02 Nov, 2017
1 commit
-
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.By default all files without license information are under the default
license of the kernel, which is GPL version 2.Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if
Reviewed-by: Philippe Ombredanne
Reviewed-by: Thomas Gleixner
Signed-off-by: Greg Kroah-Hartman
03 Mar, 2016
1 commit
-
This change prepares for upcoming on-demand xtables hook registration.
We change the protoypes of the register/unregister functions.
A followup patch will then add nf_hook_register/unregister calls
to the iptables one.Once a hook is registered packets will be picked up, so all assignments
of the formnet->ipv4.iptable_$table = new_table
have to be moved to ip(6)t_register_table, else we can see NULL
net->ipv4.iptable_$table later.This patch doesn't change functionality; without this the actual change
simply gets too big.Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
19 Sep, 2015
1 commit
-
The values of ops->hooknum and state->hook are guaraneted to be equal
making the hook argument to ip6t_do_table, arp_do_table, and
ipt_do_table is unnecessary. Remove the unnecessary hook argument.In the callers use state->hook instead of ops->hooknum for clarity and
to reduce the number of cachelines the callers touch.Signed-off-by: "Eric W. Biederman"
Signed-off-by: Pablo Neira Ayuso
05 Apr, 2015
1 commit
-
Signed-off-by: David S. Miller
17 Oct, 2012
1 commit
-
Remove non-UAPI Kbuild files that have become empty as a result of UAPI
disintegration. They used to have only header-y lines in them and those have
now moved to the Kbuild files in the corresponding uapi/ directories.Possibly these should not be removed but rather have a comment inserted to say
they are intentionally left blank. This would make it easier to add generated
header lines in future without having to restore the infrastructure.Note that at this point not all the UAPI disintegration parts have been merged,
so it is likely that more empty Kbuild files will turn up.It is probably necessary to make the files non-empty to prevent the patch
program from automatically deleting them when it reduces them to nothing.Signed-off-by: David Howells
09 Oct, 2012
1 commit
-
Signed-off-by: David Howells
Acked-by: Arnd Bergmann
Acked-by: Thomas Gleixner
Acked-by: Michael Kerrisk
Acked-by: Paul E. McKenney
Acked-by: Dave Jones
07 Jun, 2012
1 commit
-
It was scheduled to be removed.
Acked-by: Florian Westphal
Signed-off-by: Cong Wang
Signed-off-by: Pablo Neira Ayuso
09 May, 2012
1 commit
-
This patch removes ip_queue support which was marked as obsolete
years ago. The nfnetlink_queue modules provides more advanced
user-space packet queueing mechanism.This patch also removes capability code included in SELinux that
refers to ip_queue. Otherwise, we break compilation.Several warning has been sent regarding this to the mailing list
in the past month without anyone rising the hand to stop this
with some strong argument.Signed-off-by: Pablo Neira Ayuso
08 Mar, 2012
2 commits
-
These two headers are not required anymore, they have been
replaced by xt_SAME.h and xt_realm.h.Florian Westphal pointed out this.
Cc: "David S. Miller"
Cc: Florian Westphal
Signed-off-by: WANG Cong -
ipt_LOG and ip6_LOG have a lot of common code, merge them
to reduce duplicate code.Signed-off-by: Richard Weinberger
Signed-off-by: Pablo Neira Ayuso
28 Dec, 2011
2 commits
-
Use the new macro and struct names in xt_ecn.h, and put the old
definitions into a definition-forwarding ipt_ecn.h.Signed-off-by: Jan Engelhardt
Signed-off-by: Pablo Neira Ayuso -
Prepare the ECN match for augmentation by an IPv6 counterpart. Since
no symbol dependencies to ipv6.ko are added, having a single ecn match
module is the more so welcome.Signed-off-by: Jan Engelhardt
Signed-off-by: Pablo Neira Ayuso
23 Dec, 2011
1 commit
-
Export the NAT definitions to userspace. So far userspace (specifically,
iptables) has been copying the headers files from include/net. Also
rename some structures and definitions in preparation for IPv6 NAT.
Since these have never been officially exported, this doesn't affect
existing userspace code.Signed-off-by: Patrick McHardy
Signed-off-by: Pablo Neira Ayuso
01 Nov, 2011
1 commit
-
This patch exports several definitions that used to live under
include/net/netfilter/nf_nat.h. These definitions, although not
exported, have been used by iptables and other userspace
applications like miniupnpd since long time. Basically, these
userspace tools included some internal definition of the required
structures and they assume no changes in the binary representation
(which is OK indeed).To resolve this situation, this patch makes public the required
structure and install them in INSTALL_HDR_PATH.See: https://bugs.gentoo.org/376873, for more information.
This patch is heavily based on the initial patch sent by:
Anthony G. Basile
Which was entitled:
netfilter: export sanitized nf_nat.h to INSTALL_HDR_PATH
Signed-off-by: Pablo Neira Ayuso
27 Aug, 2011
1 commit
-
These types are guaranteed to be defined by for
both userland and kernel, unlike u_intN_t.Signed-off-by: Ben Hutchings
Acked-by: Patrick McHardy
Signed-off-by: David S. Miller
21 Jan, 2011
1 commit
-
Resolve these warnings on `make headers_check`:
usr/include/linux/netfilter/xt_CT.h:7: found __[us]{8,16,32,64} type
without #include
...Signed-off-by: Jan Engelhardt
18 Jan, 2011
1 commit
-
Signed-off-by: Jan Engelhardt
14 Oct, 2010
5 commits
-
Signed-off-by: Jan Engelhardt
-
Unification of struct *_error_target was forgotten in
v2.6.16-1689-g1e30a01.Signed-off-by: Jan Engelhardt
-
Signed-off-by: Jan Engelhardt
-
Many of the used macros are just there for userspace compatibility.
