diff options
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/netfilter/ip6t_LOG.c | 12 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_REJECT.c | 23 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_ah.c | 47 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_frag.c | 76 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_hbh.c | 45 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_rt.c | 82 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_mangle.c | 6 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_raw.c | 6 | ||||
-rw-r--r-- | net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 10 | ||||
-rw-r--r-- | net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 24 | ||||
-rw-r--r-- | net/ipv6/netfilter/nf_conntrack_reasm.c | 52 |
11 files changed, 160 insertions, 223 deletions
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c index 540bf14b851c..b05327ebd332 100644 --- a/net/ipv6/netfilter/ip6t_LOG.c +++ b/net/ipv6/netfilter/ip6t_LOG.c | |||
@@ -32,12 +32,6 @@ struct in_device; | |||
32 | #include <net/route.h> | 32 | #include <net/route.h> |
33 | #include <linux/netfilter_ipv6/ip6t_LOG.h> | 33 | #include <linux/netfilter_ipv6/ip6t_LOG.h> |
34 | 34 | ||
35 | #if 0 | ||
36 | #define DEBUGP printk | ||
37 | #else | ||
38 | #define DEBUGP(format, args...) | ||
39 | #endif | ||
40 | |||
41 | /* Use lock to serialize, so printks don't overlap */ | 35 | /* Use lock to serialize, so printks don't overlap */ |
42 | static DEFINE_SPINLOCK(log_lock); | 36 | static DEFINE_SPINLOCK(log_lock); |
43 | 37 | ||
@@ -466,12 +460,12 @@ static bool ip6t_log_checkentry(const char *tablename, | |||
466 | const struct ip6t_log_info *loginfo = targinfo; | 460 | const struct ip6t_log_info *loginfo = targinfo; |
467 | 461 | ||
468 | if (loginfo->level >= 8) { | 462 | if (loginfo->level >= 8) { |
469 | DEBUGP("LOG: level %u >= 8\n", loginfo->level); | 463 | pr_debug("LOG: level %u >= 8\n", loginfo->level); |
470 | return false; | 464 | return false; |
471 | } | 465 | } |
472 | if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { | 466 | if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { |
473 | DEBUGP("LOG: prefix term %i\n", | 467 | pr_debug("LOG: prefix term %i\n", |
474 | loginfo->prefix[sizeof(loginfo->prefix)-1]); | 468 | loginfo->prefix[sizeof(loginfo->prefix)-1]); |
475 | return false; | 469 | return false; |
476 | } | 470 | } |
477 | return true; | 471 | return true; |
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index 14008dc6a197..2f487cda3b6b 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c | |||
@@ -34,12 +34,6 @@ MODULE_AUTHOR("Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>"); | |||
34 | MODULE_DESCRIPTION("IP6 tables REJECT target module"); | 34 | MODULE_DESCRIPTION("IP6 tables REJECT target module"); |
35 | MODULE_LICENSE("GPL"); | 35 | MODULE_LICENSE("GPL"); |
36 | 36 | ||
37 | #if 0 | ||
38 | #define DEBUGP printk | ||
39 | #else | ||
40 | #define DEBUGP(format, args...) | ||
41 | #endif | ||
42 | |||
43 | /* Send RST reply */ | 37 | /* Send RST reply */ |
44 | static void send_reset(struct sk_buff *oldskb) | 38 | static void send_reset(struct sk_buff *oldskb) |
45 | { | 39 | { |
@@ -54,7 +48,7 @@ static void send_reset(struct sk_buff *oldskb) | |||
54 | 48 | ||
55 | if ((!(ipv6_addr_type(&oip6h->saddr) & IPV6_ADDR_UNICAST)) || | 49 | if ((!(ipv6_addr_type(&oip6h->saddr) & IPV6_ADDR_UNICAST)) || |
56 | (!(ipv6_addr_type(&oip6h->daddr) & IPV6_ADDR_UNICAST))) { | 50 | (!(ipv6_addr_type(&oip6h->daddr) & IPV6_ADDR_UNICAST))) { |
57 | DEBUGP("ip6t_REJECT: addr is not unicast.\n"); | 51 | pr_debug("ip6t_REJECT: addr is not unicast.\n"); |
58 | return; | 52 | return; |
59 | } | 53 | } |
60 | 54 | ||
@@ -62,7 +56,7 @@ static void send_reset(struct sk_buff *oldskb) | |||
62 | tcphoff = ipv6_skip_exthdr(oldskb, ((u8*)(oip6h+1) - oldskb->data), &proto); | 56 | tcphoff = ipv6_skip_exthdr(oldskb, ((u8*)(oip6h+1) - oldskb->data), &proto); |
63 | 57 | ||
64 | if ((tcphoff < 0) || (tcphoff > oldskb->len)) { | 58 | if ((tcphoff < 0) || (tcphoff > oldskb->len)) { |
65 | DEBUGP("ip6t_REJECT: Can't get TCP header.\n"); | 59 | pr_debug("ip6t_REJECT: Can't get TCP header.\n"); |
66 | return; | 60 | return; |
67 | } | 61 | } |
68 | 62 | ||
@@ -70,8 +64,9 @@ static void send_reset(struct sk_buff *oldskb) | |||
70 | 64 | ||
71 | /* IP header checks: fragment, too short. */ | 65 | /* IP header checks: fragment, too short. */ |
72 | if (proto != IPPROTO_TCP || otcplen < sizeof(struct tcphdr)) { | 66 | if (proto != IPPROTO_TCP || otcplen < sizeof(struct tcphdr)) { |
73 | DEBUGP("ip6t_REJECT: proto(%d) != IPPROTO_TCP, or too short. otcplen = %d\n", | 67 | pr_debug("ip6t_REJECT: proto(%d) != IPPROTO_TCP, " |
74 | proto, otcplen); | 68 | "or too short. otcplen = %d\n", |
69 | proto, otcplen); | ||
75 | return; | 70 | return; |
76 | } | 71 | } |
77 | 72 | ||
@@ -80,14 +75,14 @@ static void send_reset(struct sk_buff *oldskb) | |||
80 | 75 | ||
81 | /* No RST for RST. */ | 76 | /* No RST for RST. */ |
82 | if (otcph.rst) { | 77 | if (otcph.rst) { |
83 | DEBUGP("ip6t_REJECT: RST is set\n"); | 78 | pr_debug("ip6t_REJECT: RST is set\n"); |
84 | return; | 79 | return; |
85 | } | 80 | } |
86 | 81 | ||
87 | /* Check checksum. */ | 82 | /* Check checksum. */ |
88 | if (csum_ipv6_magic(&oip6h->saddr, &oip6h->daddr, otcplen, IPPROTO_TCP, | 83 | if (csum_ipv6_magic(&oip6h->saddr, &oip6h->daddr, otcplen, IPPROTO_TCP, |
89 | skb_checksum(oldskb, tcphoff, otcplen, 0))) { | 84 | skb_checksum(oldskb, tcphoff, otcplen, 0))) { |
90 | DEBUGP("ip6t_REJECT: TCP checksum is invalid\n"); | 85 | pr_debug("ip6t_REJECT: TCP checksum is invalid\n"); |
91 | return; | 86 | return; |
92 | } | 87 | } |
93 | 88 | ||
@@ -186,7 +181,7 @@ static unsigned int reject6_target(struct sk_buff **pskb, | |||
186 | { | 181 | { |
187 | const struct ip6t_reject_info *reject = targinfo; | 182 | const struct ip6t_reject_info *reject = targinfo; |
188 | 183 | ||
189 | DEBUGP(KERN_DEBUG "%s: medium point\n", __FUNCTION__); | 184 | pr_debug("%s: medium point\n", __FUNCTION__); |
190 | /* WARNING: This code causes reentry within ip6tables. | 185 | /* WARNING: This code causes reentry within ip6tables. |
191 | This means that the ip6tables jump stack is now crap. We | 186 | This means that the ip6tables jump stack is now crap. We |
192 | must return an absolute verdict. --RR */ | 187 | must return an absolute verdict. --RR */ |
@@ -237,7 +232,7 @@ static bool check(const char *tablename, | |||
237 | /* Must specify that it's a TCP packet */ | 232 | /* Must specify that it's a TCP packet */ |
238 | if (e->ipv6.proto != IPPROTO_TCP | 233 | if (e->ipv6.proto != IPPROTO_TCP |
239 | || (e->ipv6.invflags & XT_INV_PROTO)) { | 234 | || (e->ipv6.invflags & XT_INV_PROTO)) { |
240 | DEBUGP("ip6t_REJECT: TCP_RESET illegal for non-tcp\n"); | 235 | printk("ip6t_REJECT: TCP_RESET illegal for non-tcp\n"); |
241 | return false; | 236 | return false; |
242 | } | 237 | } |
243 | } | 238 | } |
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c index a9fe2aa97072..2a25fe25e0e0 100644 --- a/net/ipv6/netfilter/ip6t_ah.c +++ b/net/ipv6/netfilter/ip6t_ah.c | |||
@@ -23,21 +23,16 @@ MODULE_LICENSE("GPL"); | |||
23 | MODULE_DESCRIPTION("IPv6 AH match"); | 23 | MODULE_DESCRIPTION("IPv6 AH match"); |
24 | MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); | 24 | MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); |
25 | 25 | ||
26 | #if 0 | ||
27 | #define DEBUGP printk | ||
28 | #else | ||
29 | #define DEBUGP(format, args...) | ||
30 | #endif | ||
31 | |||
32 | /* Returns 1 if the spi is matched by the range, 0 otherwise */ | 26 | /* Returns 1 if the spi is matched by the range, 0 otherwise */ |
33 | static inline bool | 27 | static inline bool |
34 | spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert) | 28 | spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert) |
35 | { | 29 | { |
36 | bool r; | 30 | bool r; |
37 | DEBUGP("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ', | 31 | |
38 | min,spi,max); | 32 | pr_debug("ah spi_match:%c 0x%x <= 0x%x <= 0x%x", |
33 | invert ? '!' : ' ', min, spi, max); | ||
39 | r = (spi >= min && spi <= max) ^ invert; | 34 | r = (spi >= min && spi <= max) ^ invert; |
40 | DEBUGP(" result %s\n",r? "PASS\n" : "FAILED\n"); | 35 | pr_debug(" result %s\n", r ? "PASS" : "FAILED"); |
41 | return r; | 36 | return r; |
42 | } | 37 | } |
43 | 38 | ||
@@ -73,22 +68,22 @@ match(const struct sk_buff *skb, | |||
73 | 68 | ||
74 | hdrlen = (ah->hdrlen + 2) << 2; | 69 | hdrlen = (ah->hdrlen + 2) << 2; |
75 | 70 | ||
76 | DEBUGP("IPv6 AH LEN %u %u ", hdrlen, ah->hdrlen); | 71 | pr_debug("IPv6 AH LEN %u %u ", hdrlen, ah->hdrlen); |
77 | DEBUGP("RES %04X ", ah->reserved); | 72 | pr_debug("RES %04X ", ah->reserved); |
78 | DEBUGP("SPI %u %08X\n", ntohl(ah->spi), ntohl(ah->spi)); | 73 | pr_debug("SPI %u %08X\n", ntohl(ah->spi), ntohl(ah->spi)); |
79 | 74 | ||
80 | DEBUGP("IPv6 AH spi %02X ", | 75 | pr_debug("IPv6 AH spi %02X ", |
81 | spi_match(ahinfo->spis[0], ahinfo->spis[1], | 76 | spi_match(ahinfo->spis[0], ahinfo->spis[1], |
82 | ntohl(ah->spi), | 77 | ntohl(ah->spi), |
83 | !!(ahinfo->invflags & IP6T_AH_INV_SPI))); | 78 | !!(ahinfo->invflags & IP6T_AH_INV_SPI))); |
84 | DEBUGP("len %02X %04X %02X ", | 79 | pr_debug("len %02X %04X %02X ", |
85 | ahinfo->hdrlen, hdrlen, | 80 | ahinfo->hdrlen, hdrlen, |
86 | (!ahinfo->hdrlen || | 81 | (!ahinfo->hdrlen || |
87 | (ahinfo->hdrlen == hdrlen) ^ | 82 | (ahinfo->hdrlen == hdrlen) ^ |
88 | !!(ahinfo->invflags & IP6T_AH_INV_LEN))); | 83 | !!(ahinfo->invflags & IP6T_AH_INV_LEN))); |
89 | DEBUGP("res %02X %04X %02X\n", | 84 | pr_debug("res %02X %04X %02X\n", |
90 | ahinfo->hdrres, ah->reserved, | 85 | ahinfo->hdrres, ah->reserved, |
91 | !(ahinfo->hdrres && ah->reserved)); | 86 | !(ahinfo->hdrres && ah->reserved)); |
92 | 87 | ||
93 | return (ah != NULL) | 88 | return (ah != NULL) |
94 | && | 89 | && |
@@ -114,7 +109,7 @@ checkentry(const char *tablename, | |||
114 | const struct ip6t_ah *ahinfo = matchinfo; | 109 | const struct ip6t_ah *ahinfo = matchinfo; |
115 | 110 | ||
116 | if (ahinfo->invflags & ~IP6T_AH_INV_MASK) { | 111 | if (ahinfo->invflags & ~IP6T_AH_INV_MASK) { |
117 | DEBUGP("ip6t_ah: unknown flags %X\n", ahinfo->invflags); | 112 | pr_debug("ip6t_ah: unknown flags %X\n", ahinfo->invflags); |
118 | return false; | 113 | return false; |
119 | } | 114 | } |
120 | return true; | 115 | return true; |
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c index bb1cfa82b47c..968aeba02073 100644 --- a/net/ipv6/netfilter/ip6t_frag.c +++ b/net/ipv6/netfilter/ip6t_frag.c | |||
@@ -22,21 +22,15 @@ MODULE_LICENSE("GPL"); | |||
22 | MODULE_DESCRIPTION("IPv6 FRAG match"); | 22 | MODULE_DESCRIPTION("IPv6 FRAG match"); |
23 | MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); | 23 | MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); |
24 | 24 | ||
25 | #if 0 | ||
26 | #define DEBUGP printk | ||
27 | #else | ||
28 | #define DEBUGP(format, args...) | ||
29 | #endif | ||
30 | |||
31 | /* Returns 1 if the id is matched by the range, 0 otherwise */ | 25 | /* Returns 1 if the id is matched by the range, 0 otherwise */ |
32 | static inline bool | 26 | static inline bool |
33 | id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert) | 27 | id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert) |
34 | { | 28 | { |
35 | bool r; | 29 | bool r; |
36 | DEBUGP("frag id_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ', | 30 | pr_debug("frag id_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ', |
37 | min, id, max); | 31 | min, id, max); |
38 | r = (id >= min && id <= max) ^ invert; | 32 | r = (id >= min && id <= max) ^ invert; |
39 | DEBUGP(" result %s\n", r ? "PASS" : "FAILED"); | 33 | pr_debug(" result %s\n", r ? "PASS" : "FAILED"); |
40 | return r; | 34 | return r; |
41 | } | 35 | } |
42 | 36 | ||
@@ -69,37 +63,37 @@ match(const struct sk_buff *skb, | |||
69 | return false; | 63 | return false; |
70 | } | 64 | } |
71 | 65 | ||
72 | DEBUGP("INFO %04X ", fh->frag_off); | 66 | pr_debug("INFO %04X ", fh->frag_off); |
73 | DEBUGP("OFFSET %04X ", ntohs(fh->frag_off) & ~0x7); | 67 | pr_debug("OFFSET %04X ", ntohs(fh->frag_off) & ~0x7); |
74 | DEBUGP("RES %02X %04X", fh->reserved, ntohs(fh->frag_off) & 0x6); | 68 | pr_debug("RES %02X %04X", fh->reserved, ntohs(fh->frag_off) & 0x6); |
75 | DEBUGP("MF %04X ", fh->frag_off & htons(IP6_MF)); | 69 | pr_debug("MF %04X ", fh->frag_off & htons(IP6_MF)); |
76 | DEBUGP("ID %u %08X\n", ntohl(fh->identification), | 70 | pr_debug("ID %u %08X\n", ntohl(fh->identification), |
77 | ntohl(fh->identification)); | 71 | ntohl(fh->identification)); |
78 | 72 | ||
79 | DEBUGP("IPv6 FRAG id %02X ", | 73 | pr_debug("IPv6 FRAG id %02X ", |
80 | id_match(fraginfo->ids[0], fraginfo->ids[1], | 74 | id_match(fraginfo->ids[0], fraginfo->ids[1], |
81 | ntohl(fh->identification), | 75 | ntohl(fh->identification), |
82 | !!(fraginfo->invflags & IP6T_FRAG_INV_IDS))); | 76 | !!(fraginfo->invflags & IP6T_FRAG_INV_IDS))); |
83 | DEBUGP("res %02X %02X%04X %02X ", | 77 | pr_debug("res %02X %02X%04X %02X ", |
84 | fraginfo->flags & IP6T_FRAG_RES, fh->reserved, | 78 | fraginfo->flags & IP6T_FRAG_RES, fh->reserved, |
85 | ntohs(fh->frag_off) & 0x6, | 79 | ntohs(fh->frag_off) & 0x6, |
86 | !((fraginfo->flags & IP6T_FRAG_RES) | 80 | !((fraginfo->flags & IP6T_FRAG_RES) |
87 | && (fh->reserved || (ntohs(fh->frag_off) & 0x06)))); | 81 | && (fh->reserved || (ntohs(fh->frag_off) & 0x06)))); |
88 | DEBUGP("first %02X %02X %02X ", | 82 | pr_debug("first %02X %02X %02X ", |
89 | fraginfo->flags & IP6T_FRAG_FST, | 83 | fraginfo->flags & IP6T_FRAG_FST, |
90 | ntohs(fh->frag_off) & ~0x7, | 84 | ntohs(fh->frag_off) & ~0x7, |
91 | !((fraginfo->flags & IP6T_FRAG_FST) | 85 | !((fraginfo->flags & IP6T_FRAG_FST) |
92 | && (ntohs(fh->frag_off) & ~0x7))); | 86 | && (ntohs(fh->frag_off) & ~0x7))); |
93 | DEBUGP("mf %02X %02X %02X ", | 87 | pr_debug("mf %02X %02X %02X ", |
94 | fraginfo->flags & IP6T_FRAG_MF, | 88 | fraginfo->flags & IP6T_FRAG_MF, |
95 | ntohs(fh->frag_off) & IP6_MF, | 89 | ntohs(fh->frag_off) & IP6_MF, |
96 | !((fraginfo->flags & IP6T_FRAG_MF) | 90 | !((fraginfo->flags & IP6T_FRAG_MF) |
97 | && !((ntohs(fh->frag_off) & IP6_MF)))); | 91 | && !((ntohs(fh->frag_off) & IP6_MF)))); |
98 | DEBUGP("last %02X %02X %02X\n", | 92 | pr_debug("last %02X %02X %02X\n", |
99 | fraginfo->flags & IP6T_FRAG_NMF, | 93 | fraginfo->flags & IP6T_FRAG_NMF, |
100 | ntohs(fh->frag_off) & IP6_MF, | 94 | ntohs(fh->frag_off) & IP6_MF, |
101 | !((fraginfo->flags & IP6T_FRAG_NMF) | 95 | !((fraginfo->flags & IP6T_FRAG_NMF) |
102 | && (ntohs(fh->frag_off) & IP6_MF))); | 96 | && (ntohs(fh->frag_off) & IP6_MF))); |
103 | 97 | ||
104 | return (fh != NULL) | 98 | return (fh != NULL) |
105 | && | 99 | && |
@@ -131,7 +125,7 @@ checkentry(const char *tablename, | |||
131 | const struct ip6t_frag *fraginfo = matchinfo; | 125 | const struct ip6t_frag *fraginfo = matchinfo; |
132 | 126 | ||
133 | if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) { | 127 | if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) { |
134 | DEBUGP("ip6t_frag: unknown flags %X\n", fraginfo->invflags); | 128 | pr_debug("ip6t_frag: unknown flags %X\n", fraginfo->invflags); |
135 | return false; | 129 | return false; |
136 | } | 130 | } |
137 | return true; | 131 | return true; |
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c index 6247d4cdad99..e6ca6018b1ea 100644 --- a/net/ipv6/netfilter/ip6t_hbh.c +++ b/net/ipv6/netfilter/ip6t_hbh.c | |||
@@ -25,12 +25,6 @@ MODULE_DESCRIPTION("IPv6 opts match"); | |||
25 | MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); | 25 | MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); |
26 | MODULE_ALIAS("ip6t_dst"); | 26 | MODULE_ALIAS("ip6t_dst"); |
27 | 27 | ||
28 | #if 0 | ||
29 | #define DEBUGP printk | ||
30 | #else | ||
31 | #define DEBUGP(format, args...) | ||
32 | #endif | ||
33 | |||
34 | /* | 28 | /* |
35 | * (Type & 0xC0) >> 6 | 29 | * (Type & 0xC0) >> 6 |
36 | * 0 -> ignorable | 30 | * 0 -> ignorable |
@@ -90,13 +84,13 @@ match(const struct sk_buff *skb, | |||
90 | return false; | 84 | return false; |
91 | } | 85 | } |
92 | 86 | ||
93 | DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen); | 87 | pr_debug("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen); |
94 | 88 | ||
95 | DEBUGP("len %02X %04X %02X ", | 89 | pr_debug("len %02X %04X %02X ", |
96 | optinfo->hdrlen, hdrlen, | 90 | optinfo->hdrlen, hdrlen, |
97 | (!(optinfo->flags & IP6T_OPTS_LEN) || | 91 | (!(optinfo->flags & IP6T_OPTS_LEN) || |
98 | ((optinfo->hdrlen == hdrlen) ^ | 92 | ((optinfo->hdrlen == hdrlen) ^ |
99 | !!(optinfo->invflags & IP6T_OPTS_INV_LEN)))); | 93 | !!(optinfo->invflags & IP6T_OPTS_INV_LEN)))); |
100 | 94 | ||
101 | ret = (oh != NULL) && | 95 | ret = (oh != NULL) && |
102 | (!(optinfo->flags & IP6T_OPTS_LEN) || | 96 | (!(optinfo->flags & IP6T_OPTS_LEN) || |
@@ -108,10 +102,10 @@ match(const struct sk_buff *skb, | |||
108 | if (!(optinfo->flags & IP6T_OPTS_OPTS)) { | 102 | if (!(optinfo->flags & IP6T_OPTS_OPTS)) { |
109 | return ret; | 103 | return ret; |
110 | } else if (optinfo->flags & IP6T_OPTS_NSTRICT) { | 104 | } else if (optinfo->flags & IP6T_OPTS_NSTRICT) { |
111 | DEBUGP("Not strict - not implemented"); | 105 | pr_debug("Not strict - not implemented"); |
112 | } else { | 106 | } else { |
113 | DEBUGP("Strict "); | 107 | pr_debug("Strict "); |
114 | DEBUGP("#%d ", optinfo->optsnr); | 108 | pr_debug("#%d ", optinfo->optsnr); |
115 | for (temp = 0; temp < optinfo->optsnr; temp++) { | 109 | for (temp = 0; temp < optinfo->optsnr; temp++) { |
116 | /* type field exists ? */ | 110 | /* type field exists ? */ |
117 | if (hdrlen < 1) | 111 | if (hdrlen < 1) |
@@ -123,12 +117,11 @@ match(const struct sk_buff *skb, | |||
123 | 117 | ||
124 | /* Type check */ | 118 | /* Type check */ |
125 | if (*tp != (optinfo->opts[temp] & 0xFF00) >> 8) { | 119 | if (*tp != (optinfo->opts[temp] & 0xFF00) >> 8) { |
126 | DEBUGP("Tbad %02X %02X\n", | 120 | pr_debug("Tbad %02X %02X\n", *tp, |
127 | *tp, | 121 | (optinfo->opts[temp] & 0xFF00) >> 8); |
128 | (optinfo->opts[temp] & 0xFF00) >> 8); | ||
129 | return false; | 122 | return false; |
130 | } else { | 123 | } else { |
131 | DEBUGP("Tok "); | 124 | pr_debug("Tok "); |
132 | } | 125 | } |
133 | /* Length check */ | 126 | /* Length check */ |
134 | if (*tp) { | 127 | if (*tp) { |
@@ -145,23 +138,23 @@ match(const struct sk_buff *skb, | |||
145 | spec_len = optinfo->opts[temp] & 0x00FF; | 138 | spec_len = optinfo->opts[temp] & 0x00FF; |
146 | 139 | ||
147 | if (spec_len != 0x00FF && spec_len != *lp) { | 140 | if (spec_len != 0x00FF && spec_len != *lp) { |
148 | DEBUGP("Lbad %02X %04X\n", *lp, | 141 | pr_debug("Lbad %02X %04X\n", *lp, |
149 | spec_len); | 142 | spec_len); |
150 | return false; | 143 | return false; |
151 | } | 144 | } |
152 | DEBUGP("Lok "); | 145 | pr_debug("Lok "); |
153 | optlen = *lp + 2; | 146 | optlen = *lp + 2; |
154 | } else { | 147 | } else { |
155 | DEBUGP("Pad1\n"); | 148 | pr_debug("Pad1\n"); |
156 | optlen = 1; | 149 | optlen = 1; |
157 | } | 150 | } |
158 | 151 | ||
159 | /* Step to the next */ | 152 | /* Step to the next */ |
160 | DEBUGP("len%04X \n", optlen); | 153 | pr_debug("len%04X \n", optlen); |
161 | 154 | ||
162 | if ((ptr > skb->len - optlen || hdrlen < optlen) && | 155 | if ((ptr > skb->len - optlen || hdrlen < optlen) && |
163 | temp < optinfo->optsnr - 1) { | 156 | temp < optinfo->optsnr - 1) { |
164 | DEBUGP("new pointer is too large! \n"); | 157 | pr_debug("new pointer is too large! \n"); |
165 | break; | 158 | break; |
166 | } | 159 | } |
167 | ptr += optlen; | 160 | ptr += optlen; |
@@ -187,7 +180,7 @@ checkentry(const char *tablename, | |||
187 | const struct ip6t_opts *optsinfo = matchinfo; | 180 | const struct ip6t_opts *optsinfo = matchinfo; |
188 | 181 | ||
189 | if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) { | 182 | if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) { |
190 | DEBUGP("ip6t_opts: unknown flags %X\n", optsinfo->invflags); | 183 | pr_debug("ip6t_opts: unknown flags %X\n", optsinfo->invflags); |
191 | return false; | 184 | return false; |
192 | } | 185 | } |
193 | return true; | 186 | return true; |
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c index 549deea26418..357cea703bd9 100644 --- a/net/ipv6/netfilter/ip6t_rt.c +++ b/net/ipv6/netfilter/ip6t_rt.c | |||
@@ -24,21 +24,15 @@ MODULE_LICENSE("GPL"); | |||
24 | MODULE_DESCRIPTION("IPv6 RT match"); | 24 | MODULE_DESCRIPTION("IPv6 RT match"); |
25 | MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); | 25 | MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); |
26 | 26 | ||
27 | #if 0 | ||
28 | #define DEBUGP printk | ||
29 | #else | ||
30 | #define DEBUGP(format, args...) | ||
31 | #endif | ||
32 | |||
33 | /* Returns 1 if the id is matched by the range, 0 otherwise */ | 27 | /* Returns 1 if the id is matched by the range, 0 otherwise */ |
34 | static inline bool | 28 | static inline bool |
35 | segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert) | 29 | segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert) |
36 | { | 30 | { |
37 | bool r; | 31 | bool r; |
38 | DEBUGP("rt segsleft_match:%c 0x%x <= 0x%x <= 0x%x", | 32 | pr_debug("rt segsleft_match:%c 0x%x <= 0x%x <= 0x%x", |
39 | invert ? '!' : ' ', min, id, max); | 33 | invert ? '!' : ' ', min, id, max); |
40 | r = (id >= min && id <= max) ^ invert; | 34 | r = (id >= min && id <= max) ^ invert; |
41 | DEBUGP(" result %s\n", r ? "PASS" : "FAILED"); | 35 | pr_debug(" result %s\n", r ? "PASS" : "FAILED"); |
42 | return r; | 36 | return r; |
43 | } | 37 | } |
44 | 38 | ||
@@ -82,29 +76,29 @@ match(const struct sk_buff *skb, | |||
82 | return false; | 76 | return false; |
83 | } | 77 | } |
84 | 78 | ||
85 | DEBUGP("IPv6 RT LEN %u %u ", hdrlen, rh->hdrlen); | 79 | pr_debug("IPv6 RT LEN %u %u ", hdrlen, rh->hdrlen); |
86 | DEBUGP("TYPE %04X ", rh->type); | 80 | pr_debug("TYPE %04X ", rh->type); |
87 | DEBUGP("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left); | 81 | pr_debug("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left); |
88 | 82 | ||
89 | DEBUGP("IPv6 RT segsleft %02X ", | 83 | pr_debug("IPv6 RT segsleft %02X ", |
90 | segsleft_match(rtinfo->segsleft[0], rtinfo->segsleft[1], | 84 | segsleft_match(rtinfo->segsleft[0], rtinfo->segsleft[1], |
91 | rh->segments_left, | 85 | rh->segments_left, |
92 | !!(rtinfo->invflags & IP6T_RT_INV_SGS))); | 86 | !!(rtinfo->invflags & IP6T_RT_INV_SGS))); |
93 | DEBUGP("type %02X %02X %02X ", | 87 | pr_debug("type %02X %02X %02X ", |
94 | rtinfo->rt_type, rh->type, | 88 | rtinfo->rt_type, rh->type, |
95 | (!(rtinfo->flags & IP6T_RT_TYP) || | 89 | (!(rtinfo->flags & IP6T_RT_TYP) || |
96 | ((rtinfo->rt_type == rh->type) ^ | 90 | ((rtinfo->rt_type == rh->type) ^ |
97 | !!(rtinfo->invflags & IP6T_RT_INV_TYP)))); | 91 | !!(rtinfo->invflags & IP6T_RT_INV_TYP)))); |
98 | DEBUGP("len %02X %04X %02X ", | 92 | pr_debug("len %02X %04X %02X ", |
99 | rtinfo->hdrlen, hdrlen, | 93 | rtinfo->hdrlen, hdrlen, |
100 | !(rtinfo->flags & IP6T_RT_LEN) || | 94 | !(rtinfo->flags & IP6T_RT_LEN) || |
101 | ((rtinfo->hdrlen == hdrlen) ^ | 95 | ((rtinfo->hdrlen == hdrlen) ^ |
102 | !!(rtinfo->invflags & IP6T_RT_INV_LEN))); | 96 | !!(rtinfo->invflags & IP6T_RT_INV_LEN))); |
103 | DEBUGP("res %02X %02X %02X ", | 97 | pr_debug("res %02X %02X %02X ", |
104 | rtinfo->flags & IP6T_RT_RES, | 98 | rtinfo->flags & IP6T_RT_RES, |
105 | ((const struct rt0_hdr *)rh)->reserved, | 99 | ((const struct rt0_hdr *)rh)->reserved, |
106 | !((rtinfo->flags & IP6T_RT_RES) && | 100 | !((rtinfo->flags & IP6T_RT_RES) && |
107 | (((const struct rt0_hdr *)rh)->reserved))); | 101 | (((const struct rt0_hdr *)rh)->reserved))); |
108 | 102 | ||
109 | ret = (rh != NULL) | 103 | ret = (rh != NULL) |
110 | && | 104 | && |
@@ -131,18 +125,18 @@ match(const struct sk_buff *skb, | |||
131 | ret = (*rp == 0); | 125 | ret = (*rp == 0); |
132 | } | 126 | } |
133 | 127 | ||
134 | DEBUGP("#%d ", rtinfo->addrnr); | 128 | pr_debug("#%d ", rtinfo->addrnr); |
135 | if (!(rtinfo->flags & IP6T_RT_FST)) { | 129 | if (!(rtinfo->flags & IP6T_RT_FST)) { |
136 | return ret; | 130 | return ret; |
137 | } else if (rtinfo->flags & IP6T_RT_FST_NSTRICT) { | 131 | } else if (rtinfo->flags & IP6T_RT_FST_NSTRICT) { |
138 | DEBUGP("Not strict "); | 132 | pr_debug("Not strict "); |
139 | if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) { | 133 | if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) { |
140 | DEBUGP("There isn't enough space\n"); | 134 | pr_debug("There isn't enough space\n"); |
141 | return false; | 135 | return false; |
142 | } else { | 136 | } else { |
143 | unsigned int i = 0; | 137 | unsigned int i = 0; |
144 | 138 | ||
145 | DEBUGP("#%d ", rtinfo->addrnr); | 139 | pr_debug("#%d ", rtinfo->addrnr); |
146 | for (temp = 0; | 140 | for (temp = 0; |
147 | temp < (unsigned int)((hdrlen - 8) / 16); | 141 | temp < (unsigned int)((hdrlen - 8) / 16); |
148 | temp++) { | 142 | temp++) { |
@@ -156,25 +150,25 @@ match(const struct sk_buff *skb, | |||
156 | BUG_ON(ap == NULL); | 150 | BUG_ON(ap == NULL); |
157 | 151 | ||
158 | if (ipv6_addr_equal(ap, &rtinfo->addrs[i])) { | 152 | if (ipv6_addr_equal(ap, &rtinfo->addrs[i])) { |
159 | DEBUGP("i=%d temp=%d;\n", i, temp); | 153 | pr_debug("i=%d temp=%d;\n", i, temp); |
160 | i++; | 154 | i++; |
161 | } | 155 | } |
162 | if (i == rtinfo->addrnr) | 156 | if (i == rtinfo->addrnr) |
163 | break; | 157 | break; |
164 | } | 158 | } |
165 | DEBUGP("i=%d #%d\n", i, rtinfo->addrnr); | 159 | pr_debug("i=%d #%d\n", i, rtinfo->addrnr); |
166 | if (i == rtinfo->addrnr) | 160 | if (i == rtinfo->addrnr) |
167 | return ret; | 161 | return ret; |
168 | else | 162 | else |
169 | return false; | 163 | return false; |
170 | } | 164 | } |
171 | } else { | 165 | } else { |
172 | DEBUGP("Strict "); | 166 | pr_debug("Strict "); |
173 | if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) { | 167 | if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) { |
174 | DEBUGP("There isn't enough space\n"); | 168 | pr_debug("There isn't enough space\n"); |
175 | return false; | 169 | return false; |
176 | } else { | 170 | } else { |
177 | DEBUGP("#%d ", rtinfo->addrnr); | 171 | pr_debug("#%d ", rtinfo->addrnr); |
178 | for (temp = 0; temp < rtinfo->addrnr; temp++) { | 172 | for (temp = 0; temp < rtinfo->addrnr; temp++) { |
179 | ap = skb_header_pointer(skb, | 173 | ap = skb_header_pointer(skb, |
180 | ptr | 174 | ptr |
@@ -187,7 +181,7 @@ match(const struct sk_buff *skb, | |||
187 | if (!ipv6_addr_equal(ap, &rtinfo->addrs[temp])) | 181 | if (!ipv6_addr_equal(ap, &rtinfo->addrs[temp])) |
188 | break; | 182 | break; |
189 | } | 183 | } |
190 | DEBUGP("temp=%d #%d\n", temp, rtinfo->addrnr); | 184 | pr_debug("temp=%d #%d\n", temp, rtinfo->addrnr); |
191 | if (temp == rtinfo->addrnr && | 185 | if (temp == rtinfo->addrnr && |
192 | temp == (unsigned int)((hdrlen - 8) / 16)) | 186 | temp == (unsigned int)((hdrlen - 8) / 16)) |
193 | return ret; | 187 | return ret; |
@@ -210,14 +204,14 @@ checkentry(const char *tablename, | |||
210 | const struct ip6t_rt *rtinfo = matchinfo; | 204 | const struct ip6t_rt *rtinfo = matchinfo; |
211 | 205 | ||
212 | if (rtinfo->invflags & ~IP6T_RT_INV_MASK) { | 206 | if (rtinfo->invflags & ~IP6T_RT_INV_MASK) { |
213 | DEBUGP("ip6t_rt: unknown flags %X\n", rtinfo->invflags); | 207 | pr_debug("ip6t_rt: unknown flags %X\n", rtinfo->invflags); |
214 | return false; | 208 | return false; |
215 | } | 209 | } |
216 | if ((rtinfo->flags & (IP6T_RT_RES | IP6T_RT_FST_MASK)) && | 210 | if ((rtinfo->flags & (IP6T_RT_RES | IP6T_RT_FST_MASK)) && |
217 | (!(rtinfo->flags & IP6T_RT_TYP) || | 211 | (!(rtinfo->flags & IP6T_RT_TYP) || |
218 | (rtinfo->rt_type != 0) || | 212 | (rtinfo->rt_type != 0) || |
219 | (rtinfo->invflags & IP6T_RT_INV_TYP))) { | 213 | (rtinfo->invflags & IP6T_RT_INV_TYP))) { |
220 | DEBUGP("`--rt-type 0' required before `--rt-0-*'"); | 214 | pr_debug("`--rt-type 0' required before `--rt-0-*'"); |
221 | return false; | 215 | return false; |
222 | } | 216 | } |
223 | 217 | ||
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index f2d26495f413..f0a9efa67fb5 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
@@ -21,12 +21,6 @@ MODULE_DESCRIPTION("ip6tables mangle table"); | |||
21 | (1 << NF_IP6_LOCAL_OUT) | \ | 21 | (1 << NF_IP6_LOCAL_OUT) | \ |
22 | (1 << NF_IP6_POST_ROUTING)) | 22 | (1 << NF_IP6_POST_ROUTING)) |
23 | 23 | ||
24 | #if 0 | ||
25 | #define DEBUGP(x, args...) printk(KERN_DEBUG x, ## args) | ||
26 | #else | ||
27 | #define DEBUGP(x, args...) | ||
28 | #endif | ||
29 | |||
30 | static struct | 24 | static struct |
31 | { | 25 | { |
32 | struct ip6t_replace repl; | 26 | struct ip6t_replace repl; |
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index 0acda45d455d..ec290e4ebdd8 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c | |||
@@ -8,12 +8,6 @@ | |||
8 | 8 | ||
9 | #define RAW_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_OUT)) | 9 | #define RAW_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_OUT)) |
10 | 10 | ||
11 | #if 0 | ||
12 | #define DEBUGP(x, args...) printk(KERN_DEBUG x, ## args) | ||
13 | #else | ||
14 | #define DEBUGP(x, args...) | ||
15 | #endif | ||
16 | |||
17 | static struct | 11 | static struct |
18 | { | 12 | { |
19 | struct ip6t_replace repl; | 13 | struct ip6t_replace repl; |
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index 747b01e53132..89e20ab494b8 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | |||
@@ -26,12 +26,6 @@ | |||
26 | #include <net/netfilter/nf_conntrack_l3proto.h> | 26 | #include <net/netfilter/nf_conntrack_l3proto.h> |
27 | #include <net/netfilter/nf_conntrack_core.h> | 27 | #include <net/netfilter/nf_conntrack_core.h> |
28 | 28 | ||
29 | #if 0 | ||
30 | #define DEBUGP printk | ||
31 | #else | ||
32 | #define DEBUGP(format, args...) | ||
33 | #endif | ||
34 | |||
35 | static int ipv6_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff, | 29 | static int ipv6_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff, |
36 | struct nf_conntrack_tuple *tuple) | 30 | struct nf_conntrack_tuple *tuple) |
37 | { | 31 | { |
@@ -136,7 +130,7 @@ ipv6_prepare(struct sk_buff **pskb, unsigned int hooknum, unsigned int *dataoff, | |||
136 | * except of IPv6 & ext headers. but it's tracked anyway. - YK | 130 | * except of IPv6 & ext headers. but it's tracked anyway. - YK |
137 | */ | 131 | */ |
138 | if ((protoff < 0) || (protoff > (*pskb)->len)) { | 132 | if ((protoff < 0) || (protoff > (*pskb)->len)) { |
139 | DEBUGP("ip6_conntrack_core: can't find proto in pkt\n"); | 133 | pr_debug("ip6_conntrack_core: can't find proto in pkt\n"); |
140 | NF_CT_STAT_INC_ATOMIC(error); | 134 | NF_CT_STAT_INC_ATOMIC(error); |
141 | NF_CT_STAT_INC_ATOMIC(invalid); | 135 | NF_CT_STAT_INC_ATOMIC(invalid); |
142 | return -NF_ACCEPT; | 136 | return -NF_ACCEPT; |
@@ -178,7 +172,7 @@ static unsigned int ipv6_confirm(unsigned int hooknum, | |||
178 | protoff = nf_ct_ipv6_skip_exthdr(*pskb, extoff, &pnum, | 172 | protoff = nf_ct_ipv6_skip_exthdr(*pskb, extoff, &pnum, |
179 | (*pskb)->len - extoff); | 173 | (*pskb)->len - extoff); |
180 | if (protoff > (*pskb)->len || pnum == NEXTHDR_FRAGMENT) { | 174 | if (protoff > (*pskb)->len || pnum == NEXTHDR_FRAGMENT) { |
181 | DEBUGP("proto header not found\n"); | 175 | pr_debug("proto header not found\n"); |
182 | return NF_ACCEPT; | 176 | return NF_ACCEPT; |
183 | } | 177 | } |
184 | 178 | ||
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c index a514661d25dd..9defc7e14554 100644 --- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c +++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | |||
@@ -27,12 +27,6 @@ | |||
27 | 27 | ||
28 | static unsigned long nf_ct_icmpv6_timeout __read_mostly = 30*HZ; | 28 | static unsigned long nf_ct_icmpv6_timeout __read_mostly = 30*HZ; |
29 | 29 | ||
30 | #if 0 | ||
31 | #define DEBUGP printk | ||
32 | #else | ||
33 | #define DEBUGP(format, args...) | ||
34 | #endif | ||
35 | |||
36 | static int icmpv6_pkt_to_tuple(const struct sk_buff *skb, | 30 | static int icmpv6_pkt_to_tuple(const struct sk_buff *skb, |
37 | unsigned int dataoff, | 31 | unsigned int dataoff, |
38 | struct nf_conntrack_tuple *tuple) | 32 | struct nf_conntrack_tuple *tuple) |
@@ -125,8 +119,8 @@ static int icmpv6_new(struct nf_conn *conntrack, | |||
125 | 119 | ||
126 | if (type < 0 || type >= sizeof(valid_new) || !valid_new[type]) { | 120 | if (type < 0 || type >= sizeof(valid_new) || !valid_new[type]) { |
127 | /* Can't create a new ICMPv6 `conn' with this. */ | 121 | /* Can't create a new ICMPv6 `conn' with this. */ |
128 | DEBUGP("icmpv6: can't create new conn with type %u\n", | 122 | pr_debug("icmpv6: can't create new conn with type %u\n", |
129 | type + 128); | 123 | type + 128); |
130 | NF_CT_DUMP_TUPLE(&conntrack->tuplehash[0].tuple); | 124 | NF_CT_DUMP_TUPLE(&conntrack->tuplehash[0].tuple); |
131 | return 0; | 125 | return 0; |
132 | } | 126 | } |
@@ -152,14 +146,15 @@ icmpv6_error_message(struct sk_buff *skb, | |||
152 | 146 | ||
153 | hp = skb_header_pointer(skb, icmp6off, sizeof(_hdr), &_hdr); | 147 | hp = skb_header_pointer(skb, icmp6off, sizeof(_hdr), &_hdr); |
154 | if (hp == NULL) { | 148 | if (hp == NULL) { |
155 | DEBUGP("icmpv6_error: Can't get ICMPv6 hdr.\n"); | 149 | pr_debug("icmpv6_error: Can't get ICMPv6 hdr.\n"); |
156 | return -NF_ACCEPT; | 150 | return -NF_ACCEPT; |
157 | } | 151 | } |
158 | 152 | ||
159 | inip6off = icmp6off + sizeof(_hdr); | 153 | inip6off = icmp6off + sizeof(_hdr); |
160 | if (skb_copy_bits(skb, inip6off+offsetof(struct ipv6hdr, nexthdr), | 154 | if (skb_copy_bits(skb, inip6off+offsetof(struct ipv6hdr, nexthdr), |
161 | &inprotonum, sizeof(inprotonum)) != 0) { | 155 | &inprotonum, sizeof(inprotonum)) != 0) { |
162 | DEBUGP("icmpv6_error: Can't get nexthdr in inner IPv6 header.\n"); | 156 | pr_debug("icmpv6_error: Can't get nexthdr in inner IPv6 " |
157 | "header.\n"); | ||
163 | return -NF_ACCEPT; | 158 | return -NF_ACCEPT; |
164 | } | 159 | } |
165 | inprotoff = nf_ct_ipv6_skip_exthdr(skb, | 160 | inprotoff = nf_ct_ipv6_skip_exthdr(skb, |
@@ -169,7 +164,8 @@ icmpv6_error_message(struct sk_buff *skb, | |||
169 | - sizeof(struct ipv6hdr)); | 164 | - sizeof(struct ipv6hdr)); |
170 | 165 | ||
171 | if ((inprotoff > skb->len) || (inprotonum == NEXTHDR_FRAGMENT)) { | 166 | if ((inprotoff > skb->len) || (inprotonum == NEXTHDR_FRAGMENT)) { |
172 | DEBUGP("icmpv6_error: Can't get protocol header in ICMPv6 payload.\n"); | 167 | pr_debug("icmpv6_error: Can't get protocol header in ICMPv6 " |
168 | "payload.\n"); | ||
173 | return -NF_ACCEPT; | 169 | return -NF_ACCEPT; |
174 | } | 170 | } |
175 | 171 | ||
@@ -179,7 +175,7 @@ icmpv6_error_message(struct sk_buff *skb, | |||
179 | /* Are they talking about one of our connections? */ | 175 | /* Are they talking about one of our connections? */ |
180 | if (!nf_ct_get_tuple(skb, inip6off, inprotoff, PF_INET6, inprotonum, | 176 | if (!nf_ct_get_tuple(skb, inip6off, inprotoff, PF_INET6, inprotonum, |
181 | &origtuple, &nf_conntrack_l3proto_ipv6, inproto)) { | 177 | &origtuple, &nf_conntrack_l3proto_ipv6, inproto)) { |
182 | DEBUGP("icmpv6_error: Can't get tuple\n"); | 178 | pr_debug("icmpv6_error: Can't get tuple\n"); |
183 | return -NF_ACCEPT; | 179 | return -NF_ACCEPT; |
184 | } | 180 | } |
185 | 181 | ||
@@ -187,7 +183,7 @@ icmpv6_error_message(struct sk_buff *skb, | |||
187 | been preserved inside the ICMP. */ | 183 | been preserved inside the ICMP. */ |
188 | if (!nf_ct_invert_tuple(&intuple, &origtuple, | 184 | if (!nf_ct_invert_tuple(&intuple, &origtuple, |
189 | &nf_conntrack_l3proto_ipv6, inproto)) { | 185 | &nf_conntrack_l3proto_ipv6, inproto)) { |
190 | DEBUGP("icmpv6_error: Can't invert tuple\n"); | 186 | pr_debug("icmpv6_error: Can't invert tuple\n"); |
191 | return -NF_ACCEPT; | 187 | return -NF_ACCEPT; |
192 | } | 188 | } |
193 | 189 | ||
@@ -195,7 +191,7 @@ icmpv6_error_message(struct sk_buff *skb, | |||
195 | 191 | ||
196 | h = nf_conntrack_find_get(&intuple); | 192 | h = nf_conntrack_find_get(&intuple); |
197 | if (!h) { | 193 | if (!h) { |
198 | DEBUGP("icmpv6_error: no match\n"); | 194 | pr_debug("icmpv6_error: no match\n"); |
199 | return -NF_ACCEPT; | 195 | return -NF_ACCEPT; |
200 | } else { | 196 | } else { |
201 | if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY) | 197 | if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY) |
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index 347ab7608231..25442a8c1ba8 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c | |||
@@ -44,12 +44,6 @@ | |||
44 | #include <linux/kernel.h> | 44 | #include <linux/kernel.h> |
45 | #include <linux/module.h> | 45 | #include <linux/module.h> |
46 | 46 | ||
47 | #if 0 | ||
48 | #define DEBUGP printk | ||
49 | #else | ||
50 | #define DEBUGP(format, args...) | ||
51 | #endif | ||
52 | |||
53 | #define NF_CT_FRAG6_HIGH_THRESH 262144 /* == 256*1024 */ | 47 | #define NF_CT_FRAG6_HIGH_THRESH 262144 /* == 256*1024 */ |
54 | #define NF_CT_FRAG6_LOW_THRESH 196608 /* == 192*1024 */ | 48 | #define NF_CT_FRAG6_LOW_THRESH 196608 /* == 192*1024 */ |
55 | #define NF_CT_FRAG6_TIMEOUT IPV6_FRAG_TIMEOUT | 49 | #define NF_CT_FRAG6_TIMEOUT IPV6_FRAG_TIMEOUT |
@@ -343,7 +337,7 @@ nf_ct_frag6_create(unsigned int hash, __be32 id, struct in6_addr *src, str | |||
343 | struct nf_ct_frag6_queue *fq; | 337 | struct nf_ct_frag6_queue *fq; |
344 | 338 | ||
345 | if ((fq = frag_alloc_queue()) == NULL) { | 339 | if ((fq = frag_alloc_queue()) == NULL) { |
346 | DEBUGP("Can't alloc new queue\n"); | 340 | pr_debug("Can't alloc new queue\n"); |
347 | goto oom; | 341 | goto oom; |
348 | } | 342 | } |
349 | 343 | ||
@@ -393,7 +387,7 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, | |||
393 | int offset, end; | 387 | int offset, end; |
394 | 388 | ||
395 | if (fq->last_in & COMPLETE) { | 389 | if (fq->last_in & COMPLETE) { |
396 | DEBUGP("Allready completed\n"); | 390 | pr_debug("Allready completed\n"); |
397 | goto err; | 391 | goto err; |
398 | } | 392 | } |
399 | 393 | ||
@@ -402,7 +396,7 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, | |||
402 | ((u8 *)(fhdr + 1) - (u8 *)(ipv6_hdr(skb) + 1))); | 396 | ((u8 *)(fhdr + 1) - (u8 *)(ipv6_hdr(skb) + 1))); |
403 | 397 | ||
404 | if ((unsigned int)end > IPV6_MAXPLEN) { | 398 | if ((unsigned int)end > IPV6_MAXPLEN) { |
405 | DEBUGP("offset is too large.\n"); | 399 | pr_debug("offset is too large.\n"); |
406 | return -1; | 400 | return -1; |
407 | } | 401 | } |
408 | 402 | ||
@@ -420,7 +414,7 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, | |||
420 | */ | 414 | */ |
421 | if (end < fq->len || | 415 | if (end < fq->len || |
422 | ((fq->last_in & LAST_IN) && end != fq->len)) { | 416 | ((fq->last_in & LAST_IN) && end != fq->len)) { |
423 | DEBUGP("already received last fragment\n"); | 417 | pr_debug("already received last fragment\n"); |
424 | goto err; | 418 | goto err; |
425 | } | 419 | } |
426 | fq->last_in |= LAST_IN; | 420 | fq->last_in |= LAST_IN; |
@@ -433,13 +427,13 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, | |||
433 | /* RFC2460 says always send parameter problem in | 427 | /* RFC2460 says always send parameter problem in |
434 | * this case. -DaveM | 428 | * this case. -DaveM |
435 | */ | 429 | */ |
436 | DEBUGP("the end of this fragment is not rounded to 8 bytes.\n"); | 430 | pr_debug("end of fragment not rounded to 8 bytes.\n"); |
437 | return -1; | 431 | return -1; |
438 | } | 432 | } |
439 | if (end > fq->len) { | 433 | if (end > fq->len) { |
440 | /* Some bits beyond end -> corruption. */ | 434 | /* Some bits beyond end -> corruption. */ |
441 | if (fq->last_in & LAST_IN) { | 435 | if (fq->last_in & LAST_IN) { |
442 | DEBUGP("last packet already reached.\n"); | 436 | pr_debug("last packet already reached.\n"); |
443 | goto err; | 437 | goto err; |
444 | } | 438 | } |
445 | fq->len = end; | 439 | fq->len = end; |
@@ -451,11 +445,11 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, | |||
451 | 445 | ||
452 | /* Point into the IP datagram 'data' part. */ | 446 | /* Point into the IP datagram 'data' part. */ |
453 | if (!pskb_pull(skb, (u8 *) (fhdr + 1) - skb->data)) { | 447 | if (!pskb_pull(skb, (u8 *) (fhdr + 1) - skb->data)) { |
454 | DEBUGP("queue: message is too short.\n"); | 448 | pr_debug("queue: message is too short.\n"); |
455 | goto err; | 449 | goto err; |
456 | } | 450 | } |
457 | if (pskb_trim_rcsum(skb, end - offset)) { | 451 | if (pskb_trim_rcsum(skb, end - offset)) { |
458 | DEBUGP("Can't trim\n"); | 452 | pr_debug("Can't trim\n"); |
459 | goto err; | 453 | goto err; |
460 | } | 454 | } |
461 | 455 | ||
@@ -480,11 +474,11 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, | |||
480 | if (i > 0) { | 474 | if (i > 0) { |
481 | offset += i; | 475 | offset += i; |
482 | if (end <= offset) { | 476 | if (end <= offset) { |
483 | DEBUGP("overlap\n"); | 477 | pr_debug("overlap\n"); |
484 | goto err; | 478 | goto err; |
485 | } | 479 | } |
486 | if (!pskb_pull(skb, i)) { | 480 | if (!pskb_pull(skb, i)) { |
487 | DEBUGP("Can't pull\n"); | 481 | pr_debug("Can't pull\n"); |
488 | goto err; | 482 | goto err; |
489 | } | 483 | } |
490 | if (skb->ip_summed != CHECKSUM_UNNECESSARY) | 484 | if (skb->ip_summed != CHECKSUM_UNNECESSARY) |
@@ -503,7 +497,7 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, | |||
503 | /* Eat head of the next overlapped fragment | 497 | /* Eat head of the next overlapped fragment |
504 | * and leave the loop. The next ones cannot overlap. | 498 | * and leave the loop. The next ones cannot overlap. |
505 | */ | 499 | */ |
506 | DEBUGP("Eat head of the overlapped parts.: %d", i); | 500 | pr_debug("Eat head of the overlapped parts.: %d", i); |
507 | if (!pskb_pull(next, i)) | 501 | if (!pskb_pull(next, i)) |
508 | goto err; | 502 | goto err; |
509 | 503 | ||
@@ -586,13 +580,13 @@ nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev) | |||
586 | sizeof(struct ipv6hdr) + fq->len - | 580 | sizeof(struct ipv6hdr) + fq->len - |
587 | sizeof(struct frag_hdr)); | 581 | sizeof(struct frag_hdr)); |
588 | if (payload_len > IPV6_MAXPLEN) { | 582 | if (payload_len > IPV6_MAXPLEN) { |
589 | DEBUGP("payload len is too large.\n"); | 583 | pr_debug("payload len is too large.\n"); |
590 | goto out_oversize; | 584 | goto out_oversize; |
591 | } | 585 | } |
592 | 586 | ||
593 | /* Head of list must not be cloned. */ | 587 | /* Head of list must not be cloned. */ |
594 | if (skb_cloned(head) && pskb_expand_head(head, 0, 0, GFP_ATOMIC)) { | 588 | if (skb_cloned(head) && pskb_expand_head(head, 0, 0, GFP_ATOMIC)) { |
595 | DEBUGP("skb is cloned but can't expand head"); | 589 | pr_debug("skb is cloned but can't expand head"); |
596 | goto out_oom; | 590 | goto out_oom; |
597 | } | 591 | } |
598 | 592 | ||
@@ -604,7 +598,7 @@ nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev) | |||
604 | int i, plen = 0; | 598 | int i, plen = 0; |
605 | 599 | ||
606 | if ((clone = alloc_skb(0, GFP_ATOMIC)) == NULL) { | 600 | if ((clone = alloc_skb(0, GFP_ATOMIC)) == NULL) { |
607 | DEBUGP("Can't alloc skb\n"); | 601 | pr_debug("Can't alloc skb\n"); |
608 | goto out_oom; | 602 | goto out_oom; |
609 | } | 603 | } |
610 | clone->next = head->next; | 604 | clone->next = head->next; |
@@ -719,11 +713,11 @@ find_prev_fhdr(struct sk_buff *skb, u8 *prevhdrp, int *prevhoff, int *fhoff) | |||
719 | return -1; | 713 | return -1; |
720 | } | 714 | } |
721 | if (len < (int)sizeof(struct ipv6_opt_hdr)) { | 715 | if (len < (int)sizeof(struct ipv6_opt_hdr)) { |
722 | DEBUGP("too short\n"); | 716 | pr_debug("too short\n"); |
723 | return -1; | 717 | return -1; |
724 | } | 718 | } |
725 | if (nexthdr == NEXTHDR_NONE) { | 719 | if (nexthdr == NEXTHDR_NONE) { |
726 | DEBUGP("next header is none\n"); | 720 | pr_debug("next header is none\n"); |
727 | return -1; | 721 | return -1; |
728 | } | 722 | } |
729 | if (skb_copy_bits(skb, start, &hdr, sizeof(hdr))) | 723 | if (skb_copy_bits(skb, start, &hdr, sizeof(hdr))) |
@@ -764,7 +758,7 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb) | |||
764 | 758 | ||
765 | /* Jumbo payload inhibits frag. header */ | 759 | /* Jumbo payload inhibits frag. header */ |
766 | if (ipv6_hdr(skb)->payload_len == 0) { | 760 | if (ipv6_hdr(skb)->payload_len == 0) { |
767 | DEBUGP("payload len = 0\n"); | 761 | pr_debug("payload len = 0\n"); |
768 | return skb; | 762 | return skb; |
769 | } | 763 | } |
770 | 764 | ||
@@ -773,14 +767,14 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb) | |||
773 | 767 | ||
774 | clone = skb_clone(skb, GFP_ATOMIC); | 768 | clone = skb_clone(skb, GFP_ATOMIC); |
775 | if (clone == NULL) { | 769 | if (clone == NULL) { |
776 | DEBUGP("Can't clone skb\n"); | 770 | pr_debug("Can't clone skb\n"); |
777 | return skb; | 771 | return skb; |
778 | } | 772 | } |
779 | 773 | ||
780 | NFCT_FRAG6_CB(clone)->orig = skb; | 774 | NFCT_FRAG6_CB(clone)->orig = skb; |
781 | 775 | ||
782 | if (!pskb_may_pull(clone, fhoff + sizeof(*fhdr))) { | 776 | if (!pskb_may_pull(clone, fhoff + sizeof(*fhdr))) { |
783 | DEBUGP("message is too short.\n"); | 777 | pr_debug("message is too short.\n"); |
784 | goto ret_orig; | 778 | goto ret_orig; |
785 | } | 779 | } |
786 | 780 | ||
@@ -789,7 +783,7 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb) | |||
789 | fhdr = (struct frag_hdr *)skb_transport_header(clone); | 783 | fhdr = (struct frag_hdr *)skb_transport_header(clone); |
790 | 784 | ||
791 | if (!(fhdr->frag_off & htons(0xFFF9))) { | 785 | if (!(fhdr->frag_off & htons(0xFFF9))) { |
792 | DEBUGP("Invalid fragment offset\n"); | 786 | pr_debug("Invalid fragment offset\n"); |
793 | /* It is not a fragmented frame */ | 787 | /* It is not a fragmented frame */ |
794 | goto ret_orig; | 788 | goto ret_orig; |
795 | } | 789 | } |
@@ -799,7 +793,7 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb) | |||
799 | 793 | ||
800 | fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr); | 794 | fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr); |
801 | if (fq == NULL) { | 795 | if (fq == NULL) { |
802 | DEBUGP("Can't find and can't create new queue\n"); | 796 | pr_debug("Can't find and can't create new queue\n"); |
803 | goto ret_orig; | 797 | goto ret_orig; |
804 | } | 798 | } |
805 | 799 | ||
@@ -807,7 +801,7 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb) | |||
807 | 801 | ||
808 | if (nf_ct_frag6_queue(fq, clone, fhdr, nhoff) < 0) { | 802 | if (nf_ct_frag6_queue(fq, clone, fhdr, nhoff) < 0) { |
809 | spin_unlock(&fq->lock); | 803 | spin_unlock(&fq->lock); |
810 | DEBUGP("Can't insert skb to queue\n"); | 804 | pr_debug("Can't insert skb to queue\n"); |
811 | fq_put(fq, NULL); | 805 | fq_put(fq, NULL); |
812 | goto ret_orig; | 806 | goto ret_orig; |
813 | } | 807 | } |
@@ -815,7 +809,7 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb) | |||
815 | if (fq->last_in == (FIRST_IN|LAST_IN) && fq->meat == fq->len) { | 809 | if (fq->last_in == (FIRST_IN|LAST_IN) && fq->meat == fq->len) { |
816 | ret_skb = nf_ct_frag6_reasm(fq, dev); | 810 | ret_skb = nf_ct_frag6_reasm(fq, dev); |
817 | if (ret_skb == NULL) | 811 | if (ret_skb == NULL) |
818 | DEBUGP("Can't reassemble fragmented packets\n"); | 812 | pr_debug("Can't reassemble fragmented packets\n"); |
819 | } | 813 | } |
820 | spin_unlock(&fq->lock); | 814 | spin_unlock(&fq->lock); |
821 | 815 | ||