10 May, 2012
1 commit
-
Use the new bool function ether_addr_equal to add
some clarity and reduce the likelihood for misuse
of compare_ether_addr for sorting.Done via cocci script:
$ cat compare_ether_addr.cocci
@@
expression a,b;
@@
- !compare_ether_addr(a, b)
+ ether_addr_equal(a, b)@@
expression a,b;
@@
- compare_ether_addr(a, b)
+ !ether_addr_equal(a, b)@@
expression a,b;
@@
- !ether_addr_equal(a, b) == 0
+ ether_addr_equal(a, b)@@
expression a,b;
@@
- !ether_addr_equal(a, b) != 0
+ !ether_addr_equal(a, b)@@
expression a,b;
@@
- ether_addr_equal(a, b) == 0
+ !ether_addr_equal(a, b)@@
expression a,b;
@@
- ether_addr_equal(a, b) != 0
+ ether_addr_equal(a, b)@@
expression a,b;
@@
- !!ether_addr_equal(a, b)
+ ether_addr_equal(a, b)Signed-off-by: Joe Perches
Signed-off-by: David S. Miller
12 May, 2010
2 commits
-
In future, layer-3 matches will be an xt module of their own, and
need to set the fragoff and thoff fields. Adding more pointers would
needlessy increase memory requirements (esp. so for 64-bit, where
pointers are wider).Signed-off-by: Jan Engelhardt
-
Signed-off-by: Jan Engelhardt
18 Mar, 2010
2 commits
-
I do not see a point of allowing the MAC module to work with devices
that don't possibly have one, e.g. various tunnel interfaces such as
tun and sit.Signed-off-by: Jan Engelhardt
-
Signed-off-by: Jan Engelhardt
08 Oct, 2008
3 commits
-
Lots of extensions are completely family-independent, so squash some code.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
The function signatures for Xtables extensions have grown over time.
It involves a lot of typing/replication, and also a bit of stack space
even if they are not used. Realize an NFWS2008 idea and pack them into
structs. The skb remains outside of the struct so gcc can continue to
apply its optimizations.This patch does this for match extensions' match functions.
A few ambiguities have also been addressed. The "offset" parameter for
example has been renamed to "fragoff" (there are so many different
offsets already) and "protoff" to "thoff" (there is more than just one
protocol here, so clarify).Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
29 Jan, 2008
3 commits
-
Updates the MODULE_DESCRIPTION() tags for all Netfilter modules,
actually describing what the module does and not just
"netfilter XYZ target".Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Give all Netfilter modules consistent and unique symbol names.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The IPv4 and IPv6 hook values are identical, yet some code tries to figure
out the "correct" value by looking at the address family. Introduce NF_INET_*
values for both IPv4 and IPv6. The old values are kept in a #ifndef __KERNEL__
section for userspace compatibility.Signed-off-by: Patrick McHardy
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
11 Jul, 2007
4 commits
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Removes redundant parentheses and braces (And add one pair in a
xt_tcpudp.c macro).Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Switch the return type of match functions to boolean
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Switch the "hotdrop" variables to boolean
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
26 Apr, 2007
1 commit
-
For the places where we need a pointer to the mac header, it is still legal to
touch skb->mac.raw directly if just adding to, subtracting from or setting it
to another layer header.This one also converts some more cases to skb_reset_mac_header() that my
regex missed as it had no spaces before nor after '=', ugh.Signed-off-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller
13 Feb, 2007
1 commit
-
Use NF_IP6_ instead of NF_IP_. The values are identical, this is merely
cleanup.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
23 Sep, 2006
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
29 Mar, 2006
1 commit
-
Every netfilter module uses `init' for its module_init() function and
`fini' or `cleanup' for its module_exit() function.Problem is, this creates uninformative initcall_debug output and makes
ctags rather useless.So go through and rename them all to $(filename)_init and
$(filename)_fini.Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller
23 Mar, 2006
1 commit
-
Set the family field in xt_[matches|targets] registered.
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
21 Mar, 2006
2 commits
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
13 Jan, 2006
1 commit
-
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headersBased on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.Signed-off-by: Harald Welte
Signed-off-by: David S. Miller