diff options
author | David S. Miller <davem@davemloft.net> | 2013-04-19 17:55:29 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2013-04-19 17:55:29 -0400 |
commit | 95a06161e6b903ad5b96285cb57c8df3b7c8ad34 (patch) | |
tree | 38aceebbb625e4b5186d8c8afe85f9c73ccd6478 /net | |
parent | bb5b052f751b309b5181686741c724a66c5cb15a (diff) | |
parent | d37d696804a83479f240b397670a07ccb53a7417 (diff) |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says:
====================
The following patchset contains a small batch of Netfilter
updates for your net-next tree, they are:
* Three patches that provide more accurate error reporting to
user-space, instead of -EPERM, in IPv4/IPv6 netfilter re-routing
code and NAT, from Patrick McHardy.
* Update copyright statements in Netfilter filters of
Patrick McHardy, from himself.
* Add Kconfig dependency on the raw/mangle tables to the
rpfilter, from Florian Westphal.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
47 files changed, 122 insertions, 40 deletions
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c index 4c0cf63dd92e..c3e0adea9c27 100644 --- a/net/ipv4/netfilter.c +++ b/net/ipv4/netfilter.c | |||
@@ -1,4 +1,9 @@ | |||
1 | /* IPv4 specific functions of netfilter core */ | 1 | /* |
2 | * IPv4 specific functions of netfilter core | ||
3 | * | ||
4 | * Rusty Russell (C) 2000 -- This code is GPL. | ||
5 | * Patrick McHardy (C) 2006-2012 | ||
6 | */ | ||
2 | #include <linux/kernel.h> | 7 | #include <linux/kernel.h> |
3 | #include <linux/netfilter.h> | 8 | #include <linux/netfilter.h> |
4 | #include <linux/netfilter_ipv4.h> | 9 | #include <linux/netfilter_ipv4.h> |
@@ -40,14 +45,14 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned int addr_type) | |||
40 | fl4.flowi4_flags = flags; | 45 | fl4.flowi4_flags = flags; |
41 | rt = ip_route_output_key(net, &fl4); | 46 | rt = ip_route_output_key(net, &fl4); |
42 | if (IS_ERR(rt)) | 47 | if (IS_ERR(rt)) |
43 | return -1; | 48 | return PTR_ERR(rt); |
44 | 49 | ||
45 | /* Drop old route. */ | 50 | /* Drop old route. */ |
46 | skb_dst_drop(skb); | 51 | skb_dst_drop(skb); |
47 | skb_dst_set(skb, &rt->dst); | 52 | skb_dst_set(skb, &rt->dst); |
48 | 53 | ||
49 | if (skb_dst(skb)->error) | 54 | if (skb_dst(skb)->error) |
50 | return -1; | 55 | return skb_dst(skb)->error; |
51 | 56 | ||
52 | #ifdef CONFIG_XFRM | 57 | #ifdef CONFIG_XFRM |
53 | if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) && | 58 | if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) && |
@@ -56,7 +61,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned int addr_type) | |||
56 | skb_dst_set(skb, NULL); | 61 | skb_dst_set(skb, NULL); |
57 | dst = xfrm_lookup(net, dst, flowi4_to_flowi(&fl4), skb->sk, 0); | 62 | dst = xfrm_lookup(net, dst, flowi4_to_flowi(&fl4), skb->sk, 0); |
58 | if (IS_ERR(dst)) | 63 | if (IS_ERR(dst)) |
59 | return -1; | 64 | return PTR_ERR(dst);; |
60 | skb_dst_set(skb, dst); | 65 | skb_dst_set(skb, dst); |
61 | } | 66 | } |
62 | #endif | 67 | #endif |
@@ -66,7 +71,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned int addr_type) | |||
66 | if (skb_headroom(skb) < hh_len && | 71 | if (skb_headroom(skb) < hh_len && |
67 | pskb_expand_head(skb, HH_DATA_ALIGN(hh_len - skb_headroom(skb)), | 72 | pskb_expand_head(skb, HH_DATA_ALIGN(hh_len - skb_headroom(skb)), |
68 | 0, GFP_ATOMIC)) | 73 | 0, GFP_ATOMIC)) |
69 | return -1; | 74 | return -ENOMEM; |
70 | 75 | ||
71 | return 0; | 76 | return 0; |
72 | } | 77 | } |
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index 0d755c50994b..e7916c193932 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig | |||
@@ -71,7 +71,7 @@ config IP_NF_MATCH_ECN | |||
71 | 71 | ||
72 | config IP_NF_MATCH_RPFILTER | 72 | config IP_NF_MATCH_RPFILTER |
73 | tristate '"rpfilter" reverse path filter match support' | 73 | tristate '"rpfilter" reverse path filter match support' |
74 | depends on NETFILTER_ADVANCED | 74 | depends on NETFILTER_ADVANCED && (IP_NF_MANGLE || IP_NF_RAW) |
75 | ---help--- | 75 | ---help--- |
76 | This option allows you to match packets whose replies would | 76 | This option allows you to match packets whose replies would |
77 | go out via the interface the packet came in. | 77 | go out via the interface the packet came in. |
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 7dc6a9743592..85a4f21aac1a 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -6,6 +6,7 @@ | |||
6 | * Some ARP specific bits are: | 6 | * Some ARP specific bits are: |
7 | * | 7 | * |
8 | * Copyright (C) 2002 David S. Miller (davem@redhat.com) | 8 | * Copyright (C) 2002 David S. Miller (davem@redhat.com) |
9 | * Copyright (C) 2006-2009 Patrick McHardy <kaber@trash.net> | ||
9 | * | 10 | * |
10 | */ | 11 | */ |
11 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | 12 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index e391db1f056d..d23118d95ff9 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -3,6 +3,7 @@ | |||
3 | * | 3 | * |
4 | * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling | 4 | * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling |
5 | * Copyright (C) 2000-2005 Netfilter Core Team <coreteam@netfilter.org> | 5 | * Copyright (C) 2000-2005 Netfilter Core Team <coreteam@netfilter.org> |
6 | * Copyright (C) 2006-2010 Patrick McHardy <kaber@trash.net> | ||
6 | * | 7 | * |
7 | * This program is free software; you can redistribute it and/or modify | 8 | * This program is free software; you can redistribute it and/or modify |
8 | * it under the terms of the GNU General Public License version 2 as | 9 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index 8799c836ccaa..f8a222cb6448 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c | |||
@@ -4,6 +4,7 @@ | |||
