Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6

14 files changed, 81 insertions, 105 deletions

diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index 8656eb75520c..8c201743d96d 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -462,7 +462,6 @@ __ipq_rcv_skb(struct sk_buff *skb)
 
         if (flags & NLM_F_ACK)
                 netlink_ack(skb, nlh, 0);
-        return;
 }
 
 static void
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 7afa11773164..6f517bd83692 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -52,12 +52,7 @@ MODULE_DESCRIPTION("IPv6 packet filter");
 #endif
 
 #ifdef CONFIG_NETFILTER_DEBUG
-#define IP_NF_ASSERT(x)                                         \
-do {                                                            \
-        if (!(x))                                               \
-                printk("IP_NF_ASSERT: %s:%s:%u\n",              \
-                       __func__, __FILE__, __LINE__);   \
-} while(0)
+#define IP_NF_ASSERT(x) WARN_ON(!(x))
 #else
 #define IP_NF_ASSERT(x)
 #endif
@@ -197,7 +192,7 @@ ip6_checkentry(const struct ip6t_ip6 *ipv6)
 }
 
 static unsigned int
-ip6t_error(struct sk_buff *skb, const struct xt_target_param *par)
+ip6t_error(struct sk_buff *skb, const struct xt_action_param *par)
 {
         if (net_ratelimit())
                 pr_info("error: `%s'\n", (const char *)par->targinfo);
@@ -205,21 +200,6 @@ ip6t_error(struct sk_buff *skb, const struct xt_target_param *par)
         return NF_DROP;
 }
 
-/* Performance critical - called for every packet */
-static inline bool
-do_match(const struct ip6t_entry_match *m, const struct sk_buff *skb,
-         struct xt_match_param *par)
-{
-        par->match     = m->u.kernel.match;
-        par->matchinfo = m->data;
-
-        /* Stop iteration if it doesn't match */
-        if (!m->u.kernel.match->match(skb, par))
-                return true;
-        else
-                return false;
-}
-
 static inline struct ip6t_entry *
 get_entry(const void *base, unsigned int offset)
 {
@@ -352,7 +332,6 @@ ip6t_do_table(struct sk_buff *skb,
               struct xt_table *table)
 {
         static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));
-        bool hotdrop = false;
         /* Initializing verdict to NF_DROP keeps gcc happy. */
         unsigned int verdict = NF_DROP;
         const char *indev, *outdev;
@@ -360,8 +339,7 @@ ip6t_do_table(struct sk_buff *skb,
         struct ip6t_entry *e, **jumpstack;
         unsigned int *stackptr, origptr, cpu;
         const struct xt_table_info *private;
-        struct xt_match_param mtpar;
-        struct xt_target_param tgpar;
+        struct xt_action_param acpar;
 
         /* Initialization */
         indev = in ? in->name : nulldevname;
@@ -372,11 +350,11 @@ ip6t_do_table(struct sk_buff *skb,
          * things we don't know, ie. tcp syn flag or ports).  If the
          * rule is also a fragment-specific rule, non-fragments won't
          * match it. */
-        mtpar.hotdrop = &hotdrop;
-        mtpar.in      = tgpar.in  = in;
-        mtpar.out     = tgpar.out = out;
-        mtpar.family  = tgpar.family = NFPROTO_IPV6;
-        mtpar.hooknum = tgpar.hooknum = hook;
+        acpar.hotdrop = false;
+        acpar.in      = in;
+        acpar.out     = out;
+        acpar.family  = NFPROTO_IPV6;
+        acpar.hooknum = hook;
 
         IP_NF_ASSERT(table->valid_hooks & (1 << hook));
 
@@ -396,15 +374,18 @@ ip6t_do_table(struct sk_buff *skb,
 
                 IP_NF_ASSERT(e);
                 if (!ip6_packet_match(skb, indev, outdev, &e->ipv6,
-                    &mtpar.thoff, &mtpar.fragoff, &hotdrop)) {
+                    &acpar.thoff, &acpar.fragoff, &acpar.hotdrop)) {
  no_match:
                         e = ip6t_next_entry(e);
                         continue;
                 }
 
