diff options
Diffstat (limited to 'net/ipv6/netfilter')
| -rw-r--r-- | net/ipv6/netfilter/ip6_queue.c | 152 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 40 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_HL.c | 12 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_LOG.c | 10 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_REJECT.c | 36 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_ah.c | 22 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_hl.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_ipv6header.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_mangle.c | 10 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_raw.c | 16 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 4 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 6 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_reasm.c | 50 |
13 files changed, 181 insertions, 181 deletions
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c index d4d9f182441a..58847d3b61e5 100644 --- a/net/ipv6/netfilter/ip6_queue.c +++ b/net/ipv6/netfilter/ip6_queue.c @@ -95,7 +95,7 @@ __ipq_find_entry(ipq_cmpfn cmpfn, unsigned long data) list_for_each_prev(p, &queue_list) { struct ipq_queue_entry *entry = (struct ipq_queue_entry *)p; - + if (!cmpfn || cmpfn(entry, data)) return entry; } @@ -127,7 +127,7 @@ static inline void __ipq_flush(int verdict) { struct ipq_queue_entry *entry; - + while ((entry = __ipq_find_dequeue_entry(NULL, 0))) ipq_issue_verdict(entry, verdict); } @@ -136,21 +136,21 @@ static inline int __ipq_set_mode(unsigned char mode, unsigned int range) { int status = 0; - + switch(mode) { case IPQ_COPY_NONE: case IPQ_COPY_META: copy_mode = mode; copy_range = 0; break; - + case IPQ_COPY_PACKET: copy_mode = mode; copy_range = range; if (copy_range > 0xFFFF) copy_range = 0xFFFF; break; - + default: status = -EINVAL; @@ -171,7 +171,7 @@ static struct ipq_queue_entry * ipq_find_dequeue_entry(ipq_cmpfn cmpfn, unsigned long data) { struct ipq_queue_entry *entry; - + write_lock_bh(&queue_lock); entry = __ipq_find_dequeue_entry(cmpfn, data); write_unlock_bh(&queue_lock); @@ -197,14 +197,14 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp) struct nlmsghdr *nlh; read_lock_bh(&queue_lock); - + switch (copy_mode) { case IPQ_COPY_META: case IPQ_COPY_NONE: size = NLMSG_SPACE(sizeof(*pmsg)); data_len = 0; break; - + case IPQ_COPY_PACKET: if ((entry->skb->ip_summed == CHECKSUM_PARTIAL || entry->skb->ip_summed == CHECKSUM_COMPLETE) && @@ -216,10 +216,10 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp) data_len = entry->skb->len; else data_len = copy_range; - + size = NLMSG_SPACE(sizeof(*pmsg) + data_len); break; - + default: *errp = -EINVAL; read_unlock_bh(&queue_lock); @@ -231,7 +231,7 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp) skb = alloc_skb(size, GFP_ATOMIC); if (!skb) goto nlmsg_failure; - + old_tail= skb->tail; nlh = NLMSG_PUT(skb, 0, 0, IPQM_PACKET, size - sizeof(*nlh)); pmsg = NLMSG_DATA(nlh); @@ -244,29 +244,29 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp) pmsg->mark = entry->skb->mark; pmsg->hook = entry->info->hook; pmsg->hw_protocol = entry->skb->protocol; - + if (entry->info->indev) strcpy(pmsg->indev_name, entry->info->indev->name); else pmsg->indev_name[0] = '\0'; - + if (entry->info->outdev) strcpy(pmsg->outdev_name, entry->info->outdev->name); else pmsg->outdev_name[0] = '\0'; - + if (entry->info->indev && entry->skb->dev) { pmsg->hw_type = entry->skb->dev->type; if (entry->skb->dev->hard_header_parse) pmsg->hw_addrlen = entry->skb->dev->hard_header_parse(entry->skb, - pmsg->hw_addr); + pmsg->hw_addr); } - + if (data_len) if (skb_copy_bits(entry->skb, 0, pmsg->payload, data_len)) BUG(); - + nlh->nlmsg_len = skb->tail - old_tail; return skb; @@ -279,7 +279,7 @@ nlmsg_failure: } static int -ipq_enqueue_packet(struct sk_buff *skb, struct nf_info *info, +ipq_enqueue_packet(struct sk_buff *skb, struct nf_info *info, unsigned int queuenum, void *data) { int status = -EINVAL; @@ -301,37 +301,37 @@ ipq_enqueue_packet(struct sk_buff *skb, struct nf_info *info, nskb = ipq_build_packet_message(entry, &status); if (nskb == NULL) goto err_out_free; - + write_lock_bh(&queue_lock); - + if (!peer_pid) - goto err_out_free_nskb; + goto err_out_free_nskb; if (queue_total >= queue_maxlen) { - queue_dropped++; + queue_dropped++; status = -ENOSPC; if (net_ratelimit()) - printk (KERN_WARNING "ip6_queue: fill at %d entries, " + printk (KERN_WARNING "ip6_queue: fill at %d entries, " "dropping packet(s). Dropped: %d\n", queue_total, queue_dropped); goto err_out_free_nskb; } - /* netlink_unicast will either free the nskb or attach it to a socket */ + /* netlink_unicast will either free the nskb or attach it to a socket */ status = netlink_unicast(ipqnl, nskb, peer_pid, MSG_DONTWAIT); if (status < 0) { - queue_user_dropped++; + queue_user_dropped++; goto err_out_unlock; } - + __ipq_enqueue_entry(entry); write_unlock_bh(&queue_lock); return status; - + err_out_free_nskb: - kfree_skb(nskb); - + kfree_skb(nskb); + err_out_unlock: write_unlock_bh(&queue_lock); @@ -357,11 +357,11 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) return -EINVAL; if (diff > skb_tailroom(e->skb)) { struct sk_buff *newskb; - + newskb = skb_copy_expand(e->skb, - skb_headroom(e->skb), - diff, - GFP_ATOMIC); + skb_headroom(e->skb), + diff, + GFP_ATOMIC); if (newskb == NULL) { printk(KERN_WARNING "ip6_queue: OOM " "in mangle, dropping packet\n"); @@ -401,11 +401,11 @@ ipq_set_verdict(struct ipq_verdict_msg *vmsg, unsigned int len) return -ENOENT; else { int verdict = vmsg->value; - + if (vmsg->data_len && vmsg->data_len == len) if (ipq_mangle_ipv6(vmsg, entry) < 0) verdict = NF_DROP; - + ipq_issue_verdict(entry, verdict); return 0; } @@ -424,7 +424,7 @@ ipq_set_mode(unsigned char mode, unsigned int range) static int ipq_receive_peer(struct ipq_peer_msg *pmsg, - unsigned char type, unsigned int len) + unsigned char type, unsigned int len) { int status = 0; @@ -434,15 +434,15 @@ ipq_receive_peer(struct ipq_peer_msg *pmsg, switch (type) { case IPQM_MODE: status = ipq_set_mode(pmsg->msg.mode.value, - pmsg->msg.mode.range); + pmsg->msg.mode.range); break; - + case IPQM_VERDICT: if (pmsg->msg.verdict.value > NF_MAX_VERDICT) status = -EINVAL; else status = ipq_set_verdict(&pmsg->msg.verdict, - len - sizeof(*pmsg)); + len - sizeof(*pmsg)); break; default: status = -EINVAL; @@ -456,7 +456,7 @@ dev_cmp(struct ipq_queue_entry *entry, unsigned long ifindex) if (entry->info->indev) if (entry->info->indev->ifindex == ifindex) return 1; - + if (entry->info->outdev) if (entry->info->outdev->ifindex == ifindex) return 1; @@ -468,7 +468,7 @@ static void ipq_dev_drop(int ifindex) { struct ipq_queue_entry *entry; - + while ((entry = ipq_find_dequeue_entry(dev_cmp, ifindex)) != NULL) ipq_issue_verdict(entry, NF_DROP); } @@ -492,25 +492,25 @@ ipq_rcv_skb(struct sk_buff *skb) pid = nlh->nlmsg_pid; flags = nlh->nlmsg_flags; - + if(pid <= 0 || !(flags & NLM_F_REQUEST) || flags & NLM_F_MULTI) RCV_SKB_FAIL(-EINVAL); - + if (flags & MSG_TRUNC) RCV_SKB_FAIL(-ECOMM); - + type = nlh->nlmsg_type; if (type < NLMSG_NOOP || type >= IPQM_MAX) RCV_SKB_FAIL(-EINVAL); - + if (type <= IPQM_BASE) return; - + if (security_netlink_recv(skb, CAP_NET_ADMIN)) - RCV_SKB_FAIL(-EPERM); + RCV_SKB_FAIL(-EPERM); write_lock_bh(&queue_lock); - + if (peer_pid) { if (peer_pid != pid) { write_unlock_bh(&queue_lock); @@ -520,17 +520,17 @@ ipq_rcv_skb(struct sk_buff *skb) net_enable_timestamp(); peer_pid = pid; } - + write_unlock_bh(&queue_lock); - + status = ipq_receive_peer(NLMSG_DATA(nlh), type, - nlmsglen - NLMSG_LENGTH(0)); + nlmsglen - NLMSG_LENGTH(0)); if (status < 0) RCV_SKB_FAIL(status); - + if (flags & NLM_F_ACK) netlink_ack(skb, nlh, 0); - return; + return; } static void @@ -540,19 +540,19 @@ ipq_rcv_sk(struct sock *sk, int len) unsigned int qlen; mutex_lock(&ipqnl_mutex); - + for (qlen = skb_queue_len(&sk->sk_receive_queue); qlen; qlen--) { skb = skb_dequeue(&sk->sk_receive_queue); ipq_rcv_skb(skb); kfree_skb(skb); } - + mutex_unlock(&ipqnl_mutex); } static int ipq_rcv_dev_event(struct notifier_block *this, - unsigned long event, void *ptr) + unsigned long event, void *ptr) { struct net_device *dev = ptr; @@ -568,7 +568,7 @@ static struct notifier_block ipq_dev_notifier = { static int ipq_rcv_nl_event(struct notifier_block *this, - unsigned long event, void *ptr) + unsigned long event, void *ptr) { struct netlink_notify *n = ptr; @@ -597,7 +597,7 @@ static ctl_table ipq_table[] = { .mode = 0644, .proc_handler = proc_dointvec }, - { .ctl_name = 0 } + { .ctl_name = 0 } }; static ctl_table ipq_dir_table[] = { @@ -627,25 +627,25 @@ ipq_get_info(char *buffer, char **start, off_t offset, int length) int len; read_lock_bh(&queue_lock); - + len = sprintf(buffer, - "Peer PID : %d\n" - "Copy mode : %hu\n" - "Copy range : %u\n" - "Queue length : %u\n" - "Queue max. length : %u\n" + "Peer PID : %d\n" + "Copy mode : %hu\n" + "Copy range : %u\n" + "Queue length : %u\n" + "Queue max. length : %u\n" "Queue dropped : %u\n" "Netfilter dropped : %u\n", - peer_pid, - copy_mode, - copy_range, - queue_total, - queue_maxlen, + peer_pid, + copy_mode, + copy_range, + queue_total, + queue_maxlen, queue_dropped, queue_user_dropped); read_unlock_bh(&queue_lock); - + *start = buffer + offset; len -= offset; if (len > length) @@ -665,10 +665,10 @@ static int __init ip6_queue_init(void) { int status = -ENOMEM; struct proc_dir_entry *proc; - + netlink_register_notifier(&ipq_nl_notifier); ipqnl = netlink_kernel_create(NETLINK_IP6_FW, 0, ipq_rcv_sk, - THIS_MODULE); + THIS_MODULE); if (ipqnl == NULL) { printk(KERN_ERR "ip6_queue: failed to create netlink socket\n"); goto cleanup_netlink_notifier; @@ -681,10 +681,10 @@ static int __init ip6_queue_init(void) printk(KERN_ERR "ip6_queue: failed to create proc entry\n"); goto cleanup_ipqnl; } - + register_netdevice_notifier(&ipq_dev_notifier); ipq_sysctl_header = register_sysctl_table(ipq_root_table, 0); - + status = nf_register_queue_handler(PF_INET6, &nfqh); if (status < 0) { printk(KERN_ERR "ip6_queue: failed to register queue handler\n"); @@ -696,12 +696,12 @@ cleanup_sysctl: unregister_sysctl_table(ipq_sysctl_header); unregister_netdevice_notifier(&ipq_dev_notifier); proc_net_remove(IPQ_PROC_FS_NAME); - + cleanup_ipqnl: sock_release(ipqnl->sk_socket); mutex_lock(&ipqnl_mutex); mutex_unlock(&ipqnl_mutex); - + cleanup_netlink_notifier: netlink_unregister_notifier(&ipq_nl_notifier); return status; diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 7083e1cfb2f5..7c512e13f956 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -92,16 +92,16 @@ do { \ #endif /* Check for an extension */ -int +int ip6t_ext_hdr(u8 