# -------------------------------------------- # 03/08/24 shemminger@osdl.org 1.1292 # [IPV4]: Route cache /proc interface cleanup. # * use proc_net_fops_create to setup # * collapse two_line setup functions into the init routine # * proc_exit routine was never called and can go. # * cleaner to refer to proc_net as base rather than net/rt_acct # -------------------------------------------- # 03/08/24 rusty@rustcorp.com.au 1.1293 # [NETFILTER]: Trivial 2.6 tftp conntrack fix. # In 2.6, the TFTP conntrack helper returns -1 if the packet is too # short, but that is an invalid return code. Return NF_ACCEPT # instead. # -------------------------------------------- # 03/08/24 bdschuym@pandora.be 1.1294 # [BRIDGE]: Add arpreply EBTABLES target. # -------------------------------------------- # 03/08/24 shemminger@osdl.org 1.1295 # [AX25]: Make sure and hold ref to dev. # # The lower layers of ax25 hold a reference to the underlying device # but don't increment the ref count. This is safe because it does the # right thing when UNREGISTER notification comes in, but it is better # to do the right thing. # -------------------------------------------- # 03/08/24 shemminger@osdl.org 1.1296 # [AX25]: Convert to seq_file. # -------------------------------------------- # 03/08/24 bdschuym@pandora.be 1.1297 # [BRIDGING]: Update Kconfig files for bridging firewall. # -------------------------------------------- # 03/08/24 lists@mdiehl.de 1.1298 # [IRDA]: vlsi_ir v0.5 update, 1/7. # # * Kconfig: we depend on CONFIG_PCI # * update header compatibility stuff # * beautify C99-initializers for PCI IDs # * PCIDEV_NAME wrapper to abstract device name storage location # * cleanup of the pci shutdown path. Also fixing a possible NULL-pointer # dereference when the driver is rmmod with the netdev still running. # -------------------------------------------- # 03/08/24 lists@mdiehl.de 1.1299 # [IRDA]: vlsi_ir v0.5 update, 2/7. # # * don't fail without procfs - it's only needed for diagnostics # * get rid of printk in favour of IRDA_DEBUG and friends wherever possible # * reduce kernellog noise depending on irda debuglevel # -------------------------------------------- # 03/08/24 lists@mdiehl.de 1.1300 # [IRDA]: vlsi_ir v0.5 update, 3/7. # # * fix error path for ring entry alloc in case pci_map failed # * get rid of BUG() - it's mostly in interrupt and there's no need # to kill the box on such issues # * correct endianess for the hardware view of ring descriptors # -------------------------------------------- # 03/08/24 lists@mdiehl.de 1.1301 # [IRDA]: vlsi_ir v0.5 update, 4/7. # # * interrupt handler cleanup, focus on fast path and low latency # * rx-path cleanup # * add missing crc16 check of incoming SIR frames # -------------------------------------------- # 03/08/24 lists@mdiehl.de 1.1302 # [IRDA]: vlsi_ir v0.5 update, 5/7. # # * cleanup baud rate setting and mode switch # * locking and barrier review # -------------------------------------------- # 03/08/24 lists@mdiehl.de 1.1303 # [IRDA]: vlsi_ir v0.5 update, 6/7. # # * tx-path cleanup # * fix deadlock when setting speed in tx_interrupt, issue was introduced by # previous interrupt locking cleanup # * don't let start_xmit return NET_XMIT_DROP if we drop and free the skb. # This fixes an old bug in the error path leading to skb_slab corruption # -------------------------------------------- # 03/08/24 lists@mdiehl.de 1.1304 # [IRDA]: vlsi_ir v0.5 update, 7/7. # # * correct mtt bits to indicate 1msec or more # * rename IRENABLE_IREN to IRENABLE_PHYANDCLOCK # * rearrange driver metadata and header # * driver version 0.5 # -------------------------------------------- # 03/08/24 vinay-rc@naturesoft.net 1.1305 # [NET]: Fix 'spin_lock_irqrestore' typos in sk_mca.c # -------------------------------------------- # 03/08/24 laforge@netfilter.org 1.1306 # [NETFILTER]: Fix ipt_REJECT if used on bridge. # -------------------------------------------- # 03/08/24 laforge@netfilter.org 1.1307 # [NETFILTER]: Remove ipt_MIRROR target from 2.6.x # # We have decided to remove the MIRROR target, since it was considered a # stupid and potentially dangeroups example code of the early netfilter # days that should never be used on the internet anyway. # -------------------------------------------- # 03/08/24 skewer@terra.com.br 1.1308 # [NET]: Remove dead comment from dummy.c driver. # -------------------------------------------- # 03/08/24 laforge@netfilter.org 1.1309 # [NETFILTER]: Remove ipt_unclean match from 2.6.x # # We have decided to remove the unclean match, since it is considered # a potentially dangerous function of the current iptables code. # # The match is used by lots of users who don't really undestand what kind # of danger they are imposing on the future-compatibility of their # networks. (just think of the ECN issue resulting from this kind of # filtering) # # We'd rather keep it in patch-o-matic, where lots of other modules that # are only useful in experimental scenarios are kept. # # Now that we don't have to keep it for compatibility reasons, we'd like # to remove it before 2.6.0 final is released. # -------------------------------------------- # 03/08/24 laforge@netfilter.org 1.1310 # [NETFILTER]: Remove EXPERIMENTAL mark from some netfilter stuff. # -------------------------------------------- # 03/08/24 laforge@netfilter.org 1.1311 # [NETFILTER]: Cosmetic netfilter patch. # # - moves all MODULE_{AUTHOR,DESCRIPTION,LICENSE} statements to the same # location # - adds some missing MODULE_LICENSE(GPL) tags # - adds MODULE_DESCRIPTION and AUTHOR to all modules # -------------------------------------------- # 03/08/24 laforge@netfilter.org 1.1312 # [NETFILTER]: NAT optimization. # # The following patch against 2.6.0-test4 (courtesy of Patrick McHardy) # optimizes the NAT code. In the old implementation, the hash function # was passed to the LIST_DELETE macro, which resulted in it being called # two times instead of one. # -------------------------------------------- # 03/08/24 laforge@netfilter.org 1.1313 # [NETFILTER]: Conntrack optimization (LIST_DELETE). # # The following patch against 2.6.0-test4 (courtesy of Patrick McHardy) # optimizes the conntrack code. In the old implementation, the hash function # was passed to the LIST_DELETE macro, which resulted in it being called # two times instead of one. # -------------------------------------------- # 03/08/24 vinay-rc@naturesoft.net 1.1314 # [NET]: Fix MCA device name handling in 3c509.c # -------------------------------------------- # 03/08/24 drepper@redhat.com 1.1315 # [NET]: Check tgid not pid in scm_check_creds(). # -------------------------------------------- # /dev/null | 832 -------------------------- drivers/net/3c509.c | 4 drivers/net/dummy.c | 2 drivers/net/irda/Kconfig | 2 drivers/net/irda/vlsi_ir.c | 539 ++++++++-------- drivers/net/sk_mca.c | 6 include/linux/netfilter_bridge/ebt_arpreply.h | 11 include/net/ax25.h | 4 include/net/irda/vlsi_ir.h | 98 ++- net/Kconfig | 10 net/ax25/af_ax25.c | 150 ++-- net/ax25/ax25_dev.c | 5 net/ax25/ax25_route.c | 103 ++- net/ax25/ax25_uid.c | 77 +- net/bridge/netfilter/Kconfig | 118 ++- net/bridge/netfilter/Makefile | 21 net/bridge/netfilter/ebt_arpreply.c | 89 ++ net/core/scm.c | 2 net/ipv4/netfilter/Kconfig | 27 net/ipv4/netfilter/Makefile | 2 net/ipv4/netfilter/arp_tables.c | 5 net/ipv4/netfilter/arpt_mangle.c | 5 net/ipv4/netfilter/arptable_filter.c | 5 net/ipv4/netfilter/ip_conntrack_core.c | 16 net/ipv4/netfilter/ip_conntrack_ftp.c | 5 net/ipv4/netfilter/ip_conntrack_irc.c | 4 net/ipv4/netfilter/ip_conntrack_tftp.c | 4 net/ipv4/netfilter/ip_nat_amanda.c | 2 net/ipv4/netfilter/ip_nat_core.c | 33 - net/ipv4/netfilter/ip_nat_ftp.c | 5 net/ipv4/netfilter/ip_nat_irc.c | 2 net/ipv4/netfilter/ip_nat_snmp_basic.c | 6 net/ipv4/netfilter/ip_nat_tftp.c | 2 net/ipv4/netfilter/ip_tables.c | 5 net/ipv4/netfilter/ipchains_core.c | 4 net/ipv4/netfilter/ipfwadm_core.c | 1 net/ipv4/netfilter/ipt_DSCP.c | 4 net/ipv4/netfilter/ipt_ECN.c | 2 net/ipv4/netfilter/ipt_LOG.c | 5 net/ipv4/netfilter/ipt_MARK.c | 5 net/ipv4/netfilter/ipt_MASQUERADE.c | 5 net/ipv4/netfilter/ipt_REDIRECT.c | 5 net/ipv4/netfilter/ipt_REJECT.c | 9 net/ipv4/netfilter/ipt_TCPMSS.c | 5 net/ipv4/netfilter/ipt_TOS.c | 5 net/ipv4/netfilter/ipt_ULOG.c | 2 net/ipv4/netfilter/ipt_ah.c | 2 net/ipv4/netfilter/ipt_conntrack.c | 5 net/ipv4/netfilter/ipt_dscp.c | 4 net/ipv4/netfilter/ipt_ecn.c | 4 net/ipv4/netfilter/ipt_esp.c | 2 net/ipv4/netfilter/ipt_helper.c | 2 net/ipv4/netfilter/ipt_limit.c | 5 net/ipv4/netfilter/ipt_mac.c | 5 net/ipv4/netfilter/ipt_mark.c | 5 net/ipv4/netfilter/ipt_multiport.c | 5 net/ipv4/netfilter/ipt_owner.c | 5 net/ipv4/netfilter/ipt_physdev.c | 5 net/ipv4/netfilter/ipt_state.c | 5 net/ipv4/netfilter/ipt_tcpmss.c | 5 net/ipv4/netfilter/ipt_tos.c | 4 net/ipv4/netfilter/iptable_filter.c | 5 net/ipv4/netfilter/iptable_mangle.c | 5 net/ipv4/route.c | 139 ++-- net/ipv6/netfilter/Kconfig | 22 net/ipv6/netfilter/ip6_tables.c | 5 net/ipv6/netfilter/ip6t_MARK.c | 4 net/ipv6/netfilter/ip6t_eui64.c | 7 net/ipv6/netfilter/ip6t_length.c | 4 net/ipv6/netfilter/ip6t_limit.c | 5 net/ipv6/netfilter/ip6t_mac.c | 6 net/ipv6/netfilter/ip6t_mark.c | 5 net/ipv6/netfilter/ip6t_multiport.c | 4 net/ipv6/netfilter/ip6table_filter.c | 5 net/ipv6/netfilter/ip6table_mangle.c | 5 75 files changed, 1049 insertions(+), 1488 deletions(-) diff -puN drivers/net/3c509.c~huge-net-update drivers/net/3c509.c --- 25/drivers/net/3c509.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/drivers/net/3c509.c 2003-08-24 12:09:15.000000000 -0700 @@ -629,8 +629,8 @@ static int __init el3_mca_probe(struct d el3_mca_adapter_names[mdev->index], slot + 1); /* claim the slot */ - strncpy(device->name, el3_mca_adapter_names[mdev->index], - sizeof(device->name)); + strncpy(mdev->name, el3_mca_adapter_names[mdev->index], + sizeof(mdev->name)); mca_device_set_claim(mdev, 1); if_port = pos4 & 0x03; diff -puN drivers/net/dummy.c~huge-net-update drivers/net/dummy.c --- 25/drivers/net/dummy.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/drivers/net/dummy.c 2003-08-24 12:09:15.000000000 -0700 @@ -28,8 +28,6 @@ Alan Cox, 30th May 1994 */ -/* To have statistics (just packets sent) define this */ - #include #include #include diff -puN drivers/net/irda/Kconfig~huge-net-update drivers/net/irda/Kconfig --- 25/drivers/net/irda/Kconfig~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/drivers/net/irda/Kconfig 2003-08-24 12:09:15.000000000 -0700 @@ -319,7 +319,7 @@ config ALI_FIR config VLSI_FIR tristate "VLSI 82C147 SIR/MIR/FIR (EXPERIMENTAL)" - depends on EXPERIMENTAL && IRDA + depends on EXPERIMENTAL && IRDA && PCI help Say Y here if you want to build support for the VLSI 82C147 PCI-IrDA Controller. This controller is used by the HP OmniBook 800 diff -puN drivers/net/irda/vlsi_ir.c~huge-net-update drivers/net/irda/vlsi_ir.c --- 25/drivers/net/irda/vlsi_ir.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/drivers/net/irda/vlsi_ir.c 2003-08-24 12:09:15.000000000 -0700 @@ -21,18 +21,20 @@ * ********************************************************************/ +#include #include -MODULE_DESCRIPTION("IrDA SIR/MIR/FIR driver for VLSI 82C147"); -MODULE_AUTHOR("Martin Diehl "); -MODULE_LICENSE("GPL"); +#define DRIVER_NAME "vlsi_ir" +#define DRIVER_VERSION "v0.5" +#define DRIVER_DESCRIPTION "IrDA SIR/MIR/FIR driver for VLSI 82C147" +#define DRIVER_AUTHOR "Martin Diehl " -#define DRIVER_NAME "vlsi_ir" -#define DRIVER_VERSION "v0.4a" +MODULE_DESCRIPTION(DRIVER_DESCRIPTION); +MODULE_AUTHOR(DRIVER_AUTHOR); +MODULE_LICENSE("GPL"); /********************************************************/ -#include #include #include #include @@ -44,10 +46,12 @@ MODULE_LICENSE("GPL"); #include #include #include +#include #include #include #include +#include #include @@ -55,14 +59,16 @@ MODULE_LICENSE("GPL"); static /* const */ char drivername[] = DRIVER_NAME; -#define PCI_CLASS_WIRELESS_IRDA 0x0d00 - -static struct pci_device_id vlsi_irda_table [] = { { - - .class = PCI_CLASS_WIRELESS_IRDA << 8, - .vendor = PCI_VENDOR_ID_VLSI, - .device = PCI_DEVICE_ID_VLSI_82C147, - }, { /* all zeroes */ } +static struct pci_device_id vlsi_irda_table [] = { + { + .class = PCI_CLASS_WIRELESS_IRDA << 8, + .class_mask = PCI_CLASS_SUBCLASS_MASK << 8, + .vendor = PCI_VENDOR_ID_VLSI, + .device = PCI_DEVICE_ID_VLSI_82C147, + .subvendor = PCI_ANY_ID, + .subdevice = PCI_ANY_ID, + }, + { /* all zeroes */ } }; MODULE_DEVICE_TABLE(pci, vlsi_irda_table); @@ -114,7 +120,7 @@ static int sirpulse = 1; /* default is MODULE_PARM(qos_mtt_bits, "i"); MODULE_PARM_DESC(qos_mtt_bits, "IrLAP bitfield representing min-turn-time"); -static int qos_mtt_bits = 0x04; /* default is 1 ms */ +static int qos_mtt_bits = 0x07; /* default is 1 ms or more */ /********************************************************/ @@ -164,7 +170,7 @@ static int vlsi_proc_pdev(struct pci_dev return 0; out += sprintf(out, "\n%s (vid/did: %04x/%04x)\n", - pci_name(pdev), (int)pdev->vendor, (int)pdev->device); + PCIDEV_NAME(pdev), (int)pdev->vendor, (int)pdev->device); out += sprintf(out, "pci-power-state: %u\n", (unsigned) pdev->current_state); out += sprintf(out, "resources: irq=%u / io=0x%04x / dma_mask=0x%016Lx\n", pdev->irq, (unsigned)pci_resource_start(pdev, 0), (u64)pdev->dma_mask); @@ -198,13 +204,13 @@ static int vlsi_proc_ndev(struct net_dev out += sprintf(out, "\nhw-state:\n"); pci_read_config_byte(idev->pdev, VLSI_PCI_IRMISC, &byte); - out += sprintf(out, "IRMISC:%s%s%s UART%s", + out += sprintf(out, "IRMISC:%s%s%s uart%s", (byte&IRMISC_IRRAIL) ? " irrail" : "", (byte&IRMISC_IRPD) ? " irpd" : "", (byte&IRMISC_UARTTST) ? " uarttest" : "", - (byte&IRMISC_UARTEN) ? "" : " disabled\n"); + (byte&IRMISC_UARTEN) ? "@" : " disabled\n"); if (byte&IRMISC_UARTEN) { - out += sprintf(out, "@0x%s\n", + out += sprintf(out, "0x%s\n", (byte&2) ? ((byte&1) ? "3e8" : "2e8") : ((byte&1) ? "3f8" : "2f8")); } @@ -254,7 +260,7 @@ static int vlsi_proc_ndev(struct net_dev (word&IRCFG_RXPOL) ? " RXPOL" : ""); word = inw(iobase+VLSI_PIO_IRENABLE); out += sprintf(out, "IRENABLE:%s%s%s%s%s%s%s%s\n", - (word&IRENABLE_IREN) ? " IRENABLE" : "", + (word&IRENABLE_PHYANDCLOCK) ? " PHYANDCLOCK" : "", (word&IRENABLE_CFGER) ? " CFGERR" : "", (word&IRENABLE_FIR_ON) ? " FIR_ON" : "", (word&IRENABLE_MIR_ON) ? " MIR_ON" : "", @@ -358,7 +364,7 @@ static int vlsi_proc_print(struct net_de char *out = buf; if (!ndev || !ndev->priv) { - printk(KERN_ERR "%s: invalid ptr!