aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/bridge/netfilter/ebt_among.c15
-rw-r--r--net/bridge/netfilter/ebt_limit.c3
-rw-r--r--net/bridge/netfilter/ebt_ulog.c23
-rw-r--r--net/bridge/netfilter/ebt_vlan.c36
-rw-r--r--net/bridge/netfilter/ebtables.c5
-rw-r--r--net/ipv4/netfilter/ip_tables.c18
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c42
-rw-r--r--net/ipv4/netfilter/ipt_ECN.c11
-rw-r--r--net/ipv4/netfilter/ipt_LOG.c7
-rw-r--r--net/ipv4/netfilter/ipt_MASQUERADE.c8
-rw-r--r--net/ipv4/netfilter/ipt_NETMAP.c6
-rw-r--r--net/ipv4/netfilter/ipt_REDIRECT.c6
-rw-r--r--net/ipv4/netfilter/ipt_REJECT.c6
-rw-r--r--net/ipv4/netfilter/ipt_ULOG.c37
-rw-r--r--net/ipv4/netfilter/ipt_addrtype.c14
-rw-r--r--net/ipv4/netfilter/ipt_ecn.c5
-rw-r--r--net/ipv4/netfilter/nf_nat_rule.c5
-rw-r--r--net/ipv6/netfilter/ip6_tables.c9
-rw-r--r--net/ipv6/netfilter/ip6t_LOG.c7
-rw-r--r--net/ipv6/netfilter/ip6t_REJECT.c20
-rw-r--r--net/ipv6/netfilter/ip6t_ah.c6
-rw-r--r--net/ipv6/netfilter/ip6t_frag.c6
-rw-r--r--net/ipv6/netfilter/ip6t_hbh.c6
-rw-r--r--net/ipv6/netfilter/ip6t_rt.c6
-rw-r--r--net/netfilter/xt_TCPMSS.c7
-rw-r--r--net/netfilter/xt_TPROXY.c4
-rw-r--r--net/netfilter/xt_esp.c2
-rw-r--r--net/netfilter/xt_iprange.c1
-rw-r--r--net/netfilter/xt_recent.c6
-rw-r--r--net/netfilter/xt_socket.c5
-rw-r--r--net/netfilter/xt_time.c4
31 files changed, 151 insertions, 185 deletions
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
index b595f091f35b..60ad6308bc1f 100644
--- a/net/bridge/netfilter/ebt_among.c
+++ b/net/bridge/netfilter/ebt_among.c
@@ -7,6 +7,7 @@
7 * August, 2003 7 * August, 2003
8 * 8 *
9 */ 9 */
10#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10#include <linux/ip.h> 11#include <linux/ip.h>
11#include <linux/if_arp.h> 12#include <linux/if_arp.h>
12#include <linux/module.h> 13#include <linux/module.h>
@@ -186,21 +187,17 @@ static bool ebt_among_mt_check(const struct xt_mtchk_param *par)
186 expected_length += ebt_mac_wormhash_size(wh_src); 187 expected_length += ebt_mac_wormhash_size(wh_src);
187 188
188 if (em->match_size != EBT_ALIGN(expected_length)) { 189 if (em->match_size != EBT_ALIGN(expected_length)) {
189 printk(KERN_WARNING 190 pr_info("wrong size: %d against expected %d, rounded to %Zd\n",
190 "ebtables: among: wrong size: %d " 191 em->match_size, expected_length,
191 "against expected %d, rounded to %Zd\n", 192 EBT_ALIGN(expected_length));
192 em->match_size, expected_length,
193 EBT_ALIGN(expected_length));
194 return false; 193 return false;
195 } 194 }
196 if (wh_dst && (err = ebt_mac_wormhash_check_integrity(wh_dst))) { 195 if (wh_dst && (err = ebt_mac_wormhash_check_integrity(wh_dst))) {
197 printk(KERN_WARNING 196 pr_info("dst integrity fail: %x\n", -err);
198 "ebtables: among: dst integrity fail: %x\n", -err);
199 return false; 197 return false;
200 } 198 }
201 if (wh_src && (err = ebt_mac_wormhash_check_integrity(wh_src))) { 199 if (wh_src && (err = ebt_mac_wormhash_check_integrity(wh_src))) {
202 printk(KERN_WARNING 200 pr_info("src integrity fail: %x\n", -err);
203 "ebtables: among: src integrity fail: %x\n", -err);
204 return false; 201 return false;
205 } 202 }
206 return true; 203 return true;
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
index 7a8182710eb3..5b7330b62541 100644
--- a/net/bridge/netfilter/ebt_limit.c
+++ b/net/bridge/netfilter/ebt_limit.c
@@ -10,6 +10,7 @@
10 * September, 2003 10 * September, 2003
11 * 11 *
12 */ 12 */
13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13#include <linux/module.h> 14#include <linux/module.h>
14#include <linux/netdevice.h> 15#include <linux/netdevice.h>
15#include <linux/spinlock.h> 16#include <linux/spinlock.h>
@@ -71,7 +72,7 @@ static bool ebt_limit_mt_check(const struct xt_mtchk_param *par)
71 /* Check for overflow. */ 72 /* Check for overflow. */
72 if (info->burst == 0 || 73 if (info->burst == 0 ||
73 user2credits(info->avg * info->burst) < user2credits(info->avg)) { 74 user2credits(info->avg * info->burst) < user2credits(info->avg)) {
74 printk("Overflow in ebt_limit, try lower: %u/%u\n", 75 pr_info("overflow, try lower: %u/%u\n",
75 info->avg, info->burst); 76 info->avg, info->burst);
76 return false; 77 return false;
77 } 78 }
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
index 84340ab30ed3..789ea36f1db1 100644
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -27,7 +27,7 @@
27 * flushed even if it is not full yet. 27 * flushed even if it is not full yet.
28 * 28 *
29 */ 29 */
30 30#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
31#include <linux/module.h> 31#include <linux/module.h>
32#include <linux/spinlock.h> 32#include <linux/spinlock.h>
33#include <linux/socket.h> 33#include <linux/socket.h>
@@ -43,9 +43,6 @@
43#include <net/sock.h> 43#include <net/sock.h>
44#include "../br_private.h" 44#include "../br_private.h"
45 45
46#define PRINTR(format, args...) do { if (net_ratelimit()) \
47 printk(format , ## args); } while (0)
48
49static unsigned int nlbufsiz = NLMSG_GOODSIZE; 46static unsigned int nlbufsiz = NLMSG_GOODSIZE;
50module_param(nlbufsiz, uint, 0600); 47module_param(nlbufsiz, uint, 0600);
51MODULE_PARM_DESC(nlbufsiz, "netlink buffer size (number of bytes) " 48MODULE_PARM_DESC(nlbufsiz, "netlink buffer size (number of bytes) "
@@ -106,15 +103,14 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size)
106 n = max(size, nlbufsiz); 103 n = max(size, nlbufsiz);
107 skb = alloc_skb(n, GFP_ATOMIC); 104 skb = alloc_skb(n, GFP_ATOMIC);
108 if (!skb) { 105 if (!skb) {
109 PRINTR(KERN_ERR "ebt_ulog: can't alloc whole buffer " 106 pr_debug("cannot alloc whole buffer of size %ub!\n", n);
110 "of size %ub!\n", n);
111 if (n > size) { 107 if (n > size) {
112 /* try to allocate only as much as we need for 108 /* try to allocate only as much as we need for
113 * current packet */ 109 * current packet */
114 skb = alloc_skb(size, GFP_ATOMIC); 110 skb = alloc_skb(size, GFP_ATOMIC);
115 if (!skb) 111 if (!skb)
116 PRINTR(KERN_ERR "ebt_ulog: can't even allocate " 112 pr_debug("cannot even allocate "
117 "buffer of size %ub\n", size); 113 "buffer of size %ub\n", size);
118 } 114 }
119 } 115 }
120 116
@@ -141,8 +137,7 @@ static void ebt_ulog_packet(unsigned int hooknr, const struct sk_buff *skb,
141 137
142 size = NLMSG_SPACE(sizeof(*pm) + copy_len); 138 size = NLMSG_SPACE(sizeof(*pm) + copy_len);
143 if (size > nlbufsiz) { 139 if (size > nlbufsiz) {
144 PRINTR("ebt_ulog: Size %Zd needed, but nlbufsiz=%d\n", 140 pr_debug("Size %Zd needed, but nlbufsiz=%d\n", size, nlbufsiz);
145 size, nlbufsiz);
146 return; 141 return;
147 } 142 }
148 143
@@ -216,8 +211,8 @@ unlock:
216 return; 211 return;
217 212
218nlmsg_failure: 213nlmsg_failure:
219 printk(KERN_CRIT "ebt_ulog: error during NLMSG_PUT. This should " 214 pr_debug("error during NLMSG_PUT. This should "
220 "not happen, please report to author.\n"); 215 "not happen, please report to author.\n");
221 goto unlock; 216 goto unlock;
222alloc_failure: 217alloc_failure:
223 goto unlock; 218 goto unlock;
@@ -291,8 +286,8 @@ static int __init ebt_ulog_init(void)
291 int i; 286 int i;
