Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b2606644 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: x_tables: use pr ratelimiting in all remaining spots 



Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent c08e5e1e

net/ipv4/netfilter/ipt_ECN.c

+1 −1
Original line number Diff line number Diff line
@@ -106,7 +106,7 @@ static int ecn_tg_check(const struct xt_tgchk_param *par) 


	if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) &&

	    (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) {

		pr_info("cannot use TCP operations on a non-tcp rule\n");

		pr_info_ratelimited("cannot use operation on non-tcp rule\n");

		return -EINVAL;

	}

	return 0;

net/ipv4/netfilter/ipt_REJECT.c

+2 −2
Original line number Diff line number Diff line
@@ -74,13 +74,13 @@ static int reject_tg_check(const struct xt_tgchk_param *par) 
	const struct ipt_entry *e = par->entryinfo;



	if (rejinfo->with == IPT_ICMP_ECHOREPLY) {

		pr_info("ECHOREPLY no longer supported.\n");

		pr_info_ratelimited("ECHOREPLY no longer supported.\n");

		return -EINVAL;

	} else if (rejinfo->with == IPT_TCP_RESET) {

		/* Must specify that it's a TCP packet */

		if (e->ip.proto != IPPROTO_TCP ||

		    (e->ip.invflags & XT_INV_PROTO)) {

			pr_info("TCP_RESET invalid for non-tcp\n");

			pr_info_ratelimited("TCP_RESET invalid for non-tcp\n");

			return -EINVAL;

		}

	}

net/ipv4/netfilter/ipt_rpfilter.c

+1 −1
Original line number Diff line number Diff line
@@ -105,7 +105,7 @@ static int rpfilter_check(const struct xt_mtchk_param *par) 
	const struct xt_rpfilter_info *info = par->matchinfo;

	unsigned int options = ~XT_RPFILTER_OPTION_MASK;

	if (info->flags & options) {

		pr_info("unknown options encountered");

		pr_info_ratelimited("unknown options\n");

		return -EINVAL;

	}

net/ipv6/netfilter/ip6t_REJECT.c

+2 −2
Original line number Diff line number Diff line
@@ -85,14 +85,14 @@ static int reject_tg6_check(const struct xt_tgchk_param *par) 
	const struct ip6t_entry *e = par->entryinfo;



	if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) {

		pr_info("ECHOREPLY is not supported.\n");

		pr_info_ratelimited("ECHOREPLY is not supported\n");

		return -EINVAL;

	} else if (rejinfo->with == IP6T_TCP_RESET) {

		/* Must specify that it's a TCP packet */

		if (!(e->ipv6.flags & IP6T_F_PROTO) ||

		    e->ipv6.proto != IPPROTO_TCP ||

		    (e->ipv6.invflags & XT_INV_PROTO)) {

			pr_info("TCP_RESET illegal for non-tcp\n");

			pr_info_ratelimited("TCP_RESET illegal for non-tcp\n");

			return -EINVAL;

		}

	}

net/ipv6/netfilter/ip6t_rpfilter.c

+1 −1
Original line number Diff line number Diff line
@@ -103,7 +103,7 @@ static int rpfilter_check(const struct xt_mtchk_param *par) 
	unsigned int options = ~XT_RPFILTER_OPTION_MASK;



	if (info->flags & options) {

		pr_info("unknown options encountered");

		pr_info_ratelimited("unknown options\n");

		return -EINVAL;

	}