nexthdr) { - return ( (nexthdr == IPPROTO_HOPOPTS) || - (nexthdr == IPPROTO_ROUTING) || - (nexthdr == IPPROTO_FRAGMENT) || - (nexthdr == IPPROTO_ESP) || - (nexthdr == IPPROTO_AH) || - (nexthdr == IPPROTO_NONE) || - (nexthdr == IPPROTO_DSTOPTS) ); + return ( (nexthdr == IPPROTO_HOPOPTS) || + (nexthdr == IPPROTO_ROUTING) || + (nexthdr == IPPROTO_FRAGMENT) || + (nexthdr == IPPROTO_ESP) || + (nexthdr == IPPROTO_AH) || + (nexthdr == IPPROTO_NONE) || + (nexthdr == IPPROTO_DSTOPTS) ); } /* Returns whether matches rule or not. */ @@ -120,9 +120,9 @@ ip6_packet_match(const struct sk_buff *skb, #define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg)) if (FWINV(ipv6_masked_addr_cmp(&ipv6->saddr, &ip6info->smsk, - &ip6info->src), IP6T_INV_SRCIP) + &ip6info->src), IP6T_INV_SRCIP) || FWINV(ipv6_masked_addr_cmp(&ipv6->daddr, &ip6info->dmsk, - &ip6info->dst), IP6T_INV_DSTIP)) { + &ip6info->dst), IP6T_INV_DSTIP)) { dprintf("Source or dest mismatch.\n"); /* dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr, @@ -177,7 +177,7 @@ ip6_packet_match(const struct sk_buff *skb, *fragoff = _frag_off; dprintf("Packet protocol %hi ?= %s%hi.\n", - protohdr, + protohdr, ip6info->invflags & IP6T_INV_PROTO ? "!":"", ip6info->proto); @@ -197,7 +197,7 @@ ip6_packet_match(const struct sk_buff *skb, } /* should be ip6 safe */ -static inline int +static inline int ip6_checkentry(const struct ip6t_ip6 *ipv6) { if (ipv6->flags & ~IP6T_F_MASK) { @@ -337,7 +337,7 @@ ip6t_do_table(struct sk_buff **pskb, e = get_entry(table_base, v); } else { /* Targets which reenter must return - abs. verdicts */ + abs. verdicts */ #ifdef CONFIG_NETFILTER_DEBUG ((struct ip6t_entry *)table_base)->comefrom = 0xeeeeeeec; @@ -534,10 +534,10 @@ check_match(struct ip6t_entry_match *m, int ret; match = try_then_request_module(xt_find_match(AF_INET6, m->u.user.name, - m->u.user.revision), + m->u.user.revision), "ip6t_%s", m->u.user.name); if (IS_ERR(match) || !match) { - duprintf("check_match: `%s' not found\n", m->u.user.name); + duprintf("check_match: `%s' not found\n", m->u.user.name); return match ? PTR_ERR(match) : -ENOENT; } m->u.kernel.match = match; @@ -661,7 +661,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e, } /* FIXME: underflows must be unconditional, standard verdicts - < 0 (not IP6T_RETURN). --RR */ + < 0 (not IP6T_RETURN). --RR */ /* Clear counters and comefrom */ e->counters = ((struct xt_counters) { 0, 0 }); @@ -1003,8 +1003,8 @@ do_replace(void __user *user, unsigned int len) /* Update module usage count based on number of rules */ duprintf("do_replace: oldnum=%u, initnum=%u, newnum=%u\n", oldinfo->number, oldinfo->initial_entries, newinfo->number); - if ((oldinfo->number > oldinfo->initial_entries) || - (newinfo->number <= oldinfo->initial_entries)) + if ((oldinfo->number > oldinfo->initial_entries) || + (newinfo->number <= oldinfo->initial_entries)) module_put(t->me); if ((oldinfo->number > oldinfo->initial_entries) && (newinfo->number <= oldinfo->initial_entries)) @@ -1492,9 +1492,9 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, } hdrlen = 8; } else if (nexthdr == NEXTHDR_AUTH) - hdrlen = (hp->hdrlen + 2) << 2; + hdrlen = (hp->hdrlen + 2) << 2; else - hdrlen = ipv6_optlen(hp); + hdrlen = ipv6_optlen(hp); nexthdr = hp->nexthdr; len -= hdrlen; diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c index 04e500172fb4..ccbab66277e3 100644 --- a/net/ipv6/netfilter/ip6t_HL.c +++ b/net/ipv6/netfilter/ip6t_HL.c @@ -1,4 +1,4 @@ -/* +/* * Hop Limit modification target for ip6tables * Maciej Soltysiak <solt@dns.toxicfilms.tv> * Based on HW's TTL module @@ -18,7 +18,7 @@ MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>"); MODULE_DESCRIPTION("IP6 tables Hop Limit modification module"); MODULE_LICENSE("GPL"); -static unsigned int ip6t_hl_target(struct sk_buff **pskb, +static unsigned int ip6t_hl_target(struct sk_buff **pskb, const struct net_device *in, const struct net_device *out, unsigned int hooknum, @@ -67,7 +67,7 @@ static int ip6t_hl_checkentry(const char *tablename, struct ip6t_HL_info *info = targinfo; if (info->mode > IP6T_HL_MAXMODE) { - printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n", + printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n", info->mode); return 0; } @@ -80,12 +80,12 @@ static int ip6t_hl_checkentry(const char *tablename, } static struct xt_target ip6t_HL = { - .name = "HL", + .name = "HL", .family = AF_INET6, - .target = ip6t_hl_target, + .target = ip6t_hl_target, .targetsize = sizeof(struct ip6t_HL_info), .table = "mangle", - .checkentry = ip6t_hl_checkentry, + .checkentry = ip6t_hl_checkentry, .me = THIS_MODULE }; diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c index 5587a77b884c..dc9ec9305778 100644 --- a/net/ipv6/netfilter/ip6t_LOG.c +++ b/net/ipv6/netfilter/ip6t_LOG.c @@ -145,7 +145,7 @@ static void dump_packet(const struct nf_loginfo *info, &_ahdr); if (ah == NULL) { /* - * Max length: 26 "INCOMPLETE [65535 + * Max length: 26 "INCOMPLETE [65535 * bytes] )" */ printk("INCOMPLETE [%u bytes] )", @@ -387,7 +387,7 @@ ip6t_log_packet(unsigned int pf, loginfo = &default_loginfo; spin_lock_bh(&log_lock); - printk("<%d>%sIN=%s OUT=%s ", loginfo->u.log.level, + printk("<%d>%sIN=%s OUT=%s ", loginfo->u.log.level, prefix, in ? in->name : "", out ? out->name : ""); @@ -442,7 +442,7 @@ ip6t_log_target(struct sk_buff **pskb, li.u.log.logflags = loginfo->logflags; ip6t_log_packet(PF_INET6, hooknum, *pskb, in, out, &li, - loginfo->prefix); + loginfo->prefix); return XT_CONTINUE; } @@ -470,9 +470,9 @@ static int ip6t_log_checkentry(const char *tablename, static struct xt_target ip6t_log_reg = { .name = "LOG", .family = AF_INET6, - .target = ip6t_log_target, + .target = ip6t_log_target, .targetsize = sizeof(struct ip6t_log_info), - .checkentry = ip6t_log_checkentry, + .checkentry = ip6t_log_checkentry, .me = THIS_MODULE, }; diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index 278349c18793..6abee94c929f 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c @@ -189,23 +189,23 @@ static unsigned int reject6_target(struct sk_buff **pskb, /* WARNING: This code causes reentry within ip6tables. This means that the ip6tables jump stack is now crap. We must return an absolute verdict. --RR */ - switch (reject->with) { - case IP6T_ICMP6_NO_ROUTE: - send_unreach(*pskb, ICMPV6_NOROUTE, hooknum); - break; - case IP6T_ICMP6_ADM_PROHIBITED: - send_unreach(*pskb, ICMPV6_ADM_PROHIBITED, hooknum); - break; - case IP6T_ICMP6_NOT_NEIGHBOUR: - send_unreach(*pskb, ICMPV6_NOT_NEIGHBOUR, hooknum); - break; - case IP6T_ICMP6_ADDR_UNREACH: - send_unreach(*pskb, ICMPV6_ADDR_UNREACH, hooknum); - break; - case IP6T_ICMP6_PORT_UNREACH: - send_unreach(*pskb, ICMPV6_PORT_UNREACH, hooknum); - break; - case IP6T_ICMP6_ECHOREPLY: + switch (reject->with) { + case IP6T_ICMP6_NO_ROUTE: + send_unreach(*pskb, ICMPV6_NOROUTE, hooknum); + break; + case IP6T_ICMP6_ADM_PROHIBITED: + send_unreach(*pskb, ICMPV6_ADM_PROHIBITED, hooknum); + break; + case IP6T_ICMP6_NOT_NEIGHBOUR: + send_unreach(*pskb, ICMPV6_NOT_NEIGHBOUR, hooknum); + break; + case IP6T_ICMP6_ADDR_UNREACH: + send_unreach(*pskb, ICMPV6_ADDR_UNREACH, hooknum); + break; + case IP6T_ICMP6_PORT_UNREACH: + send_unreach(*pskb, ICMPV6_PORT_UNREACH, hooknum); + break; + case IP6T_ICMP6_ECHOREPLY: /* Do nothing */ break; case IP6T_TCP_RESET: @@ -226,7 +226,7 @@ static int check(const char *tablename, void *targinfo, unsigned int hook_mask) { - const struct ip6t_reject_info *rejinfo = targinfo; + const struct ip6t_reject_info *rejinfo = targinfo; const struct ip6t_entry *e = entry; if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) { diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c index 456c76adcbf6..d3c154371b41 100644 --- a/net/ipv6/netfilter/ip6t_ah.c +++ b/net/ipv6/netfilter/ip6t_ah.c @@ -78,13 +78,13 @@ match(const struct sk_buff *skb, DEBUGP("IPv6 AH spi %02X ", (spi_match(ahinfo->spis[0], ahinfo->spis[1], - ntohl(ah->spi), - !!(ahinfo->invflags & IP6T_AH_INV_SPI)))); + ntohl(ah->spi), + !!(ahinfo->invflags & IP6T_AH_INV_SPI)))); DEBUGP("len %02X %04X %02X ", ahinfo->hdrlen, hdrlen, (!ahinfo->hdrlen || - (ahinfo->hdrlen == hdrlen) ^ - !!(ahinfo->invflags & IP6T_AH_INV_LEN))); + (ahinfo->hdrlen == hdrlen) ^ + !!(ahinfo->invflags & IP6T_AH_INV_LEN))); DEBUGP("res %02X %04X %02X\n", ahinfo->hdrres, ah->reserved, !(ahinfo->hdrres && ah->reserved)); @@ -92,12 +92,12 @@ match(const struct sk_buff *skb, return (ah != NULL) && (spi_match(ahinfo->spis[0], ahinfo->spis[1], - ntohl(ah->spi), - !!(ahinfo->invflags & IP6T_AH_INV_SPI))) + ntohl(ah->spi), + !!(ahinfo->invflags & IP6T_AH_INV_SPI))) && (!ahinfo->hdrlen || - (ahinfo->hdrlen == hdrlen) ^ - !!(ahinfo->invflags & IP6T_AH_INV_LEN)) + (ahinfo->hdrlen == hdrlen) ^ + !!(ahinfo->invflags & IP6T_AH_INV_LEN)) && !(ahinfo->hdrres && ah->reserved); } @@ -105,10 +105,10 @@ match(const struct sk_buff *skb, /* Called when user tries to insert an entry of this type. */ static int checkentry(const char *tablename, - const void *entry, + const void *entry, const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) + void *matchinfo, + unsigned int hook_mask) { const struct ip6t_ah *ahinfo = matchinfo; diff --git a/net/ipv6/netfilter/ip6t_hl.c b/net/ipv6/netfilter/ip6t_hl.c index 601cc1211c62..37c8a4d4ed78 100644 --- a/net/ipv6/netfilter/ip6t_hl.c +++ b/net/ipv6/netfilter/ip6t_hl.c @@ -41,7 +41,7 @@ static int match(const struct sk_buff *skb, return (ip6h->hop_limit > info->hop_limit); break; default: - printk(KERN_WARNING "ip6t_hl: unknown mode %d\n", + printk(KERN_WARNING "ip6t_hl: unknown mode %d\n", info->mode); return 0; } diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c index 26ac084adefc..700a11d25deb 100644 --- a/net/ipv6/netfilter/ip6t_ipv6header.c +++ b/net/ipv6/netfilter/ip6t_ipv6header.c @@ -1,7 +1,7 @@ /* ipv6header match - matches IPv6 packets based on whether they contain certain headers */ -/* Original idea: Brad Chapman +/* Original idea: Brad Chapman * Rewritten by: Andras Kis-Szabo <kisza@sch.bme.hu> */ /* (C) 2001-2002 Andras Kis-Szabo <kisza@sch.bme.hu> diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index 5f5aa0e51478..0c468d35a937 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c @@ -50,7 +50,7 @@ static struct 0, NULL, { } }, { /* PRE_ROUTING */ - { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, + { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, 0, sizeof(struct ip6t_entry), sizeof(struct ip6t_standard), @@ -58,7 +58,7 @@ static struct { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } }, -NF_ACCEPT - 1 } }, /* LOCAL_IN */ - { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, + { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, 0, sizeof(struct ip6t_entry), sizeof(struct ip6t_standard), @@ -66,7 +66,7 @@ static struct { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } }, -NF_ACCEPT - 1 } }, /* FORWARD */ - { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, + { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, 0, sizeof(struct ip6t_entry), sizeof(struct ip6t_standard), @@ -74,7 +74,7 @@ static struct { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } }, -NF_ACCEPT - 1 } }, /* LOCAL_OUT */ - { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, + { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, 0, sizeof(struct ip6t_entry), sizeof(struct ip6t_standard), @@ -156,7 +156,7 @@ ip6t_local_hook(unsigned int hook, ret = ip6t_do_table(pskb, hook, in, out, &packet_mangler); - if (ret != NF_DROP && ret != NF_STOLEN + if (ret != NF_DROP && ret != NF_STOLEN && (memcmp(&(*pskb)->nh.ipv6h->saddr, &saddr, sizeof(saddr)) || memcmp(&(*pskb)->nh.ipv6h->daddr, &daddr, sizeof(daddr)) || (*pskb)->mark != mark diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index 277bf34638b4..a3eb5b8ce18d 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c @@ -87,10 +87,10 @@ static struct } }; -static struct xt_table packet_raw = { - .name = "raw", - .valid_hooks = RAW_VALID_HOOKS, - .lock = RW_LOCK_UNLOCKED, +static struct xt_table packet_raw = { + .name = "raw", + .valid_hooks = RAW_VALID_HOOKS, + .lock = RW_LOCK_UNLOCKED, .me = THIS_MODULE, .af = AF_INET6, }; @@ -106,17 +106,17 @@ ip6t_hook(unsigned int hook, return ip6t_do_table(pskb, hook, in, out, &packet_raw); } -static struct nf_hook_ops ip6t_ops[] = { +static struct nf_hook_ops ip6t_ops[] = { { - .hook = ip6t_hook, + .hook = ip6t_hook, .pf = PF_INET6, .hooknum = NF_IP6_PRE_ROUTING, .priority = NF_IP6_PRI_FIRST, .owner = THIS_MODULE, }, { - .hook = ip6t_hook, - .pf = PF_INET6, + .hook = ip6t_hook, + .pf = PF_INET6, .hooknum = NF_IP6_LOCAL_OUT, .priority = NF_IP6_PRI_FIRST, .owner = THIS_MODULE, diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index a20615ffccff..a2353edf4ebc 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c @@ -349,7 +349,7 @@ static ctl_table nf_ct_ipv6_sysctl_table[] = { .mode = 0644, .proc_handler = &proc_dointvec, }, - { .ctl_name = 0 } + { .ctl_name = 0 } }; #endif @@ -386,7 +386,7 @@ static int ipv6_nfattr_to_tuple(struct nfattr *tb[], if (nfattr_bad_size(tb, CTA_IP_MAX, cta_min_ip)) return -EINVAL; - memcpy(&t->src.u3.ip6, NFA_DATA(tb[CTA_IP_V6_SRC-1]), + memcpy(&t->src.u3.ip6, NFA_DATA(tb[CTA_IP_V6_SRC-1]), sizeof(u_int32_t) * 4); memcpy(&t->dst.u3.ip6, NFA_DATA(tb[CTA_IP_V6_DST-1]), sizeof(u_int32_t) * 4); diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c index 3905cacc69af..b08622c992b2 100644 --- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c +++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c @@ -104,9 +104,9 @@ static int icmpv6_packet(struct nf_conn *ct, unsigned int hooknum) { /* Try to delete connection immediately after all replies: - won't actually vanish as we still have skb, and del_timer - means this will only run once even if count hits zero twice - (theoretically possible with SMP) */ + won't actually vanish as we still have skb, and del_timer + means this will only run once even if count hits zero twice + (theoretically possible with SMP) */ if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) { if (atomic_dec_and_test(&ct->proto.icmp.count) && del_timer(&ct->timeout)) diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index d9c15402ba66..15ab1e3e8b56 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c @@ -311,7 +311,7 @@ static struct nf_ct_frag6_queue *nf_ct_frag6_intern(unsigned int hash, write_lock(&nf_ct_frag6_lock); #ifdef CONFIG_SMP hlist_for_each_entry(fq, n, &nf_ct_frag6_hash[hash], list) { - if (fq->id == fq_in->id && + if (fq->id == fq_in->id && ipv6_addr_equal(&fq_in->saddr, &fq->saddr) && ipv6_addr_equal(&fq_in->daddr, &fq->daddr)) { atomic_inc(&fq->refcnt); @@ -374,7 +374,7 @@ fq_find(__be32 id, struct in6_addr *src, struct in6_addr *dst) read_lock(&nf_ct_frag6_lock); hlist_for_each_entry(fq, n, &nf_ct_frag6_hash[hash], list) { - if (fq->id == id && + if (fq->id == id && ipv6_addr_equal(src, &fq->saddr) && ipv6_addr_equal(dst, &fq->daddr)) { atomic_inc(&fq->refcnt); @@ -388,7 +388,7 @@ fq_find(__be32 id, struct in6_addr *src, struct in6_addr *dst) } -static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, +static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, struct frag_hdr *fhdr, int nhoff) { struct sk_buff *prev, *next; @@ -405,12 +405,12 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, if ((unsigned int)end > IPV6_MAXPLEN) { DEBUGP("offset is too large.\n"); - return -1; + return -1; } - if (skb->ip_summed == CHECKSUM_COMPLETE) - skb->csum = csum_sub(skb->csum, - csum_partial(skb->nh.raw, + if (skb->ip_summed == CHECKSUM_COMPLETE) + skb->csum = csum_sub(skb->csum, + csum_partial(skb->nh.raw, (u8*)(fhdr + 1) - skb->nh.raw, 0)); @@ -625,7 +625,7 @@ nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev) /* We have to remove fragment header from datagram and to relocate * header in order to calculate ICV correctly. */ head->nh.raw[fq->nhoffset] = head->h.raw[0]; - memmove(head->head + sizeof(struct frag_hdr), head->head, + memmove(head->head + sizeof(struct frag_hdr), head->head, (head->data - head->head) - sizeof(struct frag_hdr)); head->mac.raw += sizeof(struct frag_hdr); head->nh.raw += sizeof(struct frag_hdr); @@ -701,41 +701,41 @@ out_fail: static int find_prev_fhdr(struct sk_buff *skb, u8 *prevhdrp, int *prevhoff, int *fhoff) { - u8 nexthdr = skb->nh.ipv6h->nexthdr; + u8 nexthdr = skb->nh.ipv6h->nexthdr; u8 prev_nhoff = (u8 *)&skb->nh.ipv6h->nexthdr - skb->data; int start = (u8 *)(skb->nh.ipv6h+1) - skb->data; int len = skb->len - start; u8 prevhdr = NEXTHDR_IPV6; - while (nexthdr != NEXTHDR_FRAGMENT) { - struct ipv6_opt_hdr hdr; - int hdrlen; + while (nexthdr != NEXTHDR_FRAGMENT) { + struct ipv6_opt_hdr hdr; + int hdrlen; if (!ipv6_ext_hdr(nexthdr)) { return -1; } - if (len < (int)sizeof(struct ipv6_opt_hdr)) { + if (len < (int)sizeof(struct ipv6_opt_hdr)) { DEBUGP("too short\n"); return -1; } - if (nexthdr == NEXTHDR_NONE) { + if (nexthdr == NEXTHDR_NONE) { DEBUGP("next header is none\n"); return -1; } - if (skb_copy_bits(skb, start, &hdr, sizeof(hdr))) - BUG(); - if (nexthdr == NEXTHDR_AUTH) - hdrlen = (hdr.hdrlen+2)<<2; - else - hdrlen = ipv6_optlen(&hdr); + if (skb_copy_bits(skb, start, &hdr, sizeof(hdr))) + BUG(); + if (nexthdr == NEXTHDR_AUTH) + hdrlen = (hdr.hdrlen+2)<<2; + else + hdrlen = ipv6_optlen(&hdr); prevhdr = nexthdr; prev_nhoff = start; - nexthdr = hdr.nexthdr; - len -= hdrlen; - start += hdrlen; - } + nexthdr = hdr.nexthdr; + len -= hdrlen; + start += hdrlen; + } if (len < 0) return -1; @@ -749,7 +749,7 @@ find_prev_fhdr(struct sk_buff *skb, u8 *prevhdrp, int *prevhoff, int *fhoff) struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb) { - struct sk_buff *clone; + struct sk_buff *clone; struct net_device *dev = skb->dev; struct frag_hdr *fhdr; struct nf_ct_frag6_queue *fq; |