292 287
293 if (nlbufsiz >= 128*1024) { 288 if (nlbufsiz >= 128*1024) {
294 printk(KERN_NOTICE "ebt_ulog: Netlink buffer has to be <= 128kB," 289 pr_warning("Netlink buffer has to be <= 128kB,"
295 " please try a smaller nlbufsiz parameter.\n"); 290 " please try a smaller nlbufsiz parameter.\n");
296 return -EINVAL; 291 return -EINVAL;
297 } 292 }
298 293
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c
index be1dd2e1f615..5c44f51063c3 100644
--- a/net/bridge/netfilter/ebt_vlan.c
+++ b/net/bridge/netfilter/ebt_vlan.c
@@ -26,17 +26,12 @@
26#include <linux/netfilter_bridge/ebtables.h> 26#include <linux/netfilter_bridge/ebtables.h>
27#include <linux/netfilter_bridge/ebt_vlan.h> 27#include <linux/netfilter_bridge/ebt_vlan.h>
28 28
29static int debug;
30#define MODULE_VERS "0.6" 29#define MODULE_VERS "0.6"
31 30
32module_param(debug, int, 0);
33MODULE_PARM_DESC(debug, "debug=1 is turn on debug messages");
34MODULE_AUTHOR("Nick Fedchik <nick@fedchik.org.ua>"); 31MODULE_AUTHOR("Nick Fedchik <nick@fedchik.org.ua>");
35MODULE_DESCRIPTION("Ebtables: 802.1Q VLAN tag match"); 32MODULE_DESCRIPTION("Ebtables: 802.1Q VLAN tag match");
36MODULE_LICENSE("GPL"); 33MODULE_LICENSE("GPL");
37 34
38
39#define DEBUG_MSG(args...) if (debug) printk (KERN_DEBUG "ebt_vlan: " args)
40#define GET_BITMASK(_BIT_MASK_) info->bitmask & _BIT_MASK_ 35#define GET_BITMASK(_BIT_MASK_) info->bitmask & _BIT_MASK_
41#define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; } 36#define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; }
42 37
@@ -91,24 +86,23 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par)
91 86
92 /* Is it 802.1Q frame checked? */ 87 /* Is it 802.1Q frame checked? */
93 if (e->ethproto != htons(ETH_P_8021Q)) { 88 if (e->ethproto != htons(ETH_P_8021Q)) {
94 DEBUG_MSG 89 pr_debug("passed entry proto %2.4X is not 802.1Q (8100)\n",
95 ("passed entry proto %2.4X is not 802.1Q (8100)\n", 90 ntohs(e->ethproto));
96 (unsigned short) ntohs(e->ethproto));
97 return false; 91 return false;
98 } 92 }
99 93
100 /* Check for bitmask range 94 /* Check for bitmask range
101 * True if even one bit is out of mask */ 95 * True if even one bit is out of mask */
102 if (info->bitmask & ~EBT_VLAN_MASK) { 96 if (info->bitmask & ~EBT_VLAN_MASK) {
103 DEBUG_MSG("bitmask %2X is out of mask (%2X)\n", 97 pr_debug("bitmask %2X is out of mask (%2X)\n",
104 info->bitmask, EBT_VLAN_MASK); 98 info->bitmask, EBT_VLAN_MASK);
105 return false; 99 return false;
106 } 100 }
107 101
108 /* Check for inversion flags range */ 102 /* Check for inversion flags range */
109 if (info->invflags & ~EBT_VLAN_MASK) { 103 if (info->invflags & ~EBT_VLAN_MASK) {
110 DEBUG_MSG("inversion flags %2X is out of mask (%2X)\n", 104 pr_debug("inversion flags %2X is out of mask (%2X)\n",
111 info->invflags, EBT_VLAN_MASK); 105 info->invflags, EBT_VLAN_MASK);
112 return false; 106 return false;
113 } 107 }
114 108
@@ -121,9 +115,8 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par)
121 if (GET_BITMASK(EBT_VLAN_ID)) { 115 if (GET_BITMASK(EBT_VLAN_ID)) {
122 if (!!info->id) { /* if id!=0 => check vid range */ 116 if (!!info->id) { /* if id!=0 => check vid range */
123 if (info->id > VLAN_GROUP_ARRAY_LEN) { 117 if (info->id > VLAN_GROUP_ARRAY_LEN) {
124 DEBUG_MSG 118 pr_debug("id %d is out of range (1-4096)\n",
125 ("id %d is out of range (1-4096)\n", 119 info->id);
126 info->id);
127 return false; 120 return false;
128 } 121 }
129 /* Note: This is valid VLAN-tagged frame point. 122 /* Note: This is valid VLAN-tagged frame point.
@@ -137,8 +130,8 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par)
137 130
138 if (GET_BITMASK(EBT_VLAN_PRIO)) { 131 if (GET_BITMASK(EBT_VLAN_PRIO)) {
139 if ((unsigned char) info->prio > 7) { 132 if ((unsigned char) info->prio > 7) {
140 DEBUG_MSG("prio %d is out of range (0-7)\n", 133 pr_debug("prio %d is out of range (0-7)\n",
141 info->prio); 134 info->prio);
142 return false; 135 return false;
143 } 136 }
144 } 137 }
@@ -147,9 +140,8 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par)
147 * if_ether.h: ETH_ZLEN 60 - Min. octets in frame sans FCS */ 140 * if_ether.h: ETH_ZLEN 60 - Min. octets in frame sans FCS */
148 if (GET_BITMASK(EBT_VLAN_ENCAP)) { 141 if (GET_BITMASK(EBT_VLAN_ENCAP)) {
149 if ((unsigned short) ntohs(info->encap) < ETH_ZLEN) { 142 if ((unsigned short) ntohs(info->encap) < ETH_ZLEN) {
150 DEBUG_MSG 143 pr_debug("encap frame length %d is less than "
151 ("encap frame length %d is less than minimal\n", 144 "minimal\n", ntohs(info->encap));
152 ntohs(info->encap));
153 return false; 145 return false;
154 } 146 }
155 } 147 }
@@ -169,9 +161,7 @@ static struct xt_match ebt_vlan_mt_reg __read_mostly = {
169 161
170static int __init ebt_vlan_init(void) 162static int __init ebt_vlan_init(void)
171{ 163{
172 DEBUG_MSG("ebtables 802.1Q extension module v" 164 pr_debug("ebtables 802.1Q extension module v" MODULE_VERS "\n");
173 MODULE_VERS "\n");
174 DEBUG_MSG("module debug=%d\n", !!debug);
175 return xt_register_match(&ebt_vlan_mt_reg); 165 return xt_register_match(&ebt_vlan_mt_reg);
176} 166}
177 167
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index dfb58056a89a..989d72cc8148 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -14,8 +14,7 @@
14 * as published by the Free Software Foundation; either version 14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version. 15 * 2 of the License, or (at your option) any later version.
16 */ 16 */
17 17#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
18
19#include <linux/kmod.h> 18#include <linux/kmod.h>
20#include <linux/module.h> 19#include <linux/module.h>
21#include <linux/vmalloc.h> 20#include <linux/vmalloc.h>
@@ -2127,7 +2126,7 @@ static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base,
2127 return ret; 2126 return ret;
2128 new_offset += ret; 2127 new_offset += ret;
2129 if (offsets_update && new_offset) { 2128 if (offsets_update && new_offset) {
2130 pr_debug("ebtables: change offset %d to %d\n", 2129 pr_debug("change offset %d to %d\n",
2131 offsets_update[i], offsets[j] + new_offset); 2130 offsets_update[i], offsets[j] + new_offset);
2132 offsets_update[i] = offsets[j] + new_offset; 2131 offsets_update[i] = offsets[j] + new_offset;
2133 } 2132 }
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index b29c66df8d1f..73fdf20263ed 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -39,13 +39,13 @@ MODULE_DESCRIPTION("IPv4 packet filter");
39/*#define DEBUG_IP_FIREWALL_USER*/ 39/*#define DEBUG_IP_FIREWALL_USER*/
40 40
41#ifdef DEBUG_IP_FIREWALL 41#ifdef DEBUG_IP_FIREWALL
42#define dprintf(format, args...) printk(format , ## args) 42#define dprintf(format, args...) pr_info(format , ## args)
43#else 43#else
44#define dprintf(format, args...) 44#define dprintf(format, args...)
45#endif 45#endif
46 46
47#ifdef DEBUG_IP_FIREWALL_USER 47#ifdef DEBUG_IP_FIREWALL_USER
48#define duprintf(format, args...) printk(format , ## args) 48#define duprintf(format, args...) pr_info(format , ## args)
49#else 49#else
50#define duprintf(format, args...) 50#define duprintf(format, args...)
51#endif 51#endif
@@ -168,8 +168,7 @@ static unsigned int
168ipt_error(struct sk_buff *skb, const struct xt_target_param *par) 168ipt_error(struct sk_buff *skb, const struct xt_target_param *par)
169{ 169{
170 if (net_ratelimit()) 170 if (net_ratelimit())
171 printk("ip_tables: error: `%s'\n", 171 pr_info("error: `%s'\n", (const char *)par->targinfo);
172 (const char *)par->targinfo);
173 172
174 return NF_DROP; 173 return NF_DROP;
175} 174}
@@ -591,7 +590,7 @@ check_entry(const struct ipt_entry *e, const char *name)
591 const struct ipt_entry_target *t; 590 const struct ipt_entry_target *t;
592 591
593 if (!ip_checkentry(&e->ip)) { 592 if (!ip_checkentry(&e->ip)) {
594 duprintf("ip_tables: ip check failed %p %s.\n", e, name); 593 duprintf("ip check failed %p %s.\n", e, name);
595 return -EINVAL; 594 return -EINVAL;
596 } 595 }
597 596
@@ -618,8 +617,7 @@ check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par)
618 ret = xt_check_match(par, m->u.match_size - sizeof(*m), 617 ret = xt_check_match(par, m->u.match_size - sizeof(*m),
619 ip->proto, ip->invflags & IPT_INV_PROTO); 618 ip->proto, ip->invflags & IPT_INV_PROTO);
620 if (ret < 0) { 619 if (ret < 0) {
621 duprintf("ip_tables: check failed for `%s'.\n", 620 duprintf("check failed for `%s'.\n", par.match->name);
622 par.match->name);
623 return ret; 621 return ret;
624 } 622 }
625 return 0; 623 return 0;
@@ -667,7 +665,7 @@ static int check_target(struct ipt_entry *e, struct net *net, const char *name)
667 ret = xt_check_target(&par, t->u.target_size - sizeof(*t), 665 ret = xt_check_target(&par, t->u.target_size - sizeof(*t),
668 e->ip.proto, e->ip.invflags & IPT_INV_PROTO); 666 e->ip.proto, e->ip.invflags & IPT_INV_PROTO);
669 if (ret < 0) { 667 if (ret < 0) {
670 duprintf("ip_tables: check failed for `%s'.\n", 668 duprintf("check failed for `%s'.\n",
671 t->u.kernel.target->name); 669 t->u.kernel.target->name);
672 return ret; 670 return ret;
673 } 671 }
@@ -1311,7 +1309,7 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
1311 if (ret != 0) 1309 if (ret != 0)
1312 goto free_newinfo; 1310 goto free_newinfo;
1313 1311
1314 duprintf("ip_tables: Translated table\n"); 1312 duprintf("Translated table\n");
1315 1313
1316 ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo, 1314 ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo,
1317 tmp.num_counters, tmp.counters); 1315 tmp.num_counters, tmp.counters);
@@ -2276,7 +2274,7 @@ static int __init ip_tables_init(void)
2276 if (ret < 0) 2274 if (ret < 0)
2277 goto err5; 2275 goto err5;
2278 2276
2279 printk(KERN_INFO "ip_tables: (C) 2000-2006 Netfilter Core Team\n"); 2277 pr_info("(C) 2000-2006 Netfilter Core Team\n");
2280 return 0; 2278 return 0;
2281 2279
2282err5: 2280err5:
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index a20bee75b02c..fcaa0dc8e075 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -9,6 +9,7 @@
9 * published by the Free Software Foundation. 9 * published by the Free Software Foundation.
10 * 10 *
11 */ 11 */
12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12#include <linux/module.h> 13#include <linux/module.h>
13#include <linux/proc_fs.h> 14#include <linux/proc_fs.h>
14#include <linux/jhash.h> 15#include <linux/jhash.h>
@@ -238,8 +239,7 @@ clusterip_hashfn(const struct sk_buff *skb,
238 break; 239 break;
239 default: 240 default:
240 if (net_ratelimit()) 241 if (net_ratelimit())
241 printk(KERN_NOTICE "CLUSTERIP: unknown protocol `%u'\n", 242 pr_info("unknown protocol %u\n", iph->protocol);
242 iph->protocol);
243 sport = dport = 0; 243 sport = dport = 0;
244 } 244 }
245 245
@@ -261,7 +261,7 @@ clusterip_hashfn(const struct sk_buff *skb,
261 hashval = 0; 261 hashval = 0;
262 /* This cannot happen, unless the check function wasn't called 262 /* This cannot happen, unless the check function wasn't called
263 * at rule load time */ 263 * at rule load time */
264 printk("CLUSTERIP: unknown mode `%u'\n", config->hash_mode); 264 pr_info("unknown mode %u\n", config->hash_mode);
265 BUG(); 265 BUG();
266 break; 266 break;
267 } 267 }
@@ -294,7 +294,7 @@ clusterip_tg(struct sk_buff *skb, const struct xt_target_param *par)
294 294
295 ct = nf_ct_get(skb, &ctinfo); 295 ct = nf_ct_get(skb, &ctinfo);
296 if (ct == NULL) { 296 if (ct == NULL) {
297 printk(KERN_ERR "CLUSTERIP: no conntrack!\n"); 297 pr_info("no conntrack!\n");
298 /* FIXME: need to drop invalid ones, since replies 298 /* FIXME: need to drop invalid ones, since replies
299 * to outgoing connections of other nodes will be 299 * to outgoing connections of other nodes will be
300 * marked as INVALID */ 300 * marked as INVALID */
@@ -357,14 +357,13 @@ static bool clusterip_tg_check(const struct xt_tgchk_param *par)
357 if (cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP && 357 if (cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP &&
358 cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT && 358 cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT &&
359 cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) { 359 cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) {
360 printk(KERN_WARNING "CLUSTERIP: unknown mode `%u'\n", 360 pr_info("unknown mode %u\n", cipinfo->hash_mode);
361 cipinfo->hash_mode);
362 return false; 361 return false;
363 362
364 } 363 }
365 if (e->ip.dmsk.s_addr != htonl(0xffffffff) || 364 if (e->ip.dmsk.s_addr != htonl(0xffffffff) ||
366 e->ip.dst.s_addr == 0) { 365 e->ip.dst.s_addr == 0) {
367 printk(KERN_ERR "CLUSTERIP: Please specify destination IP\n"); 366 pr_info("Please specify destination IP\n");
368 return false; 367 return false;
369 } 368 }
370 369
@@ -373,26 +372,28 @@ static bool clusterip_tg_check(const struct xt_tgchk_param *par)
373 config = clusterip_config_find_get(e->ip.dst.s_addr, 1); 372 config = clusterip_config_find_get(e->ip.dst.s_addr, 1);
374 if (!config) { 373 if (!config) {
375 if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) { 374 if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) {
376 printk(KERN_WARNING "CLUSTERIP: no config found for %pI4, need 'new'\n", &e->ip.dst.s_addr); 375 pr_info("no config found for %pI4, need 'new'\n",
376 &e->ip.dst.s_addr);
377 return false; 377 return false;
378 } else { 378 } else {
379 struct net_device *dev; 379 struct net_device *dev;
380 380
381 if (e->ip.iniface[0] == '\0') { 381 if (e->ip.iniface[0] == '\0') {
382 printk(KERN_WARNING "CLUSTERIP: Please specify an interface name\n"); 382 pr_info("Please specify an interface name\n");
383 return false; 383 return false;
384 } 384 }
385 385
386 dev = dev_get_by_name(&init_net, e->ip.iniface); 386 dev = dev_get_by_name(&init_net, e->ip.iniface);
387 if (!dev) { 387 if (!dev) {
388 printk(KERN_WARNING "CLUSTERIP: no such interface %s\n", e->ip.iniface); 388 pr_info("no such interface %s\n",
389 e->ip.iniface);
389 return false; 390 return false;
390 } 391 }
391 392
392 config = clusterip_config_init(cipinfo, 393 config = clusterip_config_init(cipinfo,
393 e->ip.dst.s_addr, dev); 394 e->ip.dst.s_addr, dev);
394 if (!config) { 395 if (!config) {
395 printk(KERN_WARNING "CLUSTERIP: cannot allocate config\n"); 396 pr_info("cannot allocate config\n");
396 dev_put(dev); 397 dev_put(dev);
397 return false; 398 return false;
398 } 399 }
@@ -402,8 +403,8 @@ static bool clusterip_tg_check(const struct xt_tgchk_param *par)
402 cipinfo->config = config; 403 cipinfo->config = config;
403 404
404 if (nf_ct_l3proto_try_module_get(par->family) < 0) { 405 if (nf_ct_l3proto_try_module_get(par->family) < 0) {
405 printk(KERN_WARNING "can't load conntrack support for " 406 pr_info("cannot load conntrack support for proto=%u\n",
406 "proto=%u\n", par->family); 407 par->family);
407 return false; 408 return false;
408 } 409 }
409 410
@@ -478,8 +479,8 @@ static void arp_print(struct arp_payload *payload)
478 } 479 }
479 hbuffer[--k]='\0'; 480 hbuffer[--k]='\0';
480 481
481 printk("src %pI4@%s, dst %pI4\n", 482 pr_debug("src %pI4@%s, dst %pI4\n",
482 &payload->src_ip, hbuffer, &payload->dst_ip); 483 &payload->src_ip, hbuffer, &payload->dst_ip);
483} 484}
484#endif 485#endif
485 486
@@ -518,7 +519,7 @@ arp_mangle(unsigned int hook,
518 * this wouldn't work, since we didn't subscribe the mcast group on 519 * this wouldn't work, since we didn't subscribe the mcast group on
519 * other interfaces */ 520 * other interfaces */
520 if (c->dev != out) { 521 if (c->dev != out) {
521 pr_debug("CLUSTERIP: not mangling arp reply on different " 522 pr_debug("not mangling arp reply on different "
522 "interface: cip'%s'-skb'%s'\n", 523 "interface: cip'%s'-skb'%s'\n",
523 c->dev->name, out->name); 524 c->dev->name, out->name);
524 clusterip_config_put(c); 525 clusterip_config_put(c);
@@ -529,7 +530,7 @@ arp_mangle(unsigned int hook,
529 memcpy(payload->src_hw, c->clustermac, arp->ar_hln); 530 memcpy(payload->src_hw, c->clustermac, arp->ar_hln);
530 531
531#ifdef DEBUG 532#ifdef DEBUG
532 pr_debug(KERN_DEBUG "CLUSTERIP mangled arp reply: "); 533 pr_debug("mangled arp reply: ");
533 arp_print(payload); 534 arp_print(payload);
534#endif 535#endif
535 536
@@ -705,13 +706,13 @@ static int __init clusterip_tg_init(void)
705#ifdef CONFIG_PROC_FS 706#ifdef CONFIG_PROC_FS
706 clusterip_procdir = proc_mkdir("ipt_CLUSTERIP", init_net.proc_net); 707 clusterip_procdir = proc_mkdir("ipt_CLUSTERIP", init_net.proc_net);
707 if (!clusterip_procdir) { 708 if (!clusterip_procdir) {
708 printk(KERN_ERR "CLUSTERIP: Unable to proc dir entry\n"); 709 pr_err("Unable to proc dir entry\n");
709 ret = -ENOMEM; 710 ret = -ENOMEM;
710 goto cleanup_hook; 711 goto cleanup_hook;
711 } 712 }
712#endif /* CONFIG_PROC_FS */ 713#endif /* CONFIG_PROC_FS */
713 714
714 printk(KERN_NOTICE "ClusterIP Version %s loaded successfully\n", 715 pr_info("ClusterIP Version %s loaded successfully\n",
715 CLUSTERIP_VERSION); 716 CLUSTERIP_VERSION);
716 return 0; 717 return 0;
717 718
@@ -726,8 +727,7 @@ cleanup_target:
726 727
727static void __exit clusterip_tg_exit(void) 728static void __exit clusterip_tg_exit(void)
728{ 729{
729 printk(KERN_NOTICE "ClusterIP Version %s unloading\n", 730 pr_info("ClusterIP Version %s unloading\n", CLUSTERIP_VERSION);
730 CLUSTERIP_VERSION);
731#ifdef CONFIG_PROC_FS 731#ifdef CONFIG_PROC_FS
732 remove_proc_entry(clusterip_procdir->name, clusterip_procdir->parent); 732 remove_proc_entry(clusterip_procdir->name, clusterip_procdir->parent);
733#endif 733#endif
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index ea5cea2415c1..01988752547e 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -6,7 +6,7 @@
6 * it under the terms of the GNU General Public License version 2 as 6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
8*/ 8*/
9 9#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10#include <linux/in.h> 10#include <linux/in.h>
11#include <linux/module.h> 11#include <linux/module.h>
12#include <linux/skbuff.h> 12#include <linux/skbuff.h>
@@ -99,19 +99,16 @@ static bool ecn_tg_check(const struct xt_tgchk_param *par)
99 const struct ipt_entry *e = par->entryinfo; 99 const struct ipt_entry *e = par->entryinfo;
100 100
101 if (einfo->operation & IPT_ECN_OP_MASK) { 101 if (einfo->operation & IPT_ECN_OP_MASK) {
102 printk(KERN_WARNING "ECN: unsupported ECN operation %x\n", 102 pr_info("unsupported ECN operation %x\n", einfo->operation);
103 einfo->operation);
104 return false; 103 return false;
105 } 104 }
106 if (einfo->ip_ect & ~IPT_ECN_IP_MASK) { 105 if (einfo->ip_ect & ~IPT_ECN_IP_MASK) {
107 printk(KERN_WARNING "ECN: new ECT codepoint %x out of mask\n", 106 pr_info("new ECT codepoint %x out of mask\n", einfo->ip_ect);
108 einfo->ip_ect);
109 return false; 107 return false;
110 } 108 }
111 if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) && 109 if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) &&
112 (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) { 110 (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) {
113 printk(KERN_WARNING "ECN: cannot use TCP operations on a " 111 pr_info("cannot use TCP operations on a non-tcp rule\n");
114 "non-tcp rule\n");
115 return false; 112 return false;
116 } 113 }
117 return true; 114 return true;
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index ee128efa1c8d..b3bf623fa222 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -9,7 +9,7 @@
9 * it under the terms of the GNU General Public License version 2 as 9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation. 10 * published by the Free Software Foundation.
11 */ 11 */
12 12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13#include <linux/module.h> 13#include <linux/module.h>
14#include <linux/spinlock.h> 14#include <linux/spinlock.h>
15#include <linux/skbuff.h> 15#include <linux/skbuff.h>
@@ -444,12 +444,11 @@ static bool log_tg_check(const struct xt_tgchk_param *par)
444 const struct ipt_log_info *loginfo = par->targinfo; 444 const struct ipt_log_info *loginfo = par->targinfo;
445 445
446 if (loginfo->level >= 8) { 446 if (loginfo->level >= 8) {
447 pr_debug("LOG: level %u >= 8\n", loginfo->level); 447 pr_debug("level %u >= 8\n", loginfo->level);
448 return false; 448 return false;
449 } 449 }
450 if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { 450 if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
451 pr_debug("LOG: prefix term %i\n", 451 pr_debug("prefix is not null-terminated\n");
452 loginfo->prefix[sizeof(loginfo->prefix)-1]);
453 return false; 452 return false;
454 } 453 }
455 return true; 454 return true;
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 650b54042b01..5063ddac7c04 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -8,7 +8,7 @@
8 * it under the terms of the GNU General Public License version 2 as 8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation. 9 * published by the Free Software Foundation.
10 */ 10 */
11 11#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12#include <linux/types.h> 12#include <linux/types.h>
13#include <linux/inetdevice.h> 13#include <linux/inetdevice.h>
14#include <linux/ip.h> 14#include <linux/ip.h>
@@ -33,11 +33,11 @@ static bool masquerade_tg_check(const struct xt_tgchk_param *par)
33 const struct nf_nat_multi_range_compat *mr = par->targinfo; 33 const struct nf_nat_multi_range_compat *mr = par->targinfo;
34 34
35 if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { 35 if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
36 pr_debug("masquerade_check: bad MAP_IPS.\n"); 36 pr_debug("bad MAP_IPS.\n");
37 return false; 37 return false;
38 } 38 }
39 if (mr->rangesize != 1) { 39 if (mr->rangesize != 1) {
40 pr_debug("masquerade_check: bad rangesize %u\n", mr->rangesize); 40 pr_debug("bad rangesize %u\n", mr->rangesize);
41 return false; 41 return false;
42 } 42 }
43 return true; 43 return true;
@@ -72,7 +72,7 @@ masquerade_tg(struct sk_buff *skb, const struct xt_target_param *par)
72 rt = skb_rtable(skb); 72 rt = skb_rtable(skb);
73 newsrc = inet_select_addr(par->out, rt->rt_gateway, RT_SCOPE_UNIVERSE); 73 newsrc = inet_select_addr(par->out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
74 if (!newsrc) { 74 if (!newsrc) {
75 printk("MASQUERADE: %s ate my IP address\n", par->out->name); 75 pr_info("%s ate my IP address\n", par->out->name);
76 return NF_DROP; 76 return NF_DROP;
77 } 77 }
78 78
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index 7c29582d4ec8..51ab01a0a95d 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -9,7 +9,7 @@
9 * it under the terms of the GNU General Public License version 2 as 9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation. 10 * published by the Free Software Foundation.
11 */ 11 */
12 12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13#include <linux/ip.h> 13#include <linux/ip.h>
14#include <linux/module.h> 14#include <linux/module.h>
15#include <linux/netdevice.h> 15#include <linux/netdevice.h>
@@ -27,11 +27,11 @@ static bool netmap_tg_check(const struct xt_tgchk_param *par)
27 const struct nf_nat_multi_range_compat *mr = par->targinfo; 27 const struct nf_nat_multi_range_compat *mr = par->targinfo;
28 28
29 if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) { 29 if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) {
30 pr_debug("NETMAP:check: bad MAP_IPS.\n"); 30 pr_debug("bad MAP_IPS.\n");
31 return false; 31 return false;
32 } 32 }
33 if (mr->rangesize != 1) { 33 if (mr->rangesize != 1) {
34 pr_debug("NETMAP:check: bad rangesize %u.\n", mr->rangesize); 34 pr_debug("bad rangesize %u.\n", mr->rangesize);
35 return false; 35 return false;
36 } 36 }
37 return true; 37 return true;
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index 698e5e78685b..74f1f55fd61a 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -6,7 +6,7 @@
6 * it under the terms of the GNU General Public License version 2 as 6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
8 */ 8 */
9 9#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10#include <linux/types.h> 10#include <linux/types.h>
11#include <linux/ip.h> 11#include <linux/ip.h>
12#include <linux/timer.h> 12#include <linux/timer.h>
@@ -31,11 +31,11 @@ static bool redirect_tg_check(const struct xt_tgchk_param *par)
31 const struct nf_nat_multi_range_compat *mr = par->targinfo; 31 const struct nf_nat_multi_range_compat *mr = par->targinfo;
32 32
33 if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { 33 if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
34 pr_debug("redirect_check: bad MAP_IPS.\n"); 34 pr_debug("bad MAP_IPS.\n");
35 return false; 35 return false;
36 } 36 }
37 if (mr->rangesize != 1) { 37 if (mr->rangesize != 1) {
38 pr_debug("redirect_check: bad rangesize %u.\n", mr->rangesize); 38 pr_debug("bad rangesize %u.\n", mr->rangesize);
39 return false; 39 return false;
40 } 40 }
41 return true; 41 return true;
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index 5113b8f1a379..ff32252bad59 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -9,7 +9,7 @@
9 * it under the terms of the GNU General Public License version 2 as 9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation. 10 * published by the Free Software Foundation.
