aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/ipv4/netfilter/iptable_filter.c7
-rw-r--r--net/ipv4/netfilter/iptable_mangle.c6
-rw-r--r--net/ipv4/netfilter/iptable_raw.c6
-rw-r--r--net/ipv4/netfilter/iptable_security.c6
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c5
5 files changed, 5 insertions, 25 deletions
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index c9224310ebae..52cb6939d093 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -93,13 +93,8 @@ ipt_local_out_hook(unsigned int hook,
93{ 93{
94 /* root is playing with raw sockets. */ 94 /* root is playing with raw sockets. */
95 if (skb->len < sizeof(struct iphdr) || 95 if (skb->len < sizeof(struct iphdr) ||
96 ip_hdrlen(skb) < sizeof(struct iphdr)) { 96 ip_hdrlen(skb) < sizeof(struct iphdr))
97 if (net_ratelimit())
98 printk("iptable_filter: ignoring short SOCK_RAW "
99 "packet.\n");
100 return NF_ACCEPT; 97 return NF_ACCEPT;
101 }
102
103 return ipt_do_table(skb, hook, in, out, 98 return ipt_do_table(skb, hook, in, out,
104 dev_net(out)->ipv4.iptable_filter); 99 dev_net(out)->ipv4.iptable_filter);
105} 100}
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index 69f2c4287146..3929d20b9e45 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -132,12 +132,8 @@ ipt_local_hook(unsigned int hook,
132 132
133 /* root is playing with raw sockets. */ 133 /* root is playing with raw sockets. */
134 if (skb->len < sizeof(struct iphdr) 134 if (skb->len < sizeof(struct iphdr)
135 || ip_hdrlen(skb) < sizeof(struct iphdr)) { 135 || ip_hdrlen(skb) < sizeof(struct iphdr))
136 if (net_ratelimit())
137 printk("iptable_mangle: ignoring short SOCK_RAW "
138 "packet.\n");
139 return NF_ACCEPT; 136 return NF_ACCEPT;
140 }
141 137
142 /* Save things which could affect route */ 138 /* Save things which could affect route */
143 mark = skb->mark; 139 mark = skb->mark;
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c
index 8faebfe638f1..7f65d18333e3 100644
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -65,12 +65,8 @@ ipt_local_hook(unsigned int hook,
65{ 65{
66 /* root is playing with raw sockets. */ 66 /* root is playing with raw sockets. */
67 if (skb->len < sizeof(struct iphdr) || 67 if (skb->len < sizeof(struct iphdr) ||
68 ip_hdrlen(skb) < sizeof(struct iphdr)) { 68 ip_hdrlen(skb) < sizeof(struct iphdr))
69 if (net_ratelimit())
70 printk("iptable_raw: ignoring short SOCK_RAW "
71 "packet.\n");
72 return NF_ACCEPT; 69 return NF_ACCEPT;
73 }
74 return ipt_do_table(skb, hook, in, out, 70 return ipt_do_table(skb, hook, in, out,
75 dev_net(out)->ipv4.iptable_raw); 71 dev_net(out)->ipv4.iptable_raw);
76} 72}
diff --git a/net/ipv4/netfilter/iptable_security.c b/net/ipv4/netfilter/iptable_security.c
index 36f3be3cc428..a52a35f4a584 100644
--- a/net/ipv4/netfilter/iptable_security.c
+++ b/net/ipv4/netfilter/iptable_security.c
@@ -96,12 +96,8 @@ ipt_local_out_hook(unsigned int hook,
96{ 96{
97 /* Somebody is playing with raw sockets. */ 97 /* Somebody is playing with raw sockets. */
98 if (skb->len < sizeof(struct iphdr) 98 if (skb->len < sizeof(struct iphdr)
99 || ip_hdrlen(skb) < sizeof(struct iphdr)) { 99 || ip_hdrlen(skb) < sizeof(struct iphdr))
100 if (net_ratelimit())
101 printk(KERN_INFO "iptable_security: ignoring short "
102 "SOCK_RAW packet.\n");
103 return NF_ACCEPT; 100 return NF_ACCEPT;
104 }
105 return ipt_do_table(skb, hook, in, out, 101 return ipt_do_table(skb, hook, in, out,
106 dev_net(out)->ipv4.iptable_security); 102 dev_net(out)->ipv4.iptable_security);
107} 103}
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index b2141e11575e..4beb04fac588 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -145,11 +145,8 @@ static unsigned int ipv4_conntrack_local(unsigned int hooknum,
145{ 145{
146 /* root is playing with raw sockets. */ 146 /* root is playing with raw sockets. */
147 if (skb->len < sizeof(struct iphdr) || 147 if (skb->len < sizeof(struct iphdr) ||
148 ip_hdrlen(skb) < sizeof(struct iphdr)) { 148 ip_hdrlen(skb) < sizeof(struct iphdr))
149 if (net_ratelimit())
150 printk("ipt_hook: happy cracking.\n");
151 return NF_ACCEPT; 149 return NF_ACCEPT;
152 }
153 return nf_conntrack_in(dev_net(out), PF_INET, hooknum, skb); 150 return nf_conntrack_in(dev_net(out), PF_INET, hooknum, skb);
154} 151}
155 152