-                xt_ematch_foreach(ematch, e)
-                        if (do_match(ematch, skb, &mtpar) != 0)
+                xt_ematch_foreach(ematch, e) {
+                        acpar.match     = ematch->u.kernel.match;
+                        acpar.matchinfo = ematch->data;
+                        if (!acpar.match->match(skb, &acpar))
                                 goto no_match;
+                }
 
                 ADD_COUNTER(e->counters,
                             ntohs(ipv6_hdr(skb)->payload_len) +
@@ -451,16 +432,16 @@ ip6t_do_table(struct sk_buff *skb,
                         continue;
                 }
 
-                tgpar.target   = t->u.kernel.target;
-                tgpar.targinfo = t->data;
+                acpar.target   = t->u.kernel.target;
+                acpar.targinfo = t->data;
 
-                verdict = t->u.kernel.target->target(skb, &tgpar);
+                verdict = t->u.kernel.target->target(skb, &acpar);
                 if (verdict == IP6T_CONTINUE)
                         e = ip6t_next_entry(e);
                 else
                         /* Verdict */
                         break;
-        } while (!hotdrop);
+        } while (!acpar.hotdrop);
 
         xt_info_rdunlock_bh();
         *stackptr = origptr;
@@ -468,7 +449,7 @@ ip6t_do_table(struct sk_buff *skb,
 #ifdef DEBUG_ALLOW_ALL
         return NF_ACCEPT;
 #else
-        if (hotdrop)
+        if (acpar.hotdrop)
                 return NF_DROP;
         else return verdict;
 #endif
@@ -500,7 +481,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
                         int visited = e->comefrom & (1 << hook);
 
                         if (e->comefrom & (1 << NF_INET_NUMHOOKS)) {
-                                printk("iptables: loop hook %u pos %u %08X.\n",
+                                pr_err("iptables: loop hook %u pos %u %08X.\n",
                                        hook, pos, e->comefrom);
                                 return 0;
                         }
@@ -2167,7 +2148,7 @@ icmp6_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code,
 }
 
 static bool
-icmp6_match(const struct sk_buff *skb, const struct xt_match_param *par)
+icmp6_match(const struct sk_buff *skb, struct xt_action_param *par)
 {
         const struct icmp6hdr *ic;
         struct icmp6hdr _icmph;
@@ -2183,7 +2164,7 @@ icmp6_match(const struct sk_buff *skb, const struct xt_match_param *par)
                  * can't.  Hence, no choice but to drop.
                  */
                 duprintf("Dropping evil ICMP tinygram.\n");
-                *par->hotdrop = true;
+                par->hotdrop = true;
                 return false;
         }
 
@@ -2204,22 +2185,23 @@ static int icmp6_checkentry(const struct xt_mtchk_param *par)
 }
 
 /* The built-in targets: standard (NULL) and error. */
-static struct xt_target ip6t_standard_target __read_mostly = {
-        .name           = IP6T_STANDARD_TARGET,
-        .targetsize     = sizeof(int),
-        .family         = NFPROTO_IPV6,
+static struct xt_target ip6t_builtin_tg[] __read_mostly = {
+        {
+                .name             = IP6T_STANDARD_TARGET,
+                .targetsize       = sizeof(int),
+                .family           = NFPROTO_IPV6,
 #ifdef CONFIG_COMPAT
-        .compatsize     = sizeof(compat_int_t),
-        .compat_from_user = compat_standard_from_user,
-        .compat_to_user = compat_standard_to_user,
+                .compatsize       = sizeof(compat_int_t),
+                .compat_from_user = compat_standard_from_user,
+                .compat_to_user   = compat_standard_to_user,
 #endif
-};
-
-static struct xt_target ip6t_error_target __read_mostly = {
-        .name           = IP6T_ERROR_TARGET,
-        .target         = ip6t_error,
-        .targetsize     = IP6T_FUNCTION_MAXNAMELEN,
-        .family         = NFPROTO_IPV6,
+        },
+        {
+                .name             = IP6T_ERROR_TARGET,
+                .target           = ip6t_error,
+                .targetsize       = IP6T_FUNCTION_MAXNAMELEN,
+                .family           = NFPROTO_IPV6,
+        },
 };
 
 static struct nf_sockopt_ops ip6t_sockopts = {
@@ -2239,13 +2221,15 @@ static struct nf_sockopt_ops ip6t_sockopts = {
         .owner          = THIS_MODULE,
 };
 
