Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.26
This commit is contained in:
David S. Miller
@@ -121,16 +121,44 @@ __sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
|
||||
}
|
||||
return csum;
|
||||
}
|
||||
|
||||
EXPORT_SYMBOL(nf_ip6_checksum);
|
||||
|
||||
static __sum16 nf_ip6_checksum_partial(struct sk_buff *skb, unsigned int hook,
|
||||
unsigned int dataoff, unsigned int len,
|
||||
u_int8_t protocol)
|
||||
{
|
||||
struct ipv6hdr *ip6h = ipv6_hdr(skb);
|
||||
__wsum hsum;
|
||||
__sum16 csum = 0;
|
||||
|
||||
switch (skb->ip_summed) {
|
||||
case CHECKSUM_COMPLETE:
|
||||
if (len == skb->len - dataoff)
|
||||
return nf_ip6_checksum(skb, hook, dataoff, protocol);
|
||||
/* fall through */
|
||||
case CHECKSUM_NONE:
|
||||
hsum = skb_checksum(skb, 0, dataoff, 0);
|
||||
skb->csum = ~csum_unfold(csum_ipv6_magic(&ip6h->saddr,
|
||||
&ip6h->daddr,
|
||||
skb->len - dataoff,
|
||||
protocol,
|
||||
csum_sub(0, hsum)));
|
||||
skb->ip_summed = CHECKSUM_NONE;
|
||||
csum = __skb_checksum_complete_head(skb, dataoff + len);
|
||||
if (!csum)
|
||||
skb->ip_summed = CHECKSUM_UNNECESSARY;
|
||||
}
|
||||
return csum;
|
||||
};
|
||||
|
||||
static const struct nf_afinfo nf_ip6_afinfo = {
|
||||
.family = AF_INET6,
|
||||
.checksum = nf_ip6_checksum,
|
||||
.route = nf_ip6_route,
|
||||
.saveroute = nf_ip6_saveroute,
|
||||
.reroute = nf_ip6_reroute,
|
||||
.route_key_size = sizeof(struct ip6_rt_info),
|
||||
.family = AF_INET6,
|
||||
.checksum = nf_ip6_checksum,
|
||||
.checksum_partial = nf_ip6_checksum_partial,
|
||||
.route = nf_ip6_route,
|
||||
.saveroute = nf_ip6_saveroute,
|
||||
.reroute = nf_ip6_reroute,
|
||||
.route_key_size = sizeof(struct ip6_rt_info),
|
||||
};
|
||||
|
||||
int __init ipv6_netfilter_init(void)
|
||||
|
||||
@@ -325,7 +325,7 @@ static void trace_packet(struct sk_buff *skb,
|
||||
struct ip6t_entry *e)
|
||||
{
|
||||
void *table_base;
|
||||
struct ip6t_entry *root;
|
||||
const struct ip6t_entry *root;
|
||||
char *hookname, *chainname, *comment;
|
||||
unsigned int rulenum = 0;
|
||||
|
||||
@@ -952,7 +952,7 @@ static struct xt_counters *alloc_counters(struct xt_table *table)
|
||||
{
|
||||
unsigned int countersize;
|
||||
struct xt_counters *counters;
|
||||
struct xt_table_info *private = table->private;
|
||||
const struct xt_table_info *private = table->private;
|
||||
|
||||
/* We need atomic snapshot of counters: rest doesn't change
|
||||
(other than comefrom, which userspace doesn't care
|
||||
@@ -979,9 +979,9 @@ copy_entries_to_user(unsigned int total_size,
|
||||
unsigned int off, num;
|
||||
struct ip6t_entry *e;
|
||||
struct xt_counters *counters;
|
||||
struct xt_table_info *private = table->private;
|
||||
const struct xt_table_info *private = table->private;
|
||||
int ret = 0;
|
||||
void *loc_cpu_entry;
|
||||
const void *loc_cpu_entry;
|
||||
|
