Loading include/linux/netfilter/xt_LED.h +2 −0 Original line number Diff line number Diff line #ifndef _XT_LED_H #define _XT_LED_H #include <linux/types.h> struct xt_led_info { char id[27]; /* Unique ID for this trigger in the LED class */ __u8 always_blink; /* Blink even if the LED is already on */ Loading include/linux/netfilter/xt_cluster.h +2 −0 Original line number Diff line number Diff line Loading @@ -12,4 +12,6 @@ struct xt_cluster_match_info { u_int32_t flags; }; #define XT_CLUSTER_NODES_MAX 32 #endif /* _XT_CLUSTER_MATCH_H */ net/ipv6/netfilter/ip6t_ipv6header.c +3 −3 Original line number Diff line number Diff line Loading @@ -50,14 +50,14 @@ ipv6header_mt6(const struct sk_buff *skb, const struct xt_match_param *par) struct ipv6_opt_hdr _hdr; int hdrlen; /* Is there enough space for the next ext header? */ if (len < (int)sizeof(struct ipv6_opt_hdr)) return false; /* No more exthdr -> evaluate */ if (nexthdr == NEXTHDR_NONE) { temp |= MASK_NONE; break; } /* Is there enough space for the next ext header? */ if (len < (int)sizeof(struct ipv6_opt_hdr)) return false; /* ESP -> evaluate */ if (nexthdr == NEXTHDR_ESP) { temp |= MASK_ESP; Loading net/netfilter/nf_conntrack_netlink.c +20 −28 Original line number Diff line number Diff line Loading @@ -1186,28 +1186,6 @@ ctnetlink_change_conntrack(struct nf_conn *ct, struct nlattr *cda[]) return 0; } static inline void ctnetlink_event_report(struct nf_conn *ct, u32 pid, int report) { unsigned int events = 0; if (test_bit(IPS_EXPECTED_BIT, &ct->status)) events |= IPCT_RELATED; else events |= IPCT_NEW; nf_conntrack_event_report(IPCT_STATUS | IPCT_HELPER | IPCT_REFRESH | IPCT_PROTOINFO | IPCT_NATSEQADJ | IPCT_MARK | events, ct, pid, report); } static struct nf_conn * ctnetlink_create_conntrack(struct nlattr *cda[], struct nf_conntrack_tuple *otuple, Loading Loading @@ -1373,6 +1351,7 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb, err = -ENOENT; if (nlh->nlmsg_flags & NLM_F_CREATE) { struct nf_conn *ct; enum ip_conntrack_events events; ct = ctnetlink_create_conntrack(cda, &otuple, &rtuple, u3); Loading @@ -1383,8 +1362,17 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb, err = 0; nf_conntrack_get(&ct->ct_general); spin_unlock_bh(&nf_conntrack_lock); ctnetlink_event_report(ct, NETLINK_CB(skb).pid, if (test_bit(IPS_EXPECTED_BIT, &ct->status)) events = IPCT_RELATED; else events = IPCT_NEW; nf_conntrack_event_report(IPCT_STATUS | IPCT_HELPER | IPCT_PROTOINFO | IPCT_NATSEQADJ | IPCT_MARK | events, ct, NETLINK_CB(skb).pid, nlmsg_report(nlh)); nf_ct_put(ct); } else Loading @@ -1404,8 +1392,12 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb, if (err == 0) { nf_conntrack_get(&ct->ct_general); spin_unlock_bh(&nf_conntrack_lock); ctnetlink_event_report(ct, NETLINK_CB(skb).pid, nf_conntrack_event_report(IPCT_STATUS | IPCT_HELPER | IPCT_PROTOINFO | IPCT_NATSEQADJ | IPCT_MARK, ct, NETLINK_CB(skb).pid, nlmsg_report(nlh)); nf_ct_put(ct); } else Loading net/netfilter/xt_cluster.c +7 −1 Original line number Diff line number Diff line Loading @@ -135,7 +135,13 @@ static bool xt_cluster_mt_checkentry(const struct xt_mtchk_param *par) { struct xt_cluster_match_info *info = par->matchinfo; if (info->node_mask >= (1 << info->total_nodes)) { if (info->total_nodes > XT_CLUSTER_NODES_MAX) { printk(KERN_ERR "xt_cluster: you have exceeded the maximum " "number of cluster nodes (%u > %u)\n", info->total_nodes, XT_CLUSTER_NODES_MAX); return false; } if (info->node_mask >= (1ULL << info->total_nodes)) { printk(KERN_ERR "xt_cluster: this node mask cannot be " "higher than the total number of nodes\n"); return false; Loading Loading
include/linux/netfilter/xt_LED.h +2 −0 Original line number Diff line number Diff line #ifndef _XT_LED_H #define _XT_LED_H #include <linux/types.h> struct xt_led_info { char id[27]; /* Unique ID for this trigger in the LED class */ __u8 always_blink; /* Blink even if the LED is already on */ Loading
include/linux/netfilter/xt_cluster.h +2 −0 Original line number Diff line number Diff line Loading @@ -12,4 +12,6 @@ struct xt_cluster_match_info { u_int32_t flags; }; #define XT_CLUSTER_NODES_MAX 32 #endif /* _XT_CLUSTER_MATCH_H */
net/ipv6/netfilter/ip6t_ipv6header.c +3 −3 Original line number Diff line number Diff line Loading @@ -50,14 +50,14 @@ ipv6header_mt6(const struct sk_buff *skb, const struct xt_match_param *par) struct ipv6_opt_hdr _hdr; int hdrlen; /* Is there enough space for the next ext header? */ if (len < (int)sizeof(struct ipv6_opt_hdr)) return false; /* No more exthdr -> evaluate */ if (nexthdr == NEXTHDR_NONE) { temp |= MASK_NONE; break; } /* Is there enough space for the next ext header? */ if (len < (int)sizeof(struct ipv6_opt_hdr)) return false; /* ESP -> evaluate */ if (nexthdr == NEXTHDR_ESP) { temp |= MASK_ESP; Loading
net/netfilter/nf_conntrack_netlink.c +20 −28 Original line number Diff line number Diff line Loading @@ -1186,28 +1186,6 @@ ctnetlink_change_conntrack(struct nf_conn *ct, struct nlattr *cda[]) return 0; } static inline void ctnetlink_event_report(struct nf_conn *ct, u32 pid, int report) { unsigned int events = 0; if (test_bit(IPS_EXPECTED_BIT, &ct->status)) events |= IPCT_RELATED; else events |= IPCT_NEW; nf_conntrack_event_report(IPCT_STATUS | IPCT_HELPER | IPCT_REFRESH | IPCT_PROTOINFO | IPCT_NATSEQADJ | IPCT_MARK | events, ct, pid, report); } static struct nf_conn * ctnetlink_create_conntrack(struct nlattr *cda[], struct nf_conntrack_tuple *otuple, Loading Loading @@ -1373,6 +1351,7 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb, err = -ENOENT; if (nlh->nlmsg_flags & NLM_F_CREATE) { struct nf_conn *ct; enum ip_conntrack_events events; ct = ctnetlink_create_conntrack(cda, &otuple, &rtuple, u3); Loading @@ -1383,8 +1362,17 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb, err = 0; nf_conntrack_get(&ct->ct_general); spin_unlock_bh(&nf_conntrack_lock); ctnetlink_event_report(ct, NETLINK_CB(skb).pid, if (test_bit(IPS_EXPECTED_BIT, &ct->status)) events = IPCT_RELATED; else events = IPCT_NEW; nf_conntrack_event_report(IPCT_STATUS | IPCT_HELPER | IPCT_PROTOINFO | IPCT_NATSEQADJ | IPCT_MARK | events, ct, NETLINK_CB(skb).pid, nlmsg_report(nlh)); nf_ct_put(ct); } else Loading @@ -1404,8 +1392,12 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb, if (err == 0) { nf_conntrack_get(&ct->ct_general); spin_unlock_bh(&nf_conntrack_lock); ctnetlink_event_report(ct, NETLINK_CB(skb).pid, nf_conntrack_event_report(IPCT_STATUS | IPCT_HELPER | IPCT_PROTOINFO | IPCT_NATSEQADJ | IPCT_MARK, ct, NETLINK_CB(skb).pid, nlmsg_report(nlh)); nf_ct_put(ct); } else Loading
net/netfilter/xt_cluster.c +7 −1 Original line number Diff line number Diff line Loading @@ -135,7 +135,13 @@ static bool xt_cluster_mt_checkentry(const struct xt_mtchk_param *par) { struct xt_cluster_match_info *info = par->matchinfo; if (info->node_mask >= (1 << info->total_nodes)) { if (info->total_nodes > XT_CLUSTER_NODES_MAX) { printk(KERN_ERR "xt_cluster: you have exceeded the maximum " "number of cluster nodes (%u > %u)\n", info->total_nodes, XT_CLUSTER_NODES_MAX); return false; } if (info->node_mask >= (1ULL << info->total_nodes)) { printk(KERN_ERR "xt_cluster: this node mask cannot be " "higher than the total number of nodes\n"); return false; Loading
