diff options
| -rw-r--r-- | drivers/net/ppp_deflate.c | 4 | ||||
| -rw-r--r-- | net/atm/mpc.c | 6 | ||||
| -rw-r--r-- | net/core/neighbour.c | 4 | ||||
| -rw-r--r-- | net/decnet/Kconfig | 6 | ||||
| -rw-r--r-- | net/decnet/Makefile | 7 | ||||
| -rw-r--r-- | net/decnet/netfilter/Kconfig | 15 | ||||
| -rw-r--r-- | net/decnet/netfilter/Makefile | 6 | ||||
| -rw-r--r-- | net/decnet/netfilter/dn_rtmsg.c | 167 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_ah.c | 13 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_esp.c | 10 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_frag.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_ipv6header.c | 56 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_rt.c | 2 |
13 files changed, 213 insertions, 85 deletions
diff --git a/drivers/net/ppp_deflate.c b/drivers/net/ppp_deflate.c index 41bb7f89ca84..ef8c38bfb8d9 100644 --- a/drivers/net/ppp_deflate.c +++ b/drivers/net/ppp_deflate.c @@ -88,7 +88,6 @@ z_comp_free(arg) if (state->strm.workspace) vfree(state->strm.workspace); kfree(state); - MOD_DEC_USE_COUNT; } } @@ -118,7 +117,6 @@ z_comp_alloc(options, opt_len) if (state == NULL) return NULL; - MOD_INC_USE_COUNT; memset (state, 0, sizeof (struct ppp_deflate_state)); state->strm.next_in = NULL; state->w_size = w_size; @@ -274,7 +272,6 @@ z_decomp_free(arg) if (state->strm.workspace) kfree(state->strm.workspace); kfree(state); - MOD_DEC_USE_COUNT; } } @@ -303,7 +300,6 @@ z_decomp_alloc(options, opt_len) if (state == NULL) return NULL; - MOD_INC_USE_COUNT; memset (state, 0, sizeof (struct ppp_deflate_state)); state->w_size = w_size; state->strm.next_out = NULL; diff --git a/net/atm/mpc.c b/net/atm/mpc.c index be6d79ced54d..a05075fa00ea 100644 --- a/net/atm/mpc.c +++ b/net/atm/mpc.c @@ -324,7 +324,9 @@ static void stop_mpc(struct mpoa_client *mpc) return; } -static const char * __attribute__ ((unused)) mpoa_device_type_string(char type) +static const char *mpoa_device_type_string(char type) __attribute__ ((unused)); + +static const char *mpoa_device_type_string(char type) { switch(type) { case NON_MPOA: @@ -429,7 +431,7 @@ static void lane2_assoc_ind(struct net_device *dev, uint8_t *mac_addr, if (tlvs == NULL) return; } if (end_of_tlvs - tlvs != 0) - printk("mpoa: (%s) lane2_assoc_ind: ignoring %d bytes of trailing TLV carbage\n", + printk("mpoa: (%s) lane2_assoc_ind: ignoring %Zd bytes of trailing TLV carbage\n", dev->name, end_of_tlvs - tlvs); return; } diff --git a/net/core/neighbour.c b/net/core/neighbour.c index 0198eeb05388..b2a88e18554e 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c @@ -440,8 +440,8 @@ void neigh_destroy(struct neighbour *neigh) if (!neigh->dead) { printk(KERN_WARNING - "Destroying alive neighbour %p from %08lx\n", neigh, - *(((unsigned long *)&neigh) - 1)); + "Destroying alive neighbour %p\n", neigh); + dump_stack(); return; } diff --git a/net/decnet/Kconfig b/net/decnet/Kconfig index 7327b51ac6a0..974ec415042c 100644 --- a/net/decnet/Kconfig +++ b/net/decnet/Kconfig @@ -17,11 +17,11 @@ config DECNET_ROUTER depends on DECNET && EXPERIMENTAL ---help--- Add support for turning your DECnet Endnode into a level 1 or 2 - router. This is an unfinished option for developers only. If you + router. This is an experimental, but functional option. If you do say Y here, then make sure that you also say Y to "Kernel/User network link driver", "Routing messages" and "Network packet filtering". The first two are required to allow configuration via - rtnetlink (currently you need Alexey Kuznetsov's iproute2 package + rtnetlink (you will need Alexey Kuznetsov's iproute2 package from <ftp://ftp.inr.ac.ru/>). The "Network packet filtering" option will be required for the forthcoming routing daemon to work. @@ -35,3 +35,5 @@ config DECNET_ROUTE_FWMARK packets with different FWMARK ("firewalling mark") values (see ipchains(8), "-m" argument). +source "net/decnet/netfilter/Kconfig" + diff --git a/net/decnet/Makefile b/net/decnet/Makefile index 323c66398b13..e44003af71f6 100644 --- a/net/decnet/Makefile +++ b/net/decnet/Makefile @@ -1,7 +1,10 @@ obj-$(CONFIG_DECNET) += decnet.o -decnet-y := af_decnet.o dn_nsp_in.o dn_nsp_out.o dn_route.o dn_dev.o dn_neigh.o dn_timer.o +decnet-y := af_decnet.o dn_nsp_in.o dn_nsp_out.o \ + dn_route.o dn_dev.o dn_neigh.o dn_timer.o decnet-$(CONFIG_DECNET_ROUTER) += dn_fib.o dn_rules.o dn_table.o -decnet-$(CONFIG_DECNET_FW) += dn_fw.o decnet-y += sysctl_net_decnet.o + +obj-$(CONFIG_NETFILTER) += netfilter/ + diff --git a/net/decnet/netfilter/Kconfig b/net/decnet/netfilter/Kconfig new file mode 100644 index 000000000000..ecdb3f9f14ca --- /dev/null +++ b/net/decnet/netfilter/Kconfig @@ -0,0 +1,15 @@ +# +# DECnet netfilter configuration +# + +menu "DECnet: Netfilter Configuration" + depends on DECNET && NETFILTER && EXPERIMENTAL + +config DECNET_NF_GRABULATOR + tristate "Routing message grabulator (for userland routing daemon)" + help + Enable this module if you want to use the userland DECnet routing + daemon. You will also need to enable routing support for DECnet + unless you just want to monitor routing messages from other nodes. + +endmenu diff --git a/net/decnet/netfilter/Makefile b/net/decnet/netfilter/Makefile new file mode 100644 index 000000000000..255c1ae9daeb --- /dev/null +++ b/net/decnet/netfilter/Makefile @@ -0,0 +1,6 @@ +# +# Makefile for DECnet netfilter modules +# + +obj-$(CONFIG_DECNET_NF_GRABULATOR) += dn_rtmsg.o + diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c new file mode 100644 index 000000000000..afd54f2572e0 --- /dev/null +++ b/net/decnet/netfilter/dn_rtmsg.c @@ -0,0 +1,167 @@ +/* + * DECnet An implementation of the DECnet protocol suite for the LINUX + * operating system. DECnet is implemented using the BSD Socket + * interface as the means of communication with the user level. + * + * DECnet Routing Message Grabulator + * + * (C) 2000 ChyGwyn Limited - http://www.chygwyn.com/ + * This code may be copied under the GPL v.2 or at your option + * any later version. + * + * Author: Steven Whitehouse <steve@chygwyn.com> + * + */ +#include <linux/module.h> +#include <linux/skbuff.h> +#include <linux/init.h> +#include <linux/netdevice.h> +#include <linux/netfilter.h> +#include <linux/spinlock.h> +#include <linux/netlink.h> + +#include <net/sock.h> +#include <net/flow.h> +#include <net/dn.h> +#include <net/dn_route.h> + +#include <linux/netfilter_decnet.h> + +static struct sock *dnrmg = NULL; + + +static struct sk_buff *dnrmg_build_message(struct sk_buff *rt_skb, int *errp) +{ + struct sk_buff *skb = NULL; + size_t size; + unsigned char *old_tail; + struct nlmsghdr *nlh; + unsigned char *ptr; + struct nf_dn_rtmsg *rtm; + + size = NLMSG_SPACE(rt_skb->len); + size += NLMSG_ALIGN(sizeof(struct nf_dn_rtmsg)); + skb = alloc_skb(size, GFP_ATOMIC); + if (!skb) + goto nlmsg_failure; + old_tail = skb->tail; + nlh = NLMSG_PUT(skb, 0, 0, 0, size - sizeof(*nlh)); + rtm = (struct nf_dn_rtmsg *)NLMSG_DATA(nlh); + rtm->nfdn_ifindex = rt_skb->dev->ifindex; + ptr = NFDN_RTMSG(rtm); + memcpy(ptr, rt_skb->data, rt_skb->len); + nlh->nlmsg_len = skb->tail - old_tail; + return skb; + +nlmsg_failure: + if (skb) + kfree(skb); + *errp = -ENOMEM; + if (net_ratelimit()) + printk(KERN_ERR "dn_rtmsg: error creating netlink message\n"); + return NULL; +} + +static void dnrmg_send_peer(struct sk_buff *skb) +{ + struct sk_buff *skb2; + int status = 0; + int group = 0; + unsigned char flags = *skb->data; + + switch(flags & DN_RT_CNTL_MSK) { + case DN_RT_PKT_L1RT: + group = DNRMG_L1_GROUP; + break; + case DN_RT_PKT_L2RT: + group = DNRMG_L2_GROUP; + break; + default: + return; + } + + skb2 = dnrmg_build_message(skb, &status); + if (skb2 == NULL) + return; + NETLINK_CB(skb2).dst_groups = group; + netlink_broadcast(dnrmg, skb2, 0, group, GFP_ATOMIC); +} + + +static unsigned int dnrmg_hook(unsigned int hook, + struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + int (*okfn)(struct sk_buff *)) +{ + dnrmg_send_peer(*pskb); + return NF_ACCEPT; +} + + +#define RCV_SKB_FAIL(err) do { netlink_ack(skb, nlh, (err)); return; } while (0) + +static inline void dnrmg_receive_user_skb(struct sk_buff *skb) +{ + struct nlmsghdr *nlh = (struct nlmsghdr *)skb->data; + + if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len) + return; + + if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN)) + RCV_SKB_FAIL(-EPERM); + + /* Eventually we might send routing messages too */ + + RCV_SKB_FAIL(-EINVAL); +} + +static void dnrmg_receive_user_sk(struct sock *sk, int len) +{ + struct sk_buff *skb; + + while((skb = skb_dequeue(&sk->receive_queue)) != NULL) { + dnrmg_receive_user_skb(skb); + kfree_skb(skb); + } +} + +static struct nf_hook_ops dnrmg_ops = { + .hook = dnrmg_hook, + .pf = PF_DECnet, + .hooknum = NF_DN_ROUTE, + .priority = NF_DN_PRI_DNRTMSG, +}; + +static int __init init(void) +{ + int rv = 0; + + dnrmg = netlink_kernel_create(NETLINK_DNRTMSG, dnrmg_receive_user_sk); + if (dnrmg == NULL) { + printk(KERN_ERR "dn_rtmsg: Cannot create netlink socket"); + return -ENOMEM; + } + + rv = nf_register_hook(&dnrmg_ops); + if (rv) { + sock_release(dnrmg->socket); + } + + return rv; +} + +static void __exit fini(void) +{ + nf_unregister_hook(&dnrmg_ops); + sock_release(dnrmg->socket); +} + + +MODULE_DESCRIPTION("DECnet Routing Message Grabulator"); +MODULE_AUTHOR("Steven Whitehouse <steve@chygwyn.com>"); +MODULE_LICENSE("GPL"); + +module_init(init); +module_exit(fini); + diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c index ca22024b7b5a..978cf4345113 100644 --- a/net/ipv6/netfilter/ip6t_ah.c +++ b/net/ipv6/netfilter/ip6t_ah.c @@ -19,13 +19,6 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); #define DEBUGP(format, args...) #endif -struct ahhdr { - __u8 nexthdr; - __u8 hdrlen; - __u16 reserved; - __u32 spi; -}; - /* Returns 1 if the spi is matched by the range, 0 otherwise */ static inline int spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) @@ -48,7 +41,7 @@ match(const struct sk_buff *skb, u_int16_t datalen, int *hotdrop) { - struct ahhdr *ah = NULL; + struct ip_auth_hdr *ah = NULL; const struct ip6t_ah *ahinfo = matchinfo; unsigned int temp; int len; @@ -128,12 +121,12 @@ match(const struct sk_buff *skb, /* AH header not found */ if ( temp != MASK_AH ) return 0; - if (len < (int)sizeof(struct ahhdr)){ + if (len < (int)sizeof(struct ip_auth_hdr)){ *hotdrop = 1; return 0; } - ah=skb->data+ptr; + ah = (struct ip_auth_hdr *) (skb->data + ptr); DEBUGP("IPv6 AH LEN %u %u ", hdrlen, ah->hdrlen); DEBUGP("RES %04X ", ah->reserved); diff --git a/net/ipv6/netfilter/ip6t_esp.c b/net/ipv6/netfilter/ip6t_esp.c index 828a91510ffe..b9e970a8c584 100644 --- a/net/ipv6/netfilter/ip6t_esp.c +++ b/net/ipv6/netfilter/ip6t_esp.c @@ -19,10 +19,6 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); #define DEBUGP(format, args...) #endif -struct esphdr { - __u32 spi; -}; - /* Returns 1 if the spi is matched by the range, 0 otherwise */ static inline int spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) @@ -45,7 +41,7 @@ match(const struct sk_buff *skb, u_int16_t datalen, int *hotdrop) { - struct esphdr *esp = NULL; + struct ip_esp_hdr *esp = NULL; const struct ip6t_esp *espinfo = matchinfo; unsigned int temp; int len; @@ -118,12 +114,12 @@ match(const struct sk_buff *skb, /* ESP header not found */ if ( temp != MASK_ESP ) return 0; - if (len < (int)sizeof(struct esphdr)){ + if (len < (int)sizeof(struct ip_esp_hdr)){ *hotdrop = 1; return 0; } - esp=skb->data+ptr; + esp = (struct ip_esp_hdr *) (skb->data + ptr); DEBUGP("IPv6 ESP SPI %u %08X\n", ntohl(esp->spi), ntohl(esp->spi)); diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c index 544f07c879d2..af92bce00249 100644 --- a/net/ipv6/netfilter/ip6t_frag.c +++ b/net/ipv6/netfilter/ip6t_frag.c @@ -147,7 +147,7 @@ match(const struct sk_buff *skb, return 0; } - frag=skb->data+ptr; + frag = (struct fraghdr *) (skb->data + ptr); DEBUGP("IPv6 FRAG LEN %u %u ", hdrlen, frag->hdrlen); DEBUGP("INFO %04X ", frag->info); diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c index 66a0bbd843c2..742abbb3ea1f 100644 --- a/net/ipv6/netfilter/ip6t_ipv6header.c +++ b/net/ipv6/netfilter/ip6t_ipv6header.c @@ -18,12 +18,6 @@ MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("IPv6 headers match"); MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); -#if 0 -#define DEBUGP printk -#else -#define DEBUGP(format, args...) -#endif - static int ipv6header_match(const struct sk_buff *skb, const struct