||||
counters = alloc_counters(table);
|
||||
if (IS_ERR(counters))
|
||||
@@ -1001,8 +1001,8 @@ copy_entries_to_user(unsigned int total_size,
|
||||
/* ... then go back and fix counters and names */
|
||||
for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){
|
||||
unsigned int i;
|
||||
struct ip6t_entry_match *m;
|
||||
struct ip6t_entry_target *t;
|
||||
const struct ip6t_entry_match *m;
|
||||
const struct ip6t_entry_target *t;
|
||||
|
||||
e = (struct ip6t_entry *)(loc_cpu_entry + off);
|
||||
if (copy_to_user(userptr + off
|
||||
@@ -1142,7 +1142,7 @@ static int get_info(struct net *net, void __user *user, int *len, int compat)
|
||||
"ip6table_%s", name);
|
||||
if (t && !IS_ERR(t)) {
|
||||
struct ip6t_getinfo info;
|
||||
struct xt_table_info *private = t->private;
|
||||
const struct xt_table_info *private = t->private;
|
||||
|
||||
#ifdef CONFIG_COMPAT
|
||||
if (compat) {
|
||||
@@ -1206,7 +1206,7 @@ get_entries(struct net *net, struct ip6t_get_entries __user *uptr, int *len)
|
||||
else {
|
||||
duprintf("get_entries: I've got %u not %u!\n",
|
||||
private->size, get.size);
|
||||
ret = -EINVAL;
|
||||
ret = -EAGAIN;
|
||||
}
|
||||
module_put(t->me);
|
||||
xt_table_unlock(t);
|
||||
@@ -1225,7 +1225,7 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks,
|
||||
struct xt_table *t;
|
||||
struct xt_table_info *oldinfo;
|
||||
struct xt_counters *counters;
|
||||
void *loc_cpu_old_entry;
|
||||
const void *loc_cpu_old_entry;
|
||||
|
||||
ret = 0;
|
||||
counters = vmalloc_node(num_counters * sizeof(struct xt_counters),
|
||||
@@ -1369,9 +1369,9 @@ do_add_counters(struct net *net, void __user *user, unsigned int len,
|
||||
int size;
|
||||
void *ptmp;
|
||||
struct xt_table *t;
|
||||
struct xt_table_info *private;
|
||||
const struct xt_table_info *private;
|
||||
int ret = 0;
|
||||
void *loc_cpu_entry;
|
||||
const void *loc_cpu_entry;
|
||||
#ifdef CONFIG_COMPAT
|
||||
struct compat_xt_counters_info compat_tmp;
|
||||
|
||||
@@ -1905,11 +1905,11 @@ compat_copy_entries_to_user(unsigned int total_size, struct xt_table *table,
|
||||
void __user *userptr)
|
||||
{
|
||||
struct xt_counters *counters;
|
||||
struct xt_table_info *private = table->private;
|
||||
const struct xt_table_info *private = table->private;
|
||||
void __user *pos;
|
||||
unsigned int size;
|
||||
int ret = 0;
|
||||
void *loc_cpu_entry;
|
||||
const void *loc_cpu_entry;
|
||||
unsigned int i = 0;
|
||||
|
||||
counters = alloc_counters(table);
|
||||
@@ -1956,7 +1956,7 @@ compat_get_entries(struct net *net, struct compat_ip6t_get_entries __user *uptr,
|
||||
xt_compat_lock(AF_INET6);
|
||||
t = xt_find_table_lock(net, AF_INET6, get.name);
|
||||
if (t && !IS_ERR(t)) {
|
||||
struct xt_table_info *private = t->private;
|
||||
const struct xt_table_info *private = t->private;
|
||||
struct xt_table_info info;
|
||||
