diff options
| -rw-r--r-- | include/linux/netfilter_ipv4.h | 6 | ||||
| -rw-r--r-- | include/linux/skbuff.h | 13 | ||||
| -rw-r--r-- | net/bridge/br_forward.c | 3 | ||||
| -rw-r--r-- | net/bridge/br_input.c | 4 | ||||
| -rw-r--r-- | net/bridge/br_netfilter.c | 38 | ||||
| -rw-r--r-- | net/core/netfilter.c | 138 | ||||
| -rw-r--r-- | net/core/skbuff.c | 6 | ||||
| -rw-r--r-- | net/ipv4/ip_input.c | 4 | ||||
| -rw-r--r-- | net/ipv4/ip_output.c | 11 | ||||
| -rw-r--r-- | net/ipv4/ipvs/ip_vs_xmit.c | 1 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 9 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_helper.c | 3 | ||||
| -rw-r--r-- | net/ipv6/ip6_output.c | 3 |
13 files changed, 0 insertions, 239 deletions
diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h index 9e5750079e09..3ebc36afae1a 100644 --- a/include/linux/netfilter_ipv4.h +++ b/include/linux/netfilter_ipv4.h | |||
| @@ -75,12 +75,6 @@ enum nf_ip_hook_priorities { | |||
| 75 | #define SO_ORIGINAL_DST 80 | 75 | #define SO_ORIGINAL_DST 80 |
| 76 | 76 | ||
| 77 | #ifdef __KERNEL__ | 77 | #ifdef __KERNEL__ |
| 78 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 79 | void nf_debug_ip_local_deliver(struct sk_buff *skb); | ||
| 80 | void nf_debug_ip_loopback_xmit(struct sk_buff *newskb); | ||
| 81 | void nf_debug_ip_finish_output2(struct sk_buff *skb); | ||
| 82 | #endif /*CONFIG_NETFILTER_DEBUG*/ | ||
| 83 | |||
| 84 | extern int ip_route_me_harder(struct sk_buff **pskb); | 78 | extern int ip_route_me_harder(struct sk_buff **pskb); |
| 85 | 79 | ||
| 86 | /* Call this before modifying an existing IP packet: ensures it is | 80 | /* Call this before modifying an existing IP packet: ensures it is |
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index cc04f5cd2286..d7c839a21842 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h | |||
| @@ -193,7 +193,6 @@ struct skb_shared_info { | |||
| 193 | * @nfcache: Cache info | 193 | * @nfcache: Cache info |
| 194 | * @nfct: Associated connection, if any | 194 | * @nfct: Associated connection, if any |
| 195 | * @nfctinfo: Relationship of this skb to the connection | 195 | * @nfctinfo: Relationship of this skb to the connection |
| 196 | * @nf_debug: Netfilter debugging | ||
| 197 | * @nf_bridge: Saved data about a bridged frame - see br_netfilter.c | 196 | * @nf_bridge: Saved data about a bridged frame - see br_netfilter.c |
| 198 | * @private: Data which is private to the HIPPI implementation | 197 | * @private: Data which is private to the HIPPI implementation |
| 199 | * @tc_index: Traffic control index | 198 | * @tc_index: Traffic control index |
| @@ -264,9 +263,6 @@ struct sk_buff { | |||
| 264 | __u32 nfcache; | 263 | __u32 nfcache; |
| 265 | __u32 nfctinfo; | 264 | __u32 nfctinfo; |
| 266 | struct nf_conntrack *nfct; | 265 | struct nf_conntrack *nfct; |
| 267 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 268 | unsigned int nf_debug; | ||
| 269 | #endif | ||
| 270 | #ifdef CONFIG_BRIDGE_NETFILTER | 266 | #ifdef CONFIG_BRIDGE_NETFILTER |
| 271 | struct nf_bridge_info *nf_bridge; | 267 | struct nf_bridge_info *nf_bridge; |
| 272 | #endif | 268 | #endif |
| @@ -1219,15 +1215,6 @@ static inline void nf_reset(struct sk_buff *skb) | |||
| 1219 | { | 1215 | { |
| 1220 | nf_conntrack_put(skb->nfct); | 1216 | nf_conntrack_put(skb->nfct); |
