Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says: ==================== The following patchset contains a small batch of Netfilter updates for your net-next tree, they are: * Three patches that provide more accurate error reporting to user-space, instead of -EPERM, in IPv4/IPv6 netfilter re-routing code and NAT, from Patrick McHardy. * Update copyright statements in Netfilter filters of Patrick McHardy, from himself. * Add Kconfig dependency on the raw/mangle tables to the rpfilter, from Florian Westphal. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
commit
95a06161e6
47 changed files with 122 additions and 40 deletions
|
|
@ -1,4 +1,9 @@
|
|||
/* IPv4 specific functions of netfilter core */
|
||||
/*
|
||||
* IPv4 specific functions of netfilter core
|
||||
*
|
||||
* Rusty Russell (C) 2000 -- This code is GPL.
|
||||
* Patrick McHardy (C) 2006-2012
|
||||
*/
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/netfilter.h>
|
||||
#include <linux/netfilter_ipv4.h>
|
||||
|
|
@ -40,14 +45,14 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned int addr_type)
|
|||
fl4.flowi4_flags = flags;
|
||||
rt = ip_route_output_key(net, &fl4);
|
||||
if (IS_ERR(rt))
|
||||
return -1;
|
||||
return PTR_ERR(rt);
|
||||
|
||||
/* Drop old route. */
|
||||
skb_dst_drop(skb);
|
||||
skb_dst_set(skb, &rt->dst);
|
||||
|
||||
if (skb_dst(skb)->error)
|
||||
return -1;
|
||||
return skb_dst(skb)->error;
|
||||
|
||||
#ifdef CONFIG_XFRM
|
||||
if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) &&
|
||||
|
|
@ -56,7 +61,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned int addr_type)
|
|||
skb_dst_set(skb, NULL);
|
||||
dst = xfrm_lookup(net, dst, flowi4_to_flowi(&fl4), skb->sk, 0);
|
||||
if (IS_ERR(dst))
|
||||
return -1;
|
||||
return PTR_ERR(dst);;
|
||||
skb_dst_set(skb, dst);
|
||||
}
|
||||
#endif
|
||||
|
|
@ -66,7 +71,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned int addr_type)
|
|||
if (skb_headroom(skb) < hh_len &&
|
||||
pskb_expand_head(skb, HH_DATA_ALIGN(hh_len - skb_headroom(skb)),
|
||||
0, GFP_ATOMIC))
|
||||
return -1;
|
||||
return -ENOMEM;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ config IP_NF_MATCH_ECN
|
|||
|
||||
config IP_NF_MATCH_RPFILTER
|
||||
tristate '"rpfilter" reverse path filter match support'
|
||||
depends on NETFILTER_ADVANCED
|
||||
depends on NETFILTER_ADVANCED && (IP_NF_MANGLE || IP_NF_RAW)
|
||||
---help---
|
||||
This option allows you to match packets whose replies would
|
||||
go out via the interface the packet came in.
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@
|
|||
* Some ARP specific bits are:
|
||||
*
|
||||
* Copyright (C) 2002 David S. Miller (davem@redhat.com)
|
||||
* Copyright (C) 2006-2009 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
*/
|
||||
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
*
|
||||
* Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
|
||||
* Copyright (C) 2000-2005 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* Copyright (C) 2006-2010 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
* (C) 2000-2004 by Harald Welte <laforge@netfilter.org>
|
||||
* (C) 1999-2001 Paul `Rusty' Russell
|
||||
* (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* (C) 2005-2007 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ ipt_mangle_out(struct sk_buff *skb, const struct net_device *out)
|
|||
u_int8_t tos;
|
||||
__be32 saddr, daddr;
|
||||
u_int32_t mark;
|
||||
int err;
|
||||
|
||||
/* root is playing with raw sockets. */
|
||||
if (skb->len < sizeof(struct iphdr) ||
|
||||
|
|
@ -66,9 +67,11 @@ ipt_mangle_out(struct sk_buff *skb, const struct net_device *out)
|
|||
if (iph->saddr != saddr ||
|
||||
iph->daddr != daddr ||
|
||||
skb->mark != mark ||
|
||||
iph->tos != tos)
|
||||
if (ip_route_me_harder(skb, RTN_UNSPEC))
|
||||
ret = NF_DROP;
|
||||
iph->tos != tos) {
|
||||
err = ip_route_me_harder(skb, RTN_UNSPEC);
|
||||
if (err < 0)
|
||||
ret = NF_DROP_ERR(err);
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
|
|
|
|||
|
|
@ -176,6 +176,7 @@ nf_nat_ipv4_out(unsigned int hooknum,
|
|||
#ifdef CONFIG_XFRM
|
||||
const struct nf_conn *ct;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
int err;
|
||||
#endif
|
||||
unsigned int ret;
|
||||
|
||||
|
|
@ -195,9 +196,11 @@ nf_nat_ipv4_out(unsigned int hooknum,
|
|||
ct->tuplehash[!dir].tuple.dst.u3.ip) ||
|
||||
(ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP &&
|
||||
ct->tuplehash[dir].tuple.src.u.all !=
|
||||
ct->tuplehash[!dir].tuple.dst.u.all))
|
||||
if (nf_xfrm_me_harder(skb, AF_INET) < 0)
|
||||
ret = NF_DROP;
|
||||
ct->tuplehash[!dir].tuple.dst.u.all)) {
|
||||
err = nf_xfrm_me_harder(skb, AF_INET);
|
||||
if (err < 0)
|
||||
ret = NF_DROP_ERR(err);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
return ret;
|
||||
|
|
@ -213,6 +216,7 @@ nf_nat_ipv4_local_fn(unsigned int hooknum,
|
|||
const struct nf_conn *ct;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
unsigned int ret;
|
||||
int err;
|
||||
|
||||
/* root is playing with raw sockets. */
|
||||
if (skb->len < sizeof(struct iphdr) ||
|
||||
|
|
@ -226,16 +230,19 @@ nf_nat_ipv4_local_fn(unsigned int hooknum,
|
|||
|
||||
if (ct->tuplehash[dir].tuple.dst.u3.ip !=
|
||||
ct->tuplehash[!dir].tuple.src.u3.ip) {
|
||||
if (ip_route_me_harder(skb, RTN_UNSPEC))
|
||||
ret = NF_DROP;
|
||||
err = ip_route_me_harder(skb, RTN_UNSPEC);
|
||||
if (err < 0)
|
||||
ret = NF_DROP_ERR(err);
|
||||
}
|
||||
#ifdef CONFIG_XFRM
|
||||
else if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) &&
|
||||
ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP &&
|
||||
ct->tuplehash[dir].tuple.dst.u.all !=
|
||||
ct->tuplehash[!dir].tuple.src.u.all)
|
||||
if (nf_xfrm_me_harder(skb, AF_INET) < 0)
|
||||
ret = NF_DROP;
|
||||
ct->tuplehash[!dir].tuple.src.u.all) {
|
||||
err = nf_xfrm_me_harder(skb, AF_INET);
|
||||
if (err < 0)
|
||||
ret = NF_DROP_ERR(err);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
return ret;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
|
||||
/* (C) 1999-2001 Paul `Rusty' Russell
|
||||
* (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
*
|
||||
* (C) 1999-2001 Paul `Rusty' Russell
|
||||
* (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* (C) 2006-2010 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/* (C) 1999-2001 Paul `Rusty' Russell
|
||||
* (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* (C) 2006-2010 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
* H.323 extension for NAT alteration.
|
||||
*
|
||||
* Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
|
||||
* Copyright (c) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This source code is licensed under General Public License version 2.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -13,6 +13,8 @@
|
|||
*
|
||||
* Development of this code funded by Astaro AG (http://www.astaro.com/)
|
||||
*
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* TODO: - NAT to a unique tuple, not to TCP source port
|
||||
* (needs netfilter tuple reservation)
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -21,6 +21,8 @@
|
|||
*
|
||||
* Development of this code funded by Astaro AG (http://www.astaro.com/)
|
||||
*
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
*/
|
||||
|
||||
#include <linux/module.h>
|
||||
|
|
|
|||
|
|
@ -38,6 +38,8 @@
|
|||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*
|
||||
* Author: James Morris <jmorris@intercode.com.au>
|
||||
*
|
||||
* Copyright (c) 2006-2010 Patrick McHardy <kaber@trash.net>
|
||||
*/
|
||||
#include <linux/module.h>
|
||||
#include <linux/moduleparam.h>
|
||||
|
|
|
|||
|
|
@ -1,3 +1,9 @@
|
|||
/*
|
||||
* IPv6 specific functions of netfilter core
|
||||
*
|
||||
* Rusty Russell (C) 2000 -- This code is GPL.
|
||||
* Patrick McHardy (C) 2006-2012
|
||||
*/
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/init.h>
|
||||
#include <linux/ipv6.h>
|
||||
|
|
@ -29,7 +35,7 @@ int ip6_route_me_harder(struct sk_buff *skb)
|
|||
IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
|
||||
LIMIT_NETDEBUG(KERN_DEBUG "ip6_route_me_harder: No more route.\n");
|
||||
dst_release(dst);
|
||||
return -EINVAL;
|
||||
return dst->error;
|
||||
}
|
||||
|
||||
/* Drop old route. */
|
||||
|
|
@ -43,7 +49,7 @@ int ip6_route_me_harder(struct sk_buff *skb)
|
|||
skb_dst_set(skb, NULL);
|
||||
dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), skb->sk, 0);
|
||||
if (IS_ERR(dst))
|
||||
return -1;
|
||||
return PTR_ERR(dst);
|
||||
skb_dst_set(skb, dst);
|
||||
}
|
||||
#endif
|
||||
|
|
@ -53,7 +59,7 @@ int ip6_route_me_harder(struct sk_buff *skb)
|
|||
if (skb_headroom(skb) < hh_len &&
|
||||
pskb_expand_head(skb, HH_DATA_ALIGN(hh_len - skb_headroom(skb)),
|
||||
0, GFP_ATOMIC))
|
||||
return -1;
|
||||
return -ENOMEM;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -105,7 +105,7 @@ config IP6_NF_MATCH_MH
|
|||
|
||||
config IP6_NF_MATCH_RPFILTER
|
||||
tristate '"rpfilter" reverse path filter match support'
|
||||
depends on NETFILTER_ADVANCED
|
||||
depends on NETFILTER_ADVANCED && (IP6_NF_MANGLE || IP6_NF_RAW)
|
||||
---help---
|
||||
This option allows you to match packets whose replies would
|
||||
go out via the interface the packet came in.
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
*
|
||||
* Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
|
||||
* Copyright (C) 2000-2005 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* Copyright (c) 2006-2010 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -7,6 +7,8 @@
|
|||
* Authors:
|
||||
* Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
|
||||
*
|
||||
* Copyright (c) 2005-2007 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* Based on net/ipv4/netfilter/ipt_REJECT.c
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ ip6t_mangle_out(struct sk_buff *skb, const struct net_device *out)
|
|||
struct in6_addr saddr, daddr;
|
||||
u_int8_t hop_limit;
|
||||
u_int32_t flowlabel, mark;
|
||||
|
||||
int err;
|
||||
#if 0
|
||||
/* root is playing with raw sockets. */
|
||||
if (skb->len < sizeof(struct iphdr) ||
|
||||
|
|
@ -65,8 +65,11 @@ ip6t_mangle_out(struct sk_buff *skb, const struct net_device *out)
|
|||
!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, &daddr) ||
|
||||
skb->mark != mark ||
|
||||
ipv6_hdr(skb)->hop_limit != hop_limit ||
|
||||
flowlabel != *((u_int32_t *)ipv6_hdr(skb))))
|
||||
return ip6_route_me_harder(skb) == 0 ? ret : NF_DROP;
|
||||
flowlabel != *((u_int32_t *)ipv6_hdr(skb)))) {
|
||||
err = ip6_route_me_harder(skb);
|
||||
if (err < 0)
|
||||
ret = NF_DROP_ERR(err);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -179,6 +179,7 @@ nf_nat_ipv6_out(unsigned int hooknum,
|
|||
#ifdef CONFIG_XFRM
|
||||
const struct nf_conn *ct;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
int err;
|
||||
#endif
|
||||
unsigned int ret;
|
||||
|
||||
|
|
@ -197,9 +198,11 @@ nf_nat_ipv6_out(unsigned int hooknum,
|
|||
&ct->tuplehash[!dir].tuple.dst.u3) ||
|
||||
(ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 &&
|
||||
ct->tuplehash[dir].tuple.src.u.all !=
|
||||
ct->tuplehash[!dir].tuple.dst.u.all))
|
||||
if (nf_xfrm_me_harder(skb, AF_INET6) < 0)
|
||||
ret = NF_DROP;
|
||||
ct->tuplehash[!dir].tuple.dst.u.all)) {
|
||||
err = nf_xfrm_me_harder(skb, AF_INET6);
|
||||
if (err < 0)
|
||||
ret = NF_DROP_ERR(err);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
return ret;
|
||||
|
|
@ -215,6 +218,7 @@ nf_nat_ipv6_local_fn(unsigned int hooknum,
|
|||
const struct nf_conn *ct;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
unsigned int ret;
|
||||
int err;
|
||||
|
||||
/* root is playing with raw sockets. */
|
||||
if (skb->len < sizeof(struct ipv6hdr))
|
||||
|
|
@ -227,16 +231,19 @@ nf_nat_ipv6_local_fn(unsigned int hooknum,
|
|||
|
||||
if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3,
|
||||
&ct->tuplehash[!dir].tuple.src.u3)) {
|
||||
if (ip6_route_me_harder(skb))
|
||||
ret = NF_DROP;
|
||||
err = ip6_route_me_harder(skb);
|
||||
if (err < 0)
|
||||
ret = NF_DROP_ERR(err);
|
||||
}
|
||||
#ifdef CONFIG_XFRM
|
||||
else if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) &&
|
||||
ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 &&
|
||||
ct->tuplehash[dir].tuple.dst.u.all !=
|
||||
ct->tuplehash[!dir].tuple.src.u.all)
|
||||
if (nf_xfrm_me_harder(skb, AF_INET6))
|
||||
ret = NF_DROP;
|
||||
ct->tuplehash[!dir].tuple.src.u.all) {
|
||||
err = nf_xfrm_me_harder(skb, AF_INET6);
|
||||
if (err < 0)
|
||||
ret = NF_DROP_ERR(err);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
return ret;
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
* way.
|
||||
*
|
||||
* Rusty Russell (C)2000 -- This code is GPL.
|
||||
* Patrick McHardy (c) 2006-2012
|
||||
*/
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/netfilter.h>
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
*
|
||||
* (C) 2002 by Brian J. Murrell <netfilter@interlinx.bc.ca>
|
||||
* based on HW's ip_conntrack_irc.c as well as other modules
|
||||
* (C) 2006 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
/* (C) 1999-2001 Paul `Rusty' Russell
|
||||
* (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
|
||||
* (C) 2005-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -1,8 +1,10 @@
|
|||
/* Event cache for netfilter. */
|
||||
|
||||
/* (C) 1999-2001 Paul `Rusty' Russell
|
||||
* (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
|
||||
/*
|
||||
* (C) 2005 Harald Welte <laforge@gnumonks.org>
|
||||
* (C) 2005 Patrick McHardy <kaber@trash.net>
|
||||
* (C) 2005-2006 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* (C) 2005 USAGI/WIDE Project <http://www.linux-ipv6.org>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
/* (C) 1999-2001 Paul `Rusty' Russell
|
||||
* (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
|
||||
* (c) 2005-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
/* (C) 1999-2001 Paul `Rusty' Russell
|
||||
* (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
* H.323 connection tracking helper
|
||||
*
|
||||
* Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
|
||||
* Copyright (c) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This source code is licensed under General Public License version 2.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
/* (C) 1999-2001 Paul `Rusty' Russell
|
||||
* (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
/* IRC extension for IP connection tracking, Version 1.21
|
||||
* (C) 2000-2002 by Harald Welte <laforge@gnumonks.org>
|
||||
* based on RR's ip_conntrack_ftp.c
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
|
|
|
|||
|
|
@ -11,6 +11,8 @@
|
|||
*
|
||||
* Development of this code funded by Astaro AG (http://www.astaro.com/)
|
||||
*
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* Limitations:
|
||||
* - We blindly assume that control connections are always
|
||||
* established in PNS->PAC direction. This is a violation
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
/* (C) 1999-2001 Paul `Rusty' Russell
|
||||
* (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@
|
|||
*
|
||||
* Development of this code funded by Astaro AG (http://www.astaro.com/)
|
||||
*
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*/
|
||||
|
||||
#include <linux/module.h>
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
/*
|
||||
* Connection tracking protocol helper module for SCTP.
|
||||
*
|
||||
* Copyright (c) 2004 Kiran Kumar Immidi <immidi_kiran@yahoo.com>
|
||||
* Copyright (c) 2004-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* SCTP is defined in RFC 2960. References to various sections in this code
|
||||
* are to this RFC.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
/* (C) 1999-2001 Paul `Rusty' Russell
|
||||
* (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* (C) 2002-2013 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/* (C) 1999-2001 Paul `Rusty' Russell
|
||||
* (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/* (C) 1999-2001 Paul `Rusty' Russell
|
||||
* (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* (C) 2005-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/* (C) 2001-2002 Magnus Boden <mb@ozaba.mine.nu>
|
||||
*
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
* published by the Free Software Foundation.
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
/* Amanda extension for TCP NAT alteration.
|
||||
* (C) 2002 by Brian J. Murrell <netfilter@interlinx.bc.ca>
|
||||
* based on a copy of HW's ip_nat_irc.c as well as other modules
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
|
|
|
|||
|
|
@ -87,9 +87,10 @@ int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family)
|
|||
struct flowi fl;
|
||||
unsigned int hh_len;
|
||||
struct dst_entry *dst;
|
||||
int err;
|
||||
|
||||
if (xfrm_decode_session(skb, &fl, family) < 0)
|
||||
return -1;
|
||||
err = xfrm_decode_session(skb, &fl, family);
|
||||
return err;
|
||||
|
||||
dst = skb_dst(skb);
|
||||
if (dst->xfrm)
|
||||
|
|
@ -98,7 +99,7 @@ int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family)
|
|||
|
||||
dst = xfrm_lookup(dev_net(dst->dev), dst, &fl, skb->sk, 0);
|
||||
if (IS_ERR(dst))
|
||||
return -1;
|
||||
return PTR_ERR(dst);
|
||||
|
||||
skb_dst_drop(skb);
|
||||
skb_dst_set(skb, dst);
|
||||
|
|
@ -107,7 +108,7 @@ int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family)
|
|||
hh_len = skb_dst(skb)->dev->hard_header_len;
|
||||
if (skb_headroom(skb) < hh_len &&
|
||||
pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))
|
||||
return -1;
|
||||
return -ENOMEM;
|
||||
return 0;
|
||||
}
|
||||
EXPORT_SYMBOL(nf_xfrm_me_harder);
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
*
|
||||
* (C) 2000-2002 Harald Welte <laforge@netfilter.org>
|
||||
* (C) 2003-2006 Netfilter Core Team <coreteam@netfilter.org>
|
||||
* (C) 2007-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -1,3 +1,8 @@
|
|||
/*
|
||||
* Rusty Russell (C)2000 -- This code is GPL.
|
||||
* Patrick McHardy (c) 2006-2012
|
||||
*/
|
||||
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/slab.h>
|
||||
#include <linux/init.h>
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
* nfetlink.
|
||||
*
|
||||
* (C) 2005 by Harald Welte <laforge@netfilter.org>
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* Based on the old ipv4-only ipt_ULOG.c:
|
||||
* (C) 2000-2004 by Harald Welte <laforge@netfilter.org>
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
* x_tables core - Backend for {ip,ip6,arp}_tables
|
||||
*
|
||||
* Copyright (C) 2006-2006 Harald Welte <laforge@netfilter.org>
|
||||
* Copyright (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* Based on existing ip_tables code which is
|
||||
* Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
* This is a module which is used for setting the MSS option in TCP packets.
|
||||
*
|
||||
* Copyright (C) 2000 Marc Boucher <marc@mbsi.ca>
|
||||
* Copyright (C) 2007 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
* information. (Superset of Rusty's minimalistic state match.)
|
||||
*
|
||||
* (C) 2001 Marc Boucher (marc@mbsi.ca).
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
* Copyright © CC Computer Consultants GmbH, 2007 - 2008
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
* separately for each hashbucket (sourceip/sourceport/dstip/dstport)
|
||||
*
|
||||
* (C) 2003-2004 by Harald Welte <laforge@netfilter.org>
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
* Copyright © CC Computer Consultants GmbH, 2007 - 2008
|
||||
*
|
||||
* Development of this code was funded by Astaro AG, http://www.astaro.com/
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/* (C) 1999 Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr>
|
||||
* (C) 1999 Hervé Eychenne <eychenne@info.enserb.u-bordeaux.fr>
|
||||
* (C) 2006-2012 Patrick McHardy <kaber@trash.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
|
|
|
|||
Loading…
Reference in a new issue