duprintf("t->private->number = %u\n", private->number);
|
||||
ret = compat_table_info(private, &info);
|
||||
@@ -1966,7 +1966,7 @@ compat_get_entries(struct net *net, struct compat_ip6t_get_entries __user *uptr,
|
||||
} else if (!ret) {
|
||||
duprintf("compat_get_entries: I've got %u not %u!\n",
|
||||
private->size, get.size);
|
||||
ret = -EINVAL;
|
||||
ret = -EAGAIN;
|
||||
}
|
||||
xt_compat_flush_offsets(AF_INET6);
|
||||
module_put(t->me);
|
||||
@@ -2155,7 +2155,8 @@ icmp6_match(const struct sk_buff *skb,
|
||||
unsigned int protoff,
|
||||
bool *hotdrop)
|
||||
{
|
||||
struct icmp6hdr _icmph, *ic;
|
||||
const struct icmp6hdr *ic;
|
||||
struct icmp6hdr _icmph;
|
||||
const struct ip6t_icmp *icmpinfo = matchinfo;
|
||||
|
||||
/* Must not be a fragment. */
|
||||
|
||||
@@ -363,11 +363,15 @@ static void dump_packet(const struct nf_loginfo *info,
|
||||
if ((logflags & IP6T_LOG_UID) && recurse && skb->sk) {
|
||||
read_lock_bh(&skb->sk->sk_callback_lock);
|
||||
if (skb->sk->sk_socket && skb->sk->sk_socket->file)
|
||||
printk("UID=%u GID=%u",
|
||||
printk("UID=%u GID=%u ",
|
||||
skb->sk->sk_socket->file->f_uid,
|
||||
skb->sk->sk_socket->file->f_gid);
|
||||
read_unlock_bh(&skb->sk->sk_callback_lock);
|
||||
}
|
||||
|
||||
/* Max length: 16 "MARK=0xFFFFFFFF " */
|
||||
if (!recurse && skb->mark)
|
||||
printk("MARK=0x%x ", skb->mark);
|
||||
}
|
||||
|
||||
static struct nf_loginfo default_loginfo = {
|
||||
|
||||
@@ -41,7 +41,8 @@ static void send_reset(struct sk_buff *oldskb)
|
||||
struct tcphdr otcph, *tcph;
|
||||
unsigned int otcplen, hh_len;
|
||||
int tcphoff, needs_ack;
|
||||
struct ipv6hdr *oip6h = ipv6_hdr(oldskb), *ip6h;
|
||||
const struct ipv6hdr *oip6h = ipv6_hdr(oldskb);
|
||||
struct ipv6hdr *ip6h;
|
||||
struct dst_entry *dst = NULL;
|
||||
u8 proto;
|
||||
struct flowi fl;
|
||||
|
||||
@@ -49,7 +49,8 @@ ipv6header_mt6(const struct sk_buff *skb, const struct net_device *in,
|
||||
temp = 0;
|
||||
|
||||
while (ip6t_ext_hdr(nexthdr)) {
|
||||
struct ipv6_opt_hdr _hdr, *hp;
|
||||
const struct ipv6_opt_hdr *hp;
|
||||
struct ipv6_opt_hdr _hdr;
|
||||
int hdrlen;
|
||||
|
||||
/* Is there enough space for the next ext header? */
|
||||
|
||||
@@ -110,7 +110,8 @@ rt_mt6(const struct sk_buff *skb, const struct net_device *in,
|
||||
!!(rtinfo->invflags & IP6T_RT_INV_TYP)));
|
||||
|
||||
if (ret && (rtinfo->flags & IP6T_RT_RES)) {
|
||||
u_int32_t *rp, _reserved;
|
||||
const u_int32_t *rp;
|
||||
u_int32_t _reserved;
|
||||
rp = skb_header_pointer(skb,
|
||||
ptr + offsetof(struct rt0_hdr,
|
||||
reserved),
|
||||
|
||||
@@ -54,7 +54,7 @@ static struct
|
||||
static struct xt_table packet_filter = {
|
||||
.name = "filter",
|
||||
.valid_hooks = FILTER_VALID_HOOKS,
|
||||
.lock = RW_LOCK_UNLOCKED,
|
||||
.lock = __RW_LOCK_UNLOCKED(packet_filter.lock),
|
||||
.me = THIS_MODULE,
|
||||
.af = AF_INET6,
|
||||
};
|
||||
|
||||
@@ -60,7 +60,7 @@ static struct
|
||||
static struct xt_table packet_mangler = {
|
||||
.name = "mangle",
|
||||
.valid_hooks = MANGLE_VALID_HOOKS,
|
||||
.lock = RW_LOCK_UNLOCKED,
|
||||
.lock = __RW_LOCK_UNLOCKED(packet_mangler.lock),
|
||||
.me = THIS_MODULE,
|
||||
.af = AF_INET6,
|
||||
};
|
||||
|
||||
@@ -38,7 +38,7 @@ static struct
|
||||
static struct xt_table packet_raw = {
|
||||
.name = "raw",
|
||||
.valid_hooks = RAW_VALID_HOOKS,
|
||||
.lock = RW_LOCK_UNLOCKED,
|
||||
.lock = __RW_LOCK_UNLOCKED(packet_raw.lock),
|
||||
.me = THIS_MODULE,
|
||||
.af = AF_INET6,
|
||||
};
|
||||
|
||||
@@ -27,8 +27,8 @@
|
||||
#include <net/netfilter/nf_conntrack_l3proto.h>
|
||||
#include <net/netfilter/nf_conntrack_core.h>
|
||||
|
||||
static int ipv6_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff,
|
||||
struct nf_conntrack_tuple *tuple)
|
||||
static bool ipv6_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff,
|
||||
struct nf_conntrack_tuple *tuple)
|
||||
{
|
||||
const u_int32_t *ap;
|
||||
u_int32_t _addrs[8];
|
||||
@@ -36,21 +36,21 @@ static int ipv6_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff,
|
||||
ap = skb_header_pointer(skb, nhoff + offsetof(struct ipv6hdr, saddr),
|
||||
sizeof(_addrs), _addrs);
|
||||
if (ap == NULL)
|
||||
return 0;
|
||||
return false;
|
||||
|
||||
memcpy(tuple->src.u3.ip6, ap, sizeof(tuple->src.u3.ip6));
|
||||
memcpy(tuple->dst.u3.ip6, ap + 4, sizeof(tuple->dst.u3.ip6));
|
||||
|
||||
return 1;
|
||||
return true;
|
||||
}
|
||||
|
||||
static int ipv6_invert_tuple(struct nf_conntrack_tuple *tuple,
|
||||
const struct nf_conntrack_tuple *orig)
|
||||
static bool ipv6_invert_tuple(struct nf_conntrack_tuple *tuple,
|
||||
const struct nf_conntrack_tuple *orig)
|
||||
{
|
||||
memcpy(tuple->src.u3.ip6, orig->dst.u3.ip6, sizeof(tuple->src.u3.ip6));
|
||||
memcpy(tuple->dst.u3.ip6, orig->src.u3.ip6, sizeof(tuple->dst.u3.ip6));
|
||||
|
||||
return 1;
|
||||
return true;
|
||||
}
|
||||
|
||||
static int ipv6_print_tuple(struct seq_file *s,
|
||||
|
||||
@@ -28,21 +28,21 @@
|
||||
|
||||
static unsigned long nf_ct_icmpv6_timeout __read_mostly = 30*HZ;
|
||||
|
||||
static int icmpv6_pkt_to_tuple(const struct sk_buff *skb,
|
||||
unsigned int dataoff,
|
||||
struct nf_conntrack_tuple *tuple)
|
||||
static bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
|
||||
unsigned int dataoff,
|
||||
struct nf_conntrack_tuple *tuple)
|
||||
{
|
||||
const struct icmp6hdr *hp;
|
||||
struct icmp6hdr _hdr;
|
||||
|
||||
hp = skb_header_pointer(skb, dataoff, sizeof(_hdr), &_hdr);
|
||||
if (hp == NULL)
|
||||
return 0;
|
||||
return false;
|
||||
tuple->dst.u.icmp.type = hp->icmp6_type;
|
||||
tuple->src.u.icmp.id = hp->icmp6_identifier;
|
||||
tuple->dst.u.icmp.code = hp->icmp6_code;
|
||||
|
||||
return 1;
|
||||
return true;
