Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
+7
-5
drivers/atm/zatm.c
+7
-5
drivers/atm/zatm.c
···
669
u32 *put;
670
int i;
671
672
-
dsc = (u32 *) kmalloc(uPD98401_TXPD_SIZE*2+
673
-
uPD98401_TXBD_SIZE*ATM_SKB(skb)->iovcnt,GFP_ATOMIC);
674
if (!dsc) {
675
-
if (vcc->pop) vcc->pop(vcc,skb);
676
-
else dev_kfree_skb_irq(skb);
677
return -EAGAIN;
678
}
679
/* @@@ should check alignment */
···
685
(ATM_SKB(skb)->atm_options & ATM_ATMOPT_CLP ?
686
uPD98401_CLPM_1 : uPD98401_CLPM_0));
687
dsc[1] = 0;
688
-
dsc[2] = ATM_SKB(skb)->iovcnt*uPD98401_TXBD_SIZE;
689
dsc[3] = virt_to_bus(put);
690
for (i = 0; i < ATM_SKB(skb)->iovcnt; i++) {
691
*put++ = ((struct iovec *) skb->data)[i].iov_len;
···
669
u32 *put;
670
int i;
671
672
+
dsc = kmalloc(uPD98401_TXPD_SIZE * 2 +
673
+
uPD98401_TXBD_SIZE * ATM_SKB(skb)->iovcnt, GFP_ATOMIC);
674
if (!dsc) {
675
+
if (vcc->pop)
676
+
vcc->pop(vcc, skb);
677
+
else
678
+
dev_kfree_skb_irq(skb);
679
return -EAGAIN;
680
}
681
/* @@@ should check alignment */
···
683
(ATM_SKB(skb)->atm_options & ATM_ATMOPT_CLP ?
684
uPD98401_CLPM_1 : uPD98401_CLPM_0));
685
dsc[1] = 0;
686
+
dsc[2] = ATM_SKB(skb)->iovcnt * uPD98401_TXBD_SIZE;
687
dsc[3] = virt_to_bus(put);
688
for (i = 0; i < ATM_SKB(skb)->iovcnt; i++) {
689
*put++ = ((struct iovec *) skb->data)[i].iov_len;
+1
-2
drivers/net/irda/Kconfig
+1
-2
drivers/net/irda/Kconfig
···
1
-
2
menu "Infrared-port device drivers"
3
depends on IRDA!=n
4
···
155
156
config DONGLE_OLD
157
bool "Old Serial dongle support"
158
-
depends on (IRTTY_OLD || IRPORT_SIR) && BROKEN_ON_SMP
159
help
160
Say Y here if you have an infrared device that connects to your
161
computer's serial port. These devices are called dongles. Then say Y
···
1
menu "Infrared-port device drivers"
2
depends on IRDA!=n
3
···
156
157
config DONGLE_OLD
158
bool "Old Serial dongle support"
159
+
depends on IRPORT_SIR && BROKEN_ON_SMP
160
help
161
Say Y here if you have an infrared device that connects to your
162
computer's serial port. These devices are called dongles. Then say Y
+1
-1
drivers/net/irda/Makefile
+1
-1
drivers/net/irda/Makefile
-2
drivers/net/irda/sir-dev.h
-2
drivers/net/irda/sir-dev.h
-56
drivers/net/irda/sir_core.c
-56
drivers/net/irda/sir_core.c
···
1
-
/*********************************************************************
2
-
*
3
-
* sir_core.c: module core for irda-sir abstraction layer
4
-
*
5
-
* Copyright (c) 2002 Martin Diehl
6
-
*
7
-
* This program is free software; you can redistribute it and/or
8
-
* modify it under the terms of the GNU General Public License as
9
-
* published by the Free Software Foundation; either version 2 of
10
-
* the License, or (at your option) any later version.
11
-
*
12
-
********************************************************************/
13
-
14
-
#include <linux/module.h>
15
-
#include <linux/kernel.h>
16
-
#include <linux/init.h>
17
-
18
-
#include <net/irda/irda.h>
19
-
20
-
#include "sir-dev.h"
21
-
22
-
/***************************************************************************/
23
-
24
-
MODULE_AUTHOR("Martin Diehl <info@mdiehl.de>");
25
-
MODULE_DESCRIPTION("IrDA SIR core");
26
-
MODULE_LICENSE("GPL");
27
-
28
-
/***************************************************************************/
29
-
30
-
EXPORT_SYMBOL(irda_register_dongle);
31
-
EXPORT_SYMBOL(irda_unregister_dongle);
32
-
33
-
EXPORT_SYMBOL(sirdev_get_instance);
34
-
EXPORT_SYMBOL(sirdev_put_instance);
35
-
36
-
EXPORT_SYMBOL(sirdev_set_dongle);
37
-
EXPORT_SYMBOL(sirdev_write_complete);
38
-
EXPORT_SYMBOL(sirdev_receive);
39
-
40
-
EXPORT_SYMBOL(sirdev_raw_write);
41
-
EXPORT_SYMBOL(sirdev_raw_read);
42
-
EXPORT_SYMBOL(sirdev_set_dtr_rts);
43
-
44
-
static int __init sir_core_init(void)
45
-
{
46
-
return irda_thread_create();
47
-
}
48
-
49
-
static void __exit sir_core_exit(void)
50
-
{
51
-
irda_thread_join();
52
-
}
53
-
54
-
module_init(sir_core_init);
55
-
module_exit(sir_core_exit);
56
-
···
+9
-1
drivers/net/irda/sir_dev.c
+9
-1
drivers/net/irda/sir_dev.c
···
60
up(&dev->fsm.sem);
61
return err;
62
}
63
64
/* used by dongle drivers for dongle programming */
65
···
95
spin_unlock_irqrestore(&dev->tx_lock, flags);
96
return ret;
97
}
98
99
/* seems some dongle drivers may need this */
100
···
118
119
return count;
120
}
121
122
int sirdev_set_dtr_rts(struct sir_dev *dev, int dtr, int rts)
123
{
···
127
ret = dev->drv->set_dtr_rts(dev, dtr, rts);
128
return ret;
129
}
130
-
131
/**********************************************************************/
132
133
/* called from client driver - likely with bh-context - to indicate
···
231
done:
232
spin_unlock_irqrestore(&dev->tx_lock, flags);
233
}
234
235
/* called from client driver - likely with bh-context - to give us
236
* some more received bytes. We put them into the rx-buffer,
···
284
285
return 0;
286
}
287
288
/**********************************************************************/
289
···
647
out:
648
return NULL;
649
}
650
651
int sirdev_put_instance(struct sir_dev *dev)
652
{
···
680
681
return 0;
682
}
683
···
60
up(&dev->fsm.sem);
61
return err;
62
}
63
+
EXPORT_SYMBOL(sirdev_set_dongle);
64
65
/* used by dongle drivers for dongle programming */
66
···
94
spin_unlock_irqrestore(&dev->tx_lock, flags);
95
return ret;
96
}
97
+
EXPORT_SYMBOL(sirdev_raw_write);
98
99
/* seems some dongle drivers may need this */
100
···
116
117
return count;
118
}
119
+
EXPORT_SYMBOL(sirdev_raw_read);
120
121
int sirdev_set_dtr_rts(struct sir_dev *dev, int dtr, int rts)
122
{
···
124
ret = dev->drv->set_dtr_rts(dev, dtr, rts);
125
return ret;
126
}
127
+
EXPORT_SYMBOL(sirdev_set_dtr_rts);
128
+
129
/**********************************************************************/
130
131
/* called from client driver - likely with bh-context - to indicate
···
227
done:
228
spin_unlock_irqrestore(&dev->tx_lock, flags);
229
}
230
+
EXPORT_SYMBOL(sirdev_write_complete);
231
232
/* called from client driver - likely with bh-context - to give us
233
* some more received bytes. We put them into the rx-buffer,
···
279
280
return 0;
281
}
282
+
EXPORT_SYMBOL(sirdev_receive);
283
284
/**********************************************************************/
285
···
641
out:
642
return NULL;
643
}
644
+
EXPORT_SYMBOL(sirdev_get_instance);
645
646
int sirdev_put_instance(struct sir_dev *dev)
647
{
···
673
674
return 0;
675
}
676
+
EXPORT_SYMBOL(sirdev_put_instance);
677
+2
drivers/net/irda/sir_dongle.c
+2
drivers/net/irda/sir_dongle.c
···
50
up(&dongle_list_lock);
51
return 0;
52
}
53
+
EXPORT_SYMBOL(irda_register_dongle);
54
55
int irda_unregister_dongle(struct dongle_driver *drv)
56
{
···
58
up(&dongle_list_lock);
59
return 0;
60
}
61
+
EXPORT_SYMBOL(irda_unregister_dongle);
62
63
int sirdev_get_dongle(struct sir_dev *dev, IRDA_DONGLE type)
64
{
+9
-2
drivers/net/irda/sir_kthread.c
+9
-2
drivers/net/irda/sir_kthread.c
···
466
return 0;
467
}
468
469
-
int __init irda_thread_create(void)
470
{
471
struct completion startup;
472
int pid;
···
488
return 0;
489
}
490
491
-
void __exit irda_thread_join(void)
492
{
493
if (irda_rq_queue.thread) {
494
flush_irda_queue();
···
498
wait_for_completion(&irda_rq_queue.exit);
499
}
500
}
501
···
466
return 0;
467
}
468
469
+
static int __init irda_thread_create(void)
470
{
471
struct completion startup;
472
int pid;
···
488
return 0;
489
}
490
491
+
static void __exit irda_thread_join(void)
492
{
493
if (irda_rq_queue.thread) {
494
flush_irda_queue();
···
498
wait_for_completion(&irda_rq_queue.exit);
499
}
500
}
501
+
502
+
module_init(irda_thread_create);
503
+
module_exit(irda_thread_join);
504
+
505
+
MODULE_AUTHOR("Martin Diehl <info@mdiehl.de>");
506
+
MODULE_DESCRIPTION("IrDA SIR core");
507
+
MODULE_LICENSE("GPL");
508
-7
include/linux/netfilter_ipv4/ip_nat_protocol.h
-7
include/linux/netfilter_ipv4/ip_nat_protocol.h
···
42
enum ip_nat_manip_type maniptype,
43
const struct ip_conntrack *conntrack);
44
45
-
unsigned int (*print)(char *buffer,
46
-
const struct ip_conntrack_tuple *match,
47
-
const struct ip_conntrack_tuple *mask);
48
-
49
-
unsigned int (*print_range)(char *buffer,
50
-
const struct ip_nat_range *range);
51
-
52
int (*range_to_nfattr)(struct sk_buff *skb,
53
const struct ip_nat_range *range);
54
+5
include/linux/netfilter_ipv6.h
+5
include/linux/netfilter_ipv6.h
···
72
NF_IP6_PRI_LAST = INT_MAX,
73
};
74
75
+
#ifdef CONFIG_NETFILTER
76
extern int ipv6_netfilter_init(void);
77
extern void ipv6_netfilter_fini(void);
78
+
#else /* CONFIG_NETFILTER */
79
+
static inline int ipv6_netfilter_init(void) { return 0; }
80
+
static inline void ipv6_netfilter_fini(void) { return; }
81
+
#endif /* CONFIG_NETFILTER */
82
83
#endif /*__LINUX_IP6_NETFILTER_H*/
+2
-2
include/net/inet_connection_sock.h
+2
-2
include/net/inet_connection_sock.h
···
83
struct timer_list icsk_delack_timer;
84
__u32 icsk_rto;
85
__u32 icsk_pmtu_cookie;
86
+
const struct tcp_congestion_ops *icsk_ca_ops;
87
+
const struct inet_connection_sock_af_ops *icsk_af_ops;
88
unsigned int (*icsk_sync_mss)(struct sock *sk, u32 pmtu);
89
__u8 icsk_ca_state;
90
__u8 icsk_retransmits;
+1
-1
net/8021q/vlan_dev.c
+1
-1
net/8021q/vlan_dev.c
+2
-2
net/atm/br2684.c
+2
-2
net/atm/br2684.c
···
296
eth = eth_hdr(skb);
297
298
if (is_multicast_ether_addr(eth->h_dest)) {
299
-
if (memcmp(eth->h_dest, dev->broadcast, ETH_ALEN) == 0)
300
skb->pkt_type = PACKET_BROADCAST;
301
else
302
skb->pkt_type = PACKET_MULTICAST;
303
}
304
305
-
else if (memcmp(eth->h_dest, dev->dev_addr, ETH_ALEN))
306
skb->pkt_type = PACKET_OTHERHOST;
307
308
if (ntohs(eth->h_proto) >= 1536)
···
296
eth = eth_hdr(skb);
297
298
if (is_multicast_ether_addr(eth->h_dest)) {
299
+
if (!compare_ether_addr(eth->h_dest, dev->broadcast))
300
skb->pkt_type = PACKET_BROADCAST;
301
else
302
skb->pkt_type = PACKET_MULTICAST;
303
}
304
305
+
else if (compare_ether_addr(eth->h_dest, dev->dev_addr))
306
skb->pkt_type = PACKET_OTHERHOST;
307
308
if (ntohs(eth->h_proto) >= 1536)
+3
-3
net/atm/lec.c
+3
-3
net/atm/lec.c
···
1321
struct sk_buff *skb;
1322
struct lec_priv *priv = (struct lec_priv*)dev->priv;
1323
1324
-
if ( memcmp(lan_dst, dev->dev_addr, ETH_ALEN) != 0 )
1325
return (0); /* not our mac address */
1326
1327
kfree(priv->tlvs); /* NULL if there was no previous association */
···
1798
1799
to_return = priv->lec_arp_tables[place];
1800
while(to_return) {
1801
-
if (memcmp(mac_addr, to_return->mac_addr, ETH_ALEN) == 0) {
1802
return to_return;
1803
}
1804
to_return = to_return->next;
···
2002
return priv->mcast_vcc;
2003
break;
2004
case 2: /* LANE2 wants arp for multicast addresses */
2005
-
if ( memcmp(mac_to_find, bus_mac, ETH_ALEN) == 0)
2006
return priv->mcast_vcc;
2007
break;
2008
default:
···
1321
struct sk_buff *skb;
1322
struct lec_priv *priv = (struct lec_priv*)dev->priv;
1323
1324
+
if (compare_ether_addr(lan_dst, dev->dev_addr))
1325
return (0); /* not our mac address */
1326
1327
kfree(priv->tlvs); /* NULL if there was no previous association */
···
1798
1799
to_return = priv->lec_arp_tables[place];
1800
while(to_return) {
1801
+
if (!compare_ether_addr(mac_addr, to_return->mac_addr)) {
1802
return to_return;
1803
}
1804
to_return = to_return->next;
···
2002
return priv->mcast_vcc;
2003
break;
2004
case 2: /* LANE2 wants arp for multicast addresses */
2005
+
if (!compare_ether_addr(mac_to_find, bus_mac))
2006
return priv->mcast_vcc;
2007
break;
2008
default:
+1
-1
net/atm/mpc.c
+1
-1
net/atm/mpc.c
+3
-3
net/bluetooth/bnep/core.c
+3
-3
net/bluetooth/bnep/core.c
···
75
76
list_for_each(p, &bnep_session_list) {
77
s = list_entry(p, struct bnep_session, list);
78
-
if (!memcmp(dst, s->eh.h_source, ETH_ALEN))
79
return s;
80
}
81
return NULL;
···
420
iv[il++] = (struct kvec) { &type, 1 };
421
len++;
422
423
-
if (!memcmp(eh->h_dest, s->eh.h_source, ETH_ALEN))
424
type |= 0x01;
425
426
-
if (!memcmp(eh->h_source, s->eh.h_dest, ETH_ALEN))
427
type |= 0x02;
428
429
if (type)
···
75
76
list_for_each(p, &bnep_session_list) {
77
s = list_entry(p, struct bnep_session, list);
78
+
if (!compare_ether_addr(dst, s->eh.h_source))
79
return s;
80
}
81
return NULL;
···
420
iv[il++] = (struct kvec) { &type, 1 };
421
len++;
422
423
+
if (!compare_ether_addr(eh->h_dest, s->eh.h_source))
424
type |= 0x01;
425
426
+
if (!compare_ether_addr(eh->h_source, s->eh.h_dest))
427
type |= 0x02;
428
429
if (type)
+1
-1
net/bluetooth/hci_conn.c
+1
-1
net/bluetooth/hci_conn.c
+3
net/bridge/netfilter/ebt_ip.c
+3
net/bridge/netfilter/ebt_ip.c
···
15
#include <linux/netfilter_bridge/ebtables.h>
16
#include <linux/netfilter_bridge/ebt_ip.h>
17
#include <linux/ip.h>
18
#include <linux/in.h>
19
#include <linux/module.h>
20
···
52
if (!(info->bitmask & EBT_IP_DPORT) &&
53
!(info->bitmask & EBT_IP_SPORT))
54
return EBT_MATCH;
55
pptr = skb_header_pointer(skb, ih->ihl*4,
56
sizeof(_ports), &_ports);
57
if (pptr == NULL)
···
15
#include <linux/netfilter_bridge/ebtables.h>
16
#include <linux/netfilter_bridge/ebt_ip.h>
17
#include <linux/ip.h>
18
+
#include <net/ip.h>
19
#include <linux/in.h>
20
#include <linux/module.h>
21
···
51
if (!(info->bitmask & EBT_IP_DPORT) &&
52
!(info->bitmask & EBT_IP_SPORT))
53
return EBT_MATCH;
54
+
if (ntohs(ih->frag_off) & IP_OFFSET)
55
+
return EBT_NOMATCH;
56
pptr = skb_header_pointer(skb, ih->ihl*4,
57
sizeof(_ports), &_ports);
58
if (pptr == NULL)
+2
-2
net/bridge/netfilter/ebt_stp.c
+2
-2
net/bridge/netfilter/ebt_stp.c
+1
-1
net/core/dv.c
+1
-1
net/core/dv.c
+1
-1
net/core/wireless.c
+1
-1
net/core/wireless.c
+7
-7
net/ieee80211/ieee80211_rx.c
+7
-7
net/ieee80211/ieee80211_rx.c
···
76
77
if (entry->skb != NULL && entry->seq == seq &&
78
(entry->last_frag + 1 == frag || frag == -1) &&
79
-
memcmp(entry->src_addr, src, ETH_ALEN) == 0 &&
80
-
memcmp(entry->dst_addr, dst, ETH_ALEN) == 0)
81
return entry;
82
}
83
···
243
/* check that the frame is unicast frame to us */
244
if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
245
IEEE80211_FCTL_TODS &&
246
-
memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0 &&
247
-
memcmp(hdr->addr3, dev->dev_addr, ETH_ALEN) == 0) {
248
/* ToDS frame with own addr BSSID and DA */
249
} else if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
250
IEEE80211_FCTL_FROMDS &&
251
-
memcmp(hdr->addr1, dev->dev_addr, ETH_ALEN) == 0) {
252
/* FromDS frame with own addr as DA */
253
} else
254
return 0;
···
505
if (ieee->iw_mode == IW_MODE_MASTER && !wds &&
506
(fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
507
IEEE80211_FCTL_FROMDS && ieee->stadev
508
-
&& memcmp(hdr->addr2, ieee->assoc_ap_addr, ETH_ALEN) == 0) {
509
/* Frame from BSSID of the AP for which we are a client */
510
skb->dev = dev = ieee->stadev;
511
stats = hostap_get_stats(dev);
···
1231
* as one network */
1232
return ((src->ssid_len == dst->ssid_len) &&
1233
(src->channel == dst->channel) &&
1234
-
!memcmp(src->bssid, dst->bssid, ETH_ALEN) &&
1235
!memcmp(src->ssid, dst->ssid, src->ssid_len));
1236
}
1237
···
76
77
if (entry->skb != NULL && entry->seq == seq &&
78
(entry->last_frag + 1 == frag || frag == -1) &&
79
+
!compare_ether_addr(entry->src_addr, src) &&
80
+
!compare_ether_addr(entry->dst_addr, dst))
81
return entry;
82
}
83
···
243
/* check that the frame is unicast frame to us */
244
if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
245
IEEE80211_FCTL_TODS &&
246
+
!compare_ether_addr(hdr->addr1, dev->dev_addr) &&
247
+
!compare_ether_addr(hdr->addr3, dev->dev_addr)) {
248
/* ToDS frame with own addr BSSID and DA */
249
} else if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
250
IEEE80211_FCTL_FROMDS &&
251
+
!compare_ether_addr(hdr->addr1, dev->dev_addr)) {
252
/* FromDS frame with own addr as DA */
253
} else
254
return 0;
···
505
if (ieee->iw_mode == IW_MODE_MASTER && !wds &&
506
(fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) ==
507
IEEE80211_FCTL_FROMDS && ieee->stadev
508
+
&& !compare_ether_addr(hdr->addr2, ieee->assoc_ap_addr)) {
509
/* Frame from BSSID of the AP for which we are a client */
510
skb->dev = dev = ieee->stadev;
511
stats = hostap_get_stats(dev);
···
1231
* as one network */
1232
return ((src->ssid_len == dst->ssid_len) &&
1233
(src->channel == dst->channel) &&
1234
+
!compare_ether_addr(src->bssid, dst->bssid) &&
1235
!memcmp(src->ssid, dst->ssid, src->ssid_len));
1236
}
1237
+2
-2
net/ipv4/Makefile
+2
-2
net/ipv4/Makefile
···
9
tcp.o tcp_input.o tcp_output.o tcp_timer.o tcp_ipv4.o \
10
tcp_minisocks.o tcp_cong.o \
11
datagram.o raw.o udp.o arp.o icmp.o devinet.o af_inet.o igmp.o \
12
-
sysctl_net_ipv4.o fib_frontend.o fib_semantics.o netfilter.o
13
14
obj-$(CONFIG_IP_FIB_HASH) += fib_hash.o
15
obj-$(CONFIG_IP_FIB_TRIE) += fib_trie.o
···
28
obj-$(CONFIG_IP_ROUTE_MULTIPATH_RANDOM) += multipath_random.o
29
obj-$(CONFIG_IP_ROUTE_MULTIPATH_WRANDOM) += multipath_wrandom.o
30
obj-$(CONFIG_IP_ROUTE_MULTIPATH_DRR) += multipath_drr.o
31
-
obj-$(CONFIG_NETFILTER) += netfilter/
32
obj-$(CONFIG_IP_VS) += ipvs/
33
obj-$(CONFIG_INET_DIAG) += inet_diag.o
34
obj-$(CONFIG_IP_ROUTE_MULTIPATH_CACHED) += multipath.o
···
9
tcp.o tcp_input.o tcp_output.o tcp_timer.o tcp_ipv4.o \
10
tcp_minisocks.o tcp_cong.o \
11
datagram.o raw.o udp.o arp.o icmp.o devinet.o af_inet.o igmp.o \
12
+
sysctl_net_ipv4.o fib_frontend.o fib_semantics.o
13
14
obj-$(CONFIG_IP_FIB_HASH) += fib_hash.o
15
obj-$(CONFIG_IP_FIB_TRIE) += fib_trie.o
···
28
obj-$(CONFIG_IP_ROUTE_MULTIPATH_RANDOM) += multipath_random.o
29
obj-$(CONFIG_IP_ROUTE_MULTIPATH_WRANDOM) += multipath_wrandom.o
30
obj-$(CONFIG_IP_ROUTE_MULTIPATH_DRR) += multipath_drr.o
31
+
obj-$(CONFIG_NETFILTER) += netfilter.o netfilter/
32
obj-$(CONFIG_IP_VS) += ipvs/
33
obj-$(CONFIG_INET_DIAG) += inet_diag.o
34
obj-$(CONFIG_IP_ROUTE_MULTIPATH_CACHED) += multipath.o
-10
net/ipv4/netfilter.c
-10
net/ipv4/netfilter.c
···
1
/* IPv4 specific functions of netfilter core */
2
-
3
-
#include <linux/config.h>
4
-
#ifdef CONFIG_NETFILTER
5
-
6
#include <linux/kernel.h>
7
#include <linux/netfilter.h>
8
#include <linux/netfilter_ipv4.h>
9
-
10
#include <linux/ip.h>
11
-
#include <linux/tcp.h>
12
-
#include <linux/udp.h>
13
-
#include <linux/icmp.h>
14
#include <net/route.h>
15
#include <net/xfrm.h>
16
#include <net/ip.h>
···
138
139
module_init(init);
140
module_exit(fini);
141
-
142
-
#endif /* CONFIG_NETFILTER */
+1
-1
net/ipv4/netfilter/ip_conntrack_proto_generic.c
+1
-1
net/ipv4/netfilter/ip_conntrack_proto_generic.c
+1
-1
net/ipv4/netfilter/ip_conntrack_proto_icmp.c
+1
-1
net/ipv4/netfilter/ip_conntrack_proto_icmp.c
+8
-8
net/ipv4/netfilter/ip_conntrack_proto_sctp.c
+8
-8
net/ipv4/netfilter/ip_conntrack_proto_sctp.c
···
58
#define HOURS * 60 MINS
59
#define DAYS * 24 HOURS
60
61
-
static unsigned long ip_ct_sctp_timeout_closed = 10 SECS;
62
-
static unsigned long ip_ct_sctp_timeout_cookie_wait = 3 SECS;
63
-
static unsigned long ip_ct_sctp_timeout_cookie_echoed = 3 SECS;
64
-
static unsigned long ip_ct_sctp_timeout_established = 5 DAYS;
65
-
static unsigned long ip_ct_sctp_timeout_shutdown_sent = 300 SECS / 1000;
66
-
static unsigned long ip_ct_sctp_timeout_shutdown_recd = 300 SECS / 1000;
67
-
static unsigned long ip_ct_sctp_timeout_shutdown_ack_sent = 3 SECS;
68
69
-
static const unsigned long * sctp_timeouts[]
70
= { NULL, /* SCTP_CONNTRACK_NONE */
71
&ip_ct_sctp_timeout_closed, /* SCTP_CONNTRACK_CLOSED */
72
&ip_ct_sctp_timeout_cookie_wait, /* SCTP_CONNTRACK_COOKIE_WAIT */
···
58
#define HOURS * 60 MINS
59
#define DAYS * 24 HOURS
60
61
+
static unsigned int ip_ct_sctp_timeout_closed = 10 SECS;
62
+
static unsigned int ip_ct_sctp_timeout_cookie_wait = 3 SECS;
63
+
static unsigned int ip_ct_sctp_timeout_cookie_echoed = 3 SECS;
64
+
static unsigned int ip_ct_sctp_timeout_established = 5 DAYS;
65
+
static unsigned int ip_ct_sctp_timeout_shutdown_sent = 300 SECS / 1000;
66
+
static unsigned int ip_ct_sctp_timeout_shutdown_recd = 300 SECS / 1000;
67
+
static unsigned int ip_ct_sctp_timeout_shutdown_ack_sent = 3 SECS;
68
69
+
static const unsigned int * sctp_timeouts[]
70
= { NULL, /* SCTP_CONNTRACK_NONE */
71
&ip_ct_sctp_timeout_closed, /* SCTP_CONNTRACK_CLOSED */
72
&ip_ct_sctp_timeout_cookie_wait, /* SCTP_CONNTRACK_COOKIE_WAIT */
+10
-10
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+10
-10
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
···
85
#define HOURS * 60 MINS
86
#define DAYS * 24 HOURS
87
88
-
unsigned long ip_ct_tcp_timeout_syn_sent = 2 MINS;
89
-
unsigned long ip_ct_tcp_timeout_syn_recv = 60 SECS;
90
-
unsigned long ip_ct_tcp_timeout_established = 5 DAYS;
91
-
unsigned long ip_ct_tcp_timeout_fin_wait = 2 MINS;
92
-
unsigned long ip_ct_tcp_timeout_close_wait = 60 SECS;
93
-
unsigned long ip_ct_tcp_timeout_last_ack = 30 SECS;
94
-
unsigned long ip_ct_tcp_timeout_time_wait = 2 MINS;
95
-
unsigned long ip_ct_tcp_timeout_close = 10 SECS;
96
97
/* RFC1122 says the R2 limit should be at least 100 seconds.
98
Linux uses 15 packets as limit, which corresponds
99
to ~13-30min depending on RTO. */
100
-
unsigned long ip_ct_tcp_timeout_max_retrans = 5 MINS;
101
102
-
static const unsigned long * tcp_timeouts[]
103
= { NULL, /* TCP_CONNTRACK_NONE */
104
&ip_ct_tcp_timeout_syn_sent, /* TCP_CONNTRACK_SYN_SENT, */
105
&ip_ct_tcp_timeout_syn_recv, /* TCP_CONNTRACK_SYN_RECV, */
···
85
#define HOURS * 60 MINS
86
#define DAYS * 24 HOURS
87
88
+
unsigned int ip_ct_tcp_timeout_syn_sent = 2 MINS;
89
+
unsigned int ip_ct_tcp_timeout_syn_recv = 60 SECS;
90
+
unsigned int ip_ct_tcp_timeout_established = 5 DAYS;
91
+
unsigned int ip_ct_tcp_timeout_fin_wait = 2 MINS;
92
+
unsigned int ip_ct_tcp_timeout_close_wait = 60 SECS;
93
+
unsigned int ip_ct_tcp_timeout_last_ack = 30 SECS;
94
+
unsigned int ip_ct_tcp_timeout_time_wait = 2 MINS;
95
+
unsigned int ip_ct_tcp_timeout_close = 10 SECS;
96
97
/* RFC1122 says the R2 limit should be at least 100 seconds.
98
Linux uses 15 packets as limit, which corresponds
99
to ~13-30min depending on RTO. */
100
+
unsigned int ip_ct_tcp_timeout_max_retrans = 5 MINS;
101
102
+
static const unsigned int * tcp_timeouts[]
103
= { NULL, /* TCP_CONNTRACK_NONE */
104
&ip_ct_tcp_timeout_syn_sent, /* TCP_CONNTRACK_SYN_SENT, */
105
&ip_ct_tcp_timeout_syn_recv, /* TCP_CONNTRACK_SYN_RECV, */
+2
-2
net/ipv4/netfilter/ip_conntrack_proto_udp.c
+2
-2
net/ipv4/netfilter/ip_conntrack_proto_udp.c
+13
-13
net/ipv4/netfilter/ip_conntrack_standalone.c
+13
-13
net/ipv4/netfilter/ip_conntrack_standalone.c
···
544
extern unsigned int ip_conntrack_htable_size;
545
546
/* From ip_conntrack_proto_tcp.c */
547
-
extern unsigned long ip_ct_tcp_timeout_syn_sent;
548
-
extern unsigned long ip_ct_tcp_timeout_syn_recv;
549
-
extern unsigned long ip_ct_tcp_timeout_established;
550
-
extern unsigned long ip_ct_tcp_timeout_fin_wait;
551
-
extern unsigned long ip_ct_tcp_timeout_close_wait;
552
-
extern unsigned long ip_ct_tcp_timeout_last_ack;
553
-
extern unsigned long ip_ct_tcp_timeout_time_wait;
554
-
extern unsigned long ip_ct_tcp_timeout_close;
555
-
extern unsigned long ip_ct_tcp_timeout_max_retrans;
556
extern int ip_ct_tcp_loose;
557
extern int ip_ct_tcp_be_liberal;
558
extern int ip_ct_tcp_max_retrans;
559
560
/* From ip_conntrack_proto_udp.c */
561
-
extern unsigned long ip_ct_udp_timeout;
562
-
extern unsigned long ip_ct_udp_timeout_stream;
563
564
/* From ip_conntrack_proto_icmp.c */
565
-
extern unsigned long ip_ct_icmp_timeout;
566
567
/* From ip_conntrack_proto_icmp.c */
568
-
extern unsigned long ip_ct_generic_timeout;
569
570
/* Log invalid packets of a given protocol */
571
static int log_invalid_proto_min = 0;
···
544
extern unsigned int ip_conntrack_htable_size;
545
546
/* From ip_conntrack_proto_tcp.c */
547
+
extern unsigned int ip_ct_tcp_timeout_syn_sent;
548
+
extern unsigned int ip_ct_tcp_timeout_syn_recv;
549
+
extern unsigned int ip_ct_tcp_timeout_established;
550
+
extern unsigned int ip_ct_tcp_timeout_fin_wait;
551
+
extern unsigned int ip_ct_tcp_timeout_close_wait;
552
+
extern unsigned int ip_ct_tcp_timeout_last_ack;
553
+
extern unsigned int ip_ct_tcp_timeout_time_wait;
554
+
extern unsigned int ip_ct_tcp_timeout_close;
555
+
extern unsigned int ip_ct_tcp_timeout_max_retrans;
556
extern int ip_ct_tcp_loose;
557
extern int ip_ct_tcp_be_liberal;
558
extern int ip_ct_tcp_max_retrans;
559
560
/* From ip_conntrack_proto_udp.c */
561
+
extern unsigned int ip_ct_udp_timeout;
562
+
extern unsigned int ip_ct_udp_timeout_stream;
563
564
/* From ip_conntrack_proto_icmp.c */
565
+
extern unsigned int ip_ct_icmp_timeout;
566
567
/* From ip_conntrack_proto_icmp.c */
568
+
extern unsigned int ip_ct_generic_timeout;
569
570
/* Log invalid packets of a given protocol */
571
static int log_invalid_proto_min = 0;
+34
-47
net/ipv4/netfilter/ip_nat_helper_pptp.c
+34
-47
net/ipv4/netfilter/ip_nat_helper_pptp.c
···
148
{
149
struct ip_ct_pptp_master *ct_pptp_info = &ct->help.ct_pptp_info;
150
struct ip_nat_pptp *nat_pptp_info = &ct->nat.help.nat_pptp_info;
151
-
152
-
u_int16_t msg, *cid = NULL, new_callid;
153
154
new_callid = htons(ct_pptp_info->pns_call_id);
155
156
switch (msg = ntohs(ctlh->messageType)) {
157
case PPTP_OUT_CALL_REQUEST:
158
-
cid = &pptpReq->ocreq.callID;
159
/* FIXME: ideally we would want to reserve a call ID
160
* here. current netfilter NAT core is not able to do
161
* this :( For now we use TCP source port. This breaks
···
172
ct_pptp_info->pns_call_id = ntohs(new_callid);
173
break;
174
case PPTP_IN_CALL_REPLY:
175
-
cid = &pptpReq->icreq.callID;
176
break;
177
case PPTP_CALL_CLEAR_REQUEST:
178
-
cid = &pptpReq->clrreq.callID;
179
break;
180
default:
181
DEBUGP("unknown outbound packet 0x%04x:%s\n", msg,
···
197
198
/* only OUT_CALL_REQUEST, IN_CALL_REPLY, CALL_CLEAR_REQUEST pass
199
* down to here */
200
-
201
-
IP_NF_ASSERT(cid);
202
-
203
DEBUGP("altering call id from 0x%04x to 0x%04x\n",
204
-
ntohs(*cid), ntohs(new_callid));
205
206
/* mangle packet */
207
if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
208
-
(void *)cid - ((void *)ctlh - sizeof(struct pptp_pkt_hdr)),
209
-
sizeof(new_callid),
210
-
(char *)&new_callid,
211
-
sizeof(new_callid)) == 0)
212
return NF_DROP;
213
214
return NF_ACCEPT;
···
296
union pptp_ctrl_union *pptpReq)
297
{
298
struct ip_nat_pptp *nat_pptp_info = &ct->nat.help.nat_pptp_info;
299
-
u_int16_t msg, new_cid = 0, new_pcid, *pcid = NULL, *cid = NULL;
300
-
301
-
int ret = NF_ACCEPT, rv;
302
303
new_pcid = htons(nat_pptp_info->pns_call_id);
304
305
switch (msg = ntohs(ctlh->messageType)) {
306
case PPTP_OUT_CALL_REPLY:
307
-
pcid = &pptpReq->ocack.peersCallID;
308
-
cid = &pptpReq->ocack.callID;
309
break;
310
case PPTP_IN_CALL_CONNECT:
311
-
pcid = &pptpReq->iccon.peersCallID;
312
break;
313
case PPTP_IN_CALL_REQUEST:
314
/* only need to nat in case PAC is behind NAT box */
315
-
break;
316
case PPTP_WAN_ERROR_NOTIFY:
317
-
pcid = &pptpReq->wanerr.peersCallID;
318
break;
319
case PPTP_CALL_DISCONNECT_NOTIFY:
320
-
pcid = &pptpReq->disc.callID;
321
break;
322
case PPTP_SET_LINK_INFO:
323
-
pcid = &pptpReq->setlink.peersCallID;
324
break;
325
326
default:
···
341
* WAN_ERROR_NOTIFY, CALL_DISCONNECT_NOTIFY pass down here */
342
343
/* mangle packet */
344
-
IP_NF_ASSERT(pcid);
345
DEBUGP("altering peer call id from 0x%04x to 0x%04x\n",
346
-
ntohs(*pcid), ntohs(new_pcid));
347
-
348
-
rv = ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
349
-
(void *)pcid - ((void *)ctlh - sizeof(struct pptp_pkt_hdr)),
350
-
sizeof(new_pcid), (char *)&new_pcid,
351
-
sizeof(new_pcid));
352
-
if (rv != NF_ACCEPT)
353
-
return rv;
354
355
if (new_cid) {
356
-
IP_NF_ASSERT(cid);
357
DEBUGP("altering call id from 0x%04x to 0x%04x\n",
358
-
ntohs(*cid), ntohs(new_cid));
359
-
rv = ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
360
-
(void *)cid - ((void *)ctlh - sizeof(struct pptp_pkt_hdr)),
361
-
sizeof(new_cid),
362
-
(char *)&new_cid,
363
-
sizeof(new_cid));
364
-
if (rv != NF_ACCEPT)
365
-
return rv;
366
}
367
-
368
-
/* check for earlier return value of 'switch' above */
369
-
if (ret != NF_ACCEPT)
370
-
return ret;
371
-
372
-
/* great, at least we don't need to resize packets */
373
return NF_ACCEPT;
374
}
375
···
148
{
149
struct ip_ct_pptp_master *ct_pptp_info = &ct->help.ct_pptp_info;
150
struct ip_nat_pptp *nat_pptp_info = &ct->nat.help.nat_pptp_info;
151
+
u_int16_t msg, new_callid;
152
+
unsigned int cid_off;
153
154
new_callid = htons(ct_pptp_info->pns_call_id);
155
156
switch (msg = ntohs(ctlh->messageType)) {
157
case PPTP_OUT_CALL_REQUEST:
158
+
cid_off = offsetof(union pptp_ctrl_union, ocreq.callID);
159
/* FIXME: ideally we would want to reserve a call ID
160
* here. current netfilter NAT core is not able to do
161
* this :( For now we use TCP source port. This breaks
···
172
ct_pptp_info->pns_call_id = ntohs(new_callid);
173
break;
174
case PPTP_IN_CALL_REPLY:
175
+
cid_off = offsetof(union pptp_ctrl_union, icreq.callID);
176
break;
177
case PPTP_CALL_CLEAR_REQUEST:
178
+
cid_off = offsetof(union pptp_ctrl_union, clrreq.callID);
179
break;
180
default:
181
DEBUGP("unknown outbound packet 0x%04x:%s\n", msg,
···
197
198
/* only OUT_CALL_REQUEST, IN_CALL_REPLY, CALL_CLEAR_REQUEST pass
199
* down to here */
200
DEBUGP("altering call id from 0x%04x to 0x%04x\n",
201
+
ntohs(*(u_int16_t *)pptpReq + cid_off), ntohs(new_callid));
202
203
/* mangle packet */
204
if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
205
+
cid_off + sizeof(struct pptp_pkt_hdr) +
206
+
sizeof(struct PptpControlHeader),
207
+
sizeof(new_callid), (char *)&new_callid,
208
+
sizeof(new_callid)) == 0)
209
return NF_DROP;
210
211
return NF_ACCEPT;
···
299
union pptp_ctrl_union *pptpReq)
300
{
301
struct ip_nat_pptp *nat_pptp_info = &ct->nat.help.nat_pptp_info;
302
+
u_int16_t msg, new_cid = 0, new_pcid;
303
+
unsigned int pcid_off, cid_off = 0;
304
305
new_pcid = htons(nat_pptp_info->pns_call_id);
306
307
switch (msg = ntohs(ctlh->messageType)) {
308
case PPTP_OUT_CALL_REPLY:
309
+
pcid_off = offsetof(union pptp_ctrl_union, ocack.peersCallID);
310
+
cid_off = offsetof(union pptp_ctrl_union, ocack.callID);
311
break;
312
case PPTP_IN_CALL_CONNECT:
313
+
pcid_off = offsetof(union pptp_ctrl_union, iccon.peersCallID);
314
break;
315
case PPTP_IN_CALL_REQUEST:
316
/* only need to nat in case PAC is behind NAT box */
317
+
return NF_ACCEPT;
318
case PPTP_WAN_ERROR_NOTIFY:
319
+
pcid_off = offsetof(union pptp_ctrl_union, wanerr.peersCallID);
320
break;
321
case PPTP_CALL_DISCONNECT_NOTIFY:
322
+
pcid_off = offsetof(union pptp_ctrl_union, disc.callID);
323
break;
324
case PPTP_SET_LINK_INFO:
325
+
pcid_off = offsetof(union pptp_ctrl_union, setlink.peersCallID);
326
break;
327
328
default:
···
345
* WAN_ERROR_NOTIFY, CALL_DISCONNECT_NOTIFY pass down here */
346
347
/* mangle packet */
348
DEBUGP("altering peer call id from 0x%04x to 0x%04x\n",
349
+
ntohs(*(u_int16_t *)pptpReq + pcid_off), ntohs(new_pcid));
350
+
351
+
if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
352
+
pcid_off + sizeof(struct pptp_pkt_hdr) +
353
+
sizeof(struct PptpControlHeader),
354
+
sizeof(new_pcid), (char *)&new_pcid,
355
+
sizeof(new_pcid)) == 0)
356
+
return NF_DROP;
357
358
if (new_cid) {
359
DEBUGP("altering call id from 0x%04x to 0x%04x\n",
360
+
ntohs(*(u_int16_t *)pptpReq + cid_off), ntohs(new_cid));
361
+
if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
362
+
cid_off + sizeof(struct pptp_pkt_hdr) +
363
+
sizeof(struct PptpControlHeader),
364
+
sizeof(new_cid), (char *)&new_cid,
365
+
sizeof(new_cid)) == 0)
366
+
return NF_DROP;
367
}
368
return NF_ACCEPT;
369
}
370
-38
net/ipv4/netfilter/ip_nat_proto_gre.c
-38
net/ipv4/netfilter/ip_nat_proto_gre.c
···
151
return 1;
152
}
153
154
-
/* print out a nat tuple */
155
-
static unsigned int
156
-
gre_print(char *buffer,
157
-
const struct ip_conntrack_tuple *match,
158
-
const struct ip_conntrack_tuple *mask)
159
-
{
160
-
unsigned int len = 0;
161
-
162
-
if (mask->src.u.gre.key)
163
-
len += sprintf(buffer + len, "srckey=0x%x ",
164
-
ntohl(match->src.u.gre.key));
165
-
166
-
if (mask->dst.u.gre.key)
167
-
len += sprintf(buffer + len, "dstkey=0x%x ",
168
-
ntohl(match->src.u.gre.key));
169
-
170
-
return len;
171
-
}
172
-
173
-
/* print a range of keys */
174
-
static unsigned int
175
-
gre_print_range(char *buffer, const struct ip_nat_range *range)
176
-
{
177
-
if (range->min.gre.key != 0
178
-
|| range->max.gre.key != 0xFFFF) {
179
-
if (range->min.gre.key == range->max.gre.key)
180
-
return sprintf(buffer, "key 0x%x ",
181
-
ntohl(range->min.gre.key));
182
-
else
183
-
return sprintf(buffer, "keys 0x%u-0x%u ",
184
-
ntohl(range->min.gre.key),
185
-
ntohl(range->max.gre.key));
186
-
} else
187
-
return 0;
188
-
}
189
-
190
/* nat helper struct */
191
static struct ip_nat_protocol gre = {
192
.name = "GRE",
···
158
.manip_pkt = gre_manip_pkt,
159
.in_range = gre_in_range,
160
.unique_tuple = gre_unique_tuple,
161
-
.print = gre_print,
162
-
.print_range = gre_print_range,
163
#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
164
defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE)
165
.range_to_nfattr = ip_nat_port_range_to_nfattr,
···
151
return 1;
152
}
153
154
/* nat helper struct */
155
static struct ip_nat_protocol gre = {
156
.name = "GRE",
···
194
.manip_pkt = gre_manip_pkt,
195
.in_range = gre_in_range,
196
.unique_tuple = gre_unique_tuple,
197
#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
198
defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE)
199
.range_to_nfattr = ip_nat_port_range_to_nfattr,
-34
net/ipv4/netfilter/ip_nat_proto_icmp.c
-34
net/ipv4/netfilter/ip_nat_proto_icmp.c
···
74
return 1;
75
}
76
77
-
static unsigned int
78
-
icmp_print(char *buffer,
79
-
const struct ip_conntrack_tuple *match,
80
-
const struct ip_conntrack_tuple *mask)
81
-
{
82
-
unsigned int len = 0;
83
-
84
-
if (mask->src.u.icmp.id)
85
-
len += sprintf(buffer + len, "id=%u ",
86
-
ntohs(match->src.u.icmp.id));
87
-
88
-
if (mask->dst.u.icmp.type)
89
-
len += sprintf(buffer + len, "type=%u ",
90
-
ntohs(match->dst.u.icmp.type));
91
-
92
-
if (mask->dst.u.icmp.code)
93
-
len += sprintf(buffer + len, "code=%u ",
94
-
ntohs(match->dst.u.icmp.code));
95
-
96
-
return len;
97
-
}
98
-
99
-
static unsigned int
100
-
icmp_print_range(char *buffer, const struct ip_nat_range *range)
101
-
{
102
-
if (range->min.icmp.id != 0 || range->max.icmp.id != 0xFFFF)
103
-
return sprintf(buffer, "id %u-%u ",
104
-
ntohs(range->min.icmp.id),
105
-
ntohs(range->max.icmp.id));
106
-
else return 0;
107
-
}
108
-
109
struct ip_nat_protocol ip_nat_protocol_icmp = {
110
.name = "ICMP",
111
.protonum = IPPROTO_ICMP,
···
81
.manip_pkt = icmp_manip_pkt,
82
.in_range = icmp_in_range,
83
.unique_tuple = icmp_unique_tuple,
84
-
.print = icmp_print,
85
-
.print_range = icmp_print_range,
86
#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
87
defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE)
88
.range_to_nfattr = ip_nat_port_range_to_nfattr,
···
74
return 1;
75
}
76
77
struct ip_nat_protocol ip_nat_protocol_icmp = {
78
.name = "ICMP",
79
.protonum = IPPROTO_ICMP,
···
113
.manip_pkt = icmp_manip_pkt,
114
.in_range = icmp_in_range,
115
.unique_tuple = icmp_unique_tuple,
116
#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
117
defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE)
118
.range_to_nfattr = ip_nat_port_range_to_nfattr,
-36
net/ipv4/netfilter/ip_nat_proto_tcp.c
-36
net/ipv4/netfilter/ip_nat_proto_tcp.c
···
136
return 1;
137
}
138
139
-
static unsigned int
140
-
tcp_print(char *buffer,
141
-
const struct ip_conntrack_tuple *match,
142
-
const struct ip_conntrack_tuple *mask)
143
-
{
144
-
unsigned int len = 0;
145
-
146
-
if (mask->src.u.tcp.port)
147
-
len += sprintf(buffer + len, "srcpt=%u ",
148
-
ntohs(match->src.u.tcp.port));
149
-
150
-
151
-
if (mask->dst.u.tcp.port)
152
-
len += sprintf(buffer + len, "dstpt=%u ",
153
-
ntohs(match->dst.u.tcp.port));
154
-
155
-
return len;
156
-
}
157
-
158
-
static unsigned int
159
-
tcp_print_range(char *buffer, const struct ip_nat_range *range)
160
-
{
161
-
if (range->min.tcp.port != 0 || range->max.tcp.port != 0xFFFF) {
162
-
if (range->min.tcp.port == range->max.tcp.port)
163
-
return sprintf(buffer, "port %u ",
164
-
ntohs(range->min.tcp.port));
165
-
else
166
-
return sprintf(buffer, "ports %u-%u ",
167
-
ntohs(range->min.tcp.port),
168
-
ntohs(range->max.tcp.port));
169
-
}
170
-
else return 0;
171
-
}
172
-
173
struct ip_nat_protocol ip_nat_protocol_tcp = {
174
.name = "TCP",
175
.protonum = IPPROTO_TCP,
···
143
.manip_pkt = tcp_manip_pkt,
144
.in_range = tcp_in_range,
145
.unique_tuple = tcp_unique_tuple,
146
-
.print = tcp_print,
147
-
.print_range = tcp_print_range,
148
#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
149
defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE)
150
.range_to_nfattr = ip_nat_port_range_to_nfattr,
···
136
return 1;
137
}
138
139
struct ip_nat_protocol ip_nat_protocol_tcp = {
140
.name = "TCP",
141
.protonum = IPPROTO_TCP,
···
177
.manip_pkt = tcp_manip_pkt,
178
.in_range = tcp_in_range,
179
.unique_tuple = tcp_unique_tuple,
180
#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
181
defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE)
182
.range_to_nfattr = ip_nat_port_range_to_nfattr,
-36
net/ipv4/netfilter/ip_nat_proto_udp.c
-36
net/ipv4/netfilter/ip_nat_proto_udp.c
···
122
return 1;
123
}
124
125
-
static unsigned int
126
-
udp_print(char *buffer,
127
-
const struct ip_conntrack_tuple *match,
128
-
const struct ip_conntrack_tuple *mask)
129
-
{
130
-
unsigned int len = 0;
131
-
132
-
if (mask->src.u.udp.port)
133
-
len += sprintf(buffer + len, "srcpt=%u ",
134
-
ntohs(match->src.u.udp.port));
135
-
136
-
137
-
if (mask->dst.u.udp.port)
138
-
len += sprintf(buffer + len, "dstpt=%u ",
139
-
ntohs(match->dst.u.udp.port));
140
-
141
-
return len;
142
-
}
143
-
144
-
static unsigned int
145
-
udp_print_range(char *buffer, const struct ip_nat_range *range)
146
-
{
147
-
if (range->min.udp.port != 0 || range->max.udp.port != 0xFFFF) {
148
-
if (range->min.udp.port == range->max.udp.port)
149
-
return sprintf(buffer, "port %u ",
150
-
ntohs(range->min.udp.port));
151
-
else
152
-
return sprintf(buffer, "ports %u-%u ",
153
-
ntohs(range->min.udp.port),
154
-
ntohs(range->max.udp.port));
155
-
}
156
-
else return 0;
157
-
}
158
-
159
struct ip_nat_protocol ip_nat_protocol_udp = {
160
.name = "UDP",
161
.protonum = IPPROTO_UDP,
···
129
.manip_pkt = udp_manip_pkt,
130
.in_range = udp_in_range,
131
.unique_tuple = udp_unique_tuple,
132
-
.print = udp_print,
133
-
.print_range = udp_print_range,
134
#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
135
defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE)
136
.range_to_nfattr = ip_nat_port_range_to_nfattr,
···
122
return 1;
123
}
124
125
struct ip_nat_protocol ip_nat_protocol_udp = {
126
.name = "UDP",
127
.protonum = IPPROTO_UDP,
···
163
.manip_pkt = udp_manip_pkt,
164
.in_range = udp_in_range,
165
.unique_tuple = udp_unique_tuple,
166
#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
167
defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE)
168
.range_to_nfattr = ip_nat_port_range_to_nfattr,
-16
net/ipv4/netfilter/ip_nat_proto_unknown.c
-16
net/ipv4/netfilter/ip_nat_proto_unknown.c
···
46
return 1;
47
}
48
49
-
static unsigned int
50
-
unknown_print(char *buffer,
51
-
const struct ip_conntrack_tuple *match,
52
-
const struct ip_conntrack_tuple *mask)
53
-
{
54
-
return 0;
55
-
}
56
-
57
-
static unsigned int
58
-
unknown_print_range(char *buffer, const struct ip_nat_range *range)
59
-
{
60
-
return 0;
61
-
}
62
-
63
struct ip_nat_protocol ip_nat_unknown_protocol = {
64
.name = "unknown",
65
/* .me isn't set: getting a ref to this cannot fail. */
66
.manip_pkt = unknown_manip_pkt,
67
.in_range = unknown_in_range,
68
.unique_tuple = unknown_unique_tuple,
69
-
.print = unknown_print,
70
-
.print_range = unknown_print_range
71
};
+3
-2
net/ipv4/netfilter/ipt_mac.c
+3
-2
net/ipv4/netfilter/ipt_mac.c
···
11
#include <linux/module.h>
