| 2bf074825403e0e0d623bac7573580773b78abef |
|
09-Jun-2010 |
Shan Wei <shanwei@cn.fujitsu.com> |
netfilter: xt_sctp: use WORD_ROUND macro to calculate length of multiple of 4 bytes
Use WORD_ROUND to round an int up to the next multiple of 4.
Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| b4ba26119b06052888696491f614201817491a0d |
|
07-Jul-2009 |
Jan Engelhardt <jengelh@medozas.de> |
netfilter: xtables: change hotdrop pointer to direct modification
Since xt_action_param is writable, let's use it. The pointer to
'bool hotdrop' always worried (8 bytes (64-bit) to write 1 byte!).
Surprisingly results in a reduction in size:
text data bss filename
5457066 692730 357892 vmlinux.o-prev
5456554 692730 357892 vmlinux.o
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| 62fc8051083a334578c3f4b3488808f210b4565f |
|
07-Jul-2009 |
Jan Engelhardt <jengelh@medozas.de> |
netfilter: xtables: deconstify struct xt_action_param for matches
In future, layer-3 matches will be an xt module of their own, and
need to set the fragoff and thoff fields. Adding more pointers would
needlessy increase memory requirements (esp. so for 64-bit, where
pointers are wider).
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| 4b560b447df83368df44bd3712c0c39b1d79ba04 |
|
05-Jul-2009 |
Jan Engelhardt <jengelh@medozas.de> |
netfilter: xtables: substitute temporary defines by final name
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| bd414ee605ff3ac5fcd79f57269a897879ee4cde |
|
23-Mar-2010 |
Jan Engelhardt <jengelh@medozas.de> |
netfilter: xtables: change matches to return error code
The following semantic patch does part of the transformation:
// <smpl>
@ rule1 @
struct xt_match ops;
identifier check;
@@
ops.checkentry = check;
@@
identifier rule1.check;
@@
check(...) { <...
-return true;
+return 0;
...> }
@@
identifier rule1.check;
@@
check(...) { <...
-return false;
+return -EINVAL;
...> }
// </smpl>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| b0f38452ff73da7e9e0ddc68cd5c6b93c897ca0d |
|
19-Mar-2010 |
Jan Engelhardt <jengelh@medozas.de> |
netfilter: xtables: change xt_match.checkentry return type
Restore function signatures from bool to int so that we can report
memory allocation failures or similar using -ENOMEM rather than
always having to pass -EINVAL back.
This semantic patch may not be too precise (checking for functions
that use xt_mtchk_param rather than functions referenced by
xt_match.checkentry), but reviewed, it produced the intended result.
// <smpl>
@@
type bool;
identifier check, par;
@@
-bool check
+int check
(struct xt_mtchk_param *par) { ... }
// </smpl>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| 9f5673174161cc026a6c87f70d9b457e7ad82a80 |
|
23-Mar-2010 |
Jan Engelhardt <jengelh@medozas.de> |
netfilter: xtables: untangle spaghetti if clauses in checkentry
As I'm changing the return values soon, I want to have a clear visual
path.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| be91fd5e323b46450ca82f6828e933e3791fb2f2 |
|
18-Mar-2010 |
Jan Engelhardt <jengelh@medozas.de> |
netfilter: xtables: replace custom duprintf with pr_debug
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| d4e2675a61890a84849a24affedf80d5cae8b199 |
|
09-Feb-2009 |
Qu Haoran <haoran.qu@6wind.com> |
netfilter: xt_sctp: sctp chunk mapping doesn't work
When user tries to map all chunks given in argument, kernel
works on a copy of the chunkmap, but at the end it doesn't
check the copy, but the orginal one.
Signed-off-by: Qu Haoran <haoran.qu@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 9b4fce7a3508a9776534188b6065b206a9608ccf |
|
08-Oct-2008 |
Jan Engelhardt <jengelh@medozas.de> |
netfilter: xtables: move extension arguments into compound structure (2/6)
This patch does this for match extensions' checkentry functions.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| f7108a20dee44e5bb037f9e48f6a207b42e6ae1c |
|
08-Oct-2008 |
Jan Engelhardt <jengelh@medozas.de> |
netfilter: xtables: move extension arguments into compound structure (1/6)
The function signatures for Xtables extensions have grown over time.
It involves a lot of typing/replication, and also a bit of stack space
even if they are not used. Realize an NFWS2008 idea and pack them into
structs. The skb remains outside of the struct so gcc can continue to
apply its optimizations.
This patch does this for match extensions' match functions.
A few ambiguities have also been addressed. The "offset" parameter for
example has been renamed to "fragoff" (there are so many different
offsets already) and "protoff" to "thoff" (there is more than just one
protocol here, so clarify).
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| ee999d8b9573df1b547aacdc6d79f86eb79c25cd |
|
08-Oct-2008 |
Jan Engelhardt <jengelh@medozas.de> |
netfilter: x_tables: use NFPROTO_* in extensions
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| 3cf93c96af7adf78542d45f8a27f0e5f8704409d |
|
14-Apr-2008 |
Jan Engelhardt <jengelh@computergmbh.de> |
[NETFILTER]: annotate xtables targets with const and remove casts
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| 2ae15b64e6a1608c840c60df38e8e5eef7b2b8c3 |
|
15-Jan-2008 |
Jan Engelhardt <jengelh@computergmbh.de> |
[NETFILTER]: Update modules' descriptions
Updates the MODULE_DESCRIPTION() tags for all Netfilter modules,
actually describing what the module does and not just
"netfilter XYZ target".
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| d3c5ee6d545b5372fd525ebe16988a5b6efeceb0 |
|
05-Dec-2007 |
Jan Engelhardt <jengelh@computergmbh.de> |
[NETFILTER]: x_tables: consistent and unique symbol names
Give all Netfilter modules consistent and unique symbol names.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 009e8c965fd72a78636b9a96c7015109c5c70176 |
|
18-Oct-2007 |
Li Zefan <lizf@cn.fujitsu.com> |
[NETFILTER]: xt_sctp: fix mistake to pass a pointer where array is required
Macros like SCTP_CHUNKMAP_XXX(chukmap) require chukmap to be an array,
but match_packet() passes a pointer to these macros. Also remove the
ELEMCOUNT macro and fix a bug in SCTP_CHUNKMAP_COPY.
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 73aaf9355b71d295fd72dc0b93fcdd275c56648f |
|
11-Oct-2007 |
Jan Engelhardt <jengelh@computergmbh.de> |
[NETFILTER]: x_tables: add missing ip6t_modulename aliases
The patch will add MODULE_ALIAS("ip6t_<modulename>") where missing,
otherwise you will get
ip6tables: No chain/target/match by that name
when xt_<modulename> is not already loaded.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 9f15c5302de4e8b0aac7ca24c36bf26a7fe1a513 |
|
08-Jul-2007 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: x_tables: mark matches and targets __read_mostly
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 7c4e36bc172ae1accde835b880fdc4a2c2a3df57 |
|
08-Jul-2007 |
Jan Engelhardt <jengelh@gmx.de> |
[NETFILTER]: Remove redundant parentheses/braces
Removes redundant parentheses and braces (And add one pair in a
xt_tcpudp.c macro).
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| ccb79bdce71f2c04cfa9bfcbaf4d37e2f963d684 |
|
08-Jul-2007 |
Jan Engelhardt <jengelh@gmx.de> |
[NETFILTER]: x_tables: switch xt_match->checkentry to bool
Switch the return type of match functions to boolean
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 1d93a9cbad608f6398ba6c5b588c504ccd35a2ca |
|
08-Jul-2007 |
Jan Engelhardt <jengelh@gmx.de> |
[NETFILTER]: x_tables: switch xt_match->match to bool
Switch the return type of match functions to boolean
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| cff533ac12494fa002e2c46acc94d670e5f636a2 |
|
08-Jul-2007 |
Jan Engelhardt <jengelh@gmx.de> |
[NETFILTER]: x_tables: switch hotdrop to bool
Switch the "hotdrop" variables to boolean
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 601e68e100b6bf8ba13a32db8faf92d43acaa997 |
|
12-Feb-2007 |
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
[NETFILTER]: Fix whitespace errors
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 962c837275e8a8c1df41f1882e971636093cdee4 |
|
21-Nov-2006 |
Al Viro <viro@zeniv.linux.org.uk> |
[SCTP]: Netfilter sctp annotations.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| efa741656e9ebf5fd6e0432b0d1b3c7f156392d3 |
|
22-Aug-2006 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: x_tables: remove unused size argument to check/destroy functions
The size is verified by x_tables and isn't needed by the modules anymore.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 4470bbc749e5551cce914529309456f631e25120 |
|
22-Aug-2006 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: x_tables: make use of mass registation helpers
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 1c7e47726a88303e4cfa2785f0a357bf1ceecee1 |
|
27-Jun-2006 |
Jorge Matias <jorge.matias@motorola.com> |
[NETFILTER]: xt_sctp: fix --chunk-types matching
xt_sctp uses an incorrect header offset when --chunk-types is used.
Signed-off-by: Jorge Matias <jorge.matias@motorola.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| d3dcd4efe2ad1ad1865b2fe5c863c1ebd9482a84 |
|
20-Jun-2006 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: xt_sctp: fix endless loop caused by 0 chunk length
Fix endless loop in the SCTP match similar to those already fixed in
the SCTP conntrack helper (was CVE-2006-1527).
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 3e72b2fe5b31791f976350b023b7a37ef59c02c1 |
|
30-May-2006 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: x_tables: remove some unnecessary casts
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 65b4b4e81a5094d52cbe372b887b1779abe53f9b |
|
29-Mar-2006 |
Andrew Morton <akpm@osdl.org> |
[NETFILTER]: Rename init functions.
Every netfilter module uses `init' for its module_init() function and
`fini' or `cleanup' for its module_exit() function.
Problem is, this creates uninformative initcall_debug output and makes
ctags rather useless.
So go through and rename them all to $(filename)_init and
$(filename)_fini.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| a45049c51ce6a3fecf2a909b591b28164c927112 |
|
22-Mar-2006 |
Pablo Neira Ayuso <pablo@netfilter.org> |
[NETFILTER]: x_tables: set the protocol family in x_tables targets/matches
Set the family field in xt_[matches|targets] registered.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| c49867347404c46f137a261643ed4fce4376f324 |
|
21-Mar-2006 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 5d04bff096180f032de8b9b12153a8a1b4009b8d |
|
21-Mar-2006 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: Convert x_tables matches/targets to centralized error checking
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 2e4e6a17af35be359cc8f1c924f8f198fbd478cc |
|
12-Jan-2006 |
Harald Welte <laforge@netfilter.org> |
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|