03 Jul, 2016
1 commit
-
netfilter uses multiple FWINV #defines with identical form that hide a
specific structure variable and dereference it with a invflags member.$ git grep "#define FWINV"
include/linux/netfilter_bridge/ebtables.h:#define FWINV(bool,invflg) ((bool) ^ !!(info->invflags & invflg))
net/bridge/netfilter/ebtables.c:#define FWINV2(bool, invflg) ((bool) ^ !!(e->invflags & invflg))
net/ipv4/netfilter/arp_tables.c:#define FWINV(bool, invflg) ((bool) ^ !!(arpinfo->invflags & (invflg)))
net/ipv4/netfilter/ip_tables.c:#define FWINV(bool, invflg) ((bool) ^ !!(ipinfo->invflags & (invflg)))
net/ipv6/netfilter/ip6_tables.c:#define FWINV(bool, invflg) ((bool) ^ !!(ip6info->invflags & (invflg)))
net/netfilter/xt_tcpudp.c:#define FWINVTCP(bool, invflg) ((bool) ^ !!(tcpinfo->invflags & (invflg)))Consolidate these macros into a single NF_INVF macro.
Miscellanea:
o Neaten the alignment around these uses
o A few lines are > 80 columns for intelligibilitySigned-off-by: Joe Perches
Signed-off-by: Pablo Neira Ayuso
19 Sep, 2015
1 commit
-
Nearly everything thing of interest to ebt_do_table is already present
in nf_hook_state. Simplify ebt_do_table by just passing in the skb,
nf_hook_state, and the table. This make the code easier to read and
maintenance easier.To support this create an nf_hook_state on the stack in ebt_broute
(the only caller without a nf_hook_state already available). This new
nf_hook_state adds no new computations to ebt_broute, but does use a
few more bytes of stack.Signed-off-by: "Eric W. Biederman"
Signed-off-by: Pablo Neira Ayuso
24 Jun, 2015
1 commit
-
Pull trivial tree updates from Jiri Kosina:
"As usual, mostly comment, kerneldoc and printk() fixes"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial:
lpfc: Grammar s/an negative/a negative/
ARM: lib/lib1funcs.S: fix typo s/substractions/subtractions/
cx25821: cx25821-medusa-reg.h: fix 0x0x prefix
lib: crc-itu-t.[ch] fix 0x0x prefix in integer constants
rapidio: Fix kerneldoc and comment
qla4xxx: Fix printk() in qla4_83xx_read_reset_template() and qla4_83xx_pre_loopback_config()
treewide: Kconfig: fix wording / spelling
usb/serial: fix grammar in Kconfig help text for FTDI_SIO
megaraid_sas: fix kerneldoc
netfilter: ebtables: fix comment grammar
drm/radeon: fix comment
isdn: fix grammar in comment
ARM: KVM: fix comment
26 May, 2015
1 commit
-
s/stongly inspired on/strongly inspired by/
Signed-off-by: Geert Uytterhoeven
Cc: David S. Miller
Signed-off-by: Jiri Kosina
14 Apr, 2015
1 commit
-
linux/if.h creates conflicts in userspace with net/if.h
By using it here we force userspace to use linux/if.h while
net/if.h may be needed.Note that:
include/linux/netfilter_ipv4/ip_tables.h and
include/linux/netfilter_ipv6/ip6_tables.hdon't include linux/if.h and they also refer to IFNAMSIZ, so they are
expecting userspace to include use net/if.h from the client program.Signed-off-by: Arturo Borrero Gonzalez
Signed-off-by: Pablo Neira Ayuso
17 Oct, 2012
1 commit
-
Remove non-UAPI Kbuild files that have become empty as a result of UAPI
disintegration. They used to have only header-y lines in them and those have
now moved to the Kbuild files in the corresponding uapi/ directories.Possibly these should not be removed but rather have a comment inserted to say
they are intentionally left blank. This would make it easier to add generated
header lines in future without having to restore the infrastructure.Note that at this point not all the UAPI disintegration parts have been merged,
so it is likely that more empty Kbuild files will turn up.It is probably necessary to make the files non-empty to prevent the patch
program from automatically deleting them when it reduces them to nothing.Signed-off-by: David Howells
09 Oct, 2012
1 commit
-
Signed-off-by: David Howells
Acked-by: Arnd Bergmann
Acked-by: Thomas Gleixner
Acked-by: Michael Kerrisk
Acked-by: Paul E. McKenney
Acked-by: Dave Jones
21 Feb, 2012
1 commit
-
ebt_among extension of ebtables uses __alignof__(_xt_align) while the
corresponding kernel module uses __alignof__(ebt_replace) to determine
the alignment in EBT_ALIGN().These are the results of these values on different platforms:
x86 x86_64 ppc
__alignof__(_xt_align) 4 8 8
__alignof__(ebt_replace) 4 8 4ebtables fails to add rules which use the among extension.
I'm using kernel 2.6.33 and ebtables 2.0.10-4
According to Bart De Schuymer, userspace alignment was changed to
_xt_align to fix an alignment issue on a userspace32-kernel64 system
(he thinks it was for an ARM device). So userspace must be right.
The kernel alignment macro needs to change so it also uses _xt_align
instead of ebt_replace. The userspace changes date back from
June 29, 2009.Signed-off-by: Joerg Willmann
Signed-off by: Bart De Schuymer
Signed-off-by: Pablo Neira Ayuso
31 Mar, 2011
1 commit
-
Fixes generated by 'codespell' and manually reviewed.
Signed-off-by: Lucas De Marchi
21 Jan, 2011
1 commit
-
Resolve these warnings on `make headers_check`:
usr/include/linux/netfilter/xt_CT.h:7: found __[us]{8,16,32,64} type
without #include
...Signed-off-by: Jan Engelhardt
18 Jan, 2011
1 commit
-
Signed-off-by: Jan Engelhardt
13 Jan, 2011
1 commit
-
To avoid adding a new match revision icmp type/code are stored
in the sport/dport area.Signed-off-by: Florian Westphal
Reviewed-by: Holger Eitzenberger
Reviewed-by: Bart De Schuymer
Signed-off-by: Pablo Neira Ayuso
18 Oct, 2010
1 commit
-
The ebt_ip6.h and ebt_nflog.h headers are not not known to Kbuild and
therefore not installed by make headers_install. Fix that up.Signed-off-by: Nick Bowler
Signed-off-by: Patrick McHardy
15 Aug, 2010
1 commit
-
unifdef-y and header-y has same semantic.
So there is no need to have both.Drop the unifdef-y variant and sort all lines again
Signed-off-by: Sam Ravnborg
18 Jan, 2010
1 commit
-
Add ->net to match destructor list like ->net in constructor list.
Make sure it's set in ebtables/iptables/ip6tables, this requires to
propagate netns up to *_unregister_table().Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy
05 Nov, 2009
1 commit
-
This cleanup patch puts struct/union/enum opening braces,
in first line to ease grep games.struct something
{becomes :
struct something {
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
24 Aug, 2009
1 commit
-
The inputted table is never modified, so should be considered const.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
04 Nov, 2008
2 commits
-
* return ebt_table from ebt_register_table(), module code will save it into
per-netns data for unregistration
* duplicate ebt_table at the very beginning of registration -- it's added into
list, so one ebt_table wouldn't end up in many lists (and each netns has
different one)
* introduce underscored tables in individial modules, this is temporary to not
break bisection.Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
* propagate netns from userspace, register table in passed netns
* remporarily register every ebt_table in init_netP. S.: one needs to add ".netns_ok = 1" to igmp_protocol to test with
ebtables(8) in netns.Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy
08 Oct, 2008
9 commits
-
This patch does this for target extensions' checkentry functions.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
10 Jun, 2008
1 commit
-
It implements matching functions for IPv6 address & traffic class
(merged from the patch sent by Jan Engelhardt [jengelh@computergmbh.de]
http://marc.info/?l=netfilter-devel&m=120182168424052&w=2), protocol,
and layer-4 port id. Corresponding watcher logging function is also
added for IPv6.Signed-off-by: Kuo-lang Tseng
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
14 Apr, 2008
1 commit
-
This patch adds the ebtables nflog watcher to the kernel in order to
allow ebtables log through the nfnetlink_log backend.Signed-off-by: Peter Warasin
Signed-off-by: Patrick McHardy
16 Oct, 2007
1 commit
-
With all the users of the double pointers removed, this patch mops up by
finally replacing all occurances of sk_buff ** in the netfilter API by
sk_buff *.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
26 Apr, 2007
2 commits
-
The attached patch adds gratuitous arp filtering, more precisely: it
allows checking that the IPv4 source address matches the IPv4
destination address inside the ARP header. It also adds a check for the
hardware address type when matching MAC addresses (nothing critical,
just for better consistency).Signed-off-by: Bart De Schuymer
Acked-by: Carl-Daniel Hailfinger
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
For the places where we need a pointer to the mac header, it is still legal to
touch skb->mac.raw directly if just adding to, subtracting from or setting it
to another layer header.This one also converts some more cases to skb_reset_mac_header() that my
regex missed as it had no spaces before nor after '=', ugh.Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller
03 Dec, 2006
3 commits
-
Signed-off-by: Al Viro
Signed-off-by: David S. Miller -
The attached patch adds --snat-arp support, which makes it possible to
change the source mac address in both the mac header and the arp header
with one rule.Signed-off-by: Bart De Schuymer
Signed-off-by: Patrick McHardy -
Signed-off-by: Al Viro
Signed-off-by: David S. Miller
04 Oct, 2006
1 commit
-
The following patch adds or/and/xor functionality for the mark target,
while staying backwards compatible.Signed-off-by: Bart De Schuymer
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
19 Sep, 2006
1 commit
-
Signed-off-by: David Woodhouse
18 Jun, 2006
1 commit
-
This adds the Kbuild files listing the files which are to be installed by
the 'headers_install' make target, in generic directories.Signed-off-by: David Woodhouse
28 Feb, 2006
1 commit
-
The nfnetlink_log infrastructure changes broke compatiblity of the LOG
targets. They currently use whatever log backend was registered first,
which means that if ipt_ULOG was loaded first, no messages will be printed
to the ring buffer anymore.Restore compatiblity by using the old log functions by default and only use
the nf_log backend if the user explicitly said so.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
