diff options
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/iptable_filter.c | 7 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_mangle.c | 6 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_raw.c | 6 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_security.c | 6 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 5 |
5 files changed, 5 insertions, 25 deletions
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index c9224310ebae..52cb6939d093 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c | |||
@@ -93,13 +93,8 @@ ipt_local_out_hook(unsigned int hook, | |||
93 | { | 93 | { |
94 | /* root is playing with raw sockets. */ | 94 | /* root is playing with raw sockets. */ |
95 | if (skb->len < sizeof(struct iphdr) || | 95 | if (skb->len < sizeof(struct iphdr) || |
96 | ip_hdrlen(skb) < sizeof(struct iphdr)) { | 96 | ip_hdrlen(skb) < sizeof(struct iphdr)) |
97 | if (net_ratelimit()) | ||
98 | printk("iptable_filter: ignoring short SOCK_RAW " | ||
99 | "packet.\n"); | ||
100 | return NF_ACCEPT; | 97 | return NF_ACCEPT; |
101 | } | ||
102 | |||
103 | return ipt_do_table(skb, hook, in, out, | 98 | return ipt_do_table(skb, hook, in, out, |
104 | dev_net(out)->ipv4.iptable_filter); | 99 | dev_net(out)->ipv4.iptable_filter); |
105 | } | 100 | } |
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index 69f2c4287146..3929d20b9e45 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c | |||
@@ -132,12 +132,8 @@ ipt_local_hook(unsigned int hook, | |||
132 | 132 | ||
133 | /* root is playing with raw sockets. */ | 133 | /* root is playing with raw sockets. */ |
134 | if (skb->len < sizeof(struct iphdr) | 134 | if (skb->len < sizeof(struct iphdr) |
135 | || ip_hdrlen(skb) < sizeof(struct iphdr)) { | 135 | || ip_hdrlen(skb) < sizeof(struct iphdr)) |
136 | if (net_ratelimit()) | ||
137 | printk("iptable_mangle: ignoring short SOCK_RAW " | ||
138 | "packet.\n"); | ||
139 | return NF_ACCEPT; | 136 | return NF_ACCEPT; |
140 | } | ||
141 | 137 | ||
142 | /* Save things which could affect route */ | 138 | /* Save things which could affect route */ |
143 | mark = skb->mark; | 139 | mark = skb->mark; |
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c index 8faebfe638f1..7f65d18333e3 100644 --- a/net/ipv4/netfilter/iptable_raw.c +++ b/net/ipv4/netfilter/iptable_raw.c | |||
@@ -65,12 +65,8 @@ ipt_local_hook(unsigned int hook, | |||
65 | { | 65 | { |
66 | /* root is playing with raw sockets. */ | 66 | /* root is playing with raw sockets. */ |
67 | if (skb->len < sizeof(struct iphdr) || | 67 | if (skb->len < sizeof(struct iphdr) || |
68 | ip_hdrlen(skb) < sizeof(struct iphdr)) { | 68 | ip_hdrlen(skb) < sizeof(struct iphdr)) |
69 | if (net_ratelimit()) | ||
70 | printk("iptable_raw: ignoring short SOCK_RAW " | ||
71 | "packet.\n"); | ||
72 | return NF_ACCEPT; | 69 | return NF_ACCEPT; |
73 | } | ||
74 | return ipt_do_table(skb, hook, in, out, | 70 | return ipt_do_table(skb, hook, in, out, |
75 | dev_net(out)->ipv4.iptable_raw); | 71 | dev_net(out)->ipv4.iptable_raw); |
76 | } | 72 | } |
diff --git a/net/ipv4/netfilter/iptable_security.c b/net/ipv4/netfilter/iptable_security.c index 36f3be3cc428..a52a35f4a584 100644 --- a/net/ipv4/netfilter/iptable_security.c +++ b/net/ipv4/netfilter/iptable_security.c | |||
@@ -96,12 +96,8 @@ ipt_local_out_hook(unsigned int hook, | |||
96 | { | 96 | { |
97 | /* Somebody is playing with raw sockets. */ | 97 | /* Somebody is playing with raw sockets. */ |
98 | if (skb->len < sizeof(struct iphdr) | 98 | if (skb->len < sizeof(struct iphdr) |
99 | || ip_hdrlen(skb) < sizeof(struct iphdr)) { | 99 | || ip_hdrlen(skb) < sizeof(struct iphdr)) |
100 | if (net_ratelimit()) | ||
101 | printk(KERN_INFO "iptable_security: ignoring short " | ||
102 | "SOCK_RAW packet.\n"); | ||
103 | return NF_ACCEPT; | 100 | return NF_ACCEPT; |
104 | } | ||
105 | return ipt_do_table(skb, hook, in, out, | 101 | return ipt_do_table(skb, hook, in, out, |
106 | dev_net(out)->ipv4.iptable_security); | 102 | dev_net(out)->ipv4.iptable_security); |
107 | } | 103 | } |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index b2141e11575e..4beb04fac588 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
@@ -145,11 +145,8 @@ static unsigned int ipv4_conntrack_local(unsigned int hooknum, | |||
145 | { | 145 | { |
146 | /* root is playing with raw sockets. */ | 146 | /* root is playing with raw sockets. */ |
147 | if (skb->len < sizeof(struct iphdr) || | 147 | if (skb->len < sizeof(struct iphdr) || |
148 | ip_hdrlen(skb) < sizeof(struct iphdr)) { | 148 | ip_hdrlen(skb) < sizeof(struct iphdr)) |
149 | if (net_ratelimit()) | ||
150 | printk("ipt_hook: happy cracking.\n"); | ||
151 | return NF_ACCEPT; | 149 | return NF_ACCEPT; |
152 | } | ||
153 | return nf_conntrack_in(dev_net(out), PF_INET, hooknum, skb); | 150 | return nf_conntrack_in(dev_net(out), PF_INET, hooknum, skb); |
154 | } | 151 | } |
155 | 152 | ||