net_device *in, @@ -39,10 +33,8 @@ ipv6header_match(const struct sk_buff *skb, int len; u8 nexthdr; unsigned int ptr; - struct inet6_skb_parm *opt = (struct inet6_skb_parm *)skb->cb; /* Make sure this isn't an evil packet */ - DEBUGP("ipv6_header entered \n"); /* type of the 1st exthdr */ nexthdr = skb->nh.ipv6h->nexthdr; @@ -52,44 +44,10 @@ ipv6header_match(const struct sk_buff *skb, len = skb->len - ptr; temp = 0; - DEBUGP("ipv6_header nexthdr %02X \n",nexthdr); - DEBUGP("ipv6_header ptr %08X \n",ptr); - DEBUGP("ipv6_header skblen %04X \n",skb->len); - DEBUGP("ipv6_header skbdatalen %04X \n",skb->data_len); - DEBUGP("ipv6_header len %04X \n",len); -#if 0 - for (temp=0;temp<skb->len;temp++){ - if (!(temp % 16 )) DEBUGP("\nipv6_header data "); - DEBUGP("%02X ",skb->data[temp]); - } -#endif - DEBUGP("\nipv6_header h.raw %02X %02X %02X %02X \n", - skb->h.raw[0], - skb->h.raw[1], - skb->h.raw[2], - skb->h.raw[3]); - DEBUGP("ipv6_header nh.raw %02X %02X %02X %02X \n", - skb->nh.raw[0], - skb->nh.raw[1], - skb->nh.raw[2], - skb->nh.raw[3]); - DEBUGP("ipv6_header CB %02X %02X %02X %02X %02X %02X %02X \n", - opt->iif, - opt->ra, - opt->hop, - opt->auth, - opt->dst0, - opt->srcrt, - opt->dst1); - - temp = 0; - while (ip6t_ext_hdr(nexthdr)) { struct ipv6_opt_hdr *hdr; int hdrlen; - DEBUGP("ipv6_header header iteration \n"); - /* Is there enough space for the next ext header? */ if (len < (int)sizeof(struct ipv6_opt_hdr)) return 0; @@ -114,8 +72,6 @@ ipv6header_match(const struct sk_buff *skb, else hdrlen = ipv6_optlen(hdr); - DEBUGP("ipv6_header hdrlen %04X \n",hdrlen); - /* set the flag */ switch (nexthdr){ case NEXTHDR_HOP: @@ -134,7 +90,6 @@ ipv6header_match(const struct sk_buff *skb, temp |= MASK_DSTOPTS; break; default: - DEBUGP("IPV6HEADER match: unknown nextheader %u\n",nexthdr); return 0; break; } @@ -142,17 +97,13 @@ ipv6header_match(const struct sk_buff *skb, nexthdr = hdr->nexthdr; len -= hdrlen; ptr += hdrlen; - if ( ptr > skb->len ) { - DEBUGP("ipv6_header new ptr %04X \n",ptr); + if (ptr > skb->len) break; - } } if ( (nexthdr != NEXTHDR_NONE ) && (nexthdr != NEXTHDR_ESP) ) temp |= MASK_PROTO; - DEBUGP ("ipv6header: %02X %02X \n", temp, info->matchflags); - if (info->modeflag) return (!( (temp & info->matchflags) ^ info->matchflags) ^ info->invflags); @@ -169,11 +120,8 @@ ipv6header_checkentry(const char *tablename, { /* Check for obvious errors */ /* This match is valid in all hooks! */ - if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_ipv6header_info))) { - DEBUGP("ip6t_ipv6header: matchsize != %u\n", - IP6T_ALIGN(sizeof(struct ip6t_ipv6header_info))); + if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_ipv6header_info))) return 0; - } return 1; } diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c index b5823593c02f..fe49dae08fb5 100644 --- a/net/ipv6/netfilter/ip6t_rt.c +++ b/net/ipv6/netfilter/ip6t_rt.c @@ -130,7 +130,7 @@ match(const struct sk_buff *skb, return 0; } - route=skb->data+ptr; + route = (struct ipv6_rt_hdr *) (skb->data + ptr); DEBUGP("IPv6 RT LEN %u %u ", hdrlen, route->hdrlen); DEBUGP("TYPE %04X ", route->type); |