diff options
Diffstat (limited to 'net/ipv4/netfilter')
60 files changed, 905 insertions, 905 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 9aa22398b3dc..5170f5c75f9d 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -544,7 +544,7 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e, } /* FIXME: underflows must be unconditional, standard verdicts - < 0 (not ARPT_RETURN). --RR */ + < 0 (not ARPT_RETURN). --RR */ /* Clear counters and comefrom */ e->counters = ((struct xt_counters) { 0, 0 }); @@ -869,8 +869,8 @@ static int do_replace(void __user *user, unsigned int len) /* Update module usage count based on number of rules */ duprintf("do_replace: oldnum=%u, initnum=%u, newnum=%u\n", oldinfo->number, oldinfo->initial_entries, newinfo->number); - if ((oldinfo->number > oldinfo->initial_entries) || - (newinfo->number <= oldinfo->initial_entries)) + if ((oldinfo->number > oldinfo->initial_entries) || + (newinfo->number <= oldinfo->initial_entries)) module_put(t->me); if ((oldinfo->number > oldinfo->initial_entries) && (newinfo->number <= oldinfo->initial_entries)) diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c index d12b1df252a1..709db4d3f48f 100644 --- a/net/ipv4/netfilter/arpt_mangle.c +++ b/net/ipv4/netfilter/arpt_mangle.c @@ -67,7 +67,7 @@ target(struct sk_buff **pskb, static int checkentry(const char *tablename, const void *e, const struct xt_target *target, - void *targinfo, unsigned int hook_mask) + void *targinfo, unsigned int hook_mask) { const struct arpt_mangle *mangle = targinfo; diff --git a/net/ipv4/netfilter/ip_conntrack_amanda.c b/net/ipv4/netfilter/ip_conntrack_amanda.c index ad246ba7790b..4f561f52c83a 100644 --- a/net/ipv4/netfilter/ip_conntrack_amanda.c +++ b/net/ipv4/netfilter/ip_conntrack_amanda.c @@ -9,7 +9,7 @@ * * Module load syntax: * insmod ip_conntrack_amanda.o [master_timeout=n] - * + * * Where master_timeout is the timeout (in seconds) of the master * connection (port 10080). This defaults to 5 minutes but if * your clients take longer than 5 minutes to do their work @@ -84,7 +84,7 @@ static struct { }; static int help(struct sk_buff **pskb, - struct ip_conntrack *ct, enum ip_conntrack_info ctinfo) + struct ip_conntrack *ct, enum ip_conntrack_info ctinfo) { struct ts_state ts; struct ip_conntrack_expect *exp; diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index 62be2eb37698..04e466d53c0b 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c @@ -2,7 +2,7 @@ but required by, the NAT layer; it can also be used by an iptables extension. */ -/* (C) 1999-2001 Paul `Rusty' Russell +/* (C) 1999-2001 Paul `Rusty' Russell * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> * * This program is free software; you can redistribute it and/or modify @@ -99,7 +99,7 @@ __ip_ct_deliver_cached_events(struct ip_conntrack_ecache *ecache) void ip_ct_deliver_cached_events(const struct ip_conntrack *ct) { struct ip_conntrack_ecache *ecache; - + local_bh_disable(); ecache = &__get_cpu_var(ip_conntrack_ecache); if (ecache->ct == ct) @@ -147,9 +147,9 @@ static u_int32_t __hash_conntrack(const struct ip_conntrack_tuple *tuple, unsigned int size, unsigned int rnd) { return (jhash_3words((__force u32)tuple->src.ip, - ((__force u32)tuple->dst.ip ^ tuple->dst.protonum), - (tuple->src.u.all | (tuple->dst.u.all << 16)), - rnd) % size); + ((__force u32)tuple->dst.ip ^ tuple->dst.protonum), + (tuple->src.u.all | (tuple->dst.u.all << 16)), + rnd) % size); } static u_int32_t @@ -219,7 +219,7 @@ struct ip_conntrack_expect * __ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple) { struct ip_conntrack_expect *i; - + list_for_each_entry(i, &ip_conntrack_expect_list, list) { if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)) return i; @@ -232,7 +232,7 @@ struct ip_conntrack_expect * ip_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple) { struct ip_conntrack_expect *i; - + read_lock_bh(&ip_conntrack_lock); i = __ip_conntrack_expect_find(tuple); if (i) @@ -398,7 +398,7 @@ ip_conntrack_find_get(const struct ip_conntrack_tuple *tuple, static void __ip_conntrack_hash_insert(struct ip_conntrack *ct, unsigned int hash, - unsigned int repl_hash) + unsigned int repl_hash) { ct->id = ++ip_conntrack_next_id; list_add(&ct->tuplehash[IP_CT_DIR_ORIGINAL].list, @@ -446,15 +446,15 @@ __ip_conntrack_confirm(struct sk_buff **pskb) /* IP_NF_ASSERT(atomic_read(&ct->ct_general.use) == 1); */ /* No external references means noone else could have - confirmed us. */ + confirmed us. */ IP_NF_ASSERT(!is_confirmed(ct)); DEBUGP("Confirming conntrack %p\n", ct); write_lock_bh(&ip_conntrack_lock); /* See if there's one in the list already, including reverse: - NAT could have grabbed it without realizing, since we're - not in the hash. If there is, we lost race. */ + NAT could have grabbed it without realizing, since we're + not in the hash. If there is, we lost race. */ list_for_each_entry(h, &ip_conntrack_hash[hash], list) if (ip_ct_tuple_equal(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple, &h->tuple)) @@ -602,7 +602,7 @@ ip_conntrack_proto_find_get(u_int8_t protocol) p = &ip_conntrack_generic_protocol; } preempt_enable(); - + return p; } @@ -745,7 +745,7 @@ resolve_normal_ct(struct sk_buff *skb, IP_NF_ASSERT((skb->nh.iph->frag_off & htons(IP_OFFSET)) == 0); - if (!ip_ct_get_tuple(skb->nh.iph, skb, skb->nh.iph->ihl*4, + if (!ip_ct_get_tuple(skb->nh.iph, skb, skb->nh.iph->ihl*4, &tuple,proto)) return NULL; @@ -770,7 +770,7 @@ resolve_normal_ct(struct sk_buff *skb, if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) { DEBUGP("ip_conntrack_in: normal packet for %p\n", ct); - *ctinfo = IP_CT_ESTABLISHED; + *ctinfo = IP_CT_ESTABLISHED; } else if (test_bit(IPS_EXPECTED_BIT, &ct->status)) { DEBUGP("ip_conntrack_in: related packet for %p\n", ct); @@ -821,7 +821,7 @@ unsigned int ip_conntrack_in(unsigned int hooknum, if ((*pskb)->pkt_type == PACKET_BROADCAST) { printk("Broadcast packet!\n"); return NF_ACCEPT; - } else if (((*pskb)->nh.iph->daddr & htonl(0x000000FF)) + } else if (((*pskb)->nh.iph->daddr & htonl(0x000000FF)) == htonl(0x000000FF)) { printk("Should bcast: %u.%u.%u.%u->%u.%u.%u.%u (sk=%p, ptype=%u)\n", NIPQUAD((*pskb)->nh.iph->saddr), @@ -835,7 +835,7 @@ unsigned int ip_conntrack_in(unsigned int hooknum, /* It may be an special packet, error, unclean... * inverse of the return code tells to the netfilter * core what to do with the packet. */ - if (proto->error != NULL + if (proto->error != NULL && (ret = proto->error(*pskb, &ctinfo, hooknum)) <= 0) { CONNTRACK_STAT_INC(error); CONNTRACK_STAT_INC(invalid); @@ -875,7 +875,7 @@ unsigned int ip_conntrack_in(unsigned int hooknum, int invert_tuplepr(struct ip_conntrack_tuple *inverse, const struct ip_conntrack_tuple *orig) { - return ip_ct_invert_tuple(inverse, orig, + return ip_ct_invert_tuple(inverse, orig, __ip_conntrack_proto_find(orig->dst.protonum)); } @@ -884,7 +884,7 @@ static inline int expect_clash(const struct ip_conntrack_expect *a, const struct ip_conntrack_expect *b) { /* Part covered by intersection of masks must be unequal, - otherwise they clash */ + otherwise they clash */ struct ip_conntrack_tuple intersect_mask = { { a->mask.src.ip & b->mask.src.ip, { a->mask.src.u.all & b->mask.src.u.all } }, @@ -922,7 +922,7 @@ void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp) } /* We don't increase the master conntrack refcount for non-fulfilled - * conntracks. During the conntrack destruction, the expectations are + * conntracks. During the conntrack destruction, the expectations are * always killed before the conntrack itself */ struct ip_conntrack_expect *ip_conntrack_expect_alloc(struct ip_conntrack *me) { @@ -1011,7 +1011,7 @@ int ip_conntrack_expect_related(struct ip_conntrack_expect *expect) } /* Will be over limit? */ - if (expect->master->helper->max_expected && + if (expect->master->helper->max_expected && expect->master->expecting >= expect->master->helper->max_expected) evict_oldest_expect(expect->master); @@ -1020,7 +1020,7 @@ int ip_conntrack_expect_related(struct ip_conntrack_expect *expect) ret = 0; out: write_unlock_bh(&ip_conntrack_lock); - return ret; + return ret; } /* Alter reply tuple (maybe alter helper). This is for NAT, and is @@ -1068,7 +1068,7 @@ static inline void unhelp(struct ip_conntrack_tuple_hash *i, const struct ip_conntrack_helper *me) { if (tuplehash_to_ctrack(i)->helper == me) { - ip_conntrack_event(IPCT_HELPER, tuplehash_to_ctrack(i)); + ip_conntrack_event(IPCT_HELPER, tuplehash_to_ctrack(i)); tuplehash_to_ctrack(i)->helper = NULL; } } @@ -1104,8 +1104,8 @@ void ip_conntrack_helper_unregister(struct ip_conntrack_helper *me) } /* Refresh conntrack for this many jiffies and do accounting if do_acct is 1 */ -void __ip_ct_refresh_acct(struct ip_conntrack *ct, - enum ip_conntrack_info ctinfo, +void __ip_ct_refresh_acct(struct ip_conntrack *ct, + enum ip_conntrack_info ctinfo, const struct sk_buff *skb, unsigned long extra_jiffies, int do_acct) @@ -1139,7 +1139,7 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct, #ifdef CONFIG_IP_NF_CT_ACCT if (do_acct) { ct->counters[CTINFO2DIR(ctinfo)].packets++; - ct->counters[CTINFO2DIR(ctinfo)].bytes += + ct->counters[CTINFO2DIR(ctinfo)].bytes += ntohs(skb->nh.iph->tot_len); if ((ct->counters[CTINFO2DIR(ctinfo)].packets & 0x80000000) || (ct->counters[CTINFO2DIR(ctinfo)].bytes & 0x80000000)) @@ -1193,7 +1193,7 @@ ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user) { skb_orphan(skb); - local_bh_disable(); + local_bh_disable(); skb = ip_defrag(skb, user); local_bh_enable(); @@ -1210,7 +1210,7 @@ static void ip_conntrack_attach(struct sk_buff *nskb, struct sk_buff *skb) /* This ICMP is in reverse direction to the packet which caused it */ ct = ip_conntrack_get(skb, &ctinfo); - + if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) ctinfo = IP_CT_RELATED + IP_CT_IS_REPLY; else @@ -1278,7 +1278,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len) struct inet_sock *inet = inet_sk(sk); struct ip_conntrack_tuple_hash *h; struct ip_conntrack_tuple tuple; - + IP_CT_TUPLE_U_BLANK(&tuple); tuple.src.ip = inet->rcv_saddr; tuple.src.u.tcp.port = inet->sport; @@ -1346,7 +1346,7 @@ static void free_conntrack_hash(struct list_head *hash, int vmalloced,int size) if (vmalloced) vfree(hash); else - free_pages((unsigned long)hash, + free_pages((unsigned long)hash, get_order(sizeof(struct list_head) * size)); } @@ -1357,8 +1357,8 @@ void ip_conntrack_cleanup(void) ip_ct_attach = NULL; /* This makes sure all current packets have passed through - netfilter framework. Roll on, two-stage module - delete... */ + netfilter framework. Roll on, two-stage module + delete... */ synchronize_net(); ip_ct_event_cache_flush(); @@ -1384,11 +1384,11 @@ static struct list_head *alloc_hashtable(int size, int *vmalloced) struct list_head *hash; unsigned int i; - *vmalloced = 0; - hash = (void*)__get_free_pages(GFP_KERNEL, + *vmalloced = 0; + hash = (void*)__get_free_pages(GFP_KERNEL, get_order(sizeof(struct list_head) * size)); - if (!hash) { + if (!hash) { *vmalloced = 1; printk(KERN_WARNING"ip_conntrack: falling back to vmalloc.\n"); hash = vmalloc(sizeof(struct list_head) * size); @@ -1421,7 +1421,7 @@ static int set_hashsize(const char *val, struct kernel_param *kp) if (!hash) return -ENOMEM; - /* We have to rehash for the new table anyway, so we also can + /* We have to rehash for the new table anyway, so we also can * use a new random seed */ get_random_bytes(&rnd, 4); @@ -1459,7 +1459,7 @@ int __init ip_conntrack_init(void) /* Idea from tcp.c: use 1/16384 of memory. On i386: 32MB * machine has 256 buckets. >= 1GB machines have 8192 buckets. */ - if (!ip_conntrack_htable_size) { + if (!ip_conntrack_htable_size) { ip_conntrack_htable_size = (((num_physpages << PAGE_SHIFT) / 16384) / sizeof(struct list_head)); @@ -1489,8 +1489,8 @@ int __init ip_conntrack_init(void) } ip_conntrack_cachep = kmem_cache_create("ip_conntrack", - sizeof(struct ip_conntrack), 0, - 0, NULL, NULL); + sizeof(struct ip_conntrack), 0, + 0, NULL, NULL); if (!ip_conntrack_cachep) { printk(KERN_ERR "Unable to create ip_conntrack slab cache\n"); goto err_free_hash; diff --git a/net/ipv4/netfilter/ip_conntrack_ftp.c b/net/ipv4/netfilter/ip_conntrack_ftp.c index 0410c99cacae..1faa68ab9432 100644 --- a/net/ipv4/netfilter/ip_conntrack_ftp.c +++ b/net/ipv4/netfilter/ip_conntrack_ftp.c @@ -1,6 +1,6 @@ /* FTP extension for IP connection tracking. */ -/* (C) 1999-2001 Paul `Rusty' Russell +/* (C) 1999-2001 Paul `Rusty' Russell * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> * * This program is free software; you can redistribute it and/or modify @@ -169,7 +169,7 @@ static int try_eprt(const char *data, size_t dlen, u_int32_t array[6], int length; /* First character is delimiter, then "1" for IPv4, then - delimiter again. */ + delimiter again. */ if (dlen <= 3) return 0; delim = data[0]; if (isdigit(delim) || delim < 33 || delim > 126 @@ -344,14 +344,14 @@ static int help(struct sk_buff **pskb, if (!find_nl_seq(ntohl(th->seq), ct_ftp_info, dir)) { /* Now if this ends in \n, update ftp info. */ DEBUGP("ip_conntrack_ftp_help: wrong seq pos %s(%u) or %s(%u)\n", - ct_ftp_info->seq_aft_nl[0][dir] + ct_ftp_info->seq_aft_nl[0][dir] old_seq_aft_nl_set ? "":"(UNSET) ", old_seq_aft_nl); ret = NF_ACCEPT; goto out_update_nl; } /* Initialize IP array to expected address (it's not mentioned - in EPSV responses) */ + in EPSV responses) */ array[0] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 24) & 0xFF; array[1] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 16) & 0xFF; array[2] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 8) & 0xFF; @@ -386,7 +386,7 @@ static int help(struct sk_buff **pskb, DEBUGP("conntrack_ftp: match `%s' (%u bytes at %u)\n", fb_ptr + matchoff, matchlen, ntohl(th->seq) + matchoff); - + /* Allocate expectation which will be inserted */ exp = ip_conntrack_expect_alloc(ct); if (exp == NULL) { @@ -504,7 +504,7 @@ static int __init ip_conntrack_ftp_init(void) sprintf(tmpname, "ftp-%d", ports[i]); ftp[i].name = tmpname; - DEBUGP("ip_ct_ftp: registering helper for port %d\n", + DEBUGP("ip_ct_ftp: registering helper for port %d\n", ports[i]); ret = ip_conntrack_helper_register(&ftp[i]); diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323.c b/net/ipv4/netfilter/ip_conntrack_helper_h323.c index aabfe1c06905..53eb365ccc7e 100644 --- a/net/ipv4/netfilter/ip_conntrack_helper_h323.c +++ b/net/ipv4/netfilter/ip_conntrack_helper_h323.c @@ -42,7 +42,7 @@ MODULE_PARM_DESC(gkrouted_only, "only accept calls from gatekeeper"); static int callforward_filter = 1; module_param(callforward_filter, bool, 0600); MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations " - "if both endpoints are on different sides " + "if both endpoints are on different sides " "(determined by routing information)"); /* Hooks for NAT */ diff --git a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c index 4d19373bbf0d..2b760c5cf709 100644 --- a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c +++ b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c @@ -560,7 +560,7 @@ conntrack_pptp_help(struct sk_buff **pskb, tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph); BUG_ON(!tcph); nexthdr_off += tcph->doff * 4; - datalen = tcplen - tcph->doff * 4; + datalen = tcplen - tcph->doff * 4; pptph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_pptph), &_pptph); if (!pptph) { @@ -624,7 +624,7 @@ static struct ip_conntrack_helper pptp = { .max_expected = 2, .timeout = 5 * 60, .tuple = { .src = { .ip = 0, - .u = { .tcp = { .port = + .u = { .tcp = { .port = __constant_htons(PPTP_CONTROL_PORT) } } }, .dst = { .ip = 0, @@ -638,7 +638,7 @@ static struct ip_conntrack_helper pptp = { .dst = { .ip = 0, .u = { .all = 0 }, .protonum = 0xff - } + } }, .help = conntrack_pptp_help, .destroy = pptp_destroy_siblings, diff --git a/net/ipv4/netfilter/ip_conntrack_irc.c b/net/ipv4/netfilter/ip_conntrack_irc.c index 91832eca4106..053e591f407a 100644 --- a/net/ipv4/netfilter/ip_conntrack_irc.c +++ b/net/ipv4/netfilter/ip_conntrack_irc.c @@ -1,6 +1,6 @@ /* IRC extension for IP connection tracking, Version 1.21 * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org> - * based on RR's ip_conntrack_ftp.c + * based on RR's ip_conntrack_ftp.c * * ip_conntrack_irc.c,v 1.21 2002/02/05 14:49:26 laforge Exp * @@ -12,12 +12,12 @@ * Module load syntax: * insmod ip_conntrack_irc.o ports=port1,port2,...port<MAX_PORTS> * max_dcc_channels=n dcc_timeout=secs - * + * * please give the ports of all IRC servers You wish to connect to. * If You don't specify ports, the default will be port 6667. * With max_dcc_channels you can define the maximum number of not * yet answered DCC channels per IRC session (default 8). - * With dcc_timeout you can specify how long the system waits for + * With dcc_timeout you can specify how long the system waits for * an expected DCC channel (default 300 seconds). * */ @@ -63,7 +63,7 @@ static const char *dccprotos[] = { "SEND ", "CHAT ", "MOVE ", "TSEND ", "SCHAT " #if 0 #define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s:" format, \ - __FILE__, __FUNCTION__ , ## args) + __FILE__, __FUNCTION__ , ## args) #else #define DEBUGP(format, args...) #endif @@ -71,7 +71,7 @@ static const char *dccprotos[] = { "SEND ", "CHAT ", "MOVE ", "TSEND ", "SCHAT " static int parse_dcc(char *data, char *data_end, u_int32_t *ip, u_int16_t *port, char **ad_beg_p, char **ad_end_p) /* tries to get the ip_addr and port out of a dcc command - return value: -1 on failure, 0 on success + return value: -1 on failure, 0 on success data pointer to first byte of DCC command data data_end pointer to last byte of dcc command data ip returns parsed ip of dcc command @@ -90,7 +90,7 @@ static int parse_dcc(char *data, char *data_end, u_int32_t *ip, /* skip blanks between ip and port */ while (*data == ' ') { - if (data >= data_end) + if (data >= data_end) return -1; data++; } @@ -171,7 +171,7 @@ static int help(struct sk_buff **pskb, DEBUGP("DCC %s detected\n", dccprotos[i]); data += strlen(dccprotos[i]); - /* we have at least + /* we have at least * (19+MINMATCHLEN)-5-dccprotos[i].matchlen bytes valid * data left (== 14/13 bytes) */ if (parse_dcc((char *)data, data_limit, &dcc_ip, @@ -260,7 +260,7 @@ static int __init ip_conntrack_irc_init(void) irc_buffer = kmalloc(65536, GFP_KERNEL); if (!irc_buffer) return -ENOMEM; - + /* If no port given, default to standard irc port */ if (ports_c == 0) ports[ports_c++] = IRC_PORT; @@ -297,7 +297,7 @@ static int __init ip_conntrack_irc_init(void) return 0; } -/* This function is intentionally _NOT_ defined as __exit, because +/* This function is intentionally _NOT_ defined as __exit, because * it is needed by the init function */ static void ip_conntrack_irc_fini(void) { diff --git a/net/ipv4/netfilter/ip_conntrack_netbios_ns.c b/net/ipv4/netfilter/ip_conntrack_netbios_ns.c index a1d6a89f64aa..cc6dd49c9da0 100644 --- a/net/ipv4/netfilter/ip_conntrack_netbios_ns.c +++ b/net/ipv4/netfilter/ip_conntrack_netbios_ns.c @@ -42,7 +42,7 @@ module_param(timeout, uint, 0400); MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds"); static int help(struct sk_buff **pskb, - struct ip_conntrack *ct, enum ip_conntrack_info ctinfo) + struct ip_conntrack *ct, enum ip_conntrack_info ctinfo) { struct ip_conntrack_expect *exp; struct iphdr *iph = (*pskb)->nh.iph; diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c index 7f70b0886b83..9228b76ccd9a 100644 --- a/net/ipv4/netfilter/ip_conntrack_netlink.c +++ b/net/ipv4/netfilter/ip_conntrack_netlink.c @@ -6,10 +6,10 @@ * (C) 2003 by Patrick Mchardy <kaber@trash.net> * (C) 2005-2006 by Pablo Neira Ayuso <pablo@eurodev.net> * - * I've reworked this stuff to use attributes instead of conntrack + * I've reworked this stuff to use attributes instead of conntrack * structures. 5.44 am. I need more tea. --pablo 05/07/11. * - * Initial connection tracking via netlink development funded and + * Initial connection tracking via netlink development funded and * generally made possible by Network Robots, Inc. (www.networkrobots.com) * * Further development of this code funded by Astaro AG (http://www.astaro.com) @@ -45,7 +45,7 @@ MODULE_LICENSE("GPL"); static char __initdata version[] = "0.90"; static inline int -ctnetlink_dump_tuples_proto(struct sk_buff *skb, +ctnetlink_dump_tuples_proto(struct sk_buff *skb, const struct ip_conntrack_tuple *tuple, struct ip_conntrack_protocol *proto) { @@ -56,7 +56,7 @@ ctnetlink_dump_tuples_proto(struct sk_buff *skb, if (likely(proto->tuple_to_nfattr)) ret = proto->tuple_to_nfattr(skb, tuple); - + NFA_NEST_END(skb, nest_parms); return ret; @@ -70,7 +70,7 @@ ctnetlink_dump_tuples_ip(struct sk_buff *skb, const struct ip_conntrack_tuple *tuple) { struct nfattr *nest_parms = NFA_NEST(skb, CTA_TUPLE_IP); - + NFA_PUT(skb, CTA_IP_V4_SRC, sizeof(__be32), &tuple->src.ip); NFA_PUT(skb, CTA_IP_V4_DST, sizeof(__be32), &tuple->dst.ip); @@ -121,7 +121,7 @@ ctnetlink_dump_timeout(struct sk_buff *skb, const struct ip_conntrack *ct) timeout = 0; else timeout = htonl(timeout_l / HZ); - + NFA_PUT(skb, CTA_TIMEOUT, sizeof(timeout), &timeout); return 0; @@ -141,7 +141,7 @@ ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct ip_conntrack *ct) ip_conntrack_proto_put(proto); return 0; } - + nest_proto = NFA_NEST(skb, CTA_PROTOINFO); ret = proto->to_nfattr(skb, nest_proto, ct); @@ -164,7 +164,7 @@ ctnetlink_dump_helpinfo(struct sk_buff *skb, const struct ip_conntrack *ct) if (!ct->helper) return 0; - + nest_helper = NFA_NEST(skb, CTA_HELP); NFA_PUT(skb, CTA_HELP_NAME, strlen(ct->helper->name), ct->helper->name); @@ -236,7 +236,7 @@ static inline int ctnetlink_dump_use(struct sk_buff *skb, const struct ip_conntrack *ct) { __be32 use = htonl(atomic_read(&ct->ct_general.use)); - + NFA_PUT(skb, CTA_USE, sizeof(__be32), &use); return 0; @@ -248,7 +248,7 @@ nfattr_failure: static int ctnetlink_fill_info(struct sk_buff *skb, u32 pid, u32 seq, - int event, int nowait, + int event, int nowait, const struct ip_conntrack *ct) { struct nlmsghdr *nlh; @@ -271,7 +271,7 @@ ctnetlink_fill_info(struct sk_buff *skb, u32 pid, u32 seq, if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_ORIGINAL)) < 0) goto nfattr_failure; NFA_NEST_END(skb, nest_parms); - + nest_parms = NFA_NEST(skb, CTA_TUPLE_REPLY); if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0) goto nfattr_failure; @@ -299,7 +299,7 @@ nfattr_failure: #ifdef CONFIG_IP_NF_CONNTRACK_EVENTS static int ctnetlink_conntrack_event(struct notifier_block *this, - unsigned long events, void *ptr) + unsigned long events, void *ptr) { struct nlmsghdr *nlh; struct nfgenmsg *nfmsg; @@ -324,7 +324,7 @@ static int ctnetlink_conntrack_event(struct notifier_block *this, } else if (events & (IPCT_STATUS | IPCT_PROTOINFO)) { type = IPCTNL_MSG_CT_NEW; group = NFNLGRP_CONNTRACK_UPDATE; - } else + } else return NOTIFY_DONE; if (!nfnetlink_has_listeners(group)) @@ -349,7 +349,7 @@ static int ctnetlink_conntrack_event(struct notifier_block *this, if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_ORIGINAL)) < 0) goto nfattr_failure; NFA_NEST_END(skb, nest_parms); - + nest_parms = NFA_NEST(skb, CTA_TUPLE_REPLY); if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0) goto nfattr_failure; @@ -368,16 +368,16 @@ static int ctnetlink_conntrack_event(struct notifier_block *this, if (events & IPCT_PROTOINFO && ctnetlink_dump_protoinfo(skb, ct) < 0) - goto nfattr_failure; + goto nfattr_failure; if ((events & IPCT_HELPER || ct->helper) && ctnetlink_dump_helpinfo(skb, ct) < 0) - goto nfattr_failure; + goto nfattr_failure; #ifdef CONFIG_IP_NF_CONNTRACK_MARK if ((events & IPCT_MARK || ct->mark) && ctnetlink_dump_mark(skb, ct) < 0) - goto nfattr_failure; + goto nfattr_failure; #endif if (events & IPCT_COUNTER_FILLING && @@ -426,7 +426,7 @@ restart: cb->args[1] = 0; } if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid, - cb->nlh->nlmsg_seq, + cb->nlh->nlmsg_seq, IPCTNL_MSG_CT_NEW, 1, ct) < 0) { nf_conntrack_get(&ct->ct_general); @@ -488,7 +488,7 @@ static const size_t cta_min_proto[CTA_PROTO_MAX] = { }; static inline int -ctnetlink_parse_tuple_proto(struct nfattr *attr, +ctnetlink_parse_tuple_proto(struct nfattr *attr, struct ip_conntrack_tuple *tuple) { struct nfattr *tb[CTA_PROTO_MAX]; @@ -508,9 +508,9 @@ ctnetlink_parse_tuple_proto(struct nfattr *attr, if (likely(proto->nfattr_to_tuple)) ret = proto->nfattr_to_tuple(tb, tuple); - + ip_conntrack_proto_put(proto); - + return ret; } @@ -595,7 +595,7 @@ ctnetlink_parse_nat(struct nfattr *nat, int err; memset(range, 0, sizeof(*range)); - + nfattr_parse_nested(tb, CTA_NAT_MAX, nat); if (nfattr_bad_size(tb, CTA_NAT_MAX, cta_min_nat)) @@ -647,7 +647,7 @@ static const size_t cta_min[CTA_MAX] = { }; static int -ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb, +ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb, struct nlmsghdr *nlh, struct nfattr *cda[], int *errp) { struct ip_conntrack_tuple_hash *h; @@ -676,14 +676,14 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb, return -ENOENT; ct = tuplehash_to_ctrack(h); - + if (cda[CTA_ID-1]) { u_int32_t id = ntohl(*(__be32 *)NFA_DATA(cda[CTA_ID-1])); if (ct->id != id) { ip_conntrack_put(ct); return -ENOENT; } - } + } if (del_timer(&ct->timeout)) ct->timeout.function((unsigned long)ct); @@ -693,7 +693,7 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb, } static int -ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb, +ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb, struct nlmsghdr *nlh, struct nfattr *cda[], int *errp) { struct ip_conntrack_tuple_hash *h; @@ -714,8 +714,8 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb, return -ENOTSUPP; #endif if ((*errp = netlink_dump_start(ctnl, skb, nlh, - ctnetlink_dump_table, - ctnetlink_done)) != 0) + ctnetlink_dump_table, + ctnetlink_done)) != 0) return -EINVAL; rlen = NLMSG_ALIGN(nlh->nlmsg_len); @@ -751,7 +751,7 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb, return -ENOMEM; } - err = ctnetlink_fill_info(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, + err = ctnetlink_fill_info(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, IPCTNL_MSG_CT_NEW, 1, ct); ip_conntrack_put(ct); if (err <= 0) @@ -779,12 +779,12 @@ ctnetlink_change_status(struct ip_conntrack *ct, struct nfattr *cda[]) if (d & (IPS_EXPECTED|IPS_CONFIRMED|IPS_DYING)) /* unchangeable */ return -EINVAL; - + if (d & IPS_SEEN_REPLY && !(status & IPS_SEEN_REPLY)) /* SEEN_REPLY bit can only be set */ return -EINVAL; - + if (d & IPS_ASSURED && !(status & IPS_ASSURED)) /* ASSURED bit can only be set */ return -EINVAL; @@ -857,7 +857,7 @@ ctnetlink_change_helper(struct ip_conntrack *ct, struct nfattr *cda[]) memset(&ct->help, 0, sizeof(ct->help)); } } - + ct->helper = helper; return 0; @@ -867,7 +867,7 @@ static inline int ctnetlink_change_timeout(struct ip_conntrack *ct, struct nfattr *cda[]) { u_int32_t timeout = ntohl(*(__be32 *)NFA_DATA(cda[CTA_TIMEOUT-1])); - + if (!del_timer(&ct->timeout)) return -ETIME; @@ -891,7 +891,7 @@ ctnetlink_change_protoinfo(struct ip_conntrack *ct, struct nfattr *cda[]) if (proto->from_nfattr) err = proto->from_nfattr(tb, ct); - ip_conntrack_proto_put(proto); + ip_conntrack_proto_put(proto); return err; } @@ -934,7 +934,7 @@ ctnetlink_change_conntrack(struct ip_conntrack *ct, struct nfattr *cda[]) } static int -ctnetlink_create_conntrack(struct nfattr *cda[], +ctnetlink_create_conntrack(struct nfattr *cda[], struct ip_conntrack_tuple *otuple, struct ip_conntrack_tuple *rtuple) { @@ -943,7 +943,7 @@ ctnetlink_create_conntrack(struct nfattr *cda[], ct = ip_conntrack_alloc(otuple, rtuple); if (ct == NULL || IS_ERR(ct)) - return -ENOMEM; + return -ENOMEM; if (!cda[CTA_TIMEOUT-1]) goto err; @@ -979,13 +979,13 @@ ctnetlink_create_conntrack(struct nfattr *cda[], return 0; -err: +err: ip_conntrack_free(ct); return err; } -static int -ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb, +static int +ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb, struct nlmsghdr *nlh, struct nfattr *cda[], int *errp) { struct ip_conntrack_tuple otuple, rtuple; @@ -1039,9 +1039,9 @@ out_unlock: return err; } -/*********************************************************************** - * EXPECT - ***********************************************************************/ +/*********************************************************************** + * EXPECT + ***********************************************************************/ static inline int ctnetlink_exp_dump_tuple(struct sk_buff *skb, @@ -1049,7 +1049,7 @@ ctnetlink_exp_dump_tuple(struct sk_buff *skb, enum ctattr_expect type) { struct nfattr *nest_parms = NFA_NEST(skb, type); - + if (ctnetlink_dump_tuples(skb, tuple) < 0) goto nfattr_failure; @@ -1059,7 +1059,7 @@ ctnetlink_exp_dump_tuple(struct sk_buff *skb, nfattr_failure: return -1; -} +} static inline int ctnetlink_exp_dump_mask(struct sk_buff *skb, @@ -1090,7 +1090,7 @@ nfattr_failure: static inline int ctnetlink_exp_dump_expect(struct sk_buff *skb, - const struct ip_conntrack_expect *exp) + const struct ip_conntrack_expect *exp) { struct ip_conntrack *master = exp->master; __be32 timeout = htonl((exp->timeout.expires - jiffies) / HZ); @@ -1104,20 +1104,20 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, &master->tuplehash[IP_CT_DIR_ORIGINAL].tuple, CTA_EXPECT_MASTER) < 0) goto nfattr_failure; - + NFA_PUT(skb, CTA_EXPECT_TIMEOUT, sizeof(__be32), &timeout); NFA_PUT(skb, CTA_EXPECT_ID, sizeof(__be32), &id); return 0; - + nfattr_failure: return -1; } static int ctnetlink_exp_fill_info(struct sk_buff *skb, u32 pid, u32 seq, - int event, - int nowait, + int event, + int nowait, const struct ip_conntrack_expect *exp) { struct nlmsghdr *nlh; @@ -1216,7 +1216,7 @@ ctnetlink_exp_dump_table(struct sk_buff *skb, struct netlink_callback *cb) goto out; *id = exp->id; } -out: +out: read_unlock_bh(&ip_conntrack_lock); return skb->len; @@ -1228,7 +1228,7 @@ static const size_t cta_min_exp[CTA_EXPECT_MAX] = { }; static int -ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb, +ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb, struct nlmsghdr *nlh, struct nfattr *cda[], int *errp) { struct ip_conntrack_tuple tuple; @@ -1247,7 +1247,7 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb, return -EAFNOSUPPORT; if ((*errp = netlink_dump_start(ctnl, skb, nlh, - ctnetlink_exp_dump_table, + ctnetlink_exp_dump_table, ctnetlink_done)) != 0) return -EINVAL; rlen = NLMSG_ALIGN(nlh->nlmsg_len); @@ -1275,14 +1275,14 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb, ip_conntrack_expect_put(exp); return -ENOENT; } - } + } err = -ENOMEM; skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); if (!skb2) goto out; - err = ctnetlink_exp_fill_info(skb2, NETLINK_CB(skb).pid, + err = ctnetlink_exp_fill_info(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, IPCTNL_MSG_EXP_NEW, 1, exp); if (err <= 0) @@ -1300,7 +1300,7 @@ out: } static int -ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb, +ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb, struct nlmsghdr *nlh, struct nfattr *cda[], int *errp) { struct ip_conntrack_expect *exp, *tmp; @@ -1333,7 +1333,7 @@ ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb, /* after list removal, usage count == 1 */ ip_conntrack_unexpect_related(exp); - /* have to put what we 'get' above. + /* have to put what we 'get' above. * after this line usage count == 0 */ ip_conntrack_expect_put(exp); } else if (cda[CTA_EXPECT_HELP_NAME-1]) { @@ -1348,7 +1348,7 @@ ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb, } list_for_each_entry_safe(exp, tmp, &ip_conntrack_expect_list, list) { - if (exp->master->helper == h + if (exp->master->helper == h && del_timer(&exp->timeout)) { ip_ct_unlink_expect(exp); ip_conntrack_expect_put(exp); @@ -1413,7 +1413,7 @@ ctnetlink_create_expect(struct nfattr *cda[]) err = -ENOMEM; goto out; } - + exp->expectfn = NULL; exp->flags = 0; exp->master = ct; @@ -1423,7 +1423,7 @@ ctnetlink_create_expect(struct nfattr *cda[]) err = ip_conntrack_expect_related(exp); ip_conntrack_expect_put(exp); -out: +out: ip_conntrack_put(tuplehash_to_ctrack(h)); return err; } diff --git a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c index 295b6fa340db..ec71abead00c 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c @@ -94,9 +94,9 @@ static int icmp_packet(struct ip_conntrack *ct, enum ip_conntrack_info ctinfo) { /* Try to delete connection immediately after all replies: - won't actually vanish as we still have skb, and del_timer - means this will only run once even if count hits zero twice - (theoretically possible with SMP) */ + won't actually vanish as we still have skb, and del_timer + means this will only run once even if count hits zero twice + (theoretically possible with SMP) */ if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) { if (atomic_dec_and_test(&ct->proto.icmp.count) && del_timer(&ct->timeout)) @@ -114,11 +114,11 @@ static int icmp_packet(struct ip_conntrack *ct, static int icmp_new(struct ip_conntrack *conntrack, const struct sk_buff *skb) { - static const u_int8_t valid_new[] = { + static const u_int8_t valid_new[] = { [ICMP_ECHO] = 1, [ICMP_TIMESTAMP] = 1, [ICMP_INFO_REQUEST] = 1, - [ICMP_ADDRESS] = 1 + [ICMP_ADDRESS] = 1 }; if (conntrack->tuplehash[0].tuple.dst.u.icmp.type >= sizeof(valid_new) @@ -282,7 +282,7 @@ static int icmp_nfattr_to_tuple(struct nfattr *tb[], || !tb[CTA_PROTO_ICMP_ID-1]) return -EINVAL; - tuple->dst.u.icmp.type = + tuple->dst.u.icmp.type = *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMP_TYPE-1]); tuple->dst.u.icmp.code = *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMP_CODE-1]); diff --git a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c index 2443322e4128..9d5b917f49cd 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c @@ -1,9 +1,9 @@ /* * Connection tracking protocol helper module for SCTP. - * - * SCTP is defined in RFC 2960. References to various sections in this code + * + * SCTP is defined in RFC 2960. References to various sections in this code * are to this RFC. - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. @@ -38,7 +38,7 @@ static DEFINE_RWLOCK(sctp_lock); /* FIXME: Examine ipfilter's timeouts and conntrack transitions more - closely. They're more complex. --RR + closely. They're more complex. --RR And so for me for SCTP :D -Kiran */ @@ -87,32 +87,32 @@ static const unsigned int * sctp_timeouts[] #define sSA SCTP_CONNTRACK_SHUTDOWN_ACK_SENT #define sIV SCTP_CONNTRACK_MAX -/* +/* These are the descriptions of the states: -NOTE: These state names are tantalizingly similar to the states of an +NOTE: These state names are tantalizingly similar to the states of an SCTP endpoint. But the interpretation of the states is a little different, -considering that these are the states of the connection and not of an end +considering that these are the states of the connection and not of an end point. Please note the subtleties. -Kiran NONE - Nothing so far. -COOKIE WAIT - We have seen an INIT chunk in the original direction, or also - an INIT_ACK chunk in the reply direction. +COOKIE WAIT - We have seen an INIT chunk in the original direction, or also + an INIT_ACK chunk in the reply direction. COOKIE ECHOED - We have seen a COOKIE_ECHO chunk in the original direction. ESTABLISHED - We have seen a COOKIE_ACK in the reply direction. SHUTDOWN_SENT - We have seen a SHUTDOWN chunk in the original direction. SHUTDOWN_RECD - We have seen a SHUTDOWN chunk in the reply directoin. SHUTDOWN_ACK_SENT - We have seen a SHUTDOWN_ACK chunk in the direction opposite - to that of the SHUTDOWN chunk. -CLOSED - We have seen a SHUTDOWN_COMPLETE chunk in the direction of - the SHUTDOWN chunk. Connection is closed. + to that of the SHUTDOWN chunk. +CLOSED - We have seen a SHUTDOWN_COMPLETE chunk in the direction of + the SHUTDOWN chunk. Connection is closed. */ /* TODO - - I have assumed that the first INIT is in the original direction. + - I have assumed that the first INIT is in the original direction. This messes things when an INIT comes in the reply direction in CLOSED state. - - Check the error type in the reply dir before transitioning from + - Check the error type in the reply dir before transitioning from cookie echoed to closed. - Sec 5.2.4 of RFC 2960 - Multi Homing support. @@ -229,7 +229,7 @@ static int do_basic_checks(struct ip_conntrack *conntrack, for_each_sctp_chunk (skb, sch, _sch, offset, count) { DEBUGP("Chunk Num: %d Type: %d\n", count, sch->type); - if (sch->type == SCTP_CID_INIT + if (sch->type == SCTP_CID_INIT || sch->type == SCTP_CID_INIT_ACK || sch->type == SCTP_CID_SHUTDOWN_COMPLETE) { flag = 1; @@ -269,42 +269,42 @@ static int new_state(enum ip_conntrack_dir dir, DEBUGP("Chunk type: %d\n", chunk_type); switch (chunk_type) { - case SCTP_CID_INIT: + case SCTP_CID_INIT: DEBUGP("SCTP_CID_INIT\n"); i = 0; break; - case SCTP_CID_INIT_ACK: + case SCTP_CID_INIT_ACK: DEBUGP("SCTP_CID_INIT_ACK\n"); i = 1; break; - case SCTP_CID_ABORT: + case SCTP_CID_ABORT: DEBUGP("SCTP_CID_ABORT\n"); i = 2; break; - case SCTP_CID_SHUTDOWN: + case SCTP_CID_SHUTDOWN: DEBUGP("SCTP_CID_SHUTDOWN\n"); i = 3; break; - case SCTP_CID_SHUTDOWN_ACK: + case SCTP_CID_SHUTDOWN_ACK: DEBUGP("SCTP_CID_SHUTDOWN_ACK\n"); i = 4; break; - case SCTP_CID_ERROR: + case SCTP_CID_ERROR: DEBUGP("SCTP_CID_ERROR\n"); i = 5; break; - case SCTP_CID_COOKIE_ECHO: + case SCTP_CID_COOKIE_ECHO: DEBUGP("SCTP_CID_COOKIE_ECHO\n"); i = 6; break; - case SCTP_CID_COOKIE_ACK: + case SCTP_CID_COOKIE_ACK: DEBUGP("SCTP_CID_COOKIE_ACK\n"); i = 7; break; - case SCTP_CID_SHUTDOWN_COMPLETE: + case SCTP_CID_SHUTDOWN_COMPLETE: DEBUGP("SCTP_CID_SHUTDOWN_COMPLETE\n"); i = 8; break; default: /* Other chunks like DATA, SACK, HEARTBEAT and its ACK do not cause a change in state */ - DEBUGP("Unknown chunk type, Will stay in %s\n", + DEBUGP("Unknown chunk type, Will stay in %s\n", sctp_conntrack_names[cur_state]); return cur_state; } - DEBUGP("dir: %d cur_state: %s chunk_type: %d new_state: %s\n", + DEBUGP("dir: %d cur_state: %s chunk_type: %d new_state: %s\n", dir, sctp_conntrack_names[cur_state], chunk_type, sctp_conntrack_names[sctp_conntracks[dir][i][cur_state]]); @@ -367,7 +367,7 @@ static int sctp_packet(struct ip_conntrack *conntrack, /* Sec 8.5.1 (C) */ if (!(sh->vtag == conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) && !