diff options
-rw-r--r-- | include/linux/netfilter_ipv4.h | 6 | ||||
-rw-r--r-- | include/linux/skbuff.h | 13 | ||||
-rw-r--r-- | net/bridge/br_forward.c | 3 | ||||
-rw-r--r-- | net/bridge/br_input.c | 4 | ||||
-rw-r--r-- | net/bridge/br_netfilter.c | 38 | ||||
-rw-r--r-- | net/core/netfilter.c | 138 | ||||
-rw-r--r-- | net/core/skbuff.c | 6 | ||||
-rw-r--r-- | net/ipv4/ip_input.c | 4 | ||||
-rw-r--r-- | net/ipv4/ip_output.c | 11 | ||||
-rw-r--r-- | net/ipv4/ipvs/ip_vs_xmit.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 9 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_helper.c | 3 | ||||
-rw-r--r-- | net/ipv6/ip6_output.c | 3 |
13 files changed, 0 insertions, 239 deletions
diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h index 9e5750079e09..3ebc36afae1a 100644 --- a/include/linux/netfilter_ipv4.h +++ b/include/linux/netfilter_ipv4.h | |||
@@ -75,12 +75,6 @@ enum nf_ip_hook_priorities { | |||
75 | #define SO_ORIGINAL_DST 80 | 75 | #define SO_ORIGINAL_DST 80 |
76 | 76 | ||
77 | #ifdef __KERNEL__ | 77 | #ifdef __KERNEL__ |
78 | #ifdef CONFIG_NETFILTER_DEBUG | ||
79 | void nf_debug_ip_local_deliver(struct sk_buff *skb); | ||
80 | void nf_debug_ip_loopback_xmit(struct sk_buff *newskb); | ||
81 | void nf_debug_ip_finish_output2(struct sk_buff *skb); | ||
82 | #endif /*CONFIG_NETFILTER_DEBUG*/ | ||
83 | |||
84 | extern int ip_route_me_harder(struct sk_buff **pskb); | 78 | extern int ip_route_me_harder(struct sk_buff **pskb); |
85 | 79 | ||
86 | /* Call this before modifying an existing IP packet: ensures it is | 80 | /* Call this before modifying an existing IP packet: ensures it is |
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index cc04f5cd2286..d7c839a21842 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h | |||
@@ -193,7 +193,6 @@ struct skb_shared_info { | |||
193 | * @nfcache: Cache info | 193 | * @nfcache: Cache info |
194 | * @nfct: Associated connection, if any | 194 | * @nfct: Associated connection, if any |
195 | * @nfctinfo: Relationship of this skb to the connection | 195 | * @nfctinfo: Relationship of this skb to the connection |
196 | * @nf_debug: Netfilter debugging | ||
197 | * @nf_bridge: Saved data about a bridged frame - see br_netfilter.c | 196 | * @nf_bridge: Saved data about a bridged frame - see br_netfilter.c |
198 | * @private: Data which is private to the HIPPI implementation | 197 | * @private: Data which is private to the HIPPI implementation |
199 | * @tc_index: Traffic control index | 198 | * @tc_index: Traffic control index |
@@ -264,9 +263,6 @@ struct sk_buff { | |||
264 | __u32 nfcache; | 263 | __u32 nfcache; |
265 | __u32 nfctinfo; | 264 | __u32 nfctinfo; |
266 | struct nf_conntrack *nfct; | 265 | struct nf_conntrack *nfct; |
267 | #ifdef CONFIG_NETFILTER_DEBUG | ||
268 | unsigned int nf_debug; | ||
269 | #endif | ||
270 | #ifdef CONFIG_BRIDGE_NETFILTER | 266 | #ifdef CONFIG_BRIDGE_NETFILTER |
271 | struct nf_bridge_info *nf_bridge; | 267 | struct nf_bridge_info *nf_bridge; |
272 | #endif | 268 | #endif |
@@ -1219,15 +1215,6 @@ static inline void nf_reset(struct sk_buff *skb) | |||
1219 | { | 1215 | { |
1220 | nf_conntrack_put(skb->nfct); | 1216 | nf_conntrack_put(skb->nfct); |
1221 | skb->nfct = NULL; | 1217 | skb->nfct = NULL; |
1222 | #ifdef CONFIG_NETFILTER_DEBUG | ||
1223 | skb->nf_debug = 0; | ||
1224 | #endif | ||
1225 | } | ||
1226 | static inline void nf_reset_debug(struct sk_buff *skb) | ||
1227 | { | ||
1228 | #ifdef CONFIG_NETFILTER_DEBUG | ||
1229 | skb->nf_debug = 0; | ||
1230 | #endif | ||
1231 | } | 1218 | } |
1232 | 1219 | ||
1233 | #ifdef CONFIG_BRIDGE_NETFILTER | 1220 | #ifdef CONFIG_BRIDGE_NETFILTER |
diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c index ef9f2095f96e..069253f830c1 100644 --- a/net/bridge/br_forward.c +++ b/net/bridge/br_forward.c | |||
@@ -57,9 +57,6 @@ int br_forward_finish(struct sk_buff *skb) | |||
57 | static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb) | 57 | static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb) |
58 | { | 58 | { |
59 | skb->dev = to->dev; | 59 | skb->dev = to->dev; |
60 | #ifdef CONFIG_NETFILTER_DEBUG | ||
61 | skb->nf_debug = 0; | ||
62 | #endif | ||
63 | NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, | 60 | NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, |
64 | br_forward_finish); | 61 | br_forward_finish); |
65 | } | 62 | } |
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index 8f5f2e730992..9a45e6279c57 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c | |||
@@ -23,11 +23,7 @@ const unsigned char bridge_ula[6] = { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x00 }; | |||
23 | 23 | ||
24 | static int br_pass_frame_up_finish(struct sk_buff *skb) | 24 | static int br_pass_frame_up_finish(struct sk_buff *skb) |
25 | { | 25 | { |
26 | #ifdef CONFIG_NETFILTER_DEBUG | ||
27 | skb->nf_debug = 0; | ||
28 | #endif | ||
29 | netif_receive_skb(skb); | 26 | netif_receive_skb(skb); |
30 | |||
31 | return 0; | 27 | return 0; |
32 | } | 28 | } |
33 | 29 | ||
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index be03d3ad2648..03ae4edddac3 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c | |||
@@ -102,10 +102,6 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb) | |||
102 | { | 102 | { |
103 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; | 103 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; |
104 | 104 | ||
105 | #ifdef CONFIG_NETFILTER_DEBUG | ||
106 | skb->nf_debug ^= (1 << NF_BR_PRE_ROUTING); | ||
107 | #endif | ||
108 | |||
109 | if (nf_bridge->mask & BRNF_PKT_TYPE) { | 105 | if (nf_bridge->mask & BRNF_PKT_TYPE) { |
110 | skb->pkt_type = PACKET_OTHERHOST; | 106 | skb->pkt_type = PACKET_OTHERHOST; |
111 | nf_bridge->mask ^= BRNF_PKT_TYPE; | 107 | nf_bridge->mask ^= BRNF_PKT_TYPE; |
@@ -182,10 +178,6 @@ static void __br_dnat_complain(void) | |||
182 | * --Bart, 20021007 (updated) */ | 178 | * --Bart, 20021007 (updated) */ |
183 | static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb) | 179 | static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb) |
184 | { | 180 | { |
185 | #ifdef CONFIG_NETFILTER_DEBUG | ||
186 | skb->nf_debug |= (1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_FORWARD); | ||
187 | #endif | ||
188 | |||
189 | if (skb->pkt_type == PACKET_OTHERHOST) { | 181 | if (skb->pkt_type == PACKET_OTHERHOST) { |
190 | skb->pkt_type = PACKET_HOST; | 182 | skb->pkt_type = PACKET_HOST; |
191 | skb->nf_bridge->mask |= BRNF_PKT_TYPE; | 183 | skb->nf_bridge->mask |= BRNF_PKT_TYPE; |
@@ -207,10 +199,6 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb) | |||
207 | struct iphdr *iph = skb->nh.iph; | 199 | struct iphdr *iph = skb->nh.iph; |
208 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; | 200 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; |
209 | 201 | ||
210 | #ifdef CONFIG_NETFILTER_DEBUG | ||
211 | skb->nf_debug ^= (1 << NF_BR_PRE_ROUTING); | ||
212 | #endif | ||
213 | |||
214 | if (nf_bridge->mask & BRNF_PKT_TYPE) { | 202 | if (nf_bridge->mask & BRNF_PKT_TYPE) { |
215 | skb->pkt_type = PACKET_OTHERHOST; | 203 | skb->pkt_type = PACKET_OTHERHOST; |
216 | nf_bridge->mask ^= BRNF_PKT_TYPE; | 204 | nf_bridge->mask ^= BRNF_PKT_TYPE; |
@@ -382,9 +370,6 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook, | |||
382 | if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb)) | 370 | if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb)) |
383 | goto inhdr_error; | 371 | goto inhdr_error; |
384 | 372 | ||
385 | #ifdef CONFIG_NETFILTER_DEBUG | ||
386 | skb->nf_debug ^= (1 << NF_IP6_PRE_ROUTING); | ||
387 | #endif | ||
388 | if ((nf_bridge = nf_bridge_alloc(skb)) == NULL) | 373 | if ((nf_bridge = nf_bridge_alloc(skb)) == NULL) |
389 | return NF_DROP; | 374 | return NF_DROP; |
390 | setup_pre_routing(skb); | 375 | setup_pre_routing(skb); |
@@ -468,9 +453,6 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb, | |||
468 | skb->ip_summed = CHECKSUM_NONE; | 453 | skb->ip_summed = CHECKSUM_NONE; |
469 | } | 454 | } |
470 | 455 | ||
471 | #ifdef CONFIG_NETFILTER_DEBUG | ||
472 | skb->nf_debug ^= (1 << NF_IP_PRE_ROUTING); | ||
473 | #endif | ||
474 | if ((nf_bridge = nf_bridge_alloc(skb)) == NULL) | 456 | if ((nf_bridge = nf_bridge_alloc(skb)) == NULL) |
475 | return NF_DROP; | 457 | return NF_DROP; |
476 | setup_pre_routing(skb); | 458 | setup_pre_routing(skb); |
@@ -517,10 +499,6 @@ static int br_nf_forward_finish(struct sk_buff *skb) | |||
517 | struct net_device *in; | 499 | struct net_device *in; |
518 | struct vlan_ethhdr *hdr = vlan_eth_hdr(skb); | 500 | struct vlan_ethhdr *hdr = vlan_eth_hdr(skb); |
519 | 501 | ||
520 | #ifdef CONFIG_NETFILTER_DEBUG | ||
521 | skb->nf_debug ^= (1 << NF_BR_FORWARD); | ||
522 | #endif | ||
523 | |||
524 | if (skb->protocol != __constant_htons(ETH_P_ARP) && !IS_VLAN_ARP) { | 502 | if (skb->protocol != __constant_htons(ETH_P_ARP) && !IS_VLAN_ARP) { |
525 | in = nf_bridge->physindev; | 503 | in = nf_bridge->physindev; |
526 | if (nf_bridge->mask & BRNF_PKT_TYPE) { | 504 | if (nf_bridge->mask & BRNF_PKT_TYPE) { |
@@ -566,9 +544,6 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb, | |||
566 | (*pskb)->nh.raw += VLAN_HLEN; | 544 | (*pskb)->nh.raw += VLAN_HLEN; |
567 | } | 545 | } |
568 | 546 | ||
569 | #ifdef CONFIG_NETFILTER_DEBUG | ||
570 | skb->nf_debug ^= (1 << NF_BR_FORWARD); | ||
571 | #endif | ||
572 | nf_bridge = skb->nf_bridge; | 547 | nf_bridge = skb->nf_bridge; |
573 | if (skb->pkt_type == PACKET_OTHERHOST) { | 548 | if (skb->pkt_type == PACKET_OTHERHOST) { |
574 | skb->pkt_type = PACKET_HOST; | 549 | skb->pkt_type = PACKET_HOST; |
@@ -605,10 +580,6 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb, | |||
605 | (*pskb)->nh.raw += VLAN_HLEN; | 580 | (*pskb)->nh.raw += VLAN_HLEN; |
606 | } | 581 | } |
607 | 582 | ||
608 | #ifdef CONFIG_NETFILTER_DEBUG | ||
609 | skb->nf_debug ^= (1 << NF_BR_FORWARD); | ||
610 | #endif | ||
611 | |||
612 | if (skb->nh.arph->ar_pln != 4) { | 583 | if (skb->nh.arph->ar_pln != 4) { |
613 | if (IS_VLAN_ARP) { | 584 | if (IS_VLAN_ARP) { |
614 | skb_push(*pskb, VLAN_HLEN); | 585 | skb_push(*pskb, VLAN_HLEN); |
@@ -627,9 +598,6 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb, | |||
627 | /* PF_BRIDGE/LOCAL_OUT ***********************************************/ | 598 | /* PF_BRIDGE/LOCAL_OUT ***********************************************/ |
628 | static int br_nf_local_out_finish(struct sk_buff *skb) | 599 | static int br_nf_local_out_finish(struct sk_buff *skb) |
629 | { | 600 | { |
630 | #ifdef CONFIG_NETFILTER_DEBUG | ||
631 | skb->nf_debug &= ~(1 << NF_BR_LOCAL_OUT); | ||
632 | #endif | ||
633 | if (skb->protocol == __constant_htons(ETH_P_8021Q)) { | 601 | if (skb->protocol == __constant_htons(ETH_P_8021Q)) { |
634 | skb_push(skb, VLAN_HLEN); | 602 | skb_push(skb, VLAN_HLEN); |
635 | skb->nh.raw -= VLAN_HLEN; | 603 | skb->nh.raw -= VLAN_HLEN; |
@@ -731,10 +699,6 @@ static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb, | |||
731 | realoutdev, br_nf_local_out_finish, | 699 | realoutdev, br_nf_local_out_finish, |
732 | NF_IP_PRI_BRIDGE_SABOTAGE_FORWARD + 1); | 700 | NF_IP_PRI_BRIDGE_SABOTAGE_FORWARD + 1); |
733 | } else { | 701 | } else { |
734 | #ifdef CONFIG_NETFILTER_DEBUG | ||
735 | skb->nf_debug ^= (1 << NF_IP_LOCAL_OUT); | ||
736 | #endif | ||
737 | |||
738 | NF_HOOK_THRESH(pf, NF_IP_LOCAL_OUT, skb, realindev, | 702 | NF_HOOK_THRESH(pf, NF_IP_LOCAL_OUT, skb, realindev, |
739 | realoutdev, br_nf_local_out_finish, | 703 | realoutdev, br_nf_local_out_finish, |
740 | NF_IP_PRI_BRIDGE_SABOTAGE_LOCAL_OUT + 1); | 704 | NF_IP_PRI_BRIDGE_SABOTAGE_LOCAL_OUT + 1); |
@@ -779,8 +743,6 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb, | |||
779 | printk(KERN_CRIT "br_netfilter: skb->dst == NULL."); | 743 | printk(KERN_CRIT "br_netfilter: skb->dst == NULL."); |
780 | goto print_error; | 744 | goto print_error; |
781 | } | 745 | } |
782 | |||
783 | skb->nf_debug ^= (1 << NF_IP_POST_ROUTING); | ||
784 | #endif | 746 | #endif |
785 | 747 | ||
786 | /* We assume any code from br_dev_queue_push_xmit onwards doesn't care | 748 | /* We assume any code from br_dev_queue_push_xmit onwards doesn't care |
diff --git a/net/core/netfilter.c b/net/core/netfilter.c index 22a8f127c4aa..076c156d5eda 100644 --- a/net/core/netfilter.c +++ b/net/core/netfilter.c | |||
@@ -141,136 +141,6 @@ void nf_unregister_sockopt(struct nf_sockopt_ops *reg) | |||
141 | up(&nf_sockopt_mutex); | 141 | up(&nf_sockopt_mutex); |
142 | } | 142 | } |
143 | 143 | ||
144 | #ifdef CONFIG_NETFILTER_DEBUG | ||
145 | #include <net/ip.h> | ||
146 | #include <net/tcp.h> | ||
147 | #include <linux/netfilter_ipv4.h> | ||
148 | |||
149 | static void debug_print_hooks_ip(unsigned int nf_debug) | ||
150 | { | ||
151 | if (nf_debug & (1 << NF_IP_PRE_ROUTING)) { | ||
152 | printk("PRE_ROUTING "); | ||
153 | nf_debug ^= (1 << NF_IP_PRE_ROUTING); | ||
154 | } | ||
155 | if (nf_debug & (1 << NF_IP_LOCAL_IN)) { | ||
156 | printk("LOCAL_IN "); | ||
157 | nf_debug ^= (1 << NF_IP_LOCAL_IN); | ||
158 | } | ||
159 | if (nf_debug & (1 << NF_IP_FORWARD)) { | ||
160 | printk("FORWARD "); | ||
161 | nf_debug ^= (1 << NF_IP_FORWARD); | ||
162 | } | ||
163 | if (nf_debug & (1 << NF_IP_LOCAL_OUT)) { | ||
164 | printk("LOCAL_OUT "); | ||
165 | nf_debug ^= (1 << NF_IP_LOCAL_OUT); | ||
166 | } | ||
167 | if (nf_debug & (1 << NF_IP_POST_ROUTING)) { | ||
168 | printk("POST_ROUTING "); | ||
169 | nf_debug ^= (1 << NF_IP_POST_ROUTING); | ||
170 | } | ||
171 | if (nf_debug) | ||
172 | printk("Crap bits: 0x%04X", nf_debug); | ||
173 | printk("\n"); | ||
174 | } | ||
175 | |||
176 | static void nf_dump_skb(int pf, struct sk_buff *skb) | ||
177 | { | ||
178 | printk("skb: pf=%i %s dev=%s len=%u\n", | ||
179 | pf, | ||
180 | skb->sk ? "(owned)" : "(unowned)", | ||
181 | skb->dev ? skb->dev->name : "(no dev)", | ||
182 | skb->len); | ||
183 | switch (pf) { | ||
184 | case PF_INET: { | ||
185 | const struct iphdr *ip = skb->nh.iph; | ||
186 | __u32 *opt = (__u32 *) (ip + 1); | ||
187 | int opti; | ||
188 | __u16 src_port = 0, dst_port = 0; | ||
189 | |||
190 | if (ip->protocol == IPPROTO_TCP | ||
191 | || ip->protocol == IPPROTO_UDP) { | ||
192 | struct tcphdr *tcp=(struct tcphdr *)((__u32 *)ip+ip->ihl); | ||
193 | src_port = ntohs(tcp->source); | ||
194 | dst_port = ntohs(tcp->dest); | ||
195 | } | ||
196 | |||
197 | printk("PROTO=%d %u.%u.%u.%u:%hu %u.%u.%u.%u:%hu" | ||
198 | " L=%hu S=0x%2.2hX I=%hu F=0x%4.4hX T=%hu", | ||
199 | ip->protocol, NIPQUAD(ip->saddr), | ||
200 | src_port, NIPQUAD(ip->daddr), | ||
201 | dst_port, | ||
202 | ntohs(ip->tot_len), ip->tos, ntohs(ip->id), | ||
203 | ntohs(ip->frag_off), ip->ttl); | ||
204 | |||
205 | for (opti = 0; opti < (ip->ihl - sizeof(struct iphdr) / 4); opti++) | ||
206 | printk(" O=0x%8.8X", *opt++); | ||
207 | printk("\n"); | ||
208 | } | ||
209 | } | ||
210 | } | ||
211 | |||
212 | void nf_debug_ip_local_deliver(struct sk_buff *skb) | ||
213 | { | ||
214 | /* If it's a loopback packet, it must have come through | ||
215 | * NF_IP_LOCAL_OUT, NF_IP_RAW_INPUT, NF_IP_PRE_ROUTING and | ||
216 | * NF_IP_LOCAL_IN. Otherwise, must have gone through | ||
217 | * NF_IP_RAW_INPUT and NF_IP_PRE_ROUTING. */ | ||
218 | if (!skb->dev) { | ||
219 | printk("ip_local_deliver: skb->dev is NULL.\n"); | ||
220 | } else { | ||
221 | if (skb->nf_debug != ((1<<NF_IP_PRE_ROUTING) | ||
222 | | (1<<NF_IP_LOCAL_IN))) { | ||
223 | printk("ip_local_deliver: bad skb: "); | ||
224 | debug_print_hooks_ip(skb->nf_debug); | ||
225 | nf_dump_skb(PF_INET, skb); | ||
226 | } | ||
227 | } | ||
228 | } | ||
229 | |||
230 | void nf_debug_ip_loopback_xmit(struct sk_buff *newskb) | ||
231 | { | ||
232 | if (newskb->nf_debug != ((1 << NF_IP_LOCAL_OUT) | ||
233 | | (1 << NF_IP_POST_ROUTING))) { | ||
234 | printk("ip_dev_loopback_xmit: bad owned skb = %p: ", | ||
235 | newskb); | ||
236 | debug_print_hooks_ip(newskb->nf_debug); | ||
237 | nf_dump_skb(PF_INET, newskb); | ||
238 | } | ||
239 | } | ||
240 | |||
241 | void nf_debug_ip_finish_output2(struct sk_buff *skb) | ||
242 | { | ||
243 | /* If it's owned, it must have gone through the | ||
244 | * NF_IP_LOCAL_OUT and NF_IP_POST_ROUTING. | ||
245 | * Otherwise, must have gone through | ||
246 | * NF_IP_PRE_ROUTING, NF_IP_FORWARD and NF_IP_POST_ROUTING. | ||
247 | */ | ||
248 | if (skb->sk) { | ||
249 | if (skb->nf_debug != ((1 << NF_IP_LOCAL_OUT) | ||
250 | | (1 << NF_IP_POST_ROUTING))) { | ||
251 | printk("ip_finish_output: bad owned skb = %p: ", skb); | ||
252 | debug_print_hooks_ip(skb->nf_debug); | ||
253 | nf_dump_skb(PF_INET, skb); | ||
254 | } | ||
255 | } else { | ||
256 | if (skb->nf_debug != ((1 << NF_IP_PRE_ROUTING) | ||
257 | | (1 << NF_IP_FORWARD) | ||
258 | | (1 << NF_IP_POST_ROUTING))) { | ||
259 | /* Fragments, entunnelled packets, TCP RSTs | ||
260 | generated by ipt_REJECT will have no | ||
261 | owners, but still may be local */ | ||
262 | if (skb->nf_debug != ((1 << NF_IP_LOCAL_OUT) | ||
263 | | (1 << NF_IP_POST_ROUTING))){ | ||
264 | printk("ip_finish_output:" | ||
265 | " bad unowned skb = %p: ",skb); | ||
266 | debug_print_hooks_ip(skb->nf_debug); | ||
267 | nf_dump_skb(PF_INET, skb); | ||
268 | } | ||
269 | } | ||
270 | } | ||
271 | } | ||
272 | #endif /*CONFIG_NETFILTER_DEBUG*/ | ||
273 | |||
274 | /* Call get/setsockopt() */ | 144 | /* Call get/setsockopt() */ |
275 | static int nf_sockopt(struct sock *sk, int pf, int val, | 145 | static int nf_sockopt(struct sock *sk, int pf, int val, |
276 | char __user *opt, int *len, int get) | 146 | char __user *opt, int *len, int get) |
@@ -488,14 +358,6 @@ int nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb, | |||
488 | /* We may already have this, but read-locks nest anyway */ | 358 | /* We may already have this, but read-locks nest anyway */ |
489 | rcu_read_lock(); | 359 | rcu_read_lock(); |
490 | 360 | ||
491 | #ifdef CONFIG_NETFILTER_DEBUG | ||
492 | if (unlikely((*pskb)->nf_debug & (1 << hook))) { | ||
493 | printk("nf_hook: hook %i already set.\n", hook); | ||
494 | nf_dump_skb(pf, *pskb); | ||
495 | } | ||
496 | (*pskb)->nf_debug |= (1 << hook); | ||
497 | #endif | ||
498 | |||
499 | elem = &nf_hooks[pf][hook]; | 361 | elem = &nf_hooks[pf][hook]; |
500 | next_hook: | 362 | next_hook: |
501 | verdict = nf_iterate(&nf_hooks[pf][hook], pskb, hook, indev, | 363 | verdict = nf_iterate(&nf_hooks[pf][hook], pskb, hook, indev, |
diff --git a/net/core/skbuff.c b/net/core/skbuff.c index f65b3de590a9..6d68c03bc051 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c | |||
@@ -365,9 +365,6 @@ struct sk_buff *skb_clone(struct sk_buff *skb, int gfp_mask) | |||
365 | C(nfct); | 365 | C(nfct); |
366 | nf_conntrack_get(skb->nfct); | 366 | nf_conntrack_get(skb->nfct); |
367 | C(nfctinfo); | 367 | C(nfctinfo); |
368 | #ifdef CONFIG_NETFILTER_DEBUG | ||
369 | C(nf_debug); | ||
370 | #endif | ||
371 | #ifdef CONFIG_BRIDGE_NETFILTER | 368 | #ifdef CONFIG_BRIDGE_NETFILTER |
372 | C(nf_bridge); | 369 | C(nf_bridge); |
373 | nf_bridge_get(skb->nf_bridge); | 370 | nf_bridge_get(skb->nf_bridge); |
@@ -432,9 +429,6 @@ static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old) | |||
432 | new->nfct = old->nfct; | 429 | new->nfct = old->nfct; |
433 | nf_conntrack_get(old->nfct); | 430 | nf_conntrack_get(old->nfct); |
434 | new->nfctinfo = old->nfctinfo; | 431 | new->nfctinfo = old->nfctinfo; |
435 | #ifdef CONFIG_NETFILTER_DEBUG | ||
436 | new->nf_debug = old->nf_debug; | ||
437 | #endif | ||
438 | #ifdef CONFIG_BRIDGE_NETFILTER | 432 | #ifdef CONFIG_BRIDGE_NETFILTER |
439 | new->nf_bridge = old->nf_bridge; | 433 | new->nf_bridge = old->nf_bridge; |
440 | nf_bridge_get(old->nf_bridge); | 434 | nf_bridge_get(old->nf_bridge); |
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index 4e47a2658c7c..2b7485e65040 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c | |||
@@ -200,10 +200,6 @@ static inline int ip_local_deliver_finish(struct sk_buff *skb) | |||
200 | { | 200 | { |
201 | int ihl = skb->nh.iph->ihl*4; | 201 | int ihl = skb->nh.iph->ihl*4; |
202 | 202 | ||
203 | #ifdef CONFIG_NETFILTER_DEBUG | ||
204 | nf_debug_ip_local_deliver(skb); | ||
205 | #endif /*CONFIG_NETFILTER_DEBUG*/ | ||
206 | |||
207 | __skb_pull(skb, ihl); | 203 | __skb_pull(skb, ihl); |
208 | 204 | ||
209 | /* Free reference early: we don't need it any more, and it may | 205 | /* Free reference early: we don't need it any more, and it may |
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 760dc8238d65..ee07aec215a0 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c | |||
@@ -107,10 +107,6 @@ static int ip_dev_loopback_xmit(struct sk_buff *newskb) | |||
107 | newskb->pkt_type = PACKET_LOOPBACK; | 107 | newskb->pkt_type = PACKET_LOOPBACK; |
108 | newskb->ip_summed = CHECKSUM_UNNECESSARY; | 108 | newskb->ip_summed = CHECKSUM_UNNECESSARY; |
109 | BUG_TRAP(newskb->dst); | 109 | BUG_TRAP(newskb->dst); |
110 | |||
111 | #ifdef CONFIG_NETFILTER_DEBUG | ||
112 | nf_debug_ip_loopback_xmit(newskb); | ||
113 | #endif | ||
114 | nf_reset(newskb); | 110 | nf_reset(newskb); |
115 | netif_rx(newskb); | 111 | netif_rx(newskb); |
116 | return 0; | 112 | return 0; |
@@ -192,10 +188,6 @@ static inline int ip_finish_output2(struct sk_buff *skb) | |||
192 | skb = skb2; | 188 | skb = skb2; |
193 | } | 189 | } |
194 | 190 | ||
195 | #ifdef CONFIG_NETFILTER_DEBUG | ||
196 | nf_debug_ip_finish_output2(skb); | ||
197 | #endif /*CONFIG_NETFILTER_DEBUG*/ | ||
198 | |||
199 | nf_reset(skb); | 191 | nf_reset(skb); |
200 | 192 | ||
201 | if (hh) { | 193 | if (hh) { |
@@ -415,9 +407,6 @@ static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from) | |||
415 | to->nf_bridge = from->nf_bridge; | 407 | to->nf_bridge = from->nf_bridge; |
416 | nf_bridge_get(to->nf_bridge); | 408 | nf_bridge_get(to->nf_bridge); |
417 | #endif | 409 | #endif |
418 | #ifdef CONFIG_NETFILTER_DEBUG | ||
419 | to->nf_debug = from->nf_debug; | ||
420 | #endif | ||
421 | #endif | 410 | #endif |
422 | } | 411 | } |
423 | 412 | ||
diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c index de21da00057f..a8512a3fd08a 100644 --- a/net/ipv4/ipvs/ip_vs_xmit.c +++ b/net/ipv4/ipvs/ip_vs_xmit.c | |||
@@ -127,7 +127,6 @@ ip_vs_dst_reset(struct ip_vs_dest *dest) | |||
127 | 127 | ||
128 | #define IP_VS_XMIT(skb, rt) \ | 128 | #define IP_VS_XMIT(skb, rt) \ |
129 | do { \ | 129 | do { \ |
130 | nf_reset_debug(skb); \ | ||
131 | (skb)->nfcache |= NFC_IPVS_PROPERTY; \ | 130 | (skb)->nfcache |= NFC_IPVS_PROPERTY; \ |
132 | (skb)->ip_summed = CHECKSUM_NONE; \ | 131 | (skb)->ip_summed = CHECKSUM_NONE; \ |
133 | NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL, \ | 132 | NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL, \ |
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index a7377a331ade..ffba0ad3c880 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
@@ -940,10 +940,6 @@ void ip_ct_refresh_acct(struct ip_conntrack *ct, | |||
940 | struct sk_buff * | 940 | struct sk_buff * |
941 | ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user) | 941 | ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user) |
942 | { | 942 | { |
943 | #ifdef CONFIG_NETFILTER_DEBUG | ||
944 | unsigned int olddebug = skb->nf_debug; | ||
945 | #endif | ||
946 | |||
947 | skb_orphan(skb); | 943 | skb_orphan(skb); |
948 | 944 | ||
949 | local_bh_disable(); | 945 | local_bh_disable(); |
@@ -953,12 +949,7 @@ ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user) | |||
953 | if (skb) { | 949 | if (skb) { |
954 | ip_send_check(skb->nh.iph); | 950 | ip_send_check(skb->nh.iph); |
955 | skb->nfcache |= NFC_ALTERED; | 951 | skb->nfcache |= NFC_ALTERED; |
956 | #ifdef CONFIG_NETFILTER_DEBUG | ||
957 | /* Packet path as if nothing had happened. */ | ||
958 | skb->nf_debug = olddebug; | ||
959 | #endif | ||
960 | } | 952 | } |
961 | |||
962 | return skb; | 953 | return skb; |
963 | } | 954 | } |
964 | 955 | ||
diff --git a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c index 9cd51f180dcf..158f34f32c04 100644 --- a/net/ipv4/netfilter/ip_nat_helper.c +++ b/net/ipv4/netfilter/ip_nat_helper.c | |||
@@ -142,9 +142,6 @@ static int enlarge_skb(struct sk_buff **pskb, unsigned int extra) | |||
142 | /* Transfer socket to new skb. */ | 142 | /* Transfer socket to new skb. */ |
143 | if ((*pskb)->sk) | 143 | if ((*pskb)->sk) |
144 | skb_set_owner_w(nskb, (*pskb)->sk); | 144 | skb_set_owner_w(nskb, (*pskb)->sk); |
145 | #ifdef CONFIG_NETFILTER_DEBUG | ||
146 | nskb->nf_debug = (*pskb)->nf_debug; | ||
147 | #endif | ||
148 | kfree_skb(*pskb); | 145 | kfree_skb(*pskb); |
149 | *pskb = nskb; | 146 | *pskb = nskb; |
150 | return 1; | 147 | return 1; |
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index b78a53586804..06e7cdaeedc5 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c | |||
@@ -484,9 +484,6 @@ static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from) | |||
484 | to->nf_bridge = from->nf_bridge; | 484 | to->nf_bridge = from->nf_bridge; |
485 | nf_bridge_get(to->nf_bridge); | 485 | nf_bridge_get(to->nf_bridge); |
486 | #endif | 486 | #endif |
487 | #ifdef CONFIG_NETFILTER_DEBUG | ||
488 | to->nf_debug = from->nf_debug; | ||
489 | #endif | ||
490 | #endif | 487 | #endif |
491 | } | 488 | } |
492 | 489 | ||