tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
net: Replace NF_CT_ASSERT() with WARN_ON().
This patch removes NF_CT_ASSERT() and instead uses WARN_ON().
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
authored by
Varsha Rao
and committed by
Pablo Neira Ayuso
44d6e2f2
d1c1e39d
+45
-46
+1
-1
include/net/netfilter/nf_conntrack.h
+1
-1
include/net/netfilter/nf_conntrack.h
+1
-1
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+1
-1
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+3
-3
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
+3
-3
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
···
190
190
struct nf_conntrack_tuple target;
191
191
unsigned long statusbit;
192
192
193
-
NF_CT_ASSERT(ctinfo == IP_CT_RELATED || ctinfo == IP_CT_RELATED_REPLY);
193
+
WARN_ON(ctinfo != IP_CT_RELATED && ctinfo != IP_CT_RELATED_REPLY);
194
194
195
195
if (!skb_make_writable(skb, hdrlen + sizeof(*inside)))
196
196
return 0;
···
306
306
307
307
default:
308
308
/* ESTABLISHED */
309
-
NF_CT_ASSERT(ctinfo == IP_CT_ESTABLISHED ||
310
-
ctinfo == IP_CT_ESTABLISHED_REPLY);
309
+
WARN_ON(ctinfo != IP_CT_ESTABLISHED &&
310
+
ctinfo != IP_CT_ESTABLISHED_REPLY);
311
311
if (nf_nat_oif_changed(state->hook, ctinfo, nat, state->out))
312
312
goto oif_changed;
313
313
}
+4
-4
net/ipv4/netfilter/nf_nat_masquerade_ipv4.c
+4
-4
net/ipv4/netfilter/nf_nat_masquerade_ipv4.c
···
34
34
const struct rtable *rt;
35
35
__be32 newsrc, nh;
36
36
37
-
NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING);
37
+
WARN_ON(hooknum != NF_INET_POST_ROUTING);
38
38
39
39
ct = nf_ct_get(skb, &ctinfo);
40
40
41
-
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
42
-
ctinfo == IP_CT_RELATED_REPLY));
41
+
WARN_ON(!(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
42
+
ctinfo == IP_CT_RELATED_REPLY)));
43
43
44
44
/* Source address is 0.0.0.0 - locally generated packet that is
45
45
* probably not supposed to be masqueraded.
···
96
96
* conntracks which were associated with that device,
97
97
* and forget them.
98
98
*/
99
-
NF_CT_ASSERT(dev->ifindex != 0);
99
+
WARN_ON(dev->ifindex == 0);
100
100
101
101
nf_ct_iterate_cleanup_net(net, device_cmp,
102
102
(void *)(long)dev->ifindex, 0, 0);
+1
-1
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+1
-1
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+3
-3
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
+3
-3
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
···
196
196
struct nf_conntrack_tuple target;
197
197
unsigned long statusbit;
198
198
199
-
NF_CT_ASSERT(ctinfo == IP_CT_RELATED || ctinfo == IP_CT_RELATED_REPLY);
199
+
WARN_ON(ctinfo != IP_CT_RELATED && ctinfo != IP_CT_RELATED_REPLY);
200
200
201
201
if (!skb_make_writable(skb, hdrlen + sizeof(*inside)))
202
202
return 0;
···
319
319
320
320
default:
321
321
/* ESTABLISHED */
322
-
NF_CT_ASSERT(ctinfo == IP_CT_ESTABLISHED ||
323
-
ctinfo == IP_CT_ESTABLISHED_REPLY);
322
+
WARN_ON(ctinfo != IP_CT_ESTABLISHED &&
323
+
ctinfo != IP_CT_ESTABLISHED_REPLY);
324
324
if (nf_nat_oif_changed(state->hook, ctinfo, nat, state->out))
325
325
goto oif_changed;
326
326
}
+2
-2
net/ipv6/netfilter/nf_nat_masquerade_ipv6.c
+2
-2
net/ipv6/netfilter/nf_nat_masquerade_ipv6.c
···
36
36
struct nf_nat_range newrange;
37
37
38
38
ct = nf_ct_get(skb, &ctinfo);
39
-
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
40
-
ctinfo == IP_CT_RELATED_REPLY));
39
+
WARN_ON(!(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
40
+
ctinfo == IP_CT_RELATED_REPLY)));
41
41
42
42
if (ipv6_dev_get_saddr(nf_ct_net(ct), out,
43
43
&ipv6_hdr(skb)->daddr, 0, &src) < 0)
+5
-6
net/netfilter/nf_conntrack_core.c
+5
-6
net/netfilter/nf_conntrack_core.c
···
403
403
const struct nf_conntrack_l4proto *l4proto;
404
404
405
405
pr_debug("destroy_conntrack(%p)\n", ct);
406
-
NF_CT_ASSERT(atomic_read(&nfct->use) == 0);
406
+
WARN_ON(atomic_read(&nfct->use) != 0);
407
407
408
408
if (unlikely(nf_ct_is_template(ct))) {
409
409
nf_ct_tmpl_free(ct);
···
756
756
* connections for unconfirmed conns. But packet copies and
757
757
* REJECT will give spurious warnings here.
758
758
*/
759
-
/* NF_CT_ASSERT(atomic_read(&ct->ct_general.use) == 1); */
760
759
761
760
/* No external references means no one else could have
762
761
* confirmed us.
763
762
*/
764
-
NF_CT_ASSERT(!nf_ct_is_confirmed(ct));
763
+
WARN_ON(nf_ct_is_confirmed(ct));
765
764
pr_debug("Confirming conntrack %p\n", ct);
766
765
/* We have to check the DYING flag after unlink to prevent
767
766
* a race against nf_ct_get_next_corpse() possibly called from
···
1159
1160
/* A freed object has refcnt == 0, that's
1160
1161
* the golden rule for SLAB_TYPESAFE_BY_RCU
1161
1162
*/
1162
-
NF_CT_ASSERT(atomic_read(&ct->ct_general.use) == 0);
1163
+
WARN_ON(atomic_read(&ct->ct_general.use) != 0);
1163
1164
1164
1165
nf_ct_ext_destroy(ct);
1165
1166
nf_ct_ext_free(ct);
···
1467
1468
struct nf_conn_help *help = nfct_help(ct);
1468
1469
1469
1470
/* Should be unconfirmed, so not in hash table yet */
1470
-
NF_CT_ASSERT(!nf_ct_is_confirmed(ct));
1471
+
WARN_ON(nf_ct_is_confirmed(ct));
1471
1472
1472
1473
pr_debug("Altering reply tuple of %p to ", ct);
1473
1474
nf_ct_dump_tuple(newreply);
···
1489
1490
unsigned long extra_jiffies,
1490
1491
int do_acct)
1491
1492
{
1492
-
NF_CT_ASSERT(skb);
1493
+
WARN_ON(!skb);
1493
1494
1494
1495
/* Only update if this is not a fixed timeout */
1495
1496
if (test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status))
+2
-2
net/netfilter/nf_conntrack_expect.c
+2
-2
net/netfilter/nf_conntrack_expect.c
···
51
51
struct nf_conn_help *master_help = nfct_help(exp->master);
52
52
struct net *net = nf_ct_exp_net(exp);
53
53
54
-
NF_CT_ASSERT(master_help);
55
-
NF_CT_ASSERT(!timer_pending(&exp->timeout));
54
+
WARN_ON(!master_help);
55
+
WARN_ON(timer_pending(&exp->timeout));
56
56
57
57
hlist_del_rcu(&exp->hnode);
58
58
net->ct.expect_count--;
+1
-1
net/netfilter/nf_conntrack_extend.c
+1
-1
net/netfilter/nf_conntrack_extend.c
+3
-3
net/netfilter/nf_conntrack_standalone.c
+3
-3
net/netfilter/nf_conntrack_standalone.c
···
287
287
struct net *net = seq_file_net(s);
288
288
int ret = 0;
289
289
290
-
NF_CT_ASSERT(ct);
290
+
WARN_ON(!ct);
291
291
if (unlikely(!atomic_inc_not_zero(&ct->ct_general.use)))
292
292
return 0;
293
293
···
304
304
goto release;
305
305
306
306
l3proto = __nf_ct_l3proto_find(nf_ct_l3num(ct));
307
-
NF_CT_ASSERT(l3proto);
307
+
WARN_ON(!l3proto);
308
308
l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct));
309
-
NF_CT_ASSERT(l4proto);
309
+
WARN_ON(!l4proto);
310
310
311
311
ret = -ENOSPC;
312
312
seq_printf(s, "%-8s %u %-8s %u %ld ",
+2
-2
net/netfilter/nf_nat_core.c
+2
-2
net/netfilter/nf_nat_core.c
···
414
414
if (nf_ct_is_confirmed(ct))
415
415
return NF_ACCEPT;
416
416
417
-
NF_CT_ASSERT(maniptype == NF_NAT_MANIP_SRC ||
418
-
maniptype == NF_NAT_MANIP_DST);
417
+
WARN_ON(maniptype != NF_NAT_MANIP_SRC &&
418
+
maniptype != NF_NAT_MANIP_DST);
419
419
BUG_ON(nf_nat_initialized(ct, maniptype));
420
420
421
421
/* What we've got will look like inverse of reply. Normally