|
||||
}
|
||||
|
||||
/* Add 1; spaces filled with 0. */
|
||||
@@ -53,17 +53,17 @@ static const u_int8_t invmap[] = {
|
||||
[ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY +1
|
||||
};
|
||||
|
||||
static int icmpv6_invert_tuple(struct nf_conntrack_tuple *tuple,
|
||||
const struct nf_conntrack_tuple *orig)
|
||||
static bool icmpv6_invert_tuple(struct nf_conntrack_tuple *tuple,
|
||||
const struct nf_conntrack_tuple *orig)
|
||||
{
|
||||
int type = orig->dst.u.icmp.type - 128;
|
||||
if (type < 0 || type >= sizeof(invmap) || !invmap[type])
|
||||
return 0;
|
||||
return false;
|
||||
|
||||
tuple->src.u.icmp.id = orig->src.u.icmp.id;
|
||||
tuple->dst.u.icmp.type = invmap[type] - 1;
|
||||
tuple->dst.u.icmp.code = orig->dst.u.icmp.code;
|
||||
return 1;
|
||||
return true;
|
||||
}
|
||||
|
||||
/* Print out the per-protocol part of the tuple. */
|
||||
@@ -102,9 +102,8 @@ static int icmpv6_packet(struct nf_conn *ct,
|
||||
}
|
||||
|
||||
/* Called when a new connection for this protocol found. */
|
||||
static int icmpv6_new(struct nf_conn *ct,
|
||||
const struct sk_buff *skb,
|
||||
unsigned int dataoff)
|
||||
static bool icmpv6_new(struct nf_conn *ct, const struct sk_buff *skb,
|
||||
unsigned int dataoff)
|
||||
{
|
||||
static const u_int8_t valid_new[] = {
|
||||
[ICMPV6_ECHO_REQUEST - 128] = 1,
|
||||
@@ -116,11 +115,11 @@ static int icmpv6_new(struct nf_conn *ct,
|
||||
/* Can't create a new ICMPv6 `conn' with this. */
|
||||
pr_debug("icmpv6: can't create new conn with type %u\n",
|
||||
type + 128);
|
||||
NF_CT_DUMP_TUPLE(&ct->tuplehash[0].tuple);
|
||||
return 0;
|
||||
nf_ct_dump_tuple_ipv6(&ct->tuplehash[0].tuple);
|
||||
return false;
|
||||
}
|
||||
atomic_set(&ct->proto.icmp.count, 0);
|
||||
return 1;
|
||||
return true;
|
||||
}
|
||||
|
||||
static int
|
||||
|
||||
@@ -103,8 +103,8 @@ struct ctl_table nf_ct_ipv6_sysctl_table[] = {
|
||||
};
|
||||
#endif
|
||||
|
||||
static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr,
|
||||
struct in6_addr *daddr)
|
||||
static unsigned int ip6qhashfn(__be32 id, const struct in6_addr *saddr,
|
||||
const struct in6_addr *daddr)
|
||||
{
|
||||
u32 a, b, c;
|
||||
|
||||
@@ -132,7 +132,7 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr,
|
||||
|
||||
static unsigned int nf_hashfn(struct inet_frag_queue *q)
|
||||
{
|
||||
struct nf_ct_frag6_queue *nq;
|
||||
const struct nf_ct_frag6_queue *nq;
|
||||
|
||||
nq = container_of(q, struct nf_ct_frag6_queue, q);
|
||||
return ip6qhashfn(nq->id, &nq->saddr, &nq->daddr);
|
||||
@@ -222,7 +222,7 @@ oom:
|
||||
|
||||
|
||||
static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb,
|
||||
struct frag_hdr *fhdr, int nhoff)
|
||||
const struct frag_hdr *fhdr, int nhoff)
|
||||
{
|
||||
struct sk_buff *prev, *next;
|
||||
int offset, end;
|
||||
|
||||
Reference in New Issue
Block a user