\n", __FUNCTION__); + ERROR("%s: invalid ptr!\n", __FUNCTION__); return 0; } @@ -539,7 +545,14 @@ static struct vlsi_ring *vlsi_alloc_ring memset(rd, 0, sizeof(*rd)); rd->hw = hwmap + i; rd->buf = kmalloc(len, GFP_KERNEL|GFP_DMA); - if (rd->buf == NULL) { + if (rd->buf == NULL + || !(busaddr = pci_map_single(pdev, rd->buf, len, dir))) { + if (rd->buf) { + ERROR("%s: failed to create PCI-MAP for %p", + __FUNCTION__, rd->buf); + kfree(rd->buf); + rd->buf = NULL; + } for (j = 0; j < i; j++) { rd = r->rd + j; busaddr = rd_get_addr(rd); @@ -552,12 +565,6 @@ static struct vlsi_ring *vlsi_alloc_ring kfree(r); return NULL; } - busaddr = pci_map_single(pdev, rd->buf, len, dir); - if (!busaddr) { - printk(KERN_ERR "%s: failed to create PCI-MAP for %p", - __FUNCTION__, rd->buf); - BUG(); - } rd_set_addr_status(rd, busaddr, 0); pci_dma_sync_single(pdev, busaddr, len, dir); /* initially, the dma buffer is owned by the CPU */ @@ -597,8 +604,7 @@ static int vlsi_create_hwif(vlsi_irda_de ringarea = pci_alloc_consistent(idev->pdev, HW_RING_AREA_SIZE, &idev->busaddr); if (!ringarea) { - printk(KERN_ERR "%s: insufficient memory for descriptor rings\n", - __FUNCTION__); + ERROR("%s: insufficient memory for descriptor rings\n", __FUNCTION__); goto out; } memset(ringarea, 0, HW_RING_AREA_SIZE); @@ -666,33 +672,52 @@ static int vlsi_process_rx(struct vlsi_r ret |= VLSI_RX_FRAME; if (status & RD_RX_CRCERR) ret |= VLSI_RX_CRC; + goto done; } - else { - len = rd_get_count(rd); - crclen = (idev->mode==IFF_FIR) ? sizeof(u32) : sizeof(u16); - len -= crclen; /* remove trailing CRC */ - if (len <= 0) { - printk(KERN_ERR "%s: strange frame (len=%d)\n", - __FUNCTION__, len); - ret |= VLSI_RX_DROP; - } - else if (!rd->skb) { - printk(KERN_ERR "%s: rx packet dropped\n", __FUNCTION__); - ret |= VLSI_RX_DROP; - } - else { - skb = rd->skb; - rd->skb = NULL; - skb->dev = ndev; - memcpy(skb_put(skb,len), rd->buf, len); - skb->mac.raw = skb->data; - if (in_interrupt()) - netif_rx(skb); - else - netif_rx_ni(skb); - ndev->last_rx = jiffies; + + len = rd_get_count(rd); + crclen = (idev->mode==IFF_FIR) ? sizeof(u32) : sizeof(u16); + len -= crclen; /* remove trailing CRC */ + if (len <= 0) { + IRDA_DEBUG(0, "%s: strange frame (len=%d)\n", __FUNCTION__, len); + ret |= VLSI_RX_DROP; + goto done; + } + + if (idev->mode == IFF_SIR) { /* hw checks CRC in MIR, FIR mode */ + + /* rd->buf is a streaming PCI_DMA_FROMDEVICE map. Doing the + * endian-adjustment there just in place will dirty a cache line + * which belongs to the map and thus we must be sure it will + * get flushed before giving the buffer back to hardware. + * vlsi_fill_rx() will do this anyway - but here we rely on. + */ + le16_to_cpus(rd->buf+len); + if (irda_calc_crc16(INIT_FCS,rd->buf,len+crclen) != GOOD_FCS) { + IRDA_DEBUG(0, "%s: crc error\n", __FUNCTION__); + ret |= VLSI_RX_CRC; + goto done; } } + + if (!rd->skb) { + WARNING("%s: rx packet lost\n", __FUNCTION__); + ret |= VLSI_RX_DROP; + goto done; + } + + skb = rd->skb; + rd->skb = NULL; + skb->dev = ndev; + memcpy(skb_put(skb,len), rd->buf, len); + skb->mac.raw = skb->data; + if (in_interrupt()) + netif_rx(skb); + else + netif_rx_ni(skb); + ndev->last_rx = jiffies; + +done: rd_set_status(rd, 0); rd_set_count(rd, 0); /* buffer still owned by CPU */ @@ -706,7 +731,9 @@ static void vlsi_fill_rx(struct vlsi_rin for (rd = ring_last(r); rd != NULL; rd = ring_put(r)) { if (rd_is_active(rd)) { - BUG(); + WARNING("%s: driver bug: rx descr race with hw\n", + __FUNCTION__); + vlsi_ring_debug(r); break; } if (!rd->skb) { @@ -764,7 +791,7 @@ static void vlsi_rx_interrupt(struct net if (ring_first(r) == NULL) { /* we are in big trouble, if this should ever happen */ - printk(KERN_ERR "%s: rx ring exhausted!\n", __FUNCTION__); + ERROR("%s: rx ring exhausted!\n", __FUNCTION__); vlsi_ring_debug(r); } else @@ -785,7 +812,7 @@ static void vlsi_unarm_rx(vlsi_irda_dev_ if (rd_is_active(rd)) { rd_set_status(rd, 0); if (rd_get_count(rd)) { - printk(KERN_INFO "%s - dropping rx packet\n", __FUNCTION__); + IRDA_DEBUG(0, "%s - dropping rx packet\n", __FUNCTION__); ret = -VLSI_RX_DROP; } rd_set_count(rd, 0); @@ -850,24 +877,17 @@ static int vlsi_process_tx(struct vlsi_r return (ret) ? -ret : len; } -static int vlsi_set_baud(struct net_device *ndev, int dolock) +static int vlsi_set_baud(vlsi_irda_dev_t *idev, unsigned iobase) { - vlsi_irda_dev_t *idev = ndev->priv; - unsigned long flags; u16 nphyctl; - unsigned iobase; u16 config; unsigned mode; - unsigned idle_retry; int ret; int baudrate; - int fifocnt = 0; /* Keep compiler happy */ + int fifocnt; baudrate = idev->new_baud; - iobase = ndev->base_addr; -#if 0 - printk(KERN_DEBUG "%s: %d -> %d\n", __FUNCTION__, idev->baud, idev->new_baud); -#endif + IRDA_DEBUG(2, "%s: %d -> %d\n", __FUNCTION__, idev->baud, idev->new_baud); if (baudrate == 4000000) { mode = IFF_FIR; config = IRCFG_FIR; @@ -883,7 +903,7 @@ static int vlsi_set_baud(struct net_devi config = IRCFG_SIR | IRCFG_SIRFILT | IRCFG_RXANY; switch(baudrate) { default: - printk(KERN_ERR "%s: undefined baudrate %d - fallback to 9600!\n", + WARNING("%s: undefined baudrate %d - fallback to 9600!\n", __FUNCTION__, baudrate); baudrate = 9600; /* fallthru */ @@ -897,40 +917,18 @@ static int vlsi_set_baud(struct net_devi break; } } + config |= IRCFG_MSTR | IRCFG_ENRX; - if (dolock) - spin_lock_irqsave(&idev->lock, flags); - else - flags = 0xdead; /* prevent bogus warning about possible uninitialized use */ - - for (idle_retry=0; idle_retry < 100; idle_retry++) { - fifocnt = inw(ndev->base_addr+VLSI_PIO_RCVBCNT) & RCVBCNT_MASK; - if (fifocnt == 0) - break; - if (!idle_retry) - printk(KERN_WARNING "%s: waiting for rx fifo to become empty(%d)\n", - __FUNCTION__, fifocnt); - if (dolock) { - spin_unlock_irqrestore(&idev->lock, flags); - udelay(100); - spin_lock_irqsave(&idev->lock, flags); - } - else - udelay(100); + fifocnt = inw(iobase+VLSI_PIO_RCVBCNT) & RCVBCNT_MASK; + if (fifocnt != 0) { + IRDA_DEBUG(0, "%s: rx fifo not empty(%d)\n", __FUNCTION__, fifocnt); } - if (fifocnt != 0) - printk(KERN_ERR "%s: rx fifo not empty(%d)\n", __FUNCTION__, fifocnt); outw(0, iobase+VLSI_PIO_IRENABLE); - wmb(); - - config |= IRCFG_MSTR | IRCFG_ENRX; - outw(config, iobase+VLSI_PIO_IRCFG); - outw(nphyctl, iobase+VLSI_PIO_NPHYCTL); wmb(); - outw(IRENABLE_IREN, iobase+VLSI_PIO_IRENABLE); + outw(IRENABLE_PHYANDCLOCK, iobase+VLSI_PIO_IRENABLE); mb(); udelay(1); /* chip applies IRCFG on next rising edge of its 8MHz clock */ @@ -946,14 +944,14 @@ static int vlsi_set_baud(struct net_devi else config ^= IRENABLE_SIR_ON; - if (config != (IRENABLE_IREN|IRENABLE_ENRXST)) { - printk(KERN_ERR "%s: failed to set %s mode!