(sh->vtag == conntrack->proto.sctp.vtag - [1 - CTINFO2DIR(ctinfo)] + [1 - CTINFO2DIR(ctinfo)] && (sch->flags & 1))) { write_unlock_bh(&sctp_lock); return -1; @@ -392,17 +392,17 @@ static int sctp_packet(struct ip_conntrack *conntrack, } /* If it is an INIT or an INIT ACK note down the vtag */ - if (sch->type == SCTP_CID_INIT + if (sch->type == SCTP_CID_INIT || sch->type == SCTP_CID_INIT_ACK) { sctp_inithdr_t _inithdr, *ih; ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t), - sizeof(_inithdr), &_inithdr); + sizeof(_inithdr), &_inithdr); if (ih == NULL) { write_unlock_bh(&sctp_lock); return -1; } - DEBUGP("Setting vtag %x for dir %d\n", + DEBUGP("Setting vtag %x for dir %d\n", ih->init_tag, !CTINFO2DIR(ctinfo)); conntrack->proto.sctp.vtag[!CTINFO2DIR(ctinfo)] = ih->init_tag; } @@ -427,7 +427,7 @@ static int sctp_packet(struct ip_conntrack *conntrack, } /* Called when a new connection for this protocol found. */ -static int sctp_new(struct ip_conntrack *conntrack, +static int sctp_new(struct ip_conntrack *conntrack, const struct sk_buff *skb) { enum sctp_conntrack newconntrack; @@ -457,7 +457,7 @@ static int sctp_new(struct ip_conntrack *conntrack, newconntrack = SCTP_CONNTRACK_MAX; for_each_sctp_chunk (skb, sch, _sch, offset, count) { /* Don't need lock here: this conntrack not in circulation yet */ - newconntrack = new_state (IP_CT_DIR_ORIGINAL, + newconntrack = new_state (IP_CT_DIR_ORIGINAL, SCTP_CONNTRACK_NONE, sch->type); /* Invalid: delete conntrack */ @@ -472,14 +472,14 @@ static int sctp_new(struct ip_conntrack *conntrack, sctp_inithdr_t _inithdr, *ih; ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t), - sizeof(_inithdr), &_inithdr); + sizeof(_inithdr), &_inithdr); if (ih == NULL) return 0; - DEBUGP("Setting vtag %x for new conn\n", + DEBUGP("Setting vtag %x for new conn\n", ih->init_tag); - conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] = + conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] = ih->init_tag; } else { /* Sec 8.5.1 (A) */ @@ -489,7 +489,7 @@ static int sctp_new(struct ip_conntrack *conntrack, /* If it is a shutdown ack OOTB packet, we expect a return shutdown complete, otherwise an ABORT Sec 8.4 (5) and (8) */ else { - DEBUGP("Setting vtag %x for new conn OOTB\n", + DEBUGP("Setting vtag %x for new conn OOTB\n", sh->vtag); conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] = sh->vtag; } @@ -500,16 +500,16 @@ static int sctp_new(struct ip_conntrack *conntrack, return 1; } -static struct ip_conntrack_protocol ip_conntrack_protocol_sctp = { - .proto = IPPROTO_SCTP, +static struct ip_conntrack_protocol ip_conntrack_protocol_sctp = { + .proto = IPPROTO_SCTP, .name = "sctp", - .pkt_to_tuple = sctp_pkt_to_tuple, - .invert_tuple = sctp_invert_tuple, - .print_tuple = sctp_print_tuple, + .pkt_to_tuple = sctp_pkt_to_tuple, + .invert_tuple = sctp_invert_tuple, + .print_tuple = sctp_print_tuple, .print_conntrack = sctp_print_conntrack, - .packet = sctp_packet, - .new = sctp_new, - .destroy = NULL, + .packet = sctp_packet, + .new = sctp_new, + .destroy = NULL, .me = THIS_MODULE, #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE) @@ -603,7 +603,7 @@ static ctl_table ip_ct_net_table[] = { { .ctl_name = CTL_NET, .procname = "net", - .mode = 0555, + .mode = 0555, .child = ip_ct_ipv4_table, }, { .ctl_name = 0 } @@ -638,7 +638,7 @@ static int __init ip_conntrack_proto_sctp_init(void) ip_conntrack_protocol_unregister(&ip_conntrack_protocol_sctp); #endif out: - DEBUGP("SCTP conntrack module loading %s\n", + DEBUGP("SCTP conntrack module loading %s\n", ret ? "failed": "succeeded"); return ret; } @@ -647,7 +647,7 @@ static void __exit ip_conntrack_proto_sctp_fini(void) { ip_conntrack_protocol_unregister(&ip_conntrack_protocol_sctp); #ifdef CONFIG_SYSCTL - unregister_sysctl_table(ip_ct_sysctl_header); + unregister_sysctl_table(ip_ct_sysctl_header); #endif DEBUGP("SCTP conntrack module unloaded\n"); } diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c index c34f48fe5478..fa35b49fe2fa 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c @@ -45,8 +45,8 @@ /* Protects conntrack->proto.tcp */ static DEFINE_RWLOCK(tcp_lock); -/* "Be conservative in what you do, - be liberal in what you accept from others." +/* "Be conservative in what you do, + be liberal in what you accept from others." If it's non-zero, we mark only out of window RST segments as INVALID. */ int ip_ct_tcp_be_liberal __read_mostly = 0; @@ -54,8 +54,8 @@ int ip_ct_tcp_be_liberal __read_mostly = 0; connections. */ int ip_ct_tcp_loose __read_mostly = 1; -/* Max number of the retransmitted packets without receiving an (acceptable) - ACK from the destination. If this number is reached, a shorter timer +/* Max number of the retransmitted packets without receiving an (acceptable) + ACK from the destination. If this number is reached, a shorter timer will be started. */ int ip_ct_tcp_max_retrans __read_mostly = 3; @@ -74,7 +74,7 @@ static const char *tcp_conntrack_names[] = { "CLOSE", "LISTEN" }; - + #define SECS * HZ #define MINS * 60 SECS #define HOURS * 60 MINS @@ -90,10 +90,10 @@ unsigned int ip_ct_tcp_timeout_time_wait __read_mostly = 2 MINS; unsigned int ip_ct_tcp_timeout_close __read_mostly = 10 SECS; /* RFC1122 says the R2 limit should be at least 100 seconds. - Linux uses 15 packets as limit, which corresponds + Linux uses 15 packets as limit, which corresponds to ~13-30min depending on RTO. */ unsigned int ip_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS; - + static const unsigned int * tcp_timeouts[] = { NULL, /* TCP_CONNTRACK_NONE */ &ip_ct_tcp_timeout_syn_sent, /* TCP_CONNTRACK_SYN_SENT, */ @@ -106,7 +106,7 @@ static const unsigned int * tcp_timeouts[] &ip_ct_tcp_timeout_close, /* TCP_CONNTRACK_CLOSE, */ NULL, /* TCP_CONNTRACK_LISTEN */ }; - + #define sNO TCP_CONNTRACK_NONE #define sSS TCP_CONNTRACK_SYN_SENT #define sSR TCP_CONNTRACK_SYN_RECV @@ -129,13 +129,13 @@ enum tcp_bit_set { TCP_RST_SET, TCP_NONE_SET, }; - + /* * The TCP state transition table needs a few words... * * We are the man in the middle. All the packets go through us * but might get lost in transit to the destination. - * It is assumed that the destinations can't receive segments + * It is assumed that the destinations can't receive segments * we haven't seen. * * The checked segment is in window, but our windows are *not* @@ -145,11 +145,11 @@ enum tcp_bit_set { * The meaning of the states are: * * NONE: initial state - * SYN_SENT: SYN-only packet seen + * SYN_SENT: SYN-only packet seen * SYN_RECV: SYN-ACK packet seen * ESTABLISHED: ACK packet seen * FIN_WAIT: FIN packet seen - * CLOSE_WAIT: ACK seen (after FIN) + * CLOSE_WAIT: ACK seen (after FIN) * LAST_ACK: FIN seen (after FIN) * TIME_WAIT: last ACK seen * CLOSE: closed connection @@ -157,8 +157,8 @@ enum tcp_bit_set { * LISTEN state is not used. * * Packets marked as IGNORED (sIG): - * if they may be either invalid or valid - * and the receiver may send back a connection + * if they may be either invalid or valid + * and the receiver may send back a connection * closing RST or a SYN/ACK. * * Packets marked as INVALID (sIV): @@ -175,7 +175,7 @@ static const enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = { * sSS -> sSS Retransmitted SYN * sSR -> sIG Late retransmitted SYN? * sES -> sIG Error: SYNs in window outside the SYN_SENT state - * are errors. Receiver will reply with RST + * are errors. Receiver will reply with RST * and close the connection. * Or we are not in sync and hold a dead connection. * sFW -> sIG @@ -188,10 +188,10 @@ static const enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = { /*synack*/ { sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV }, /* * A SYN/ACK from the client is always invalid: - * - either it tries to set up a simultaneous open, which is + * - either it tries to set up a simultaneous open, which is * not supported; * - or the firewall has just been inserted between the two hosts - * during the session set-up. The SYN will be retransmitted + * during the session set-up. The SYN will be retransmitted * by the true client (or it'll time out). */ /* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */ @@ -201,9 +201,9 @@ static const enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = { * sSS -> sIV Client migth not send FIN in this state: * we enforce waiting for a SYN/ACK reply first. * sSR -> sFW Close started. - * sES -> sFW + * sES -> sFW * sFW -> sLA FIN seen in both directions, waiting for - * the last ACK. + * the last ACK. * Migth be a retransmitted FIN as well... * sCW -> sLA * sLA -> sLA Retransmitted FIN. Remain in the same state. @@ -281,7 +281,7 @@ static const enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = { /* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */ /*rst*/ { sIV, sCL, sCL, sCL, sCL, sCL, sCL, sCL, sCL, sIV }, /*none*/ { sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV } - } + } }; static int tcp_pkt_to_tuple(const struct sk_buff *skb, @@ -337,7 +337,7 @@ static int tcp_to_nfattr(struct sk_buff *skb, struct nfattr *nfa, const struct ip_conntrack *ct) { struct nfattr *nest_parms; - + read_lock_bh(&tcp_lock); nest_parms = NFA_NEST(skb, CTA_PROTOINFO_TCP); NFA_PUT(skb, CTA_PROTOINFO_TCP_STATE, sizeof(u_int8_t), @@ -367,7 +367,7 @@ static int nfattr_to_tcp(struct nfattr *cda[], struct ip_conntrack *ct) if (!attr) return 0; - nfattr_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr); + nfattr_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr); if (nfattr_bad_size(tb, CTA_PROTOINFO_TCP_MAX, cta_min_tcp)) return -EINVAL; @@ -376,7 +376,7 @@ static int nfattr_to_tcp(struct nfattr *cda[], struct ip_conntrack *ct) return -EINVAL; write_lock_bh(&tcp_lock); - ct->proto.tcp.state = + ct->proto.tcp.state = *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_TCP_STATE-1]); write_unlock_bh(&tcp_lock); @@ -395,30 +395,30 @@ static unsigned int get_conntrack_index(const struct tcphdr *tcph) /* TCP connection tracking based on 'Real Stateful TCP Packet Filtering in IP Filter' by Guido van Rooij. - + http://www.nluug.nl/events/sane2000/papers.html http://www.iae.nl/users/guido/papers/tcp_filtering.ps.gz - + The boundaries and the conditions are changed according to RFC793: the packet must intersect the window (i.e. segments may be after the right or before the left edge) and thus receivers may ACK segments after the right edge of the window. - td_maxend = max(sack + max(win,1)) seen in reply packets + td_maxend = max(sack + max(win,1)) seen in reply packets td_maxwin = max(max(win, 1)) + (sack - ack) seen in sent packets td_maxwin += seq + len - sender.td_maxend if seq + len > sender.td_maxend td_end = max(seq + len) seen in sent packets - + I. Upper bound for valid data: seq <= sender.td_maxend II. Lower bound for valid data: seq + len >= sender.td_end - receiver.td_maxwin III. Upper bound for valid ack: sack <= receiver.td_end IV. Lower bound for valid ack: ack >= receiver.td_end - MAXACKWINDOW - + where sack is the highest right edge of sack block found in the packet. - - The upper bound limit for a valid ack is not ignored - - we doesn't have to deal with fragments. + + The upper bound limit for a valid ack is not ignored - + we doesn't have to deal with fragments. */ static inline __u32 segment_seq_plus_len(__u32 seq, @@ -429,25 +429,25 @@ static inline __u32 segment_seq_plus_len(__u32 seq, return (seq + len - (iph->ihl + tcph->doff)*4 + (tcph->syn ? 1 : 0) + (tcph->fin ? 1 : 0)); } - + /* Fixme: what about big packets? */ #define MAXACKWINCONST 66000 #define MAXACKWINDOW(sender) \ ((sender)->td_maxwin > MAXACKWINCONST ? (sender)->td_maxwin \ : MAXACKWINCONST) - + /* * Simplified tcp_parse_options routine from tcp_input.c */ static void tcp_options(const struct sk_buff *skb, struct iphdr *iph, - struct tcphdr *tcph, + struct tcphdr *tcph, struct ip_ct_tcp_state *state) { unsigned char buff[(15 * 4) - sizeof(struct tcphdr)]; unsigned char *ptr; int length = (tcph->doff*4) - sizeof(struct tcphdr); - + if (!length) return; @@ -456,13 +456,13 @@ static void tcp_options(const struct sk_buff *skb, length, buff); BUG_ON(ptr == NULL); - state->td_scale = + state->td_scale = state->flags = 0; - + while (length > 0) { int opcode=*ptr++; int opsize; - + switch (opcode) { case TCPOPT_EOL: return; @@ -476,13 +476,13 @@ static void tcp_options(const struct sk_buff *skb, if (opsize > length) break; /* don't parse partial options */ - if (opcode == TCPOPT_SACK_PERM + if (opcode == TCPOPT_SACK_PERM && opsize == TCPOLEN_SACK_PERM) state->flags |= IP_CT_TCP_FLAG_SACK_PERM; else if (opcode == TCPOPT_WINDOW && opsize == TCPOLEN_WINDOW) { state->td_scale = *(u_int8_t *)ptr; - + if (state->td_scale > 14) { /* See RFC1323 */ state->td_scale = 14; @@ -517,16 +517,16 @@ static void tcp_sack(const struct sk_buff *skb, /* Fast path for timestamp-only option */ if (length == TCPOLEN_TSTAMP_ALIGNED*4 && *(__be32 *)ptr == - __constant_htonl((TCPOPT_NOP << 24) - | (TCPOPT_NOP << 16) - | (TCPOPT_TIMESTAMP << 8) - | TCPOLEN_TIMESTAMP)) + __constant_htonl((TCPOPT_NOP << 24) + | (TCPOPT_NOP << 16) + | (TCPOPT_TIMESTAMP << 8) + | TCPOLEN_TIMESTAMP)) return; - + while (length > 0) { int opcode=*ptr++; int opsize, i; - + switch (opcode) { case TCPOPT_EOL: return; @@ -540,16 +540,16 @@ static void tcp_sack(const struct sk_buff *skb, if (opsize > length) break; /* don't parse partial options */ - if (opcode == TCPOPT_SACK - && opsize >= (TCPOLEN_SACK_BASE - + TCPOLEN_SACK_PERBLOCK) - && !((opsize - TCPOLEN_SACK_BASE) - % TCPOLEN_SACK_PERBLOCK)) { - for (i = 0; - i < (opsize - TCPOLEN_SACK_BASE); - i += TCPOLEN_SACK_PERBLOCK) { + if (opcode == TCPOPT_SACK + && opsize >= (TCPOLEN_SACK_BASE + + TCPOLEN_SACK_PERBLOCK) + && !((opsize - TCPOLEN_SACK_BASE) + % TCPOLEN_SACK_PERBLOCK)) { + for (i = 0; + i < (opsize - TCPOLEN_SACK_BASE); + i += TCPOLEN_SACK_PERBLOCK) { tmp = ntohl(*((__be32 *)(ptr+i)+1)); - + if (after(tmp, *sack)) *sack = tmp; } @@ -561,18 +561,18 @@ static void tcp_sack(const struct sk_buff *skb, } } -static int tcp_in_window(struct ip_ct_tcp *state, - enum ip_conntrack_dir dir, - unsigned int index, - const struct sk_buff *skb, - struct iphdr *iph, - struct tcphdr *tcph) +static int tcp_in_window(struct ip_ct_tcp *state, + enum ip_conntrack_dir dir, + unsigned int index, + const struct sk_buff *skb, + struct iphdr *iph, + struct tcphdr *tcph) { struct ip_ct_tcp_state *sender = &state->seen[dir]; struct ip_ct_tcp_state *receiver = &state->seen[!dir]; __u32 seq, ack, sack, end, win, swin; int res; - + /* * Get the required data from the packet. */ @@ -580,23 +580,23 @@ static int tcp_in_window(struct ip_ct_tcp *state, ack = sack = ntohl(tcph->ack_seq); win = ntohs(tcph->window); end = segment_seq_plus_len(seq, skb->len, iph, tcph); - + if (receiver->flags & IP_CT_TCP_FLAG_SACK_PERM) tcp_sack(skb, iph, tcph, &sack); - + DEBUGP("tcp_in_window: START\n"); DEBUGP("tcp_in_window: src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu " "seq=%u ack=%u sack=%u win=%u end=%u\n", - NIPQUAD(iph->saddr), ntohs(tcph->source), + NIPQUAD(iph->saddr), ntohs(tcph->source), NIPQUAD(iph->daddr), ntohs(tcph->dest), seq, ack, sack, win, end); DEBUGP("tcp_in_window: sender end=%u maxend=%u maxwin=%u scale=%i " "receiver end=%u maxend=%u maxwin=%u scale=%i\n", sender->td_end, sender->td_maxend, sender->td_maxwin, - sender->td_scale, - receiver->td_end, receiver->td_maxend, receiver->td_maxwin, + sender->td_scale, + receiver->td_end, receiver->td_maxend, receiver->td_maxwin, receiver->td_scale); - + if (sender->td_end == 0) { /* * Initialize sender data. @@ -605,26 +605,26 @@ static int tcp_in_window(struct ip_ct_tcp *state, /* * Outgoing SYN-ACK in reply to a SYN. */ - sender->td_end = + sender->td_end = sender->td_maxend = end; sender->td_maxwin = (win == 0 ? 1 : win); tcp_options(skb, iph, tcph, sender); - /* + /* * RFC 1323: * Both sides must send the Window Scale option * to enable window scaling in either direction. */ if (!(sender->flags & IP_CT_TCP_FLAG_WINDOW_SCALE && receiver->flags & IP_CT_TCP_FLAG_WINDOW_SCALE)) - sender->td_scale = + sender->td_scale = receiver->td_scale = 0; } else { /* * We are in the middle of a connection, * its history is lost for us. * Let's try to use the data from the packet. - */ + */ sender->td_end = end; sender->td_maxwin = (win == 0 ? 1 : win); sender->td_maxend = end + sender->td_maxwin; @@ -632,11 +632,11 @@ static int tcp_in_window(struct ip_ct_tcp *state, } else if (((state->state == TCP_CONNTRACK_SYN_SENT && dir == IP_CT_DIR_ORIGINAL) || (state->state == TCP_CONNTRACK_SYN_RECV - && dir == IP_CT_DIR_REPLY)) + && dir == IP_CT_DIR_REPLY)) && after(end, sender->td_end)) { /* * RFC 793: "if a TCP is reinitialized ... then it need - * not wait at all; it must only be sure to use sequence + * not wait at all; it must only be sure to use sequence * numbers larger than those recently used." */ sender->td_end = @@ -645,14 +645,14 @@ static int tcp_in_window(struct ip_ct_tcp *state, tcp_options(skb, iph, tcph, sender); } - + if (!(tcph->ack)) { /* * If there is no ACK, just pretend it was set and OK. */ ack = sack = receiver->td_end; - } else if (((tcp_flag_word(tcph) & (TCP_FLAG_ACK|TCP_FLAG_RST)) == - (TCP_FLAG_ACK|TCP_FLAG_RST)) + } else if (((tcp_flag_word(tcph) & (TCP_FLAG_ACK|TCP_FLAG_RST)) == + (TCP_FLAG_ACK|TCP_FLAG_RST)) && (ack == 0)) { /* * Broken TCP stacks, that set ACK in RST packets as well @@ -662,8 +662,8 @@ static int tcp_in_window(struct ip_ct_tcp *state, } if (seq == end - && (!tcph->rst - || (seq == 0 && state->state == TCP_CONNTRACK_SYN_SENT))) + && (!tcph->rst + || (seq == 0 && state->state == TCP_CONNTRACK_SYN_SENT))) /* * Packets contains no data: we assume it is valid * and check the ack value only. @@ -672,7 +672,7 @@ static int tcp_in_window(struct ip_ct_tcp *state, * SYN. */ seq = end = sender->td_end; - + DEBUGP("tcp_in_window: src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu " "seq=%u ack=%u sack =%u win=%u end=%u\n", NIPQUAD(iph->saddr), ntohs(tcph->source), @@ -681,26 +681,26 @@ static int tcp_in_window(struct ip_ct_tcp *state, DEBUGP("tcp_in_window: sender end=%u maxend=%u maxwin=%u scale=%i " "receiver end=%u maxend=%u maxwin=%u scale=%i\n", sender->td_end, sender->td_maxend, sender->td_maxwin, - sender->td_scale, + sender->td_scale, receiver->td_end, receiver->td_maxend, receiver->td_maxwin, receiver->td_scale); - + DEBUGP("tcp_in_window: I=%i II=%i III=%i IV=%i\n", before(seq, sender->td_maxend + 1), - after(end, sender->td_end - receiver->td_maxwin - 1), - before(sack, receiver->td_end + 1), - after(ack, receiver->td_end - MAXACKWINDOW(sender))); - + after(end, sender->td_end - receiver->td_maxwin - 1), + before(sack, receiver->td_end + 1), + after(ack, receiver->td_end - MAXACKWINDOW(sender))); + if (before(seq, sender->td_maxend + 1) && after(end, sender->td_end - receiver->td_maxwin - 1) && before(sack, receiver->td_end + 1) && after(ack, receiver->td_end - MAXACKWINDOW(sender))) { - /* + /* * Take into account window scaling (RFC 1323). */ if (!tcph->syn) win <<= sender->td_scale; - + /* * Update sender data. */ @@ -720,7 +720,7 @@ static int tcp_in_window(struct ip_ct_tcp *state, receiver->td_maxend++; } - /* + /* * Check retransmissions. */ if (index == TCP_ACK_SET) { @@ -756,11 +756,11 @@ static int tcp_in_window(struct ip_ct_tcp *state, : "ACK is over the upper bound (ACKed data not seen yet)" : "SEQ is under the lower bound (already ACKed data retransmitted)" : "SEQ is over the upper bound (over the window of the receiver)"); - } - + } + DEBUGP("tcp_in_window: res=%i sender end=%u maxend=%u maxwin=%u " "receiver end=%u maxend=%u maxwin=%u\n", - res, sender->td_end, sender->td_maxend, sender->td_maxwin, + res, sender->td_end, sender->td_maxend, sender->td_maxwin, receiver->td_end, receiver->td_maxend, receiver->td_maxwin); return res; @@ -769,7 +769,7 @@ static int tcp_in_window(struct ip_ct_tcp *state, #ifdef CONFIG_IP_NF_NAT_NEEDED /* Update sender->td_end after NAT successfully mangled the packet */ void ip_conntrack_tcp_update(struct sk_buff *skb, - struct ip_conntrack *conntrack, + struct ip_conntrack *conntrack, enum ip_conntrack_dir dir) { struct iphdr *iph = skb->nh.iph; @@ -781,7 +781,7 @@ void ip_conntrack_tcp_update(struct sk_buff *skb, #endif end = segment_seq_plus_len(ntohl(tcph->seq), skb->len, iph, tcph); - + write_lock_bh(&tcp_lock); /* * We have to worry for the ack in the reply packet only... @@ -793,11 +793,11 @@ void ip_conntrack_tcp_update(struct sk_buff *skb, DEBUGP("tcp_update: sender end=%u maxend=%u maxwin=%u scale=%i " "receiver end=%u maxend=%u maxwin=%u scale=%i\n", sender->td_end, sender->td_maxend, sender->td_maxwin, - sender->td_scale, + sender->td_scale, receiver->td_end, receiver->td_maxend, receiver->td_maxwin, receiver->td_scale); } - + #endif #define TH_FIN 0x01 @@ -847,8 +847,8 @@ static int tcp_error(struct sk_buff *skb, nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, "ip_ct_tcp: short packet "); return -NF_ACCEPT; - } - + } + /* Not whole TCP header or malformed packet */ if (th->doff*4 < sizeof(struct tcphdr) || tcplen < th->doff*4) { if (LOG_INVALID(IPPROTO_TCP)) @@ -856,7 +856,7 @@ static int tcp_error(struct sk_buff *skb, "ip_ct_tcp: truncated/malformed packet "); return -NF_ACCEPT; } - + /* Checksum invalid? Ignore. * We skip checking packets on the outgoing path * because it is assumed to be correct. @@ -893,11 +893,11 @@ static int tcp_packet(struct ip_conntrack *conntrack, struct tcphdr *th, _tcph; unsigned long timeout; unsigned int index; - + th = skb_header_pointer(skb, iph->ihl * 4, sizeof(_tcph), &_tcph); BUG_ON(th == NULL); - + write_lock_bh(&tcp_lock); old_state = conntrack->proto.tcp.state; dir = CTINFO2DIR(ctinfo); @@ -907,7 +907,7 @@ static int tcp_packet(struct ip_conntrack *conntrack, switch (new_state) { case TCP_CONNTRACK_IGNORE: /* Ignored packets: - * + * * a) SYN in ORIGINAL * b) SYN/ACK in REPLY * c) ACK in reply direction after initial SYN in original. @@ -916,30 +916,30 @@ static int tcp_packet(struct ip_conntrack *conntrack, && conntrack->proto.tcp.last_index == TCP_SYN_SET && conntrack->proto.tcp.last_dir != dir && ntohl(th->ack_seq) == - conntrack->proto.tcp.last_end) { - /* This SYN/ACK acknowledges a SYN that we earlier + conntrack->proto.tcp.last_end) { + /* This SYN/ACK acknowledges a SYN that we earlier * ignored as invalid. This means that the client and * the server are both in sync, while the firewall is * not. We kill this session and block the SYN/ACK so - * that the client cannot but retransmit its SYN and + * that the client cannot but retransmit its SYN and * thus initiate a clean new session. */ - write_unlock_bh(&tcp_lock); + write_unlock_bh(&tcp_lock); if (LOG_INVALID(IPPROTO_TCP)) nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, "ip_ct_tcp: " "killing out of sync session "); - if (del_timer(&conntrack->timeout)) - conntrack->timeout.function((unsigned long) - conntrack); - return -NF_DROP; + if (del_timer(&conntrack->timeout)) + conntrack->timeout.function((unsigned long) + conntrack); + return -NF_DROP; } conntrack->proto.tcp.last_index = index; conntrack->proto.tcp.last_dir = dir; conntrack->proto.tcp.last_seq = ntohl(th->seq); - conntrack->proto.tcp.last_end = + conntrack->proto.tcp.last_end = segment_seq_plus_len(ntohl(th->seq), skb->len, iph, th); - + write_unlock_bh(&tcp_lock); if (LOG_INVALID(IPPROTO_TCP)) nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, @@ -959,16 +959,16 @@ static int tcp_packet(struct ip_conntrack *conntrack, if (old_state < TCP_CONNTRACK_TIME_WAIT) break; if ((conntrack->proto.tcp.seen[dir].flags & - IP_CT_TCP_FLAG_CLOSE_INIT) + IP_CT_TCP_FLAG_CLOSE_INIT) || after(ntohl(th->seq), - conntrack->proto.tcp.seen[dir].td_end)) { - /* Attempt to reopen a closed connection. - * Delete this connection and look up again. */ - write_unlock_bh(&tcp_lock); - if (del_timer(&conntrack->timeout)) - conntrack->timeout.function((unsigned long) - conntrack); - return -NF_REPEAT; + conntrack->proto.tcp.seen[dir].td_end)) { + /* Attempt to reopen a closed connection. + * Delete this connection and look up again. */ + write_unlock_bh(&tcp_lock); + if (del_timer(&conntrack->timeout)) + conntrack->timeout.function((unsigned long) + conntrack); + return -NF_REPEAT; } else { write_unlock_bh(&tcp_lock); if (LOG_INVALID(IPPROTO_TCP)) @@ -979,9 +979,9 @@ static int tcp_packet(struct ip_conntrack *conntrack, case TCP_CONNTRACK_CLOSE: if (index == TCP_RST_SET && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status) - && conntrack->proto.tcp.last_index == TCP_SYN_SET) - || (!test_bit(IPS_ASSURED_BIT, &conntrack->status) - && conntrack->proto.tcp.last_index == TCP_ACK_SET)) + && conntrack->proto.tcp.last_index == TCP_SYN_SET) + || (!test_bit(IPS_ASSURED_BIT, &conntrack->status) + && conntrack->proto.tcp.last_index == TCP_ACK_SET)) && ntohl(th->ack_seq) == conntrack->proto.tcp.last_end) { /* RST sent to invalid SYN or ACK we had let through * at a) and c) above: @@ -1000,13 +1000,13 @@ static int tcp_packet(struct ip_conntrack *conntrack, break; } - if (!tcp_in_window(&conntrack->proto.tcp, dir, index, + if (!tcp_in_window(&conntrack->proto.tcp, dir, index, skb, iph, th)) { write_unlock_bh(&tcp_lock); return -NF_ACCEPT; } in_window: - /* From now on we have got in-window packets */ + /* From now on we have got in-window packets */ conntrack->proto.tcp.last_index = index; DEBUGP("tcp_conntracks: src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu " @@ -1018,9 +1018,9 @@ static int tcp_packet(struct ip_conntrack *conntrack, old_state, new_state); conntrack->proto.tcp.state = new_state; - if (old_state != new_state + if (old_state != new_state && (new_state == TCP_CONNTRACK_FIN_WAIT - || new_state == TCP_CONNTRACK_CLOSE)) + || new_state == TCP_CONNTRACK_CLOSE)) conntrack->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT; timeout = conntrack->proto.tcp.retrans >= ip_ct_tcp_max_retrans && *tcp_timeouts[new_state] > ip_ct_tcp_timeout_max_retrans @@ -1046,8 +1046,8 @@ static int tcp_packet(struct ip_conntrack *conntrack, && (old_state == TCP_CONNTRACK_SYN_RECV || old_state == TCP_CONNTRACK_ESTABLISHED) && new_state == TCP_CONNTRACK_ESTABLISHED) { - /* Set ASSURED if we see see valid ack in ESTABLISHED - after SYN_RECV or a valid answer for a picked up + /* Set ASSURED if we see see valid ack in ESTABLISHED + after SYN_RECV or a valid answer for a picked up connection. */ set_bit(IPS_ASSURED_BIT, &conntrack->status); ip_conntrack_event_cache(IPCT_STATUS, skb); @@ -1056,7 +1056,7 @@ static int tcp_packet(struct ip_conntrack *conntrack, return NF_ACCEPT; } - + /* Called when a new connection for this protocol found. */ static int tcp_new(struct ip_conntrack *conntrack, const struct sk_buff *skb) @@ -1072,7 +1072,7 @@ static int tcp_new(struct ip_conntrack *conntrack, th = skb_header_pointer(skb, iph->ihl * 4, sizeof(_tcph), &_tcph); BUG_ON(th == NULL); - + /* Don't need lock here: this conntrack not in circulation yet */ new_state = tcp_conntracks[0][get_conntrack_index(th)] @@ -1113,7 +1113,7 @@ static int tcp_new(struct ip_conntrack *conntrack, if (conntrack->proto.tcp.seen[0].td_maxwin == 0) conntrack->proto.tcp.seen[0].td_maxwin = 1; conntrack->proto.tcp.seen[0].td_maxend = - conntrack->proto.tcp.seen[0].td_end + + conntrack->proto.tcp.seen[0].td_end + conntrack->proto.tcp.seen[0].td_maxwin; conntrack->proto.tcp.seen[0].td_scale = 0; @@ -1123,25 +1123,25 @@ static int tcp_new(struct ip_conntrack *conntrack, conntrack->proto.tcp.seen[1].flags = IP_CT_TCP_FLAG_SACK_PERM | IP_CT_TCP_FLAG_BE_LIBERAL; } - + conntrack->proto.tcp.seen[1].td_end = 0; conntrack->proto.tcp.seen[1].td_maxend = 0; conntrack->proto.tcp.seen[1].td_maxwin = 1; - conntrack->proto.tcp.seen[1].td_scale = 0; + conntrack->proto.tcp.seen[1].td_scale = 0; /* tcp_packet will set them */ conntrack->proto.tcp.state = TCP_CONNTRACK_NONE; conntrack->proto.tcp.last_index = TCP_NONE_SET; - + DEBUGP("tcp_new: sender end=%u maxend=%u maxwin=%u scale=%i " "receiver end=%u maxend=%u maxwin=%u scale=%i\n", sender->td_end, sender->td_maxend, sender->td_maxwin, - sender->td_scale, + sender->td_scale, receiver->td_end, receiver->td_maxend, receiver->td_maxwin, receiver->td_scale); return 1; } - + struct ip_conntrack_protocol ip_conntrack_protocol_tcp = { .proto = IPPROTO_TCP, diff --git a/net/ipv4/netfilter/ip_conntrack_proto_udp.c b/net/ipv4/netfilter/ip_conntrack_proto_udp.c index d0e8a16970ec..a99a7c75e5b5 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_udp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_udp.c @@ -70,7 +70,7 @@ static int udp_packet(struct ip_conntrack *conntrack, /* If we've seen traffic both ways, this is some kind of UDP stream. Extend timeout. */ if (test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)) { - ip_ct_refresh_acct(conntrack, ctinfo, skb, + ip_ct_refresh_acct(conntrack, ctinfo, skb, ip_ct_udp_timeout_stream); /* Also, more likely to be important, and not a probe */ if (!test_and_set_bit(IPS_ASSURED_BIT, &conntrack->status)) @@ -102,7 +102,7 @@ static int udp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo, "ip_ct_udp: short packet "); return -NF_ACCEPT; } - + /* Truncated/malformed packets */ if (ntohs(hdr->len) > udplen || ntohs(hdr->len) < sizeof(*hdr)) { if (LOG_INVALID(IPPROTO_UDP)) @@ -110,7 +110,7 @@ static int udp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo, "ip_ct_udp: truncated/malformed packet "); return -NF_ACCEPT; } - + /* Packet with no checksum */ if (!hdr->check) return NF_ACCEPT; @@ -126,7 +126,7 @@ static int udp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo, "ip_ct_udp: bad UDP checksum "); return -NF_ACCEPT; } - + return NF_ACCEPT; } diff --git a/net/ipv4/netfilter/ip_conntrack_sip.c b/net/ipv4/netfilter/ip_conntrack_sip.c index 11c588a10e6b..c59a962c1f61 100644 --- a/net/ipv4/netfilter/ip_conntrack_sip.c +++ b/net/ipv4/netfilter/ip_conntrack_sip.c @@ -321,7 +321,7 @@ int ct_sip_get_info(const char *dptr, size_t dlen, continue; } aux = ct_sip_search(hnfo->ln_str, dptr, hnfo->ln_strlen, - ct_sip_lnlen(dptr, limit), + ct_sip_lnlen(dptr, limit), hnfo->case_sensitive); if (!aux) { DEBUGP("'%s' not found in '%s'.\n", hnfo->ln_str, @@ -406,7 +406,7 @@ static int sip_help(struct sk_buff **pskb, if (dataoff >= (*pskb)->len) { DEBUGP("skb->len = %u\n", (*pskb)->len); return NF_ACCEPT; - } + } ip_ct_refresh(ct, *pskb, sip_timeout * HZ); @@ -439,16 +439,16 @@ static int sip_help(struct sk_buff **pskb, } /* Get ip and port address from SDP packet. */ if (ct_sip_get_info(dptr, datalen, &matchoff, &matchlen, - POS_CONNECTION) > 0) { + POS_CONNECTION) > 0) { /* We'll drop only if there are parse problems. */ if (parse_ipaddr(dptr + matchoff, NULL, &ipaddr, - dptr + datalen) < 0) { + dptr + datalen) < 0) { ret = NF_DROP; goto out; } if (ct_sip_get_info(dptr, datalen, &matchoff, &matchlen, - POS_MEDIA) > 0) { + POS_MEDIA) > 0) { port = simple_strtoul(dptr + matchoff, NULL, 10); if (port < 1024) { diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c index 86efb5449676..5903588fddce 100644 --- a/net/ipv4/netfilter/ip_conntrack_standalone.c +++ b/net/ipv4/netfilter/ip_conntrack_standalone.c @@ -46,7 +46,7 @@ DECLARE_PER_CPU(struct ip_conntrack_stat, ip_conntrack_stat); static int kill_proto(struct ip_conntrack *i, void *data) { - return (i->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum == + return (i->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum == *((u_int8_t *) data)); } @@ -124,12 +124,12 @@ static void *ct_seq_next(struct seq_file *s, void *v, loff_t *pos) (*pos)++; return ct_get_next(s, v); } - + static void ct_seq_stop(struct seq_file *s, void *v) { read_unlock_bh(&ip_conntrack_lock); } - + static int ct_seq_show(struct seq_file *s, void *v) { const struct ip_conntrack_tuple_hash *hash = v; @@ -155,12 +155,12 @@ static int ct_seq_show(struct seq_file *s, void *v) if (proto->print_conntrack(s, conntrack)) return -ENOSPC; - + if (print_tuple(s, &conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple, proto)) return -ENOSPC; - if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_ORIGINAL])) + if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_ORIGINAL])) return -ENOSPC; if (!(test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status))) @@ -171,7 +171,7 @@ static int ct_seq_show(struct seq_file *s, void *v) proto)) return -ENOSPC; - if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_REPLY])) + if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_REPLY])) return -ENOSPC; if (test_bit(IPS_ASSURED_BIT, &conntrack->status)) @@ -200,7 +200,7 @@ static struct seq_operations ct_seq_ops = { .stop = ct_seq_stop, .show = ct_seq_show }; - + static int ct_open(struct inode *inode, struct file *file) { struct seq_file *seq; @@ -229,7 +229,7 @@ static struct file_operations ct_file_ops = { .llseek = seq_lseek, .release = seq_release_private, }; - + /* expects */ static void *exp_seq_start(struct seq_file *s, loff_t *pos) { @@ -253,7 +253,7 @@ static void *exp_seq_start(struct seq_file *s, loff_t *pos) static void *exp_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct list_head *e = v; + struct list_head *e = v; ++*pos; e = e->next; @@ -297,7 +297,7 @@ static int exp_open(struct inode *inode, struct file *file) { return seq_open(file, &exp_seq_ops); } - + static struct file_operations exp_file_ops = { .owner = THIS_MODULE, .open = exp_open, @@ -426,14 +426,14 @@ static unsigned int ip_conntrack_help(unsigned int hooknum, } static unsigned int ip_conntrack_defrag(unsigned int hooknum, - struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)) + struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + int (*okfn)(struct sk_buff *)) { #if !defined(CONFIG_IP_NF_NAT) && !defined(CONFIG_IP_NF_NAT_MODULE) /* Previously seen (loopback)? Ignore. Do this before - fragment check. */ + fragment check. */ if ((*pskb)->nfct) return NF_ACCEPT; #endif @@ -441,7 +441,7 @@ static unsigned int ip_conntrack_defrag(unsigned int hooknum, /* Gather fragments. */ if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { *pskb = ip_ct_gather_frags(*pskb, - hooknum == NF_IP_PRE_ROUTING ? + hooknum == NF_IP_PRE_ROUTING ? IP_DEFRAG_CONNTRACK_IN : IP_DEFRAG_CONNTRACK_OUT); if (!*pskb) @@ -776,7 +776,7 @@ static ctl_table ip_ct_net_table[] = { { .ctl_name = CTL_NET, .procname = "net", - .mode = 0555, + .mode = 0555, .child = ip_ct_ipv4_table, }, { .ctl_name = 0 } diff --git a/net/ipv4/netfilter/ip_conntrack_tftp.c b/net/ipv4/netfilter/ip_conntrack_tftp.c index ef56de2eff0c..76e175e7a972 100644 --- a/net/ipv4/netfilter/ip_conntrack_tftp.c +++ b/net/ipv4/netfilter/ip_conntrack_tftp.c @@ -33,7 +33,7 @@ MODULE_PARM_DESC(ports, "port numbers of tftp servers"); #if 0 #define DEBUGP(format, args...) printk("%s:%s:" format, \ - __FILE__, __FUNCTION__ , ## args) + __FILE__, __FUNCTION__ , ## args) #else #define DEBUGP(format, args...) #endif @@ -113,7 +113,7 @@ static void ip_conntrack_tftp_fini(void) DEBUGP("unregistering helper for port %d\n", ports[i]); ip_conntrack_helper_unregister(&tftp[i]); - } + } } static int __init ip_conntrack_tftp_init(void) diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c index 5e08c2bf887d..275a4d3faf0a 100644 --- a/net/ipv4/netfilter/ip_nat_core.c +++ b/net/ipv4/netfilter/ip_nat_core.c @@ -120,7 +120,7 @@ static int in_range(const struct ip_conntrack_tuple *tuple, const struct ip_nat_range *range) { - struct ip_nat_protocol *proto = + struct ip_nat_protocol *proto = __ip_nat_proto_find(tuple->dst.protonum); /* If we are supposed to map IPs, then we must be in the @@ -443,8 +443,8 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct, (*pskb)->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY); /* Redirects on non-null nats must be dropped, else they'll - start talking to each other without our translation, and be - confused... --RR */ + start talking to each other without our translation, and be + confused... --RR */ if (inside->icmp.type == ICMP_REDIRECT) { /* If NAT isn't finished, assume it and drop. */ if ((ct->status & IPS_NAT_DONE_MASK) != IPS_NAT_DONE_MASK) @@ -458,8 +458,8 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct, *pskb, manip, dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY"); if (!ip_ct_get_tuple(&inside->ip, *pskb, (*pskb)->nh.iph->ihl*4 + - sizeof(struct icmphdr) + inside->ip.ihl*4, - &inner, + sizeof(struct icmphdr) + inside->ip.ihl*4, + &inner, __ip_conntrack_proto_find(inside->ip.protocol))) return 0; @@ -537,7 +537,7 @@ EXPORT_SYMBOL(ip_nat_protocol_unregister); #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE) int -ip_nat_port_range_to_nfattr(struct sk_buff *skb, +ip_nat_port_range_to_nfattr(struct sk_buff *skb, const struct ip_nat_range *range) { NFA_PUT(skb, CTA_PROTONAT_PORT_MIN, sizeof(__be16), @@ -555,21 +555,21 @@ int ip_nat_port_nfattr_to_range(struct nfattr *tb[], struct ip_nat_range *range) { int ret = 0; - + /* we have to return whether we actually parsed something or not */ if (tb[CTA_PROTONAT_PORT_MIN-1]) { ret = 1; - range->min.tcp.port = + range->min.tcp.port = *(__be16 *)NFA_DATA(tb[CTA_PROTONAT_PORT_MIN-1]); } - + if (!tb[CTA_PROTONAT_PORT_MAX-1]) { - if (ret) + if (ret) range->max.tcp.port = range->min.tcp.port; } else { ret = 1; - range->max.tcp.port = + range->max.tcp.port = *(__be16 *)NFA_DATA(tb[CTA_PROTONAT_PORT_MAX-1]); } diff --git a/net/ipv4/netfilter/ip_nat_ftp.c b/net/ipv4/netfilter/ip_nat_ftp.c index 913960e1380f..32e01d8dffcb 100644 --- a/net/ipv4/netfilter/ip_nat_ftp.c +++ b/net/ipv4/netfilter/ip_nat_ftp.c @@ -50,7 +50,7 @@ mangle_rfc959_packet(struct sk_buff **pskb, DEBUGP("calling ip_nat_mangle_tcp_packet\n"); *seq += strlen(buffer) - matchlen; - return ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, + return ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, matchlen, buffer, strlen(buffer)); } @@ -72,7 +72,7 @@ mangle_eprt_packet(struct sk_buff **pskb, DEBUGP("calling ip_nat_mangle_tcp_packet\n"); *seq += strlen(buffer) - matchlen; - return ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, + return ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, matchlen, buffer, strlen(buffer)); } @@ -94,7 +94,7 @@ mangle_epsv_packet(struct sk_buff **pskb, DEBUGP("calling ip_nat_mangle_tcp_packet\n"); *seq += strlen(buffer) - matchlen; - return ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, + return ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, matchlen, buffer, strlen(buffer)); } diff --git a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c index 2e5c4bc52a60..dc778cfef58b 100644 --- a/net/ipv4/netfilter/ip_nat_helper.c +++ b/net/ipv4/netfilter/ip_nat_helper.c @@ -1,4 +1,4 @@ -/* ip_nat_helper.c - generic support functions for NAT helpers +/* ip_nat_helper.c - generic support functions for NAT helpers * * (C) 2000-2002 Harald Welte <laforge@netfilter.org> * (C) 2003-2004 Netfilter Core Team <coreteam@netfilter.org> @@ -8,7 +8,7 @@ * published by the Free Software Foundation. * * 14 Jan 2002 Harald Welte <laforge@gnumonks.org>: - * - add support for SACK adjustment + * - add support for SACK adjustment * 14 Mar 2002 Harald Welte <laforge@gnumonks.org>: * - merge SACK support into newnat API * 16 Aug 2002 Brian J. Murrell <netfilter@interlinx.bc.ca>: @@ -45,10 +45,10 @@ static DEFINE_SPINLOCK(ip_nat_seqofs_lock); /* Setup TCP sequence correction given this change at this sequence */ -static inline void +static inline void adjust_tcp_sequence(u32 seq, int sizediff, - struct ip_conntrack *ct, + struct ip_conntrack *ct, enum ip_conntrack_info ctinfo) { int dir; @@ -150,7 +150,7 @@ static int enlarge_skb(struct sk_buff **pskb, unsigned int extra) * skb enlargement, ... * * */ -int +int ip_nat_mangle_tcp_packet(struct sk_buff **pskb, struct ip_conntrack *ct, enum ip_conntrack_info ctinfo, @@ -186,7 +186,7 @@ ip_nat_mangle_tcp_packet(struct sk_buff **pskb, tcph->check = tcp_v4_check(datalen, iph->saddr, iph->daddr, csum_partial((char *)tcph, - datalen, 0)); + datalen, 0)); } else nf_proto_csum_replace2(&tcph->check, *pskb, htons(oldlen), htons(datalen), 1); @@ -202,7 +202,7 @@ ip_nat_mangle_tcp_packet(struct sk_buff **pskb, return 1; } EXPORT_SYMBOL(ip_nat_mangle_tcp_packet); - + /* Generic function for mangling variable-length address changes inside * NATed UDP connections (like the CONNECT DATA XXXXX MESG XXXXX INDEX XXXXX * command in the Amanda protocol) @@ -213,7 +213,7 @@ EXPORT_SYMBOL(ip_nat_mangle_tcp_packet); * XXX - This function could be merged with ip_nat_mangle_tcp_packet which * should be fairly easy to do. */ -int +int ip_nat_mangle_udp_packet(struct sk_buff **pskb, struct ip_conntrack *ct, enum ip_conntrack_info ctinfo, @@ -228,8 +228,8 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb, /* UDP helpers might accidentally mangle the wrong packet */ iph = (*pskb)->nh.iph; - if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) + - match_offset + match_len) + if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) + + match_offset + match_len) return 0; if (!skb_make_writable(pskb, (*pskb)->len)) @@ -258,9 +258,9 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb, if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { udph->check = 0; udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr, - datalen, IPPROTO_UDP, - csum_partial((char *)udph, - datalen, 0)); + datalen, IPPROTO_UDP, + csum_partial((char *)udph, + datalen, 0)); if (!udph->check) udph->check = CSUM_MANGLED_0; } else @@ -273,7 +273,7 @@ EXPORT_SYMBOL(ip_nat_mangle_udp_packet); /* Adjust one found SACK option including checksum correction */ static void sack_adjust(struct sk_buff *skb, - struct tcphdr *tcph, + struct tcphdr *tcph, unsigned int sackoff, unsigned int sackend, struct ip_nat_seq *natseq) @@ -360,14 +360,14 @@ ip_nat_sack_adjust(struct sk_buff **pskb, /* TCP sequence number adjustment. Returns 1 on success, 0 on failure */ int -ip_nat_seq_adjust(struct sk_buff **pskb, - struct ip_conntrack *ct, +ip_nat_seq_adjust(struct sk_buff **pskb, + struct ip_conntrack *ct, enum ip_conntrack_info ctinfo) { struct tcphdr *tcph; int dir; __be32 newseq, newack; - struct ip_nat_seq *this_way, *other_way; + struct ip_nat_seq *this_way, *other_way; dir = CTINFO2DIR(ctinfo); diff --git a/net/ipv4/netfilter/ip_nat_helper_pptp.c b/net/ipv4/netfilter/ip_nat_helper_pptp.c index ec957bbb5366..24ce4a5023d7 100644 --- a/net/ipv4/netfilter/ip_nat_helper_pptp.c +++ b/net/ipv4/netfilter/ip_nat_helper_pptp.c @@ -202,10 +202,10 @@ pptp_outbound_pkt(struct sk_buff **pskb, /* mangle packet */ if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, - cid_off + sizeof(struct pptp_pkt_hdr) + - sizeof(struct PptpControlHeader), - sizeof(new_callid), (char *)&new_callid, - sizeof(new_callid)) == 0) + cid_off + sizeof(struct pptp_pkt_hdr) + + sizeof(struct PptpControlHeader), + sizeof(new_callid), (char *)&new_callid, + sizeof(new_callid)) == 0) return NF_DROP; return NF_ACCEPT; @@ -293,7 +293,7 @@ pptp_inbound_pkt(struct sk_buff **pskb, ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid)); if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, - pcid_off + sizeof(struct pptp_pkt_hdr) + + pcid_off + sizeof(struct pptp_pkt_hdr) + sizeof(struct PptpControlHeader), sizeof(new_pcid), (char *)&new_pcid, sizeof(new_pcid)) == 0) diff --git a/net/ipv4/netfilter/ip_nat_irc.c b/net/ipv4/netfilter/ip_nat_irc.c index feb26b48f1d5..cfaeea38314f 100644 --- a/net/ipv4/netfilter/ip_nat_irc.c +++ b/net/ipv4/netfilter/ip_nat_irc.c @@ -88,8 +88,8 @@ static unsigned int help(struct sk_buff **pskb, DEBUGP("ip_nat_irc: Inserting '%s' == %u.%u.%u.%u, port %u\n", buffer, NIPQUAD(exp->tuple.src.ip), port); - ret = ip_nat_mangle_tcp_packet(pskb, exp->master, ctinfo, - matchoff, matchlen, buffer, + ret = ip_nat_mangle_tcp_packet(pskb, exp->master, ctinfo, + matchoff, matchlen, buffer, strlen(buffer)); if (ret != NF_ACCEPT) ip_conntrack_unexpect_related(exp); diff --git a/net/ipv4/netfilter/ip_nat_proto_icmp.c b/net/ipv4/netfilter/ip_nat_proto_icmp.c index fb716edd5bc6..22a528ae0380 100644 --- a/net/ipv4/netfilter/ip_nat_proto_icmp.c +++ b/net/ipv4/netfilter/ip_nat_proto_icmp.c @@ -45,7 +45,7 @@ icmp_unique_tuple(struct ip_conntrack_tuple *tuple, for (i = 0; i < range_size; i++, id++) { tuple->src.u.icmp.id = htons(ntohs(range->min.icmp.id) + - (id % range_size)); + (id % range_size)); if (!ip_nat_used_tuple(tuple, conntrack)) return 1; } diff --git a/net/ipv4/netfilter/ip_nat_rule.c b/net/ipv4/netfilter/ip_nat_rule.c index e1c8a05f3dc6..080eb1d92200 100644 --- a/net/ipv4/netfilter/ip_nat_rule.c +++ b/net/ipv4/netfilter/ip_nat_rule.c @@ -112,7 +112,7 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb, /* Connection must be valid and new. */ IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED - || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); + || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); IP_NF_ASSERT(out); return ip_nat_setup_info(ct, &mr->range[0], hooknum); @@ -223,8 +223,8 @@ alloc_null_binding(struct ip_conntrack *conntrack, unsigned int alloc_null_binding_confirmed(struct ip_conntrack *conntrack, - struct ip_nat_info *info, - unsigned int hooknum) + struct ip_nat_info *info, + unsigned int hooknum) { __be32 ip = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC diff --git a/net/ipv4/netfilter/ip_nat_sip.c b/net/ipv4/netfilter/ip_nat_sip.c index 6223abc924ff..325c5a9dc2ef 100644 --- a/net/ipv4/netfilter/ip_nat_sip.c +++ b/net/ipv4/netfilter/ip_nat_sip.c @@ -88,7 +88,7 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo, return 1; if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo, - matchoff, matchlen, addr, addrlen)) + matchoff, matchlen, addr, addrlen)) return 0; *dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); return 1; @@ -149,7 +149,7 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb, return 0; if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo, - matchoff, matchlen, buffer, bufflen)) + matchoff, matchlen, buffer, bufflen)) return 0; /* We need to reload this. Thanks Patrick. */ @@ -170,7 +170,7 @@ static int mangle_content_len(struct sk_buff **pskb, /* Get actual SDP lenght */ if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff, - &matchlen, POS_SDP_HEADER) > 0) { + &matchlen, POS_SDP_HEADER) > 0) { /* since ct_sip_get_info() give us a pointer passing 'v=' we need to add 2 bytes in this count. */ @@ -178,7 +178,7 @@ static int mangle_content_len(struct sk_buff **pskb, /* Now, update SDP lenght */ if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff, - &matchlen, POS_CONTENT) > 0) { + &matchlen, POS_CONTENT) > 0) { bufflen = sprintf(buffer, "%u", c_len); @@ -204,17 +204,17 @@ static unsigned int mangle_sdp(struct sk_buff **pskb, /* Mangle owner and contact info. */ bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, - buffer, bufflen, POS_OWNER)) + buffer, bufflen, POS_OWNER)) return 0; if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, - buffer, bufflen, POS_CONNECTION)) + buffer, bufflen, POS_CONNECTION)) return 0; /* Mangle media port. */ bufflen = sprintf(buffer, "%u", port); if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, - buffer, bufflen, POS_MEDIA)) + buffer, bufflen, POS_MEDIA)) return 0; return mangle_content_len(pskb, ctinfo, ct, dptr); diff --git a/net/ipv4/netfilter/ip_nat_snmp_basic.c b/net/ipv4/netfilter/ip_nat_snmp_basic.c index c3d9f3b090c4..e41d0efae515 100644 --- a/net/ipv4/netfilter/ip_nat_snmp_basic.c +++ b/net/ipv4/netfilter/ip_nat_snmp_basic.c @@ -3,11 +3,11 @@ * * Basic SNMP Application Layer Gateway * - * This IP NAT module is intended for use with SNMP network - * discovery and monitoring applications where target networks use + * This IP NAT module is intended for use with SNMP network + * discovery and monitoring applications where target networks use * conflicting private address realms. * - * Static NAT is used to remap the networks from the view of the network + * Static NAT is used to remap the networks from the view of the network * management system at the IP layer, and this module remaps some application * layer addresses to match. * @@ -20,7 +20,7 @@ * More information on ALG and associated issues can be found in * RFC 2962 * - * The ASB.1/BER parsing code is derived from the gxsnmp package by Gregory + * The ASB.1/BER parsing code is derived from the gxsnmp package by Gregory * McLean & Jochen Friedrich, stripped down for use in the kernel. * * Copyright (c) 2000 RP Internet (www.rpi.net.au). @@ -69,8 +69,8 @@ MODULE_DESCRIPTION("Basic SNMP Application Layer Gateway"); static int debug; static DEFINE_SPINLOCK(snmp_lock); -/* - * Application layer address mapping mimics the NAT mapping, but +/* + * Application layer address mapping mimics the NAT mapping, but * only for the first octet in this case (a more flexible system * can be implemented if needed). */ @@ -80,7 +80,7 @@ struct oct1_map u_int8_t to; }; - + /***************************************************************************** * * Basic ASN.1 decoding routines (gxsnmp author Dirk Wisse) @@ -129,7 +129,7 @@ struct oct1_map #define ASN1_ERR_DEC_LENGTH_MISMATCH 4 #define ASN1_ERR_DEC_BADVALUE 5 -/* +/* * ASN.1 context. */ struct asn1_ctx @@ -148,10 +148,10 @@ struct asn1_octstr unsigned char *data; unsigned int len; }; - + static void asn1_open(struct asn1_ctx *ctx, - unsigned char *buf, - unsigned int len) + unsigned char *buf, + unsigned int len) { ctx->begin = buf; ctx->end = buf + len; @@ -172,9 +172,9 @@ static unsigned char asn1_octet_decode(struct asn1_ctx *ctx, unsigned char *ch) static unsigned char asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag) { unsigned char ch; - + *tag = 0; - + do { if (!asn1_octet_decode(ctx, &ch)) @@ -185,20 +185,20 @@ static unsigned char asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag) return 1; } -static unsigned char asn1_id_decode(struct asn1_ctx *ctx, - unsigned int *cls, - unsigned int *con, - unsigned int *tag) +static unsigned char asn1_id_decode(struct asn1_ctx *ctx, + unsigned int *cls, + unsigned int *con, + unsigned int *tag) { unsigned char ch; - + if (!asn1_octet_decode(ctx, &ch)) return 0; - + *cls = (ch & 0xC0) >> 6; *con = (ch & 0x20) >> 5; *tag = (ch & 0x1F); - + if (*tag == 0x1F) { if (!asn1_tag_decode(ctx, tag)) return 0; @@ -207,25 +207,25 @@ static unsigned char asn1_id_decode(struct asn1_ctx *ctx, } static unsigned char asn1_length_decode(struct asn1_ctx *ctx, - unsigned int *def, - unsigned int *len) + unsigned int *def, + unsigned int *len) { unsigned char ch, cnt; - + if (!asn1_octet_decode(ctx, &ch)) return 0; - + if (ch == 0x80) *def = 0; else { *def = 1; - + if (ch < 0x80) *len = ch; else { cnt = (unsigned char) (ch & 0x7F); *len = 0; - + while (cnt > 0) { if (!asn1_octet_decode(ctx, &ch)) return 0; @@ -239,20 +239,20 @@ static unsigned char asn1_length_decode(struct asn1_ctx *ctx, } static unsigned char asn1_header_decode(struct asn1_ctx *ctx, - unsigned char **eoc, - unsigned int *cls, - unsigned int *con, - unsigned int *tag) + unsigned char **eoc, + unsigned int *cls, + unsigned int *con, + unsigned int *tag) { unsigned int def, len; - + if (!asn1_id_decode(ctx, cls, con, tag)) return 0; - + def = len = 0; if (!asn1_length_decode(ctx, &def, &len)) return 0; - + if (def) *eoc = ctx->pointer + len; else @@ -263,19 +263,19 @@ static unsigned char asn1_header_decode(struct asn1_ctx *ctx, static unsigned char asn1_eoc_decode(struct asn1_ctx *ctx, unsigned char *eoc) { unsigned char ch; - + if (eoc == 0) { if (!asn1_octet_decode(ctx, &ch)) return 0; - + if (ch != 0x00) { ctx->error = ASN1_ERR_DEC_EOC_MISMATCH; return 0; } - + if (!asn1_octet_decode(ctx, &ch)) return 0; - + if (ch != 0x00) { ctx->error = ASN1_ERR_DEC_EOC_MISMATCH; return 0; @@ -297,27 +297,27 @@ static unsigned char asn1_null_decode(struct asn1_ctx *ctx, unsigned char *eoc) } static unsigned char asn1_long_decode(struct asn1_ctx *ctx, - unsigned char *eoc, - long *integer) + unsigned char *eoc, + long *integer) { unsigned char ch; unsigned int len; - + if (!asn1_octet_decode(ctx, &ch)) return 0; - + *integer = (signed char) ch; len = 1; - + while (ctx->pointer < eoc) { if (++len > sizeof (long)) { ctx->error = ASN1_ERR_DEC_BADVALUE; return 0; } - + if (!asn1_octet_decode(ctx, &ch)) return 0; - + *integer <<= 8; *integer |= ch; } @@ -325,28 +325,28 @@ static unsigned char asn1_long_decode(struct asn1_ctx *ctx, } static unsigned char asn1_uint_decode(struct asn1_ctx *ctx, - unsigned char *eoc, - unsigned int *integer) + unsigned char *eoc, + unsigned int *integer) { unsigned char ch; unsigned int len; - + if (!asn1_octet_decode(ctx, &ch)) return 0; - + *integer = ch; if (ch == 0) len = 0; else len = 1; - + while (ctx->pointer < eoc) { if (++len > sizeof (unsigned int)) { ctx->error = ASN1_ERR_DEC_BADVALUE; return 0; } - + if (!asn1_octet_decode(ctx, &ch)) return 0; - + *integer <<= 8; *integer |= ch; } @@ -354,28 +354,28 @@ static unsigned char asn1_uint_decode(struct asn1_ctx *ctx, } static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx, - unsigned char *eoc, - unsigned long *integer) + unsigned char *eoc, + unsigned long *integer) { unsigned char ch; unsigned int len; - + if (!asn1_octet_decode(ctx, &ch)) return 0; - + *integer = ch; if (ch == 0) len = 0; else len = 1; - + while (ctx->pointer < eoc) { if (++len > sizeof (unsigned long)) { ctx->error = ASN1_ERR_DEC_BADVALUE; return 0; } - + if (!asn1_octet_decode(ctx, &ch)) return 0; - + *integer <<= 8; *integer |= ch; } @@ -383,21 +383,21 @@ static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx, } static unsigned char asn1_octets_decode(struct asn1_ctx *ctx, - unsigned char *eoc, - unsigned char **octets, - unsigned int *len) + unsigned char *eoc, + unsigned char **octets, + unsigned int *len) { unsigned char *ptr; - + *len = 0; - + *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC); if (*octets == NULL) { if (net_ratelimit()) printk("OOM in bsalg (%d)\n", __LINE__); return 0; } - + ptr = *octets; while (ctx->pointer < eoc) { if (!asn1_octet_decode(ctx, (unsigned char *)ptr++)) { @@ -411,16 +411,16 @@ static unsigned char asn1_octets_decode(struct asn1_ctx *ctx, } static unsigned char asn1_subid_decode(struct asn1_ctx *ctx, - unsigned long *subid) + unsigned long *subid) { unsigned char ch; - + *subid = 0; - + do { if (!asn1_octet_decode(ctx, &ch)) return 0; - + *subid <<= 7; *subid |= ch & 0x7F; } while ((ch & 0x80) == 0x80); @@ -428,14 +428,14 @@ static unsigned char asn1_subid_decode(struct asn1_ctx *ctx, } static unsigned char asn1_oid_decode(struct asn1_ctx *ctx, - unsigned char *eoc, - unsigned long **oid, - unsigned int *len) + unsigned char *eoc, + unsigned long **oid, + unsigned int *len) { unsigned long subid; unsigned int size; unsigned long *optr; - + size = eoc - ctx->pointer + 1; *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC); if (*oid == NULL) { @@ -443,15 +443,15 @@ static unsigned char asn1_oid_decode(struct asn1_ctx *ctx, printk("OOM in bsalg (%d)\n", __LINE__); return 0; } - + optr = *oid; - + if (!asn1_subid_decode(ctx, &subid)) { kfree(*oid); *oid = NULL; return 0; } - + if (subid < 40) { optr [0] = 0; optr [1] = subid; @@ -462,10 +462,10 @@ static unsigned char asn1_oid_decode(struct asn1_ctx *ctx, optr [0] = 2; optr [1] = subid - 80; } - + *len = 2; optr += 2; - + while (ctx->pointer < eoc) { if (++(*len) > size) { ctx->error = ASN1_ERR_DEC_BADVALUE; @@ -473,7 +473,7 @@ static unsigned char asn1_oid_decode(struct asn1_ctx *ctx, *oid = NULL; return 0; } - + if (!asn1_subid_decode(ctx, optr++)) { kfree(*oid); *oid = NULL; @@ -611,9 +611,9 @@ struct snmp_v1_trap #define SERR_EOM 2 static inline void mangle_address(unsigned char *begin, - unsigned char *addr, - const struct oct1_map *map, - __sum16 *check); + unsigned char *addr, + const struct oct1_map *map, + __sum16 *check); struct snmp_cnv { unsigned int class; @@ -633,7 +633,7 @@ static struct snmp_cnv snmp_conv [] = {ASN1_APL, SNMP_GGE, SNMP_GAUGE}, /* Gauge32 == Unsigned32 */ {ASN1_APL, SNMP_TIT, SNMP_TIMETICKS}, {ASN1_APL, SNMP_OPQ, SNMP_OPAQUE}, - + /* SNMPv2 data types and errors */ {ASN1_UNI, ASN1_BTS, SNMP_BITSTR}, {ASN1_APL, SNMP_C64, SNMP_COUNTER64}, @@ -644,13 +644,13 @@ static struct snmp_cnv snmp_conv [] = }; static unsigned char snmp_tag_cls2syntax(unsigned int tag, - unsigned int cls, - unsigned short *syntax) + unsigned int cls, + unsigned short *syntax) { struct snmp_cnv *cnv; - + cnv = snmp_conv; - + while (cnv->syntax != -1) { if (cnv->tag == tag && cnv->class == cls) { *syntax = cnv->syntax; @@ -662,7 +662,7 @@ static unsigned char snmp_tag_cls2syntax(unsigned int tag, } static unsigned char snmp_object_decode(struct asn1_ctx *ctx, - struct snmp_object **obj) + struct snmp_object **obj) { unsigned int cls, con, tag, len, idlen; unsigned short type; @@ -670,41 +670,41 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx, unsigned long *lp, *id; unsigned long ul; long l; - + *obj = NULL; id = NULL; - + if (!asn1_header_decode(ctx, &eoc, &cls, &con, &tag)) return 0; - + if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ) return 0; - + if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) return 0; - + if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_OJI) return 0; - + if (!asn1_oid_decode(ctx, end, &id, &idlen)) return 0; - + if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) { kfree(id); return 0; } - + if (con != ASN1_PRI) { kfree(id); return 0; } - + type = 0; if (!snmp_tag_cls2syntax(tag, cls, &type)) { kfree(id); return 0; } - + l = 0; switch (type) { case SNMP_INTEGER: @@ -714,7 +714,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx, return 0; } *obj = kmalloc(sizeof(struct snmp_object) + len, - GFP_ATOMIC); + GFP_ATOMIC); if (*obj == NULL) { kfree(id); if (net_ratelimit()) @@ -730,7 +730,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx, return 0; } *obj = kmalloc(sizeof(struct snmp_object) + len, - GFP_ATOMIC); + GFP_ATOMIC); if (*obj == NULL) { kfree(id); if (net_ratelimit()) @@ -818,12 +818,12 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx, kfree(id); return 0; } - + (*obj)->syntax_len = len; (*obj)->type = type; (*obj)->id = id; (*obj)->id_len = idlen; - + if (!asn1_eoc_decode(ctx, eoc)) { kfree(id); kfree(*obj); @@ -834,49 +834,49 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx, } static unsigned char snmp_request_decode(struct asn1_ctx *ctx, - struct snmp_request *request) + struct snmp_request *request) { unsigned int cls, con, tag; unsigned char *end; - + if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) return 0; - + if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT) return 0; - + if (!asn1_ulong_decode(ctx, end, &request->id)) return 0; - + if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) return 0; - + if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT) return 0; - + if (!asn1_uint_decode(ctx, end, &request->error_status)) return 0; - + if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) return 0; - + if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT) return 0; - + if (!asn1_uint_decode(ctx, end, &request->error_index)) return 0; - + return 1; } -/* +/* * Fast checksum update for possibly oddly-aligned UDP byte, from the * code example in the draft. */ static void fast_csum(__sum16 *csum, - const unsigned char *optr, - const unsigned char *nptr, - int offset) + const unsigned char *optr, + const unsigned char *nptr, + int offset) { unsigned char s[4]; @@ -893,30 +893,30 @@ static void fast_csum(__sum16 *csum, *csum = csum_fold(csum_partial(s, 4, ~csum_unfold(*csum))); } -/* +/* * Mangle IP address. * - begin points to the start of the snmp messgae * - addr points to the start of the address */ static inline void mangle_address(unsigned char *begin, - unsigned char *addr, - const struct oct1_map *map, - __sum16 *check) + unsigned char *addr, + const struct oct1_map *map, + __sum16 *check) { if (map->from == NOCT1(addr)) { u_int32_t old; - + if (debug) memcpy(&old, (unsigned char *)addr, sizeof(old)); - + *addr = map->to; - + /* Update UDP checksum if being used */ if (*check) { fast_csum(check, - &map->from, &map->to, addr - begin); + &map->from, &map->to, addr - begin); } - + if (debug) printk(KERN_DEBUG "bsalg: mapped %u.%u.%u.%u to " "%u.%u.%u.%u\n", NIPQUAD(old), NIPQUAD(*addr)); @@ -924,66 +924,66 @@ static inline void mangle_address(unsigned char *begin, } static unsigned char snmp_trap_decode(struct asn1_ctx *ctx, - struct snmp_v1_trap *trap, - const struct oct1_map *map, - __sum16 *check) + struct snmp_v1_trap *trap, + const struct oct1_map *map, + __sum16 *check) { unsigned int cls, con, tag, len; unsigned char *end; if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) return 0; - + if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_OJI) return 0; - + if (!asn1_oid_decode(ctx, end, &trap->id, &trap->id_len)) return 0; - + if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) goto err_id_free; if (!((cls == ASN1_APL && con == ASN1_PRI && tag == SNMP_IPA) || (cls == ASN1_UNI && con == ASN1_PRI && tag == ASN1_OTS))) goto err_id_free; - + if (!asn1_octets_decode(ctx, end, (unsigned char **)&trap->ip_address, &len)) goto err_id_free; - + /* IPv4 only */ if (len != 4) goto err_addr_free; - + mangle_address(ctx->begin, ctx->pointer - 4, map, check); - + if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) goto err_addr_free; - + if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT) goto err_addr_free; - + if (!asn1_uint_decode(ctx, end, &trap->general)) goto err_addr_free; - + if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) goto err_addr_free; - + if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT) goto err_addr_free; - + if (!asn1_uint_decode(ctx, end, &trap->specific)) goto err_addr_free; - + if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) goto err_addr_free; - + if (!((cls == ASN1_APL && con == ASN1_PRI && tag == SNMP_TIT) || (cls == ASN1_UNI && con == ASN1_PRI && tag == ASN1_INT))) goto err_addr_free; - + if (!asn1_ulong_decode(ctx, end, &trap->time)) goto err_addr_free; - + return 1; err_addr_free: @@ -1004,7 +1004,7 @@ err_id_free: static void hex_dump(unsigned char *buf, size_t len) { size_t i; - + for (i = 0; i < len; i++) { if (i && !(i % 16)) printk("\n"); @@ -1018,30 +1018,30 @@ static void hex_dump(unsigned char *buf, size_t len) * (And this is the fucking 'basic' method). */ static int snmp_parse_mangle(unsigned char *msg, - u_int16_t len, - const struct oct1_map *map, - __sum16 *check) + u_int16_t len, + const struct oct1_map *map, + __sum16 *check) { unsigned char *eoc, *end; unsigned int cls, con, tag, vers, pdutype; struct asn1_ctx ctx; struct asn1_octstr comm; struct snmp_object **obj; - + if (debug > 1) hex_dump(msg, len); asn1_open(&ctx, msg, len); - - /* + + /* * Start of SNMP message. */ if (!asn1_header_decode(&ctx, &eoc, &cls, &con, &tag)) return 0; if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ) return 0; - - /* + + /* * Version 1 or 2 handled. */ if (!asn1_header_decode(&ctx, &end, &cls, &con, &tag)) @@ -1054,7 +1054,7 @@ static int snmp_parse_mangle(unsigned char *msg, printk(KERN_DEBUG "bsalg: snmp version: %u\n", vers + 1); if (vers > 1) return 1; - + /* * Community. */ @@ -1066,14 +1066,14 @@ static int snmp_parse_mangle(unsigned char *msg, return 0; if (debug > 1) { unsigned int i; - + printk(KERN_DEBUG "bsalg: community: "); for (i = 0; i < comm.len; i++) printk("%c", comm.data[i]); printk("\n"); } kfree(comm.data); - + /* * PDU type */ @@ -1092,7 +1092,7 @@ static int snmp_parse_mangle(unsigned char *msg, [SNMP_PDU_INFORM] = "inform", [SNMP_PDU_TRAP2] = "trapv2" }; - + if (pdutype > SNMP_PDU_TRAP2) printk(KERN_DEBUG "bsalg: bad pdu type %u\n", pdutype); else @@ -1101,56 +1101,56 @@ static int snmp_parse_mangle(unsigned char *msg, if (pdutype != SNMP_PDU_RESPONSE && pdutype != SNMP_PDU_TRAP1 && pdutype != SNMP_PDU_TRAP2) return 1; - + /* * Request header or v1 trap */ if (pdutype == SNMP_PDU_TRAP1) { struct snmp_v1_trap trap; unsigned char ret = snmp_trap_decode(&ctx, &trap, map, check); - + if (ret) { kfree(trap.id); kfree((unsigned long *)trap.ip_address); - } else + } else return ret; - + } else { struct snmp_request req; - + if (!snmp_request_decode(&ctx, &req)) return 0; - + if (debug > 1) printk(KERN_DEBUG "bsalg: request: id=0x%lx error_status=%u " "error_index=%u\n", req.id, req.error_status, req.error_index); } - + /* * Loop through objects, look for IP addresses to mangle. */ if (!asn1_header_decode(&ctx, &eoc, &cls, &con, &tag)) return 0; - + if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ) return 0; - + obj = kmalloc(sizeof(struct snmp_object), GFP_ATOMIC); if (obj == NULL) { if (net_ratelimit()) printk(KERN_WARNING "OOM in bsalg(%d)\n", __LINE__); - return 0; + return 0; } while (!asn1_eoc_decode(&ctx, eoc)) { unsigned int i; - + if (!snmp_object_decode(&ctx, obj)) { if (*obj) { kfree((*obj)->id); kfree(*obj); - } + } kfree(obj); return 0; } @@ -1163,20 +1163,20 @@ static int snmp_parse_mangle(unsigned char *msg, printk("%lu", (*obj)->id[i]); } printk(": type=%u\n", (*obj)->type); - + } if ((*obj)->type == SNMP_IPADDR) mangle_address(ctx.begin, ctx.pointer - 4 , map, check); - + kfree((*obj)->id); kfree(*obj); } kfree(obj); - + if (!asn1_eoc_decode(&ctx, eoc)) return 0; - + return 1; } @@ -1186,12 +1186,12 @@ static int snmp_parse_mangle(unsigned char *msg, * *****************************************************************************/ -/* +/* * SNMP translation routine. */ static int snmp_translate(struct ip_conntrack *ct, - enum ip_conntrack_info ctinfo, - struct sk_buff **pskb) + enum ip_conntrack_info ctinfo, + struct sk_buff **pskb) { struct iphdr *iph = (*pskb)->nh.iph; struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); @@ -1213,12 +1213,12 @@ static int snmp_translate(struct ip_conntrack *ct, map.from = NOCT1(&ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip); map.to = NOCT1(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip); } - + if (map.from == map.to) return NF_ACCEPT; - + if (!snmp_parse_mangle((unsigned char *)udph + sizeof(struct udphdr), - paylen, &map, &udph->check)) { + paylen, &map, &udph->check)) { if (net_ratelimit()) printk(KERN_WARNING "bsalg: parser failed\n"); return NF_DROP; @@ -1247,7 +1247,7 @@ static int help(struct sk_buff **pskb, if (!(ct->status & IPS_NAT_MASK)) return NF_ACCEPT; - /* + /* * Make sure the packet length is ok. So far, we were only guaranteed * to have a valid length IP header plus 8 bytes, which means we have * enough room for a UDP header. Just verify the UDP length field so we @@ -1305,7 +1305,7 @@ static struct ip_conntrack_helper snmp_trap_helper = { * Module stuff. * *****************************************************************************/ - + static int __init ip_nat_snmp_basic_init(void) { int ret = 0; diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c index ad66328baa5d..adf25f9f70e1 100644 --- a/net/ipv4/netfilter/ip_nat_standalone.c +++ b/net/ipv4/netfilter/ip_nat_standalone.c @@ -81,7 +81,7 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl) } } #endif - + static unsigned int ip_nat_fn(unsigned int hooknum, struct sk_buff **pskb, @@ -107,8 +107,8 @@ ip_nat_fn(unsigned int hooknum, protocol. 8) --RR */ if (!ct) { /* Exception: ICMP redirect to new connection (not in - hash table yet). We must not let this through, in - case we're doing NAT to the same network. */ + hash table yet). We must not let this through, in + case we're doing NAT to the same network. */ if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) { struct icmphdr _hdr, *hp; @@ -148,7 +148,7 @@ ip_nat_fn(unsigned int hooknum, if (unlikely(is_confirmed(ct))) /* NAT module was loaded late */ ret = alloc_null_binding_confirmed(ct, info, - hooknum); + hooknum); else if (hooknum == NF_IP_LOCAL_IN) /* LOCAL_IN hook doesn't have a chain! */ ret = alloc_null_binding(ct, info, hooknum); @@ -179,10 +179,10 @@ ip_nat_fn(unsigned int hooknum, static unsigned int ip_nat_in(unsigned int hooknum, - struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)) + struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + int (*okfn)(struct sk_buff *)) { unsigned int ret; __be32 daddr = (*pskb)->nh.iph->daddr; @@ -277,9 +277,9 @@ ip_nat_adjust(unsigned int hooknum, ct = ip_conntrack_get(*pskb, &ctinfo); if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) { - DEBUGP("ip_nat_standalone: adjusting sequence number\n"); - if (!ip_nat_seq_adjust(pskb, ct, ctinfo)) - return NF_DROP; + DEBUGP("ip_nat_standalone: adjusting sequence number\n"); + if (!ip_nat_seq_adjust(pskb, ct, ctinfo)) + return NF_DROP; } return NF_ACCEPT; } diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c index cd520df4dcf4..68bf19f3b01c 100644 --- a/net/ipv4/netfilter/ip_queue.c +++ b/net/ipv4/netfilter/ip_queue.c @@ -11,13 +11,13 @@ * * 2000-03-27: Simplified code (thanks to Andi Kleen for clues). * 2000-05-20: Fixed notifier problems (following Miguel Freitas' report). - * 2000-06-19: Fixed so nfmark is copied to metadata (reported by Sebastian + * 2000-06-19: Fixed so nfmark is copied to metadata (reported by Sebastian * Zander). * 2000-08-01: Added Nick Williams' MAC support. * 2002-06-25: Code cleanup. * 2005-01-10: Added /proc counter for dropped packets; fixed so - * packets aren't delivered to user space if they're going - * to be dropped. + * packets aren't delivered to user space if they're going + * to be dropped. * 2005-05-26: local_bh_{disable,enable} around nf_reinject (Harald Welte) * */ @@ -97,7 +97,7 @@ __ipq_find_entry(ipq_cmpfn cmpfn, unsigned long data) list_for_each_prev(p, &queue_list) { struct ipq_queue_entry *entry = (struct ipq_queue_entry *)p; - + if (!cmpfn || cmpfn(entry, data)) return entry; } @@ -129,7 +129,7 @@ static inline void __ipq_flush(int verdict) { struct ipq_queue_entry *entry; - + while ((entry = __ipq_find_dequeue_entry(NULL, 0))) ipq_issue_verdict(entry, verdict); } @@ -138,21 +138,21 @@ static inline int __ipq_set_mode(unsigned char mode, unsigned int range) { int status = 0; - + switch(mode) { case IPQ_COPY_NONE: case IPQ_COPY_META: copy_mode = mode; copy_range = 0; break; - + case IPQ_COPY_PACKET: copy_mode = mode; copy_range = range; if (copy_range > 0xFFFF) copy_range = 0xFFFF; break; - + default: status = -EINVAL; @@ -173,7 +173,7 @@ static struct ipq_queue_entry * ipq_find_dequeue_entry(ipq_cmpfn cmpfn, unsigned long data) { struct ipq_queue_entry *entry; - + write_lock_bh(&queue_lock); entry = __ipq_find_dequeue_entry(cmpfn, data); write_unlock_bh(&queue_lock); @@ -199,14 +199,14 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp) struct nlmsghdr *nlh; read_lock_bh(&queue_lock); - + switch (copy_mode) { case IPQ_COPY_META: case IPQ_COPY_NONE: size = NLMSG_SPACE(sizeof(*pmsg)); data_len = 0; break; - + case IPQ_COPY_PACKET: if ((entry->skb->ip_summed == CHECKSUM_PARTIAL || entry->skb->ip_summed == CHECKSUM_COMPLETE) && @@ -218,10 +218,10 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp) data_len = entry->skb->len; else data_len = copy_range; - + size = NLMSG_SPACE(sizeof(*pmsg) + data_len); break; - + default: *errp = -EINVAL; read_unlock_bh(&queue_lock); @@ -233,7 +233,7 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp) skb = alloc_skb(size, GFP_ATOMIC); if (!skb) goto nlmsg_failure; - + old_tail= skb->tail; nlh = NLMSG_PUT(skb, 0, 0, IPQM_PACKET, size - sizeof(*nlh)); pmsg = NLMSG_DATA(nlh); @@ -246,29 +246,29 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp) pmsg->mark = entry->skb->mark; pmsg->hook = entry->info->hook; pmsg->hw_protocol = entry->skb->protocol; - + if (entry->info->indev) strcpy(pmsg->indev_name, entry->info->indev->name); else pmsg->indev_name[0] = '\0'; - + if (entry->info->outdev) strcpy(pmsg->outdev_name, entry->info->outdev->name); else pmsg->outdev_name[0] = '\0'; - + if (entry->info->indev && entry->skb->dev) { pmsg->hw_type = entry->skb->dev->type; if (entry->skb->dev->hard_header_parse) pmsg->hw_addrlen = entry->skb->dev->hard_header_parse(entry->skb, - pmsg->hw_addr); + pmsg->hw_addr); } - + if (data_len) if (skb_copy_bits(entry->skb, 0, pmsg->payload, data_len)) BUG(); - + nlh->nlmsg_len = skb->tail - old_tail; return skb; @@ -303,26 +303,26 @@ ipq_enqueue_packet(struct sk_buff *skb, struct nf_info *info, nskb = ipq_build_packet_message(entry, &status); if (nskb == NULL) goto err_out_free; - + write_lock_bh(&queue_lock); - + if (!peer_pid) - goto err_out_free_nskb; + goto err_out_free_nskb; if (queue_total >= queue_maxlen) { - queue_dropped++; + queue_dropped++; status = -ENOSPC; if (net_ratelimit()) - printk (KERN_WARNING "ip_queue: full at %d entries, " + printk (KERN_WARNING "ip_queue: full at %d entries, " "dropping packets(s). Dropped: %d\n", queue_total, queue_dropped); goto err_out_free_nskb; } - /* netlink_unicast will either free the nskb or attach it to a socket */ + /* netlink_unicast will either free the nskb or attach it to a socket */ status = netlink_unicast(ipqnl, nskb, peer_pid, MSG_DONTWAIT); if (status < 0) { - queue_user_dropped++; + queue_user_dropped++; goto err_out_unlock; } @@ -332,8 +332,8 @@ ipq_enqueue_packet(struct sk_buff *skb, struct nf_info *info, return status; err_out_free_nskb: - kfree_skb(nskb); - + kfree_skb(nskb); + err_out_unlock: write_unlock_bh(&queue_lock); @@ -359,11 +359,11 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) return -EINVAL; if (diff > skb_tailroom(e->skb)) { struct sk_buff *newskb; - + newskb = skb_copy_expand(e->skb, - skb_headroom(e->skb), - diff, - GFP_ATOMIC); + skb_headroom(e->skb), + diff, + GFP_ATOMIC); if (newskb == NULL) { printk(KERN_WARNING "ip_queue: OOM " "in mangle, dropping packet\n"); @@ -403,11 +403,11 @@ ipq_set_verdict(struct ipq_verdict_msg *vmsg, unsigned int len) return -ENOENT; else { int verdict = vmsg->value; - + if (vmsg->data_len && vmsg->data_len == len) if (ipq_mangle_ipv4(vmsg, entry) < 0) verdict = NF_DROP; - + ipq_issue_verdict(entry, verdict); return 0; } @@ -426,7 +426,7 @@ ipq_set_mode(unsigned char mode, unsigned int range) static int ipq_receive_peer(struct ipq_peer_msg *pmsg, - unsigned char type, unsigned int len) + unsigned char type, unsigned int len) { int status = 0; @@ -436,15 +436,15 @@ ipq_receive_peer(struct ipq_peer_msg *pmsg, switch (type) { case IPQM_MODE: status = ipq_set_mode(pmsg->msg.mode.value, - pmsg->msg.mode.range); + pmsg->msg.mode.range); break; - + case IPQM_VERDICT: if (pmsg->msg.verdict.value > NF_MAX_VERDICT) status = -EINVAL; else status = ipq_set_verdict(&pmsg->msg.verdict, - len - sizeof(*pmsg)); + len - sizeof(*pmsg)); break; default: status = -EINVAL; @@ -468,7 +468,7 @@ dev_cmp(struct ipq_queue_entry *entry, unsigned long ifindex) return 1; if (entry->skb->nf_bridge->physoutdev && entry->skb->nf_bridge->physoutdev->ifindex == ifindex) - return 1; + return 1; } #endif return 0; @@ -478,7 +478,7 @@ static void ipq_dev_drop(int ifindex) { struct ipq_queue_entry *entry; - + while ((entry = ipq_find_dequeue_entry(dev_cmp, ifindex)) != NULL) ipq_issue_verdict(entry, NF_DROP); } @@ -502,25 +502,25 @@ ipq_rcv_skb(struct sk_buff *skb) pid = nlh->nlmsg_pid; flags = nlh->nlmsg_flags; - + if(pid <= 0 || !(flags & NLM_F_REQUEST) || flags & NLM_F_MULTI) RCV_SKB_FAIL(-EINVAL); - + if (flags & MSG_TRUNC) RCV_SKB_FAIL(-ECOMM); - + type = nlh->nlmsg_type; if (type < NLMSG_NOOP || type >= IPQM_MAX) RCV_SKB_FAIL(-EINVAL); - + if (type <= IPQM_BASE) return; - + if (security_netlink_recv(skb, CAP_NET_ADMIN)) RCV_SKB_FAIL(-EPERM); - + write_lock_bh(&queue_lock); - + if (peer_pid) { if (peer_pid != pid) { write_unlock_bh(&queue_lock); @@ -530,17 +530,17 @@ ipq_rcv_skb(struct sk_buff *skb) net_enable_timestamp(); peer_pid = pid; } - + write_unlock_bh(&queue_lock); - + status = ipq_receive_peer(NLMSG_DATA(nlh), type, - nlmsglen - NLMSG_LENGTH(0)); + nlmsglen - NLMSG_LENGTH(0)); if (status < 0) RCV_SKB_FAIL(status); - + if (flags & NLM_F_ACK) netlink_ack(skb, nlh, 0); - return; + return; } static void @@ -550,19 +550,19 @@ ipq_rcv_sk(struct sock *sk, int len) unsigned int qlen; mutex_lock(&ipqnl_mutex); - + for (qlen = skb_queue_len(&sk->sk_receive_queue); qlen; qlen--) { skb = skb_dequeue(&sk->sk_receive_queue); ipq_rcv_skb(skb); kfree_skb(skb); } - + mutex_unlock(&ipqnl_mutex); } static int ipq_rcv_dev_event(struct notifier_block *this, - unsigned long event, void *ptr) + unsigned long event, void *ptr) { struct net_device *dev = ptr; @@ -578,7 +578,7 @@ static struct notifier_block ipq_dev_notifier = { static int ipq_rcv_nl_event(struct notifier_block *this, - unsigned long event, void *ptr) + unsigned long event, void *ptr) { struct netlink_notify *n = ptr; @@ -607,7 +607,7 @@ static ctl_table ipq_table[] = { .mode = 0644, .proc_handler = proc_dointvec }, - { .ctl_name = 0 } + { .ctl_name = 0 } }; static ctl_table ipq_dir_table[] = { @@ -637,25 +637,25 @@ ipq_get_info(char *buffer, char **start, off_t offset, int length) int len; read_lock_bh(&queue_lock); - + len = sprintf(buffer, - "Peer PID : %d\n" - "Copy mode : %hu\n" - "Copy range : %u\n" - "Queue length : %u\n" - "Queue max. length : %u\n" + "Peer PID : %d\n" + "Copy mode : %hu\n" + "Copy range : %u\n" + "Queue length : %u\n" + "Queue max. length : %u\n" "Queue dropped : %u\n" "Netlink dropped : %u\n", - peer_pid, - copy_mode, - copy_range, - queue_total, - queue_maxlen, + peer_pid, + copy_mode, + copy_range, + queue_total, + queue_maxlen, queue_dropped, queue_user_dropped); read_unlock_bh(&queue_lock); - + *start = buffer + offset; len -= offset; if (len > length) @@ -675,7 +675,7 @@ static int __init ip_queue_init(void) { int status = -ENOMEM; struct proc_dir_entry *proc; - + netlink_register_notifier(&ipq_nl_notifier); ipqnl = netlink_kernel_create(NETLINK_FIREWALL, 0, ipq_rcv_sk, THIS_MODULE); @@ -691,10 +691,10 @@ static int __init ip_queue_init(void) printk(KERN_ERR "ip_queue: failed to create proc entry\n"); goto cleanup_ipqnl; } - + register_netdevice_notifier(&ipq_dev_notifier); ipq_sysctl_header = register_sysctl_table(ipq_root_table, 0); - + status = nf_register_queue_handler(PF_INET, &nfqh); if (status < 0) { printk(KERN_ERR "ip_queue: failed to register queue handler\n"); @@ -706,12 +706,12 @@ cleanup_sysctl: unregister_sysctl_table(ipq_sysctl_header); unregister_netdevice_notifier(&ipq_dev_notifier); proc_net_remove(IPQ_PROC_FS_NAME); - + cleanup_ipqnl: sock_release(ipqnl->sk_socket); mutex_lock(&ipqnl_mutex); mutex_unlock(&ipqnl_mutex); - + cleanup_netlink_notifier: netlink_unregister_notifier(&ipq_nl_notifier); return status; diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 5a7b3a341389..50cc4b92e284 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -297,7 +297,7 @@ ipt_do_table(struct sk_buff **pskb, e = get_entry(table_base, v); } else { /* Targets which reenter must return - abs. verdicts */ + abs. verdicts */ #ifdef CONFIG_NETFILTER_DEBUG ((struct ipt_entry *)table_base)->comefrom = 0xeeeeeeec; @@ -556,9 +556,9 @@ err: static inline int check_target(struct ipt_entry *e, const char *name) { - struct ipt_entry_target *t; + struct ipt_entry_target *t; struct xt_target *target; - int ret; + int ret; t = ipt_get_target(e); target = t->u.kernel.target; @@ -652,7 +652,7 @@ check_entry_size_and_hooks(struct ipt_entry *e, } /* FIXME: underflows must be unconditional, standard verdicts - < 0 (not IPT_RETURN). --RR */ + < 0 (not IPT_RETURN). --RR */ /* Clear counters and comefrom */ e->counters = ((struct xt_counters) { 0, 0 }); @@ -2057,7 +2057,7 @@ void ipt_unregister_table(struct xt_table *table) struct xt_table_info *private; void *loc_cpu_entry; - private = xt_unregister_table(table); + private = xt_unregister_table(table); /* Decrease module usage counts and free resources */ loc_cpu_entry = private->entries[raw_smp_processor_id()]; diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c index 343c2abdc1a0..4fe28f264475 100644 --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c @@ -1,4 +1,4 @@ -/* Cluster IP hashmark target +/* Cluster IP hashmark target * (C) 2003-2004 by Harald Welte <laforge@netfilter.org> * based on ideas of Fabio Olive Leite <olive@unixforge.org> * @@ -123,7 +123,7 @@ __clusterip_config_find(__be32 clusterip) struct list_head *pos; list_for_each(pos, &clusterip_configs) { - struct clusterip_config *c = list_entry(pos, + struct clusterip_config *c = list_entry(pos, struct clusterip_config, list); if (c->clusterip == clusterip) { return c; @@ -229,7 +229,7 @@ clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum) if (nodenum == 0 || nodenum > c->num_total_nodes) return 1; - + if (test_and_clear_bit(nodenum - 1, &c->local_nodes)) return 0; @@ -270,7 +270,7 @@ clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config) config->hash_initval); break; case CLUSTERIP_HASHMODE_SIP_SPT: - hashval = jhash_2words(ntohl(iph->saddr), sport, + hashval = jhash_2words(ntohl(iph->saddr), sport, config->hash_initval); break; case CLUSTERIP_HASHMODE_SIP_SPT_DPT: @@ -297,8 +297,8 @@ clusterip_responsible(struct clusterip_config *config, u_int32_t hash) return test_bit(hash - 1, &config->local_nodes); } -/*********************************************************************** - * IPTABLES TARGET +/*********************************************************************** + * IPTABLES TARGET ***********************************************************************/ static unsigned int @@ -321,7 +321,7 @@ target(struct sk_buff **pskb, if (mark == NULL) { printk(KERN_ERR "CLUSTERIP: no conntrack!\n"); /* FIXME: need to drop invalid ones, since replies - * to outgoing connections of other nodes will be + * to outgoing connections of other nodes will be * marked as INVALID */ return NF_DROP; } @@ -329,11 +329,11 @@ target(struct sk_buff **pskb, /* special case: ICMP error handling. conntrack distinguishes between * error messages (RELATED) and information requests (see below) */ if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP - && (ctinfo == IP_CT_RELATED + && (ctinfo == IP_CT_RELATED || ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY)) return XT_CONTINUE; - /* ip_conntrack_icmp guarantees us that we only have ICMP_ECHO, + /* ip_conntrack_icmp guarantees us that we only have ICMP_ECHO, * TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here * on, which all have an ID field [relevant for hashing]. */ @@ -376,8 +376,8 @@ static int checkentry(const char *tablename, const void *e_void, const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) + void *targinfo, + unsigned int hook_mask) { struct ipt_clusterip_tgt_info *cipinfo = targinfo; const struct ipt_entry *e = e_void; @@ -437,7 +437,7 @@ checkentry(const char *tablename, return 0; } - config = clusterip_config_init(cipinfo, + config = clusterip_config_init(cipinfo, e->ip.dst.s_addr, dev); if (!config) { printk(KERN_WARNING "CLUSTERIP: cannot allocate config\n"); @@ -483,8 +483,8 @@ static struct xt_target clusterip_tgt = { }; -/*********************************************************************** - * ARP MANGLING CODE +/*********************************************************************** + * ARP MANGLING CODE ***********************************************************************/ /* hardcoded for 48bit ethernet and 32bit ipv4 addresses */ @@ -496,7 +496,7 @@ struct arp_payload { } __attribute__ ((packed)); #ifdef CLUSTERIP_DEBUG -static void arp_print(struct arp_payload *payload) +static void arp_print(struct arp_payload *payload) { #define HBUFFERLEN 30 char hbuffer[HBUFFERLEN]; @@ -510,7 +510,7 @@ static void arp_print(struct arp_payload *payload) } hbuffer[--k]='\0'; - printk("src %u.%u.%u.%u@%s, dst %u.%u.%u.%u\n", + printk("src %u.%u.%u.%u@%s, dst %u.%u.%u.%u\n", NIPQUAD(payload->src_ip), hbuffer, NIPQUAD(payload->dst_ip)); } @@ -540,13 +540,13 @@ arp_mangle(unsigned int hook, payload = (void *)(arp+1); - /* if there is no clusterip configuration for the arp reply's + /* if there is no clusterip configuration for the arp reply's * source ip, we don't want to mangle it */ c = clusterip_config_find_get(payload->src_ip, 0); if (!c) return NF_ACCEPT; - /* normally the linux kernel always replies to arp queries of + /* normally the linux kernel always replies to arp queries of * addresses on different interfacs. However, in the CLUSTERIP case * this wouldn't work, since we didn't subscribe the mcast group on * other interfaces */ @@ -577,8 +577,8 @@ static struct nf_hook_ops cip_arp_ops = { .priority = -1 }; -/*********************************************************************** - * PROC DIR HANDLING +/*********************************************************************** + * PROC DIR HANDLING ***********************************************************************/ #ifdef CONFIG_PROC_FS @@ -640,7 +640,7 @@ static int clusterip_seq_show(struct seq_file *s, void *v) { struct clusterip_seq_position *idx = (struct clusterip_seq_position *)v; - if (idx->pos != 0) + if (idx->pos != 0) seq_putc(s, ','); seq_printf(s, "%u", idx->bit); diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index b5ca5938d1fe..4f565633631d 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c @@ -1,9 +1,9 @@ /* iptables module for the IPv4 and TCP ECN bits, Version 1.5 * * (C) 2002 by Harald Welte <laforge@netfilter.org> - * + * * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as + * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. * * ipt_ECN.c,v 1.5 2002/08/18 19:36:51 laforge Exp @@ -40,7 +40,7 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) iph->tos &= ~IPT_ECN_IP_MASK; iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK); nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos)); - } + } return 1; } @@ -104,8 +104,8 @@ static int checkentry(const char *tablename, const void *e_void, const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) + void *targinfo, + unsigned int hook_mask) { const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo; const struct ipt_entry *e = e_void; diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c index f68370ffb43f..f4a62f2522ff 100644 --- a/net/ipv4/netfilter/ipt_LOG.c +++ b/net/ipv4/netfilter/ipt_LOG.c @@ -289,7 +289,7 @@ static void dump_packet(const struct nf_loginfo *info, if (ntohs(ih->frag_off) & IP_OFFSET) break; - + /* Max length: 9 "PROTO=AH " */ printk("PROTO=AH "); @@ -334,10 +334,10 @@ static void dump_packet(const struct nf_loginfo *info, } /* Max length: 15 "UID=4294967295 " */ - if ((logflags & IPT_LOG_UID) && !iphoff && skb->sk) { + if ((logflags & IPT_LOG_UID) && !iphoff && skb->sk) { read_lock_bh(&skb->sk->sk_callback_lock); if (skb->sk->sk_socket && skb->sk->sk_socket->file) - printk("UID=%u ", skb->sk->sk_socket->file->f_uid); + printk("UID=%u ", skb->sk->sk_socket->file->f_uid); read_unlock_bh(&skb->sk->sk_callback_lock); } @@ -431,7 +431,7 @@ ipt_log_target(struct sk_buff **pskb, li.u.log.logflags = loginfo->logflags; ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li, - loginfo->prefix); + loginfo->prefix); return XT_CONTINUE; } @@ -483,7 +483,7 @@ static int __init ipt_log_init(void) /* we cannot make module load fail here, since otherwise * iptables userspace would abort */ } - + return 0; } diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c index 91c42efcd533..b5955f3a3f8f 100644 --- a/net/ipv4/netfilter/ipt_MASQUERADE.c +++ b/net/ipv4/netfilter/ipt_MASQUERADE.c @@ -86,7 +86,7 @@ masquerade_target(struct sk_buff **pskb, nat = nfct_nat(ct); #endif IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED - || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); + || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); /* Source address is 0.0.0.0 - locally generated packet that is * probably not supposed to be masqueraded. @@ -221,7 +221,7 @@ static void __exit ipt_masquerade_fini(void) { xt_unregister_target(&masquerade); unregister_netdevice_notifier(&masq_dev_notifier); - unregister_inetaddr_notifier(&masq_inet_notifier); + unregister_inetaddr_notifier(&masq_inet_notifier); } module_init(ipt_masquerade_init); diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c index b4acc241d898..fd7aaa347cd8 100644 --- a/net/ipv4/netfilter/ipt_NETMAP.c +++ b/net/ipv4/netfilter/ipt_NETMAP.c @@ -92,13 +92,13 @@ target(struct sk_buff **pskb, static struct xt_target target_module = { .name = MODULENAME, .family = AF_INET, - .target = target, + .target = target, .targetsize = sizeof(struct ip_nat_multi_range_compat), .table = "nat", .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING) | (1 << NF_IP_LOCAL_OUT), .checkentry = check, - .me = THIS_MODULE + .me = THIS_MODULE }; static int __init ipt_netmap_init(void) diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c index 54cd021aa5a8..c2b6b80670f8 100644 --- a/net/ipv4/netfilter/ipt_REDIRECT.c +++ b/net/ipv4/netfilter/ipt_REDIRECT.c @@ -84,7 +84,7 @@ redirect_target(struct sk_buff **pskb, struct in_ifaddr *ifa; newdst = 0; - + rcu_read_lock(); indev = __in_dev_get_rcu((*pskb)->dev); if (indev && (ifa = indev->ifa_list)) diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index e4a1ddb386a7..a9eb3635fff2 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c @@ -57,7 +57,7 @@ static void send_reset(struct sk_buff *oldskb, int hook) oth = skb_header_pointer(oldskb, oldskb->nh.iph->ihl * 4, sizeof(_otcph), &_otcph); if (oth == NULL) - return; + return; /* No RST for RST. */ if (oth->rst) @@ -145,7 +145,7 @@ static void send_reset(struct sk_buff *oldskb, int hook) /* Adjust IP checksum */ nskb->nh.iph->check = 0; - nskb->nh.iph->check = ip_fast_csum((unsigned char *)nskb->nh.iph, + nskb->nh.iph->check = ip_fast_csum((unsigned char *)nskb->nh.iph, nskb->nh.iph->ihl); /* "Never happens" */ @@ -165,7 +165,7 @@ static void send_reset(struct sk_buff *oldskb, int hook) static inline void send_unreach(struct sk_buff *skb_in, int code) { icmp_send(skb_in, ICMP_DEST_UNREACH, code, 0); -} +} static unsigned int reject(struct sk_buff **pskb, const struct net_device *in, @@ -177,33 +177,33 @@ static unsigned int reject(struct sk_buff **pskb, const struct ipt_reject_info *reject = targinfo; /* Our naive response construction doesn't deal with IP - options, and probably shouldn't try. */ + options, and probably shouldn't try. */ if ((*pskb)->nh.iph->ihl<<2 != sizeof(struct iphdr)) return NF_DROP; /* WARNING: This code causes reentry within iptables. This means that the iptables jump stack is now crap. We must return an absolute verdict. --RR */ - switch (reject->with) { - case IPT_ICMP_NET_UNREACHABLE: - send_unreach(*pskb, ICMP_NET_UNREACH); - break; - case IPT_ICMP_HOST_UNREACHABLE: - send_unreach(*pskb, ICMP_HOST_UNREACH); - break; - case IPT_ICMP_PROT_UNREACHABLE: - send_unreach(*pskb, ICMP_PROT_UNREACH); - break; - case IPT_ICMP_PORT_UNREACHABLE: - send_unreach(*pskb, ICMP_PORT_UNREACH); - break; - case IPT_ICMP_NET_PROHIBITED: - send_unreach(*pskb, ICMP_NET_ANO); - break; + switch (reject->with) { + case IPT_ICMP_NET_UNREACHABLE: + send_unreach(*pskb, ICMP_NET_UNREACH); + break; + case IPT_ICMP_HOST_UNREACHABLE: + send_unreach(*pskb, ICMP_HOST_UNREACH); + break; + case IPT_ICMP_PROT_UNREACHABLE: + send_unreach(*pskb, ICMP_PROT_UNREACH); + break; + case IPT_ICMP_PORT_UNREACHABLE: + send_unreach(*pskb, ICMP_PORT_UNREACH); + break; + case IPT_ICMP_NET_PROHIBITED: + send_unreach(*pskb, ICMP_NET_ANO); + break; case IPT_ICMP_HOST_PROHIBITED: - send_unreach(*pskb, ICMP_HOST_ANO); - break; - case IPT_ICMP_ADMIN_PROHIBITED: + send_unreach(*pskb, ICMP_HOST_ANO); + break; + case IPT_ICMP_ADMIN_PROHIBITED: send_unreach(*pskb, ICMP_PKT_FILTERED); break; case IPT_TCP_RESET: @@ -222,7 +222,7 @@ static int check(const char *tablename, void *targinfo, unsigned int hook_mask) { - const struct ipt_reject_info *rejinfo = targinfo; + const struct ipt_reject_info *rejinfo = targinfo; const struct ipt_entry *e = e_void; if (rejinfo->with == IPT_ICMP_ECHOREPLY) { diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c index a1cdd1262de2..bd4404e5c688 100644 --- a/net/ipv4/netfilter/ipt_SAME.c +++ b/net/ipv4/netfilter/ipt_SAME.c @@ -87,24 +87,24 @@ same_check(const char *tablename, DEBUGP("same_check: bad MAP_IPS.\n"); return 0; } - rangeip = (ntohl(mr->range[count].max_ip) - + rangeip = (ntohl(mr->range[count].max_ip) - ntohl(mr->range[count].min_ip) + 1); mr->ipnum += rangeip; - + DEBUGP("same_check: range %u, ipnum = %u\n", count, rangeip); } DEBUGP("same_check: total ipaddresses = %u\n", mr->ipnum); - + mr->iparray = kmalloc((sizeof(u_int32_t) * mr->ipnum), GFP_KERNEL); if (!mr->iparray) { DEBUGP("same_check: Couldn't allocate %u bytes " - "for %u ipaddresses!\n", + "for %u ipaddresses!\n", (sizeof(u_int32_t) * mr->ipnum), mr->ipnum); return 0; } DEBUGP("same_check: Allocated %u bytes for %u ipaddresses.\n", (sizeof(u_int32_t) * mr->ipnum), mr->ipnum); - + for (count = 0; count < mr->rangesize; count++) { for (countess = ntohl(mr->range[count].min_ip); countess <= ntohl(mr->range[count].max_ip); @@ -119,13 +119,13 @@ same_check(const char *tablename, return 1; } -static void +static void same_destroy(const struct xt_target *target, void *targinfo) { struct ipt_same_info *mr = targinfo; kfree(mr->iparray); - + DEBUGP("same_destroy: Deallocated %u bytes for %u ipaddresses.\n", (sizeof(u_int32_t) * mr->ipnum), mr->ipnum); } @@ -156,7 +156,7 @@ same_target(struct sk_buff **pskb, giving some hope for consistency across reboots. Here we calculate the index in same->iparray which holds the ipaddress we should use */ - + #ifdef CONFIG_NF_NAT_NEEDED tmpip = ntohl(t->src.u3.ip); diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c index 29b05a6bd108..cedf9f7d9d6e 100644 --- a/net/ipv4/netfilter/ipt_TOS.c +++ b/net/ipv4/netfilter/ipt_TOS.c @@ -47,8 +47,8 @@ static int checkentry(const char *tablename, const void *e_void, const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) + void *targinfo, + unsigned int hook_mask) { const u_int8_t tos = ((struct ipt_tos_target_info *)targinfo)->tos; diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c index d2b6fa3f9dcd..64be31c22ba9 100644 --- a/net/ipv4/netfilter/ipt_TTL.c +++ b/net/ipv4/netfilter/ipt_TTL.c @@ -19,7 +19,7 @@ MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); MODULE_DESCRIPTION("IP tables TTL modification module"); MODULE_LICENSE("GPL"); -static unsigned int +static unsigned int ipt_ttl_target(struct sk_buff **pskb, const struct net_device *in, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, @@ -71,7 +71,7 @@ static int ipt_ttl_checkentry(const char *tablename, struct ipt_TTL_info *info = targinfo; if (info->mode > IPT_TTL_MAXMODE) { - printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n", + printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n", info->mode); return 0; } @@ -83,10 +83,10 @@ static int ipt_ttl_checkentry(const char *tablename, static struct xt_target ipt_TTL = { .name = "TTL", .family = AF_INET, - .target = ipt_ttl_target, + .target = ipt_ttl_target, .targetsize = sizeof(struct ipt_TTL_info), .table = "mangle", - .checkentry = ipt_ttl_checkentry, + .checkentry = ipt_ttl_checkentry, .me = THIS_MODULE, }; diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index 7af57a3a1f36..3a1eacc634b3 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c @@ -4,9 +4,9 @@ * (C) 2000-2004 by Harald Welte <laforge@netfilter.org> * * 2000/09/22 ulog-cprange feature added - * 2001/01/04 in-kernel queue as proposed by Sebastian Zander + * 2001/01/04 in-kernel queue as proposed by Sebastian Zander * <zander@fokus.gmd.de> - * 2001/01/30 per-rule nlgroup conflicts with global queue. + * 2001/01/30 per-rule nlgroup conflicts with global queue. * nlgroup now global (sysctl) * 2001/04/19 ulog-queue reworked, now fixed buffer size specified at * module loadtime -HW @@ -23,8 +23,8 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. * - * This module accepts two parameters: - * + * This module accepts two parameters: + * * nlbufsiz: * The parameter specifies how big the buffer for each netlink multicast * group is. e.g. If you say nlbufsiz=8192, up to eight kb of packets will @@ -72,7 +72,7 @@ MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_NFLOG); #if 0 #define DEBUGP(format, args...) printk("%s:%s:" format, \ - __FILE__, __FUNCTION__ , ## args) + __FILE__, __FUNCTION__ , ## args) #else #define DEBUGP(format, args...) #endif @@ -162,7 +162,7 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size) PRINTR("ipt_ULOG: can't alloc whole buffer %ub!\n", n); if (n > size) { - /* try to allocate only as much as we need for + /* try to allocate only as much as we need for * current packet */ skb = alloc_skb(size, GFP_ATOMIC); @@ -203,7 +203,7 @@ static void ipt_ulog_packet(unsigned int hooknum, size = NLMSG_SPACE(sizeof(*pm) + copy_len); ub = &ulog_buffers[groupnum]; - + spin_lock_bh(&ulog_lock); if (!ub->skb) { @@ -211,7 +211,7 @@ static void ipt_ulog_packet(unsigned int hooknum, goto alloc_failure; } else if (ub->qlen >= loginfo->qthreshold || size > skb_tailroom(ub->skb)) { - /* either the queue len is too high or we don't have + /* either the queue len is too high or we don't have * enough room in nlskb left. send it to userspace. */ ulog_send(groupnum); @@ -220,11 +220,11 @@ static void ipt_ulog_packet(unsigned int hooknum, goto alloc_failure; } - DEBUGP("ipt_ULOG: qlen %d, qthreshold %d\n", ub->qlen, + DEBUGP("ipt_ULOG: qlen %d, qthreshold %d\n", ub->qlen, loginfo->qthreshold); /* NLMSG_PUT contains a hidden goto nlmsg_failure !!! */ - nlh = NLMSG_PUT(ub->skb, 0, ub->qlen, ULOG_NL_EVENT, + nlh = NLMSG_PUT(ub->skb, 0, ub->qlen, ULOG_NL_EVENT, sizeof(*pm)+copy_len); ub->qlen++; @@ -268,7 +268,7 @@ static void ipt_ulog_packet(unsigned int hooknum, /* copy_len <= skb->len, so can't fail. */ if (skb_copy_bits(skb, 0, pm->payload, copy_len) < 0) BUG(); - + /* check if we are building multi-part messages */ if (ub->qlen > 1) { ub->lastnlh->nlmsg_flags |= NLM_F_MULTI; @@ -312,10 +312,10 @@ static unsigned int ipt_ulog_target(struct sk_buff **pskb, struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; ipt_ulog_packet(hooknum, *pskb, in, out, loginfo, NULL); - + return XT_CONTINUE; } - + static void ipt_logfn(unsigned int pf, unsigned int hooknum, const struct sk_buff *skb, @@ -396,7 +396,7 @@ static int __init ipt_ulog_init(void) } nflognl = netlink_kernel_create(NETLINK_NFLOG, ULOG_MAXNLGROUPS, NULL, - THIS_MODULE); + THIS_MODULE); if (!nflognl) return -ENOMEM; @@ -407,7 +407,7 @@ static int __init ipt_ulog_init(void) } if (nflog) nf_log_register(PF_INET, &ipt_ulog_logger); - + return 0; } diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c index 648f555c4d16..cfa0472617f6 100644 --- a/net/ipv4/netfilter/ipt_addrtype.c +++ b/net/ipv4/netfilter/ipt_addrtype.c @@ -40,7 +40,7 @@ static int match(const struct sk_buff *skb, ret &= match_type(iph->saddr, info->source)^info->invert_source; if (info->dest) ret &= match_type(iph->daddr, info->dest)^info->invert_dest; - + return ret; } diff --git a/net/ipv4/netfilter/ipt_ah.c b/net/ipv4/netfilter/ipt_ah.c index 42f41224a43a..18a16782cf40 100644 --- a/net/ipv4/netfilter/ipt_ah.c +++ b/net/ipv4/netfilter/ipt_ah.c @@ -29,8 +29,8 @@ static inline int spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) { int r=0; - duprintf("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ', - min,spi,max); + duprintf("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ', + min,spi,max); r=(spi >= min && spi <= max) ^ invert; duprintf(" result %s\n",r? "PASS" : "FAILED"); return r; diff --git a/net/ipv4/netfilter/ipt_iprange.c b/net/ipv4/netfilter/ipt_iprange.c index 05de593be94c..bc5d5e6091e4 100644 --- a/net/ipv4/netfilter/ipt_iprange.c +++ b/net/ipv4/netfilter/ipt_iprange.c @@ -41,7 +41,7 @@ match(const struct sk_buff *skb, DEBUGP("src IP %u.%u.%u.%u NOT in range %s" "%u.%u.%u.%u-%u.%u.%u.%u\n", NIPQUAD(iph->saddr), - info->flags & IPRANGE_SRC_INV ? "(INV) " : "", + info->flags & IPRANGE_SRC_INV ? "(INV) " : "", NIPQUAD(info->src.min_ip), NIPQUAD(info->src.max_ip)); return 0; @@ -54,7 +54,7 @@ match(const struct sk_buff *skb, DEBUGP("dst IP %u.%u.%u.%u NOT in range %s" "%u.%u.%u.%u-%u.%u.%u.%u\n", NIPQUAD(iph->daddr), - info->flags & IPRANGE_DST_INV ? "(INV) " : "", + info->flags & IPRANGE_DST_INV ? "(INV) " : "", NIPQUAD(info->dst.min_ip), NIPQUAD(info->dst.max_ip)); return 0; diff --git a/net/ipv4/netfilter/ipt_owner.c b/net/ipv4/netfilter/ipt_owner.c index 9f496ac834b5..7fae9aa8944c 100644 --- a/net/ipv4/netfilter/ipt_owner.c +++ b/net/ipv4/netfilter/ipt_owner.c @@ -53,10 +53,10 @@ match(const struct sk_buff *skb, static int checkentry(const char *tablename, - const void *ip, + const void *ip, const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) + void *matchinfo, + unsigned int hook_mask) { const struct ipt_owner_info *info = matchinfo; diff --git a/net/ipv4/netfilter/ipt_ttl.c b/net/ipv4/netfilter/ipt_ttl.c index d5cd984e5ed2..1eca9f400374 100644 --- a/net/ipv4/netfilter/ipt_ttl.c +++ b/net/ipv4/netfilter/ipt_ttl.c @@ -1,4 +1,4 @@ -/* IP tables module for matching the value of the TTL +/* IP tables module for matching the value of the TTL * * ipt_ttl.c,v 1.5 2000/11/13 11:16:08 laforge Exp * @@ -41,7 +41,7 @@ static int match(const struct sk_buff *skb, return (skb->nh.iph->ttl > info->ttl); break; default: - printk(KERN_WARNING "ipt_ttl: unknown mode %d\n", + printk(KERN_WARNING "ipt_ttl: unknown mode %d\n", info->mode); return 0; } diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index 51053cb42f43..d1d61e97b976 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c @@ -25,7 +25,7 @@ static struct struct ipt_replace repl; struct ipt_standard entries[3]; struct ipt_error term; -} initial_table __initdata +} initial_table __initdata = { { "filter", FILTER_VALID_HOOKS, 4, sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), { [NF_IP_LOCAL_IN] = 0, diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index a532e4d84332..98b66ef0c714 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c @@ -58,7 +58,7 @@ static struct { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, -NF_ACCEPT - 1 } }, /* LOCAL_IN */ - { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, + { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, 0, sizeof(struct ipt_entry), sizeof(struct ipt_standard), @@ -66,7 +66,7 @@ static struct { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, -NF_ACCEPT - 1 } }, /* FORWARD */ - { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, + { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, 0, sizeof(struct ipt_entry), sizeof(struct ipt_standard), @@ -166,7 +166,7 @@ static struct nf_hook_ops ipt_ops[] = { .hook = ipt_route_hook, .owner = THIS_MODULE, .pf = PF_INET, - .hooknum = NF_IP_PRE_ROUTING, + .hooknum = NF_IP_PRE_ROUTING, .priority = NF_IP_PRI_MANGLE, }, { diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c index 5277550fa6b5..18c3d4c9ff51 100644 --- a/net/ipv4/netfilter/iptable_raw.c +++ b/net/ipv4/netfilter/iptable_raw.c @@ -1,4 +1,4 @@ -/* +/* * 'raw' table, which is the very first hooked in at PRE_ROUTING and LOCAL_OUT . * * Copyright (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> @@ -15,26 +15,26 @@ static struct struct ipt_error term; } initial_table __initdata = { .repl = { - .name = "raw", - .valid_hooks = RAW_VALID_HOOKS, + .name = "raw", + .valid_hooks = RAW_VALID_HOOKS, .num_entries = 3, .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error), - .hook_entry = { + .hook_entry = { [NF_IP_PRE_ROUTING] = 0, [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) }, - .underflow = { + .underflow = { [NF_IP_PRE_ROUTING] = 0, [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) }, }, .entries = { /* PRE_ROUTING */ - { - .entry = { + { + .entry = { .target_offset = sizeof(struct ipt_entry), .next_offset = sizeof(struct ipt_standard), }, - .target = { - .target = { + .target = { + .target = { .u = { .target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)), }, @@ -69,7 +69,7 @@ static struct .target = { .u = { .user = { - .target_size = IPT_ALIGN(sizeof(struct ipt_error_target)), + .target_size = IPT_ALIGN(sizeof(struct ipt_error_target)), .name = IPT_ERROR_TARGET, }, }, @@ -80,9 +80,9 @@ static struct }; static struct xt_table packet_raw = { - .name = "raw", - .valid_hooks = RAW_VALID_HOOKS, - .lock = RW_LOCK_UNLOCKED, + .name = "raw", + .valid_hooks = RAW_VALID_HOOKS, + .lock = RW_LOCK_UNLOCKED, .me = THIS_MODULE, .af = AF_INET, }; diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 471b638cedec..b984db771258 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c @@ -66,7 +66,7 @@ static int ipv4_print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple) { return seq_printf(s, "src=%u.%u.%u.%u dst=%u.%u.%u.%u ", - NIPQUAD(tuple->src.u3.ip), + NIPQUAD(tuple->src.u3.ip), NIPQUAD(tuple->dst.u3.ip)); } @@ -82,14 +82,14 @@ nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user) { skb_orphan(skb); - local_bh_disable(); - skb = ip_defrag(skb, user); - local_bh_enable(); + local_bh_disable(); + skb = ip_defrag(skb, user); + local_bh_enable(); - if (skb) + if (skb) ip_send_check(skb->nh.iph); - return skb; + return skb; } static int @@ -192,10 +192,10 @@ static unsigned int ipv4_conntrack_in(unsigned int hooknum, } static unsigned int ipv4_conntrack_local(unsigned int hooknum, - struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)) + struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + int (*okfn)(struct sk_buff *)) { /* root is playing with raw sockets. */ if ((*pskb)->len < sizeof(struct iphdr) @@ -332,7 +332,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len) struct inet_sock *inet = inet_sk(sk); struct nf_conntrack_tuple_hash *h; struct nf_conntrack_tuple tuple; - + NF_CT_TUPLE_U_BLANK(&tuple); tuple.src.u3.ip = inet->rcv_saddr; tuple.src.u.tcp.port = inet->sport; @@ -501,7 +501,7 @@ static int __init nf_conntrack_l3proto_ipv4_init(void) return ret; #if defined(CONFIG_PROC_FS) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) cleanup_hooks: - nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops)); + nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops)); #endif cleanup_ipv4: nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4); diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c index 3b31bc649608..14a93a738418 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c @@ -135,7 +135,7 @@ static int ct_seq_show(struct seq_file *s, void *v) l3proto, l4proto)) return -ENOSPC; - if (seq_print_counters(s, &ct->counters[IP_CT_DIR_ORIGINAL])) + if (seq_print_counters(s, &ct->counters[IP_CT_DIR_ORIGINAL])) return -ENOSPC; if (!(test_bit(IPS_SEEN_REPLY_BIT, &ct->status))) @@ -146,7 +146,7 @@ static int ct_seq_show(struct seq_file *s, void *v) l3proto, l4proto)) return -ENOSPC; - if (seq_print_counters(s, &ct->counters[IP_CT_DIR_REPLY])) + if (seq_print_counters(s, &ct->counters[IP_CT_DIR_REPLY])) return -ENOSPC; if (test_bit(IPS_ASSURED_BIT, &ct->status)) @@ -228,7 +228,7 @@ static void *exp_seq_start(struct seq_file *s, loff_t *pos) static void *exp_seq_next(struct seq_file *s, void *v, loff_t *pos) { - struct list_head *e = v; + struct list_head *e = v; ++*pos; e = e->next; @@ -262,7 +262,7 @@ static int exp_seq_show(struct seq_file *s, void *v) print_tuple(s, &exp->tuple, __nf_ct_l3proto_find(exp->tuple.src.l3num), __nf_ct_l4proto_find(exp->tuple.src.l3num, - exp->tuple.dst.protonum)); + exp->tuple.dst.protonum)); return seq_putc(s, '\n'); } diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c index db9e7c45d3b4..677b6c80c618 100644 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c @@ -101,9 +101,9 @@ static int icmp_packet(struct nf_conn *ct, unsigned int hooknum) { /* Try to delete connection immediately after all replies: - won't actually vanish as we still have skb, and del_timer - means this will only run once even if count hits zero twice - (theoretically possible with SMP) */ + won't actually vanish as we still have skb, and del_timer + means this will only run once even if count hits zero twice + (theoretically possible with SMP) */ if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) { if (atomic_dec_and_test(&ct->proto.icmp.count) && del_timer(&ct->timeout)) @@ -144,8 +144,8 @@ extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4; /* Returns conntrack if it dealt with ICMP, and filled in skb fields */ static int icmp_error_message(struct sk_buff *skb, - enum ip_conntrack_info *ctinfo, - unsigned int hooknum) + enum ip_conntrack_info *ctinfo, + unsigned int hooknum) { struct nf_conntrack_tuple innertuple, origtuple; struct { @@ -181,9 +181,9 @@ icmp_error_message(struct sk_buff *skb, return -NF_ACCEPT; } - /* Ordinarily, we'd expect the inverted tupleproto, but it's - been preserved inside the ICMP. */ - if (!nf_ct_invert_tuple(&innertuple, &origtuple, + /* Ordinarily, we'd expect the inverted tupleproto, but it's + been preserved inside the ICMP. */ + if (!nf_ct_invert_tuple(&innertuple, &origtuple, &nf_conntrack_l3proto_ipv4, innerproto)) { DEBUGP("icmp_error_message: no match\n"); return -NF_ACCEPT; @@ -212,10 +212,10 @@ icmp_error_message(struct sk_buff *skb, *ctinfo += IP_CT_IS_REPLY; } - /* Update skb to refer to this connection */ - skb->nfct = &nf_ct_tuplehash_to_ctrack(h)->ct_general; - skb->nfctinfo = *ctinfo; - return -NF_ACCEPT; + /* Update skb to refer to this connection */ + skb->nfct = &nf_ct_tuplehash_to_ctrack(h)->ct_general; + skb->nfctinfo = *ctinfo; + return -NF_ACCEPT; } /* Small and modified version of icmp_rcv */ @@ -306,7 +306,7 @@ static int icmp_nfattr_to_tuple(struct nfattr *tb[], if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto)) return -EINVAL; - tuple->dst.u.icmp.type = + tuple->dst.u.icmp.type = *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMP_TYPE-1]); tuple->dst.u.icmp.code = *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMP_CODE-1]); @@ -332,7 +332,7 @@ static struct ctl_table icmp_sysctl_table[] = { .mode = 0644, .proc_handler = &proc_dointvec_jiffies, }, - { + { .ctl_name = 0 } }; @@ -346,7 +346,7 @@ static struct ctl_table icmp_compat_sysctl_table[] = { .mode = 0644, .proc_handler = &proc_dointvec_jiffies, }, - { + { .ctl_name = 0 } }; diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index 998b2557692c..cf1010827be1 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c @@ -452,8 +452,8 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, (*pskb)->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY); /* Redirects on non-null nats must be dropped, else they'll - start talking to each other without our translation, and be - confused... --RR */ + start talking to each other without our translation, and be + confused... --RR */ if (inside->icmp.type == ICMP_REDIRECT) { /* If NAT isn't finished, assume it and drop. */ if ((ct->status & IPS_NAT_DONE_MASK) != IPS_NAT_DONE_MASK) @@ -469,13 +469,13 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, if (!nf_ct_get_tuple(*pskb, (*pskb)->nh.iph->ihl*4 + sizeof(struct icmphdr), (*pskb)->nh.iph->ihl*4 + - sizeof(struct icmphdr) + inside->ip.ihl*4, - (u_int16_t)AF_INET, - inside->ip.protocol, - &inner, - l3proto, + sizeof(struct icmphdr) + inside->ip.ihl*4, + (u_int16_t)AF_INET, + inside->ip.protocol, + &inner, + l3proto, __nf_ct_l4proto_find((u_int16_t)PF_INET, - inside->ip.protocol))) + inside->ip.protocol))) return 0; /* Change inner back to look like incoming packet. We do the diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c index fb9ab0114c23..9cbf3f9be13b 100644 --- a/net/ipv4/netfilter/nf_nat_h323.c +++ b/net/ipv4/netfilter/nf_nat_h323.c @@ -256,7 +256,7 @@ static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, if (set_h245_addr(pskb, data, dataoff, taddr, &ct->tuplehash[!dir].tuple.dst.u3, htons((port & htons(1)) ? nated_port + 1 : - nated_port)) == 0) { + nated_port)) == 0) { /* Save ports */ info->rtp_port[i][dir] = rtp_port; info->rtp_port[i][!dir] = htons(nated_port); diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c index dc6738bdfab7..49a90c39ffce 100644 --- a/net/ipv4/netfilter/nf_nat_helper.c +++ b/net/ipv4/netfilter/nf_nat_helper.c @@ -179,7 +179,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb, tcph->check = tcp_v4_check(datalen, iph->saddr, iph->daddr, csum_partial((char *)tcph, - datalen, 0)); + datalen, 0)); } else nf_proto_csum_replace2(&tcph->check, *pskb, htons(oldlen), htons(datalen), 1); @@ -223,7 +223,7 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb, /* UDP helpers might accidentally mangle the wrong packet */ iph = (*pskb)->nh.iph; if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) + - match_offset + match_len) + match_offset + match_len) return 0; if (!skb_make_writable(pskb, (*pskb)->len)) @@ -252,9 +252,9 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb, if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { udph->check = 0; udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr, - datalen, IPPROTO_UDP, - csum_partial((char *)udph, - datalen, 0)); + datalen, IPPROTO_UDP, + csum_partial((char *)udph, + datalen, 0)); if (!udph->check) udph->check = CSUM_MANGLED_0; } else diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c index 5df4fcae3ab6..7ba341c22eaa 100644 --- a/net/ipv4/netfilter/nf_nat_pptp.c +++ b/net/ipv4/netfilter/nf_nat_pptp.c @@ -184,10 +184,10 @@ pptp_outbound_pkt(struct sk_buff **pskb, /* mangle packet */ if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, - cid_off + sizeof(struct pptp_pkt_hdr) + - sizeof(struct PptpControlHeader), - sizeof(new_callid), (char *)&new_callid, - sizeof(new_callid)) == 0) + cid_off + sizeof(struct pptp_pkt_hdr) + + sizeof(struct PptpControlHeader), + sizeof(new_callid), (char *)&new_callid, + sizeof(new_callid)) == 0) return NF_DROP; return NF_ACCEPT; } @@ -276,7 +276,7 @@ pptp_inbound_pkt(struct sk_buff **pskb, ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid)); if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, - pcid_off + sizeof(struct pptp_pkt_hdr) + + pcid_off + sizeof(struct pptp_pkt_hdr) + sizeof(struct PptpControlHeader), sizeof(new_pcid), (char *)&new_pcid, sizeof(new_pcid)) == 0) diff --git a/net/ipv4/netfilter/nf_nat_proto_icmp.c b/net/ipv4/netfilter/nf_nat_proto_icmp.c index dcfd772972d7..6bc2f06de055 100644 --- a/net/ipv4/netfilter/nf_nat_proto_icmp.c +++ b/net/ipv4/netfilter/nf_nat_proto_icmp.c @@ -44,7 +44,7 @@ icmp_unique_tuple(struct nf_conntrack_tuple *tuple, for (i = 0; i < range_size; i++, id++) { tuple->src.u.icmp.id = htons(ntohs(range->min.icmp.id) + - (id % range_size)); + (id % range_size)); if (!nf_nat_used_tuple(tuple, ct)) return 1; } diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index 7f95b4e2eb31..147a4370cf03 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c @@ -56,8 +56,8 @@ static struct /* PRE_ROUTING */ { .entry = { - .target_offset = sizeof(struct ipt_entry), - .next_offset = sizeof(struct ipt_standard), + .target_offset = sizeof(struct ipt_entry), + .next_offset = sizeof(struct ipt_standard), }, .target = { .target = { @@ -71,8 +71,8 @@ static struct /* POST_ROUTING */ { .entry = { - .target_offset = sizeof(struct ipt_entry), - .next_offset = sizeof(struct ipt_standard), + .target_offset = sizeof(struct ipt_entry), + .next_offset = sizeof(struct ipt_standard), }, .target = { .target = { @@ -86,8 +86,8 @@ static struct /* LOCAL_OUT */ { .entry = { - .target_offset = sizeof(struct ipt_entry), - .next_offset = sizeof(struct ipt_standard), + .target_offset = sizeof(struct ipt_entry), + .next_offset = sizeof(struct ipt_standard), }, .target = { .target = { @@ -145,7 +145,7 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb, /* Connection must be valid and new. */ NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || - ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); + ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); NF_CT_ASSERT(out); return nf_nat_setup_info(ct, &mr->range[0], hooknum); @@ -256,8 +256,8 @@ alloc_null_binding(struct nf_conn *ct, unsigned int alloc_null_binding_confirmed(struct nf_conn *ct, - struct nf_nat_info *info, - unsigned int hooknum) + struct nf_nat_info *info, + unsigned int hooknum) { __be32 ip = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c index 3d524b957310..b12cd7c314ca 100644 --- a/net/ipv4/netfilter/nf_nat_sip.c +++ b/net/ipv4/netfilter/nf_nat_sip.c @@ -90,7 +90,7 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo, return 1; if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, - matchoff, matchlen, addr, addrlen)) + matchoff, matchlen, addr, addrlen)) return 0; *dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); return 1; @@ -151,7 +151,7 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb, return 0; if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, - matchoff, matchlen, buffer, bufflen)) + matchoff, matchlen, buffer, bufflen)) return 0; /* We need to reload this. Thanks Patrick. */ @@ -172,7 +172,7 @@ static int mangle_content_len(struct sk_buff **pskb, /* Get actual SDP lenght */ if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, - &matchlen, POS_SDP_HEADER) > 0) { + &matchlen, POS_SDP_HEADER) > 0) { /* since ct_sip_get_info() give us a pointer passing 'v=' we need to add 2 bytes in this count. */ @@ -180,7 +180,7 @@ static int mangle_content_len(struct sk_buff **pskb, /* Now, update SDP length */ if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, - &matchlen, POS_CONTENT) > 0) { + &matchlen, POS_CONTENT) > 0) { bufflen = sprintf(buffer, "%u", c_len); return nf_nat_mangle_udp_packet(pskb, ct, ctinfo, @@ -205,17 +205,17 @@ static unsigned int mangle_sdp(struct sk_buff **pskb, /* Mangle owner and contact info. */ bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, - buffer, bufflen, POS_OWNER_IP4)) + buffer, bufflen, POS_OWNER_IP4)) return 0; if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, - buffer, bufflen, POS_CONNECTION_IP4)) + buffer, bufflen, POS_CONNECTION_IP4)) return 0; /* Mangle media port. */ bufflen = sprintf(buffer, "%u", port); if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, - buffer, bufflen, POS_MEDIA)) + buffer, bufflen, POS_MEDIA)) return 0; return mangle_content_len(pskb, ctinfo, ct, dptr); diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c index f12528fe1bf9..ce5c4939a6ee 100644 --- a/net/ipv4/netfilter/nf_nat_snmp_basic.c +++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c @@ -150,8 +150,8 @@ struct asn1_octstr }; static void asn1_open(struct asn1_ctx *ctx, - unsigned char *buf, - unsigned int len) + unsigned char *buf, + unsigned int len) { ctx->begin = buf; ctx->end = buf + len; @@ -186,9 +186,9 @@ static unsigned char asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag) } static unsigned char asn1_id_decode(struct asn1_ctx *ctx, - unsigned int *cls, - unsigned int *con, - unsigned int *tag) + unsigned int *cls, + unsigned int *con, + unsigned int *tag) { unsigned char ch; @@ -207,8 +207,8 @@ static unsigned char asn1_id_decode(struct asn1_ctx *ctx, } static unsigned char asn1_length_decode(struct asn1_ctx *ctx, - unsigned int *def, - unsigned int *len) + unsigned int *def, + unsigned int *len) { unsigned char ch, cnt; @@ -239,10 +239,10 @@ static unsigned char asn1_length_decode(struct asn1_ctx *ctx, } static unsigned char asn1_header_decode(struct asn1_ctx *ctx, - unsigned char **eoc, - unsigned int *cls, - unsigned int *con, - unsigned int *tag) + unsigned char **eoc, + unsigned int *cls, + unsigned int *con, + unsigned int *tag) { unsigned int def, len; @@ -297,8 +297,8 @@ static unsigned char asn1_null_decode(struct asn1_ctx *ctx, unsigned char *eoc) } static unsigned char asn1_long_decode(struct asn1_ctx *ctx, - unsigned char *eoc, - long *integer) + unsigned char *eoc, + long *integer) { unsigned char ch; unsigned int len; @@ -325,8 +325,8 @@ static unsigned char asn1_long_decode(struct asn1_ctx *ctx, } static unsigned char asn1_uint_decode(struct asn1_ctx *ctx, - unsigned char *eoc, - unsigned int *integer) + unsigned char *eoc, + unsigned int *integer) { unsigned char ch; unsigned int len; @@ -354,8 +354,8 @@ static unsigned char asn1_uint_decode(struct asn1_ctx *ctx, } static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx, - unsigned char *eoc, - unsigned long *integer) + unsigned char *eoc, + unsigned long *integer) { unsigned char ch; unsigned int len; @@ -383,9 +383,9 @@ static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx, } static unsigned char asn1_octets_decode(struct asn1_ctx *ctx, - unsigned char *eoc, - unsigned char **octets, - unsigned int *len) + unsigned char *eoc, + unsigned char **octets, + unsigned int *len) { unsigned char *ptr; @@ -411,7 +411,7 @@ static unsigned char asn1_octets_decode(struct asn1_ctx *ctx, } static unsigned char asn1_subid_decode(struct asn1_ctx *ctx, - unsigned long *subid) + unsigned long *subid) { unsigned char ch; @@ -428,9 +428,9 @@ static unsigned char asn1_subid_decode(struct asn1_ctx *ctx, } static unsigned char asn1_oid_decode(struct asn1_ctx *ctx, - unsigned char *eoc, - unsigned long **oid, - unsigned int *len) + unsigned char *eoc, + unsigned long **oid, + unsigned int *len) { unsigned long subid; unsigned int size; @@ -611,9 +611,9 @@ struct snmp_v1_trap #define SERR_EOM 2 static inline void mangle_address(unsigned char *begin, - unsigned char *addr, - const struct oct1_map *map, - __sum16 *check); + unsigned char *addr, + const struct oct1_map *map, + __sum16 *check); struct snmp_cnv { unsigned int class; @@ -644,8 +644,8 @@ static struct snmp_cnv snmp_conv [] = }; static unsigned char snmp_tag_cls2syntax(unsigned int tag, - unsigned int cls, - unsigned short *syntax) + unsigned int cls, + unsigned short *syntax) { struct snmp_cnv *cnv; @@ -662,7 +662,7 @@ static unsigned char snmp_tag_cls2syntax(unsigned int tag, } static unsigned char snmp_object_decode(struct asn1_ctx *ctx, - struct snmp_object **obj) + struct snmp_object **obj) { unsigned int cls, con, tag, len, idlen; unsigned short type; @@ -714,7 +714,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx, return 0; } *obj = kmalloc(sizeof(struct snmp_object) + len, - GFP_ATOMIC); + GFP_ATOMIC); if (*obj == NULL) { kfree(id); if (net_ratelimit()) @@ -730,7 +730,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx, return 0; } *obj = kmalloc(sizeof(struct snmp_object) + len, - GFP_ATOMIC); + GFP_ATOMIC); if (*obj == NULL) { kfree(id); if (net_ratelimit()) @@ -834,7 +834,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx, } static unsigned char snmp_request_decode(struct asn1_ctx *ctx, - struct snmp_request *request) + struct snmp_request *request) { unsigned int cls, con, tag; unsigned char *end; @@ -874,9 +874,9 @@ static unsigned char snmp_request_decode(struct asn1_ctx *ctx, * code example in the draft. */ static void fast_csum(__sum16 *csum, - const unsigned char *optr, - const unsigned char *nptr, - int offset) + const unsigned char *optr, + const unsigned char *nptr, + int offset) { unsigned char s[4]; @@ -899,9 +899,9 @@ static void fast_csum(__sum16 *csum, * - addr points to the start of the address */ static inline void mangle_address(unsigned char *begin, - unsigned char *addr, - const struct oct1_map *map, - __sum16 *check) + unsigned char *addr, + const struct oct1_map *map, + __sum16 *check) { if (map->from == NOCT1(addr)) { u_int32_t old; @@ -914,7 +914,7 @@ static inline void mangle_address(unsigned char *begin, /* Update UDP checksum if being used */ if (*check) { fast_csum(check, - &map->from, &map->to, addr - begin); + &map->from, &map->to, addr - begin); } @@ -925,9 +925,9 @@ static inline void mangle_address(unsigned char *begin, } static unsigned char snmp_trap_decode(struct asn1_ctx *ctx, - struct snmp_v1_trap *trap, - const struct oct1_map *map, - __sum16 *check) + struct snmp_v1_trap *trap, + const struct oct1_map *map, + __sum16 *check) { unsigned int cls, con, tag, len; unsigned char *end; @@ -1019,9 +1019,9 @@ static void hex_dump(unsigned char *buf, size_t len) * (And this is the fucking 'basic' method). */ static int snmp_parse_mangle(unsigned char *msg, - u_int16_t len, - const struct oct1_map *map, - __sum16 *check) + u_int16_t len, + const struct oct1_map *map, + __sum16 *check) { unsigned char *eoc, *end; unsigned int cls, con, tag, vers, pdutype; @@ -1191,8 +1191,8 @@ static int snmp_parse_mangle(unsigned char *msg, * SNMP translation routine. */ static int snmp_translate(struct nf_conn *ct, - enum ip_conntrack_info ctinfo, - struct sk_buff **pskb) + enum ip_conntrack_info ctinfo, + struct sk_buff **pskb) { struct iphdr *iph = (*pskb)->nh.iph; struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); @@ -1219,7 +1219,7 @@ static int snmp_translate(struct nf_conn *ct, return NF_ACCEPT; if (!snmp_parse_mangle((unsigned char *)udph + sizeof(struct udphdr), - paylen, &map, &udph->check)) { + paylen, &map, &udph->check)) { if (net_ratelimit()) printk(KERN_WARNING "bsalg: parser failed\n"); return NF_DROP; diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c index 5a964a167c13..e4d3ef17d45b 100644 --- a/net/ipv4/netfilter/nf_nat_standalone.c +++ b/net/ipv4/netfilter/nf_nat_standalone.c @@ -96,8 +96,8 @@ nf_nat_fn(unsigned int hooknum, protocol. 8) --RR */ if (!ct) { /* Exception: ICMP redirect to new connection (not in - hash table yet). We must not let this through, in - case we're doing NAT to the same network. */ + hash table yet). We must not let this through, in + case we're doing NAT to the same network. */ if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) { struct icmphdr _hdr, *hp; @@ -141,7 +141,7 @@ nf_nat_fn(unsigned int hooknum, if (unlikely(nf_ct_is_confirmed(ct))) /* NAT module was loaded late */ ret = alloc_null_binding_confirmed(ct, info, - hooknum); + hooknum); else if (hooknum == NF_IP_LOCAL_IN) /* LOCAL_IN hook doesn't have a chain! */ ret = alloc_null_binding(ct, info, hooknum); @@ -171,10 +171,10 @@ nf_nat_fn(unsigned int hooknum, static unsigned int nf_nat_in(unsigned int hooknum, - struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)) + struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + int (*okfn)(struct sk_buff *)) { unsigned int ret; __be32 daddr = (*pskb)->nh.iph->daddr; @@ -269,9 +269,9 @@ nf_nat_adjust(unsigned int hooknum, ct = nf_ct_get(*pskb, &ctinfo); if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) { - DEBUGP("nf_nat_standalone: adjusting sequence number\n"); - if (!nf_nat_seq_adjust(pskb, ct, ctinfo)) - return NF_DROP; + DEBUGP("nf_nat_standalone: adjusting sequence number\n"); + if (!nf_nat_seq_adjust(pskb, ct, ctinfo)) + return NF_DROP; } return NF_ACCEPT; } |