11 */ 11 */
12 12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13#include <linux/module.h> 13#include <linux/module.h>
14#include <linux/skbuff.h> 14#include <linux/skbuff.h>
15#include <linux/ip.h> 15#include <linux/ip.h>
@@ -180,13 +180,13 @@ static bool reject_tg_check(const struct xt_tgchk_param *par)
180 const struct ipt_entry *e = par->entryinfo; 180 const struct ipt_entry *e = par->entryinfo;
181 181
182 if (rejinfo->with == IPT_ICMP_ECHOREPLY) { 182 if (rejinfo->with == IPT_ICMP_ECHOREPLY) {
183 printk("ipt_REJECT: ECHOREPLY no longer supported.\n"); 183 pr_info("ECHOREPLY no longer supported.\n");
184 return false; 184 return false;
185 } else if (rejinfo->with == IPT_TCP_RESET) { 185 } else if (rejinfo->with == IPT_TCP_RESET) {
186 /* Must specify that it's a TCP packet */ 186 /* Must specify that it's a TCP packet */
187 if (e->ip.proto != IPPROTO_TCP || 187 if (e->ip.proto != IPPROTO_TCP ||
188 (e->ip.invflags & XT_INV_PROTO)) { 188 (e->ip.invflags & XT_INV_PROTO)) {
189 printk("ipt_REJECT: TCP_RESET invalid for non-tcp\n"); 189 pr_info("TCP_RESET invalid for non-tcp\n");
190 return false; 190 return false;
191 } 191 }
192 } 192 }
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index 09a5d3f7cc41..d926201560dd 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -29,7 +29,7 @@
29 * Specify, after how many hundredths of a second the queue should be 29 * Specify, after how many hundredths of a second the queue should be
30 * flushed even if it is not full yet. 30 * flushed even if it is not full yet.
31 */ 31 */
32 32#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
33#include <linux/module.h> 33#include <linux/module.h>
34#include <linux/spinlock.h> 34#include <linux/spinlock.h>
35#include <linux/socket.h> 35#include <linux/socket.h>
@@ -56,8 +56,6 @@ MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_NFLOG);
56#define ULOG_NL_EVENT 111 /* Harald's favorite number */ 56#define ULOG_NL_EVENT 111 /* Harald's favorite number */
57#define ULOG_MAXNLGROUPS 32 /* numer of nlgroups */ 57#define ULOG_MAXNLGROUPS 32 /* numer of nlgroups */
58 58
59#define PRINTR(format, args...) do { if (net_ratelimit()) printk(format , ## args); } while (0)
60
61static unsigned int nlbufsiz = NLMSG_GOODSIZE; 59static unsigned int nlbufsiz = NLMSG_GOODSIZE;
62module_param(nlbufsiz, uint, 0400); 60module_param(nlbufsiz, uint, 0400);
63MODULE_PARM_DESC(nlbufsiz, "netlink buffer size"); 61MODULE_PARM_DESC(nlbufsiz, "netlink buffer size");
@@ -90,12 +88,12 @@ static void ulog_send(unsigned int nlgroupnum)
90 ulog_buff_t *ub = &ulog_buffers[nlgroupnum]; 88 ulog_buff_t *ub = &ulog_buffers[nlgroupnum];
91 89
92 if (timer_pending(&ub->timer)) { 90 if (timer_pending(&ub->timer)) {
93 pr_debug("ipt_ULOG: ulog_send: timer was pending, deleting\n"); 91 pr_debug("ulog_send: timer was pending, deleting\n");
94 del_timer(&ub->timer); 92 del_timer(&ub->timer);
95 } 93 }
96 94
97 if (!ub->skb) { 95 if (!ub->skb) {
98 pr_debug("ipt_ULOG: ulog_send: nothing to send\n"); 96 pr_debug("ulog_send: nothing to send\n");
99 return; 97 return;
100 } 98 }
101 99
@@ -104,7 +102,7 @@ static void ulog_send(unsigned int nlgroupnum)
104 ub->lastnlh->nlmsg_type = NLMSG_DONE; 102 ub->lastnlh->nlmsg_type = NLMSG_DONE;
105 103
106 NETLINK_CB(ub->skb).dst_group = nlgroupnum + 1; 104 NETLINK_CB(ub->skb).dst_group = nlgroupnum + 1;
107 pr_debug("ipt_ULOG: throwing %d packets to netlink group %u\n", 105 pr_debug("throwing %d packets to netlink group %u\n",
108 ub->qlen, nlgroupnum + 1); 106 ub->qlen, nlgroupnum + 1);
109 netlink_broadcast(nflognl, ub->skb, 0, nlgroupnum + 1, GFP_ATOMIC); 107 netlink_broadcast(nflognl, ub->skb, 0, nlgroupnum + 1, GFP_ATOMIC);
110 108
@@ -117,7 +115,7 @@ static void ulog_send(unsigned int nlgroupnum)
117/* timer function to flush queue in flushtimeout time */ 115/* timer function to flush queue in flushtimeout time */
118static void ulog_timer(unsigned long data) 116static void ulog_timer(unsigned long data)
119{ 117{
120 pr_debug("ipt_ULOG: timer function called, calling ulog_send\n"); 118 pr_debug("timer function called, calling ulog_send\n");
121 119
122 /* lock to protect against somebody modifying our structure 120 /* lock to protect against somebody modifying our structure
123 * from ipt_ulog_target at the same time */ 121 * from ipt_ulog_target at the same time */
@@ -138,7 +136,7 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size)
138 n = max(size, nlbufsiz); 136 n = max(size, nlbufsiz);
139 skb = alloc_skb(n, GFP_ATOMIC); 137 skb = alloc_skb(n, GFP_ATOMIC);
140 if (!skb) { 138 if (!skb) {
141 PRINTR("ipt_ULOG: can't alloc whole buffer %ub!\n", n); 139 pr_debug("cannot alloc whole buffer %ub!\n", n);
142 140
143 if (n > size) { 141 if (n > size) {
144 /* try to allocate only as much as we need for 142 /* try to allocate only as much as we need for
@@ -146,8 +144,7 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size)
146 144
147 skb = alloc_skb(size, GFP_ATOMIC); 145 skb = alloc_skb(size, GFP_ATOMIC);
148 if (!skb) 146 if (!skb)
149 PRINTR("ipt_ULOG: can't even allocate %ub\n", 147 pr_debug("cannot even allocate %ub\n", size);
150 size);
151 } 148 }
152 } 149 }
153 150
@@ -198,8 +195,7 @@ static void ipt_ulog_packet(unsigned int hooknum,
198 goto alloc_failure; 195 goto alloc_failure;
199 } 196 }
200 197
201 pr_debug("ipt_ULOG: qlen %d, qthreshold %Zu\n", ub->qlen, 198 pr_debug("qlen %d, qthreshold %Zu\n", ub->qlen, loginfo->qthreshold);
202 loginfo->qthreshold);
203 199
204 /* NLMSG_PUT contains a hidden goto nlmsg_failure !!! */ 200 /* NLMSG_PUT contains a hidden goto nlmsg_failure !!! */
205 nlh = NLMSG_PUT(ub->skb, 0, ub->qlen, ULOG_NL_EVENT, 201 nlh = NLMSG_PUT(ub->skb, 0, ub->qlen, ULOG_NL_EVENT,
@@ -272,11 +268,9 @@ static void ipt_ulog_packet(unsigned int hooknum,
272 return; 268 return;
273 269
274nlmsg_failure: 270nlmsg_failure:
275 PRINTR("ipt_ULOG: error during NLMSG_PUT\n"); 271 pr_debug("error during NLMSG_PUT\n");
276
277alloc_failure: 272alloc_failure:
278 PRINTR("ipt_ULOG: Error building netlink message\n"); 273 pr_debug("Error building netlink message\n");
279
280 spin_unlock_bh(&ulog_lock); 274 spin_unlock_bh(&ulog_lock);
281} 275}
282 276
@@ -318,12 +312,11 @@ static bool ulog_tg_check(const struct xt_tgchk_param *par)
318 const struct ipt_ulog_info *loginfo = par->targinfo; 312 const struct ipt_ulog_info *loginfo = par->targinfo;
319 313
320 if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { 314 if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
321 pr_debug("ipt_ULOG: prefix term %i\n", 315 pr_debug("prefix not null-terminated\n");
322 loginfo->prefix[sizeof(loginfo->prefix) - 1]);
323 return false; 316 return false;
324 } 317 }
325 if (loginfo->qthreshold > ULOG_MAX_QLEN) { 318 if (loginfo->qthreshold > ULOG_MAX_QLEN) {
326 pr_debug("ipt_ULOG: queue threshold %Zu > MAX_QLEN\n", 319 pr_debug("queue threshold %Zu > MAX_QLEN\n",
327 loginfo->qthreshold); 320 loginfo->qthreshold);
328 return false; 321 return false;
329 } 322 }
@@ -389,10 +382,10 @@ static int __init ulog_tg_init(void)
389{ 382{
390 int ret, i; 383 int ret, i;
391 384
392 pr_debug("ipt_ULOG: init module\n"); 385 pr_debug("init module\n");
393 386
394 if (nlbufsiz > 128*1024) { 387 if (nlbufsiz > 128*1024) {
395 printk("Netlink buffer has to be <= 128kB\n"); 388 pr_warning("Netlink buffer has to be <= 128kB\n");
396 return -EINVAL; 389 return -EINVAL;
397 } 390 }
398 391
@@ -422,7 +415,7 @@ static void __exit ulog_tg_exit(void)
422 ulog_buff_t *ub; 415 ulog_buff_t *ub;
423 int i; 416 int i;
424 417
425 pr_debug("ipt_ULOG: cleanup_module\n"); 418 pr_debug("cleanup_module\n");
426 419
427 if (nflog) 420 if (nflog)
428 nf_log_unregister(&ipt_ulog_logger); 421 nf_log_unregister(&ipt_ulog_logger);
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c
index 3b216be3bc9f..ea4f58a46c6e 100644
--- a/net/ipv4/netfilter/ipt_addrtype.c
+++ b/net/ipv4/netfilter/ipt_addrtype.c
@@ -8,7 +8,7 @@
8 * it under the terms of the GNU General Public License version 2 as 8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation. 9 * published by the Free Software Foundation.
10 */ 10 */
11 11#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12#include <linux/kernel.h> 12#include <linux/kernel.h>
13#include <linux/module.h> 13#include <linux/module.h>
14#include <linux/skbuff.h> 14#include <linux/skbuff.h>
@@ -76,24 +76,24 @@ static bool addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par)
76 76
77 if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN && 77 if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN &&
78 info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) { 78 info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
79 printk(KERN_ERR "ipt_addrtype: both incoming and outgoing " 79 pr_info("both incoming and outgoing "
80 "interface limitation cannot be selected\n"); 80 "interface limitation cannot be selected\n");
81 return false; 81 return false;
82 } 82 }
83 83
84 if (par->hook_mask & ((1 << NF_INET_PRE_ROUTING) | 84 if (par->hook_mask & ((1 << NF_INET_PRE_ROUTING) |
85 (1 << NF_INET_LOCAL_IN)) && 85 (1 << NF_INET_LOCAL_IN)) &&
86 info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) { 86 info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
87 printk(KERN_ERR "ipt_addrtype: output interface limitation " 87 pr_info("output interface limitation "
88 "not valid in PRE_ROUTING and INPUT\n"); 88 "not valid in PREROUTING and INPUT\n");
89 return false; 89 return false;
90 } 90 }
91 91
92 if (par->hook_mask & ((1 << NF_INET_POST_ROUTING) | 92 if (par->hook_mask & ((1 << NF_INET_POST_ROUTING) |
93 (1 << NF_INET_LOCAL_OUT)) && 93 (1 << NF_INET_LOCAL_OUT)) &&
94 info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) { 94 info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) {
95 printk(KERN_ERR "ipt_addrtype: input interface limitation " 95 pr_info("input interface limitation "
96 "not valid in POST_ROUTING and OUTPUT\n"); 96 "not valid in POSTROUTING and OUTPUT\n");
97 return false; 97 return false;
98 } 98 }
99 99
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c
index 2a1e56b71908..e661108c73f1 100644
--- a/net/ipv4/netfilter/ipt_ecn.c
+++ b/net/ipv4/netfilter/ipt_ecn.c
@@ -6,7 +6,7 @@
6 * it under the terms of the GNU General Public License version 2 as 6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
8 */ 8 */
9 9#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10#include <linux/in.h> 10#include <linux/in.h>
11#include <linux/ip.h> 11#include <linux/ip.h>
12#include <net/ip.h> 12#include <net/ip.h>
@@ -98,8 +98,7 @@ static bool ecn_mt_check(const struct xt_mtchk_param *par)
98 98
99 if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR) && 99 if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR) &&
100 ip->proto != IPPROTO_TCP) { 100 ip->proto != IPPROTO_TCP) {
101 printk(KERN_WARNING "ipt_ecn: can't match TCP bits in rule for" 101 pr_info("cannot match TCP bits in rule for non-tcp packets\n");
102 " non-tcp packets\n");
103 return false; 102 return false;
104 } 103 }
105 104
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index ab74cc0535e2..7d6345e416c7 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -7,6 +7,7 @@
7 */ 7 */
8 8
9/* Everything about the rules for NAT. */ 9/* Everything about the rules for NAT. */
10#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10#include <linux/types.h> 11#include <linux/types.h>
11#include <linux/ip.h> 12#include <linux/ip.h>
12#include <linux/netfilter.h> 13#include <linux/netfilter.h>
@@ -79,7 +80,7 @@ static bool ipt_snat_checkentry(const struct xt_tgchk_param *par)
79 80
80 /* Must be a valid range */ 81 /* Must be a valid range */
81 if (mr->rangesize != 1) { 82 if (mr->rangesize != 1) {
82 printk("SNAT: multiple ranges no longer supported\n"); 83 pr_info("SNAT: multiple ranges no longer supported\n");
83 return false; 84 return false;
84 } 85 }
85 return true; 86 return true;
@@ -91,7 +92,7 @@ static bool ipt_dnat_checkentry(const struct xt_tgchk_param *par)
91 92
92 /* Must be a valid range */ 93 /* Must be a valid range */
93 if (mr->rangesize != 1) { 94 if (mr->rangesize != 1) {
94 printk("DNAT: multiple ranges no longer supported\n"); 95 pr_info("DNAT: multiple ranges no longer supported\n");
95 return false; 96 return false;
96 } 97 }
97 return true; 98 return true;
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 9210e312edf1..1b2414e03a34 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -40,13 +40,13 @@ MODULE_DESCRIPTION("IPv6 packet filter");
40/*#define DEBUG_IP_FIREWALL_USER*/ 40/*#define DEBUG_IP_FIREWALL_USER*/
41 41
42#ifdef DEBUG_IP_FIREWALL 42#ifdef DEBUG_IP_FIREWALL
43#define dprintf(format, args...) printk(format , ## args) 43#define dprintf(format, args...) pr_info(format , ## args)
44#else 44#else
45#define dprintf(format, args...) 45#define dprintf(format, args...)
46#endif 46#endif
47 47
48#ifdef DEBUG_IP_FIREWALL_USER 48#ifdef DEBUG_IP_FIREWALL_USER
49#define duprintf(format, args...) printk(format , ## args) 49#define duprintf(format, args...) pr_info(format , ## args)
50#else 50#else
51#define duprintf(format, args...) 51#define duprintf(format, args...)
52#endif 52#endif
@@ -200,8 +200,7 @@ static unsigned int
200ip6t_error(struct sk_buff *skb, const struct xt_target_param *par) 200ip6t_error(struct sk_buff *skb, const struct xt_target_param *par)
201{ 201{
202 if (net_ratelimit()) 202 if (net_ratelimit())
203 printk("ip6_tables: error: `%s'\n", 203 pr_info("error: `%s'\n", (const char *)par->targinfo);
204 (const char *)par->targinfo);
205 204
206 return NF_DROP; 205 return NF_DROP;
207} 206}
@@ -2308,7 +2307,7 @@ static int __init ip6_tables_init(void)
2308 if (ret < 0) 2307 if (ret < 0)
2309 goto err5; 2308 goto err5;
2310 2309
2311 printk(KERN_INFO "ip6_tables: (C) 2000-2006 Netfilter Core Team\n"); 2310 pr_info("(C) 2000-2006 Netfilter Core Team\n");
2312 return 0; 2311 return 0;
2313 2312
2314err5: 2313err5:
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
index e16c0c7d086d..5a79883220e0 100644
--- a/net/ipv6/netfilter/ip6t_LOG.c
+++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -9,7 +9,7 @@
9 * it under the terms of the GNU General Public License version 2 as 9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation. 10 * published by the Free Software Foundation.
11 */ 11 */
12 12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13#include <linux/module.h> 13#include <linux/module.h>
14#include <linux/skbuff.h> 14#include <linux/skbuff.h>
15#include <linux/if_arp.h> 15#include <linux/if_arp.h>
@@ -456,12 +456,11 @@ static bool log_tg6_check(const struct xt_tgchk_param *par)
456 const struct ip6t_log_info *loginfo = par->targinfo; 456 const struct ip6t_log_info *loginfo = par->targinfo;
457 457
458 if (loginfo->level >= 8) { 458 if (loginfo->level >= 8) {
459 pr_debug("LOG: level %u >= 8\n", loginfo->level); 459 pr_debug("level %u >= 8\n", loginfo->level);
460 return false; 460 return false;
461 } 461 }
462 if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { 462 if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
463 pr_debug("LOG: prefix term %i\n", 463 pr_debug("prefix not null-terminated\n");
464 loginfo->prefix[sizeof(loginfo->prefix)-1]);
465 return false; 464 return false;
466 } 465 }
467 return true; 466 return true;
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index dd8afbaf00a8..45efb9f38fcb 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -14,7 +14,7 @@
14 * as published by the Free Software Foundation; either version 14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version. 15 * 2 of the License, or (at your option) any later version.
