Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
linux
Commits
bb70dfa5
Commit
bb70dfa5
authored
Apr 15, 2009
by
Jan Engelhardt
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
netfilter: xtables: consolidate comefrom debug cast access
Signed-off-by:
Jan Engelhardt
<
jengelh@medozas.de
>
parent
7a6b1c46
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
17 additions
and
9 deletions
+17
-9
net/ipv4/netfilter/ip_tables.c
net/ipv4/netfilter/ip_tables.c
+9
-4
net/ipv6/netfilter/ip6_tables.c
net/ipv6/netfilter/ip6_tables.c
+8
-5
No files found.
net/ipv4/netfilter/ip_tables.c
View file @
bb70dfa5
...
@@ -311,6 +311,8 @@ ipt_do_table(struct sk_buff *skb,
...
@@ -311,6 +311,8 @@ ipt_do_table(struct sk_buff *skb,
const
struct
net_device
*
out
,
const
struct
net_device
*
out
,
struct
xt_table
*
table
)
struct
xt_table
*
table
)
{
{
#define tb_comefrom ((struct ipt_entry *)table_base)->comefrom
static
const
char
nulldevname
[
IFNAMSIZ
]
__attribute__
((
aligned
(
sizeof
(
long
))));
static
const
char
nulldevname
[
IFNAMSIZ
]
__attribute__
((
aligned
(
sizeof
(
long
))));
const
struct
iphdr
*
ip
;
const
struct
iphdr
*
ip
;
u_int16_t
datalen
;
u_int16_t
datalen
;
...
@@ -409,18 +411,19 @@ ipt_do_table(struct sk_buff *skb,
...
@@ -409,18 +411,19 @@ ipt_do_table(struct sk_buff *skb,
abs. verdicts */
abs. verdicts */
tgpar
.
target
=
t
->
u
.
kernel
.
target
;
tgpar
.
target
=
t
->
u
.
kernel
.
target
;
tgpar
.
targinfo
=
t
->
data
;
tgpar
.
targinfo
=
t
->
data
;
#ifdef CONFIG_NETFILTER_DEBUG
#ifdef CONFIG_NETFILTER_DEBUG
((
struct
ipt_entry
*
)
table_base
)
->
comefrom
=
0xeeeeeeec
;
tb_
comefrom
=
0xeeeeeeec
;
#endif
#endif
verdict
=
t
->
u
.
kernel
.
target
->
target
(
skb
,
&
tgpar
);
verdict
=
t
->
u
.
kernel
.
target
->
target
(
skb
,
&
tgpar
);
#ifdef CONFIG_NETFILTER_DEBUG
#ifdef CONFIG_NETFILTER_DEBUG
if
(((
struct
ipt_entry
*
)
table_base
)
->
comefrom
!=
0xeeeeeeec
&&
if
(
comefrom
!=
0xeeeeeeec
&&
verdict
==
IPT_CONTINUE
)
{
verdict
==
IPT_CONTINUE
)
{
printk
(
"Target %s reentered!
\n
"
,
printk
(
"Target %s reentered!
\n
"
,
t
->
u
.
kernel
.
target
->
name
);
t
->
u
.
kernel
.
target
->
name
);
verdict
=
NF_DROP
;
verdict
=
NF_DROP
;
}
}
((
struct
ipt_entry
*
)
table_base
)
->
comefrom
=
0x57acc001
;
tb_
comefrom
=
0x57acc001
;
#endif
#endif
/* Target might have changed stuff. */
/* Target might have changed stuff. */
ip
=
ip_hdr
(
skb
);
ip
=
ip_hdr
(
skb
);
...
@@ -441,6 +444,8 @@ ipt_do_table(struct sk_buff *skb,
...
@@ -441,6 +444,8 @@ ipt_do_table(struct sk_buff *skb,
return
NF_DROP
;
return
NF_DROP
;
else
return
verdict
;
else
return
verdict
;
#endif
#endif
#undef tb_comefrom
}
}
/* Figures out from what hook each rule can be called: returns 0 if
/* Figures out from what hook each rule can be called: returns 0 if
...
