xt_tgchk_param *par)
        const struct ip6t_log_info *loginfo = par->targinfo;
        if (loginfo->level >= 8) {
-                pr_debug("LOG: level %u >= 8\n", loginfo->level);
+                pr_debug("level %u >= 8\n", loginfo->level);
                return false;
        }
        if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
-                pr_debug("LOG: prefix term %i\n",
+                pr_debug("prefix not null-terminated\n");
-                         loginfo->prefix[sizeof(loginfo->prefix)-1]);
                return false;
        }
        return true;
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index dd8afbaf00a8..45efb9f38fcb 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -14,7 +14,7 @@
 * as published by the Free Software Foundation; either version
 * 2 of the License, or (at your option) any later version.
 */
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/icmpv6.h>
@@ -49,7 +49,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
        if ((!(ipv6_addr_type(&oip6h->saddr) & IPV6_ADDR_UNICAST)) ||
            (!(ipv6_addr_type(&oip6h->daddr) & IPV6_ADDR_UNICAST))) {
-                pr_debug("ip6t_REJECT: addr is not unicast.\n");
+                pr_debug("addr is not unicast.\n");
                return;
        }
@@ -57,7 +57,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
        tcphoff = ipv6_skip_exthdr(oldskb, ((u8*)(oip6h+1) - oldskb->data), &proto);
        if ((tcphoff < 0) || (tcphoff > oldskb->len)) {
-                pr_debug("ip6t_REJECT: Can't get TCP header.\n");
+                pr_debug("Cannot get TCP header.\n");
                return;
        }
@@ -65,7 +65,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
        /* IP header checks: fragment, too short. */
        if (proto != IPPROTO_TCP || otcplen < sizeof(struct tcphdr)) {
-                pr_debug("ip6t_REJECT: proto(%d) != IPPROTO_TCP, "
+                pr_debug("proto(%d) != IPPROTO_TCP, "
                         "or too short. otcplen = %d\n",
                         proto, otcplen);
                return;
@@ -76,14 +76,14 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
        /* No RST for RST. */
        if (otcph.rst) {
-                pr_debug("ip6t_REJECT: RST is set\n");
+                pr_debug("RST is set\n");
                return;
        }
        /* Check checksum. */
        if (csum_ipv6_magic(&oip6h->saddr, &oip6h->daddr, otcplen, IPPROTO_TCP,
                            skb_checksum(oldskb, tcphoff, otcplen, 0))) {
-                pr_debug("ip6t_REJECT: TCP checksum is invalid\n");
+                pr_debug("TCP checksum is invalid\n");
                return;
        }
@@ -107,7 +107,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
        if (!nskb) {
                if (net_ratelimit())
-                        printk("ip6t_REJECT: Can't alloc skb\n");
+                        pr_debug("cannot alloc skb\n");
                dst_release(dst);
                return;
        }
@@ -206,7 +206,7 @@ reject_tg6(struct sk_buff *skb, const struct xt_target_param *par)
                break;
        default:
                if (net_ratelimit())
-                        printk(KERN_WARNING "ip6t_REJECT: case %u not handled yet\n", reject->with);
+                        pr_info("case %u not handled yet\n", reject->with);
                break;
        }
@@ -219,13 +219,13 @@ static bool reject_tg6_check(const struct xt_tgchk_param *par)
        const struct ip6t_entry *e = par->entryinfo;
        if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) {
-                printk("ip6t_REJECT: ECHOREPLY is not supported.\n");
+                pr_info("ECHOREPLY is not supported.\n");
                return false;
        } else if (rejinfo->with == IP6T_TCP_RESET) {
                /* Must specify that it's a TCP packet */
                if (e->ipv6.proto != IPPROTO_TCP ||
                    (e->ipv6.invflags & XT_INV_PROTO)) {
-                        printk("ip6t_REJECT: TCP_RESET illegal for non-tcp\n");
+                        pr_info("TCP_RESET illegal for non-tcp\n");
                        return false;
                }
        }
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c
index ac0b7c629d78..4429bfd39e11 100644
--- a/net/ipv6/netfilter/ip6t_ah.c
+++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -6,7 +6,7 @@
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/ip.h>
@@ -29,7 +29,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
 {
        bool r;
-        pr_debug("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",
+        pr_debug("spi_match:%c 0x%x <= 0x%x <= 0x%x\n",
                 invert ? '!' : ' ', min, spi, max);
        r = (spi >= min && spi <= max) ^ invert;
        pr_debug(" result %s\n", r ? "PASS" : "FAILED");
@@ -92,7 +92,7 @@ static bool ah_mt6_check(const struct xt_mtchk_param *par)
        const struct ip6t_ah *ahinfo = par->matchinfo;
        if (ahinfo->invflags & ~IP6T_AH_INV_MASK) {
-                pr_debug("ip6t_ah: unknown flags %X\n", ahinfo->invflags);
+                pr_debug("unknown flags %X\n", ahinfo->invflags);
                return false;
        }
        return true;
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c
index 7b91c2598ed5..5c0da913b4ab 100644
--- a/net/ipv6/netfilter/ip6t_frag.c
+++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -6,7 +6,7 @@
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/ipv6.h>
@@ -27,7 +27,7 @@ static inline bool
 id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
 {
        bool r;
-        pr_debug("frag id_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ',
+        pr_debug("id_match:%c 0x%x <= 0x%x <= 0x%x\n", invert ? '!' : ' ',
                 min, id, max);
        r = (id >= min && id <= max) ^ invert;
        pr_debug(" result %s\n", r ? "PASS" : "FAILED");
@@ -107,7 +107,7 @@ static bool frag_mt6_check(const struct xt_mtchk_param *par)
        const struct ip6t_frag *fraginfo = par->matchinfo;
        if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) {
-                pr_debug("ip6t_frag: unknown flags %X\n", fraginfo->invflags);
+                pr_debug("unknown flags %X\n", fraginfo->invflags);
                return false;
        }
        return true;
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c
index 82593c8bdc3e..f4b73889d00a 100644
--- a/net/ipv6/netfilter/ip6t_hbh.c
+++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -6,7 +6,7 @@
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/ipv6.h>
@@ -169,12 +169,12 @@ static bool hbh_mt6_check(const struct xt_mtchk_param *par)
        const struct ip6t_opts *optsinfo = par->matchinfo;
        if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
-                pr_debug("ip6t_opts: unknown flags %X\n", optsinfo->invflags);
+                pr_debug("unknown flags %X\n", optsinfo->invflags);
                return false;
        }
        if (optsinfo->flags & IP6T_OPTS_NSTRICT) {
-                pr_debug("ip6t_opts: Not strict - not implemented");
+                pr_debug("Not strict - not implemented");
                return false;
        }
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index b77307fc8743..c58d65336577 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -6,7 +6,7 @@
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/ipv6.h>
@@ -29,7 +29,7 @@ static inline bool
 segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
 {
        bool r;
-        pr_debug("rt segsleft_match:%c 0x%x <= 0x%x <= 0x%x",
+        pr_debug("segsleft_match:%c 0x%x <= 0x%x <= 0x%x\n",
                 invert ? '!' : ' ', min, id, max);
        r = (id >= min && id <= max) ^ invert;
        pr_debug(" result %s\n", r ? "PASS" : "FAILED");
@@ -188,7 +188,7 @@ static bool rt_mt6_check(const struct xt_mtchk_param *par)
        const struct ip6t_rt *rtinfo = par->matchinfo;
        if (rtinfo->invflags & ~IP6T_RT_INV_MASK) {
-                pr_debug("ip6t_rt: unknown flags %X\n", rtinfo->invflags);
+                pr_debug("unknown flags %X\n", rtinfo->invflags);
                return false;
        }
        if ((rtinfo->flags & (IP6T_RT_RES | IP6T_RT_FST_MASK)) &&
author	Jan Engelhardt <jengelh@medozas.de>	2010-03-19 16:08:16 -0400
committer	Jan Engelhardt <jengelh@medozas.de>	2010-03-25 10:00:04 -0400
commit	ff67e4e42bd178b1179c4d8e5c1fde18758ce84f (patch)
tree	5d4cc857d4bac40c3d78f90f8e21f12c424737a4 /net/ipv6
parent	0d34545563f99886b997be7da63f0e8084af3bc5 (diff)

diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 9210e312edf1..1b2414e03a34 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c
@@ -40,13 +40,13 @@ MODULE_DESCRIPTION("IPv6 packet filter");
40	/#define DEBUG_IP_FIREWALL_USER/	40	/#define DEBUG_IP_FIREWALL_USER/
41		41
42	#ifdef DEBUG_IP_FIREWALL	42	#ifdef DEBUG_IP_FIREWALL
43	#define dprintf(format, args...) printk(format , ## args)	43	#define dprintf(format, args...) pr_info(format , ## args)
44	#else	44	#else
45	#define dprintf(format, args...)	45	#define dprintf(format, args...)
46	#endif	46	#endif
47		47
48	#ifdef DEBUG_IP_FIREWALL_USER	48	#ifdef DEBUG_IP_FIREWALL_USER
49	#define duprintf(format, args...) printk(format , ## args)	49	#define duprintf(format, args...) pr_info(format , ## args)
50	#else	50	#else
51	#define duprintf(format, args...)	51	#define duprintf(format, args...)
52	#endif	52	#endif
@@ -200,8 +200,7 @@ static unsigned int
200	ip6t_error(struct sk_buff skb, const struct xt_target_param par)	200	ip6t_error(struct sk_buff skb, const struct xt_target_param par)
201	{	201	{
202	if (net_ratelimit())	202	if (net_ratelimit())
203	printk("ip6_tables: error: `%s'\n",	203	pr_info("error: `%s'\n", (const char *)par->targinfo);
204	(const char *)par->targinfo);
205		204
206	return NF_DROP;	205	return NF_DROP;
207	}	206	}
@@ -2308,7 +2307,7 @@ static int __init ip6_tables_init(void)
2308	if (ret < 0)	2307	if (ret < 0)
2309	goto err5;	2308	goto err5;
2310		2309
2311	printk(KERN_INFO "ip6_tables: (C) 2000-2006 Netfilter Core Team\n");	2310	pr_info("(C) 2000-2006 Netfilter Core Team\n");
2312	return 0;	2311	return 0;
2313		2312
2314	err5:	2313	err5:


diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c index e16c0c7d086d..5a79883220e0 100644 --- a/net/ipv6/netfilter/ip6t_LOG.c +++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -9,7 +9,7 @@
9	* it under the terms of the GNU General Public License version 2 as	9	* it under the terms of the GNU General Public License version 2 as
10	* published by the Free Software Foundation.	10	* published by the Free Software Foundation.
11	*/	11	*/
12		12	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13	#include <linux/module.h>	13	#include <linux/module.h>
14	#include <linux/skbuff.h>	14	#include <linux/skbuff.h>
15	#include <linux/if_arp.h>	15	#include <linux/if_arp.h>
@@ -456,12 +456,11 @@ static bool log_tg6_check(const struct xt_tgchk_param *par)
456	const struct ip6t_log_info *loginfo = par->targinfo;	456	const struct ip6t_log_info *loginfo = par->targinfo;
457		457
458	if (loginfo->level >= 8) {	458	if (loginfo->level >= 8) {
459	pr_debug("LOG: level %u >= 8\n", loginfo->level);	459	pr_debug("level %u >= 8\n", loginfo->level);
460	return false;	460	return false;
461	}	461	}
462	if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {	462	if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
463	pr_debug("LOG: prefix term %i\n",	463	pr_debug("prefix not null-terminated\n");
464	loginfo->prefix[sizeof(loginfo->prefix)-1]);
465	return false;	464	return false;
466	}	465	}
467	return true;	466	return true;


diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index dd8afbaf00a8..45efb9f38fcb 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -14,7 +14,7 @@
14	* as published by the Free Software Foundation; either version	14	* as published by the Free Software Foundation; either version
15	* 2 of the License, or (at your option) any later version.	15	* 2 of the License, or (at your option) any later version.
16	*/	16	*/
17		17	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
18	#include <linux/module.h>	18	#include <linux/module.h>
19	#include <linux/skbuff.h>	19	#include <linux/skbuff.h>
20	#include <linux/icmpv6.h>	20	#include <linux/icmpv6.h>
@@ -49,7 +49,7 @@ static void send_reset(struct net net, struct sk_buff oldskb)
49		49
50	if ((!(ipv6_addr_type(&oip6h->saddr) & IPV6_ADDR_UNICAST)) \|\|	50	if ((!(ipv6_addr_type(&oip6h->saddr) & IPV6_ADDR_UNICAST)) \|\|
51	(!(ipv6_addr_type(&oip6h->daddr) & IPV6_ADDR_UNICAST))) {	51	(!(ipv6_addr_type(&oip6h->daddr) & IPV6_ADDR_UNICAST))) {
52	pr_debug("ip6t_REJECT: addr is not unicast.\n");	52	pr_debug("addr is not unicast.\n");
53	return;	53	return;
54	}	54	}
55		55
@@ -57,7 +57,7 @@ static void send_reset(struct net net, struct sk_buff oldskb)
57	tcphoff = ipv6_skip_exthdr(oldskb, ((u8*)(oip6h+1) - oldskb->data), &proto);	57	tcphoff = ipv6_skip_exthdr(oldskb, ((u8*)(oip6h+1) - oldskb->data), &proto);
58		58
59	if ((tcphoff < 0) \|\| (tcphoff > oldskb->len)) {	59	if ((tcphoff < 0) \|\| (tcphoff > oldskb->len)) {
60	pr_debug("ip6t_REJECT: Can't get TCP header.\n");	60	pr_debug("Cannot get TCP header.\n");
61	return;	61	return;
62	}	62	}
63		63
@@ -65,7 +65,7 @@ static void send_reset(struct net net, struct sk_buff oldskb)
65		65
66	/* IP header checks: fragment, too short. */	66	/* IP header checks: fragment, too short. */
67	if (proto != IPPROTO_TCP \|\| otcplen < sizeof(struct tcphdr)) {	67	if (proto != IPPROTO_TCP \|\| otcplen < sizeof(struct tcphdr)) {
68	pr_debug("ip6t_REJECT: proto(%d) != IPPROTO_TCP, "	68	pr_debug("proto(%d) != IPPROTO_TCP, "
69	"or too short. otcplen = %d\n",	69	"or too short. otcplen = %d\n",
70	proto, otcplen);	70	proto, otcplen);
71	return;	71	return;
@@ -76,14 +76,14 @@ static void send_reset(struct net net, struct sk_buff oldskb)
76		76
77	/* No RST for RST. */	77	/* No RST for RST. */
78	if (otcph.rst) {	78	if (otcph.rst) {
79	pr_debug("ip6t_REJECT: RST is set\n");	79	pr_debug("RST is set\n");
80	return;	80	return;
81	}	81	}
82		82
83	/* Check checksum. */	83	/* Check checksum. */
84	if (csum_ipv6_magic(&oip6h->saddr, &oip6h->daddr, otcplen, IPPROTO_TCP,	84	if (csum_ipv6_magic(&oip6h->saddr, &oip6h->daddr, otcplen, IPPROTO_TCP,
85	skb_checksum(oldskb, tcphoff, otcplen, 0))) {	85	skb_checksum(oldskb, tcphoff, otcplen, 0))) {
86	pr_debug("ip6t_REJECT: TCP checksum is invalid\n");	86	pr_debug("TCP checksum is invalid\n");
87	return;	87	return;
88	}	88	}
89		89
@@ -107,7 +107,7 @@ static void send_reset(struct net net, struct sk_buff oldskb)
107		107
108	if (!nskb) {	108	if (!nskb) {
109	if (net_ratelimit())	109	if (net_ratelimit())
110	printk("ip6t_REJECT: Can't alloc skb\n");	110	pr_debug("cannot alloc skb\n");
111	dst_release(dst);	111	dst_release(dst);
112	return;	112	return;
113	}	113	}
@@ -206,7 +206,7 @@ reject_tg6(struct sk_buff skb, const struct xt_target_param par)
206	break;	206	break;
207	default:	207	default:
208	if (net_ratelimit())	208	if (net_ratelimit())
209	printk(KERN_WARNING "ip6t_REJECT: case %u not handled yet\n", reject->with);	209	pr_info("case %u not handled yet\n", reject->with);
210	break;	210	break;
211	}	211	}
212		212
@@ -219,13 +219,13 @@ static bool reject_tg6_check(const struct xt_tgchk_param *par)
219	const struct ip6t_entry *e = par->entryinfo;	219	const struct ip6t_entry *e = par->entryinfo;
220		220
221	if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) {	221	if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) {
222	printk("ip6t_REJECT: ECHOREPLY is not supported.\n");	222	pr_info("ECHOREPLY is not supported.\n");
223	return false;	223	return false;
224	} else if (rejinfo->with == IP6T_TCP_RESET) {	224	} else if (rejinfo->with == IP6T_TCP_RESET) {
225	/* Must specify that it's a TCP packet */	225	/* Must specify that it's a TCP packet */
226	if (e->ipv6.proto != IPPROTO_TCP \|\|	226	if (e->ipv6.proto != IPPROTO_TCP \|\|
227	(e->ipv6.invflags & XT_INV_PROTO)) {	227	(e->ipv6.invflags & XT_INV_PROTO)) {
228	printk("ip6t_REJECT: TCP_RESET illegal for non-tcp\n");	228	pr_info("TCP_RESET illegal for non-tcp\n");
229	return false;	229	return false;
230	}	230	}
231	}	231	}


diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c index ac0b7c629d78..4429bfd39e11 100644 --- a/net/ipv6/netfilter/ip6t_ah.c +++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -6,7 +6,7 @@
6	* it under the terms of the GNU General Public License version 2 as	6	* it under the terms of the GNU General Public License version 2 as
7	* published by the Free Software Foundation.	7	* published by the Free Software Foundation.
8	*/	8	*/
9		9	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10	#include <linux/module.h>	10	#include <linux/module.h>
11	#include <linux/skbuff.h>	11	#include <linux/skbuff.h>
12	#include <linux/ip.h>	12	#include <linux/ip.h>
@@ -29,7 +29,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
29	{	29	{
30	bool r;	30	bool r;
31		31
32	pr_debug("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",	32	pr_debug("spi_match:%c 0x%x <= 0x%x <= 0x%x\n",
33	invert ? '!' : ' ', min, spi, max);	33	invert ? '!' : ' ', min, spi, max);
34	r = (spi >= min && spi <= max) ^ invert;	34	r = (spi >= min && spi <= max) ^ invert;
35	pr_debug(" result %s\n", r ? "PASS" : "FAILED");	35	pr_debug(" result %s\n", r ? "PASS" : "FAILED");
@@ -92,7 +92,7 @@ static bool ah_mt6_check(const struct xt_mtchk_param *par)
92	const struct ip6t_ah *ahinfo = par->matchinfo;	92	const struct ip6t_ah *ahinfo = par->matchinfo;
93		93
94	if (ahinfo->invflags & ~IP6T_AH_INV_MASK) {	94	if (ahinfo->invflags & ~IP6T_AH_INV_MASK) {
95	pr_debug("ip6t_ah: unknown flags %X\n", ahinfo->invflags);	95	pr_debug("unknown flags %X\n", ahinfo->invflags);
96	return false;	96	return false;
97	}	97	}
98	return true;	98	return true;


diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c index 7b91c2598ed5..5c0da913b4ab 100644 --- a/net/ipv6/netfilter/ip6t_frag.c +++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -6,7 +6,7 @@
6	* it under the terms of the GNU General Public License version 2 as	6	* it under the terms of the GNU General Public License version 2 as
7	* published by the Free Software Foundation.	7	* published by the Free Software Foundation.
8	*/	8	*/
9		9	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10	#include <linux/module.h>	10	#include <linux/module.h>
11	#include <linux/skbuff.h>	11	#include <linux/skbuff.h>
12	#include <linux/ipv6.h>	12	#include <linux/ipv6.h>
@@ -27,7 +27,7 @@ static inline bool
27	id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)	27	id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
28	{	28	{
29	bool r;	29	bool r;
30	pr_debug("frag id_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ',	30	pr_debug("id_match:%c 0x%x <= 0x%x <= 0x%x\n", invert ? '!' : ' ',
31	min, id, max);	31	min, id, max);
32	r = (id >= min && id <= max) ^ invert;	32	r = (id >= min && id <= max) ^ invert;
33	pr_debug(" result %s\n", r ? "PASS" : "FAILED");	33	pr_debug(" result %s\n", r ? "PASS" : "FAILED");
@@ -107,7 +107,7 @@ static bool frag_mt6_check(const struct xt_mtchk_param *par)
107	const struct ip6t_frag *fraginfo = par->matchinfo;	107	const struct ip6t_frag *fraginfo = par->matchinfo;
108		108
109	if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) {	109	if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) {
110	pr_debug("ip6t_frag: unknown flags %X\n", fraginfo->invflags);	110	pr_debug("unknown flags %X\n", fraginfo->invflags);
111	return false;	111	return false;
112	}	112	}
113	return true;	113	return true;


diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c index 82593c8bdc3e..f4b73889d00a 100644 --- a/net/ipv6/netfilter/ip6t_hbh.c +++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -6,7 +6,7 @@
6	* it under the terms of the GNU General Public License version 2 as	6	* it under the terms of the GNU General Public License version 2 as
7	* published by the Free Software Foundation.	7	* published by the Free Software Foundation.
8	*/	8	*/
9		9	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10	#include <linux/module.h>	10	#include <linux/module.h>
11	#include <linux/skbuff.h>	11	#include <linux/skbuff.h>
12	#include <linux/ipv6.h>	12	#include <linux/ipv6.h>
@@ -169,12 +169,12 @@ static bool hbh_mt6_check(const struct xt_mtchk_param *par)
169	const struct ip6t_opts *optsinfo = par->matchinfo;	169	const struct ip6t_opts *optsinfo = par->matchinfo;
170		170
171	if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {	171	if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
172	pr_debug("ip6t_opts: unknown flags %X\n", optsinfo->invflags);	172	pr_debug("unknown flags %X\n", optsinfo->invflags);
173	return false;	173	return false;
174	}	174	}
175		175
176	if (optsinfo->flags & IP6T_OPTS_NSTRICT) {	176	if (optsinfo->flags & IP6T_OPTS_NSTRICT) {
177	pr_debug("ip6t_opts: Not strict - not implemented");	177	pr_debug("Not strict - not implemented");
178	return false;	178	return false;
179	}	179	}
180		180


diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c index b77307fc8743..c58d65336577 100644 --- a/net/ipv6/netfilter/ip6t_rt.c +++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -6,7 +6,7 @@
6	* it under the terms of the GNU General Public License version 2 as	6	* it under the terms of the GNU General Public License version 2 as
7	* published by the Free Software Foundation.	7	* published by the Free Software Foundation.
8	*/	8	*/
9		9	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10	#include <linux/module.h>	10	#include <linux/module.h>
11	#include <linux/skbuff.h>	11	#include <linux/skbuff.h>
12	#include <linux/ipv6.h>	12	#include <linux/ipv6.h>
@@ -29,7 +29,7 @@ static inline bool
29	segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)	29	segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
30	{	30	{
31	bool r;	31	bool r;
32	pr_debug("rt segsleft_match:%c 0x%x <= 0x%x <= 0x%x",	32	pr_debug("segsleft_match:%c 0x%x <= 0x%x <= 0x%x\n",
33	invert ? '!' : ' ', min, id, max);	33	invert ? '!' : ' ', min, id, max);
34	r = (id >= min && id <= max) ^ invert;	34	r = (id >= min && id <= max) ^ invert;
35	pr_debug(" result %s\n", r ? "PASS" : "FAILED");	35	pr_debug(" result %s\n", r ? "PASS" : "FAILED");
@@ -188,7 +188,7 @@ static bool rt_mt6_check(const struct xt_mtchk_param *par)
188	const struct ip6t_rt *rtinfo = par->matchinfo;	188	const struct ip6t_rt *rtinfo = par->matchinfo;
189		189
190	if (rtinfo->invflags & ~IP6T_RT_INV_MASK) {	190	if (rtinfo->invflags & ~IP6T_RT_INV_MASK) {
191	pr_debug("ip6t_rt: unknown flags %X\n", rtinfo->invflags);	191	pr_debug("unknown flags %X\n", rtinfo->invflags);
192	return false;	192	return false;
193	}	193	}
194	if ((rtinfo->flags & (IP6T_RT_RES \| IP6T_RT_FST_MASK)) &&	194	if ((rtinfo->flags & (IP6T_RT_RES \| IP6T_RT_FST_MASK)) &&