4 | * (C) 2000-2004 by Harald Welte <laforge@netfilter.org> | 4 | * (C) 2000-2004 by Harald Welte <laforge@netfilter.org> |
5 | * (C) 1999-2001 Paul `Rusty' Russell | 5 | * (C) 1999-2001 Paul `Rusty' Russell |
6 | * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> | 6 | * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> |
7 | * (C) 2005-2007 Patrick McHardy <kaber@trash.net> | ||
7 | * | 8 | * |
8 | * This program is free software; you can redistribute it and/or modify | 9 | * This program is free software; you can redistribute it and/or modify |
9 | * it under the terms of the GNU General Public License version 2 as | 10 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index 85d88f206447..cba5658ec82c 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c | |||
@@ -44,6 +44,7 @@ ipt_mangle_out(struct sk_buff *skb, const struct net_device *out) | |||
44 | u_int8_t tos; | 44 | u_int8_t tos; |
45 | __be32 saddr, daddr; | 45 | __be32 saddr, daddr; |
46 | u_int32_t mark; | 46 | u_int32_t mark; |
47 | int err; | ||
47 | 48 | ||
48 | /* root is playing with raw sockets. */ | 49 | /* root is playing with raw sockets. */ |
49 | if (skb->len < sizeof(struct iphdr) || | 50 | if (skb->len < sizeof(struct iphdr) || |
@@ -66,9 +67,11 @@ ipt_mangle_out(struct sk_buff *skb, const struct net_device *out) | |||
66 | if (iph->saddr != saddr || | 67 | if (iph->saddr != saddr || |
67 | iph->daddr != daddr || | 68 | iph->daddr != daddr || |
68 | skb->mark != mark || | 69 | skb->mark != mark || |
69 | iph->tos != tos) | 70 | iph->tos != tos) { |
70 | if (ip_route_me_harder(skb, RTN_UNSPEC)) | 71 | err = ip_route_me_harder(skb, RTN_UNSPEC); |
71 | ret = NF_DROP; | 72 | if (err < 0) |
73 | ret = NF_DROP_ERR(err); | ||
74 | } | ||
72 | } | 75 | } |
73 | 76 | ||
74 | return ret; | 77 | return ret; |
diff --git a/net/ipv4/netfilter/iptable_nat.c b/net/ipv4/netfilter/iptable_nat.c index eeaff7e4acb5..6383273d54e1 100644 --- a/net/ipv4/netfilter/iptable_nat.c +++ b/net/ipv4/netfilter/iptable_nat.c | |||
@@ -176,6 +176,7 @@ nf_nat_ipv4_out(unsigned int hooknum, | |||
176 | #ifdef CONFIG_XFRM | 176 | #ifdef CONFIG_XFRM |
177 | const struct nf_conn *ct; | 177 | const struct nf_conn *ct; |
178 | enum ip_conntrack_info ctinfo; | 178 | enum ip_conntrack_info ctinfo; |
179 | int err; | ||
179 | #endif | 180 | #endif |
180 | unsigned int ret; | 181 | unsigned int ret; |
181 | 182 | ||
@@ -195,9 +196,11 @@ nf_nat_ipv4_out(unsigned int hooknum, | |||
195 | ct->tuplehash[!dir].tuple.dst.u3.ip) || | 196 | ct->tuplehash[!dir].tuple.dst.u3.ip) || |
196 | (ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP && | 197 | (ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP && |
197 | ct->tuplehash[dir].tuple.src.u.all != | 198 | ct->tuplehash[dir].tuple.src.u.all != |
198 | ct->tuplehash[!dir].tuple.dst.u.all)) | 199 | ct->tuplehash[!dir].tuple.dst.u.all)) { |
199 | if (nf_xfrm_me_harder(skb, AF_INET) < 0) | 200 | err = nf_xfrm_me_harder(skb, AF_INET); |
200 | ret = NF_DROP; | 201 | if (err < 0) |
202 | ret = NF_DROP_ERR(err); | ||
203 | } | ||
201 | } | 204 | } |
202 | #endif | 205 | #endif |
203 | return ret; | 206 | return ret; |
@@ -213,6 +216,7 @@ nf_nat_ipv4_local_fn(unsigned int hooknum, | |||
213 | const struct nf_conn *ct; | 216 | const struct nf_conn *ct; |
214 | enum ip_conntrack_info ctinfo; | 217 | enum ip_conntrack_info ctinfo; |
215 | unsigned int ret; | 218 | unsigned int ret; |
219 | int err; | ||
216 | 220 | ||
217 | /* root is playing with raw sockets. */ | 221 | /* root is playing with raw sockets. */ |
218 | if (skb->len < sizeof(struct iphdr) || | 222 | if (skb->len < sizeof(struct iphdr) || |
@@ -226,16 +230,19 @@ nf_nat_ipv4_local_fn(unsigned int hooknum, | |||
226 | 230 | ||
227 | if (ct->tuplehash[dir].tuple.dst.u3.ip != | 231 | if (ct->tuplehash[dir].tuple.dst.u3.ip != |
228 | ct->tuplehash[!dir].tuple.src.u3.ip) { | 232 | ct->tuplehash[!dir].tuple.src.u3.ip) { |
229 | if (ip_route_me_harder(skb, RTN_UNSPEC)) | 233 | err = ip_route_me_harder(skb, RTN_UNSPEC); |
230 | ret = NF_DROP; | 234 | if (err < 0) |
235 | ret = NF_DROP_ERR(err); | ||
231 | } | 236 | } |
232 | #ifdef CONFIG_XFRM | 237 | #ifdef CONFIG_XFRM |
233 | else if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) && | 238 | else if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) && |
234 | ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP && | 239 | ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP && |
235 | ct->tuplehash[dir].tuple.dst.u.all != | 240 | ct->tuplehash[dir].tuple.dst.u.all != |
236 | ct->tuplehash[!dir].tuple.src.u.all) | 241 | ct->tuplehash[!dir].tuple.src.u.all) { |
237 | if (nf_xfrm_me_harder(skb, AF_INET) < 0) | 242 | err = nf_xfrm_me_harder(skb, AF_INET); |
238 | ret = NF_DROP; | 243 | if (err < 0) |
244 | ret = NF_DROP_ERR(err); | ||
245 | } | ||
239 | #endif | 246 | #endif |
240 | } | 247 | } |
241 | return ret; | 248 | return ret; |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 2820aa18b542..567d84168bd2 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
@@ -1,6 +1,7 @@ | |||
1 | 1 | ||
2 | /* (C) 1999-2001 Paul `Rusty' Russell | 2 | /* (C) 1999-2001 Paul `Rusty' Russell |
3 | * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> | 3 | * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> |
4 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
4 | * | 5 | * |
5 | * This program is free software; you can redistribute it and/or modify | 6 | * This program is free software; you can redistribute it and/or modify |
6 | * it under the terms of the GNU General Public License version 2 as | 7 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c index f2ca12794081..4c48e434bb1f 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | |||
@@ -2,6 +2,7 @@ | |||
2 | * | 2 | * |
3 | * (C) 1999-2001 Paul `Rusty' Russell | 3 | * (C) 1999-2001 Paul `Rusty' Russell |
4 | * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> | 4 | * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> |
5 | * (C) 2006-2010 Patrick McHardy <kaber@trash.net> | ||
5 | * | 6 | * |
6 | * This program is free software; you can redistribute it and/or modify | 7 | * This program is free software; you can redistribute it and/or modify |
7 | * it under the terms of the GNU General Public License version 2 as | 8 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c index c2cd63d2d892..a338dad41b7d 100644 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c | |||
@@ -1,5 +1,6 @@ | |||
1 | /* (C) 1999-2001 Paul `Rusty' Russell | 1 | /* (C) 1999-2001 Paul `Rusty' Russell |
2 | * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> | 2 | * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> |
3 | * (C) 2006-2010 Patrick McHardy <kaber@trash.net> | ||
3 | * | 4 | * |
4 | * This program is free software; you can redistribute it and/or modify | 5 | * This program is free software; you can redistribute it and/or modify |
5 | * it under the terms of the GNU General Public License version 2 as | 6 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c index 9c3db10b22d3..9eea059dd621 100644 --- a/net/ipv4/netfilter/nf_nat_h323.c +++ b/net/ipv4/netfilter/nf_nat_h323.c | |||
@@ -2,6 +2,7 @@ | |||
2 | * H.323 extension for NAT alteration. | 2 | * H.323 extension for NAT alteration. |
3 | * | 3 | * |
4 | * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net> | 4 | * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net> |
5 | * Copyright (c) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
5 | * | 6 | * |
6 | * This source code is licensed under General Public License version 2. | 7 | * This source code is licensed under General Public License version 2. |
7 | * | 8 | * |
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c index a06d7d74817d..657d2307f031 100644 --- a/net/ipv4/netfilter/nf_nat_pptp.c +++ b/net/ipv4/netfilter/nf_nat_pptp.c | |||
@@ -13,6 +13,8 @@ | |||
13 | * | 13 | * |
14 | * Development of this code funded by Astaro AG (http://www.astaro.com/) | 14 | * Development of this code funded by Astaro AG (http://www.astaro.com/) |
15 | * | 15 | * |
16 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
17 | * | ||
16 | * TODO: - NAT to a unique tuple, not to TCP source port | 18 | * TODO: - NAT to a unique tuple, not to TCP source port |
17 | * (needs netfilter tuple reservation) | 19 | * (needs netfilter tuple reservation) |
18 | */ | 20 | */ |
diff --git a/net/ipv4/netfilter/nf_nat_proto_gre.c b/net/ipv4/netfilter/nf_nat_proto_gre.c index ea44f02563b5..690d890111bb 100644 --- a/net/ipv4/netfilter/nf_nat_proto_gre.c +++ b/net/ipv4/netfilter/nf_nat_proto_gre.c | |||
@@ -21,6 +21,8 @@ | |||
21 | * | 21 | * |
22 | * Development of this code funded by Astaro AG (http://www.astaro.com/) | 22 | * Development of this code funded by Astaro AG (http://www.astaro.com/) |
23 | * | 23 | * |
24 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
25 | * | ||
24 | */ | 26 | */ |
25 | 27 | ||
26 | #include <linux/module.h> | 28 | #include <linux/module.h> |
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c index bac712293fd6..5f011cc89cd9 100644 --- a/net/ipv4/netfilter/nf_nat_snmp_basic.c +++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c | |||
@@ -38,6 +38,8 @@ | |||
38 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | 38 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
39 | * | 39 | * |
40 | * Author: James Morris <jmorris@intercode.com.au> | 40 | * Author: James Morris <jmorris@intercode.com.au> |
41 | * | ||
42 | * Copyright (c) 2006-2010 Patrick McHardy <kaber@trash.net> | ||
41 | */ | 43 | */ |
42 | #include <linux/module.h> | 44 | #include <linux/module.h> |
43 | #include <linux/moduleparam.h> | 45 | #include <linux/moduleparam.h> |
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index 429089cb073d..72836f40b730 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c | |||
@@ -1,3 +1,9 @@ | |||
1 | /* | ||
2 | * IPv6 specific functions of netfilter core | ||
3 | * | ||
4 | * Rusty Russell (C) 2000 -- This code is GPL. | ||
5 | * Patrick McHardy (C) 2006-2012 | ||
6 | */ | ||
1 | #include <linux/kernel.h> | 7 | #include <linux/kernel.h> |
2 | #include <linux/init.h> | 8 | #include <linux/init.h> |
3 | #include <linux/ipv6.h> | 9 | #include <linux/ipv6.h> |
@@ -29,7 +35,7 @@ int ip6_route_me_harder(struct sk_buff *skb) | |||
29 | IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); | 35 | IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); |
30 | LIMIT_NETDEBUG(KERN_DEBUG "ip6_route_me_harder: No more route.\n"); | 36 | LIMIT_NETDEBUG(KERN_DEBUG "ip6_route_me_harder: No more route.\n"); |
31 | dst_release(dst); | 37 | dst_release(dst); |
32 | return -EINVAL; | 38 | return dst->error; |
33 | } | 39 | } |
34 | 40 | ||
35 | /* Drop old route. */ | 41 | /* Drop old route. */ |
@@ -43,7 +49,7 @@ int ip6_route_me_harder(struct sk_buff *skb) | |||
43 | skb_dst_set(skb, NULL); | 49 | skb_dst_set(skb, NULL); |
44 | dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), skb->sk, 0); | 50 | dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), skb->sk, 0); |
45 | if (IS_ERR(dst)) | 51 | if (IS_ERR(dst)) |
46 | return -1; | 52 | return PTR_ERR(dst); |
47 | skb_dst_set(skb, dst); | 53 | skb_dst_set(skb, dst); |
48 | } | 54 | } |
49 | #endif | 55 | #endif |
@@ -53,7 +59,7 @@ int ip6_route_me_harder(struct sk_buff *skb) | |||
53 | if (skb_headroom(skb) < hh_len && | 59 | if (skb_headroom(skb) < hh_len && |
54 | pskb_expand_head(skb, HH_DATA_ALIGN(hh_len - skb_headroom(skb)), | 60 | pskb_expand_head(skb, HH_DATA_ALIGN(hh_len - skb_headroom(skb)), |
55 | 0, GFP_ATOMIC)) | 61 | 0, GFP_ATOMIC)) |
56 | return -1; | 62 | return -ENOMEM; |
57 | 63 | ||
58 | return 0; | 64 | return 0; |
59 | } | 65 | } |
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig index c72532a60d88..4433ab40e7de 100644 --- a/net/ipv6/netfilter/Kconfig +++ b/net/ipv6/netfilter/Kconfig | |||
@@ -105,7 +105,7 @@ config IP6_NF_MATCH_MH | |||
105 | 105 | ||
106 | config IP6_NF_MATCH_RPFILTER | 106 | config IP6_NF_MATCH_RPFILTER |
107 | tristate '"rpfilter" reverse path filter match support' | 107 | tristate '"rpfilter" reverse path filter match support' |
108 | depends on NETFILTER_ADVANCED | 108 | depends on NETFILTER_ADVANCED && (IP6_NF_MANGLE || IP6_NF_RAW) |
109 | ---help--- | 109 | ---help--- |
110 | This option allows you to match packets whose replies would | 110 | This option allows you to match packets whose replies would |
111 | go out via the interface the packet came in. | 111 | go out via the interface the packet came in. |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 8861b1ef420e..44400c216dc6 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -3,6 +3,7 @@ | |||
3 | * | 3 | * |
4 | * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling | 4 | * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling |
5 | * Copyright (C) 2000-2005 Netfilter Core Team <coreteam@netfilter.org> | 5 | * Copyright (C) 2000-2005 Netfilter Core Team <coreteam@netfilter.org> |
6 | * Copyright (c) 2006-2010 Patrick McHardy <kaber@trash.net> | ||
6 | * | 7 | * |
7 | * This program is free software; you can redistribute it and/or modify | 8 | * This program is free software; you can redistribute it and/or modify |
8 | * it under the terms of the GNU General Public License version 2 as | 9 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index ed3b427b2841..70f9abc0efe9 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c | |||
@@ -7,6 +7,8 @@ | |||
7 | * Authors: | 7 | * Authors: |
8 | * Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> | 8 | * Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> |
9 | * | 9 | * |
10 | * Copyright (c) 2005-2007 Patrick McHardy <kaber@trash.net> | ||
11 | * | ||
10 | * Based on net/ipv4/netfilter/ipt_REJECT.c | 12 | * Based on net/ipv4/netfilter/ipt_REJECT.c |
11 | * | 13 | * |
12 | * This program is free software; you can redistribute it and/or | 14 | * This program is free software; you can redistribute it and/or |
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index 6134a1ebfb1b..e075399d8b72 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
@@ -38,7 +38,7 @@ ip6t_mangle_out(struct sk_buff *skb, const struct net_device *out) | |||
38 | struct in6_addr saddr, daddr; | 38 | struct in6_addr saddr, daddr; |
39 | u_int8_t hop_limit; | 39 | u_int8_t hop_limit; |
40 | u_int32_t flowlabel, mark; | 40 | u_int32_t flowlabel, mark; |
41 | 41 | int err; | |
42 | #if 0 | 42 | #if 0 |
43 | /* root is playing with raw sockets. */ | 43 | /* root is playing with raw sockets. */ |
44 | if (skb->len < sizeof(struct iphdr) || | 44 | if (skb->len < sizeof(struct iphdr) || |
@@ -65,8 +65,11 @@ ip6t_mangle_out(struct sk_buff *skb, const struct net_device *out) | |||
65 | !ipv6_addr_equal(&ipv6_hdr(skb)->daddr, &daddr) || | 65 | !ipv6_addr_equal(&ipv6_hdr(skb)->daddr, &daddr) || |
66 | skb->mark != mark || | 66 | skb->mark != mark || |
67 | ipv6_hdr(skb)->hop_limit != hop_limit || | 67 | ipv6_hdr(skb)->hop_limit != hop_limit || |
68 | flowlabel != *((u_int32_t *)ipv6_hdr(skb)))) | 68 | flowlabel != *((u_int32_t *)ipv6_hdr(skb)))) { |
69 | return ip6_route_me_harder(skb) == 0 ? ret : NF_DROP; | 69 | err = ip6_route_me_harder(skb); |
70 | if (err < 0) | ||
71 | ret = NF_DROP_ERR(err); | ||
72 | } | ||
70 | 73 | ||
71 | return ret; | 74 | return ret; |
72 | } | 75 | } |
diff --git a/net/ipv6/netfilter/ip6table_nat.c b/net/ipv6/netfilter/ip6table_nat.c index e0e788d25b14..6383f90efda8 100644 --- a/net/ipv6/netfilter/ip6table_nat.c +++ b/net/ipv6/netfilter/ip6table_nat.c | |||
@@ -179,6 +179,7 @@ nf_nat_ipv6_out(unsigned int hooknum, | |||
179 | #ifdef CONFIG_XFRM | 179 | #ifdef CONFIG_XFRM |
180 | const struct nf_conn *ct; | 180 | const struct nf_conn *ct; |
181 | enum ip_conntrack_info ctinfo; | 181 | enum ip_conntrack_info ctinfo; |
182 | int err; | ||
182 | #endif | 183 | #endif |
183 | unsigned int ret; | 184 | unsigned int ret; |
184 | 185 | ||
@@ -197,9 +198,11 @@ nf_nat_ipv6_out(unsigned int hooknum, | |||
197 | &ct->tuplehash[!dir].tuple.dst.u3) || | 198 | &ct->tuplehash[!dir].tuple.dst.u3) || |
198 | (ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 && | 199 | (ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 && |
199 | ct->tuplehash[dir].tuple.src.u.all != | 200 | ct->tuplehash[dir].tuple.src.u.all != |
200 | ct->tuplehash[!dir].tuple.dst.u.all)) | 201 | ct->tuplehash[!dir].tuple.dst.u.all)) { |
201 | if (nf_xfrm_me_harder(skb, AF_INET6) < 0) | 202 | err = nf_xfrm_me_harder(skb, AF_INET6); |
202 | ret = NF_DROP; | 203 | if (err < 0) |
204 | ret = NF_DROP_ERR(err); | ||
205 | } | ||
203 | } | 206 | } |
204 | #endif | 207 | #endif |
205 | return ret; | 208 | return ret; |
@@ -215,6 +218,7 @@ nf_nat_ipv6_local_fn(unsigned int hooknum, | |||
215 | const struct nf_conn *ct; | 218 | const struct nf_conn *ct; |
216 | enum ip_conntrack_info ctinfo; | 219 | enum ip_conntrack_info ctinfo; |
217 | unsigned int ret; | 220 | unsigned int ret; |
221 | int err; | ||
218 | 222 | ||
219 | /* root is playing with raw sockets. */ | 223 | /* root is playing with raw sockets. */ |
220 | if (skb->len < sizeof(struct ipv6hdr)) | 224 | if (skb->len < sizeof(struct ipv6hdr)) |
@@ -227,16 +231,19 @@ nf_nat_ipv6_local_fn(unsigned int hooknum, | |||
227 | 231 | ||
228 | if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, | 232 | if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, |
229 | &ct->tuplehash[!dir].tuple.src.u3)) { | 233 | &ct->tuplehash[!dir].tuple.src.u3)) { |
230 | if (ip6_route_me_harder(skb)) | 234 | err = ip6_route_me_harder(skb); |
231 | ret = NF_DROP; | 235 | if (err < 0) |
236 | ret = NF_DROP_ERR(err); | ||
232 | } | 237 | } |
233 | #ifdef CONFIG_XFRM | 238 | #ifdef CONFIG_XFRM |
234 | else if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && | 239 | else if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && |
235 | ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 && | 240 | ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 && |
236 | ct->tuplehash[dir].tuple.dst.u.all != | 241 | ct->tuplehash[dir].tuple.dst.u.all != |
237 | ct->tuplehash[!dir].tuple.src.u.all) | 242 | ct->tuplehash[!dir].tuple.src.u.all) { |
238 | if (nf_xfrm_me_harder(skb, AF_INET6)) | 243 | err = nf_xfrm_me_harder(skb, AF_INET6); |
239 | ret = NF_DROP; | 244 | if (err < 0) |
245 | ret = NF_DROP_ERR(err); | ||
246 | } | ||
240 | #endif | 247 | #endif |
241 | } | 248 | } |
242 | return ret; | 249 | return ret; |
diff --git a/net/netfilter/core.c b/net/netfilter/core.c index 7d97302f7c07..07c865a31a3d 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c | |||
@@ -5,6 +5,7 @@ | |||
5 | * way. | 5 | * way. |
6 | * | 6 | * |
7 | * Rusty Russell (C)2000 -- This code is GPL. | 7 | * Rusty Russell (C)2000 -- This code is GPL. |
8 | * Patrick McHardy (c) 2006-2012 | ||
8 | */ | 9 | */ |
9 | #include <linux/kernel.h> | 10 | #include <linux/kernel.h> |
10 | #include <linux/netfilter.h> | 11 | #include <linux/netfilter.h> |
diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntrack_amanda.c index dbdaa1149260..b8b95f4027ca 100644 --- a/net/netfilter/nf_conntrack_amanda.c +++ b/net/netfilter/nf_conntrack_amanda.c | |||
@@ -2,6 +2,7 @@ | |||
2 | * | 2 | * |
3 | * (C) 2002 by Brian J. Murrell <netfilter@interlinx.bc.ca> | 3 | * (C) 2002 by Brian J. Murrell <netfilter@interlinx.bc.ca> |
4 | * based on HW's ip_conntrack_irc.c as well as other modules | 4 | * based on HW's ip_conntrack_irc.c as well as other modules |
5 | * (C) 2006 Patrick McHardy <kaber@trash.net> | ||
5 | * | 6 | * |
6 | * This program is free software; you can redistribute it and/or | 7 | * This program is free software; you can redistribute it and/or |
7 | * modify it under the terms of the GNU General Public License | 8 | * modify it under the terms of the GNU General Public License |
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 54ddc2f8e7c9..ebb81d64436c 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
@@ -5,6 +5,7 @@ | |||
5 | /* (C) 1999-2001 Paul `Rusty' Russell | 5 | /* (C) 1999-2001 Paul `Rusty' Russell |
6 | * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> | 6 | * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> |
7 | * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> | 7 | * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> |
8 | * (C) 2005-2012 Patrick McHardy <kaber@trash.net> | ||
8 | * | 9 | * |
9 | * This program is free software; you can redistribute it and/or modify | 10 | * This program is free software; you can redistribute it and/or modify |
10 | * it under the terms of the GNU General Public License version 2 as | 11 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c index b5d2eb8bf0d5..1df176146567 100644 --- a/net/netfilter/nf_conntrack_ecache.c +++ b/net/netfilter/nf_conntrack_ecache.c | |||
@@ -1,8 +1,10 @@ | |||
1 | /* Event cache for netfilter. */ | 1 | /* Event cache for netfilter. */ |
2 | 2 | ||
3 | /* (C) 1999-2001 Paul `Rusty' Russell | 3 | /* |
4 | * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> | 4 | * (C) 2005 Harald Welte <laforge@gnumonks.org> |
5 | * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> | 5 | * (C) 2005 Patrick McHardy <kaber@trash.net> |
6 | * (C) 2005-2006 Netfilter Core Team <coreteam@netfilter.org> | ||
7 | * (C) 2005 USAGI/WIDE Project <http://www.linux-ipv6.org> | ||
6 | * | 8 | * |
7 | * This program is free software; you can redistribute it and/or modify | 9 | * This program is free software; you can redistribute it and/or modify |
8 | * it under the terms of the GNU General Public License version 2 as | 10 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index 0adfdcc68bae..c63b618cd619 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c | |||
@@ -3,6 +3,7 @@ | |||
3 | /* (C) 1999-2001 Paul `Rusty' Russell | 3 | /* (C) 1999-2001 Paul `Rusty' Russell |
4 | * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> | 4 | * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> |
5 | * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> | 5 | * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> |
6 | * (c) 2005-2012 Patrick McHardy <kaber@trash.net> | ||
6 | * | 7 | * |
7 | * This program is free software; you can redistribute it and/or modify | 8 | * This program is free software; you can redistribute it and/or modify |
8 | * it under the terms of the GNU General Public License version 2 as | 9 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c index 62fb8faedb80..6b217074237b 100644 --- a/net/netfilter/nf_conntrack_ftp.c +++ b/net/netfilter/nf_conntrack_ftp.c | |||
@@ -3,6 +3,7 @@ | |||
3 | /* (C) 1999-2001 Paul `Rusty' Russell | 3 | /* (C) 1999-2001 Paul `Rusty' Russell |
4 | * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> | 4 | * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> |
5 | * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> | 5 | * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> |
6 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
6 | * | 7 | * |
7 | * This program is free software; you can redistribute it and/or modify | 8 | * This program is free software; you can redistribute it and/or modify |
8 | * it under the terms of the GNU General Public License version 2 as | 9 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c index 7df7b36d2e24..bdebd03bc8cd 100644 --- a/net/netfilter/nf_conntrack_h323_main.c +++ b/net/netfilter/nf_conntrack_h323_main.c | |||
@@ -2,6 +2,7 @@ | |||
2 | * H.323 connection tracking helper | 2 | * H.323 connection tracking helper |
3 | * | 3 | * |
4 | * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net> | 4 | * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net> |
5 | * Copyright (c) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
5 | * | 6 | * |
6 | * This source code is licensed under General Public License version 2. | 7 | * This source code is licensed under General Public License version 2. |
7 | * | 8 | * |
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c index a0b1c5c23d1c..974a2a4adefa 100644 --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c | |||
@@ -3,6 +3,7 @@ | |||
3 | /* (C) 1999-2001 Paul `Rusty' Russell | 3 | /* (C) 1999-2001 Paul `Rusty' Russell |
4 | * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> | 4 | * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> |
5 | * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> | 5 | * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> |
6 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
6 | * | 7 | * |
7 | * This program is free software; you can redistribute it and/or modify | 8 | * This program is free software; you can redistribute it and/or modify |
8 | * it under the terms of the GNU General Public License version 2 as | 9 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c index 70985c5d0ffa..0fd2976db7ee 100644 --- a/net/netfilter/nf_conntrack_irc.c +++ b/net/netfilter/nf_conntrack_irc.c | |||
@@ -1,6 +1,7 @@ | |||
1 | /* IRC extension for IP connection tracking, Version 1.21 | 1 | /* IRC extension for IP connection tracking, Version 1.21 |
2 | * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org> | 2 | * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org> |
3 | * based on RR's ip_conntrack_ftp.c | 3 | * based on RR's ip_conntrack_ftp.c |
4 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
4 | * | 5 | * |
5 | * This program is free software; you can redistribute it and/or | 6 | * This program is free software; you can redistribute it and/or |
6 | * modify it under the terms of the GNU General Public License | 7 | * modify it under the terms of the GNU General Public License |
diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c index e6678d2b624e..7bd03decd36c 100644 --- a/net/netfilter/nf_conntrack_pptp.c +++ b/net/netfilter/nf_conntrack_pptp.c | |||
@@ -11,6 +11,8 @@ | |||
11 | * | 11 | * |
12 | * Development of this code funded by Astaro AG (http://www.astaro.com/) | 12 | * Development of this code funded by Astaro AG (http://www.astaro.com/) |
13 | * | 13 | * |
14 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
15 | * | ||
14 | * Limitations: | 16 | * Limitations: |
15 | * - We blindly assume that control connections are always | 17 | * - We blindly assume that control connections are always |
16 | * established in PNS->PAC direction. This is a violation | 18 | * established in PNS->PAC direction. This is a violation |
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c index 58ab4050830c..0ab9636ac57e 100644 --- a/net/netfilter/nf_conntrack_proto.c +++ b/net/netfilter/nf_conntrack_proto.c | |||
@@ -3,6 +3,7 @@ | |||
3 | /* (C) 1999-2001 Paul `Rusty' Russell | 3 | /* (C) 1999-2001 Paul `Rusty' Russell |
4 | * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> | 4 | * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> |
5 | * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> | 5 | * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> |
6 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
6 | * | 7 | * |
7 | * This program is free software; you can redistribute it and/or modify | 8 | * This program is free software; you can redistribute it and/or modify |
8 | * it under the terms of the GNU General Public License version 2 as | 9 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c index 155ce9f8a0db..9d9c0dade602 100644 --- a/net/netfilter/nf_conntrack_proto_gre.c +++ b/net/netfilter/nf_conntrack_proto_gre.c | |||
@@ -21,6 +21,7 @@ | |||
21 | * | 21 | * |
22 | * Development of this code funded by Astaro AG (http://www.astaro.com/) | 22 | * Development of this code funded by Astaro AG (http://www.astaro.com/) |
23 | * | 23 | * |
24 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
24 | */ | 25 | */ |
25 | 26 | ||
26 | #include <linux/module.h> | 27 | #include <linux/module.h> |
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index ec83536def9a..1314d33f6bcf 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c | |||
@@ -1,6 +1,9 @@ | |||
1 | /* | 1 | /* |
2 | * Connection tracking protocol helper module for SCTP. | 2 | * Connection tracking protocol helper module for SCTP. |
3 | * | 3 | * |
4 | * Copyright (c) 2004 Kiran Kumar Immidi <immidi_kiran@yahoo.com> | ||
5 | * Copyright (c) 2004-2012 Patrick McHardy <kaber@trash.net> | ||
6 | * | ||
4 | * SCTP is defined in RFC 2960. References to various sections in this code | 7 | * SCTP is defined in RFC 2960. References to various sections in this code |
5 | * are to this RFC. | 8 | * are to this RFC. |
6 | * | 9 | * |
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index f021a2076c87..4d4d8f1d01fc 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c | |||
@@ -1,5 +1,7 @@ | |||
1 | /* (C) 1999-2001 Paul `Rusty' Russell | 1 | /* (C) 1999-2001 Paul `Rusty' Russell |
2 | * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> | 2 | * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> |
3 | * (C) 2002-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | ||
4 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
3 | * | 5 | * |
4 | * This program is free software; you can redistribute it and/or modify | 6 | * This program is free software; you can redistribute it and/or modify |
5 | * it under the terms of the GNU General Public License version 2 as | 7 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c index fee43228e115..9d7721cbce4b 100644 --- a/net/netfilter/nf_conntrack_proto_udp.c +++ b/net/netfilter/nf_conntrack_proto_udp.c | |||
@@ -1,5 +1,6 @@ | |||
1 | /* (C) 1999-2001 Paul `Rusty' Russell | 1 | /* (C) 1999-2001 Paul `Rusty' Russell |
2 | * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> | 2 | * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> |
3 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
3 | * | 4 | * |
4 | * This program is free software; you can redistribute it and/or modify | 5 | * This program is free software; you can redistribute it and/or modify |
5 | * it under the terms of the GNU General Public License version 2 as | 6 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index ebb67d33bd63..bd700b4013c1 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c | |||
@@ -1,5 +1,6 @@ | |||
1 | /* (C) 1999-2001 Paul `Rusty' Russell | 1 | /* (C) 1999-2001 Paul `Rusty' Russell |
2 | * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> | 2 | * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> |
3 | * (C) 2005-2012 Patrick McHardy <kaber@trash.net> | ||
3 | * | 4 | * |
4 | * This program is free software; you can redistribute it and/or modify | 5 | * This program is free software; you can redistribute it and/or modify |
5 | * it under the terms of the GNU General Public License version 2 as | 6 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/netfilter/nf_conntrack_tftp.c b/net/netfilter/nf_conntrack_tftp.c index e9936c830208..e68ab4fbd71f 100644 --- a/net/netfilter/nf_conntrack_tftp.c +++ b/net/netfilter/nf_conntrack_tftp.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* (C) 2001-2002 Magnus Boden <mb@ozaba.mine.nu> | 1 | /* (C) 2001-2002 Magnus Boden <mb@ozaba.mine.nu> |
2 | * | 2 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> |
3 | * This program is free software; you can redistribute it and/or modify | 3 | * This program is free software; you can redistribute it and/or modify |
4 | * it under the terms of the GNU General Public License version 2 as | 4 | * it under the terms of the GNU General Public License version 2 as |
5 | * published by the Free Software Foundation. | 5 | * published by the Free Software Foundation. |
diff --git a/net/netfilter/nf_nat_amanda.c b/net/netfilter/nf_nat_amanda.c index 3b67c9d11273..eb772380a202 100644 --- a/net/netfilter/nf_nat_amanda.c +++ b/net/netfilter/nf_nat_amanda.c | |||
@@ -1,6 +1,7 @@ | |||
1 | /* Amanda extension for TCP NAT alteration. | 1 | /* Amanda extension for TCP NAT alteration. |
2 | * (C) 2002 by Brian J. Murrell <netfilter@interlinx.bc.ca> | 2 | * (C) 2002 by Brian J. Murrell <netfilter@interlinx.bc.ca> |
3 | * based on a copy of HW's ip_nat_irc.c as well as other modules | 3 | * based on a copy of HW's ip_nat_irc.c as well as other modules |
4 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
4 | * | 5 | * |
5 | * This program is free software; you can redistribute it and/or | 6 | * This program is free software; you can redistribute it and/or |
6 | * modify it under the terms of the GNU General Public License | 7 | * modify it under the terms of the GNU General Public License |
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c index 8d5769c6d16e..346f871cf096 100644 --- a/net/netfilter/nf_nat_core.c +++ b/net/netfilter/nf_nat_core.c | |||
@@ -87,9 +87,10 @@ int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family) | |||
87 | struct flowi fl; | 87 | struct flowi fl; |
88 | unsigned int hh_len; | 88 | unsigned int hh_len; |
89 | struct dst_entry *dst; | 89 | struct dst_entry *dst; |
90 | int err; | ||
90 | 91 | ||
91 | if (xfrm_decode_session(skb, &fl, family) < 0) | 92 | err = xfrm_decode_session(skb, &fl, family); |
92 | return -1; | 93 | return err; |
93 | 94 | ||
94 | dst = skb_dst(skb); | 95 | dst = skb_dst(skb); |
95 | if (dst->xfrm) | 96 | if (dst->xfrm) |
@@ -98,7 +99,7 @@ int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family) | |||
98 | 99 | ||
99 | dst = xfrm_lookup(dev_net(dst->dev), dst, &fl, skb->sk, 0); | 100 | dst = xfrm_lookup(dev_net(dst->dev), dst, &fl, skb->sk, 0); |
100 | if (IS_ERR(dst)) | 101 | if (IS_ERR(dst)) |
101 | return -1; | 102 | return PTR_ERR(dst); |
102 | 103 | ||
103 | skb_dst_drop(skb); | 104 | skb_dst_drop(skb); |
104 | skb_dst_set(skb, dst); | 105 | skb_dst_set(skb, dst); |
@@ -107,7 +108,7 @@ int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family) | |||
107 | hh_len = skb_dst(skb)->dev->hard_header_len; | 108 | hh_len = skb_dst(skb)->dev->hard_header_len; |
108 | if (skb_headroom(skb) < hh_len && | 109 | if (skb_headroom(skb) < hh_len && |
109 | pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC)) | 110 | pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC)) |
110 | return -1; | 111 | return -ENOMEM; |
111 | return 0; | 112 | return 0; |
112 | } | 113 | } |
113 | EXPORT_SYMBOL(nf_xfrm_me_harder); | 114 | EXPORT_SYMBOL(nf_xfrm_me_harder); |
diff --git a/net/netfilter/nf_nat_helper.c b/net/netfilter/nf_nat_helper.c index 23c2b38676a6..5fea563afe30 100644 --- a/net/netfilter/nf_nat_helper.c +++ b/net/netfilter/nf_nat_helper.c | |||
@@ -2,6 +2,7 @@ | |||
2 | * | 2 | * |
3 | * (C) 2000-2002 Harald Welte <laforge@netfilter.org> | 3 | * (C) 2000-2002 Harald Welte <laforge@netfilter.org> |
4 | * (C) 2003-2006 Netfilter Core Team <coreteam@netfilter.org> | 4 | * (C) 2003-2006 Netfilter Core Team <coreteam@netfilter.org> |
5 | * (C) 2007-2012 Patrick McHardy <kaber@trash.net> | ||
5 | * | 6 | * |
6 | * This program is free software; you can redistribute it and/or modify | 7 | * This program is free software; you can redistribute it and/or modify |
7 | * it under the terms of the GNU General Public License version 2 as | 8 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index d812c1235b30..5ccf01e35390 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c | |||
@@ -1,3 +1,8 @@ | |||
1 | /* | ||
2 | * Rusty Russell (C)2000 -- This code is GPL. | ||
3 | * Patrick McHardy (c) 2006-2012 | ||
4 | */ | ||
5 | |||
1 | #include <linux/kernel.h> | 6 | #include <linux/kernel.h> |
2 | #include <linux/slab.h> | 7 | #include <linux/slab.h> |
3 | #include <linux/init.h> | 8 | #include <linux/init.h> |
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index d4199eb9b338..faf1e9300d8a 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c | |||
@@ -3,6 +3,7 @@ | |||
3 | * nfetlink. | 3 | * nfetlink. |
4 | * | 4 | * |
5 | * (C) 2005 by Harald Welte <laforge@netfilter.org> | 5 | * (C) 2005 by Harald Welte <laforge@netfilter.org> |
6 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
6 | * | 7 | * |
7 | * Based on the old ipv4-only ipt_ULOG.c: | 8 | * Based on the old ipv4-only ipt_ULOG.c: |
8 | * (C) 2000-2004 by Harald Welte <laforge@netfilter.org> | 9 | * (C) 2000-2004 by Harald Welte <laforge@netfilter.org> |
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 686c7715d777..1a73b18683b6 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c | |||
@@ -2,6 +2,7 @@ | |||
2 | * x_tables core - Backend for {ip,ip6,arp}_tables | 2 | * x_tables core - Backend for {ip,ip6,arp}_tables |
3 | * | 3 | * |
4 | * Copyright (C) 2006-2006 Harald Welte <laforge@netfilter.org> | 4 | * Copyright (C) 2006-2006 Harald Welte <laforge@netfilter.org> |
5 | * Copyright (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
5 | * | 6 | * |
6 | * Based on existing ip_tables code which is | 7 | * Based on existing ip_tables code which is |
7 | * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling | 8 | * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling |
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c index 71a266de5fb4..a75240f0d42b 100644 --- a/net/netfilter/xt_TCPMSS.c +++ b/net/netfilter/xt_TCPMSS.c | |||
@@ -2,6 +2,7 @@ | |||
2 | * This is a module which is used for setting the MSS option in TCP packets. | 2 | * This is a module which is used for setting the MSS option in TCP packets. |
3 | * | 3 | * |
4 | * Copyright (C) 2000 Marc Boucher <marc@mbsi.ca> | 4 | * Copyright (C) 2000 Marc Boucher <marc@mbsi.ca> |
5 | * Copyright (C) 2007 Patrick McHardy <kaber@trash.net> | ||
5 | * | 6 | * |
6 | * This program is free software; you can redistribute it and/or modify | 7 | * This program is free software; you can redistribute it and/or modify |
7 | * it under the terms of the GNU General Public License version 2 as | 8 | * it under the terms of the GNU General Public License version 2 as |
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index 61805d7b38aa..188404b9b002 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c | |||
@@ -3,6 +3,7 @@ | |||
3 | * information. (Superset of Rusty's minimalistic state match.) | 3 | * information. (Superset of Rusty's minimalistic state match.) |
4 | * | 4 | * |
5 | * (C) 2001 Marc Boucher (marc@mbsi.ca). | 5 | * (C) 2001 Marc Boucher (marc@mbsi.ca). |
6 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
6 | * Copyright © CC Computer Consultants GmbH, 2007 - 2008 | 7 | * Copyright © CC Computer Consultants GmbH, 2007 - 2008 |
7 | * | 8 | * |
8 | * This program is free software; you can redistribute it and/or modify | 9 | * This program is free software; you can redistribute it and/or modify |
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index f330e8beaf69..0199e7bb8f81 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c | |||
@@ -3,6 +3,7 @@ | |||
3 | * separately for each hashbucket (sourceip/sourceport/dstip/dstport) | 3 | * separately for each hashbucket (sourceip/sourceport/dstip/dstport) |
4 | * | 4 | * |
5 | * (C) 2003-2004 by Harald Welte <laforge@netfilter.org> | 5 | * (C) 2003-2004 by Harald Welte <laforge@netfilter.org> |
6 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
6 | * Copyright © CC Computer Consultants GmbH, 2007 - 2008 | 7 | * Copyright © CC Computer Consultants GmbH, 2007 - 2008 |
7 | * | 8 | * |
8 | * Development of this code was funded by Astaro AG, http://www.astaro.com/ | 9 | * Development of this code was funded by Astaro AG, http://www.astaro.com/ |
diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c index a4c1e4528cac..bef850596558 100644 --- a/net/netfilter/xt_limit.c +++ b/net/netfilter/xt_limit.c | |||
@@ -1,5 +1,6 @@ | |||
1 | /* (C) 1999 Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr> | 1 | /* (C) 1999 Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr> |
2 | * (C) 1999 Hervé Eychenne <eychenne@info.enserb.u-bordeaux.fr> | 2 | * (C) 1999 Hervé Eychenne <eychenne@info.enserb.u-bordeaux.fr> |
3 | * (C) 2006-2012 Patrick McHardy <kaber@trash.net> | ||
3 | * | 4 | * |
4 | * This program is free software; you can redistribute it and/or modify | 5 | * This program is free software; you can redistribute it and/or modify |
5 | * it under the terms of the GNU General Public License version 2 as | 6 | * it under the terms of the GNU General Public License version 2 as |