+3
-3
net/netfilter/nf_nat_redirect.c
+3
-3
net/netfilter/nf_nat_redirect.c
···
38
38
__be32 newdst;
39
39
struct nf_nat_range newrange;
40
40
41
-
NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING ||
42
-
hooknum == NF_INET_LOCAL_OUT);
41
+
WARN_ON(hooknum != NF_INET_PRE_ROUTING &&
42
+
hooknum != NF_INET_LOCAL_OUT);
43
43
44
44
ct = nf_ct_get(skb, &ctinfo);
45
-
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
45
+
WARN_ON(!(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)));
46
46
47
47
/* Local packets: make them go to loopback */
48
48
if (hooknum == NF_INET_LOCAL_OUT) {
+4
-4
net/netfilter/xt_NETMAP.c
+4
-4
net/netfilter/xt_NETMAP.c
···
77
77
const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
78
78
struct nf_nat_range newrange;
79
79
80
-
NF_CT_ASSERT(xt_hooknum(par) == NF_INET_PRE_ROUTING ||
81
-
xt_hooknum(par) == NF_INET_POST_ROUTING ||
82
-
xt_hooknum(par) == NF_INET_LOCAL_OUT ||
83
-
xt_hooknum(par) == NF_INET_LOCAL_IN);
80
+
WARN_ON(xt_hooknum(par) != NF_INET_PRE_ROUTING &&
81
+
xt_hooknum(par) != NF_INET_POST_ROUTING &&
82
+
xt_hooknum(par) != NF_INET_LOCAL_OUT &&
83
+
xt_hooknum(par) != NF_INET_LOCAL_IN);
84
84
ct = nf_ct_get(skb, &ctinfo);
85
85
86
86
netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
+10
-10
net/netfilter/xt_nat.c
+10
-10
net/netfilter/xt_nat.c
···
58
58
struct nf_conn *ct;
59
59
60
60
ct = nf_ct_get(skb, &ctinfo);
61
-
NF_CT_ASSERT(ct != NULL &&
62
-
(ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
63
-
ctinfo == IP_CT_RELATED_REPLY));
61
+
WARN_ON(!(ct != NULL &&
62
+
(ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
63
+
ctinfo == IP_CT_RELATED_REPLY)));
64
64
65
65
xt_nat_convert_range(&range, &mr->range[0]);
66
66
return nf_nat_setup_info(ct, &range, NF_NAT_MANIP_SRC);
···
75
75
struct nf_conn *ct;
76
76
77
77
ct = nf_ct_get(skb, &ctinfo);
78
-
NF_CT_ASSERT(ct != NULL &&
79
-
(ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
78
+
WARN_ON(!(ct != NULL &&
79
+
(ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)));
80
80
81
81
xt_nat_convert_range(&range, &mr->range[0]);
82
82
return nf_nat_setup_info(ct, &range, NF_NAT_MANIP_DST);
···
90
90
struct nf_conn *ct;
91
91
92
92
ct = nf_ct_get(skb, &ctinfo);
93
-
NF_CT_ASSERT(ct != NULL &&
94
-
(ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
95
-
ctinfo == IP_CT_RELATED_REPLY));
93
+
WARN_ON(!(ct != NULL &&
94
+
(ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
95
+
ctinfo == IP_CT_RELATED_REPLY)));
96
96
97
97
return nf_nat_setup_info(ct, range, NF_NAT_MANIP_SRC);
98
98
}
···
105
105
struct nf_conn *ct;
106
106
107
107
ct = nf_ct_get(skb, &ctinfo);
108
-
NF_CT_ASSERT(ct != NULL &&
109
-
(ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
108
+
WARN_ON(!(ct != NULL &&
109
+
(ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)));
110
110
111
111
return nf_nat_setup_info(ct, range, NF_NAT_MANIP_DST);
112
112
}