| 1221 | skb->nfct = NULL; | 1217 | skb->nfct = NULL; |
| 1222 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 1223 | skb->nf_debug = 0; | ||
| 1224 | #endif | ||
| 1225 | } | ||
| 1226 | static inline void nf_reset_debug(struct sk_buff *skb) | ||
| 1227 | { | ||
| 1228 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 1229 | skb->nf_debug = 0; | ||
| 1230 | #endif | ||
| 1231 | } | 1218 | } |
| 1232 | 1219 | ||
| 1233 | #ifdef CONFIG_BRIDGE_NETFILTER | 1220 | #ifdef CONFIG_BRIDGE_NETFILTER |
diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c index ef9f2095f96e..069253f830c1 100644 --- a/net/bridge/br_forward.c +++ b/net/bridge/br_forward.c | |||
| @@ -57,9 +57,6 @@ int br_forward_finish(struct sk_buff *skb) | |||
| 57 | static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb) | 57 | static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb) |
| 58 | { | 58 | { |
| 59 | skb->dev = to->dev; | 59 | skb->dev = to->dev; |
| 60 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 61 | skb->nf_debug = 0; | ||
| 62 | #endif | ||
| 63 | NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, | 60 | NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, |
| 64 | br_forward_finish); | 61 | br_forward_finish); |
| 65 | } | 62 | } |
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index 8f5f2e730992..9a45e6279c57 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c | |||
| @@ -23,11 +23,7 @@ const unsigned char bridge_ula[6] = { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x00 }; | |||
| 23 | 23 | ||
| 24 | static int br_pass_frame_up_finish(struct sk_buff *skb) | 24 | static int br_pass_frame_up_finish(struct sk_buff *skb) |
| 25 | { | 25 | { |
| 26 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 27 | skb->nf_debug = 0; | ||
| 28 | #endif | ||
| 29 | netif_receive_skb(skb); | 26 | netif_receive_skb(skb); |
| 30 | |||
| 31 | return 0; | 27 | return 0; |
| 32 | } | 28 | } |
| 33 | 29 | ||
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index be03d3ad2648..03ae4edddac3 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c | |||
| @@ -102,10 +102,6 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb) | |||
| 102 | { | 102 | { |
| 103 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; | 103 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; |
| 104 | 104 | ||
| 105 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 106 | skb->nf_debug ^= (1 << NF_BR_PRE_ROUTING); | ||
| 107 | #endif | ||
| 108 | |||
| 109 | if (nf_bridge->mask & BRNF_PKT_TYPE) { | 105 | if (nf_bridge->mask & BRNF_PKT_TYPE) { |
| 110 | skb->pkt_type = PACKET_OTHERHOST; | 106 | skb->pkt_type = PACKET_OTHERHOST; |
| 111 | nf_bridge->mask ^= BRNF_PKT_TYPE; | 107 | nf_bridge->mask ^= BRNF_PKT_TYPE; |
| @@ -182,10 +178,6 @@ static void __br_dnat_complain(void) | |||
| 182 | * --Bart, 20021007 (updated) */ | 178 | * --Bart, 20021007 (updated) */ |
| 183 | static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb) | 179 | static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb) |
| 184 | { | 180 | { |
| 185 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 186 | skb->nf_debug |= (1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_FORWARD); | ||
| 187 | #endif | ||
| 188 | |||
| 189 | if (skb->pkt_type == PACKET_OTHERHOST) { | 181 | if (skb->pkt_type == PACKET_OTHERHOST) { |
| 190 | skb->pkt_type = PACKET_HOST; | 182 | skb->pkt_type = PACKET_HOST; |
| 191 | skb->nf_bridge->mask |= BRNF_PKT_TYPE; | 183 | skb->nf_bridge->mask |= BRNF_PKT_TYPE; |
| @@ -207,10 +199,6 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb) | |||
| 207 | struct iphdr *iph = skb->nh.iph; | 199 | struct iphdr *iph = skb->nh.iph; |
| 208 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; | 200 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; |
| 209 | 201 | ||
| 210 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 211 | skb->nf_debug ^= (1 << NF_BR_PRE_ROUTING); | ||
| 212 | #endif | ||
| 213 | |||
| 214 | if (nf_bridge->mask & BRNF_PKT_TYPE) { | 202 | if (nf_bridge->mask & BRNF_PKT_TYPE) { |
| 215 | skb->pkt_type = PACKET_OTHERHOST; | 203 | skb->pkt_type = PACKET_OTHERHOST; |
| 216 | nf_bridge->mask ^= BRNF_PKT_TYPE; | 204 | nf_bridge->mask ^= BRNF_PKT_TYPE; |
| @@ -382,9 +370,6 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook, | |||
| 382 | if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb)) | 370 | if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb)) |
| 383 | goto inhdr_error; | 371 | goto inhdr_error; |
| 384 | 372 | ||
| 385 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 386 | skb->nf_debug ^= (1 << NF_IP6_PRE_ROUTING); | ||
| 387 | #endif | ||
| 388 | if ((nf_bridge = nf_bridge_alloc(skb)) == NULL) | 373 | if ((nf_bridge = nf_bridge_alloc(skb)) == NULL) |
| 389 | return NF_DROP; | 374 | return NF_DROP; |
| 390 | setup_pre_routing(skb); | 375 | setup_pre_routing(skb); |
| @@ -468,9 +453,6 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb, | |||
| 468 | skb->ip_summed = CHECKSUM_NONE; | 453 | skb->ip_summed = CHECKSUM_NONE; |
| 469 | } | 454 | } |
| 470 | 455 | ||
| 471 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 472 | skb->nf_debug ^= (1 << NF_IP_PRE_ROUTING); | ||
| 473 | #endif | ||
| 474 | if ((nf_bridge = nf_bridge_alloc(skb)) == NULL) | 456 | if ((nf_bridge = nf_bridge_alloc(skb)) == NULL) |
| 475 | return NF_DROP; | 457 | return NF_DROP; |
| 476 | setup_pre_routing(skb); | 458 | setup_pre_routing(skb); |
| @@ -517,10 +499,6 @@ static int br_nf_forward_finish(struct sk_buff *skb) | |||
| 517 | struct net_device *in; | 499 | struct net_device *in; |
| 518 | struct vlan_ethhdr *hdr = vlan_eth_hdr(skb); | 500 | struct vlan_ethhdr *hdr = vlan_eth_hdr(skb); |
| 519 | 501 | ||
| 520 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 521 | skb->nf_debug ^= (1 << NF_BR_FORWARD); | ||
| 522 | #endif | ||
| 523 | |||
| 524 | if (skb->protocol != __constant_htons(ETH_P_ARP) && !IS_VLAN_ARP) { | 502 | if (skb->protocol != __constant_htons(ETH_P_ARP) && !IS_VLAN_ARP) { |
| 525 | in = nf_bridge->physindev; | 503 | in = nf_bridge->physindev; |
| 526 | if (nf_bridge->mask & BRNF_PKT_TYPE) { | 504 | if (nf_bridge->mask & BRNF_PKT_TYPE) { |
| @@ -566,9 +544,6 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb, | |||
| 566 | (*pskb)->nh.raw += VLAN_HLEN; | 544 | (*pskb)->nh.raw += VLAN_HLEN; |
| 567 | } | 545 | } |
| 568 | 546 | ||
| 569 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 570 | skb->nf_debug ^= (1 << NF_BR_FORWARD); | ||
| 571 | #endif | ||
| 572 | nf_bridge = skb->nf_bridge; | 547 | nf_bridge = skb->nf_bridge; |
