Changeset 12420
- Timestamp:
- 06/30/2009 05:16:49 PM (4 months ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
src/linux/rt2880/linux-2.6.23/net/ipv4/netfilter/ip_tables.c
r12125 r12420 87 87 #define FWINV(bool,invflg) ((bool) ^ !!(ipinfo->invflags & invflg)) 88 88 89 if (ipinfo->flags & IPT_F_NO_DEF_MATCH)90 return true;91 92 89 if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr, 93 90 IPT_INV_SRCIP) … … 152 149 return 0; 153 150 } 154 #undef FWINV155 151 156 152 return 1; … … 158 154 159 155 static inline bool 160 ip_checkentry(struct ipt_ip *ip) 161 { 162 #define FWINV(bool, invflg) ((bool) || (ip->invflags & (invflg))) 163 164 if (FWINV(ip->smsk.s_addr, IPT_INV_SRCIP) || 165 FWINV(ip->dmsk.s_addr, IPT_INV_DSTIP)) 166 goto has_match_rules; 167 168 if (FWINV(!!((const unsigned long *)ip->iniface_mask)[0], 169 IPT_INV_VIA_IN) || 170 FWINV(!!((const unsigned long *)ip->outiface_mask)[0], 171 IPT_INV_VIA_OUT)) 172 goto has_match_rules; 173 174 if (FWINV(ip->proto, IPT_INV_PROTO)) 175 goto has_match_rules; 176 177 if (FWINV(ip->flags&IPT_F_FRAG, IPT_INV_FRAG)) 178 goto has_match_rules; 179 180 ip->flags |= IPT_F_NO_DEF_MATCH; 181 182 has_match_rules: 183 if (ip->flags & ~(IPT_F_MASK|IPT_F_NO_DEF_MATCH)) { 156 ip_checkentry(const struct ipt_ip *ip) 157 { 158 if (ip->flags & ~IPT_F_MASK) { 184 159 duprintf("Unknown flag bits set: %08X\n", 185 160 ip->flags & ~IPT_F_MASK); … … 191 166 return false; 192 167 } 193 #undef FWINV194 168 return true; 195 169 } … … 357 331 struct xt_table_info *private; 358 332 333 /* Initialization */ 359 334 ip = ip_hdr(*pskb); 360 361 read_lock_bh(&table->lock);362 IP_NF_ASSERT(table->valid_hooks & (1 << hook));363 private = table->private;364 table_base = (void *)private->entries[smp_processor_id()];365 e = get_entry(table_base, private->hook_entry[hook]);366 if (e->target_offset <= sizeof(struct ipt_entry) &&367 (e->ip.flags & IPT_F_NO_DEF_MATCH)) {368 struct ipt_entry_target *t = ipt_get_target(e);369 if (!t->u.kernel.target->target) {370 int v = ((struct ipt_standard_target *)t)->verdict;371 if ((v < 0) && (v != IPT_RETURN)) {372 ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1);373 read_unlock_bh(&table->lock);374 return (unsigned)(-v) - 1;375 }376 }377 }378 379 /* Initialization */380 335 datalen = (*pskb)->len - ip->ihl * 4; 381 336 indev = in ? in->name : nulldevname; … … 389 344 offset = ntohs(ip->frag_off) & IP_OFFSET; 390 345 391 /*read_lock_bh(&table->lock);346 read_lock_bh(&table->lock); 392 347 IP_NF_ASSERT(table->valid_hooks & (1 << hook)); 393 348 private = table->private; 394 349 table_base = (void *)private->entries[smp_processor_id()]; 395 350 e = get_entry(table_base, private->hook_entry[hook]); 396 */ 351 397 352 /* For return from builtin chain */ 398 353 back = get_entry(table_base, private->underflow[hook]); src/linux/rt2880/linux-2.6.23/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
r10741 r12420 199 199 .release = seq_release_private, 200 200 }; 201 202 201 203 202 204 /* expects */ … … 405 407 }; 406 408 409 static int conntrack_flush(char *buffer, char **start, off_t offset, int length) 410 { 411 nf_conntrack_flush(); 412 return 0; 413 } 414 407 415 int __init nf_conntrack_ipv4_compat_init(void) 408 416 { … … 410 418 411 419 proc = proc_net_fops_create("ip_conntrack", 0440, &ct_file_ops); 420 if (!proc) 421 goto err1; 422 423 proc = proc_net_create("ip_conntrack_flush", 0440, conntrack_flush); 412 424 if (!proc) 413 425 goto err1; … … 430 442 proc_net_remove("ip_conntrack_expect"); 431 443 err2: 444 proc_net_remove("ip_conntrack_flush"); 432 445 proc_net_remove("ip_conntrack"); 433 446 err1:
