Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
cloud-kernel
提交
8b6f92b1
cloud-kernel
项目概览
openanolis
/
cloud-kernel
1 年多 前同步成功
通知
160
Star
36
Fork
7
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
10
列表
看板
标记
里程碑
合并请求
2
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
cloud-kernel
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
10
Issue
10
列表
看板
标记
里程碑
合并请求
2
合并请求
2
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
8b6f92b1
编写于
2月 24, 2009
作者:
D
David S. Miller
浏览文件
操作
浏览文件
下载
差异文件
Merge branch 'master' of
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6
上级
467388f2
325fb5b4
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
153 addition
and
65 deletion
+153
-65
include/linux/netfilter/xt_NFLOG.h
include/linux/netfilter/xt_NFLOG.h
+1
-1
include/net/netfilter/nf_conntrack_core.h
include/net/netfilter/nf_conntrack_core.h
+1
-1
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+3
-2
net/netfilter/nfnetlink_log.c
net/netfilter/nfnetlink_log.c
+5
-3
net/netfilter/x_tables.c
net/netfilter/x_tables.c
+142
-57
net/netfilter/xt_recent.c
net/netfilter/xt_recent.c
+1
-1
未找到文件。
include/linux/netfilter/xt_NFLOG.h
浏览文件 @
8b6f92b1
...
...
@@ -2,7 +2,7 @@
#define _XT_NFLOG_TARGET
#define XT_NFLOG_DEFAULT_GROUP 0x1
#define XT_NFLOG_DEFAULT_THRESHOLD
1
#define XT_NFLOG_DEFAULT_THRESHOLD
0
#define XT_NFLOG_MASK 0x0
...
...
include/net/netfilter/nf_conntrack_core.h
浏览文件 @
8b6f92b1
...
...
@@ -59,7 +59,7 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb)
struct
nf_conn
*
ct
=
(
struct
nf_conn
*
)
skb
->
nfct
;
int
ret
=
NF_ACCEPT
;
if
(
ct
)
{
if
(
ct
&&
ct
!=
&
nf_conntrack_untracked
)
{
if
(
!
nf_ct_is_confirmed
(
ct
)
&&
!
nf_ct_is_dying
(
ct
))
ret
=
__nf_conntrack_confirm
(
skb
);
nf_ct_deliver_cached_events
(
ct
);
...
...
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
浏览文件 @
8b6f92b1
...
...
@@ -201,8 +201,9 @@ icmpv6_error(struct net *net, struct sk_buff *skb, unsigned int dataoff,
if
(
net
->
ct
.
sysctl_checksum
&&
hooknum
==
NF_INET_PRE_ROUTING
&&
nf_ip6_checksum
(
skb
,
hooknum
,
dataoff
,
IPPROTO_ICMPV6
))
{
nf_log_packet
(
PF_INET6
,
0
,
skb
,
NULL
,
NULL
,
NULL
,
"nf_ct_icmpv6: ICMPv6 checksum failed
\n
"
);
if
(
LOG_INVALID
(
net
,
IPPROTO_ICMPV6
))
nf_log_packet
(
PF_INET6
,
0
,
skb
,
NULL
,
NULL
,
NULL
,
"nf_ct_icmpv6: ICMPv6 checksum failed "
);
return
-
NF_ACCEPT
;
}
...
...
net/netfilter/nfnetlink_log.c
浏览文件 @
8b6f92b1
...
...
@@ -39,7 +39,7 @@
#endif
#define NFULNL_NLBUFSIZ_DEFAULT NLMSG_GOODSIZE
#define NFULNL_TIMEOUT_DEFAULT
HZ
/* every second */
#define NFULNL_TIMEOUT_DEFAULT
100
/* every second */
#define NFULNL_QTHRESH_DEFAULT 100
/* 100 packets */
#define NFULNL_COPY_RANGE_MAX 0xFFFF
/* max packet size is limited by 16-bit struct nfattr nfa_len field */
...
...
@@ -590,8 +590,10 @@ nfulnl_log_packet(u_int8_t pf,
qthreshold
=
inst
->
qthreshold
;
/* per-rule qthreshold overrides per-instance */
if
(
qthreshold
>
li
->
u
.
ulog
.
qthreshold
)
qthreshold
=
li
->
u
.
ulog
.
qthreshold
;
if
(
li
->
u
.
ulog
.
qthreshold
)
if
(
qthreshold
>
li
->
u
.
ulog
.
qthreshold
)
qthreshold
=
li
->
u
.
ulog
.
qthreshold
;
switch
(
inst
->
copy_mode
)
{
case
NFULNL_COPY_META
:
...
...
net/netfilter/x_tables.c
浏览文件 @
8b6f92b1
...
...
@@ -827,59 +827,143 @@ static const struct file_operations xt_table_ops = {
.
release
=
seq_release_net
,
};
static
void
*
xt_match_seq_start
(
struct
seq_file
*
seq
,
loff_t
*
pos
)
/*
* Traverse state for ip{,6}_{tables,matches} for helping crossing
* the multi-AF mutexes.
*/
struct
nf_mttg_trav
{
struct
list_head
*
head
,
*
curr
;
uint8_t
class
,
nfproto
;
};
enum
{
MTTG_TRAV_INIT
,
MTTG_TRAV_NFP_UNSPEC
,
MTTG_TRAV_NFP_SPEC
,
MTTG_TRAV_DONE
,
};
static
void
*
xt_mttg_seq_next
(
struct
seq_file
*
seq
,
void
*
v
,
loff_t
*
ppos
,
bool
is_target
)
{
struct
proc_dir_entry
*
pde
=
(
struct
proc_dir_entry
*
)
seq
->
private
;
u_int16_t
af
=
(
unsigned
long
)
pde
->
data
;
static
const
uint8_t
next_class
[]
=
{
[
MTTG_TRAV_NFP_UNSPEC
]
=
MTTG_TRAV_NFP_SPEC
,
[
MTTG_TRAV_NFP_SPEC
]
=
MTTG_TRAV_DONE
,
};
struct
nf_mttg_trav
*
trav
=
seq
->
private
;
switch
(
trav
->
class
)
{
case
MTTG_TRAV_INIT
:
trav
->
class
=
MTTG_TRAV_NFP_UNSPEC
;
mutex_lock
(
&
xt
[
NFPROTO_UNSPEC
].
mutex
);
trav
->
head
=
trav
->
curr
=
is_target
?
&
xt
[
NFPROTO_UNSPEC
].
target
:
&
xt
[
NFPROTO_UNSPEC
].
match
;
break
;
case
MTTG_TRAV_NFP_UNSPEC
:
trav
->
curr
=
trav
->
curr
->
next
;
if
(
trav
->
curr
!=
trav
->
head
)
break
;
mutex_unlock
(
&
xt
[
NFPROTO_UNSPEC
].
mutex
);
mutex_lock
(
&
xt
[
trav
->
nfproto
].
mutex
);
trav
->
head
=
trav
->
curr
=
is_target
?
&
xt
[
trav
->
nfproto
].
target
:
&
xt
[
trav
->
nfproto
].
match
;
trav
->
class
=
next_class
[
trav
->
class
];
break
;
case
MTTG_TRAV_NFP_SPEC
:
trav
->
curr
=
trav
->
curr
->
next
;
if
(
trav
->
curr
!=
trav
->
head
)
break
;
/* fallthru, _stop will unlock */
default:
return
NULL
;
}
mutex_lock
(
&
xt
[
af
].
mutex
);
return
seq_list_start
(
&
xt
[
af
].
match
,
*
pos
);
if
(
ppos
!=
NULL
)
++*
ppos
;
return
trav
;
}
static
void
*
xt_match_seq_next
(
struct
seq_file
*
seq
,
void
*
v
,
loff_t
*
pos
)
static
void
*
xt_mttg_seq_start
(
struct
seq_file
*
seq
,
loff_t
*
pos
,
bool
is_target
)
{
struct
proc_dir_entry
*
pde
=
(
struct
proc_dir_entry
*
)
seq
->
private
;
u
_int16_t
af
=
(
unsigned
long
)
pde
->
data
;
struct
nf_mttg_trav
*
trav
=
seq
->
private
;
u
nsigned
int
j
;
return
seq_list_next
(
v
,
&
xt
[
af
].
match
,
pos
);
trav
->
class
=
MTTG_TRAV_INIT
;
for
(
j
=
0
;
j
<
*
pos
;
++
j
)
if
(
xt_mttg_seq_next
(
seq
,
NULL
,
NULL
,
is_target
)
==
NULL
)
return
NULL
;
return
trav
;
}
static
void
xt_m
atch
_seq_stop
(
struct
seq_file
*
seq
,
void
*
v
)
static
void
xt_m
ttg
_seq_stop
(
struct
seq_file
*
seq
,
void
*
v
)
{
struct
proc_dir_entry
*
pde
=
seq
->
private
;
u_int16_t
af
=
(
unsigned
long
)
pde
->
data
;
struct
nf_mttg_trav
*
trav
=
seq
->
private
;
switch
(
trav
->
class
)
{
case
MTTG_TRAV_NFP_UNSPEC
:
mutex_unlock
(
&
xt
[
NFPROTO_UNSPEC
].
mutex
);
break
;
case
MTTG_TRAV_NFP_SPEC
:
mutex_unlock
(
&
xt
[
trav
->
nfproto
].
mutex
);
break
;
}
}
mutex_unlock
(
&
xt
[
af
].
mutex
);
static
void
*
xt_match_seq_start
(
struct
seq_file
*
seq
,
loff_t
*
pos
)
{
return
xt_mttg_seq_start
(
seq
,
pos
,
false
);
}
static
int
xt_match_seq_show
(
struct
seq_file
*
seq
,
void
*
v
)
static
void
*
xt_match_seq_next
(
struct
seq_file
*
seq
,
void
*
v
,
loff_t
*
ppos
)
{
struct
xt_match
*
match
=
list_entry
(
v
,
struct
xt_match
,
list
);
return
xt_mttg_seq_next
(
seq
,
v
,
ppos
,
false
);
}
if
(
strlen
(
match
->
name
))
return
seq_printf
(
seq
,
"%s
\n
"
,
match
->
name
);
else
return
0
;
static
int
xt_match_seq_show
(
struct
seq_file
*
seq
,
void
*
v
)
{
const
struct
nf_mttg_trav
*
trav
=
seq
->
private
;
const
struct
xt_match
*
match
;
switch
(
trav
->
class
)
{
case
MTTG_TRAV_NFP_UNSPEC
:
case
MTTG_TRAV_NFP_SPEC
:
if
(
trav
->
curr
==
trav
->
head
)
return
0
;
match
=
list_entry
(
trav
->
curr
,
struct
xt_match
,
list
);
return
(
*
match
->
name
==
'\0'
)
?
0
:
seq_printf
(
seq
,
"%s
\n
"
,
match
->
name
);
}
return
0
;
}
static
const
struct
seq_operations
xt_match_seq_ops
=
{
.
start
=
xt_match_seq_start
,
.
next
=
xt_match_seq_next
,
.
stop
=
xt_m
atch
_seq_stop
,
.
stop
=
xt_m
ttg
_seq_stop
,
.
show
=
xt_match_seq_show
,
};
static
int
xt_match_open
(
struct
inode
*
inode
,
struct
file
*
file
)
{
struct
seq_file
*
seq
;
struct
nf_mttg_trav
*
trav
;
int
ret
;
ret
=
seq_open
(
file
,
&
xt_match_seq_ops
);
if
(
!
ret
)
{
struct
seq_file
*
seq
=
file
->
private_data
;
trav
=
kmalloc
(
sizeof
(
*
trav
),
GFP_KERNEL
);
if
(
trav
==
NULL
)
return
-
ENOMEM
;
seq
->
private
=
PDE
(
inode
);
ret
=
seq_open
(
file
,
&
xt_match_seq_ops
);
if
(
ret
<
0
)
{
kfree
(
trav
);
return
ret
;
}
return
ret
;
seq
=
file
->
private_data
;
seq
->
private
=
trav
;
trav
->
nfproto
=
(
unsigned
long
)
PDE
(
inode
)
->
data
;
return
0
;
}
static
const
struct
file_operations
xt_match_ops
=
{
...
...
@@ -887,62 +971,63 @@ static const struct file_operations xt_match_ops = {
.
open
=
xt_match_open
,
.
read
=
seq_read
,
.
llseek
=
seq_lseek
,
.
release
=
seq_release
,
.
release
=
seq_release
_private
,
};
static
void
*
xt_target_seq_start
(
struct
seq_file
*
seq
,
loff_t
*
pos
)
{
struct
proc_dir_entry
*
pde
=
(
struct
proc_dir_entry
*
)
seq
->
private
;
u_int16_t
af
=
(
unsigned
long
)
pde
->
data
;
mutex_lock
(
&
xt
[
af
].
mutex
);
return
seq_list_start
(
&
xt
[
af
].
target
,
*
pos
);
return
xt_mttg_seq_start
(
seq
,
pos
,
true
);
}
static
void
*
xt_target_seq_next
(
struct
seq_file
*
seq
,
void
*
v
,
loff_t
*
pos
)
static
void
*
xt_target_seq_next
(
struct
seq_file
*
seq
,
void
*
v
,
loff_t
*
p
p
os
)
{
struct
proc_dir_entry
*
pde
=
(
struct
proc_dir_entry
*
)
seq
->
private
;
u_int16_t
af
=
(
unsigned
long
)
pde
->
data
;
return
seq_list_next
(
v
,
&
xt
[
af
].
target
,
pos
);
}
static
void
xt_target_seq_stop
(
struct
seq_file
*
seq
,
void
*
v
)
{
struct
proc_dir_entry
*
pde
=
seq
->
private
;
u_int16_t
af
=
(
unsigned
long
)
pde
->
data
;
mutex_unlock
(
&
xt
[
af
].
mutex
);
return
xt_mttg_seq_next
(
seq
,
v
,
ppos
,
true
);
}
static
int
xt_target_seq_show
(
struct
seq_file
*
seq
,
void
*
v
)
{
struct
xt_target
*
target
=
list_entry
(
v
,
struct
xt_target
,
list
);
if
(
strlen
(
target
->
name
))
return
seq_printf
(
seq
,
"%s
\n
"
,
target
->
name
);
else
return
0
;
const
struct
nf_mttg_trav
*
trav
=
seq
->
private
;
const
struct
xt_target
*
target
;
switch
(
trav
->
class
)
{
case
MTTG_TRAV_NFP_UNSPEC
:
case
MTTG_TRAV_NFP_SPEC
:
if
(
trav
->
curr
==
trav
->
head
)
return
0
;
target
=
list_entry
(
trav
->
curr
,
struct
xt_target
,
list
);
return
(
*
target
->
name
==
'\0'
)
?
0
:
seq_printf
(
seq
,
"%s
\n
"
,
target
->
name
);
}
return
0
;
}
static
const
struct
seq_operations
xt_target_seq_ops
=
{
.
start
=
xt_target_seq_start
,
.
next
=
xt_target_seq_next
,
.
stop
=
xt_
target
_seq_stop
,
.
stop
=
xt_
mttg
_seq_stop
,
.
show
=
xt_target_seq_show
,
};
static
int
xt_target_open
(
struct
inode
*
inode
,
struct
file
*
file
)
{
struct
seq_file
*
seq
;
struct
nf_mttg_trav
*
trav
;
int
ret
;
ret
=
seq_open
(
file
,
&
xt_target_seq_ops
);
if
(
!
ret
)
{
struct
seq_file
*
seq
=
file
->
private_data
;
trav
=
kmalloc
(
sizeof
(
*
trav
),
GFP_KERNEL
);
if
(
trav
==
NULL
)
return
-
ENOMEM
;
seq
->
private
=
PDE
(
inode
);
ret
=
seq_open
(
file
,
&
xt_target_seq_ops
);
if
(
ret
<
0
)
{
kfree
(
trav
);
return
ret
;
}
return
ret
;
seq
=
file
->
private_data
;
seq
->
private
=
trav
;
trav
->
nfproto
=
(
unsigned
long
)
PDE
(
inode
)
->
data
;
return
0
;
}
static
const
struct
file_operations
xt_target_ops
=
{
...
...
@@ -950,7 +1035,7 @@ static const struct file_operations xt_target_ops = {
.
open
=
xt_target_open
,
.
read
=
seq_read
,
.
llseek
=
seq_lseek
,
.
release
=
seq_release
,
.
release
=
seq_release
_private
,
};
#define FORMAT_TABLES "_tables_names"
...
...
net/netfilter/xt_recent.c
浏览文件 @
8b6f92b1
...
...
@@ -542,7 +542,7 @@ recent_mt_proc_write(struct file *file, const char __user *input,
struct
recent_entry
*
e
;
char
buf
[
sizeof
(
"+b335:1d35:1e55:dead:c0de:1715:5afe:c0de"
)];
const
char
*
c
=
buf
;
union
nf_inet_addr
addr
;
union
nf_inet_addr
addr
=
{}
;
u_int16_t
family
;
bool
add
,
succ
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录