12
#include <linux/skbuff.h>
13
#include <linux/if_ether.h>
14
15
#include <linux/netfilter_ipv4/ipt_mac.h>
16
#include <linux/netfilter_ipv4/ip_tables.h>
···
34
return (skb->mac.raw >= skb->head
35
&& (skb->mac.raw + ETH_HLEN) <= skb->data
36
/* If so, compare... */
37
-
&& ((memcmp(eth_hdr(skb)->h_source, info->srcaddr, ETH_ALEN)
38
-
== 0) ^ info->invert));
39
}
40
41
static int
···
11
#include <linux/module.h>
12
#include <linux/skbuff.h>
13
#include <linux/if_ether.h>
14
+
#include <linux/etherdevice.h>
15
16
#include <linux/netfilter_ipv4/ipt_mac.h>
17
#include <linux/netfilter_ipv4/ip_tables.h>
···
33
return (skb->mac.raw >= skb->head
34
&& (skb->mac.raw + ETH_HLEN) <= skb->data
35
/* If so, compare... */
36
+
&& ((!compare_ether_addr(eth_hdr(skb)->h_source, info->srcaddr))
37
+
^ info->invert));
38
}
39
40
static int
+1
-1
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+1
-1
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+2
-3
net/ipv6/Makefile
+2
-3
net/ipv6/Makefile
···
8
route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o raw.o \
9
protocol.o icmp.o mcast.o reassembly.o tcp_ipv6.o \
10
exthdrs.o sysctl_net_ipv6.o datagram.o proc.o \
11
-
ip6_flowlabel.o ipv6_syms.o netfilter.o \
12
-
inet6_connection_sock.o
13
14
ipv6-$(CONFIG_XFRM) += xfrm6_policy.o xfrm6_state.o xfrm6_input.o \
15
xfrm6_output.o
···
18
obj-$(CONFIG_INET6_ESP) += esp6.o
19
obj-$(CONFIG_INET6_IPCOMP) += ipcomp6.o
20
obj-$(CONFIG_INET6_TUNNEL) += xfrm6_tunnel.o
21
-
obj-$(CONFIG_NETFILTER) += netfilter/
22
23
obj-$(CONFIG_IPV6_TUNNEL) += ip6_tunnel.o
24
···
8
route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o raw.o \
9
protocol.o icmp.o mcast.o reassembly.o tcp_ipv6.o \
10
exthdrs.o sysctl_net_ipv6.o datagram.o proc.o \
11
+
ip6_flowlabel.o ipv6_syms.o inet6_connection_sock.o
12
13
ipv6-$(CONFIG_XFRM) += xfrm6_policy.o xfrm6_state.o xfrm6_input.o \
14
xfrm6_output.o
···
19
obj-$(CONFIG_INET6_ESP) += esp6.o
20
obj-$(CONFIG_INET6_IPCOMP) += ipcomp6.o
21
obj-$(CONFIG_INET6_TUNNEL) += xfrm6_tunnel.o
22
+
obj-$(CONFIG_NETFILTER) += netfilter.o netfilter/
23
24
obj-$(CONFIG_IPV6_TUNNEL) += ip6_tunnel.o
25
+2
-17
net/ipv6/netfilter.c
+2
-17
net/ipv6/netfilter.c
···
1
-
#include <linux/config.h>
2
-
#include <linux/init.h>
3
-
4
-
#ifdef CONFIG_NETFILTER
5
-
6
#include <linux/kernel.h>
7
#include <linux/ipv6.h>
8
#include <linux/netfilter.h>
9
#include <linux/netfilter_ipv6.h>
···
90
return nf_register_queue_rerouter(PF_INET6, &ip6_reroute);
91
}
92
93
-
void ipv6_netfilter_fini(void)
94
{
95
nf_unregister_queue_rerouter(PF_INET6);
96
}
97
-
98
-
#else /* CONFIG_NETFILTER */
99
-
int __init ipv6_netfilter_init(void)
100
-
{
101
-
return 0;
102
-
}
103
-
104
-
void ipv6_netfilter_fini(void)
105
-
{
106
-
}
107
-
#endif /* CONFIG_NETFILTER */
···
1
#include <linux/kernel.h>
2
+
#include <linux/init.h>
3
#include <linux/ipv6.h>
4
#include <linux/netfilter.h>
5
#include <linux/netfilter_ipv6.h>
···
94
return nf_register_queue_rerouter(PF_INET6, &ip6_reroute);
95
}
96
97
+
void __exit ipv6_netfilter_fini(void)
98
{
99
nf_unregister_queue_rerouter(PF_INET6);
100
}
+2
-2
net/ipv6/netfilter/ip6t_mac.c
+2
-2
net/ipv6/netfilter/ip6t_mac.c
+2
-2
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+2
-2
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
···
335
#ifdef CONFIG_SYSCTL
336
337
/* From nf_conntrack_proto_icmpv6.c */
338
-
extern unsigned long nf_ct_icmpv6_timeout;
339
340
/* From nf_conntrack_frag6.c */
341
-
extern unsigned long nf_ct_frag6_timeout;
342
extern unsigned int nf_ct_frag6_low_thresh;
343
extern unsigned int nf_ct_frag6_high_thresh;
344
···
335
#ifdef CONFIG_SYSCTL
336
337
/* From nf_conntrack_proto_icmpv6.c */
338
+
extern unsigned int nf_ct_icmpv6_timeout;
339
340
/* From nf_conntrack_frag6.c */
341
+
extern unsigned int nf_ct_frag6_timeout;
342
extern unsigned int nf_ct_frag6_low_thresh;
343
extern unsigned int nf_ct_frag6_high_thresh;
344
+1
-1
net/netfilter/nf_conntrack_proto_generic.c
+1
-1
net/netfilter/nf_conntrack_proto_generic.c
+8
-8
net/netfilter/nf_conntrack_proto_sctp.c
+8
-8
net/netfilter/nf_conntrack_proto_sctp.c
···
62
#define HOURS * 60 MINS
63
#define DAYS * 24 HOURS
64
65
-
static unsigned long nf_ct_sctp_timeout_closed = 10 SECS;
66
-
static unsigned long nf_ct_sctp_timeout_cookie_wait = 3 SECS;
67
-
static unsigned long nf_ct_sctp_timeout_cookie_echoed = 3 SECS;
68
-
static unsigned long nf_ct_sctp_timeout_established = 5 DAYS;
69
-
static unsigned long nf_ct_sctp_timeout_shutdown_sent = 300 SECS / 1000;
70
-
static unsigned long nf_ct_sctp_timeout_shutdown_recd = 300 SECS / 1000;
71
-
static unsigned long nf_ct_sctp_timeout_shutdown_ack_sent = 3 SECS;
72
73
-
static unsigned long * sctp_timeouts[]
74
= { NULL, /* SCTP_CONNTRACK_NONE */
75
&nf_ct_sctp_timeout_closed, /* SCTP_CONNTRACK_CLOSED */
76
&nf_ct_sctp_timeout_cookie_wait, /* SCTP_CONNTRACK_COOKIE_WAIT */
···
62
#define HOURS * 60 MINS
63
#define DAYS * 24 HOURS
64
65
+
static unsigned int nf_ct_sctp_timeout_closed = 10 SECS;
66
+
static unsigned int nf_ct_sctp_timeout_cookie_wait = 3 SECS;
67
+
static unsigned int nf_ct_sctp_timeout_cookie_echoed = 3 SECS;
68
+
static unsigned int nf_ct_sctp_timeout_established = 5 DAYS;
69
+
static unsigned int nf_ct_sctp_timeout_shutdown_sent = 300 SECS / 1000;
70
+
static unsigned int nf_ct_sctp_timeout_shutdown_recd = 300 SECS / 1000;
71
+
static unsigned int nf_ct_sctp_timeout_shutdown_ack_sent = 3 SECS;
72
73
+
static unsigned int * sctp_timeouts[]
74
= { NULL, /* SCTP_CONNTRACK_NONE */
75
&nf_ct_sctp_timeout_closed, /* SCTP_CONNTRACK_CLOSED */
76
&nf_ct_sctp_timeout_cookie_wait, /* SCTP_CONNTRACK_COOKIE_WAIT */
+10
-10
net/netfilter/nf_conntrack_proto_tcp.c
+10
-10
net/netfilter/nf_conntrack_proto_tcp.c
···
93
#define HOURS * 60 MINS
94
#define DAYS * 24 HOURS
95
96
-
unsigned long nf_ct_tcp_timeout_syn_sent = 2 MINS;
97
-
unsigned long nf_ct_tcp_timeout_syn_recv = 60 SECS;
98
-
unsigned long nf_ct_tcp_timeout_established = 5 DAYS;
99
-
unsigned long nf_ct_tcp_timeout_fin_wait = 2 MINS;
100
-
unsigned long nf_ct_tcp_timeout_close_wait = 60 SECS;
101
-
unsigned long nf_ct_tcp_timeout_last_ack = 30 SECS;
102
-
unsigned long nf_ct_tcp_timeout_time_wait = 2 MINS;
103
-
unsigned long nf_ct_tcp_timeout_close = 10 SECS;
104
105
/* RFC1122 says the R2 limit should be at least 100 seconds.
106
Linux uses 15 packets as limit, which corresponds
107
to ~13-30min depending on RTO. */
108
-
unsigned long nf_ct_tcp_timeout_max_retrans = 5 MINS;
109
110
-
static unsigned long * tcp_timeouts[]
111
= { NULL, /* TCP_CONNTRACK_NONE */
112
&nf_ct_tcp_timeout_syn_sent, /* TCP_CONNTRACK_SYN_SENT, */
113
&nf_ct_tcp_timeout_syn_recv, /* TCP_CONNTRACK_SYN_RECV, */
···
93
#define HOURS * 60 MINS
94
#define DAYS * 24 HOURS
95
96
+
unsigned int nf_ct_tcp_timeout_syn_sent = 2 MINS;
97
+
unsigned int nf_ct_tcp_timeout_syn_recv = 60 SECS;
98
+
unsigned int nf_ct_tcp_timeout_established = 5 DAYS;
99
+
unsigned int nf_ct_tcp_timeout_fin_wait = 2 MINS;
100
+
unsigned int nf_ct_tcp_timeout_close_wait = 60 SECS;
101
+
unsigned int nf_ct_tcp_timeout_last_ack = 30 SECS;
102
+
unsigned int nf_ct_tcp_timeout_time_wait = 2 MINS;
103
+
unsigned int nf_ct_tcp_timeout_close = 10 SECS;
104
105
/* RFC1122 says the R2 limit should be at least 100 seconds.
106
Linux uses 15 packets as limit, which corresponds
107
to ~13-30min depending on RTO. */
108
+
unsigned int nf_ct_tcp_timeout_max_retrans = 5 MINS;
109
110
+
static unsigned int * tcp_timeouts[]
111
= { NULL, /* TCP_CONNTRACK_NONE */
112
&nf_ct_tcp_timeout_syn_sent, /* TCP_CONNTRACK_SYN_SENT, */
113
&nf_ct_tcp_timeout_syn_recv, /* TCP_CONNTRACK_SYN_RECV, */
+2
-2
net/netfilter/nf_conntrack_proto_udp.c
+2
-2
net/netfilter/nf_conntrack_proto_udp.c
+12
-12
net/netfilter/nf_conntrack_standalone.c
+12
-12
net/netfilter/nf_conntrack_standalone.c
···
431
extern unsigned int nf_conntrack_htable_size;
432
433
/* From nf_conntrack_proto_tcp.c */
434
-
extern unsigned long nf_ct_tcp_timeout_syn_sent;
435
-
extern unsigned long nf_ct_tcp_timeout_syn_recv;
436
-
extern unsigned long nf_ct_tcp_timeout_established;
437
-
extern unsigned long nf_ct_tcp_timeout_fin_wait;
438
-
extern unsigned long nf_ct_tcp_timeout_close_wait;
439
-
extern unsigned long nf_ct_tcp_timeout_last_ack;
440
-
extern unsigned long nf_ct_tcp_timeout_time_wait;
441
-
extern unsigned long nf_ct_tcp_timeout_close;
442
-
extern unsigned long nf_ct_tcp_timeout_max_retrans;
443
extern int nf_ct_tcp_loose;
444
extern int nf_ct_tcp_be_liberal;
445
extern int nf_ct_tcp_max_retrans;
446
447
/* From nf_conntrack_proto_udp.c */
448
-
extern unsigned long nf_ct_udp_timeout;
449
-
extern unsigned long nf_ct_udp_timeout_stream;
450
451
/* From nf_conntrack_proto_generic.c */
452
-
extern unsigned long nf_ct_generic_timeout;
453
454
/* Log invalid packets of a given protocol */
455
static int log_invalid_proto_min = 0;
···
431
extern unsigned int nf_conntrack_htable_size;
432
433
/* From nf_conntrack_proto_tcp.c */
434
+
extern unsigned int nf_ct_tcp_timeout_syn_sent;
435
+
extern unsigned int nf_ct_tcp_timeout_syn_recv;
436
+
extern unsigned int nf_ct_tcp_timeout_established;
437
+
extern unsigned int nf_ct_tcp_timeout_fin_wait;
438
+
extern unsigned int nf_ct_tcp_timeout_close_wait;
439
+
extern unsigned int nf_ct_tcp_timeout_last_ack;
440
+
extern unsigned int nf_ct_tcp_timeout_time_wait;
441
+
extern unsigned int nf_ct_tcp_timeout_close;
442
+
extern unsigned int nf_ct_tcp_timeout_max_retrans;
443
extern int nf_ct_tcp_loose;
444
extern int nf_ct_tcp_be_liberal;
445
extern int nf_ct_tcp_max_retrans;
446
447
/* From nf_conntrack_proto_udp.c */
448
+
extern unsigned int nf_ct_udp_timeout;
449
+
extern unsigned int nf_ct_udp_timeout_stream;
450
451
/* From nf_conntrack_proto_generic.c */
452
+
extern unsigned int nf_ct_generic_timeout;
453
454
/* Log invalid packets of a given protocol */
455
static int log_invalid_proto_min = 0;
+1
-1
net/netlink/af_netlink.c
+1
-1
net/netlink/af_netlink.c
+8
-6
net/rxrpc/connection.c
+8
-6
net/rxrpc/connection.c
···
220
{
221
struct rxrpc_connection *conn, *candidate = NULL;
222
struct list_head *_p;
223
int ret, fresh = 0;
224
__be32 x_epoch, x_connid;
225
__be16 x_port, x_servid;
···
230
_enter("%p{{%hu}},%u,%hu",
231
peer,
232
peer->trans->port,
233
-
ntohs(msg->pkt->h.uh->source),
234
ntohs(msg->hdr.serviceId));
235
236
-
x_port = msg->pkt->h.uh->source;
237
x_epoch = msg->hdr.epoch;
238
x_clflag = msg->hdr.flags & RXRPC_CLIENT_INITIATED;
239
x_connid = htonl(ntohl(msg->hdr.cid) & RXRPC_CIDMASK);
···
268
/* fill in the specifics */
269
candidate->addr.sin_family = AF_INET;
270
candidate->addr.sin_port = x_port;
271
-
candidate->addr.sin_addr.s_addr = msg->pkt->nh.iph->saddr;
272
candidate->in_epoch = x_epoch;
273
candidate->out_epoch = x_epoch;
274
candidate->in_clientflag = RXRPC_CLIENT_INITIATED;
···
676
struct rxrpc_message *msg)
677
{
678
struct rxrpc_message *pmsg;
679
struct list_head *_p;
680
unsigned cix, seq;
681
int ret = 0;
···
712
713
call->pkt_rcv_count++;
714
715
-
if (msg->pkt->dst && msg->pkt->dst->dev)
716
conn->peer->if_mtu =
717
-
msg->pkt->dst->dev->mtu -
718
-
msg->pkt->dst->dev->hard_header_len;
719
720
/* queue on the call in seq order */
721
rxrpc_get_message(msg);
···
220
{
221
struct rxrpc_connection *conn, *candidate = NULL;
222
struct list_head *_p;
223
+
struct sk_buff *pkt = msg->pkt;
224
int ret, fresh = 0;
225
__be32 x_epoch, x_connid;
226
__be16 x_port, x_servid;
···
229
_enter("%p{{%hu}},%u,%hu",
230
peer,
231
peer->trans->port,
232
+
ntohs(pkt->h.uh->source),
233
ntohs(msg->hdr.serviceId));
234
235
+
x_port = pkt->h.uh->source;
236
x_epoch = msg->hdr.epoch;
237
x_clflag = msg->hdr.flags & RXRPC_CLIENT_INITIATED;
238
x_connid = htonl(ntohl(msg->hdr.cid) & RXRPC_CIDMASK);
···
267
/* fill in the specifics */
268
candidate->addr.sin_family = AF_INET;
269
candidate->addr.sin_port = x_port;
270
+
candidate->addr.sin_addr.s_addr = pkt->nh.iph->saddr;
271
candidate->in_epoch = x_epoch;
272
candidate->out_epoch = x_epoch;
273
candidate->in_clientflag = RXRPC_CLIENT_INITIATED;
···
675
struct rxrpc_message *msg)
676
{
677
struct rxrpc_message *pmsg;
678
+
struct dst_entry *dst;
679
struct list_head *_p;
680
unsigned cix, seq;
681
int ret = 0;
···
710
711
call->pkt_rcv_count++;
712
713
+
dst = msg->pkt->dst;
714
+
if (dst && dst->dev)
715
conn->peer->if_mtu =
716
+
dst->dev->mtu - dst->dev->hard_header_len;
717
718
/* queue on the call in seq order */
719
rxrpc_get_message(msg);
+2
-2
net/sunrpc/svc.c
+2
-2
net/sunrpc/svc.c
···
166
memset(rqstp, 0, sizeof(*rqstp));
167
init_waitqueue_head(&rqstp->rq_wait);
168
169
-
if (!(rqstp->rq_argp = (u32 *) kmalloc(serv->sv_xdrsize, GFP_KERNEL))
170
-
|| !(rqstp->rq_resp = (u32 *) kmalloc(serv->sv_xdrsize, GFP_KERNEL))
171
|| !svc_init_buffer(rqstp, serv->sv_bufsz))
172
goto out_thread;
173