16 */ 16 */
17 17#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
18#include <linux/module.h> 18#include <linux/module.h>
19#include <linux/skbuff.h> 19#include <linux/skbuff.h>
20#include <linux/icmpv6.h> 20#include <linux/icmpv6.h>
@@ -49,7 +49,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
49 49
50 if ((!(ipv6_addr_type(&oip6h->saddr) & IPV6_ADDR_UNICAST)) || 50 if ((!(ipv6_addr_type(&oip6h->saddr) & IPV6_ADDR_UNICAST)) ||
51 (!(ipv6_addr_type(&oip6h->daddr) & IPV6_ADDR_UNICAST))) { 51 (!(ipv6_addr_type(&oip6h->daddr) & IPV6_ADDR_UNICAST))) {
52 pr_debug("ip6t_REJECT: addr is not unicast.\n"); 52 pr_debug("addr is not unicast.\n");
53 return; 53 return;
54 } 54 }
55 55
@@ -57,7 +57,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
57 tcphoff = ipv6_skip_exthdr(oldskb, ((u8*)(oip6h+1) - oldskb->data), &proto); 57 tcphoff = ipv6_skip_exthdr(oldskb, ((u8*)(oip6h+1) - oldskb->data), &proto);
58 58
59 if ((tcphoff < 0) || (tcphoff > oldskb->len)) { 59 if ((tcphoff < 0) || (tcphoff > oldskb->len)) {
60 pr_debug("ip6t_REJECT: Can't get TCP header.\n"); 60 pr_debug("Cannot get TCP header.\n");
61 return; 61 return;
62 } 62 }
63 63
@@ -65,7 +65,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
65 65
66 /* IP header checks: fragment, too short. */ 66 /* IP header checks: fragment, too short. */
67 if (proto != IPPROTO_TCP || otcplen < sizeof(struct tcphdr)) { 67 if (proto != IPPROTO_TCP || otcplen < sizeof(struct tcphdr)) {
68 pr_debug("ip6t_REJECT: proto(%d) != IPPROTO_TCP, " 68 pr_debug("proto(%d) != IPPROTO_TCP, "
69 "or too short. otcplen = %d\n", 69 "or too short. otcplen = %d\n",
70 proto, otcplen); 70 proto, otcplen);
71 return; 71 return;
@@ -76,14 +76,14 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
76 76
77 /* No RST for RST. */ 77 /* No RST for RST. */
78 if (otcph.rst) { 78 if (otcph.rst) {
79 pr_debug("ip6t_REJECT: RST is set\n"); 79 pr_debug("RST is set\n");
80 return; 80 return;
81 } 81 }
82 82
83 /* Check checksum. */ 83 /* Check checksum. */
84 if (csum_ipv6_magic(&oip6h->saddr, &oip6h->daddr, otcplen, IPPROTO_TCP, 84 if (csum_ipv6_magic(&oip6h->saddr, &oip6h->daddr, otcplen, IPPROTO_TCP,
85 skb_checksum(oldskb, tcphoff, otcplen, 0))) { 85 skb_checksum(oldskb, tcphoff, otcplen, 0))) {
86 pr_debug("ip6t_REJECT: TCP checksum is invalid\n"); 86 pr_debug("TCP checksum is invalid\n");
87 return; 87 return;
88 } 88 }
89 89
@@ -107,7 +107,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
107 107
108 if (!nskb) { 108 if (!nskb) {
109 if (net_ratelimit()) 109 if (net_ratelimit())
110 printk("ip6t_REJECT: Can't alloc skb\n"); 110 pr_debug("cannot alloc skb\n");
111 dst_release(dst); 111 dst_release(dst);
112 return; 112 return;
113 } 113 }
@@ -206,7 +206,7 @@ reject_tg6(struct sk_buff *skb, const struct xt_target_param *par)
206 break; 206 break;
207 default: 207 default:
208 if (net_ratelimit()) 208 if (net_ratelimit())
209 printk(KERN_WARNING "ip6t_REJECT: case %u not handled yet\n", reject->with); 209 pr_info("case %u not handled yet\n", reject->with);
210 break; 210 break;
211 } 211 }
212 212
@@ -219,13 +219,13 @@ static bool reject_tg6_check(const struct xt_tgchk_param *par)
219 const struct ip6t_entry *e = par->entryinfo; 219 const struct ip6t_entry *e = par->entryinfo;
220 220
221 if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) { 221 if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) {
222 printk("ip6t_REJECT: ECHOREPLY is not supported.\n"); 222 pr_info("ECHOREPLY is not supported.\n");
223 return false; 223 return false;
224 } else if (rejinfo->with == IP6T_TCP_RESET) { 224 } else if (rejinfo->with == IP6T_TCP_RESET) {
225 /* Must specify that it's a TCP packet */ 225 /* Must specify that it's a TCP packet */
226 if (e->ipv6.proto != IPPROTO_TCP || 226 if (e->ipv6.proto != IPPROTO_TCP ||
227 (e->ipv6.invflags & XT_INV_PROTO)) { 227 (e->ipv6.invflags & XT_INV_PROTO)) {
228 printk("ip6t_REJECT: TCP_RESET illegal for non-tcp\n"); 228 pr_info("TCP_RESET illegal for non-tcp\n");
229 return false; 229 return false;
230 } 230 }
231 } 231 }
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c
index ac0b7c629d78..4429bfd39e11 100644
--- a/net/ipv6/netfilter/ip6t_ah.c
+++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -6,7 +6,7 @@
6 * it under the terms of the GNU General Public License version 2 as 6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
8 */ 8 */
9 9#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10#include <linux/module.h> 10#include <linux/module.h>
11#include <linux/skbuff.h> 11#include <linux/skbuff.h>
12#include <linux/ip.h> 12#include <linux/ip.h>
@@ -29,7 +29,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
29{ 29{
30 bool r; 30 bool r;
31 31
32 pr_debug("ah spi_match:%c 0x%x <= 0x%x <= 0x%x", 32 pr_debug("spi_match:%c 0x%x <= 0x%x <= 0x%x\n",
33 invert ? '!' : ' ', min, spi, max); 33 invert ? '!' : ' ', min, spi, max);
34 r = (spi >= min && spi <= max) ^ invert; 34 r = (spi >= min && spi <= max) ^ invert;
35 pr_debug(" result %s\n", r ? "PASS" : "FAILED"); 35 pr_debug(" result %s\n", r ? "PASS" : "FAILED");
@@ -92,7 +92,7 @@ static bool ah_mt6_check(const struct xt_mtchk_param *par)
92 const struct ip6t_ah *ahinfo = par->matchinfo; 92 const struct ip6t_ah *ahinfo = par->matchinfo;
93 93
94 if (ahinfo->invflags & ~IP6T_AH_INV_MASK) { 94 if (ahinfo->invflags & ~IP6T_AH_INV_MASK) {
95 pr_debug("ip6t_ah: unknown flags %X\n", ahinfo->invflags); 95 pr_debug("unknown flags %X\n", ahinfo->invflags);
96 return false; 96 return false;
97 } 97 }
98 return true; 98 return true;
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c
index 7b91c2598ed5..5c0da913b4ab 100644
--- a/net/ipv6/netfilter/ip6t_frag.c
+++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -6,7 +6,7 @@
6 * it under the terms of the GNU General Public License version 2 as 6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
8 */ 8 */
9 9#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10#include <linux/module.h> 10#include <linux/module.h>
11#include <linux/skbuff.h> 11#include <linux/skbuff.h>
12#include <linux/ipv6.h> 12#include <linux/ipv6.h>
@@ -27,7 +27,7 @@ static inline bool
27id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert) 27id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
28{ 28{
29 bool r; 29 bool r;
30 pr_debug("frag id_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ', 30 pr_debug("id_match:%c 0x%x <= 0x%x <= 0x%x\n", invert ? '!' : ' ',
31 min, id, max); 31 min, id, max);
32 r = (id >= min && id <= max) ^ invert; 32 r = (id >= min && id <= max) ^ invert;
33 pr_debug(" result %s\n", r ? "PASS" : "FAILED"); 33 pr_debug(" result %s\n", r ? "PASS" : "FAILED");
@@ -107,7 +107,7 @@ static bool frag_mt6_check(const struct xt_mtchk_param *par)
107 const struct ip6t_frag *fraginfo = par->matchinfo; 107 const struct ip6t_frag *fraginfo = par->matchinfo;
108 108
109 if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) { 109 if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) {
110 pr_debug("ip6t_frag: unknown flags %X\n", fraginfo->invflags); 110 pr_debug("unknown flags %X\n", fraginfo->invflags);
111 return false; 111 return false;
112 } 112 }
113 return true; 113 return true;
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c
index 82593c8bdc3e..f4b73889d00a 100644
--- a/net/ipv6/netfilter/ip6t_hbh.c
+++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -6,7 +6,7 @@
6 * it under the terms of the GNU General Public License version 2 as 6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
8 */ 8 */
9 9#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10#include <linux/module.h> 10#include <linux/module.h>
11#include <linux/skbuff.h> 11#include <linux/skbuff.h>
12#include <linux/ipv6.h> 12#include <linux/ipv6.h>
@@ -169,12 +169,12 @@ static bool hbh_mt6_check(const struct xt_mtchk_param *par)
169 const struct ip6t_opts *optsinfo = par->matchinfo; 169 const struct ip6t_opts *optsinfo = par->matchinfo;
170 170
171 if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) { 171 if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
172 pr_debug("ip6t_opts: unknown flags %X\n", optsinfo->invflags); 172 pr_debug("unknown flags %X\n", optsinfo->invflags);
173 return false; 173 return false;
174 } 174 }
175 175
176 if (optsinfo->flags & IP6T_OPTS_NSTRICT) { 176 if (optsinfo->flags & IP6T_OPTS_NSTRICT) {
177 pr_debug("ip6t_opts: Not strict - not implemented"); 177 pr_debug("Not strict - not implemented");
178 return false; 178 return false;
179 } 179 }
180 180
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index b77307fc8743..c58d65336577 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -6,7 +6,7 @@
6 * it under the terms of the GNU General Public License version 2 as 6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
8 */ 8 */
9 9#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10#include <linux/module.h> 10#include <linux/module.h>
11#include <linux/skbuff.h> 11#include <linux/skbuff.h>
12#include <linux/ipv6.h> 12#include <linux/ipv6.h>
@@ -29,7 +29,7 @@ static inline bool
29segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert) 29segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
30{ 30{
31 bool r; 31 bool r;
32 pr_debug("rt segsleft_match:%c 0x%x <= 0x%x <= 0x%x", 32 pr_debug("segsleft_match:%c 0x%x <= 0x%x <= 0x%x\n",
33 invert ? '!' : ' ', min, id, max); 33 invert ? '!' : ' ', min, id, max);
34 r = (id >= min && id <= max) ^ invert; 34 r = (id >= min && id <= max) ^ invert;
35 pr_debug(" result %s\n", r ? "PASS" : "FAILED"); 35 pr_debug(" result %s\n", r ? "PASS" : "FAILED");
@@ -188,7 +188,7 @@ static bool rt_mt6_check(const struct xt_mtchk_param *par)
188 const struct ip6t_rt *rtinfo = par->matchinfo; 188 const struct ip6t_rt *rtinfo = par->matchinfo;
189 189
190 if (rtinfo->invflags & ~IP6T_RT_INV_MASK) { 190 if (rtinfo->invflags & ~IP6T_RT_INV_MASK) {
191 pr_debug("ip6t_rt: unknown flags %X\n", rtinfo->invflags); 191 pr_debug("unknown flags %X\n", rtinfo->invflags);
192 return false; 192 return false;
193 } 193 }
194 if ((rtinfo->flags & (IP6T_RT_RES | IP6T_RT_FST_MASK)) && 194 if ((rtinfo->flags & (IP6T_RT_RES | IP6T_RT_FST_MASK)) &&
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index 2077da31c973..45161d9a9f23 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -67,15 +67,14 @@ tcpmss_mangle_packet(struct sk_buff *skb,
67 if (info->mss == XT_TCPMSS_CLAMP_PMTU) { 67 if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
68 if (dst_mtu(skb_dst(skb)) <= minlen) { 68 if (dst_mtu(skb_dst(skb)) <= minlen) {
69 if (net_ratelimit()) 69 if (net_ratelimit())
70 pr_err("xt_TCPMSS: " 70 pr_err("unknown or invalid path-MTU (%u)\n",
71 "unknown or invalid path-MTU (%u)\n",
72 dst_mtu(skb_dst(skb))); 71 dst_mtu(skb_dst(skb)));
73 return -1; 72 return -1;
74 } 73 }
75 if (in_mtu <= minlen) { 74 if (in_mtu <= minlen) {
76 if (net_ratelimit()) 75 if (net_ratelimit())
77 pr_err("xt_TCPMSS: unknown or " 76 pr_err("unknown or invalid path-MTU (%u)\n",
78 "invalid path-MTU (%u)\n", in_mtu); 77 in_mtu);
79 return -1; 78 return -1;
80 } 79 }
81 newmss = min(dst_mtu(skb_dst(skb)), in_mtu) - minlen; 80 newmss = min(dst_mtu(skb_dst(skb)), in_mtu) - minlen;
diff --git a/net/netfilter/xt_TPROXY.c b/net/netfilter/xt_TPROXY.c
index 1340c2fa3621..e9244fdc123a 100644
--- a/net/netfilter/xt_TPROXY.c
+++ b/net/netfilter/xt_TPROXY.c
@@ -9,7 +9,7 @@
9 * published by the Free Software Foundation. 9 * published by the Free Software Foundation.
10 * 10 *
11 */ 11 */
12 12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13#include <linux/module.h> 13#include <linux/module.h>
14#include <linux/skbuff.h> 14#include <linux/skbuff.h>
15#include <linux/ip.h> 15#include <linux/ip.h>
@@ -67,7 +67,7 @@ static bool tproxy_tg_check(const struct xt_tgchk_param *par)
67 && !(i->invflags & IPT_INV_PROTO)) 67 && !(i->invflags & IPT_INV_PROTO))
68 return true; 68 return true;
69 69
70 pr_info("xt_TPROXY: Can be used only in combination with " 70 pr_info("Can be used only in combination with "
71 "either -p tcp or -p udp\n"); 71 "either -p tcp or -p udp\n");
72 return false; 72 return false;
73} 73}
diff --git a/net/netfilter/xt_esp.c b/net/netfilter/xt_esp.c
index f9deecbef875..1a446d626769 100644
--- a/net/netfilter/xt_esp.c
+++ b/net/netfilter/xt_esp.c
@@ -29,7 +29,7 @@ static inline bool
29spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert) 29spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
30{ 30{
31 bool r; 31 bool r;
32 pr_debug("esp spi_match:%c 0x%x <= 0x%x <= 0x%x\n", 32 pr_debug("spi_match:%c 0x%x <= 0x%x <= 0x%x\n",
33 invert ? '!' : ' ', min, spi, max); 33 invert ? '!' : ' ', min, spi, max);
34 r = (spi >= min && spi <= max) ^ invert; 34 r = (spi >= min && spi <= max) ^ invert;
35 pr_debug(" result %s\n", r ? "PASS" : "FAILED"); 35 pr_debug(" result %s\n", r ? "PASS" : "FAILED");
diff --git a/net/netfilter/xt_iprange.c b/net/netfilter/xt_iprange.c
index ffc96387d556..8471d9715bde 100644
--- a/net/netfilter/xt_iprange.c
+++ b/net/netfilter/xt_iprange.c
@@ -8,6 +8,7 @@
8 * it under the terms of the GNU General Public License version 2 as 8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation. 9 * published by the Free Software Foundation.
10 */ 10 */
11#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
11#include <linux/module.h> 12#include <linux/module.h>
12#include <linux/skbuff.h> 13#include <linux/skbuff.h>
13#include <linux/ip.h> 14#include <linux/ip.h>
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index aa9817e91338..72cbced48a8d 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -321,8 +321,8 @@ static bool recent_mt_check(const struct xt_mtchk_param *par)
321 hash_rnd_inited = true; 321 hash_rnd_inited = true;
322 } 322 }
323 if (info->check_set & ~XT_RECENT_VALID_FLAGS) { 323 if (info->check_set & ~XT_RECENT_VALID_FLAGS) {
324 pr_info(KBUILD_MODNAME ": Unsupported user space flags " 324 pr_info("Unsupported user space flags (%08x)\n",
325 "(%08x)\n", info->check_set); 325 info->check_set);
326 return false; 326 return false;
327 } 327 }
328 if (hweight8(info->check_set & 328 if (hweight8(info->check_set &
@@ -336,7 +336,7 @@ static bool recent_mt_check(const struct xt_mtchk_param *par)
336 if ((info->check_set & XT_RECENT_REAP) && !info->seconds) 336 if ((info->check_set & XT_RECENT_REAP) && !info->seconds)
337 return false; 337 return false;
338 if (info->hit_count > ip_pkt_list_tot) { 338 if (info->hit_count > ip_pkt_list_tot) {
339 pr_info(KBUILD_MODNAME ": hitcount (%u) is larger than " 339 pr_info("hitcount (%u) is larger than "
340 "packets to be remembered (%u)\n", 340 "packets to be remembered (%u)\n",
341 info->hit_count, ip_pkt_list_tot); 341 info->hit_count, ip_pkt_list_tot);
342 return false; 342 return false;
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c
index 6a902564d24f..a9b16867e1f7 100644
--- a/net/netfilter/xt_socket.c
+++ b/net/netfilter/xt_socket.c
@@ -9,7 +9,7 @@
9 * published by the Free Software Foundation. 9 * published by the Free Software Foundation.
10 * 10 *
11 */ 11 */
12 12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13#include <linux/module.h> 13#include <linux/module.h>
14#include <linux/skbuff.h> 14#include <linux/skbuff.h>
15#include <linux/netfilter/x_tables.h> 15#include <linux/netfilter/x_tables.h>
@@ -165,8 +165,7 @@ socket_match(const struct sk_buff *skb, const struct xt_match_param *par,
165 sk = NULL; 165 sk = NULL;
166 } 166 }
167 167
168 pr_debug("socket match: proto %u %08x:%u -> %08x:%u " 168 pr_debug("proto %u %08x:%u -> %08x:%u (orig %08x:%u) sock %p\n",
169 "(orig %08x:%u) sock %p\n",
170 protocol, ntohl(saddr), ntohs(sport), 169 protocol, ntohl(saddr), ntohs(sport),
171 ntohl(daddr), ntohs(dport), 170 ntohl(daddr), ntohs(dport),
172 ntohl(iph->daddr), hp ? ntohs(hp->dest) : 0, sk); 171 ntohl(iph->daddr), hp ? ntohs(hp->dest) : 0, sk);
diff --git a/net/netfilter/xt_time.c b/net/netfilter/xt_time.c
index 9a9c9a3b0a5d..45ed05b5161f 100644
--- a/net/netfilter/xt_time.c
+++ b/net/netfilter/xt_time.c
@@ -223,8 +223,8 @@ static bool time_mt_check(const struct xt_mtchk_param *par)
223 223
224 if (info->daytime_start > XT_TIME_MAX_DAYTIME || 224 if (info->daytime_start > XT_TIME_MAX_DAYTIME ||
225 info->daytime_stop > XT_TIME_MAX_DAYTIME) { 225 info->daytime_stop > XT_TIME_MAX_DAYTIME) {
226 printk(KERN_WARNING "xt_time: invalid argument - start or " 226 pr_info("invalid argument - start or "
227 "stop time greater than 23:59:59\n"); 227 "stop time greater than 23:59:59\n");
228 return false; 228 return false;
229 } 229 }
230 230