| 573 | if (skb->pkt_type == PACKET_OTHERHOST) { | 548 | if (skb->pkt_type == PACKET_OTHERHOST) { |
| 574 | skb->pkt_type = PACKET_HOST; | 549 | skb->pkt_type = PACKET_HOST; |
| @@ -605,10 +580,6 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb, | |||
| 605 | (*pskb)->nh.raw += VLAN_HLEN; | 580 | (*pskb)->nh.raw += VLAN_HLEN; |
| 606 | } | 581 | } |
| 607 | 582 | ||
| 608 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 609 | skb->nf_debug ^= (1 << NF_BR_FORWARD); | ||
| 610 | #endif | ||
| 611 | |||
| 612 | if (skb->nh.arph->ar_pln != 4) { | 583 | if (skb->nh.arph->ar_pln != 4) { |
| 613 | if (IS_VLAN_ARP) { | 584 | if (IS_VLAN_ARP) { |
| 614 | skb_push(*pskb, VLAN_HLEN); | 585 | skb_push(*pskb, VLAN_HLEN); |
| @@ -627,9 +598,6 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb, | |||
| 627 | /* PF_BRIDGE/LOCAL_OUT ***********************************************/ | 598 | /* PF_BRIDGE/LOCAL_OUT ***********************************************/ |
| 628 | static int br_nf_local_out_finish(struct sk_buff *skb) | 599 | static int br_nf_local_out_finish(struct sk_buff *skb) |
| 629 | { | 600 | { |
| 630 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 631 | skb->nf_debug &= ~(1 << NF_BR_LOCAL_OUT); | ||
| 632 | #endif | ||
| 633 | if (skb->protocol == __constant_htons(ETH_P_8021Q)) { | 601 | if (skb->protocol == __constant_htons(ETH_P_8021Q)) { |
| 634 | skb_push(skb, VLAN_HLEN); | 602 | skb_push(skb, VLAN_HLEN); |
| 635 | skb->nh.raw -= VLAN_HLEN; | 603 | skb->nh.raw -= VLAN_HLEN; |
| @@ -731,10 +699,6 @@ static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb, | |||
| 731 | realoutdev, br_nf_local_out_finish, | 699 | realoutdev, br_nf_local_out_finish, |
| 732 | NF_IP_PRI_BRIDGE_SABOTAGE_FORWARD + 1); | 700 | NF_IP_PRI_BRIDGE_SABOTAGE_FORWARD + 1); |
| 733 | } else { | 701 | } else { |
| 734 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 735 | skb->nf_debug ^= (1 << NF_IP_LOCAL_OUT); | ||
| 736 | #endif | ||
| 737 | |||
| 738 | NF_HOOK_THRESH(pf, NF_IP_LOCAL_OUT, skb, realindev, | 702 | NF_HOOK_THRESH(pf, NF_IP_LOCAL_OUT, skb, realindev, |
| 739 | realoutdev, br_nf_local_out_finish, | 703 | realoutdev, br_nf_local_out_finish, |
| 740 | NF_IP_PRI_BRIDGE_SABOTAGE_LOCAL_OUT + 1); | 704 | NF_IP_PRI_BRIDGE_SABOTAGE_LOCAL_OUT + 1); |
| @@ -779,8 +743,6 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb, | |||
| 779 | printk(KERN_CRIT "br_netfilter: skb->dst == NULL."); | 743 | printk(KERN_CRIT "br_netfilter: skb->dst == NULL."); |
| 780 | goto print_error; | 744 | goto print_error; |
| 781 | } | 745 | } |
| 782 | |||
| 783 | skb->nf_debug ^= (1 << NF_IP_POST_ROUTING); | ||
| 784 | #endif | 746 | #endif |
| 785 | 747 | ||
| 786 | /* We assume any code from br_dev_queue_push_xmit onwards doesn't care | 748 | /* We assume any code from br_dev_queue_push_xmit onwards doesn't care |
diff --git a/net/core/netfilter.c b/net/core/netfilter.c index 22a8f127c4aa..076c156d5eda 100644 --- a/net/core/netfilter.c +++ b/net/core/netfilter.c | |||
| @@ -141,136 +141,6 @@ void nf_unregister_sockopt(struct nf_sockopt_ops *reg) | |||
| 141 | up(&nf_sockopt_mutex); | 141 | up(&nf_sockopt_mutex); |
| 142 | } | 142 | } |
| 143 | 143 | ||
| 144 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 145 | #include <net/ip.h> | ||
| 146 | #include <net/tcp.h> | ||