...
net/ipv6/netfilter/ip6_tables.c
View file @
bb70dfa5
...
@@ -343,6 +343,8 @@ ip6t_do_table(struct sk_buff *skb,
...
@@ -343,6 +343,8 @@ ip6t_do_table(struct sk_buff *skb,
const
struct
net_device
*
out
,
const
struct
net_device
*
out
,
struct
xt_table
*
table
)
struct
xt_table
*
table
)
{
{
#define tb_comefrom ((struct ip6t_entry *)table_base)->comefrom
static
const
char
nulldevname
[
IFNAMSIZ
]
__attribute__
((
aligned
(
sizeof
(
long
))));
static
const
char
nulldevname
[
IFNAMSIZ
]
__attribute__
((
aligned
(
sizeof
(
long
))));
bool
hotdrop
=
false
;
bool
hotdrop
=
false
;
/* Initializing verdict to NF_DROP keeps gcc happy. */
/* Initializing verdict to NF_DROP keeps gcc happy. */
...
@@ -440,18 +442,17 @@ ip6t_do_table(struct sk_buff *skb,
...
@@ -440,18 +442,17 @@ ip6t_do_table(struct sk_buff *skb,
tgpar
.
targinfo
=
t
->
data
;
tgpar
.
targinfo
=
t
->
data
;
#ifdef CONFIG_NETFILTER_DEBUG
#ifdef CONFIG_NETFILTER_DEBUG
((
struct
ip6t_entry
*
)
table_base
)
->
comefrom
=
0xeeeeeeec
;
tb_
comefrom
=
0xeeeeeeec
;
#endif
#endif
verdict
=
t
->
u
.
kernel
.
target
->
target
(
skb
,
&
tgpar
);
verdict
=
t
->
u
.
kernel
.
target
->
target
(
skb
,
&
tgpar
);
#ifdef CONFIG_NETFILTER_DEBUG
#ifdef CONFIG_NETFILTER_DEBUG
if
(((
struct
ip6t_entry
*
)
table_base
)
->
comefrom
!=
0xeeeeeeec
&&
if
(
tb_comefrom
!=
0xeeeeeeec
&&
verdict
==
IP6T_CONTINUE
)
{
verdict
==
IP6T_CONTINUE
)
{
printk
(
"Target %s reentered!
\n
"
,
printk
(
"Target %s reentered!
\n
"
,
t
->
u
.
kernel
.
target
->
name
);
t
->
u
.
kernel
.
target
->
name
);
verdict
=
NF_DROP
;
verdict
=
NF_DROP
;
}
}
((
struct
ip6t_entry
*
)
table_base
)
->
comefrom
=
0x57acc001
;
tb_
comefrom
=
0x57acc001
;
#endif
#endif
if
(
verdict
==
IP6T_CONTINUE
)
if
(
verdict
==
IP6T_CONTINUE
)
e
=
ip6t_next_entry
(
e
);
e
=
ip6t_next_entry
(
e
);
...
@@ -461,7 +462,7 @@ ip6t_do_table(struct sk_buff *skb,
...
@@ -461,7 +462,7 @@ ip6t_do_table(struct sk_buff *skb,
}
while
(
!
hotdrop
);
}
while
(
!
hotdrop
);
#ifdef CONFIG_NETFILTER_DEBUG
#ifdef CONFIG_NETFILTER_DEBUG
((
struct
ip6t_entry
*
)
table_base
)
->
comefrom
=
NETFILTER_LINK_POISON
;
tb_
comefrom
=
NETFILTER_LINK_POISON
;
#endif
#endif
xt_info_rdunlock_bh
();
xt_info_rdunlock_bh
();
...
@@ -472,6 +473,8 @@ ip6t_do_table(struct sk_buff *skb,
...
@@ -472,6 +473,8 @@ ip6t_do_table(struct sk_buff *skb,
return
NF_DROP
;
return
NF_DROP
;
else
return
verdict
;
else
return
verdict
;
#endif
#endif
#undef tb_comefrom
}
}
/* Figures out from what hook each rule can be called: returns 0 if
/* Figures out from what hook each rule can be called: returns 0 if
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment