diff options
Diffstat (limited to 'net/ipv4')
22 files changed, 189 insertions, 330 deletions
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c index 1981acedbfe8..8bacda3f6f6c 100644 --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c | |||
@@ -30,14 +30,6 @@ | |||
30 | 30 | ||
31 | #define CLUSTERIP_VERSION "0.8" | 31 | #define CLUSTERIP_VERSION "0.8" |
32 | 32 | ||
33 | #define DEBUG_CLUSTERIP | ||
34 | |||
35 | #ifdef DEBUG_CLUSTERIP | ||
36 | #define DEBUGP printk | ||
37 | #else | ||
38 | #define DEBUGP | ||
39 | #endif | ||
40 | |||
41 | MODULE_LICENSE("GPL"); | 33 | MODULE_LICENSE("GPL"); |
42 | MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); | 34 | MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); |
43 | MODULE_DESCRIPTION("iptables target for CLUSTERIP"); | 35 | MODULE_DESCRIPTION("iptables target for CLUSTERIP"); |
@@ -351,15 +343,15 @@ target(struct sk_buff **pskb, | |||
351 | break; | 343 | break; |
352 | } | 344 | } |
353 | 345 | ||
354 | #ifdef DEBUG_CLUSTERP | 346 | #ifdef DEBUG |
355 | DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); | 347 | DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); |
356 | #endif | 348 | #endif |
357 | DEBUGP("hash=%u ct_hash=%u ", hash, ct->mark); | 349 | pr_debug("hash=%u ct_hash=%u ", hash, ct->mark); |
358 | if (!clusterip_responsible(cipinfo->config, hash)) { | 350 | if (!clusterip_responsible(cipinfo->config, hash)) { |
359 | DEBUGP("not responsible\n"); | 351 | pr_debug("not responsible\n"); |
360 | return NF_DROP; | 352 | return NF_DROP; |
361 | } | 353 | } |
362 | DEBUGP("responsible\n"); | 354 | pr_debug("responsible\n"); |
363 | 355 | ||
364 | /* despite being received via linklayer multicast, this is | 356 | /* despite being received via linklayer multicast, this is |
365 | * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */ | 357 | * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */ |
@@ -490,7 +482,7 @@ struct arp_payload { | |||
490 | __be32 dst_ip; | 482 | __be32 dst_ip; |
491 | } __attribute__ ((packed)); | 483 | } __attribute__ ((packed)); |
492 | 484 | ||
493 | #ifdef CLUSTERIP_DEBUG | 485 | #ifdef DEBUG |
494 | static void arp_print(struct arp_payload *payload) | 486 | static void arp_print(struct arp_payload *payload) |
495 | { | 487 | { |
496 | #define HBUFFERLEN 30 | 488 | #define HBUFFERLEN 30 |
@@ -546,8 +538,9 @@ arp_mangle(unsigned int hook, | |||
546 | * this wouldn't work, since we didn't subscribe the mcast group on | 538 | * this wouldn't work, since we didn't subscribe the mcast group on |
547 | * other interfaces */ | 539 | * other interfaces */ |
548 | if (c->dev != out) { | 540 | if (c->dev != out) { |
549 | DEBUGP("CLUSTERIP: not mangling arp reply on different " | 541 | pr_debug("CLUSTERIP: not mangling arp reply on different " |
550 | "interface: cip'%s'-skb'%s'\n", c->dev->name, out->name); | 542 | "interface: cip'%s'-skb'%s'\n", |
543 | c->dev->name, out->name); | ||
551 | clusterip_config_put(c); | 544 | clusterip_config_put(c); |
552 | return NF_ACCEPT; | 545 | return NF_ACCEPT; |
553 | } | 546 | } |
@@ -555,8 +548,8 @@ arp_mangle(unsigned int hook, | |||
555 | /* mangle reply hardware address */ | 548 | /* mangle reply hardware address */ |
556 | memcpy(payload->src_hw, c->clustermac, arp->ar_hln); | 549 | memcpy(payload->src_hw, c->clustermac, arp->ar_hln); |
557 | 550 | ||
558 | #ifdef CLUSTERIP_DEBUG | 551 | #ifdef DEBUG |
559 | DEBUGP(KERN_DEBUG "CLUSTERIP mangled arp reply: "); | 552 | pr_debug(KERN_DEBUG "CLUSTERIP mangled arp reply: "); |
560 | arp_print(payload); | 553 | arp_print(payload); |
561 | #endif | 554 | #endif |
562 | 555 | ||
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c index 9bfce614ec28..5937ad150b9f 100644 --- a/net/ipv4/netfilter/ipt_LOG.c +++ b/net/ipv4/netfilter/ipt_LOG.c | |||
@@ -27,12 +27,6 @@ MODULE_LICENSE("GPL"); | |||
27 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); | 27 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); |
28 | MODULE_DESCRIPTION("iptables syslog logging module"); | 28 | MODULE_DESCRIPTION("iptables syslog logging module"); |
29 | 29 | ||
30 | #if 0 | ||
31 | #define DEBUGP printk | ||
32 | #else | ||
33 | #define DEBUGP(format, args...) | ||
34 | #endif | ||
35 | |||
36 | /* Use lock to serialize, so printks don't overlap */ | 30 | /* Use lock to serialize, so printks don't overlap */ |
37 | static DEFINE_SPINLOCK(log_lock); | 31 | static DEFINE_SPINLOCK(log_lock); |
38 | 32 | ||
@@ -452,12 +446,12 @@ static bool ipt_log_checkentry(const char *tablename, | |||
452 | const struct ipt_log_info *loginfo = targinfo; | 446 | const struct ipt_log_info *loginfo = targinfo; |
453 | 447 | ||
454 | if (loginfo->level >= 8) { | 448 | if (loginfo->level >= 8) { |
455 | DEBUGP("LOG: level %u >= 8\n", loginfo->level); | 449 | pr_debug("LOG: level %u >= 8\n", loginfo->level); |
456 | return false; | 450 | return false; |
457 | } | 451 | } |
458 | if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { | 452 | if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { |
459 | DEBUGP("LOG: prefix term %i\n", | 453 | pr_debug("LOG: prefix term %i\n", |
460 | loginfo->prefix[sizeof(loginfo->prefix)-1]); | 454 | loginfo->prefix[sizeof(loginfo->prefix)-1]); |
461 | return false; | 455 | return false; |
462 | } | 456 | } |
463 | return true; | 457 | return true; |
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c index bc033e0f424d..7c4e4be7c8b3 100644 --- a/net/ipv4/netfilter/ipt_MASQUERADE.c +++ b/net/ipv4/netfilter/ipt_MASQUERADE.c | |||
@@ -27,12 +27,6 @@ MODULE_LICENSE("GPL"); | |||
27 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); | 27 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); |
28 | MODULE_DESCRIPTION("iptables MASQUERADE target module"); | 28 | MODULE_DESCRIPTION("iptables MASQUERADE target module"); |
29 | 29 | ||
30 | #if 0 | ||
31 | #define DEBUGP printk | ||
32 | #else | ||
33 | #define DEBUGP(format, args...) | ||
34 | #endif | ||
35 | |||
36 | /* Lock protects masq region inside conntrack */ | 30 | /* Lock protects masq region inside conntrack */ |
37 | static DEFINE_RWLOCK(masq_lock); | 31 | static DEFINE_RWLOCK(masq_lock); |
38 | 32 | ||
@@ -47,11 +41,11 @@ masquerade_check(const char *tablename, | |||
47 | const struct nf_nat_multi_range_compat *mr = targinfo; | 41 | const struct nf_nat_multi_range_compat *mr = targinfo; |
48 | 42 | ||
49 | if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { | 43 | if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { |
50 | DEBUGP("masquerade_check: bad MAP_IPS.\n"); | 44 | pr_debug("masquerade_check: bad MAP_IPS.\n"); |
51 | return false; | 45 | return false; |
52 | } | 46 | } |
53 | if (mr->rangesize != 1) { | 47 | if (mr->rangesize != 1) { |
54 | DEBUGP("masquerade_check: bad rangesize %u.\n", mr->rangesize); | 48 | pr_debug("masquerade_check: bad rangesize %u\n", mr->rangesize); |
55 | return false; | 49 | return false; |
56 | } | 50 | } |
57 | return true; | 51 | return true; |
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c index 0a7ce15bbdd0..41a011d5a065 100644 --- a/net/ipv4/netfilter/ipt_NETMAP.c +++ b/net/ipv4/netfilter/ipt_NETMAP.c | |||
@@ -18,17 +18,10 @@ | |||
18 | #include <linux/netfilter/x_tables.h> | 18 | #include <linux/netfilter/x_tables.h> |
19 | #include <net/netfilter/nf_nat_rule.h> | 19 | #include <net/netfilter/nf_nat_rule.h> |
20 | 20 | ||
21 | #define MODULENAME "NETMAP" | ||
22 | MODULE_LICENSE("GPL"); | 21 | MODULE_LICENSE("GPL"); |
23 | MODULE_AUTHOR("Svenning Soerensen <svenning@post5.tele.dk>"); | 22 | MODULE_AUTHOR("Svenning Soerensen <svenning@post5.tele.dk>"); |
24 | MODULE_DESCRIPTION("iptables 1:1 NAT mapping of IP networks target"); | 23 | MODULE_DESCRIPTION("iptables 1:1 NAT mapping of IP networks target"); |
25 | 24 | ||
26 | #if 0 | ||
27 | #define DEBUGP printk | ||
28 | #else | ||
29 | #define DEBUGP(format, args...) | ||
30 | #endif | ||
31 | |||
32 | static bool | 25 | static bool |
33 | check(const char *tablename, | 26 | check(const char *tablename, |
34 | const void *e, | 27 | const void *e, |
@@ -39,11 +32,11 @@ check(const char *tablename, | |||
39 | const struct nf_nat_multi_range_compat *mr = targinfo; | 32 | const struct nf_nat_multi_range_compat *mr = targinfo; |
40 | 33 | ||
41 | if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) { | 34 | if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) { |
42 | DEBUGP(MODULENAME":check: bad MAP_IPS.\n"); | 35 | pr_debug("NETMAP:check: bad MAP_IPS.\n"); |
43 | return false; | 36 | return false; |
44 | } | 37 | } |
45 | if (mr->rangesize != 1) { | 38 | if (mr->rangesize != 1) { |
46 | DEBUGP(MODULENAME":check: bad rangesize %u.\n", mr->rangesize); | 39 | pr_debug("NETMAP:check: bad rangesize %u.\n", mr->rangesize); |
47 | return false; | 40 | return false; |
48 | } | 41 | } |
49 | return true; | 42 | return true; |
@@ -86,7 +79,7 @@ target(struct sk_buff **pskb, | |||
86 | } | 79 | } |
87 | 80 | ||
88 | static struct xt_target target_module __read_mostly = { | 81 | static struct xt_target target_module __read_mostly = { |
89 | .name = MODULENAME, | 82 | .name = "NETMAP", |
90 | .family = AF_INET, | 83 | .family = AF_INET, |
91 | .target = target, | 84 | .target = target, |
92 | .targetsize = sizeof(struct nf_nat_multi_range_compat), | 85 | .targetsize = sizeof(struct nf_nat_multi_range_compat), |
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c index 61e1e4772e37..6ac7a2373316 100644 --- a/net/ipv4/netfilter/ipt_REDIRECT.c +++ b/net/ipv4/netfilter/ipt_REDIRECT.c | |||
@@ -25,12 +25,6 @@ MODULE_LICENSE("GPL"); | |||
25 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); | 25 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); |
26 | MODULE_DESCRIPTION("iptables REDIRECT target module"); | 26 | MODULE_DESCRIPTION("iptables REDIRECT target module"); |
27 | 27 | ||
28 | #if 0 | ||
29 | #define DEBUGP printk | ||
30 | #else | ||
31 | #define DEBUGP(format, args...) | ||
32 | #endif | ||
33 | |||
34 | /* FIXME: Take multiple ranges --RR */ | 28 | /* FIXME: Take multiple ranges --RR */ |
35 | static bool | 29 | static bool |
36 | redirect_check(const char *tablename, | 30 | redirect_check(const char *tablename, |
@@ -42,11 +36,11 @@ redirect_check(const char *tablename, | |||
42 | const struct nf_nat_multi_range_compat *mr = targinfo; | 36 | const struct nf_nat_multi_range_compat *mr = targinfo; |
43 | 37 | ||
44 | if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { | 38 | if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { |
45 | DEBUGP("redirect_check: bad MAP_IPS.\n"); | 39 | pr_debug("redirect_check: bad MAP_IPS.\n"); |
46 | return false; | 40 | return false; |
47 | } | 41 | } |
48 | if (mr->rangesize != 1) { | 42 | if (mr->rangesize != 1) { |
49 | DEBUGP("redirect_check: bad rangesize %u.\n", mr->rangesize); | 43 | pr_debug("redirect_check: bad rangesize %u.\n", mr->rangesize); |
50 | return false; | 44 | return false; |
51 | } | 45 | } |
52 | return true; | 46 | return true; |
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index dd5432c3f365..cb038c8fbc9d 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c | |||
@@ -31,12 +31,6 @@ MODULE_LICENSE("GPL"); | |||
31 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); | 31 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); |
32 | MODULE_DESCRIPTION("iptables REJECT target module"); | 32 | MODULE_DESCRIPTION("iptables REJECT target module"); |
33 | 33 | ||
34 | #if 0 | ||
35 | #define DEBUGP printk | ||
36 | #else | ||
37 | #define DEBUGP(format, args...) | ||
38 | #endif | ||
39 | |||
40 | /* Send RST reply */ | 34 | /* Send RST reply */ |
41 | static void send_reset(struct sk_buff *oldskb, int hook) | 35 | static void send_reset(struct sk_buff *oldskb, int hook) |
42 | { | 36 | { |
@@ -227,13 +221,13 @@ static bool check(const char *tablename, | |||
227 | const struct ipt_entry *e = e_void; | 221 | const struct ipt_entry *e = e_void; |
228 | 222 | ||
229 | if (rejinfo->with == IPT_ICMP_ECHOREPLY) { | 223 | if (rejinfo->with == IPT_ICMP_ECHOREPLY) { |
230 | printk("REJECT: ECHOREPLY no longer supported.\n"); | 224 | printk("ipt_REJECT: ECHOREPLY no longer supported.\n"); |
231 | return false; | 225 | return false; |
232 | } else if (rejinfo->with == IPT_TCP_RESET) { | 226 | } else if (rejinfo->with == IPT_TCP_RESET) { |
233 | /* Must specify that it's a TCP packet */ | 227 | /* Must specify that it's a TCP packet */ |
234 | if (e->ip.proto != IPPROTO_TCP | 228 | if (e->ip.proto != IPPROTO_TCP |
235 | || (e->ip.invflags & XT_INV_PROTO)) { | 229 | || (e->ip.invflags & XT_INV_PROTO)) { |
236 | DEBUGP("REJECT: TCP_RESET invalid for non-tcp\n"); | 230 | printk("ipt_REJECT: TCP_RESET invalid for non-tcp\n"); |
237 | return false; | 231 | return false; |
238 | } | 232 | } |
239 | } | 233 | } |
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c index 3a0d7dac0af8..97641f1a97f6 100644 --- a/net/ipv4/netfilter/ipt_SAME.c +++ b/net/ipv4/netfilter/ipt_SAME.c | |||
@@ -27,12 +27,6 @@ MODULE_LICENSE("GPL"); | |||
27 | MODULE_AUTHOR("Martin Josefsson <gandalf@wlug.westbo.se>"); | 27 | MODULE_AUTHOR("Martin Josefsson <gandalf@wlug.westbo.se>"); |
28 | MODULE_DESCRIPTION("iptables special SNAT module for consistent sourceip"); | 28 | MODULE_DESCRIPTION("iptables special SNAT module for consistent sourceip"); |
29 | 29 | ||
30 | #if 0 | ||
31 | #define DEBUGP printk | ||
32 | #else | ||
33 | #define DEBUGP(format, args...) | ||
34 | #endif | ||
35 | |||
36 | static bool | 30 | static bool |
37 | same_check(const char *tablename, | 31 | same_check(const char *tablename, |
38 | const void *e, | 32 | const void *e, |
@@ -46,54 +40,52 @@ same_check(const char *tablename, | |||
46 | mr->ipnum = 0; | 40 | mr->ipnum = 0; |
47 | 41 | ||
48 | if (mr->rangesize < 1) { | 42 | if (mr->rangesize < 1) { |
49 | DEBUGP("same_check: need at least one dest range.\n"); | 43 | pr_debug("same_check: need at least one dest range.\n"); |
50 | return false; | 44 | return false; |
51 | } | 45 | } |
52 | if (mr->rangesize > IPT_SAME_MAX_RANGE) { | 46 | if (mr->rangesize > IPT_SAME_MAX_RANGE) { |
53 | DEBUGP("same_check: too many ranges specified, maximum " | 47 | pr_debug("same_check: too many ranges specified, maximum " |
54 | "is %u ranges\n", | 48 | "is %u ranges\n", IPT_SAME_MAX_RANGE); |
55 | IPT_SAME_MAX_RANGE); | ||
56 | return false; | 49 | return false; |
57 | } | 50 | } |
58 | for (count = 0; count < mr->rangesize; count++) { | 51 | for (count = 0; count < mr->rangesize; count++) { |
59 | if (ntohl(mr->range[count].min_ip) > | 52 | if (ntohl(mr->range[count].min_ip) > |
60 | ntohl(mr->range[count].max_ip)) { | 53 | ntohl(mr->range[count].max_ip)) { |
61 | DEBUGP("same_check: min_ip is larger than max_ip in " | 54 | pr_debug("same_check: min_ip is larger than max_ip in " |
62 | "range `%u.%u.%u.%u-%u.%u.%u.%u'.\n", | 55 | "range `%u.%u.%u.%u-%u.%u.%u.%u'.\n", |
63 | NIPQUAD(mr->range[count].min_ip), | 56 | NIPQUAD(mr->range[count].min_ip), |
64 | NIPQUAD(mr->range[count].max_ip)); | 57 | NIPQUAD(mr->range[count].max_ip)); |
65 | return false; | 58 | return false; |
66 | } | 59 | } |
67 | if (!(mr->range[count].flags & IP_NAT_RANGE_MAP_IPS)) { | 60 | if (!(mr->range[count].flags & IP_NAT_RANGE_MAP_IPS)) { |
68 | DEBUGP("same_check: bad MAP_IPS.\n"); | 61 | pr_debug("same_check: bad MAP_IPS.\n"); |
69 | return false; | 62 | return false; |
70 | } | 63 | } |
71 | rangeip = (ntohl(mr->range[count].max_ip) - | 64 | rangeip = (ntohl(mr->range[count].max_ip) - |
72 | ntohl(mr->range[count].min_ip) + 1); | 65 | ntohl(mr->range[count].min_ip) + 1); |
73 | mr->ipnum += rangeip; | 66 | mr->ipnum += rangeip; |
74 | 67 | ||
75 | DEBUGP("same_check: range %u, ipnum = %u\n", count, rangeip); | 68 | pr_debug("same_check: range %u, ipnum = %u\n", count, rangeip); |
76 | } | 69 | } |
77 | DEBUGP("same_check: total ipaddresses = %u\n", mr->ipnum); | 70 | pr_debug("same_check: total ipaddresses = %u\n", mr->ipnum); |
78 | 71 | ||
79 | mr->iparray = kmalloc((sizeof(u_int32_t) * mr->ipnum), GFP_KERNEL); | 72 | mr->iparray = kmalloc((sizeof(u_int32_t) * mr->ipnum), GFP_KERNEL); |
80 | if (!mr->iparray) { | 73 | if (!mr->iparray) { |
81 | DEBUGP("same_check: Couldn't allocate %u bytes " | 74 | pr_debug("same_check: Couldn't allocate %Zu bytes " |
82 | "for %u ipaddresses!\n", | 75 | "for %u ipaddresses!\n", |
83 | (sizeof(u_int32_t) * mr->ipnum), mr->ipnum); | 76 | (sizeof(u_int32_t) * mr->ipnum), mr->ipnum); |
84 | return false; | 77 | return false; |
85 | } | 78 | } |
86 | DEBUGP("same_check: Allocated %u bytes for %u ipaddresses.\n", | 79 | pr_debug("same_check: Allocated %Zu bytes for %u ipaddresses.\n", |
87 | (sizeof(u_int32_t) * mr->ipnum), mr->ipnum); | 80 | (sizeof(u_int32_t) * mr->ipnum), mr->ipnum); |
88 | 81 | ||
89 | for (count = 0; count < mr->rangesize; count++) { | 82 | for (count = 0; count < mr->rangesize; count++) { |
90 | for (countess = ntohl(mr->range[count].min_ip); | 83 | for (countess = ntohl(mr->range[count].min_ip); |
91 | countess <= ntohl(mr->range[count].max_ip); | 84 | countess <= ntohl(mr->range[count].max_ip); |
92 | countess++) { | 85 | countess++) { |
93 | mr->iparray[index] = countess; | 86 | mr->iparray[index] = countess; |
94 | DEBUGP("same_check: Added ipaddress `%u.%u.%u.%u' " | 87 | pr_debug("same_check: Added ipaddress `%u.%u.%u.%u' " |
95 | "in index %u.\n", | 88 | "in index %u.\n", HIPQUAD(countess), index); |
96 | HIPQUAD(countess), index); | ||
97 | index++; | 89 | index++; |
98 | } | 90 | } |
99 | } | 91 | } |
@@ -107,8 +99,8 @@ same_destroy(const struct xt_target *target, void *targinfo) | |||
107 | 99 | ||
108 | kfree(mr->iparray); | 100 | kfree(mr->iparray); |
109 | 101 | ||
110 | DEBUGP("same_destroy: Deallocated %u bytes for %u ipaddresses.\n", | 102 | pr_debug("same_destroy: Deallocated %Zu bytes for %u ipaddresses.\n", |
111 | (sizeof(u_int32_t) * mr->ipnum), mr->ipnum); | 103 | (sizeof(u_int32_t) * mr->ipnum), mr->ipnum); |
112 | } | 104 | } |
113 | 105 | ||
114 | static unsigned int | 106 | static unsigned int |
@@ -146,10 +138,9 @@ same_target(struct sk_buff **pskb, | |||
146 | 138 | ||
147 | new_ip = htonl(same->iparray[aindex]); | 139 | new_ip = htonl(same->iparray[aindex]); |
148 | 140 | ||
149 | DEBUGP("ipt_SAME: src=%u.%u.%u.%u dst=%u.%u.%u.%u, " | 141 | pr_debug("ipt_SAME: src=%u.%u.%u.%u dst=%u.%u.%u.%u, " |
150 | "new src=%u.%u.%u.%u\n", | 142 | "new src=%u.%u.%u.%u\n", |
151 | NIPQUAD(t->src.ip), NIPQUAD(t->dst.ip), | 143 | NIPQUAD(t->src.u3.ip), NIPQUAD(t->dst.u3.ip), NIPQUAD(new_ip)); |
152 | NIPQUAD(new_ip)); | ||
153 | 144 | ||
154 | /* Transfer from original range. */ | 145 | /* Transfer from original range. */ |
155 | newrange = ((struct nf_nat_range) | 146 | newrange = ((struct nf_nat_range) |
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index 226750d1f89b..6ca43e4ca7e3 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c | |||
@@ -55,13 +55,6 @@ MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_NFLOG); | |||
55 | #define ULOG_NL_EVENT 111 /* Harald's favorite number */ | 55 | #define ULOG_NL_EVENT 111 /* Harald's favorite number */ |
56 | #define ULOG_MAXNLGROUPS 32 /* numer of nlgroups */ | 56 | #define ULOG_MAXNLGROUPS 32 /* numer of nlgroups */ |
57 | 57 | ||
58 | #if 0 | ||
59 | #define DEBUGP(format, args...) printk("%s:%s:" format, \ | ||
60 | __FILE__, __FUNCTION__ , ## args) | ||
61 | #else | ||
62 | #define DEBUGP(format, args...) | ||
63 | #endif | ||
64 | |||
65 | #define PRINTR(format, args...) do { if (net_ratelimit()) printk(format , ## args); } while (0) | 58 | #define PRINTR(format, args...) do { if (net_ratelimit()) printk(format , ## args); } while (0) |
66 | 59 | ||
67 | static unsigned int nlbufsiz = NLMSG_GOODSIZE; | 60 | static unsigned int nlbufsiz = NLMSG_GOODSIZE; |
@@ -96,12 +89,12 @@ static void ulog_send(unsigned int nlgroupnum) | |||
96 | ulog_buff_t *ub = &ulog_buffers[nlgroupnum]; | 89 | ulog_buff_t *ub = &ulog_buffers[nlgroupnum]; |
97 | 90 | ||
98 | if (timer_pending(&ub->timer)) { | 91 | if (timer_pending(&ub->timer)) { |
99 | DEBUGP("ipt_ULOG: ulog_send: timer was pending, deleting\n"); | 92 | pr_debug("ipt_ULOG: ulog_send: timer was pending, deleting\n"); |
100 | del_timer(&ub->timer); | 93 | del_timer(&ub->timer); |
101 | } | 94 | } |
102 | 95 | ||
103 | if (!ub->skb) { | 96 | if (!ub->skb) { |
104 | DEBUGP("ipt_ULOG: ulog_send: nothing to send\n"); | 97 | pr_debug("ipt_ULOG: ulog_send: nothing to send\n"); |
105 | return; | 98 | return; |
106 | } | 99 | } |
107 | 100 | ||
@@ -110,8 +103,8 @@ static void ulog_send(unsigned int nlgroupnum) | |||
110 | ub->lastnlh->nlmsg_type = NLMSG_DONE; | 103 | ub->lastnlh->nlmsg_type = NLMSG_DONE; |
111 | 104 | ||
112 | NETLINK_CB(ub->skb).dst_group = nlgroupnum + 1; | 105 | NETLINK_CB(ub->skb).dst_group = nlgroupnum + 1; |
113 | DEBUGP("ipt_ULOG: throwing %d packets to netlink group %u\n", | 106 | pr_debug("ipt_ULOG: throwing %d packets to netlink group %u\n", |
114 | ub->qlen, nlgroupnum + 1); | 107 | ub->qlen, nlgroupnum + 1); |
115 | netlink_broadcast(nflognl, ub->skb, 0, nlgroupnum + 1, GFP_ATOMIC); | 108 | netlink_broadcast(nflognl, ub->skb, 0, nlgroupnum + 1, GFP_ATOMIC); |
116 | 109 | ||
117 | ub->qlen = 0; | 110 | ub->qlen = 0; |
@@ -123,7 +116,7 @@ static void ulog_send(unsigned int nlgroupnum) | |||
123 | /* timer function to flush queue in flushtimeout time */ | 116 | /* timer function to flush queue in flushtimeout time */ |
124 | static void ulog_timer(unsigned long data) | 117 | static void ulog_timer(unsigned long data) |
125 | { | 118 | { |
126 | DEBUGP("ipt_ULOG: timer function called, calling ulog_send\n"); | 119 | pr_debug("ipt_ULOG: timer function called, calling ulog_send\n"); |
127 | 120 | ||
128 | /* lock to protect against somebody modifying our structure | 121 | /* lock to protect against somebody modifying our structure |
129 | * from ipt_ulog_target at the same time */ | 122 | * from ipt_ulog_target at the same time */ |
@@ -204,8 +197,8 @@ static void ipt_ulog_packet(unsigned int hooknum, | |||
204 | goto alloc_failure; | 197 | goto alloc_failure; |
205 | } | 198 | } |
206 | 199 | ||
207 | DEBUGP("ipt_ULOG: qlen %d, qthreshold %d\n", ub->qlen, | 200 | pr_debug("ipt_ULOG: qlen %d, qthreshold %Zu\n", ub->qlen, |
208 | loginfo->qthreshold); | 201 | loginfo->qthreshold); |
209 | 202 | ||
210 | /* NLMSG_PUT contains a hidden goto nlmsg_failure !!! */ | 203 | /* NLMSG_PUT contains a hidden goto nlmsg_failure !!! */ |
211 | nlh = NLMSG_PUT(ub->skb, 0, ub->qlen, ULOG_NL_EVENT, | 204 | nlh = NLMSG_PUT(ub->skb, 0, ub->qlen, ULOG_NL_EVENT, |
@@ -334,13 +327,13 @@ static bool ipt_ulog_checkentry(const char *tablename, | |||
334 | const struct ipt_ulog_info *loginfo = targinfo; | 327 | const struct ipt_ulog_info *loginfo = targinfo; |
335 | 328 | ||
336 | if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { | 329 | if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { |
337 | DEBUGP("ipt_ULOG: prefix term %i\n", | 330 | pr_debug("ipt_ULOG: prefix term %i\n", |
338 | loginfo->prefix[sizeof(loginfo->prefix) - 1]); | 331 | loginfo->prefix[sizeof(loginfo->prefix) - 1]); |
339 | return false; | 332 | return false; |
340 | } | 333 | } |
341 | if (loginfo->qthreshold > ULOG_MAX_QLEN) { | 334 | if (loginfo->qthreshold > ULOG_MAX_QLEN) { |
342 | DEBUGP("ipt_ULOG: queue threshold %i > MAX_QLEN\n", | 335 | pr_debug("ipt_ULOG: queue threshold %Zu > MAX_QLEN\n", |
343 | loginfo->qthreshold); | 336 | loginfo->qthreshold); |
344 | return false; | 337 | return false; |
345 | } | 338 | } |
346 | return true; | 339 | return true; |
@@ -405,7 +398,7 @@ static int __init ipt_ulog_init(void) | |||
405 | { | 398 | { |
406 | int ret, i; | 399 | int ret, i; |
407 | 400 | ||
408 | DEBUGP("ipt_ULOG: init module\n"); | 401 | pr_debug("ipt_ULOG: init module\n"); |
409 | 402 | ||
410 | if (nlbufsiz > 128*1024) { | 403 | if (nlbufsiz > 128*1024) { |
411 | printk("Netlink buffer has to be <= 128kB\n"); | 404 | printk("Netlink buffer has to be <= 128kB\n"); |
@@ -437,7 +430,7 @@ static void __exit ipt_ulog_fini(void) | |||
437 | ulog_buff_t *ub; | 430 | ulog_buff_t *ub; |
438 | int i; | 431 | int i; |
439 | 432 | ||
440 | DEBUGP("ipt_ULOG: cleanup_module\n"); | 433 | pr_debug("ipt_ULOG: cleanup_module\n"); |
441 | 434 | ||
442 | if (nflog) | 435 | if (nflog) |
443 | nf_log_unregister(&ipt_ulog_logger); | 436 | nf_log_unregister(&ipt_ulog_logger); |
@@ -448,7 +441,7 @@ static void __exit ipt_ulog_fini(void) | |||
448 | for (i = 0; i < ULOG_MAXNLGROUPS; i++) { | 441 | for (i = 0; i < ULOG_MAXNLGROUPS; i++) { |
449 | ub = &ulog_buffers[i]; | 442 | ub = &ulog_buffers[i]; |
450 | if (timer_pending(&ub->timer)) { | 443 | if (timer_pending(&ub->timer)) { |
451 | DEBUGP("timer was pending, deleting\n"); | 444 | pr_debug("timer was pending, deleting\n"); |
452 | del_timer(&ub->timer); | 445 | del_timer(&ub->timer); |
453 | } | 446 | } |
454 | 447 | ||
diff --git a/net/ipv4/netfilter/ipt_iprange.c b/net/ipv4/netfilter/ipt_iprange.c index 6a3a033a6808..0106dc955a69 100644 --- a/net/ipv4/netfilter/ipt_iprange.c +++ b/net/ipv4/netfilter/ipt_iprange.c | |||
@@ -17,12 +17,6 @@ MODULE_LICENSE("GPL"); | |||
17 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); | 17 | MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); |
18 | MODULE_DESCRIPTION("iptables arbitrary IP range match module"); | 18 | MODULE_DESCRIPTION("iptables arbitrary IP range match module"); |
19 | 19 | ||
20 | #if 0 | ||
21 | #define DEBUGP printk | ||
22 | #else | ||
23 | #define DEBUGP(format, args...) | ||
24 | #endif | ||
25 | |||
26 | static bool | 20 | static bool |
27 | match(const struct sk_buff *skb, | 21 | match(const struct sk_buff *skb, |
28 | const struct net_device *in, | 22 | const struct net_device *in, |
@@ -38,12 +32,12 @@ match(const struct sk_buff *skb, | |||
38 | if ((ntohl(iph->saddr) < ntohl(info->src.min_ip) | 32 | if ((ntohl(iph->saddr) < ntohl(info->src.min_ip) |
39 | || ntohl(iph->saddr) > ntohl(info->src.max_ip)) | 33 | || ntohl(iph->saddr) > ntohl(info->src.max_ip)) |
40 | ^ !!(info->flags & IPRANGE_SRC_INV)) { | 34 | ^ !!(info->flags & IPRANGE_SRC_INV)) { |
41 | DEBUGP("src IP %u.%u.%u.%u NOT in range %s" | 35 | pr_debug("src IP %u.%u.%u.%u NOT in range %s" |
42 | "%u.%u.%u.%u-%u.%u.%u.%u\n", | 36 | "%u.%u.%u.%u-%u.%u.%u.%u\n", |
43 | NIPQUAD(iph->saddr), | 37 | NIPQUAD(iph->saddr), |
44 | info->flags & IPRANGE_SRC_INV ? "(INV) " : "", | 38 | info->flags & IPRANGE_SRC_INV ? "(INV) " : "", |
45 | NIPQUAD(info->src.min_ip), | 39 | NIPQUAD(info->src.min_ip), |
46 | NIPQUAD(info->src.max_ip)); | 40 | NIPQUAD(info->src.max_ip)); |
47 | return false; | 41 | return false; |
48 | } | 42 | } |
49 | } | 43 | } |
@@ -51,12 +45,12 @@ match(const struct sk_buff *skb, | |||
51 | if ((ntohl(iph->daddr) < ntohl(info->dst.min_ip) | 45 | if ((ntohl(iph->daddr) < ntohl(info->dst.min_ip) |
52 | || ntohl(iph->daddr) > ntohl(info->dst.max_ip)) | 46 | || ntohl(iph->daddr) > ntohl(info->dst.max_ip)) |
53 | ^ !!(info->flags & IPRANGE_DST_INV)) { | 47 | ^ !!(info->flags & IPRANGE_DST_INV)) { |
54 | DEBUGP("dst IP %u.%u.%u.%u NOT in range %s" | 48 | pr_debug("dst IP %u.%u.%u.%u NOT in range %s" |
55 | "%u.%u.%u.%u-%u.%u.%u.%u\n", | 49 | "%u.%u.%u.%u-%u.%u.%u.%u\n", |
56 | NIPQUAD(iph->daddr), | 50 | NIPQUAD(iph->daddr), |
57 | info->flags & IPRANGE_DST_INV ? "(INV) " : "", | 51 | info->flags & IPRANGE_DST_INV ? "(INV) " : "", |
58 | NIPQUAD(info->dst.min_ip), | 52 | NIPQUAD(info->dst.min_ip), |
59 | NIPQUAD(info->dst.max_ip)); | 53 | NIPQUAD(info->dst.max_ip)); |
60 | return false; | 54 | return false; |
61 | } | 55 | } |
62 | } | 56 | } |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index a103f597d446..3c5629938487 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
@@ -24,12 +24,6 @@ | |||
24 | #include <net/netfilter/nf_conntrack_core.h> | 24 | #include <net/netfilter/nf_conntrack_core.h> |
25 | #include <net/netfilter/ipv4/nf_conntrack_ipv4.h> | 25 | #include <net/netfilter/ipv4/nf_conntrack_ipv4.h> |
26 | 26 | ||
27 | #if 0 | ||
28 | #define DEBUGP printk | ||
29 | #else | ||
30 | #define DEBUGP(format, args...) | ||
31 | #endif | ||
32 | |||
33 | static int ipv4_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff, | 27 | static int ipv4_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff, |
34 | struct nf_conntrack_tuple *tuple) | 28 | struct nf_conntrack_tuple *tuple) |
35 | { | 29 | { |
@@ -324,13 +318,13 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len) | |||
324 | 318 | ||
325 | /* We only do TCP at the moment: is there a better way? */ | 319 | /* We only do TCP at the moment: is there a better way? */ |
326 | if (strcmp(sk->sk_prot->name, "TCP")) { | 320 | if (strcmp(sk->sk_prot->name, "TCP")) { |
327 | DEBUGP("SO_ORIGINAL_DST: Not a TCP socket\n"); | 321 | pr_debug("SO_ORIGINAL_DST: Not a TCP socket\n"); |
328 | return -ENOPROTOOPT; | 322 | return -ENOPROTOOPT; |
329 | } | 323 | } |
330 | 324 | ||
331 | if ((unsigned int) *len < sizeof(struct sockaddr_in)) { | 325 | if ((unsigned int) *len < sizeof(struct sockaddr_in)) { |
332 | DEBUGP("SO_ORIGINAL_DST: len %u not %u\n", | 326 | pr_debug("SO_ORIGINAL_DST: len %d not %Zu\n", |
333 | *len, sizeof(struct sockaddr_in)); | 327 | *len, sizeof(struct sockaddr_in)); |
334 | return -EINVAL; | 328 | return -EINVAL; |
335 | } | 329 | } |
336 | 330 | ||
@@ -346,17 +340,17 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len) | |||
346 | .tuple.dst.u3.ip; | 340 | .tuple.dst.u3.ip; |
347 | memset(sin.sin_zero, 0, sizeof(sin.sin_zero)); | 341 | memset(sin.sin_zero, 0, sizeof(sin.sin_zero)); |
348 | 342 | ||
349 | DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n", | 343 | pr_debug("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n", |
350 | NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port)); | 344 | NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port)); |
351 | nf_ct_put(ct); | 345 | nf_ct_put(ct); |
352 | if (copy_to_user(user, &sin, sizeof(sin)) != 0) | 346 | if (copy_to_user(user, &sin, sizeof(sin)) != 0) |
353 | return -EFAULT; | 347 | return -EFAULT; |
354 | else | 348 | else |
355 | return 0; | 349 | return 0; |
356 | } | 350 | } |
357 | DEBUGP("SO_ORIGINAL_DST: Can't find %u.%u.%u.%u/%u-%u.%u.%u.%u/%u.\n", | 351 | pr_debug("SO_ORIGINAL_DST: Can't find %u.%u.%u.%u/%u-%u.%u.%u.%u/%u.\n", |
358 | NIPQUAD(tuple.src.u3.ip), ntohs(tuple.src.u.tcp.port), | 352 | NIPQUAD(tuple.src.u3.ip), ntohs(tuple.src.u.tcp.port), |
359 | NIPQUAD(tuple.dst.u3.ip), ntohs(tuple.dst.u.tcp.port)); | 353 | NIPQUAD(tuple.dst.u3.ip), ntohs(tuple.dst.u.tcp.port)); |
360 | return -ENOENT; | 354 | return -ENOENT; |
361 | } | 355 | } |
362 | 356 | ||
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c index ab8e4c607b7a..434e08410879 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | |||
@@ -18,12 +18,6 @@ | |||
18 | #include <net/netfilter/nf_conntrack_l4proto.h> | 18 | #include <net/netfilter/nf_conntrack_l4proto.h> |
19 | #include <net/netfilter/nf_conntrack_expect.h> | 19 | #include <net/netfilter/nf_conntrack_expect.h> |
20 | 20 | ||
21 | #if 0 | ||
22 | #define DEBUGP printk | ||
23 | #else | ||
24 | #define DEBUGP(format, args...) | ||
25 | #endif | ||
26 | |||
27 | #ifdef CONFIG_NF_CT_ACCT | 21 | #ifdef CONFIG_NF_CT_ACCT |
28 | static unsigned int | 22 | static unsigned int |
29 | seq_print_counters(struct seq_file *s, | 23 | seq_print_counters(struct seq_file *s, |
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c index 91fb277045ef..0fe8fb0466ef 100644 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c | |||
@@ -21,12 +21,6 @@ | |||
21 | 21 | ||
22 | static unsigned long nf_ct_icmp_timeout __read_mostly = 30*HZ; | 22 | static unsigned long nf_ct_icmp_timeout __read_mostly = 30*HZ; |
23 | 23 | ||
24 | #if 0 | ||
25 | #define DEBUGP printk | ||
26 | #else | ||
27 | #define DEBUGP(format, args...) | ||
28 | #endif | ||
29 | |||
30 | static int icmp_pkt_to_tuple(const struct sk_buff *skb, | 24 | static int icmp_pkt_to_tuple(const struct sk_buff *skb, |
31 | unsigned int dataoff, | 25 | unsigned int dataoff, |
32 | struct nf_conntrack_tuple *tuple) | 26 | struct nf_conntrack_tuple *tuple) |
@@ -125,8 +119,8 @@ static int icmp_new(struct nf_conn *conntrack, | |||
125 | if (conntrack->tuplehash[0].tuple.dst.u.icmp.type >= sizeof(valid_new) | 119 | if (conntrack->tuplehash[0].tuple.dst.u.icmp.type >= sizeof(valid_new) |
126 | || !valid_new[conntrack->tuplehash[0].tuple.dst.u.icmp.type]) { | 120 | || !valid_new[conntrack->tuplehash[0].tuple.dst.u.icmp.type]) { |
127 | /* Can't create a new ICMP `conn' with this. */ | 121 | /* Can't create a new ICMP `conn' with this. */ |
128 | DEBUGP("icmp: can't create new conn with type %u\n", | 122 | pr_debug("icmp: can't create new conn with type %u\n", |
129 | conntrack->tuplehash[0].tuple.dst.u.icmp.type); | 123 | conntrack->tuplehash[0].tuple.dst.u.icmp.type); |
130 | NF_CT_DUMP_TUPLE(&conntrack->tuplehash[0].tuple); | 124 | NF_CT_DUMP_TUPLE(&conntrack->tuplehash[0].tuple); |
131 | return 0; | 125 | return 0; |
132 | } | 126 | } |
@@ -159,8 +153,8 @@ icmp_error_message(struct sk_buff *skb, | |||
159 | 153 | ||
160 | /* Ignore ICMP's containing fragments (shouldn't happen) */ | 154 | /* Ignore ICMP's containing fragments (shouldn't happen) */ |
161 | if (inside->ip.frag_off & htons(IP_OFFSET)) { | 155 | if (inside->ip.frag_off & htons(IP_OFFSET)) { |
162 | DEBUGP("icmp_error_message: fragment of proto %u\n", | 156 | pr_debug("icmp_error_message: fragment of proto %u\n", |
163 | inside->ip.protocol); | 157 | inside->ip.protocol); |
164 | return -NF_ACCEPT; | 158 | return -NF_ACCEPT; |
165 | } | 159 | } |
166 | 160 | ||
@@ -172,8 +166,8 @@ icmp_error_message(struct sk_buff *skb, | |||
172 | if (!nf_ct_get_tuple(skb, dataoff, dataoff + inside->ip.ihl*4, PF_INET, | 166 | if (!nf_ct_get_tuple(skb, dataoff, dataoff + inside->ip.ihl*4, PF_INET, |
173 | inside->ip.protocol, &origtuple, | 167 | inside->ip.protocol, &origtuple, |
174 | &nf_conntrack_l3proto_ipv4, innerproto)) { | 168 | &nf_conntrack_l3proto_ipv4, innerproto)) { |
175 | DEBUGP("icmp_error_message: ! get_tuple p=%u", | 169 | pr_debug("icmp_error_message: ! get_tuple p=%u", |
176 | inside->ip.protocol); | 170 | inside->ip.protocol); |
177 | return -NF_ACCEPT; | 171 | return -NF_ACCEPT; |
178 | } | 172 | } |
179 | 173 | ||
@@ -181,7 +175,7 @@ icmp_error_message(struct sk_buff *skb, | |||
181 | been preserved inside the ICMP. */ | 175 | been preserved inside the ICMP. */ |
182 | if (!nf_ct_invert_tuple(&innertuple, &origtuple, | 176 | if (!nf_ct_invert_tuple(&innertuple, &origtuple, |
183 | &nf_conntrack_l3proto_ipv4, innerproto)) { | 177 | &nf_conntrack_l3proto_ipv4, innerproto)) { |
184 | DEBUGP("icmp_error_message: no match\n"); | 178 | pr_debug("icmp_error_message: no match\n"); |
185 | return -NF_ACCEPT; | 179 | return -NF_ACCEPT; |
186 | } | 180 | } |
187 | 181 | ||
@@ -196,7 +190,7 @@ icmp_error_message(struct sk_buff *skb, | |||
196 | h = nf_conntrack_find_get(&origtuple); | 190 | h = nf_conntrack_find_get(&origtuple); |
197 | 191 | ||
198 | if (!h) { | 192 | if (!h) { |
199 | DEBUGP("icmp_error_message: no match\n"); | 193 | pr_debug("icmp_error_message: no match\n"); |
200 | return -NF_ACCEPT; | 194 | return -NF_ACCEPT; |
201 | } | 195 | } |
202 | 196 | ||
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index f242ac61b3eb..e848d8d6292f 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c | |||
@@ -31,12 +31,6 @@ | |||
31 | #include <net/netfilter/nf_conntrack_l3proto.h> | 31 | #include <net/netfilter/nf_conntrack_l3proto.h> |
32 | #include <net/netfilter/nf_conntrack_l4proto.h> | 32 | #include <net/netfilter/nf_conntrack_l4proto.h> |
33 | 33 | ||
34 | #if 0 | ||
35 | #define DEBUGP printk | ||
36 | #else | ||
37 | #define DEBUGP(format, args...) | ||
38 | #endif | ||
39 | |||
40 | static DEFINE_RWLOCK(nf_nat_lock); | 34 | static DEFINE_RWLOCK(nf_nat_lock); |
41 | 35 | ||
42 | static struct nf_conntrack_l3proto *l3proto = NULL; | 36 | static struct nf_conntrack_l3proto *l3proto = NULL; |
@@ -242,7 +236,7 @@ get_unique_tuple(struct nf_conntrack_tuple *tuple, | |||
242 | manips not an issue. */ | 236 | manips not an issue. */ |
243 | if (maniptype == IP_NAT_MANIP_SRC) { | 237 | if (maniptype == IP_NAT_MANIP_SRC) { |
244 | if (find_appropriate_src(orig_tuple, tuple, range)) { | 238 | if (find_appropriate_src(orig_tuple, tuple, range)) { |
245 | DEBUGP("get_unique_tuple: Found current src map\n"); | 239 | pr_debug("get_unique_tuple: Found current src map\n"); |
246 | if (!(range->flags & IP_NAT_RANGE_PROTO_RANDOM)) | 240 | if (!(range->flags & IP_NAT_RANGE_PROTO_RANDOM)) |
247 | if (!nf_nat_used_tuple(tuple, ct)) | 241 | if (!nf_nat_used_tuple(tuple, ct)) |
248 | return; | 242 | return; |
@@ -293,7 +287,7 @@ nf_nat_setup_info(struct nf_conn *ct, | |||
293 | if (!nat) { | 287 | if (!nat) { |
294 | nat = nf_ct_ext_add(ct, NF_CT_EXT_NAT, GFP_ATOMIC); | 288 | nat = nf_ct_ext_add(ct, NF_CT_EXT_NAT, GFP_ATOMIC); |
295 | if (nat == NULL) { | 289 | if (nat == NULL) { |
296 | DEBUGP("failed to add NAT extension\n"); | 290 | pr_debug("failed to add NAT extension\n"); |
297 | return NF_ACCEPT; | 291 | return NF_ACCEPT; |
298 | } | 292 | } |
299 | } | 293 | } |
@@ -462,8 +456,9 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, | |||
462 | return 0; | 456 | return 0; |
463 | } | 457 | } |
464 | 458 | ||
465 | DEBUGP("icmp_reply_translation: translating error %p manp %u dir %s\n", | 459 | pr_debug("icmp_reply_translation: translating error %p manip %u " |
466 | *pskb, manip, dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY"); | 460 | "dir %s\n", *pskb, manip, |
461 | dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY"); | ||
467 | 462 | ||
468 | /* rcu_read_lock()ed by nf_hook_slow */ | 463 | /* rcu_read_lock()ed by nf_hook_slow */ |
469 | l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); | 464 | l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); |
diff --git a/net/ipv4/netfilter/nf_nat_ftp.c b/net/ipv4/netfilter/nf_nat_ftp.c index cae4b460aee1..3663bd879c39 100644 --- a/net/ipv4/netfilter/nf_nat_ftp.c +++ b/net/ipv4/netfilter/nf_nat_ftp.c | |||
@@ -25,12 +25,6 @@ MODULE_AUTHOR("Rusty Russell <rusty@rustcorp.com.au>"); | |||
25 | MODULE_DESCRIPTION("ftp NAT helper"); | 25 | MODULE_DESCRIPTION("ftp NAT helper"); |
26 | MODULE_ALIAS("ip_nat_ftp"); | 26 | MODULE_ALIAS("ip_nat_ftp"); |
27 | 27 | ||
28 | #if 0 | ||
29 | #define DEBUGP printk | ||
30 | #else | ||
31 | #define DEBUGP(format, args...) | ||
32 | #endif | ||
33 | |||
34 | /* FIXME: Time out? --RR */ | 28 | /* FIXME: Time out? --RR */ |
35 | 29 | ||
36 | static int | 30 | static int |
@@ -47,7 +41,7 @@ mangle_rfc959_packet(struct sk_buff **pskb, | |||
47 | sprintf(buffer, "%u,%u,%u,%u,%u,%u", | 41 | sprintf(buffer, "%u,%u,%u,%u,%u,%u", |
48 | NIPQUAD(newip), port>>8, port&0xFF); | 42 | NIPQUAD(newip), port>>8, port&0xFF); |
49 | 43 | ||
50 | DEBUGP("calling nf_nat_mangle_tcp_packet\n"); | 44 | pr_debug("calling nf_nat_mangle_tcp_packet\n"); |
51 | 45 | ||
52 | return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, | 46 | return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, |
53 | matchlen, buffer, strlen(buffer)); | 47 | matchlen, buffer, strlen(buffer)); |
@@ -67,7 +61,7 @@ mangle_eprt_packet(struct sk_buff **pskb, | |||
67 | 61 | ||
68 | sprintf(buffer, "|1|%u.%u.%u.%u|%u|", NIPQUAD(newip), port); | 62 | sprintf(buffer, "|1|%u.%u.%u.%u|%u|", NIPQUAD(newip), port); |
69 | 63 | ||
70 | DEBUGP("calling nf_nat_mangle_tcp_packet\n"); | 64 | pr_debug("calling nf_nat_mangle_tcp_packet\n"); |
71 | 65 | ||
72 | return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, | 66 | return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, |
73 | matchlen, buffer, strlen(buffer)); | 67 | matchlen, buffer, strlen(buffer)); |
@@ -87,7 +81,7 @@ mangle_epsv_packet(struct sk_buff **pskb, | |||
87 | 81 | ||
88 | sprintf(buffer, "|||%u|", port); | 82 | sprintf(buffer, "|||%u|", port); |
89 | 83 | ||
90 | DEBUGP("calling nf_nat_mangle_tcp_packet\n"); | 84 | pr_debug("calling nf_nat_mangle_tcp_packet\n"); |
91 | 85 | ||
92 | return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, | 86 | return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, |
93 | matchlen, buffer, strlen(buffer)); | 87 | matchlen, buffer, strlen(buffer)); |
@@ -117,7 +111,7 @@ static unsigned int nf_nat_ftp(struct sk_buff **pskb, | |||
117 | int dir = CTINFO2DIR(ctinfo); | 111 | int dir = CTINFO2DIR(ctinfo); |
118 | struct nf_conn *ct = exp->master; | 112 | struct nf_conn *ct = exp->master; |
119 | 113 | ||
120 | DEBUGP("FTP_NAT: type %i, off %u len %u\n", type, matchoff, matchlen); | 114 | pr_debug("FTP_NAT: type %i, off %u len %u\n", type, matchoff, matchlen); |
121 | 115 | ||
122 | /* Connection will come from wherever this packet goes, hence !dir */ | 116 | /* Connection will come from wherever this packet goes, hence !dir */ |
123 | newip = ct->tuplehash[!dir].tuple.dst.u3.ip; | 117 | newip = ct->tuplehash[!dir].tuple.dst.u3.ip; |
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c index 3d760dd657c7..c1b059a73708 100644 --- a/net/ipv4/netfilter/nf_nat_h323.c +++ b/net/ipv4/netfilter/nf_nat_h323.c | |||
@@ -21,12 +21,6 @@ | |||
21 | #include <net/netfilter/nf_conntrack_expect.h> | 21 | #include <net/netfilter/nf_conntrack_expect.h> |
22 | #include <linux/netfilter/nf_conntrack_h323.h> | 22 | #include <linux/netfilter/nf_conntrack_h323.h> |
23 | 23 | ||
24 | #if 0 | ||
25 | #define DEBUGP printk | ||
26 | #else | ||
27 | #define DEBUGP(format, args...) | ||
28 | #endif | ||
29 | |||
30 | /****************************************************************************/ | 24 | /****************************************************************************/ |
31 | static int set_addr(struct sk_buff **pskb, | 25 | static int set_addr(struct sk_buff **pskb, |
32 | unsigned char **data, int dataoff, | 26 | unsigned char **data, int dataoff, |
@@ -126,12 +120,11 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct, | |||
126 | (ntohl(addr.ip) & 0xff000000) == 0x7f000000) | 120 | (ntohl(addr.ip) & 0xff000000) == 0x7f000000) |
127 | i = 0; | 121 | i = 0; |
128 | 122 | ||
129 | DEBUGP | 123 | pr_debug("nf_nat_ras: set signal address " |
130 | ("nf_nat_ras: set signal address " | 124 | "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", |
131 | "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", | 125 | NIPQUAD(addr.ip), port, |
132 | NIPQUAD(ip), port, | 126 | NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), |
133 | NIPQUAD(ct->tuplehash[!dir].tuple.dst. | 127 | info->sig_port[!dir]); |
134 | ip), info->sig_port[!dir]); | ||
135 | return set_h225_addr(pskb, data, 0, &taddr[i], | 128 | return set_h225_addr(pskb, data, 0, &taddr[i], |
136 | &ct->tuplehash[!dir]. | 129 | &ct->tuplehash[!dir]. |
137 | tuple.dst.u3, | 130 | tuple.dst.u3, |
@@ -139,12 +132,11 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct, | |||
139 | } else if (addr.ip == ct->tuplehash[dir].tuple.dst.u3.ip && | 132 | } else if (addr.ip == ct->tuplehash[dir].tuple.dst.u3.ip && |
140 | port == info->sig_port[dir]) { | 133 | port == info->sig_port[dir]) { |
141 | /* GK->GW */ | 134 | /* GK->GW */ |
142 | DEBUGP | 135 | pr_debug("nf_nat_ras: set signal address " |
143 | ("nf_nat_ras: set signal address " | 136 | "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", |
144 | "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", | 137 | NIPQUAD(addr.ip), port, |
145 | NIPQUAD(ip), port, | 138 | NIPQUAD(ct->tuplehash[!dir].tuple.src.u3.ip), |
146 | NIPQUAD(ct->tuplehash[!dir].tuple.src. | 139 | info->sig_port[!dir]); |
147 | ip), info->sig_port[!dir]); | ||
148 | return set_h225_addr(pskb, data, 0, &taddr[i], | 140 | return set_h225_addr(pskb, data, 0, &taddr[i], |
149 | &ct->tuplehash[!dir]. | 141 | &ct->tuplehash[!dir]. |
150 | tuple.src.u3, | 142 | tuple.src.u3, |
@@ -171,12 +163,11 @@ static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct, | |||
171 | if (get_h225_addr(ct, *data, &taddr[i], &addr, &port) && | 163 | if (get_h225_addr(ct, *data, &taddr[i], &addr, &port) && |
172 | addr.ip == ct->tuplehash[dir].tuple.src.u3.ip && | 164 | addr.ip == ct->tuplehash[dir].tuple.src.u3.ip && |
173 | port == ct->tuplehash[dir].tuple.src.u.udp.port) { | 165 | port == ct->tuplehash[dir].tuple.src.u.udp.port) { |
174 | DEBUGP("nf_nat_ras: set rasAddress " | 166 | pr_debug("nf_nat_ras: set rasAddress " |
175 | "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", | 167 | "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", |
176 | NIPQUAD(ip), ntohs(port), | 168 | NIPQUAD(addr.ip), ntohs(port), |
177 | NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), | 169 | NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), |
178 | ntohs(ct->tuplehash[!dir].tuple.dst.u.udp. | 170 | ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port)); |
179 | port)); | ||
180 | return set_h225_addr(pskb, data, 0, &taddr[i], | 171 | return set_h225_addr(pskb, data, 0, &taddr[i], |
181 | &ct->tuplehash[!dir].tuple.dst.u3, | 172 | &ct->tuplehash[!dir].tuple.dst.u3, |
182 | ct->tuplehash[!dir].tuple. | 173 | ct->tuplehash[!dir].tuple. |
@@ -267,16 +258,16 @@ static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, | |||
267 | } | 258 | } |
268 | 259 | ||
269 | /* Success */ | 260 | /* Success */ |
270 | DEBUGP("nf_nat_h323: expect RTP %u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", | 261 | pr_debug("nf_nat_h323: expect RTP %u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", |
271 | NIPQUAD(rtp_exp->tuple.src.ip), | 262 | NIPQUAD(rtp_exp->tuple.src.u3.ip), |
272 | ntohs(rtp_exp->tuple.src.u.udp.port), | 263 | ntohs(rtp_exp->tuple.src.u.udp.port), |
273 | NIPQUAD(rtp_exp->tuple.dst.ip), | 264 | NIPQUAD(rtp_exp->tuple.dst.u3.ip), |
274 | ntohs(rtp_exp->tuple.dst.u.udp.port)); | 265 | ntohs(rtp_exp->tuple.dst.u.udp.port)); |
275 | DEBUGP("nf_nat_h323: expect RTCP %u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", | 266 | pr_debug("nf_nat_h323: expect RTCP %u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", |
276 | NIPQUAD(rtcp_exp->tuple.src.ip), | 267 | NIPQUAD(rtcp_exp->tuple.src.u3.ip), |
277 | ntohs(rtcp_exp->tuple.src.u.udp.port), | 268 | ntohs(rtcp_exp->tuple.src.u.udp.port), |
278 | NIPQUAD(rtcp_exp->tuple.dst.ip), | 269 | NIPQUAD(rtcp_exp->tuple.dst.u3.ip), |
279 | ntohs(rtcp_exp->tuple.dst.u.udp.port)); | 270 | ntohs(rtcp_exp->tuple.dst.u.udp.port)); |
280 | 271 | ||
281 | return 0; | 272 | return 0; |
282 | } | 273 | } |
@@ -317,9 +308,11 @@ static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct, | |||
317 | return -1; | 308 | return -1; |
318 | } | 309 | } |
319 | 310 | ||
320 | DEBUGP("nf_nat_h323: expect T.120 %u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", | 311 | pr_debug("nf_nat_h323: expect T.120 %u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", |
321 | NIPQUAD(exp->tuple.src.ip), ntohs(exp->tuple.src.u.tcp.port), | 312 | NIPQUAD(exp->tuple.src.u3.ip), |
322 | NIPQUAD(exp->tuple.dst.ip), ntohs(exp->tuple.dst.u.tcp.port)); | 313 | ntohs(exp->tuple.src.u.tcp.port), |
314 | NIPQUAD(exp->tuple.dst.u3.ip), | ||
315 | ntohs(exp->tuple.dst.u.tcp.port)); | ||
323 | 316 | ||
324 | return 0; | 317 | return 0; |
325 | } | 318 | } |
@@ -369,9 +362,11 @@ static int nat_h245(struct sk_buff **pskb, struct nf_conn *ct, | |||
369 | return -1; | 362 | return -1; |
370 | } | 363 | } |
371 | 364 | ||
372 | DEBUGP("nf_nat_q931: expect H.245 %u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", | 365 | pr_debug("nf_nat_q931: expect H.245 %u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", |
373 | NIPQUAD(exp->tuple.src.ip), ntohs(exp->tuple.src.u.tcp.port), | 366 | NIPQUAD(exp->tuple.src.u3.ip), |
374 | NIPQUAD(exp->tuple.dst.ip), ntohs(exp->tuple.dst.u.tcp.port)); | 367 | ntohs(exp->tuple.src.u.tcp.port), |
368 | NIPQUAD(exp->tuple.dst.u3.ip), | ||
369 | ntohs(exp->tuple.dst.u.tcp.port)); | ||
375 | 370 | ||
376 | return 0; | 371 | return 0; |
377 | } | 372 | } |
@@ -465,9 +460,11 @@ static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct, | |||
465 | } | 460 | } |
466 | 461 | ||
467 | /* Success */ | 462 | /* Success */ |
468 | DEBUGP("nf_nat_ras: expect Q.931 %u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", | 463 | pr_debug("nf_nat_ras: expect Q.931 %u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", |
469 | NIPQUAD(exp->tuple.src.ip), ntohs(exp->tuple.src.u.tcp.port), | 464 | NIPQUAD(exp->tuple.src.u3.ip), |
470 | NIPQUAD(exp->tuple.dst.ip), ntohs(exp->tuple.dst.u.tcp.port)); | 465 | ntohs(exp->tuple.src.u.tcp.port), |
466 | NIPQUAD(exp->tuple.dst.u3.ip), | ||
467 | ntohs(exp->tuple.dst.u.tcp.port)); | ||
471 | 468 | ||
472 | return 0; | 469 | return 0; |
473 | } | 470 | } |
@@ -536,10 +533,12 @@ static int nat_callforwarding(struct sk_buff **pskb, struct nf_conn *ct, | |||
536 | } | 533 | } |
537 | 534 | ||
538 | /* Success */ | 535 | /* Success */ |
539 | DEBUGP("nf_nat_q931: expect Call Forwarding " | 536 | pr_debug("nf_nat_q931: expect Call Forwarding " |
540 | "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", | 537 | "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n", |
541 | NIPQUAD(exp->tuple.src.ip), ntohs(exp->tuple.src.u.tcp.port), | 538 | NIPQUAD(exp->tuple.src.u3.ip), |
542 | NIPQUAD(exp->tuple.dst.ip), ntohs(exp->tuple.dst.u.tcp.port)); | 539 | ntohs(exp->tuple.src.u.tcp.port), |
540 | NIPQUAD(exp->tuple.dst.u3.ip), | ||
541 | ntohs(exp->tuple.dst.u.tcp.port)); | ||
543 | 542 | ||
544 | return 0; | 543 | return 0; |
545 | } | 544 | } |
@@ -566,8 +565,6 @@ static int __init init(void) | |||
566 | rcu_assign_pointer(nat_h245_hook, nat_h245); | 565 | rcu_assign_pointer(nat_h245_hook, nat_h245); |
567 | rcu_assign_pointer(nat_callforwarding_hook, nat_callforwarding); | 566 | rcu_assign_pointer(nat_callforwarding_hook, nat_callforwarding); |
568 | rcu_assign_pointer(nat_q931_hook, nat_q931); | 567 | rcu_assign_pointer(nat_q931_hook, nat_q931); |
569 | |||
570 | DEBUGP("nf_nat_h323: init success\n"); | ||
571 | return 0; | 568 | return 0; |
572 | } | 569 | } |
573 | 570 | ||
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c index f3383fc14e1c..93d8a0a8f035 100644 --- a/net/ipv4/netfilter/nf_nat_helper.c +++ b/net/ipv4/netfilter/nf_nat_helper.c | |||
@@ -26,13 +26,9 @@ | |||
26 | #include <net/netfilter/nf_nat_core.h> | 26 | #include <net/netfilter/nf_nat_core.h> |
27 | #include <net/netfilter/nf_nat_helper.h> | 27 | #include <net/netfilter/nf_nat_helper.h> |
28 | 28 | ||
29 | #if 0 | 29 | #define DUMP_OFFSET(x) \ |
30 | #define DEBUGP printk | 30 | pr_debug("offset_before=%d, offset_after=%d, correction_pos=%u\n", \ |
31 | #define DUMP_OFFSET(x) printk("offset_before=%d, offset_after=%d, correction_pos=%u\n", x->offset_before, x->offset_after, x->correction_pos); | 31 | x->offset_before, x->offset_after, x->correction_pos); |
32 | #else | ||
33 | #define DEBUGP(format, args...) | ||
34 | #define DUMP_OFFSET(x) | ||
35 | #endif | ||
36 | 32 | ||
37 | static DEFINE_SPINLOCK(nf_nat_seqofs_lock); | 33 | static DEFINE_SPINLOCK(nf_nat_seqofs_lock); |
38 | 34 | ||
@@ -47,15 +43,15 @@ adjust_tcp_sequence(u32 seq, | |||
47 | struct nf_nat_seq *this_way, *other_way; | 43 | struct nf_nat_seq *this_way, *other_way; |
48 | struct nf_conn_nat *nat = nfct_nat(ct); | 44 | struct nf_conn_nat *nat = nfct_nat(ct); |
49 | 45 | ||
50 | DEBUGP("nf_nat_resize_packet: old_size = %u, new_size = %u\n", | 46 | pr_debug("adjust_tcp_sequence: seq = %u, sizediff = %d\n", |
51 | (*skb)->len, new_size); | 47 | ntohl(seq), seq); |
52 | 48 | ||
53 | dir = CTINFO2DIR(ctinfo); | 49 | dir = CTINFO2DIR(ctinfo); |
54 | 50 | ||
55 | this_way = &nat->seq[dir]; | 51 | this_way = &nat->seq[dir]; |
56 | other_way = &nat->seq[!dir]; | 52 | other_way = &nat->seq[!dir]; |
57 | 53 | ||
58 | DEBUGP("nf_nat_resize_packet: Seq_offset before: "); | 54 | pr_debug("nf_nat_resize_packet: Seq_offset before: "); |
59 | DUMP_OFFSET(this_way); | 55 | DUMP_OFFSET(this_way); |
60 | 56 | ||
61 | spin_lock_bh(&nf_nat_seqofs_lock); | 57 | spin_lock_bh(&nf_nat_seqofs_lock); |
@@ -72,7 +68,7 @@ adjust_tcp_sequence(u32 seq, | |||
72 | } | 68 | } |
73 | spin_unlock_bh(&nf_nat_seqofs_lock); | 69 | spin_unlock_bh(&nf_nat_seqofs_lock); |
74 | 70 | ||
75 | DEBUGP("nf_nat_resize_packet: Seq_offset after: "); | 71 | pr_debug("nf_nat_resize_packet: Seq_offset after: "); |
76 | DUMP_OFFSET(this_way); | 72 | DUMP_OFFSET(this_way); |
77 | } | 73 | } |
78 | 74 | ||
@@ -100,14 +96,12 @@ static void mangle_contents(struct sk_buff *skb, | |||
100 | 96 | ||
101 | /* update skb info */ | 97 | /* update skb info */ |
102 | if (rep_len > match_len) { | 98 | if (rep_len > match_len) { |
103 | DEBUGP("nf_nat_mangle_packet: Extending packet by " | 99 | pr_debug("nf_nat_mangle_packet: Extending packet by " |
104 | "%u from %u bytes\n", rep_len - match_len, | 100 | "%u from %u bytes\n", rep_len - match_len, skb->len); |
105 | skb->len); | ||
106 | skb_put(skb, rep_len - match_len); | 101 | skb_put(skb, rep_len - match_len); |
107 | } else { | 102 | } else { |
108 | DEBUGP("nf_nat_mangle_packet: Shrinking packet from " | 103 | pr_debug("nf_nat_mangle_packet: Shrinking packet from " |
109 | "%u from %u bytes\n", match_len - rep_len, | 104 | "%u from %u bytes\n", match_len - rep_len, skb->len); |
110 | skb->len); | ||
111 | __skb_trim(skb, skb->len + rep_len - match_len); | 105 | __skb_trim(skb, skb->len + rep_len - match_len); |
112 | } | 106 | } |
113 | 107 | ||
@@ -320,9 +314,9 @@ sack_adjust(struct sk_buff *skb, | |||
320 | new_end_seq = htonl(ntohl(sack->end_seq) | 314 | new_end_seq = htonl(ntohl(sack->end_seq) |
321 | - natseq->offset_before); | 315 | - natseq->offset_before); |
322 | 316 | ||
323 | DEBUGP("sack_adjust: start_seq: %d->%d, end_seq: %d->%d\n", | 317 | pr_debug("sack_adjust: start_seq: %d->%d, end_seq: %d->%d\n", |
324 | ntohl(sack->start_seq), new_start_seq, | 318 | ntohl(sack->start_seq), new_start_seq, |
325 | ntohl(sack->end_seq), new_end_seq); | 319 | ntohl(sack->end_seq), new_end_seq); |
326 | 320 | ||
327 | nf_proto_csum_replace4(&tcph->check, skb, | 321 | nf_proto_csum_replace4(&tcph->check, skb, |
328 | sack->start_seq, new_start_seq, 0); | 322 | sack->start_seq, new_start_seq, 0); |
@@ -414,9 +408,9 @@ nf_nat_seq_adjust(struct sk_buff **pskb, | |||
414 | nf_proto_csum_replace4(&tcph->check, *pskb, tcph->seq, newseq, 0); | 408 | nf_proto_csum_replace4(&tcph->check, *pskb, tcph->seq, newseq, 0); |
415 | nf_proto_csum_replace4(&tcph->check, *pskb, tcph->ack_seq, newack, 0); | 409 | nf_proto_csum_replace4(&tcph->check, *pskb, tcph->ack_seq, newack, 0); |
416 | 410 | ||
417 | DEBUGP("Adjusting sequence number from %u->%u, ack from %u->%u\n", | 411 | pr_debug("Adjusting sequence number from %u->%u, ack from %u->%u\n", |
418 | ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq), | 412 | ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq), |
419 | ntohl(newack)); | 413 | ntohl(newack)); |
420 | 414 | ||
421 | tcph->seq = newseq; | 415 | tcph->seq = newseq; |
422 | tcph->ack_seq = newack; | 416 | tcph->ack_seq = newack; |
diff --git a/net/ipv4/netfilter/nf_nat_irc.c b/net/ipv4/netfilter/nf_nat_irc.c index db7fbf66fec0..bcf274bba602 100644 --- a/net/ipv4/netfilter/nf_nat_irc.c +++ b/net/ipv4/netfilter/nf_nat_irc.c | |||
@@ -22,12 +22,6 @@ | |||
22 | #include <net/netfilter/nf_conntrack_expect.h> | 22 | #include <net/netfilter/nf_conntrack_expect.h> |
23 | #include <linux/netfilter/nf_conntrack_irc.h> | 23 | #include <linux/netfilter/nf_conntrack_irc.h> |
24 | 24 | ||
25 | #if 0 | ||
26 | #define DEBUGP printk | ||
27 | #else | ||
28 | #define DEBUGP(format, args...) | ||
29 | #endif | ||
30 | |||
31 | MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>"); | 25 | MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>"); |
32 | MODULE_DESCRIPTION("IRC (DCC) NAT helper"); | 26 | MODULE_DESCRIPTION("IRC (DCC) NAT helper"); |
33 | MODULE_LICENSE("GPL"); | 27 | MODULE_LICENSE("GPL"); |
@@ -44,9 +38,6 @@ static unsigned int help(struct sk_buff **pskb, | |||
44 | u_int16_t port; | 38 | u_int16_t port; |
45 | unsigned int ret; | 39 | unsigned int ret; |
46 | 40 | ||
47 | DEBUGP("IRC_NAT: info (seq %u + %u) in %u\n", | ||
48 | expect->seq, exp_irc_info->len, ntohl(tcph->seq)); | ||
49 | |||
50 | /* Reply comes from server. */ | 41 | /* Reply comes from server. */ |
51 | exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port; | 42 | exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port; |
52 | exp->dir = IP_CT_DIR_REPLY; | 43 | exp->dir = IP_CT_DIR_REPLY; |
@@ -64,8 +55,8 @@ static unsigned int help(struct sk_buff **pskb, | |||
64 | 55 | ||
65 | ip = ntohl(exp->master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip); | 56 | ip = ntohl(exp->master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip); |
66 | sprintf(buffer, "%u %u", ip, port); | 57 | sprintf(buffer, "%u %u", ip, port); |
67 | DEBUGP("nf_nat_irc: inserting '%s' == %u.%u.%u.%u, port %u\n", | 58 | pr_debug("nf_nat_irc: inserting '%s' == %u.%u.%u.%u, port %u\n", |
68 | buffer, NIPQUAD(ip), port); | 59 | buffer, NIPQUAD(ip), port); |
69 | 60 | ||
70 | ret = nf_nat_mangle_tcp_packet(pskb, exp->master, ctinfo, | 61 | ret = nf_nat_mangle_tcp_packet(pskb, exp->master, ctinfo, |
71 | matchoff, matchlen, buffer, | 62 | matchoff, matchlen, buffer, |
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c index deb80ae2831e..984ec8308b2e 100644 --- a/net/ipv4/netfilter/nf_nat_pptp.c +++ b/net/ipv4/netfilter/nf_nat_pptp.c | |||
@@ -37,14 +37,6 @@ MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>"); | |||
37 | MODULE_DESCRIPTION("Netfilter NAT helper module for PPTP"); | 37 | MODULE_DESCRIPTION("Netfilter NAT helper module for PPTP"); |
38 | MODULE_ALIAS("ip_nat_pptp"); | 38 | MODULE_ALIAS("ip_nat_pptp"); |
39 | 39 | ||
40 | #if 0 | ||
41 | extern const char *pptp_msg_name[]; | ||
42 | #define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s: " format, __FILE__, \ | ||
43 | __FUNCTION__, ## args) | ||
44 | #else | ||
45 | #define DEBUGP(format, args...) | ||
46 | #endif | ||
47 | |||
48 | static void pptp_nat_expected(struct nf_conn *ct, | 40 | static void pptp_nat_expected(struct nf_conn *ct, |
49 | struct nf_conntrack_expect *exp) | 41 | struct nf_conntrack_expect *exp) |
50 | { | 42 | { |
@@ -60,7 +52,7 @@ static void pptp_nat_expected(struct nf_conn *ct, | |||
60 | 52 | ||
61 | /* And here goes the grand finale of corrosion... */ | 53 | /* And here goes the grand finale of corrosion... */ |
62 | if (exp->dir == IP_CT_DIR_ORIGINAL) { | 54 | if (exp->dir == IP_CT_DIR_ORIGINAL) { |
63 | DEBUGP("we are PNS->PAC\n"); | 55 | pr_debug("we are PNS->PAC\n"); |
64 | /* therefore, build tuple for PAC->PNS */ | 56 | /* therefore, build tuple for PAC->PNS */ |
65 | t.src.l3num = AF_INET; | 57 | t.src.l3num = AF_INET; |
66 | t.src.u3.ip = master->tuplehash[!exp->dir].tuple.src.u3.ip; | 58 | t.src.u3.ip = master->tuplehash[!exp->dir].tuple.src.u3.ip; |
@@ -69,7 +61,7 @@ static void pptp_nat_expected(struct nf_conn *ct, | |||
69 | t.dst.u.gre.key = ct_pptp_info->pns_call_id; | 61 | t.dst.u.gre.key = ct_pptp_info->pns_call_id; |
70 | t.dst.protonum = IPPROTO_GRE; | 62 | t.dst.protonum = IPPROTO_GRE; |
71 | } else { | 63 | } else { |
72 | DEBUGP("we are PAC->PNS\n"); | 64 | pr_debug("we are PAC->PNS\n"); |
73 | /* build tuple for PNS->PAC */ | 65 | /* build tuple for PNS->PAC */ |
74 | t.src.l3num = AF_INET; | 66 | t.src.l3num = AF_INET; |
75 | t.src.u3.ip = master->tuplehash[!exp->dir].tuple.src.u3.ip; | 67 | t.src.u3.ip = master->tuplehash[!exp->dir].tuple.src.u3.ip; |
@@ -79,15 +71,15 @@ static void pptp_nat_expected(struct nf_conn *ct, | |||
79 | t.dst.protonum = IPPROTO_GRE; | 71 | t.dst.protonum = IPPROTO_GRE; |
80 | } | 72 | } |
81 | 73 | ||
82 | DEBUGP("trying to unexpect other dir: "); | 74 | pr_debug("trying to unexpect other dir: "); |
83 | NF_CT_DUMP_TUPLE(&t); | 75 | NF_CT_DUMP_TUPLE(&t); |
84 | other_exp = nf_ct_expect_find_get(&t); | 76 | other_exp = nf_ct_expect_find_get(&t); |
85 | if (other_exp) { | 77 | if (other_exp) { |
86 | nf_ct_unexpect_related(other_exp); | 78 | nf_ct_unexpect_related(other_exp); |
87 | nf_ct_expect_put(other_exp); | 79 | nf_ct_expect_put(other_exp); |
88 | DEBUGP("success\n"); | 80 | pr_debug("success\n"); |
89 | } else { | 81 | } else { |
90 | DEBUGP("not found!\n"); | 82 | pr_debug("not found!\n"); |
91 | } | 83 | } |
92 | 84 | ||
93 | /* This must be a fresh one. */ | 85 | /* This must be a fresh one. */ |
@@ -161,9 +153,9 @@ pptp_outbound_pkt(struct sk_buff **pskb, | |||
161 | cid_off = offsetof(union pptp_ctrl_union, clrreq.callID); | 153 | cid_off = offsetof(union pptp_ctrl_union, clrreq.callID); |
162 | break; | 154 | break; |
163 | default: | 155 | default: |
164 | DEBUGP("unknown outbound packet 0x%04x:%s\n", msg, | 156 | pr_debug("unknown outbound packet 0x%04x:%s\n", msg, |
165 | (msg <= PPTP_MSG_MAX)? | 157 | msg <= PPTP_MSG_MAX ? pptp_msg_name[msg] : |
166 | pptp_msg_name[msg]:pptp_msg_name[0]); | 158 | pptp_msg_name[0]); |
167 | /* fall through */ | 159 | /* fall through */ |
168 | case PPTP_SET_LINK_INFO: | 160 | case PPTP_SET_LINK_INFO: |
169 | /* only need to NAT in case PAC is behind NAT box */ | 161 | /* only need to NAT in case PAC is behind NAT box */ |
@@ -179,8 +171,8 @@ pptp_outbound_pkt(struct sk_buff **pskb, | |||
179 | 171 | ||
180 | /* only OUT_CALL_REQUEST, IN_CALL_REPLY, CALL_CLEAR_REQUEST pass | 172 | /* only OUT_CALL_REQUEST, IN_CALL_REPLY, CALL_CLEAR_REQUEST pass |
181 | * down to here */ | 173 | * down to here */ |
182 | DEBUGP("altering call id from 0x%04x to 0x%04x\n", | 174 | pr_debug("altering call id from 0x%04x to 0x%04x\n", |
183 | ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid)); | 175 | ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid)); |
184 | 176 | ||
185 | /* mangle packet */ | 177 | /* mangle packet */ |
186 | if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, | 178 | if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, |
@@ -255,8 +247,9 @@ pptp_inbound_pkt(struct sk_buff **pskb, | |||
255 | pcid_off = offsetof(union pptp_ctrl_union, setlink.peersCallID); | 247 | pcid_off = offsetof(union pptp_ctrl_union, setlink.peersCallID); |
256 | break; | 248 | break; |
257 | default: | 249 | default: |
258 | DEBUGP("unknown inbound packet %s\n", (msg <= PPTP_MSG_MAX)? | 250 | pr_debug("unknown inbound packet %s\n", |
259 | pptp_msg_name[msg]:pptp_msg_name[0]); | 251 | msg <= PPTP_MSG_MAX ? pptp_msg_name[msg] : |
252 | pptp_msg_name[0]); | ||
260 | /* fall through */ | 253 | /* fall through */ |
261 | case PPTP_START_SESSION_REQUEST: | 254 | case PPTP_START_SESSION_REQUEST: |
262 | case PPTP_START_SESSION_REPLY: | 255 | case PPTP_START_SESSION_REPLY: |
@@ -272,8 +265,8 @@ pptp_inbound_pkt(struct sk_buff **pskb, | |||
272 | * WAN_ERROR_NOTIFY, CALL_DISCONNECT_NOTIFY pass down here */ | 265 | * WAN_ERROR_NOTIFY, CALL_DISCONNECT_NOTIFY pass down here */ |
273 | 266 | ||
274 | /* mangle packet */ | 267 | /* mangle packet */ |
275 | DEBUGP("altering peer call id from 0x%04x to 0x%04x\n", | 268 | pr_debug("altering peer call id from 0x%04x to 0x%04x\n", |
276 | ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid)); | 269 | ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid)); |
277 | 270 | ||
278 | if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, | 271 | if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, |
279 | pcid_off + sizeof(struct pptp_pkt_hdr) + | 272 | pcid_off + sizeof(struct pptp_pkt_hdr) + |
diff --git a/net/ipv4/netfilter/nf_nat_proto_gre.c b/net/ipv4/netfilter/nf_nat_proto_gre.c index c3908bc5a709..2e40cc83526a 100644 --- a/net/ipv4/netfilter/nf_nat_proto_gre.c +++ b/net/ipv4/netfilter/nf_nat_proto_gre.c | |||
@@ -36,13 +36,6 @@ MODULE_LICENSE("GPL"); | |||
36 | MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>"); | 36 | MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>"); |
37 | MODULE_DESCRIPTION("Netfilter NAT protocol helper module for GRE"); | 37 | MODULE_DESCRIPTION("Netfilter NAT protocol helper module for GRE"); |
38 | 38 | ||
39 | #if 0 | ||
40 | #define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s: " format, __FILE__, \ | ||
41 | __FUNCTION__, ## args) | ||
42 | #else | ||
43 | #define DEBUGP(x, args...) | ||
44 | #endif | ||
45 | |||
46 | /* is key in given range between min and max */ | 39 | /* is key in given range between min and max */ |
47 | static int | 40 | static int |
48 | gre_in_range(const struct nf_conntrack_tuple *tuple, | 41 | gre_in_range(const struct nf_conntrack_tuple *tuple, |
@@ -83,7 +76,7 @@ gre_unique_tuple(struct nf_conntrack_tuple *tuple, | |||
83 | keyptr = &tuple->dst.u.gre.key; | 76 | keyptr = &tuple->dst.u.gre.key; |
84 | 77 | ||
85 | if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED)) { | 78 | if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED)) { |
86 | DEBUGP("%p: NATing GRE PPTP\n", conntrack); | 79 | pr_debug("%p: NATing GRE PPTP\n", conntrack); |
87 | min = 1; | 80 | min = 1; |
88 | range_size = 0xffff; | 81 | range_size = 0xffff; |
89 | } else { | 82 | } else { |
@@ -91,7 +84,7 @@ gre_unique_tuple(struct nf_conntrack_tuple *tuple, | |||
91 | range_size = ntohs(range->max.gre.key) - min + 1; | 84 | range_size = ntohs(range->max.gre.key) - min + 1; |
92 | } | 85 | } |
93 | 86 | ||
94 | DEBUGP("min = %u, range_size = %u\n", min, range_size); | 87 | pr_debug("min = %u, range_size = %u\n", min, range_size); |
95 | 88 | ||
96 | for (i = 0; i < range_size; i++, key++) { | 89 | for (i = 0; i < range_size; i++, key++) { |
97 | *keyptr = htons(min + key % range_size); | 90 | *keyptr = htons(min + key % range_size); |
@@ -99,7 +92,7 @@ gre_unique_tuple(struct nf_conntrack_tuple *tuple, | |||
99 | return 1; | 92 | return 1; |
100 | } | 93 | } |
101 | 94 | ||
102 | DEBUGP("%p: no NAT mapping\n", conntrack); | 95 | pr_debug("%p: no NAT mapping\n", conntrack); |
103 | return 0; | 96 | return 0; |
104 | } | 97 | } |
105 | 98 | ||
@@ -132,11 +125,11 @@ gre_manip_pkt(struct sk_buff **pskb, unsigned int iphdroff, | |||
132 | * Try to behave like "nf_nat_proto_unknown" */ | 125 | * Try to behave like "nf_nat_proto_unknown" */ |
133 | break; | 126 | break; |
134 | case GRE_VERSION_PPTP: | 127 | case GRE_VERSION_PPTP: |
135 | DEBUGP("call_id -> 0x%04x\n", ntohs(tuple->dst.u.gre.key)); | 128 | pr_debug("call_id -> 0x%04x\n", ntohs(tuple->dst.u.gre.key)); |
136 | pgreh->call_id = tuple->dst.u.gre.key; | 129 | pgreh->call_id = tuple->dst.u.gre.key; |
137 | break; | 130 | break; |
138 | default: | 131 | default: |
139 | DEBUGP("can't nat unknown GRE version\n"); | 132 | pr_debug("can't nat unknown GRE version\n"); |
140 | return 0; | 133 | return 0; |
141 | } | 134 | } |
142 | return 1; | 135 | return 1; |
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index 080393a143d7..0f45427e5fdc 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c | |||
@@ -24,12 +24,6 @@ | |||
24 | #include <net/netfilter/nf_nat_core.h> | 24 | #include <net/netfilter/nf_nat_core.h> |
25 | #include <net/netfilter/nf_nat_rule.h> | 25 | #include <net/netfilter/nf_nat_rule.h> |
26 | 26 | ||
27 | #if 0 | ||
28 | #define DEBUGP printk | ||
29 | #else | ||
30 | #define DEBUGP(format, args...) | ||
31 | #endif | ||
32 | |||
33 | #define NAT_VALID_HOOKS ((1<<NF_IP_PRE_ROUTING) | (1<<NF_IP_POST_ROUTING) | (1<<NF_IP_LOCAL_OUT)) | 27 | #define NAT_VALID_HOOKS ((1<<NF_IP_PRE_ROUTING) | (1<<NF_IP_POST_ROUTING) | (1<<NF_IP_LOCAL_OUT)) |
34 | 28 | ||
35 | static struct | 29 | static struct |
@@ -186,8 +180,8 @@ alloc_null_binding(struct nf_conn *ct, unsigned int hooknum) | |||
186 | struct nf_nat_range range | 180 | struct nf_nat_range range |
187 | = { IP_NAT_RANGE_MAP_IPS, ip, ip, { 0 }, { 0 } }; | 181 | = { IP_NAT_RANGE_MAP_IPS, ip, ip, { 0 }, { 0 } }; |
188 | 182 | ||
189 | DEBUGP("Allocating NULL binding for %p (%u.%u.%u.%u)\n", | 183 | pr_debug("Allocating NULL binding for %p (%u.%u.%u.%u)\n", |
190 | ct, NIPQUAD(ip)); | 184 | ct, NIPQUAD(ip)); |
191 | return nf_nat_setup_info(ct, &range, hooknum); | 185 | return nf_nat_setup_info(ct, &range, hooknum); |
192 | } | 186 | } |
193 | 187 | ||
@@ -205,8 +199,8 @@ alloc_null_binding_confirmed(struct nf_conn *ct, unsigned int hooknum) | |||
205 | struct nf_nat_range range | 199 | struct nf_nat_range range |
206 | = { IP_NAT_RANGE_MAP_IPS, ip, ip, { all }, { all } }; | 200 | = { IP_NAT_RANGE_MAP_IPS, ip, ip, { all }, { all } }; |
207 | 201 | ||
208 | DEBUGP("Allocating NULL binding for confirmed %p (%u.%u.%u.%u)\n", | 202 | pr_debug("Allocating NULL binding for confirmed %p (%u.%u.%u.%u)\n", |
209 | ct, NIPQUAD(ip)); | 203 | ct, NIPQUAD(ip)); |
210 | return nf_nat_setup_info(ct, &range, hooknum); | 204 | return nf_nat_setup_info(ct, &range, hooknum); |
211 | } | 205 | } |
212 | 206 | ||
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c index 940cdfc429de..a889ec3ec83a 100644 --- a/net/ipv4/netfilter/nf_nat_sip.c +++ b/net/ipv4/netfilter/nf_nat_sip.c | |||
@@ -26,12 +26,6 @@ MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>"); | |||
26 | MODULE_DESCRIPTION("SIP NAT helper"); | 26 | MODULE_DESCRIPTION("SIP NAT helper"); |
27 | MODULE_ALIAS("ip_nat_sip"); | 27 | MODULE_ALIAS("ip_nat_sip"); |
28 | 28 | ||
29 | #if 0 | ||
30 | #define DEBUGP printk | ||
31 | #else | ||
32 | #define DEBUGP(format, args...) | ||
33 | #endif | ||
34 | |||
35 | struct addr_map { | 29 | struct addr_map { |
36 | struct { | 30 | struct { |
37 | char src[sizeof("nnn.nnn.nnn.nnn:nnnnn")]; | 31 | char src[sizeof("nnn.nnn.nnn.nnn:nnnnn")]; |
@@ -257,8 +251,6 @@ static unsigned int ip_nat_sdp(struct sk_buff **pskb, | |||
257 | __be32 newip; | 251 | __be32 newip; |
258 | u_int16_t port; | 252 | u_int16_t port; |
259 | 253 | ||
260 | DEBUGP("ip_nat_sdp():\n"); | ||
261 | |||
262 | /* Connection will come from reply */ | 254 | /* Connection will come from reply */ |
263 | if (ct->tuplehash[dir].tuple.src.u3.ip == | 255 | if (ct->tuplehash[dir].tuple.src.u3.ip == |
264 | ct->tuplehash[!dir].tuple.dst.u3.ip) | 256 | ct->tuplehash[!dir].tuple.dst.u3.ip) |
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c index 30eeaa4c645c..332814dac503 100644 --- a/net/ipv4/netfilter/nf_nat_standalone.c +++ b/net/ipv4/netfilter/nf_nat_standalone.c | |||
@@ -27,12 +27,6 @@ | |||
27 | #include <net/netfilter/nf_nat_helper.h> | 27 | #include <net/netfilter/nf_nat_helper.h> |
28 | #include <linux/netfilter_ipv4/ip_tables.h> | 28 | #include <linux/netfilter_ipv4/ip_tables.h> |
29 | 29 | ||
30 | #if 0 | ||
31 | #define DEBUGP printk | ||
32 | #else | ||
33 | #define DEBUGP(format, args...) | ||
34 | #endif | ||
35 | |||
36 | #ifdef CONFIG_XFRM | 30 | #ifdef CONFIG_XFRM |
37 | static void nat_decode_session(struct sk_buff *skb, struct flowi *fl) | 31 | static void nat_decode_session(struct sk_buff *skb, struct flowi *fl) |
38 | { | 32 | { |
@@ -117,7 +111,7 @@ nf_nat_fn(unsigned int hooknum, | |||
117 | if (!nat) { | 111 | if (!nat) { |
118 | nat = nf_ct_ext_add(ct, NF_CT_EXT_NAT, GFP_ATOMIC); | 112 | nat = nf_ct_ext_add(ct, NF_CT_EXT_NAT, GFP_ATOMIC); |
119 | if (nat == NULL) { | 113 | if (nat == NULL) { |
120 | DEBUGP("failed to add NAT extension\n"); | 114 | pr_debug("failed to add NAT extension\n"); |
121 | return NF_ACCEPT; | 115 | return NF_ACCEPT; |
122 | } | 116 | } |
123 | } | 117 | } |
@@ -154,9 +148,9 @@ nf_nat_fn(unsigned int hooknum, | |||
154 | return ret; | 148 | return ret; |
155 | } | 149 | } |
156 | } else | 150 | } else |
157 | DEBUGP("Already setup manip %s for ct %p\n", | 151 | pr_debug("Already setup manip %s for ct %p\n", |
158 | maniptype == IP_NAT_MANIP_SRC ? "SRC" : "DST", | 152 | maniptype == IP_NAT_MANIP_SRC ? "SRC" : "DST", |
159 | ct); | 153 | ct); |
160 | break; | 154 | break; |
161 | 155 | ||
162 | default: | 156 | default: |
@@ -270,7 +264,7 @@ nf_nat_adjust(unsigned int hooknum, | |||
270 | 264 | ||
271 | ct = nf_ct_get(*pskb, &ctinfo); | 265 | ct = nf_ct_get(*pskb, &ctinfo); |
272 | if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) { | 266 | if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) { |
273 | DEBUGP("nf_nat_standalone: adjusting sequence number\n"); | 267 | pr_debug("nf_nat_standalone: adjusting sequence number\n"); |
274 | if (!nf_nat_seq_adjust(pskb, ct, ctinfo)) | 268 | if (!nf_nat_seq_adjust(pskb, ct, ctinfo)) |
275 | return NF_DROP; | 269 | return NF_DROP; |
276 | } | 270 | } |