Substitute the in-kernel code to directly use the terminal macro
and stuff the defines into #ifndef __KERNEL__ sections.Signed-off-by: Jan Engelhardt
15 Aug, 2010
1 commit
-
unifdef-y and header-y has same semantic.
So there is no need to have both.Drop the unifdef-y variant and sort all lines again
Signed-off-by: Sam Ravnborg
28 Jun, 2010
1 commit
-
The LOG targets print the entire MAC header as one long string, which is not
readable very well:IN=eth0 OUT= MAC=00:15:f2:24:91:f8:00:1b:24:dc:61:e6:08:00 ...
Add an option to decode known header formats (currently just ARPHRD_ETHER devices)
in their individual fields:IN=eth0 OUT= MACSRC=00:1b:24:dc:61:e6 MACDST=00:15:f2:24:91:f8 MACPROTO=0800 ...
IN=eth0 OUT= MACSRC=00:1b:24:dc:61:e6 MACDST=00:15:f2:24:91:f8 MACPROTO=86dd ...The option needs to be explicitly enabled by userspace to avoid breaking
existing parsers.Signed-off-by: Patrick McHardy
25 Feb, 2010
2 commits
-
The macro is replaced by a list.h-like foreach loop. This makes
the code more inspectable.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
The macro is replaced by a list.h-like foreach loop. This makes
the code much more inspectable.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
11 Feb, 2010
1 commit
-
The static initial tables are pretty large, and after the net
namespace has been instantiated, they just hang around for nothing.
This commit removes them and creates tables on-demand at runtime when
needed.Size shrinks by 7735 bytes (x86_64).
Signed-off-by: Jan Engelhardt
18 Jan, 2010
1 commit
-
Add ->net to match destructor list like ->net in constructor list.
Make sure it's set in ebtables/iptables/ip6tables, this requires to
propagate netns up to *_unregister_table().Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy
05 Nov, 2009
1 commit
-
This cleanup patch puts struct/union/enum opening braces,
in first line to ease grep games.struct something
{becomes :
struct something {
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
24 Aug, 2009
1 commit
-
The inputted table is never modified, so should be considered const.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
10 Aug, 2009
4 commits
-
When IPv4 and IPv6 matches were unified approx. 3.5 years ago, they
received new header filenames (e.g. xt_CLASSIFY.h). Let's remove the
old ones now.Signed-off-by: Jan Engelhardt
-
Superseded by xt_owner v1 (v2.6.24-2388-g0265ab4).
Signed-off-by: Jan Engelhardt
-
Superseded by xt_iprange v1 (v2.6.24-2928-g1a50c5a1).
Signed-off-by: Jan Engelhardt
-
Superseded by xt_TOS v1 (v2.6.24-2396-g5c350e5).
Signed-off-by: Jan Engelhardt
27 Mar, 2009
1 commit
-
A number of standard posix types are used in exported headers, which
is not allowed if __STRICT_KERNEL_NAMES is defined. In order to
get rid of the non-__STRICT_KERNEL_NAMES part and to make sane headers
the default, we have to change them all to safe types.There are also still some leftovers in reiserfs_fs.h, elfcore.h
and coda.h, but these files have not compiled in user space for
a long time.This leaves out the various integer types ({u_,u,}int{8,16,32,64}_t),
which we take care of separately.Signed-off-by: Arnd Bergmann
Acked-by: Mauro Carvalho Chehab
Cc: David Airlie
Cc: Arnaldo Carvalho de Melo
Cc: YOSHIFUJI Hideaki
Cc: netdev@vger.kernel.org
Cc: linux-ppp@vger.kernel.org
Cc: Jaroslav Kysela
Cc: Takashi Iwai
Cc: David Woodhouse
Signed-off-by: H. Peter Anvin
Signed-off-by: Ingo Molnar
20 Nov, 2008
1 commit
-
It seems that all of the include/netfilter_{ipv4,ipv6}/{ipt,ip6t}_*.h which
share constants include the corresponding include/netfilter/xp_*.h files.
Neither ipt_policy.h not ip6t_policy.h do. Make these consistant with
the norm.Signed-off-by: Andy Whitcroft
Signed-off-by: Patrick McHardy
08 Oct, 2008
1 commit
-
Like with other modules (such as ipt_state), ipt_recent.h is changed
to forward definitions to (IOW include) xt_recent.h, and xt_recent.c
is changed to use the new constant names.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
22 May, 2008
1 commit
-
Greg Steuck points out that some of the netfilter
headers can't be used in userspace without including linux/types.h
first. The headers include their own linux/types.h include statements,
these are stripped by make headers-install because they are inside
#ifdef __KERNEL__ however. Move them out to fix this.Reported and Tested by Greg Steuck.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
01 Feb, 2008
1 commit
-
Typical table module registers xt_table structure (i.e. packet_filter)
and link it to list during it. We can't use one template for it because
corresponding list_head will become corrupted. We also can't unregister
with template because it wasn't changed at all and thus doesn't know in
which list it is.So, we duplicate template at the very first step of table registration.
Table modules will save it for use during unregistration time and actual
filtering.Do it at once to not screw bisection.
P.S.: renaming i.e. packet_filter => __packet_filter is temporary until
full netnsization of table modules is done.Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
29 Jan, 2008
1 commit
-
This patch moves ipt_iprange to xt_iprange, in preparation for adding
IPv6 support to xt_iprange.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller