Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
8b6f92b1
Commit
8b6f92b1
authored
Feb 24, 2009
by
David S. Miller
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'master' of
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6
parents
467388f2
325fb5b4
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
153 additions
and
65 deletions
+153
-65
include/linux/netfilter/xt_NFLOG.h
include/linux/netfilter/xt_NFLOG.h
+1
-1
include/net/netfilter/nf_conntrack_core.h
include/net/netfilter/nf_conntrack_core.h
+1
-1
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+3
-2
net/netfilter/nfnetlink_log.c
net/netfilter/nfnetlink_log.c
+5
-3
net/netfilter/x_tables.c
net/netfilter/x_tables.c
+142
-57
net/netfilter/xt_recent.c
net/netfilter/xt_recent.c
+1
-1
No files found.
include/linux/netfilter/xt_NFLOG.h
View file @
8b6f92b1
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
#define _XT_NFLOG_TARGET
#define _XT_NFLOG_TARGET
#define XT_NFLOG_DEFAULT_GROUP 0x1
#define XT_NFLOG_DEFAULT_GROUP 0x1
#define XT_NFLOG_DEFAULT_THRESHOLD
1
#define XT_NFLOG_DEFAULT_THRESHOLD
0
#define XT_NFLOG_MASK 0x0
#define XT_NFLOG_MASK 0x0
...
...
include/net/netfilter/nf_conntrack_core.h
View file @
8b6f92b1
...
@@ -59,7 +59,7 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb)
...
@@ -59,7 +59,7 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb)
struct
nf_conn
*
ct
=
(
struct
nf_conn
*
)
skb
->
nfct
;
struct
nf_conn
*
ct
=
(
struct
nf_conn
*
)
skb
->
nfct
;
int
ret
=
NF_ACCEPT
;
int
ret
=
NF_ACCEPT
;
if
(
ct
)
{
if
(
ct
&&
ct
!=
&
nf_conntrack_untracked
)
{
if
(
!
nf_ct_is_confirmed
(
ct
)
&&
!
nf_ct_is_dying
(
ct
))
if
(
!
nf_ct_is_confirmed
(
ct
)
&&
!
nf_ct_is_dying
(
ct
))
ret
=
__nf_conntrack_confirm
(
skb
);
ret
=
__nf_conntrack_confirm
(
skb
);
nf_ct_deliver_cached_events
(
ct
);
nf_ct_deliver_cached_events
(
ct
);
...
...
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
View file @
8b6f92b1
...
@@ -201,8 +201,9 @@ icmpv6_error(struct net *net, struct sk_buff *skb, unsigned int dataoff,
...
@@ -201,8 +201,9 @@ icmpv6_error(struct net *net, struct sk_buff *skb, unsigned int dataoff,
if
(
net
->
ct
.
sysctl_checksum
&&
hooknum
==
NF_INET_PRE_ROUTING
&&
if
(
net
->
ct
.
sysctl_checksum
&&
hooknum
==
NF_INET_PRE_ROUTING
&&
nf_ip6_checksum
(
skb
,
hooknum
,
dataoff
,
IPPROTO_ICMPV6
))
{
nf_ip6_checksum
(
skb
,
hooknum
,
dataoff
,
IPPROTO_ICMPV6
))
{
nf_log_packet
(
PF_INET6
,
0
,
skb
,
NULL
,
NULL
,
NULL
,
if
(
LOG_INVALID
(
net
,
IPPROTO_ICMPV6
))
"nf_ct_icmpv6: ICMPv6 checksum failed
\n
"
);
nf_log_packet
(
PF_INET6
,
0
,
skb
,
NULL
,
NULL
,
NULL
,
"nf_ct_icmpv6: ICMPv6 checksum failed "
);
return
-
NF_ACCEPT
;
return
-
NF_ACCEPT
;
}
}
...
...
net/netfilter/nfnetlink_log.c
View file @
8b6f92b1
...
@@ -39,7 +39,7 @@
...
@@ -39,7 +39,7 @@
#endif
#endif
#define NFULNL_NLBUFSIZ_DEFAULT NLMSG_GOODSIZE
#define NFULNL_NLBUFSIZ_DEFAULT NLMSG_GOODSIZE
#define NFULNL_TIMEOUT_DEFAULT
HZ
/* every second */
#define NFULNL_TIMEOUT_DEFAULT
100
/* every second */
#define NFULNL_QTHRESH_DEFAULT 100
/* 100 packets */
#define NFULNL_QTHRESH_DEFAULT 100
/* 100 packets */
#define NFULNL_COPY_RANGE_MAX 0xFFFF
/* max packet size is limited by 16-bit struct nfattr nfa_len field */
#define NFULNL_COPY_RANGE_MAX 0xFFFF
/* max packet size is limited by 16-bit struct nfattr nfa_len field */
...
@@ -590,8 +590,10 @@ nfulnl_log_packet(u_int8_t pf,
...
@@ -590,8 +590,10 @@ nfulnl_log_packet(u_int8_t pf,
qthreshold
=
inst
->
qthreshold
;
qthreshold
=
inst
->
qthreshold
;
/* per-rule qthreshold overrides per-instance */
/* per-rule qthreshold overrides per-instance */
if
(
qthreshold
>
li
->
u
.
ulog
.
qthreshold
)
if
(
li
->
u
.
ulog
.
qthreshold
)
qthreshold
=
li
->
u
.
ulog
.
qthreshold
;
if
(
qthreshold
>
li
->
u
.
ulog
.
qthreshold
)
qthreshold
=
li
->
u
.
ulog
.
qthreshold
;
switch
(
inst
->
copy_mode
)
{
switch
(
inst
->
copy_mode
)
{
case
NFULNL_COPY_META
:
case
NFULNL_COPY_META
:
...
...
net/netfilter/x_tables.c
View file @
8b6f92b1
...
@@ -827,59 +827,143 @@ static const struct file_operations xt_table_ops = {
...
@@ -827,59 +827,143 @@ static const struct file_operations xt_table_ops = {
.
release
=
seq_release_net
,
.
release
=
seq_release_net
,
};
};
static
void
*
xt_match_seq_start
(
struct
seq_file
*
seq
,
loff_t
*
pos
)
/*
* Traverse state for ip{,6}_{tables,matches} for helping crossing
* the multi-AF mutexes.
*/
struct
nf_mttg_trav
{
struct
list_head
*
head
,
*
curr
;
uint8_t
class
,
nfproto
;
};
enum
{
MTTG_TRAV_INIT
,
MTTG_TRAV_NFP_UNSPEC
,
MTTG_TRAV_NFP_SPEC
,
MTTG_TRAV_DONE
,
};
static
void
*
xt_mttg_seq_next
(
struct
seq_file
*
seq
,
void
*
v
,
loff_t
*
ppos
,
bool
is_target
)
{
{
struct
proc_dir_entry
*
pde
=
(
struct
proc_dir_entry
*
)
seq
->
private
;
static
const
uint8_t
next_class
[]
=
{
u_int16_t
af
=
(
unsigned
long
)
pde
->
data
;
[
MTTG_TRAV_NFP_UNSPEC
]
=
MTTG_TRAV_NFP_SPEC
,
[
MTTG_TRAV_NFP_SPEC
]
=
MTTG_TRAV_DONE
,
};
struct
nf_mttg_trav
*
trav
=
seq
->
private
;
switch
(
trav
->
class
)
{
case
MTTG_TRAV_INIT
:
trav
->
class
=
MTTG_TRAV_NFP_UNSPEC
;
mutex_lock
(
&
xt
[
NFPROTO_UNSPEC
].
mutex
);
trav
->
head
=
trav
->
curr
=
is_target
?
&
xt
[
NFPROTO_UNSPEC
].
target
:
&
xt
[
NFPROTO_UNSPEC
].
match
;
break
;
case
MTTG_TRAV_NFP_UNSPEC
:
trav
->
curr
=
trav
->
curr
->
next
;
if
(
trav
->
curr
!=
trav
->
head
)
break
;
mutex_unlock
(
&
xt
[
NFPROTO_UNSPEC
].
mutex
);
mutex_lock
(
&
xt
[
trav
->
nfproto
].
mutex
);
trav
->
head
=
trav
->
curr
=
is_target
?
&
xt
[
trav
->
nfproto
].
target
:
&
xt
[
trav
->
nfproto
].
match
;
trav
->
class
=
next_class
[
trav
->
class
];
break
;
case
MTTG_TRAV_NFP_SPEC
:
trav
->
curr
=
trav
->
curr
->
next
;
if
(
trav
->
curr
!=
trav
->
head
)
break
;
/* fallthru, _stop will unlock */
default:
return
NULL
;
}
mutex_lock
(
&
xt
[
af
].
mutex
);
if
(
ppos
!=
NULL
)
return
seq_list_start
(
&
xt
[
af
].
match
,
*
pos
);
++*
ppos
;
return
trav
;
}
}
static
void
*
xt_match_seq_next
(
struct
seq_file
*
seq
,
void
*
v
,
loff_t
*
pos
)
static
void
*
xt_mttg_seq_start
(
struct
seq_file
*
seq
,
loff_t
*
pos
,
bool
is_target
)
{
{
struct
proc_dir_entry
*
pde
=
(
struct
proc_dir_entry
*
)
seq
->
private
;
struct
nf_mttg_trav
*
trav
=
seq
->
private
;
u
_int16_t
af
=
(
unsigned
long
)
pde
->
data
;
u
nsigned
int
j
;
return
seq_list_next
(
v
,
&
xt
[
af
].
match
,
pos
);
trav
->
class
=
MTTG_TRAV_INIT
;
for
(
j
=
0
;
j
<
*
pos
;
++
j
)
if
(
xt_mttg_seq_next
(
seq
,
NULL
,
NULL
,
is_target
)
==
NULL
)
return
NULL
;
return
trav
;
}
}
static
void
xt_m
atch
_seq_stop
(
struct
seq_file
*
seq
,
void
*
v
)
static
void
xt_m
ttg
_seq_stop
(
struct
seq_file
*
seq
,
void
*
v
)
{
{
struct
proc_dir_entry
*
pde
=
seq
->
private
;
struct
nf_mttg_trav
*
trav
=
seq
->
private
;
u_int16_t
af
=
(
unsigned
long
)
pde
->
data
;
switch
(
trav
->
class
)
{
case
MTTG_TRAV_NFP_UNSPEC
:
mutex_unlock
(
&
xt
[
NFPROTO_UNSPEC
].
mutex
);
break
;
case
MTTG_TRAV_NFP_SPEC
:
mutex_unlock
(
&
xt
[
trav
->
nfproto
].
mutex
);
break
;
}
}
mutex_unlock
(
&
xt
[
af
].
mutex
);
static
void
*
xt_match_seq_start
(
struct
seq_file
*
seq
,
loff_t
*
pos
)
{
return
xt_mttg_seq_start
(
seq
,
pos
,
false
);
}
}
static
int
xt_match_seq_show
(
struct
seq_file
*
seq
,
void
*
v
)
static
void
*
xt_match_seq_next
(
struct
seq_file
*
seq
,
void
*
v
,
loff_t
*
ppos
)
{
{
struct
xt_match
*
match
=
list_entry
(
v
,
struct
xt_match
,
list
);
return
xt_mttg_seq_next
(
seq
,
v
,
ppos
,
false
);
}
if
(
strlen
(
match
->
name
))
static
int
xt_match_seq_show
(
struct
seq_file
*
seq
,
void
*
v
)
return
seq_printf
(
seq
,
"%s
\n
"
,
match
->
name
);
{
else
const
struct
nf_mttg_trav
*
trav
=
seq
->
private
;
return
0
;
const
struct
xt_match
*
match
;
switch
(
trav
->
class
)
{
case
MTTG_TRAV_NFP_UNSPEC
:
case
MTTG_TRAV_NFP_SPEC
:
if
(
trav
->
curr
==
trav
->
head
)
return
0
;
match
=
list_entry
(
trav
->
curr
,
struct
xt_match
,
list
);
return
(
*
match
->
name
==
'\0'
)
?
0
:
seq_printf
(
seq
,
"%s
\n
"
,
match
->
name
);
}
return
0
;
}
}
static
const
struct
seq_operations
xt_match_seq_ops
=
{
static
const
struct
seq_operations
xt_match_seq_ops
=
{
.
start
=
xt_match_seq_start
,
.
start
=
xt_match_seq_start
,
.
next
=
xt_match_seq_next
,
.
next
=
xt_match_seq_next
,
.
stop
=
xt_m
atch
_seq_stop
,
.
stop
=
xt_m
ttg
_seq_stop
,
.
show
=
xt_match_seq_show
,
.
show
=
xt_match_seq_show
,
};
};
static
int
xt_match_open
(
struct
inode
*
inode
,
struct
file
*
file
)
static
int
xt_match_open
(
struct
inode
*
inode
,
struct
file
*
file
)
{
{
struct
seq_file
*
seq
;
struct
nf_mttg_trav
*
trav
;
int
ret
;
int
ret
;
ret
=
seq_open
(
file
,
&
xt_match_seq_ops
);
trav
=
kmalloc
(
sizeof
(
*
trav
),
GFP_KERNEL
);
if
(
!
ret
)
{
if
(
trav
==
NULL
)
struct
seq_file
*
seq
=
file
->
private_data
;
return
-
ENOMEM
;
seq
->
private
=
PDE
(
inode
);
ret
=
seq_open
(
file
,
&
xt_match_seq_ops
);
if
(
ret
<
0
)
{
kfree
(
trav
);
return
ret
;
}
}
return
ret
;
seq
=
file
->
private_data
;
seq
->
private
=
trav
;
trav
->
nfproto
=
(
unsigned
long
)
PDE
(
inode
)
->
data
;
return
0
;
}
}
static
const
struct
file_operations
xt_match_ops
=
{
static
const
struct
file_operations
xt_match_ops
=
{
...
@@ -887,62 +971,63 @@ static const struct file_operations xt_match_ops = {
...
@@ -887,62 +971,63 @@ static const struct file_operations xt_match_ops = {
.
open
=
xt_match_open
,
.
open
=
xt_match_open
,
.
read
=
seq_read
,
.
read
=
seq_read
,
.
llseek
=
seq_lseek
,
.
llseek
=
seq_lseek
,
.
release
=
seq_release
,
.
release
=
seq_release
_private
,
};
};
static
void
*
xt_target_seq_start
(
struct
seq_file
*
seq
,
loff_t
*
pos
)
static
void
*
xt_target_seq_start
(
struct
seq_file
*
seq
,
loff_t
*
pos
)
{
{
struct
proc_dir_entry
*
pde
=
(
struct
proc_dir_entry
*
)
seq
->
private
;
return
xt_mttg_seq_start
(
seq
,
pos
,
true
);
u_int16_t
af
=
(
unsigned
long
)
pde
->
data
;
mutex_lock
(
&
xt
[
af
].
mutex
);
return
seq_list_start
(
&
xt
[
af
].
target
,
*
pos
);
}
}
static
void
*
xt_target_seq_next
(
struct
seq_file
*
seq
,
void
*
v
,
loff_t
*
pos
)
static
void
*
xt_target_seq_next
(
struct
seq_file
*
seq
,
void
*
v
,
loff_t
*
p
p
os
)
{
{
struct
proc_dir_entry
*
pde
=
(
struct
proc_dir_entry
*
)
seq
->
private
;
return
xt_mttg_seq_next
(
seq
,
v
,
ppos
,
true
);
u_int16_t
af
=
(
unsigned
long
)
pde
->
data
;
return
seq_list_next
(
v
,
&
xt
[
af
].
target
,
pos
);
}
static
void
xt_target_seq_stop
(
struct
seq_file
*
seq
,
void
*
v
)
{
struct
proc_dir_entry
*
pde
=
seq
->
private
;
u_int16_t
af
=
(
unsigned
long
)
pde
->
data
;
mutex_unlock
(
&
xt
[
af
].
mutex
);
}
}
static
int
xt_target_seq_show
(
struct
seq_file
*
seq
,
void
*
v
)
static
int
xt_target_seq_show
(
struct
seq_file
*
seq
,
void
*
v
)
{
{
struct
xt_target
*
target
=
list_entry
(
v
,
struct
xt_target
,
list
);
const
struct
nf_mttg_trav
*
trav
=
seq
->
private
;
const
struct
xt_target
*
target
;
if
(
strlen
(
target
->
name
))
return
seq_printf
(
seq
,
"%s
\n
"
,
target
->
name
);
switch
(
trav
->
class
)
{
else
case
MTTG_TRAV_NFP_UNSPEC
:
return
0
;
case
MTTG_TRAV_NFP_SPEC
:
if
(
trav
->
curr
==
trav
->
head
)
return
0
;
target
=
list_entry
(
trav
->
curr
,
struct
xt_target
,
list
);
return
(
*
target
->
name
==
'\0'
)
?
0
:
seq_printf
(
seq
,
"%s
\n
"
,
target
->
name
);
}
return
0
;
}
}
static
const
struct
seq_operations
xt_target_seq_ops
=
{
static
const
struct
seq_operations
xt_target_seq_ops
=
{
.
start
=
xt_target_seq_start
,
.
start
=
xt_target_seq_start
,
.
next
=
xt_target_seq_next
,
.
next
=
xt_target_seq_next
,
.
stop
=
xt_
target
_seq_stop
,
.
stop
=
xt_
mttg
_seq_stop
,
.
show
=
xt_target_seq_show
,
.
show
=
xt_target_seq_show
,
};
};
static
int
xt_target_open
(
struct
inode
*
inode
,
struct
file
*
file
)
static
int
xt_target_open
(
struct
inode
*
inode
,
struct
file
*
file
)
{
{
struct
seq_file
*
seq
;
struct
nf_mttg_trav
*
trav
;
int
ret
;
int
ret
;
ret
=
seq_open
(
file
,
&
xt_target_seq_ops
);
trav
=
kmalloc
(
sizeof
(
*
trav
),
GFP_KERNEL
);
if
(
!
ret
)
{
if
(
trav
==
NULL
)
struct
seq_file
*
seq
=
file
->
private_data
;
return
-
ENOMEM
;
seq
->
private
=
PDE
(
inode
);
ret
=
seq_open
(
file
,
&
xt_target_seq_ops
);
if
(
ret
<
0
)
{
kfree
(
trav
);
return
ret
;
}
}
return
ret
;
seq
=
file
->
private_data
;
seq
->
private
=
trav
;
trav
->
nfproto
=
(
unsigned
long
)
PDE
(
inode
)
->
data
;
return
0
;
}
}
static
const
struct
file_operations
xt_target_ops
=
{
static
const
struct
file_operations
xt_target_ops
=
{
...
@@ -950,7 +1035,7 @@ static const struct file_operations xt_target_ops = {
...
@@ -950,7 +1035,7 @@ static const struct file_operations xt_target_ops = {
.
open
=
xt_target_open
,
.
open
=
xt_target_open
,
.
read
=
seq_read
,
.
read
=
seq_read
,
.
llseek
=
seq_lseek
,
.
llseek
=
seq_lseek
,
.
release
=
seq_release
,
.
release
=
seq_release
_private
,
};
};
#define FORMAT_TABLES "_tables_names"
#define FORMAT_TABLES "_tables_names"
...
...
net/netfilter/xt_recent.c
View file @
8b6f92b1
...
@@ -542,7 +542,7 @@ recent_mt_proc_write(struct file *file, const char __user *input,
...
@@ -542,7 +542,7 @@ recent_mt_proc_write(struct file *file, const char __user *input,
struct
recent_entry
*
e
;
struct
recent_entry
*
e
;
char
buf
[
sizeof
(
"+b335:1d35:1e55:dead:c0de:1715:5afe:c0de"
)];
char
buf
[
sizeof
(
"+b335:1d35:1e55:dead:c0de:1715:5afe:c0de"
)];
const
char
*
c
=
buf
;
const
char
*
c
=
buf
;
union
nf_inet_addr
addr
;
union
nf_inet_addr
addr
=
{}
;
u_int16_t
family
;
u_int16_t
family
;
bool
add
,
succ
;
bool
add
,
succ
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment