Loading net/ipv4/netfilter/ipt_ah.c +6 −12 Original line number Diff line number Diff line Loading @@ -5,7 +5,7 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include <linux/in.h> #include <linux/module.h> #include <linux/skbuff.h> Loading @@ -18,21 +18,15 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Yon Uriarte <yon@astaro.de>"); MODULE_DESCRIPTION("Xtables: IPv4 IPsec-AH SPI match"); #ifdef DEBUG_CONNTRACK #define duprintf(format, args...) printk(format , ## args) #else #define duprintf(format, args...) #endif /* Returns 1 if the spi is matched by the range, 0 otherwise */ static inline bool spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert) { bool r; duprintf("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ', min,spi,max); pr_debug("spi_match:%c 0x%x <= 0x%x <= 0x%x\n", invert ? '!' : ' ', min, spi, max); r=(spi >= min && spi <= max) ^ invert; duprintf(" result %s\n",r? "PASS" : "FAILED"); pr_debug(" result %s\n", r ? "PASS" : "FAILED"); return r; } Loading @@ -51,7 +45,7 @@ static bool ah_mt(const struct sk_buff *skb, const struct xt_match_param *par) /* We've been asked to examine this packet, and we * can't. Hence, no choice but to drop. */ duprintf("Dropping evil AH tinygram.\n"); pr_debug("Dropping evil AH tinygram.\n"); *par->hotdrop = true; return 0; } Loading @@ -67,7 +61,7 @@ static bool ah_mt_check(const struct xt_mtchk_param *par) /* Must specify no unknown invflags */ if (ahinfo->invflags & ~IPT_AH_INV_MASK) { duprintf("ipt_ah: unknown flags %X\n", ahinfo->invflags); pr_debug("unknown flags %X\n", ahinfo->invflags); return false; } return true; Loading net/ipv6/netfilter/ip6t_mh.c +3 −8 Original line number Diff line number Diff line Loading @@ -11,6 +11,7 @@ * Based on net/netfilter/xt_tcpudp.c * */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include <linux/types.h> #include <linux/module.h> #include <net/ip.h> Loading @@ -24,12 +25,6 @@ MODULE_DESCRIPTION("Xtables: IPv6 Mobility Header match"); MODULE_LICENSE("GPL"); #ifdef DEBUG_IP_FIREWALL_USER #define duprintf(format, args...) printk(format , ## args) #else #define duprintf(format, args...) #endif /* Returns 1 if the type is matched by the range, 0 otherwise */ static inline bool type_match(u_int8_t min, u_int8_t max, u_int8_t type, bool invert) Loading @@ -51,13 +46,13 @@ static bool mh_mt6(const struct sk_buff *skb, const struct xt_match_param *par) if (mh == NULL) { /* We've been asked to examine this packet, and we can't. Hence, no choice but to drop. */ duprintf("Dropping evil MH tinygram.\n"); pr_debug("Dropping evil MH tinygram.\n"); *par->hotdrop = true; return false; } if (mh->ip6mh_proto != IPPROTO_NONE) { duprintf("Dropping invalid MH Payload Proto: %u\n", pr_debug("Dropping invalid MH Payload Proto: %u\n", mh->ip6mh_proto); *par->hotdrop = true; return false; Loading net/netfilter/x_tables.c +3 −9 Original line number Diff line number Diff line Loading @@ -12,7 +12,7 @@ * published by the Free Software Foundation. * */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include <linux/kernel.h> #include <linux/socket.h> #include <linux/net.h> Loading Loading @@ -54,12 +54,6 @@ struct xt_af { static struct xt_af *xt; #ifdef DEBUG_IP_FIREWALL_USER #define duprintf(format, args...) printk(format , ## args) #else #define duprintf(format, args...) #endif static const char *const xt_prefix[NFPROTO_NUMPROTO] = { [NFPROTO_UNSPEC] = "x", [NFPROTO_IPV4] = "ip", Loading Loading @@ -720,7 +714,7 @@ xt_replace_table(struct xt_table *table, /* Check inside lock: is the old number correct? */ if (num_counters != private->number) { duprintf("num_counters != table->private->number (%u/%u)\n", pr_debug("num_counters != table->private->number (%u/%u)\n", num_counters, private->number); local_bh_enable(); *error = -EAGAIN; Loading Loading @@ -777,7 +771,7 @@ struct xt_table *xt_register_table(struct net *net, goto unlock; private = table->private; duprintf("table->private->number = %u\n", private->number); pr_debug("table->private->number = %u\n", private->number); /* save number of initial entries */ private->initial_entries = private->number; Loading net/netfilter/xt_esp.c +6 −12 Original line number Diff line number Diff line Loading @@ -6,7 +6,7 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include <linux/module.h> #include <linux/skbuff.h> #include <linux/in.h> Loading @@ -24,21 +24,15 @@ MODULE_DESCRIPTION("Xtables: IPsec-ESP packet match"); MODULE_ALIAS("ipt_esp"); MODULE_ALIAS("ip6t_esp"); #if 0 #define duprintf(format, args...) printk(format , ## args) #else #define duprintf(format, args...) #endif /* Returns 1 if the spi is matched by the range, 0 otherwise */ static inline bool spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert) { bool r; duprintf("esp spi_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ', min, spi, max); pr_debug("esp spi_match:%c 0x%x <= 0x%x <= 0x%x\n", invert ? '!' : ' ', min, spi, max); r = (spi >= min && spi <= max) ^ invert; duprintf(" result %s\n", r ? "PASS" : "FAILED"); pr_debug(" result %s\n", r ? "PASS" : "FAILED"); return r; } Loading @@ -57,7 +51,7 @@ static bool esp_mt(const struct sk_buff *skb, const struct xt_match_param *par) /* We've been asked to examine this packet, and we * can't. Hence, no choice but to drop. */ duprintf("Dropping evil ESP tinygram.\n"); pr_debug("Dropping evil ESP tinygram.\n"); *par->hotdrop = true; return false; } Loading @@ -71,7 +65,7 @@ static bool esp_mt_check(const struct xt_mtchk_param *par) const struct xt_esp *espinfo = par->matchinfo; if (espinfo->invflags & ~XT_ESP_INV_MASK) { duprintf("xt_esp: unknown flags %X\n", espinfo->invflags); pr_debug("unknown flags %X\n", espinfo->invflags); return false; } Loading net/netfilter/xt_multiport.c +5 −11 Original line number Diff line number Diff line Loading @@ -8,7 +8,7 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include <linux/module.h> #include <linux/types.h> #include <linux/udp.h> Loading @@ -26,12 +26,6 @@ MODULE_DESCRIPTION("Xtables: multiple port matching for TCP, UDP, UDP-Lite, SCTP MODULE_ALIAS("ipt_multiport"); MODULE_ALIAS("ip6t_multiport"); #if 0 #define duprintf(format, args...) printk(format , ## args) #else #define duprintf(format, args...) #endif /* Returns 1 if the port is matched by the test, 0 otherwise. */ static inline bool ports_match_v0(const u_int16_t *portlist, enum xt_multiport_flags flags, Loading Loading @@ -63,7 +57,7 @@ ports_match_v1(const struct xt_multiport_v1 *minfo, if (minfo->pflags[i]) { /* range port matching */ e = minfo->ports[++i]; duprintf("src or dst matches with %d-%d?\n", s, e); pr_debug("src or dst matches with %d-%d?\n", s, e); if (minfo->flags == XT_MULTIPORT_SOURCE && src >= s && src <= e) Loading @@ -77,7 +71,7 @@ ports_match_v1(const struct xt_multiport_v1 *minfo, return true ^ minfo->invert; } else { /* exact port matching */ duprintf("src or dst matches with %d?\n", s); pr_debug("src or dst matches with %d?\n", s); if (minfo->flags == XT_MULTIPORT_SOURCE && src == s) Loading Loading @@ -109,7 +103,7 @@ multiport_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par) /* We've been asked to examine this packet, and we * can't. Hence, no choice but to drop. */ duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); pr_debug("Dropping evil offset=0 tinygram.\n"); *par->hotdrop = true; return false; } Loading @@ -133,7 +127,7 @@ multiport_mt(const struct sk_buff *skb, const struct xt_match_param *par) /* We've been asked to examine this packet, and we * can't. Hence, no choice but to drop. */ duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); pr_debug("Dropping evil offset=0 tinygram.\n"); *par->hotdrop = true; return false; } Loading Loading
net/ipv4/netfilter/ipt_ah.c +6 −12 Original line number Diff line number Diff line Loading @@ -5,7 +5,7 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include <linux/in.h> #include <linux/module.h> #include <linux/skbuff.h> Loading @@ -18,21 +18,15 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Yon Uriarte <yon@astaro.de>"); MODULE_DESCRIPTION("Xtables: IPv4 IPsec-AH SPI match"); #ifdef DEBUG_CONNTRACK #define duprintf(format, args...) printk(format , ## args) #else #define duprintf(format, args...) #endif /* Returns 1 if the spi is matched by the range, 0 otherwise */ static inline bool spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert) { bool r; duprintf("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ', min,spi,max); pr_debug("spi_match:%c 0x%x <= 0x%x <= 0x%x\n", invert ? '!' : ' ', min, spi, max); r=(spi >= min && spi <= max) ^ invert; duprintf(" result %s\n",r? "PASS" : "FAILED"); pr_debug(" result %s\n", r ? "PASS" : "FAILED"); return r; } Loading @@ -51,7 +45,7 @@ static bool ah_mt(const struct sk_buff *skb, const struct xt_match_param *par) /* We've been asked to examine this packet, and we * can't. Hence, no choice but to drop. */ duprintf("Dropping evil AH tinygram.\n"); pr_debug("Dropping evil AH tinygram.\n"); *par->hotdrop = true; return 0; } Loading @@ -67,7 +61,7 @@ static bool ah_mt_check(const struct xt_mtchk_param *par) /* Must specify no unknown invflags */ if (ahinfo->invflags & ~IPT_AH_INV_MASK) { duprintf("ipt_ah: unknown flags %X\n", ahinfo->invflags); pr_debug("unknown flags %X\n", ahinfo->invflags); return false; } return true; Loading
net/ipv6/netfilter/ip6t_mh.c +3 −8 Original line number Diff line number Diff line Loading @@ -11,6 +11,7 @@ * Based on net/netfilter/xt_tcpudp.c * */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include <linux/types.h> #include <linux/module.h> #include <net/ip.h> Loading @@ -24,12 +25,6 @@ MODULE_DESCRIPTION("Xtables: IPv6 Mobility Header match"); MODULE_LICENSE("GPL"); #ifdef DEBUG_IP_FIREWALL_USER #define duprintf(format, args...) printk(format , ## args) #else #define duprintf(format, args...) #endif /* Returns 1 if the type is matched by the range, 0 otherwise */ static inline bool type_match(u_int8_t min, u_int8_t max, u_int8_t type, bool invert) Loading @@ -51,13 +46,13 @@ static bool mh_mt6(const struct sk_buff *skb, const struct xt_match_param *par) if (mh == NULL) { /* We've been asked to examine this packet, and we can't. Hence, no choice but to drop. */ duprintf("Dropping evil MH tinygram.\n"); pr_debug("Dropping evil MH tinygram.\n"); *par->hotdrop = true; return false; } if (mh->ip6mh_proto != IPPROTO_NONE) { duprintf("Dropping invalid MH Payload Proto: %u\n", pr_debug("Dropping invalid MH Payload Proto: %u\n", mh->ip6mh_proto); *par->hotdrop = true; return false; Loading
net/netfilter/x_tables.c +3 −9 Original line number Diff line number Diff line Loading @@ -12,7 +12,7 @@ * published by the Free Software Foundation. * */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include <linux/kernel.h> #include <linux/socket.h> #include <linux/net.h> Loading Loading @@ -54,12 +54,6 @@ struct xt_af { static struct xt_af *xt; #ifdef DEBUG_IP_FIREWALL_USER #define duprintf(format, args...) printk(format , ## args) #else #define duprintf(format, args...) #endif static const char *const xt_prefix[NFPROTO_NUMPROTO] = { [NFPROTO_UNSPEC] = "x", [NFPROTO_IPV4] = "ip", Loading Loading @@ -720,7 +714,7 @@ xt_replace_table(struct xt_table *table, /* Check inside lock: is the old number correct? */ if (num_counters != private->number) { duprintf("num_counters != table->private->number (%u/%u)\n", pr_debug("num_counters != table->private->number (%u/%u)\n", num_counters, private->number); local_bh_enable(); *error = -EAGAIN; Loading Loading @@ -777,7 +771,7 @@ struct xt_table *xt_register_table(struct net *net, goto unlock; private = table->private; duprintf("table->private->number = %u\n", private->number); pr_debug("table->private->number = %u\n", private->number); /* save number of initial entries */ private->initial_entries = private->number; Loading
net/netfilter/xt_esp.c +6 −12 Original line number Diff line number Diff line Loading @@ -6,7 +6,7 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include <linux/module.h> #include <linux/skbuff.h> #include <linux/in.h> Loading @@ -24,21 +24,15 @@ MODULE_DESCRIPTION("Xtables: IPsec-ESP packet match"); MODULE_ALIAS("ipt_esp"); MODULE_ALIAS("ip6t_esp"); #if 0 #define duprintf(format, args...) printk(format , ## args) #else #define duprintf(format, args...) #endif /* Returns 1 if the spi is matched by the range, 0 otherwise */ static inline bool spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert) { bool r; duprintf("esp spi_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ', min, spi, max); pr_debug("esp spi_match:%c 0x%x <= 0x%x <= 0x%x\n", invert ? '!' : ' ', min, spi, max); r = (spi >= min && spi <= max) ^ invert; duprintf(" result %s\n", r ? "PASS" : "FAILED"); pr_debug(" result %s\n", r ? "PASS" : "FAILED"); return r; } Loading @@ -57,7 +51,7 @@ static bool esp_mt(const struct sk_buff *skb, const struct xt_match_param *par) /* We've been asked to examine this packet, and we * can't. Hence, no choice but to drop. */ duprintf("Dropping evil ESP tinygram.\n"); pr_debug("Dropping evil ESP tinygram.\n"); *par->hotdrop = true; return false; } Loading @@ -71,7 +65,7 @@ static bool esp_mt_check(const struct xt_mtchk_param *par) const struct xt_esp *espinfo = par->matchinfo; if (espinfo->invflags & ~XT_ESP_INV_MASK) { duprintf("xt_esp: unknown flags %X\n", espinfo->invflags); pr_debug("unknown flags %X\n", espinfo->invflags); return false; } Loading
net/netfilter/xt_multiport.c +5 −11 Original line number Diff line number Diff line Loading @@ -8,7 +8,7 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include <linux/module.h> #include <linux/types.h> #include <linux/udp.h> Loading @@ -26,12 +26,6 @@ MODULE_DESCRIPTION("Xtables: multiple port matching for TCP, UDP, UDP-Lite, SCTP MODULE_ALIAS("ipt_multiport"); MODULE_ALIAS("ip6t_multiport"); #if 0 #define duprintf(format, args...) printk(format , ## args) #else #define duprintf(format, args...) #endif /* Returns 1 if the port is matched by the test, 0 otherwise. */ static inline bool ports_match_v0(const u_int16_t *portlist, enum xt_multiport_flags flags, Loading Loading @@ -63,7 +57,7 @@ ports_match_v1(const struct xt_multiport_v1 *minfo, if (minfo->pflags[i]) { /* range port matching */ e = minfo->ports[++i]; duprintf("src or dst matches with %d-%d?\n", s, e); pr_debug("src or dst matches with %d-%d?\n", s, e); if (minfo->flags == XT_MULTIPORT_SOURCE && src >= s && src <= e) Loading @@ -77,7 +71,7 @@ ports_match_v1(const struct xt_multiport_v1 *minfo, return true ^ minfo->invert; } else { /* exact port matching */ duprintf("src or dst matches with %d?\n", s); pr_debug("src or dst matches with %d?\n", s); if (minfo->flags == XT_MULTIPORT_SOURCE && src == s) Loading Loading @@ -109,7 +103,7 @@ multiport_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par) /* We've been asked to examine this packet, and we * can't. Hence, no choice but to drop. */ duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); pr_debug("Dropping evil offset=0 tinygram.\n"); *par->hotdrop = true; return false; } Loading @@ -133,7 +127,7 @@ multiport_mt(const struct sk_buff *skb, const struct xt_match_param *par) /* We've been asked to examine this packet, and we * can't. Hence, no choice but to drop. */ duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); pr_debug("Dropping evil offset=0 tinygram.\n"); *par->hotdrop = true; return false; } Loading
Jan Engelhardt <jengelh@medozas.de>Jan Engelhardt <jengelh@medozas.de>