netfilter: xt_CT: provide info on why a rule was rejected (a7fed762) · Commits · e / devices / android_kernel_xiaomi_markw

net/netfilter/xt_CT.c

+8 −3

Original line number	Original line	Diff line number	Diff line
	@@ -5,7 +5,7 @@
	* it under the terms of the GNU General Public License version 2 as		* it under the terms of the GNU General Public License version 2 as
	* published by the Free Software Foundation.		* published by the Free Software Foundation.
	*/		*/
			#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
	#include <linux/module.h>		#include <linux/module.h>
	#include <linux/gfp.h>		#include <linux/gfp.h>
	#include <linux/skbuff.h>		#include <linux/skbuff.h>
	@@ -95,8 +95,11 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par)
	if (info->helper[0]) {		if (info->helper[0]) {
	ret = -ENOENT;		ret = -ENOENT;
	proto = xt_ct_find_proto(par);		proto = xt_ct_find_proto(par);
	if (!proto)		if (!proto) {
			pr_info("You must specify a L4 protocol, "
			"and not use inversions on it.\n");
	goto err3;		goto err3;
			}

	ret = -ENOMEM;		ret = -ENOMEM;
	help = nf_ct_helper_ext_add(ct, GFP_KERNEL);		help = nf_ct_helper_ext_add(ct, GFP_KERNEL);
	@@ -107,9 +110,11 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par)
	help->helper = nf_conntrack_helper_try_module_get(info->helper,		help->helper = nf_conntrack_helper_try_module_get(info->helper,
	par->family,		par->family,
	proto);		proto);
	if (help->helper == NULL)		if (help->helper == NULL) {
			pr_info("No such helper \"%s\"\n", info->helper);
	goto err3;		goto err3;
	}		}
			}

	__set_bit(IPS_TEMPLATE_BIT, &ct->status);		__set_bit(IPS_TEMPLATE_BIT, &ct->status);
	__set_bit(IPS_CONFIRMED_BIT, &ct->status);		__set_bit(IPS_CONFIRMED_BIT, &ct->status);