-static struct xt_match icmp6_matchstruct __read_mostly = {
-        .name           = "icmp6",
-        .match          = icmp6_match,
-        .matchsize      = sizeof(struct ip6t_icmp),
-        .checkentry     = icmp6_checkentry,
-        .proto          = IPPROTO_ICMPV6,
-        .family         = NFPROTO_IPV6,
+static struct xt_match ip6t_builtin_mt[] __read_mostly = {
+        {
+                .name       = "icmp6",
+                .match      = icmp6_match,
+                .matchsize  = sizeof(struct ip6t_icmp),
+                .checkentry = icmp6_checkentry,
+                .proto      = IPPROTO_ICMPV6,
+                .family     = NFPROTO_IPV6,
+        },
 };
 
 static int __net_init ip6_tables_net_init(struct net *net)
@@ -2272,13 +2256,10 @@ static int __init ip6_tables_init(void)
                 goto err1;
 
         /* Noone else will be downing sem now, so we won't sleep */
-        ret = xt_register_target(&ip6t_standard_target);
+        ret = xt_register_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg));
         if (ret < 0)
                 goto err2;
-        ret = xt_register_target(&ip6t_error_target);
-        if (ret < 0)
-                goto err3;
-        ret = xt_register_match(&icmp6_matchstruct);
+        ret = xt_register_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt));
         if (ret < 0)
                 goto err4;
 
@@ -2291,11 +2272,9 @@ static int __init ip6_tables_init(void)
         return 0;
 
 err5:
-        xt_unregister_match(&icmp6_matchstruct);
+        xt_unregister_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt));
 err4:
-        xt_unregister_target(&ip6t_error_target);
-err3:
-        xt_unregister_target(&ip6t_standard_target);
+        xt_unregister_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg));
 err2:
         unregister_pernet_subsys(&ip6_tables_net_ops);
 err1:
@@ -2306,10 +2285,8 @@ static void __exit ip6_tables_fini(void)
 {
         nf_unregister_sockopt(&ip6t_sockopts);
 
-        xt_unregister_match(&icmp6_matchstruct);
-        xt_unregister_target(&ip6t_error_target);
-        xt_unregister_target(&ip6t_standard_target);
-
+        xt_unregister_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt));
+        xt_unregister_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg));
         unregister_pernet_subsys(&ip6_tables_net_ops);
 }
 
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
index 1f47a525f484..af4ee11f2066 100644
--- a/net/ipv6/netfilter/ip6t_LOG.c
+++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -436,7 +436,7 @@ ip6t_log_packet(u_int8_t pf,
 }
 
 static unsigned int
-log_tg6(struct sk_buff *skb, const struct xt_target_param *par)
+log_tg6(struct sk_buff *skb, const struct xt_action_param *par)
 {
         const struct ip6t_log_info *loginfo = par->targinfo;
         struct nf_loginfo li;
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index af1d6494ac39..47d227713758 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -175,7 +175,7 @@ send_unreach(struct net *net, struct sk_buff *skb_in, unsigned char code,
 }
 
 static unsigned int
-reject_tg6(struct sk_buff *skb, const struct xt_target_param *par)
+reject_tg6(struct sk_buff *skb, const struct xt_action_param *par)
 {
         const struct ip6t_reject_info *reject = par->targinfo;
         struct net *net = dev_net((par->in != NULL) ? par->in : par->out);
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c
index 1580693c86c1..89cccc5a9c92 100644
--- a/net/ipv6/netfilter/ip6t_ah.c
+++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -36,7 +36,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
         return r;
 }
 
-static bool ah_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
+static bool ah_mt6(const struct sk_buff *skb, struct xt_action_param *par)
 {
         struct ip_auth_hdr _ah;
         const struct ip_auth_hdr *ah;
@@ -48,13 +48,13 @@ static bool ah_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
         err = ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL);
         if (err < 0) {
                 if (err != -ENOENT)
-                        *par->hotdrop = true;
+                        par->hotdrop = true;
                 return false;
         }
 
         ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
         if (ah == NULL) {
-                *par->hotdrop = true;
+                par->hotdrop = true;
                 return false;
         }
 
diff --git a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c
index ca287f6d2bce..aab0706908c5 100644
--- a/net/ipv6/netfilter/ip6t_eui64.c
+++ b/net/ipv6/netfilter/ip6t_eui64.c
@@ -20,14 +20,14 @@ MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
 
 static bool
-eui64_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
+eui64_mt6(const struct sk_buff *skb, struct xt_action_param *par)
 {
         unsigned char eui64[8];
 
         if (!(skb_mac_header(skb) >= skb->head &&
               skb_mac_header(skb) + ETH_HLEN <= skb->data) &&
             par->fragoff != 0) {
-                *par->hotdrop = true;
+                par->hotdrop = true;
                 return false;
         }
 
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c
index a5daf0ffb4ec..eda898fda6ca 100644
--- a/net/ipv6/netfilter/ip6t_frag.c
+++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -35,7 +35,7 @@ id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
 }
 
 static bool
-frag_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
+frag_mt6(const struct sk_buff *skb, struct xt_action_param *par)
 {
         struct frag_hdr _frag;
         const struct frag_hdr *fh;
@@ -46,13 +46,13 @@ frag_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
         err = ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL);
         if (err < 0) {
                 if (err != -ENOENT)
-                        *par->hotdrop = true;
+                        par->hotdrop = true;
                 return false;
         }
 
         fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
         if (fh == NULL) {
-                *par->hotdrop = true;
+                par->hotdrop = true;
                 return false;
         }
 
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c
index e424e7c8f824..59df051eaef6 100644
--- a/net/ipv6/netfilter/ip6t_hbh.c
+++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -44,7 +44,7 @@ MODULE_ALIAS("ip6t_dst");
 static struct xt_match hbh_mt6_reg[] __read_mostly;
 
 static bool
-hbh_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
+hbh_mt6(const struct sk_buff *skb, struct xt_action_param *par)
 {
         struct ipv6_opt_hdr _optsh;
         const struct ipv6_opt_hdr *oh;
@@ -65,13 +65,13 @@ hbh_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
                             NEXTHDR_HOP : NEXTHDR_DEST, NULL);
         if (err < 0) {
                 if (err != -ENOENT)
-                        *par->hotdrop = true;
+                        par->hotdrop = true;
                 return false;
         }
 
         oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
         if (oh == NULL) {
-                *par->hotdrop = true;
+                par->hotdrop = true;
                 return false;
         }
 
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c
index 46fbabb493fa..54bd9790603f 100644
--- a/net/ipv6/netfilter/ip6t_ipv6header.c
+++ b/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -27,7 +27,7 @@ MODULE_DESCRIPTION("Xtables: IPv6 header types match");
 MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
 
 static bool
-ipv6header_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
+ipv6header_mt6(const struct sk_buff *skb, struct xt_action_param *par)
 {
         const struct ip6t_ipv6header_info *info = par->matchinfo;
         unsigned int temp;
diff --git a/net/ipv6/netfilter/ip6t_mh.c b/net/ipv6/netfilter/ip6t_mh.c
index c9f443e0138f..0c90c66b1992 100644
--- a/net/ipv6/netfilter/ip6t_mh.c
+++ b/net/ipv6/netfilter/ip6t_mh.c
@@ -32,7 +32,7 @@ type_match(u_int8_t min, u_int8_t max, u_int8_t type, bool invert)
         return (type >= min && type <= max) ^ invert;
 }
 
-static bool mh_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
+static bool mh_mt6(const struct sk_buff *skb, struct xt_action_param *par)
 {
         struct ip6_mh _mh;
         const struct ip6_mh *mh;
@@ -47,14 +47,14 @@ static bool mh_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
                 /* We've been asked to examine this packet, and we
                    can't.  Hence, no choice but to drop. */
                 pr_debug("Dropping evil MH tinygram.\n");
-                *par->hotdrop = true;
+                par->hotdrop = true;
                 return false;
         }
 
         if (mh->ip6mh_proto != IPPROTO_NONE) {
                 pr_debug("Dropping invalid MH Payload Proto: %u\n",
                          mh->ip6mh_proto);
-                *par->hotdrop = true;
+                par->hotdrop = true;
                 return false;
         }
 
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index 09322720d2a6..d8488c50a8e0 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -36,7 +36,7 @@ segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
         return r;
 }
 
-static bool rt_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
+static bool rt_mt6(const struct sk_buff *skb, struct xt_action_param *par)
 {
         struct ipv6_rt_hdr _route;
         const struct ipv6_rt_hdr *rh;
@@ -52,13 +52,13 @@ static bool rt_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
         err = ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL);
         if (err < 0) {
                 if (err != -ENOENT)
-                        *par->hotdrop = true;
+                        par->hotdrop = true;
                 return false;
         }
 
         rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
         if (rh == NULL) {
-                *par->hotdrop = true;
+                par->hotdrop = true;
                 return false;
         }
 
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c
index d6fc9aff3163..c9e37c8fd62c 100644
--- a/net/ipv6/netfilter/ip6table_filter.c
+++ b/net/ipv6/netfilter/ip6table_filter.c
@@ -81,7 +81,7 @@ static int __init ip6table_filter_init(void)
         int ret;
 
         if (forward < 0 || forward > NF_MAX_VERDICT) {
-                printk("iptables forward must be 0 or 1\n");
+                pr_err("iptables forward must be 0 or 1\n");
                 return -EINVAL;
         }
 
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c
index 6a102b57f356..679a0a3b7b3c 100644
--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -43,7 +43,7 @@ ip6t_mangle_out(struct sk_buff *skb, const struct net_device *out)
         if (skb->len < sizeof(struct iphdr) ||
             ip_hdrlen(skb) < sizeof(struct iphdr)) {
                 if (net_ratelimit())
-                        printk("ip6t_hook: happy cracking.\n");
+                        pr_warning("ip6t_hook: happy cracking.\n");
                 return NF_ACCEPT;
         }
 #endif
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index 996c3f41fecd..ff43461704be 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -280,7 +280,7 @@ static unsigned int ipv6_conntrack_local(unsigned int hooknum,
         /* root is playing with raw sockets. */
         if (skb->len < sizeof(struct ipv6hdr)) {
                 if (net_ratelimit())
-                        printk("ipv6_conntrack_local: packet too short\n");
+                        pr_notice("ipv6_conntrack_local: packet too short\n");
                 return NF_ACCEPT;
         }
         return __ipv6_conntrack_in(dev_net(out), hooknum, skb, okfn);
@@ -406,37 +406,37 @@ static int __init nf_conntrack_l3proto_ipv6_init(void)
 
         ret = nf_ct_frag6_init();
         if (ret < 0) {
-                printk("nf_conntrack_ipv6: can't initialize frag6.\n");
+                pr_err("nf_conntrack_ipv6: can't initialize frag6.\n");
                 return ret;
         }
         ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_tcp6);
         if (ret < 0) {
-                printk("nf_conntrack_ipv6: can't register tcp.\n");
+                pr_err("nf_conntrack_ipv6: can't register tcp.\n");
                 goto cleanup_frag6;
         }
 
         ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_udp6);
         if (ret < 0) {
-                printk("nf_conntrack_ipv6: can't register udp.\n");
+                pr_err("nf_conntrack_ipv6: can't register udp.\n");
                 goto cleanup_tcp;
         }
 
         ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_icmpv6);
         if (ret < 0) {
-                printk("nf_conntrack_ipv6: can't register icmpv6.\n");
+                pr_err("nf_conntrack_ipv6: can't register icmpv6.\n");
                 goto cleanup_udp;
         }
 
         ret = nf_conntrack_l3proto_register(&nf_conntrack_l3proto_ipv6);
         if (ret < 0) {
-                printk("nf_conntrack_ipv6: can't register ipv6\n");
+                pr_err("nf_conntrack_ipv6: can't register ipv6\n");
                 goto cleanup_icmpv6;
         }
 
         ret = nf_register_hooks(ipv6_conntrack_ops,
                                 ARRAY_SIZE(ipv6_conntrack_ops));
         if (ret < 0) {
-                printk("nf_conntrack_ipv6: can't register pre-routing defrag "
+                pr_err("nf_conntrack_ipv6: can't register pre-routing defrag "
                        "hook.\n");
                 goto cleanup_ipv6;
         }