| 147 | #include <linux/netfilter_ipv4.h> | ||
| 148 | |||
| 149 | static void debug_print_hooks_ip(unsigned int nf_debug) | ||
| 150 | { | ||
| 151 | if (nf_debug & (1 << NF_IP_PRE_ROUTING)) { | ||
| 152 | printk("PRE_ROUTING "); | ||
| 153 | nf_debug ^= (1 << NF_IP_PRE_ROUTING); | ||
| 154 | } | ||
| 155 | if (nf_debug & (1 << NF_IP_LOCAL_IN)) { | ||
| 156 | printk("LOCAL_IN "); | ||
| 157 | nf_debug ^= (1 << NF_IP_LOCAL_IN); | ||
| 158 | } | ||
| 159 | if (nf_debug & (1 << NF_IP_FORWARD)) { | ||
| 160 | printk("FORWARD "); | ||
| 161 | nf_debug ^= (1 << NF_IP_FORWARD); | ||
| 162 | } | ||
| 163 | if (nf_debug & (1 << NF_IP_LOCAL_OUT)) { | ||
| 164 | printk("LOCAL_OUT "); | ||
| 165 | nf_debug ^= (1 << NF_IP_LOCAL_OUT); | ||
| 166 | } | ||
| 167 | if (nf_debug & (1 << NF_IP_POST_ROUTING)) { | ||
| 168 | printk("POST_ROUTING "); | ||
| 169 | nf_debug ^= (1 << NF_IP_POST_ROUTING); | ||
| 170 | } | ||
| 171 | if (nf_debug) | ||
| 172 | printk("Crap bits: 0x%04X", nf_debug); | ||
| 173 | printk("\n"); | ||
| 174 | } | ||
| 175 | |||
| 176 | static void nf_dump_skb(int pf, struct sk_buff *skb) | ||
| 177 | { | ||
| 178 | printk("skb: pf=%i %s dev=%s len=%u\n", | ||
| 179 | pf, | ||
| 180 | skb->sk ? "(owned)" : "(unowned)", | ||
| 181 | skb->dev ? skb->dev->name : "(no dev)", | ||
| 182 | skb->len); | ||
| 183 | switch (pf) { | ||
| 184 | case PF_INET: { | ||
| 185 | const struct iphdr *ip = skb->nh.iph; | ||
| 186 | __u32 *opt = (__u32 *) (ip + 1); | ||
| 187 | int opti; | ||
| 188 | __u16 src_port = 0, dst_port = 0; | ||
| 189 | |||
| 190 | if (ip->protocol == IPPROTO_TCP | ||
| 191 | || ip->protocol == IPPROTO_UDP) { | ||
| 192 | struct tcphdr *tcp=(struct tcphdr *)((__u32 *)ip+ip->ihl); | ||
| 193 | src_port = ntohs(tcp->source); | ||
| 194 | dst_port = ntohs(tcp->dest); | ||
| 195 | } | ||
| 196 | |||
| 197 | printk("PROTO=%d %u.%u.%u.%u:%hu %u.%u.%u.%u:%hu" | ||
| 198 | " L=%hu S=0x%2.2hX I=%hu F=0x%4.4hX T=%hu", | ||
| 199 | ip->protocol, NIPQUAD(ip->saddr), | ||
| 200 | src_port, NIPQUAD(ip->daddr), | ||
| 201 | dst_port, | ||
| 202 | ntohs(ip->tot_len), ip->tos, ntohs(ip->id), | ||
| 203 | ntohs(ip->frag_off), ip->ttl); | ||
| 204 | |||
| 205 | for (opti = 0; opti < (ip->ihl - sizeof(struct iphdr) / 4); opti++) | ||
| 206 | printk(" O=0x%8.8X", *opt++); | ||
| 207 | printk("\n"); | ||
| 208 | } | ||
| 209 | } | ||
| 210 | } | ||
| 211 | |||
| 212 | void nf_debug_ip_local_deliver(struct sk_buff *skb) | ||
| 213 | { | ||
| 214 | /* If it's a loopback packet, it must have come through | ||
| 215 | * NF_IP_LOCAL_OUT, NF_IP_RAW_INPUT, NF_IP_PRE_ROUTING and | ||
| 216 | * NF_IP_LOCAL_IN. Otherwise, must have gone through | ||
| 217 | * NF_IP_RAW_INPUT and NF_IP_PRE_ROUTING. */ | ||
| 218 | if (!skb->dev) { | ||
| 219 | printk("ip_local_deliver: skb->dev is NULL.\n"); | ||
| 220 | } else { | ||
| 221 | if (skb->nf_debug != ((1<<NF_IP_PRE_ROUTING) | ||
| 222 | | (1<<NF_IP_LOCAL_IN))) { | ||
| 223 | printk("ip_local_deliver: bad skb: "); | ||
| 224 | debug_print_hooks_ip(skb->nf_debug); | ||
| 225 | nf_dump_skb(PF_INET, skb); | ||
| 226 | } | ||
| 227 | } | ||
| 228 | } | ||
| 229 | |||
| 230 | void nf_debug_ip_loopback_xmit(struct sk_buff *newskb) | ||
| 231 | { | ||
| 232 | if (newskb->nf_debug != ((1 << NF_IP_LOCAL_OUT) | ||
| 233 | | (1 << NF_IP_POST_ROUTING))) { | ||
| 234 | printk("ip_dev_loopback_xmit: bad owned skb = %p: ", | ||
| 235 | newskb); | ||
| 236 | debug_print_hooks_ip(newskb->nf_debug); | ||
| 237 | nf_dump_skb(PF_INET, newskb); | ||
| 238 | } | ||
| 239 | } | ||
| 240 | |||
| 241 | void nf_debug_ip_finish_output2(struct sk_buff *skb) | ||
| 242 | { | ||
| 243 | /* If it's owned, it must have gone through the | ||
| 244 | * NF_IP_LOCAL_OUT and NF_IP_POST_ROUTING. | ||
| 245 | * Otherwise, must have gone through | ||
| 246 | * NF_IP_PRE_ROUTING, NF_IP_FORWARD and NF_IP_POST_ROUTING. | ||
| 247 | */ | ||
| 248 | if (skb->sk) { | ||
| 249 | if (skb->nf_debug != ((1 << NF_IP_LOCAL_OUT) | ||
| 250 | | (1 << NF_IP_POST_ROUTING))) { | ||
| 251 | printk("ip_finish_output: bad owned skb = %p: ", skb); | ||
| 252 | debug_print_hooks_ip(skb->nf_debug); | ||
| 253 | nf_dump_skb(PF_INET, skb); | ||
| 254 | } | ||
| 255 | } else { | ||
| 256 | if (skb->nf_debug != ((1 << NF_IP_PRE_ROUTING) | ||
| 257 | | (1 << NF_IP_FORWARD) | ||
| 258 | | (1 << NF_IP_POST_ROUTING))) { | ||
| 259 | /* Fragments, entunnelled packets, TCP RSTs | ||
| 260 | generated by ipt_REJECT will have no | ||
| 261 | owners, but still may be local */ | ||
| 262 | if (skb->nf_debug != ((1 << NF_IP_LOCAL_OUT) | ||
| 263 | | (1 << NF_IP_POST_ROUTING))){ | ||
| 264 | printk("ip_finish_output:" | ||
| 265 | " bad unowned skb = %p: ",skb); | ||
| 266 | debug_print_hooks_ip(skb->nf_debug); | ||
| 267 | nf_dump_skb(PF_INET, skb); | ||
| 268 | } | ||
| 269 | } | ||
| 270 | } | ||
| 271 | } | ||
| 272 | #endif /*CONFIG_NETFILTER_DEBUG*/ | ||
| 273 | |||
| 274 | /* Call get/setsockopt() */ | 144 | /* Call get/setsockopt() */ |
| 275 | static int nf_sockopt(struct sock *sk, int pf, int val, | 145 | static int nf_sockopt(struct sock *sk, int pf, int val, |
| 276 | char __user *opt, int *len, int get) | 146 | char __user *opt, int *len, int get) |
| @@ -488,14 +358,6 @@ int nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb, | |||
| 488 | /* We may already have this, but read-locks nest anyway */ | 358 | /* We may already have this, but read-locks nest anyway */ |
| 489 | rcu_read_lock(); | 359 | rcu_read_lock(); |
| 490 | 360 | ||
| 491 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 492 | if (unlikely((*pskb)->nf_debug & (1 << hook))) { | ||
| 493 | printk("nf_hook: hook %i already set.\n", hook); | ||
| 494 | nf_dump_skb(pf, *pskb); | ||
| 495 | } | ||
| 496 | (*pskb)->nf_debug |= (1 << hook); | ||
| 497 | #endif | ||
| 498 | |||
| 499 | elem = &nf_hooks[pf][hook]; | 361 | elem = &nf_hooks[pf][hook]; |
| 500 | next_hook: | 362 | next_hook: |
| 501 | verdict = nf_iterate(&nf_hooks[pf][hook], pskb, hook, indev, | 363 | verdict = nf_iterate(&nf_hooks[pf][hook], pskb, hook, indev, |
diff --git a/net/core/skbuff.c b/net/core/skbuff.c index f65b3de590a9..6d68c03bc051 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c | |||
| @@ -365,9 +365,6 @@ struct sk_buff *skb_clone(struct sk_buff *skb, int gfp_mask) | |||
| 365 | C(nfct); | 365 | C(nfct); |
| 366 | nf_conntrack_get(skb->nfct); | 366 | nf_conntrack_get(skb->nfct); |
| 367 | C(nfctinfo); | 367 | C(nfctinfo); |
| 368 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 369 | C(nf_debug); | ||
| 370 | #endif | ||
| 371 | #ifdef CONFIG_BRIDGE_NETFILTER | 368 | #ifdef CONFIG_BRIDGE_NETFILTER |
| 372 | C(nf_bridge); | 369 | C(nf_bridge); |
| 373 | nf_bridge_get(skb->nf_bridge); | 370 | nf_bridge_get(skb->nf_bridge); |
| @@ -432,9 +429,6 @@ static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old) | |||
| 432 | new->nfct = old->nfct; | 429 | new->nfct = old->nfct; |
| 433 | nf_conntrack_get(old->nfct); | 430 | nf_conntrack_get(old->nfct); |
| 434 | new->nfctinfo = old->nfctinfo; | 431 | new->nfctinfo = old->nfctinfo; |
| 435 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 436 | new->nf_debug = old->nf_debug; | ||
| 437 | #endif | ||
| 438 | #ifdef CONFIG_BRIDGE_NETFILTER | 432 | #ifdef CONFIG_BRIDGE_NETFILTER |
| 439 | new->nf_bridge = old->nf_bridge; | 433 | new->nf_bridge = old->nf_bridge; |
| 440 | nf_bridge_get(old->nf_bridge); | 434 | nf_bridge_get(old->nf_bridge); |
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index 4e47a2658c7c..2b7485e65040 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c | |||
| @@ -200,10 +200,6 @@ static inline int ip_local_deliver_finish(struct sk_buff *skb) | |||
| 200 | { | 200 | { |
| 201 | int ihl = skb->nh.iph->ihl*4; | 201 | int ihl = skb->nh.iph->ihl*4; |
| 202 | 202 | ||
| 203 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 204 | nf_debug_ip_local_deliver(skb); | ||
| 205 | #endif /*CONFIG_NETFILTER_DEBUG*/ | ||
| 206 | |||
| 207 | __skb_pull(skb, ihl); | 203 | __skb_pull(skb, ihl); |
| 208 | 204 | ||
| 209 | /* Free reference early: we don't need it any more, and it may | 205 | /* Free reference early: we don't need it any more, and it may |
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 760dc8238d65..ee07aec215a0 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c | |||
| @@ -107,10 +107,6 @@ static int ip_dev_loopback_xmit(struct sk_buff *newskb) | |||
| 107 | newskb->pkt_type = PACKET_LOOPBACK; | 107 | newskb->pkt_type = PACKET_LOOPBACK; |
| 108 | newskb->ip_summed = CHECKSUM_UNNECESSARY; | 108 | newskb->ip_summed = CHECKSUM_UNNECESSARY; |
| 109 | BUG_TRAP(newskb->dst); | 109 | BUG_TRAP(newskb->dst); |
| 110 | |||
| 111 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 112 | nf_debug_ip_loopback_xmit(newskb); | ||
| 113 | #endif | ||
| 114 | nf_reset(newskb); | 110 | nf_reset(newskb); |
| 115 | netif_rx(newskb); | 111 | netif_rx(newskb); |
| 116 | return 0; | 112 | return 0; |
| @@ -192,10 +188,6 @@ static inline int ip_finish_output2(struct sk_buff *skb) | |||
| 192 | skb = skb2; | 188 | skb = skb2; |
| 193 | } | 189 | } |
| 194 | 190 | ||
| 195 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 196 | nf_debug_ip_finish_output2(skb); | ||
| 197 | #endif /*CONFIG_NETFILTER_DEBUG*/ | ||
| 198 | |||
| 199 | nf_reset(skb); | 191 | nf_reset(skb); |
| 200 | 192 | ||
| 201 | if (hh) { | 193 | if (hh) { |
| @@ -415,9 +407,6 @@ static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from) | |||
| 415 | to->nf_bridge = from->nf_bridge; | 407 | to->nf_bridge = from->nf_bridge; |
| 416 | nf_bridge_get(to->nf_bridge); | 408 | nf_bridge_get(to->nf_bridge); |
| 417 | #endif | 409 | #endif |
| 418 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 419 | to->nf_debug = from->nf_debug; | ||
| 420 | #endif | ||
| 421 | #endif | 410 | #endif |
| 422 | } | 411 | } |
| 423 | 412 | ||
diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c index de21da00057f..a8512a3fd08a 100644 --- a/net/ipv4/ipvs/ip_vs_xmit.c +++ b/net/ipv4/ipvs/ip_vs_xmit.c | |||
| @@ -127,7 +127,6 @@ ip_vs_dst_reset(struct ip_vs_dest *dest) | |||
| 127 | 127 | ||
| 128 | #define IP_VS_XMIT(skb, rt) \ | 128 | #define IP_VS_XMIT(skb, rt) \ |
| 129 | do { \ | 129 | do { \ |
| 130 | nf_reset_debug(skb); \ | ||
| 131 | (skb)->nfcache |= NFC_IPVS_PROPERTY; \ | 130 | (skb)->nfcache |= NFC_IPVS_PROPERTY; \ |
| 132 | (skb)->ip_summed = CHECKSUM_NONE; \ | 131 | (skb)->ip_summed = CHECKSUM_NONE; \ |
| 133 | NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL, \ | 132 | NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL, \ |
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index a7377a331ade..ffba0ad3c880 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
| @@ -940,10 +940,6 @@ void ip_ct_refresh_acct(struct ip_conntrack *ct, | |||
| 940 | struct sk_buff * | 940 | struct sk_buff * |
| 941 | ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user) | 941 | ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user) |
| 942 | { | 942 | { |
| 943 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 944 | unsigned int olddebug = skb->nf_debug; | ||
| 945 | #endif | ||
| 946 | |||
| 947 | skb_orphan(skb); | 943 | skb_orphan(skb); |
| 948 | 944 | ||
| 949 | local_bh_disable(); | 945 | local_bh_disable(); |
| @@ -953,12 +949,7 @@ ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user) | |||
| 953 | if (skb) { | 949 | if (skb) { |
| 954 | ip_send_check(skb->nh.iph); | 950 | ip_send_check(skb->nh.iph); |
| 955 | skb->nfcache |= NFC_ALTERED; | 951 | skb->nfcache |= NFC_ALTERED; |
| 956 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 957 | /* Packet path as if nothing had happened. */ | ||
| 958 | skb->nf_debug = olddebug; | ||
| 959 | #endif | ||
| 960 | } | 952 | } |
| 961 | |||
| 962 | return skb; | 953 | return skb; |
| 963 | } | 954 | } |
| 964 | 955 | ||
diff --git a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c index 9cd51f180dcf..158f34f32c04 100644 --- a/net/ipv4/netfilter/ip_nat_helper.c +++ b/net/ipv4/netfilter/ip_nat_helper.c | |||
| @@ -142,9 +142,6 @@ static int enlarge_skb(struct sk_buff **pskb, unsigned int extra) | |||
| 142 | /* Transfer socket to new skb. */ | 142 | /* Transfer socket to new skb. */ |
| 143 | if ((*pskb)->sk) | 143 | if ((*pskb)->sk) |
| 144 | skb_set_owner_w(nskb, (*pskb)->sk); | 144 | skb_set_owner_w(nskb, (*pskb)->sk); |
| 145 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 146 | nskb->nf_debug = (*pskb)->nf_debug; | ||
| 147 | #endif | ||
| 148 | kfree_skb(*pskb); | 145 | kfree_skb(*pskb); |
| 149 | *pskb = nskb; | 146 | *pskb = nskb; |
| 150 | return 1; | 147 | return 1; |
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index b78a53586804..06e7cdaeedc5 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c | |||
| @@ -484,9 +484,6 @@ static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from) | |||
| 484 | to->nf_bridge = from->nf_bridge; | 484 | to->nf_bridge = from->nf_bridge; |
| 485 | nf_bridge_get(to->nf_bridge); | 485 | nf_bridge_get(to->nf_bridge); |
| 486 | #endif | 486 | #endif |
| 487 | #ifdef CONFIG_NETFILTER_DEBUG | ||
| 488 | to->nf_debug = from->nf_debug; | ||
| 489 | #endif | ||
| 490 | #endif | 487 | #endif |
| 491 | } | 488 | } |
| 492 | 489 | ||