\n", __FUNCTION__, + if (config != (IRENABLE_PHYANDCLOCK|IRENABLE_ENRXST)) { + WARNING("%s: failed to set %s mode!\n", __FUNCTION__, (mode==IFF_SIR)?"SIR":((mode==IFF_MIR)?"MIR":"FIR")); ret = -1; } else { if (inw(iobase+VLSI_PIO_PHYCTL) != nphyctl) { - printk(KERN_ERR "%s: failed to apply baudrate %d\n", + WARNING("%s: failed to apply baudrate %d\n", __FUNCTION__, baudrate); ret = -1; } @@ -964,8 +962,6 @@ static int vlsi_set_baud(struct net_devi ret = 0; } } - if (dolock) - spin_unlock_irqrestore(&idev->lock, flags); if (ret) vlsi_reg_debug(iobase,__FUNCTION__); @@ -973,16 +969,6 @@ static int vlsi_set_baud(struct net_devi return ret; } -static inline int vlsi_set_baud_lock(struct net_device *ndev) -{ - return vlsi_set_baud(ndev, 1); -} - -static inline int vlsi_set_baud_nolock(struct net_device *ndev) -{ - return vlsi_set_baud(ndev, 0); -} - static int vlsi_hard_start_xmit(struct sk_buff *skb, struct net_device *ndev) { vlsi_irda_dev_t *idev = ndev->priv; @@ -995,79 +981,100 @@ static int vlsi_hard_start_xmit(struct s int mtt; int len, speed; struct timeval now, ready; + char *msg = NULL; speed = irda_get_next_speed(skb); + spin_lock_irqsave(&idev->lock, flags); if (speed != -1 && speed != idev->baud) { netif_stop_queue(ndev); idev->new_baud = speed; - if (!skb->len) { - dev_kfree_skb_any(skb); - - /* due to the completely asynch tx operation we might have - * IrLAP racing with the hardware here, f.e. if the controller - * is just sending the last packet with current speed while - * the LAP is already switching the speed using synchronous - * len=0 packet. Immediate execution would lead to hw lockup - * requiring a powercycle to reset. Good candidate to trigger - * this is the final UA:RSP packet after receiving a DISC:CMD - * when getting the LAP down. - * Note that we are not protected by the queue_stop approach - * because the final UA:RSP arrives _without_ request to apply - * new-speed-after-this-packet - hence the driver doesn't know - * this was the last packet and doesn't stop the queue. So the - * forced switch to default speed from LAP gets through as fast - * as only some 10 usec later while the UA:RSP is still processed - * by the hardware and we would get screwed. - * Note: no locking required since we (netdev->xmit) are the only - * supplier for tx and the network layer provides serialization - */ - spin_lock_irqsave(&idev->lock, flags); - if (ring_first(idev->tx_ring) == NULL) { - /* no race - tx-ring already empty */ - vlsi_set_baud_nolock(ndev); - netif_wake_queue(ndev); - } - else - ; /* keep the speed change pending like it would - * for any len>0 packet. tx completion interrupt - * will apply it when the tx ring becomes empty. - */ - spin_unlock_irqrestore(&idev->lock, flags); - return 0; - } status = RD_TX_CLRENTX; /* stop tx-ring after this frame */ } else status = 0; if (skb->len == 0) { - printk(KERN_ERR "%s: dropping len=0 packet\n", __FUNCTION__); - goto drop; + /* handle zero packets - should be speed change */ + if (status == 0) { + msg = "bogus zero-length packet"; + goto drop_unlock; + } + + /* due to the completely asynch tx operation we might have + * IrLAP racing with the hardware here, f.e. if the controller + * is just sending the last packet with current speed while + * the LAP is already switching the speed using synchronous + * len=0 packet. Immediate execution would lead to hw lockup + * requiring a powercycle to reset. Good candidate to trigger + * this is the final UA:RSP packet after receiving a DISC:CMD + * when getting the LAP down. + * Note that we are not protected by the queue_stop approach + * because the final UA:RSP arrives _without_ request to apply + * new-speed-after-this-packet - hence the driver doesn't know + * this was the last packet and doesn't stop the queue. So the + * forced switch to default speed from LAP gets through as fast + * as only some 10 usec later while the UA:RSP is still processed + * by the hardware and we would get screwed. + */ + + if (ring_first(idev->tx_ring) == NULL) { + /* no race - tx-ring already empty */ + vlsi_set_baud(idev, iobase); + netif_wake_queue(ndev); + } + else + ; + /* keep the speed change pending like it would + * for any len>0 packet. tx completion interrupt + * will apply it when the tx ring becomes empty. + */ + spin_unlock_irqrestore(&idev->lock, flags); + dev_kfree_skb_any(skb); + return 0; } - /* sanity checks - should never happen! - * simply BUGging the violation and dropping the packet - */ + /* sanity checks - simply drop the packet */ rd = ring_last(r); - if (!rd) { /* ring full - queue should have been stopped! */ - BUG(); - goto drop; + if (!rd) { + msg = "ring full, but queue wasn't stopped"; + goto drop_unlock; } - if (rd_is_active(rd)) { /* entry still owned by hw! */ - BUG(); - goto drop; + if (rd_is_active(rd)) { + msg = "entry still owned by hw"; + goto drop_unlock; } - if (!rd->buf) { /* no memory for this tx entry - weird! */ - BUG(); - goto drop; + if (!rd->buf) { + msg = "tx ring entry without pci buffer"; + goto drop_unlock; } - if (rd->skb) { /* hm, associated old skb still there */ - BUG(); - goto drop; + if (rd->skb) { + msg = "ring entry with old skb still attached"; + goto drop_unlock; + } + + /* no need for serialization or interrupt disable during mtt */ + spin_unlock_irqrestore(&idev->lock, flags); + + if ((mtt = irda_get_mtt(skb)) > 0) { + + ready.tv_usec = idev->last_rx.tv_usec + mtt; + ready.tv_sec = idev->last_rx.tv_sec; + if (ready.tv_usec >= 1000000) { + ready.tv_usec -= 1000000; + ready.tv_sec++; /* IrLAP 1.1: mtt always < 1 sec */ + } + for(;;) { + do_gettimeofday(&now); + if (now.tv_sec > ready.tv_sec + || (now.tv_sec==ready.tv_sec && now.tv_usec>=ready.tv_usec)) + break; + udelay(100); + /* must not sleep here - we are called under xmit_lock! */ + } } /* tx buffer already owned by CPU due to pci_dma_sync_single() either @@ -1089,7 +1096,7 @@ static int vlsi_hard_start_xmit(struct s */ if (len >= r->len-5) - printk(KERN_WARNING "%s: possible buffer overflow with SIR wrapping!\n", + WARNING("%s: possible buffer overflow with SIR wrapping!\n", __FUNCTION__); } else { @@ -1097,34 +1104,13 @@ static int vlsi_hard_start_xmit(struct s status |= RD_TX_PULSE; /* send 2 us highspeed indication pulse */ len = skb->len; if (len > r->len) { - printk(KERN_ERR "%s: no space - skb too big (%d)\n", - __FUNCTION__, skb->len); + msg = "frame exceeds tx buffer length"; goto drop; } else memcpy(rd->buf, skb->data, len); } - /* do mtt delay before we need to disable interrupts! */ - - if ((mtt = irda_get_mtt(skb)) > 0) { - - ready.tv_usec = idev->last_rx.tv_usec + mtt; - ready.tv_sec = idev->last_rx.tv_sec; - if (ready.tv_usec >= 1000000) { - ready.tv_usec -= 1000000; - ready.tv_sec++; /* IrLAP 1.1: mtt always < 1 sec */ - } - for(;;) { - do_gettimeofday(&now); - if (now.tv_sec > ready.tv_sec - || (now.tv_sec==ready.tv_sec && now.tv_usec>=ready.tv_usec)) - break; - udelay(100); - /* must not sleep here - we are called under xmit_lock! */ - } - } - rd->skb = skb; /* remember skb for tx-complete stats */ rd_set_count(rd, len); @@ -1136,10 +1122,7 @@ static int vlsi_hard_start_xmit(struct s pci_dma_prep_single(r->pdev, rd_get_addr(rd), r->len, r->dir); -/* - * We need to disable IR output in order to switch to TX mode. - * Better not do this blindly anytime we want to transmit something - * because TX may already run. However we are racing with the controller +/* Switching to TX mode here races with the controller * which may stop TX at any time when fetching an inactive descriptor * or one with CLR_ENTX set. So we switch on TX only, if TX was not running * _after_ the new descriptor was activated on the ring. This ensures @@ -1158,31 +1141,39 @@ static int vlsi_hard_start_xmit(struct s int fifocnt; fifocnt = inw(ndev->base_addr+VLSI_PIO_RCVBCNT) & RCVBCNT_MASK; - if (fifocnt != 0) - printk(KERN_WARNING "%s: rx fifo not empty(%d)\n", - __FUNCTION__, fifocnt); + if (fifocnt != 0) { + IRDA_DEBUG(0, "%s: rx fifo not empty(%d)\n", __FUNCTION__, fifocnt); + } config = inw(iobase+VLSI_PIO_IRCFG); - rmb(); - outw(config | IRCFG_ENTX, iobase+VLSI_PIO_IRCFG); mb(); + outw(config | IRCFG_ENTX, iobase+VLSI_PIO_IRCFG); + wmb(); outw(0, iobase+VLSI_PIO_PROMPT); } ndev->trans_start = jiffies; if (ring_put(r) == NULL) { netif_stop_queue(ndev); - printk(KERN_DEBUG "%s: tx ring full - queue stopped\n", __FUNCTION__); + IRDA_DEBUG(3, "%s: tx ring full - queue stopped\n", __FUNCTION__); } spin_unlock_irqrestore(&idev->lock, flags); return 0; +drop_unlock: + spin_unlock_irqrestore(&idev->lock, flags); drop: + WARNING("%s: dropping packet - %s\n", __FUNCTION__, msg); dev_kfree_skb_any(skb); idev->stats.tx_errors++; idev->stats.tx_dropped++; - return 1; + /* Don't even think about returning NET_XMIT_DROP (=1) here! + * In fact any retval!=0 causes the packet scheduler to requeue the + * packet for later retry of transmission - which isn't exactly + * what we want after we've just called dev_kfree_skb_any ;-) + */ + return 0; } static void vlsi_tx_interrupt(struct net_device *ndev) @@ -1215,12 +1206,12 @@ static void vlsi_tx_interrupt(struct net } } + iobase = ndev->base_addr; + if (idev->new_baud && rd == NULL) /* tx ring empty and speed change pending */ - vlsi_set_baud_lock(ndev); + vlsi_set_baud(idev, iobase); - iobase = ndev->base_addr; config = inw(iobase+VLSI_PIO_IRCFG); - if (rd == NULL) /* tx ring empty: re-enable rx */ outw((config & ~IRCFG_ENTX) | IRCFG_ENRX, iobase+VLSI_PIO_IRCFG); @@ -1228,9 +1219,10 @@ static void vlsi_tx_interrupt(struct net int fifocnt; fifocnt = inw(iobase+VLSI_PIO_RCVBCNT) & RCVBCNT_MASK; - if (fifocnt != 0) - printk(KERN_WARNING "%s: rx fifo not empty(%d)\n", + if (fifocnt != 0) { + IRDA_DEBUG(0, "%s: rx fifo not empty(%d)\n", __FUNCTION__, fifocnt); + } outw(config | IRCFG_ENTX, iobase+VLSI_PIO_IRCFG); } @@ -1238,7 +1230,7 @@ static void vlsi_tx_interrupt(struct net if (netif_queue_stopped(ndev) && !idev->new_baud) { netif_wake_queue(ndev); - printk(KERN_DEBUG "%s: queue awoken\n", __FUNCTION__); + IRDA_DEBUG(3, "%s: queue awoken\n", __FUNCTION__); } } @@ -1261,7 +1253,7 @@ static void vlsi_unarm_tx(vlsi_irda_dev_ dev_kfree_skb_any(rd->skb); rd->skb = NULL; } - printk(KERN_INFO "%s - dropping tx packet\n", __FUNCTION__); + IRDA_DEBUG(0, "%s - dropping tx packet\n", __FUNCTION__); ret = -VLSI_TX_DROP; } else @@ -1310,8 +1302,7 @@ static int vlsi_start_clock(struct pci_d } if (count < 3) { if (clksrc == 1) { /* explicitly asked for PLL hence bail out */ - printk(KERN_ERR "%s: no PLL or failed to lock!\n", - __FUNCTION__); + ERROR("%s: no PLL or failed to lock!\n", __FUNCTION__); clkctl = CLKCTL_CLKSTP; pci_write_config_byte(pdev, VLSI_PCI_CLKCTL, clkctl); return -1; @@ -1319,7 +1310,7 @@ static int vlsi_start_clock(struct pci_d else /* was: clksrc=0(auto) */ clksrc = 3; /* fallback to 40MHz XCLK (OB800) */ - printk(KERN_INFO "%s: PLL not locked, fallback to clksrc=%d\n", + IRDA_DEBUG(0, "%s: PLL not locked, fallback to clksrc=%d\n", __FUNCTION__, clksrc); } else @@ -1392,9 +1383,7 @@ static int vlsi_init_chip(struct pci_dev /* start the clock and clean the registers */ if (vlsi_start_clock(pdev)) { - printk(KERN_ERR "%s: no valid clock source\n", - __FUNCTION__); - pci_disable_device(pdev); + ERROR("%s: no valid clock source\n", __FUNCTION__); return -1; } iobase = ndev->base_addr; @@ -1422,7 +1411,7 @@ static int vlsi_init_chip(struct pci_dev atomic_set(&idev->tx_ring->head, RINGPTR_GET_TX(ptr)); atomic_set(&idev->tx_ring->tail, RINGPTR_GET_TX(ptr)); - vlsi_set_baud_lock(ndev); /* idev->new_baud used as provided by caller */ + vlsi_set_baud(idev, iobase); /* idev->new_baud used as provided by caller */ outb(IRINTR_INT_MASK, iobase+VLSI_PIO_IRINTR); /* just in case - w/c pending IRQ's */ wmb(); @@ -1455,7 +1444,10 @@ static int vlsi_start_hw(vlsi_irda_dev_t pci_write_config_byte(pdev, VLSI_PCI_MSTRPAGE, MSTRPAGE_VALUE); pci_set_master(pdev); - vlsi_init_chip(pdev); + if (vlsi_init_chip(pdev) < 0) { + pci_disable_device(pdev); + return -1; + } vlsi_fill_rx(idev->rx_ring); @@ -1476,10 +1468,11 @@ static int vlsi_stop_hw(vlsi_irda_dev_t spin_lock_irqsave(&idev->lock,flags); outw(0, iobase+VLSI_PIO_IRENABLE); outw(0, iobase+VLSI_PIO_IRCFG); /* disable everything */ - wmb(); - outb(IRINTR_INT_MASK, iobase+VLSI_PIO_IRINTR); /* w/c pending + disable further IRQ */ - mb(); + /* disable and w/c irqs */ + outb(0, iobase+VLSI_PIO_IRINTR); + wmb(); + outb(IRINTR_INT_MASK, iobase+VLSI_PIO_IRINTR); spin_unlock_irqrestore(&idev->lock,flags); vlsi_unarm_tx(idev); @@ -1521,8 +1514,8 @@ static void vlsi_tx_timeout(struct net_d idev->new_baud = idev->baud; /* keep current baudrate */ if (vlsi_start_hw(idev)) - printk(KERN_CRIT "%s: failed to restart hw - %s(%s) unusable!\n", - __FUNCTION__, pci_name(idev->pdev), ndev->name); + ERROR("%s: failed to restart hw - %s(%s) unusable!\n", + __FUNCTION__, PCIDEV_NAME(idev->pdev), ndev->name); else netif_start_queue(ndev); } @@ -1547,7 +1540,7 @@ static int vlsi_ioctl(struct net_device * if the stack tries to change speed concurrently - which would be * pretty strange anyway with the userland having full control... */ - vlsi_set_baud_nolock(ndev); + vlsi_set_baud(idev, ndev->base_addr); spin_unlock_irqrestore(&idev->lock, flags); break; case SIOCSMEDIABUSY: @@ -1566,8 +1559,7 @@ static int vlsi_ioctl(struct net_device irq->ifr_receiving = (fifocnt!=0) ? 1 : 0; break; default: - printk(KERN_ERR "%s: notsupp - cmd=%04x\n", - __FUNCTION__, cmd); + WARNING("%s: notsupp - cmd=%04x\n", __FUNCTION__, cmd); ret = -EOPNOTSUPP; } @@ -1583,41 +1575,36 @@ static irqreturn_t vlsi_interrupt(int ir vlsi_irda_dev_t *idev = ndev->priv; unsigned iobase; u8 irintr; - int boguscount = 32; - unsigned got_act; + int boguscount = 5; unsigned long flags; int handled = 0; - got_act = 0; iobase = ndev->base_addr; + spin_lock_irqsave(&idev->lock,flags); do { - spin_lock_irqsave(&idev->lock,flags); irintr = inb(iobase+VLSI_PIO_IRINTR); - rmb(); - outb(irintr, iobase+VLSI_PIO_IRINTR); /* acknowledge asap */ - spin_unlock_irqrestore(&idev->lock,flags); + mb(); + outb(irintr, iobase+VLSI_PIO_IRINTR); /* acknowledge asap */ if (!(irintr&=IRINTR_INT_MASK)) /* not our INT - probably shared */ break; + handled = 1; + + if (unlikely(!(irintr & ~IRINTR_ACTIVITY))) + break; /* nothing todo if only activity */ + if (irintr&IRINTR_RPKTINT) vlsi_rx_interrupt(ndev); if (irintr&IRINTR_TPKTINT) vlsi_tx_interrupt(ndev); - if (!(irintr & ~IRINTR_ACTIVITY)) - break; /* done if only activity remaining */ - - if (irintr & ~(IRINTR_RPKTINT|IRINTR_TPKTINT|IRINTR_ACTIVITY)) { - printk(KERN_DEBUG "%s: IRINTR = %02x\n", - __FUNCTION__, (unsigned)irintr); - vlsi_reg_debug(iobase,__FUNCTION__); - } } while (--boguscount > 0); + spin_unlock_irqrestore(&idev->lock,flags); if (boguscount <= 0) - printk(KERN_WARNING "%s: too much work in interrupt!\n", __FUNCTION__); + MESSAGE("%s: too much work in interrupt!\n", __FUNCTION__); return IRQ_RETVAL(handled); } @@ -1630,7 +1617,7 @@ static int vlsi_open(struct net_device * char hwname[32]; if (pci_request_regions(idev->pdev, drivername)) { - printk(KERN_ERR "%s: io resource busy\n", __FUNCTION__); + WARNING("%s: io resource busy\n", __FUNCTION__); goto errout; } ndev->base_addr = pci_resource_start(idev->pdev,0); @@ -1644,8 +1631,7 @@ static int vlsi_open(struct net_device * if (request_irq(ndev->irq, vlsi_interrupt, SA_SHIRQ, drivername, ndev)) { - printk(KERN_ERR "%s: couldn't get IRQ: %d\n", - __FUNCTION__, ndev->irq); + WARNING("%s: couldn't get IRQ: %d\n", __FUNCTION__, ndev->irq); goto errout_io; } @@ -1666,7 +1652,7 @@ static int vlsi_open(struct net_device * netif_start_queue(ndev); - printk(KERN_INFO "%s: device %s operational\n", __FUNCTION__, ndev->name); + MESSAGE("%s: device %s operational\n", __FUNCTION__, ndev->name); return 0; @@ -1700,7 +1686,7 @@ static int vlsi_close(struct net_device pci_release_regions(idev->pdev); - printk(KERN_INFO "%s: device %s stopped\n", __FUNCTION__, ndev->name); + MESSAGE("%s: device %s stopped\n", __FUNCTION__, ndev->name); return 0; } @@ -1721,8 +1707,7 @@ static int vlsi_irda_init(struct net_dev if (pci_set_dma_mask(pdev,DMA_MASK_USED_BY_HW) || pci_set_dma_mask(pdev,DMA_MASK_MSTRPAGE)) { - printk(KERN_ERR "%s: aborting due to PCI BM-DMA address limitations\n", - __FUNCTION__); + ERROR("%s: aborting due to PCI BM-DMA address limitations\n", __FUNCTION__); return -1; } @@ -1771,12 +1756,12 @@ vlsi_irda_probe(struct pci_dev *pdev, co else pdev->current_state = 0; /* hw must be running now */ - printk(KERN_INFO "%s: IrDA PCI controller %s detected\n", - drivername, pci_name(pdev)); + MESSAGE("%s: IrDA PCI controller %s detected\n", + drivername, PCIDEV_NAME(pdev)); if ( !pci_resource_start(pdev,0) || !(pci_resource_flags(pdev,0) & IORESOURCE_IO) ) { - printk(KERN_ERR "%s: bar 0 invalid", __FUNCTION__); + ERROR("%s: bar 0 invalid", __FUNCTION__); goto out_disable; } @@ -1784,8 +1769,7 @@ vlsi_irda_probe(struct pci_dev *pdev, co ndev = (struct net_device *) kmalloc (alloc_size, GFP_KERNEL); if (ndev==NULL) { - printk(KERN_ERR "%s: Unable to allocate device memory.\n", - __FUNCTION__); + ERROR("%s: Unable to allocate device memory.\n", __FUNCTION__); goto out_disable; } @@ -1801,37 +1785,33 @@ vlsi_irda_probe(struct pci_dev *pdev, co ndev->init = vlsi_irda_init; strcpy(ndev->name,"irda%d"); if (register_netdev(ndev)) { - printk(KERN_ERR "%s: register_netdev failed\n", - __FUNCTION__); + ERROR("%s: register_netdev failed\n", __FUNCTION__); goto out_freedev; } + idev->proc_entry = NULL; if (vlsi_proc_root != NULL) { struct proc_dir_entry *ent; ent = create_proc_entry(ndev->name, S_IFREG|S_IRUGO, vlsi_proc_root); if (!ent) { - printk(KERN_ERR "%s: failed to create proc entry\n", __FUNCTION__); - goto out_unregister; + WARNING("%s: failed to create proc entry\n", __FUNCTION__); + idev->proc_entry = NULL; } - ent->data = ndev; - ent->proc_fops = VLSI_PROC_FOPS; - ent->size = 0; - idev->proc_entry = ent; - } else - idev->proc_entry = NULL; - - printk(KERN_INFO "%s: registered device %s\n", drivername, ndev->name); + else { + ent->data = ndev; + ent->proc_fops = VLSI_PROC_FOPS; + ent->size = 0; + idev->proc_entry = ent; + } + } + MESSAGE("%s: registered device %s\n", drivername, ndev->name); pci_set_drvdata(pdev, ndev); up(&idev->sem); return 0; -out_unregister: - up(&idev->sem); - unregister_netdev(ndev); - goto out_disable; out_freedev: up(&idev->sem); kfree(ndev); @@ -1848,14 +1828,12 @@ static void __devexit vlsi_irda_remove(s vlsi_irda_dev_t *idev; if (!ndev) { - printk(KERN_CRIT "%s: lost netdevice?\n", drivername); + ERROR("%s: lost netdevice?\n", drivername); return; } idev = ndev->priv; down(&idev->sem); - pci_set_drvdata(pdev, NULL); - pci_disable_device(pdev); if (idev->proc_entry) { remove_proc_entry(ndev->name, vlsi_proc_root); idev->proc_entry = NULL; @@ -1867,7 +1845,9 @@ static void __devexit vlsi_irda_remove(s * ndev->destructor called (if present) when going to free */ - printk(KERN_INFO "%s: %s removed\n", drivername, pci_name(pdev)); + pci_set_drvdata(pdev, NULL); + + MESSAGE("%s: %s removed\n", drivername, PCIDEV_NAME(pdev)); } #ifdef CONFIG_PM @@ -1882,8 +1862,8 @@ static void __devexit vlsi_irda_remove(s static int vlsi_irda_save_state(struct pci_dev *pdev, u32 state) { if (state < 1 || state > 3 ) { - printk( KERN_ERR "%s - %s: invalid pm state request: %u\n", - __FUNCTION__, pci_name(pdev), state); + ERROR("%s - %s: invalid pm state request: %u\n", + __FUNCTION__, PCIDEV_NAME(pdev), state); return -1; } return 0; @@ -1895,12 +1875,12 @@ static int vlsi_irda_suspend(struct pci_ vlsi_irda_dev_t *idev; if (state < 1 || state > 3 ) { - printk( KERN_ERR "%s - %s: invalid pm state request: %u\n", - __FUNCTION__, pci_name(pdev), state); + ERROR("%s - %s: invalid pm state request: %u\n", + __FUNCTION__, PCIDEV_NAME(pdev), state); return 0; } if (!ndev) { - printk(KERN_ERR "%s - %s: no netdevice \n", __FUNCTION__, pci_name(pdev)); + ERROR("%s - %s: no netdevice \n", __FUNCTION__, PCIDEV_NAME(pdev)); return 0; } idev = ndev->priv; @@ -1911,8 +1891,8 @@ static int vlsi_irda_suspend(struct pci_ pdev->current_state = state; } else - printk(KERN_ERR "%s - %s: invalid suspend request %u -> %u\n", - __FUNCTION__, pci_name(pdev), pdev->current_state, state); + ERROR("%s - %s: invalid suspend request %u -> %u\n", + __FUNCTION__, PCIDEV_NAME(pdev), pdev->current_state, state); up(&idev->sem); return 0; } @@ -1939,14 +1919,14 @@ static int vlsi_irda_resume(struct pci_d vlsi_irda_dev_t *idev; if (!ndev) { - printk(KERN_ERR "%s - %s: no netdevice \n", __FUNCTION__, pci_name(pdev)); + ERROR("%s - %s: no netdevice \n", __FUNCTION__, PCIDEV_NAME(pdev)); return 0; } idev = ndev->priv; down(&idev->sem); if (pdev->current_state == 0) { up(&idev->sem); - printk(KERN_ERR "%s - %s: already resumed\n", __FUNCTION__, pci_name(pdev)); + WARNING("%s - %s: already resumed\n", __FUNCTION__, PCIDEV_NAME(pdev)); return 0; } @@ -1965,7 +1945,7 @@ static int vlsi_irda_resume(struct pci_d * now we explicitly set pdev->current_state = 0 after enabling the * device and independently resume_ok should catch any garbage config. */ - printk(KERN_ERR "%s - hm, nothing to resume?\n", __FUNCTION__); + WARNING("%s - hm, nothing to resume?\n", __FUNCTION__); up(&idev->sem); return 0; } @@ -2003,7 +1983,7 @@ static int __init vlsi_mod_init(void) int i, ret; if (clksrc < 0 || clksrc > 3) { - printk(KERN_ERR "%s: invalid clksrc=%d\n", drivername, clksrc); + ERROR("%s: invalid clksrc=%d\n", drivername, clksrc); return -1; } @@ -2016,9 +1996,8 @@ static int __init vlsi_mod_init(void) case 64: break; default: - printk(KERN_WARNING "%s: invalid %s ringsize %d", + WARNING("%s: invalid %s ringsize %d, using default=8", drivername, (i)?"rx":"tx", ringsize[i]); - printk(", using default=8\n"); ringsize[i] = 8; break; } diff -puN drivers/net/sk_mca.c~huge-net-update drivers/net/sk_mca.c --- 25/drivers/net/sk_mca.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/drivers/net/sk_mca.c 2003-08-24 12:09:15.000000000 -0700 @@ -280,7 +280,7 @@ static void SetLANCE(struct SKMCA_NETDEV /* reenable interrupts */ - spin_lock_irqrestore(&priv->lock, flags); + spin_unlock_irqrestore(&priv->lock, flags); } /* get LANCE register */ @@ -319,7 +319,7 @@ static u16 GetLANCE(struct SKMCA_NETDEV /* reenable interrupts */ - spin_lock_irqrestore(&priv->lock, flags); + spin_unlock_irqrestore(&priv->lock, flags); return res; } @@ -993,7 +993,7 @@ static int skmca_tx(struct sk_buff *skb, if (priv->txbusy == 0) SetLANCE(dev, LANCE_CSR0, CSR0_INEA | CSR0_TDMD); - spin_lock_irqrestore(&priv->lock, flags); + spin_unlock_irqrestore(&priv->lock, flags); tx_done: diff -puN /dev/null include/linux/netfilter_bridge/ebt_arpreply.h --- /dev/null 2002-08-30 16:31:37.000000000 -0700 +++ 25-akpm/include/linux/netfilter_bridge/ebt_arpreply.h 2003-08-24 12:09:15.000000000 -0700 @@ -0,0 +1,11 @@ +#ifndef __LINUX_BRIDGE_EBT_ARPREPLY_H +#define __LINUX_BRIDGE_EBT_ARPREPLY_H + +struct ebt_arpreply_info +{ + unsigned char mac[ETH_ALEN]; + int target; +}; +#define EBT_ARPREPLY_TARGET "arpreply" + +#endif diff -puN include/net/ax25.h~huge-net-update include/net/ax25.h --- 25/include/net/ax25.h~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/include/net/ax25.h 2003-08-24 12:09:15.000000000 -0700 @@ -314,7 +314,7 @@ extern int ax25_check_iframes_acked(ax2 /* ax25_route.c */ extern void ax25_rt_device_down(struct net_device *); extern int ax25_rt_ioctl(unsigned int, void *); -extern int ax25_rt_get_info(char *, char **, off_t, int); +extern struct file_operations ax25_route_fops; extern int ax25_rt_autobind(ax25_cb *, ax25_address *); extern ax25_route *ax25_rt_find_route(ax25_route *, ax25_address *, struct net_device *); @@ -373,7 +373,7 @@ extern unsigned long ax25_display_timer( extern int ax25_uid_policy; extern ax25_address *ax25_findbyuid(uid_t); extern int ax25_uid_ioctl(int, struct sockaddr_ax25 *); -extern int ax25_uid_get_info(char *, char **, off_t, int); +extern struct file_operations ax25_uid_fops; extern void ax25_uid_free(void); /* sysctl_net_ax25.c */ diff -puN include/net/irda/vlsi_ir.h~huge-net-update include/net/irda/vlsi_ir.h --- 25/include/net/irda/vlsi_ir.h~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/include/net/irda/vlsi_ir.h 2003-08-24 12:09:15.000000000 -0700 @@ -3,7 +3,7 @@ * * vlsi_ir.h: VLSI82C147 PCI IrDA controller driver for Linux * - * Version: 0.4a + * Version: 0.5 * * Copyright (c) 2001-2003 Martin Diehl * @@ -27,18 +27,71 @@ #ifndef IRDA_VLSI_FIR_H #define IRDA_VLSI_FIR_H -/* - * #if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,xx) - * - * missing pci-dma api call to give streaming dma buffer back to hw - * patch floating on lkml - probably present in 2.5.26 or later - * otherwise defining it as noop is ok, since the vlsi-ir is only - * used on two oldish x86-based notebooks which are cache-coherent +/* ================================================================ + * compatibility stuff */ -#define pci_dma_prep_single(dev, addr, size, direction) /* nothing */ -/* - * #endif + +/* definitions not present in pci_ids.h */ + +#ifndef PCI_CLASS_WIRELESS_IRDA +#define PCI_CLASS_WIRELESS_IRDA 0x0d00 +#endif + +#ifndef PCI_CLASS_SUBCLASS_MASK +#define PCI_CLASS_SUBCLASS_MASK 0xffff +#endif + +/* missing pci-dma api call to give streaming dma buffer back to hw + * patch was floating on lkml around 2.5.2x and might be present later. + * Defining it this way is ok, since the vlsi-ir is only + * used on two oldish x86-based notebooks which are cache-coherent + * (and flush_write_buffers also handles PPro errata and C3 OOstore) */ +#ifdef CONFIG_X86 +#include +#define pci_dma_prep_single(dev, addr, size, direction) flush_write_buffers() +#else +#error missing pci dma api call +#endif + +/* in recent 2.5 interrupt handlers have non-void return value */ +#ifndef IRQ_RETVAL +typedef void irqreturn_t; +#define IRQ_NONE +#define IRQ_HANDLED +#define IRQ_RETVAL(x) +#endif + +/* some stuff need to check kernelversion. Not all 2.5 stuff was present + * in early 2.5.x - the test is merely to separate 2.4 from 2.5 + */ +#include + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0) + +/* PDE() introduced in 2.5.4 */ +#ifdef CONFIG_PROC_FS +#define PDE(inode) ((inode)->u.generic_ip) +#endif + +/* irda crc16 calculation exported in 2.5.42 */ +#define irda_calc_crc16(fcs,buf,len) (GOOD_FCS) + +/* we use this for unified pci device name access */ +#define PCIDEV_NAME(pdev) ((pdev)->name) + +#else /* 2.5 or later */ + +/* recent 2.5/2.6 stores pci device names at varying places ;-) */ +#ifdef CONFIG_PCI_NAMES +/* human readable name */ +#define PCIDEV_NAME(pdev) ((pdev)->pretty_name) +#else +/* whatever we get from the associated struct device - bus:slot:dev.fn id */ +#define PCIDEV_NAME(pdev) (pci_name(pdev)) +#endif + +#endif /* ================================================================ */ @@ -138,7 +191,7 @@ enum vlsi_pci_clkctl { * - IRMISC_UARTSEL configured * - IRCFG_MASTER must be cleared * - IRCFG_SIR must be set - * - IRENABLE_IREN must be asserted 0->1 (and hence IRENABLE_SIR_ON) + * - IRENABLE_PHYANDCLOCK must be asserted 0->1 (and hence IRENABLE_SIR_ON) */ enum vlsi_pci_irmisc { @@ -298,7 +351,7 @@ enum vlsi_pio_irintr { /* notes: * - not more than one SIR/MIR/FIR bit must be set at any time * - SIR, MIR, FIR and CRC16 select the configuration which will - * be applied on next 0->1 transition of IRENABLE_IREN (see below). + * be applied on next 0->1 transition of IRENABLE_PHYANDCLOCK (see below). * - besides allowing the PCI interface to execute busmaster cycles * and therefore the ring SM to operate, the MSTR bit has side-effects: * when MSTR is cleared, the RINGPTR's get reset and the legacy UART mode @@ -349,7 +402,7 @@ enum vlsi_pio_ircfg { */ enum vlsi_pio_irenable { - IRENABLE_IREN = 0x8000, /* enable IR phy and gate the mode config (rw) */ + IRENABLE_PHYANDCLOCK = 0x8000, /* enable IR phy and gate the mode config (rw) */ IRENABLE_CFGER = 0x4000, /* mode configuration error (ro) */ IRENABLE_FIR_ON = 0x2000, /* FIR on status (ro) */ IRENABLE_MIR_ON = 0x1000, /* MIR on status (ro) */ @@ -366,7 +419,7 @@ enum vlsi_pio_irenable { /* VLSI_PIO_PHYCTL: IR Physical Layer Current Control Register (u16, ro) */ /* read-back of the currently applied physical layer status. - * applied from VLSI_PIO_NPHYCTL at rising edge of IRENABLE_IREN + * applied from VLSI_PIO_NPHYCTL at rising edge of IRENABLE_PHYANDCLOCK * contents identical to VLSI_PIO_NPHYCTL (see below) */ @@ -374,7 +427,7 @@ enum vlsi_pio_irenable { /* VLSI_PIO_NPHYCTL: IR Physical Layer Next Control Register (u16, rw) */ -/* latched during IRENABLE_IREN=0 and applied at 0-1 transition +/* latched during IRENABLE_PHYANDCLOCK=0 and applied at 0-1 transition * * consists of BAUD[15:10], PLSWID[9:5] and PREAMB[4:0] bits defined as follows: * @@ -616,21 +669,22 @@ static inline void rd_set_addr_status(st */ if ((a & ~DMA_MASK_MSTRPAGE)>>24 != MSTRPAGE_VALUE) { - BUG(); + ERROR("%s: pci busaddr inconsistency!\n", __FUNCTION__); + dump_stack(); return; } a &= DMA_MASK_MSTRPAGE; /* clear highbyte to make sure we won't write * to status - just in case MSTRPAGE_VALUE!=0 */ - rd->hw->rd_addr = a; + rd->hw->rd_addr = cpu_to_le32(a); wmb(); rd_set_status(rd, s); /* may pass ownership to the hardware */ } static inline void rd_set_count(struct ring_descr *rd, u16 c) { - rd->hw->rd_count = c; + rd->hw->rd_count = cpu_to_le16(c); } static inline u8 rd_get_status(struct ring_descr *rd) @@ -642,13 +696,13 @@ static inline dma_addr_t rd_get_addr(str { dma_addr_t a; - a = (rd->hw->rd_addr & DMA_MASK_MSTRPAGE) | (MSTRPAGE_VALUE << 24); - return a; + a = le32_to_cpu(rd->hw->rd_addr); + return (a & DMA_MASK_MSTRPAGE) | (MSTRPAGE_VALUE << 24); } static inline u16 rd_get_count(struct ring_descr *rd) { - return rd->hw->rd_count; + return le16_to_cpu(rd->hw->rd_count); } /******************************************************************/ diff -puN net/ax25/af_ax25.c~huge-net-update net/ax25/af_ax25.c --- 25/net/ax25/af_ax25.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ax25/af_ax25.c 2003-08-24 12:09:15.000000000 -0700 @@ -1842,81 +1842,107 @@ static int ax25_ioctl(struct socket *soc return res; } -static int ax25_get_info(char *buffer, char **start, off_t offset, int length) +#ifdef CONFIG_PROC_FS + +static void *ax25_info_start(struct seq_file *seq, loff_t *pos) { - ax25_cb *ax25; - int k; - int len = 0; - off_t pos = 0; - off_t begin = 0; + struct ax25_cb *ax25; struct hlist_node *node; + int i = 0; spin_lock_bh(&ax25_list_lock); + ax25_for_each(ax25, node, &ax25_list) { + if (i == *pos) + return ax25; + ++i; + } + return NULL; +} + +static void *ax25_info_next(struct seq_file *seq, void *v, loff_t *pos) +{ + ++*pos; + + return hlist_entry( ((struct ax25_cb *)v)->ax25_node.next, + struct ax25_cb, ax25_node); +} + +static void ax25_info_stop(struct seq_file *seq, void *v) +{ + spin_unlock_bh(&ax25_list_lock); +} + +static int ax25_info_show(struct seq_file *seq, void *v) +{ + ax25_cb *ax25 = v; + int k; + /* * New format: * magic dev src_addr dest_addr,digi1,digi2,.. st vs vr va t1 t1 t2 t2 t3 t3 idle idle n2 n2 rtt window paclen Snd-Q Rcv-Q inode */ - ax25_for_each(ax25, node, &ax25_list) { - len += sprintf(buffer+len, "%8.8lx %s %s%s ", - (long) ax25, - ax25->ax25_dev == NULL? "???" : ax25->ax25_dev->dev->name, - ax2asc(&ax25->source_addr), - ax25->iamdigi? "*":""); - - len += sprintf(buffer+len, "%s", ax2asc(&ax25->dest_addr)); - - for (k=0; (ax25->digipeat != NULL) && (k < ax25->digipeat->ndigi); k++) { - len += sprintf(buffer+len, ",%s%s", - ax2asc(&ax25->digipeat->calls[k]), - ax25->digipeat->repeated[k]? "*":""); - } - - len += sprintf(buffer+len, " %d %d %d %d %lu %lu %lu %lu %lu %lu %lu %lu %d %d %lu %d %d", - ax25->state, - ax25->vs, ax25->vr, ax25->va, - ax25_display_timer(&ax25->t1timer) / HZ, ax25->t1 / HZ, - ax25_display_timer(&ax25->t2timer) / HZ, ax25->t2 / HZ, - ax25_display_timer(&ax25->t3timer) / HZ, ax25->t3 / HZ, - ax25_display_timer(&ax25->idletimer) / (60 * HZ), - ax25->idle / (60 * HZ), - ax25->n2count, ax25->n2, - ax25->rtt / HZ, - ax25->window, - ax25->paclen); - - if (ax25->sk != NULL) { - bh_lock_sock(ax25->sk); - len += sprintf(buffer + len, " %d %d %ld\n", - atomic_read(&ax25->sk->sk_wmem_alloc), - atomic_read(&ax25->sk->sk_rmem_alloc), - ax25->sk->sk_socket != NULL ? SOCK_INODE(ax25->sk->sk_socket)->i_ino : 0L); - bh_unlock_sock(ax25->sk); - } else { - len += sprintf(buffer + len, " * * *\n"); - } - - pos = begin + len; - - if (pos < offset) { - len = 0; - begin = pos; - } + seq_printf(seq, "%8.8lx %s %s%s ", + (long) ax25, + ax25->ax25_dev == NULL? "???" : ax25->ax25_dev->dev->name, + ax2asc(&ax25->source_addr), + ax25->iamdigi? "*":""); + seq_printf(seq, "%s", ax2asc(&ax25->dest_addr)); + + for (k=0; (ax25->digipeat != NULL) && (k < ax25->digipeat->ndigi); k++) { + seq_printf(seq, ",%s%s", + ax2asc(&ax25->digipeat->calls[k]), + ax25->digipeat->repeated[k]? "*":""); + } - if (pos > offset + length) - break; + seq_printf(seq, " %d %d %d %d %lu %lu %lu %lu %lu %lu %lu %lu %d %d %lu %d %d", + ax25->state, + ax25->vs, ax25->vr, ax25->va, + ax25_display_timer(&ax25->t1timer) / HZ, ax25->t1 / HZ, + ax25_display_timer(&ax25->t2timer) / HZ, ax25->t2 / HZ, + ax25_display_timer(&ax25->t3timer) / HZ, ax25->t3 / HZ, + ax25_display_timer(&ax25->idletimer) / (60 * HZ), + ax25->idle / (60 * HZ), + ax25->n2count, ax25->n2, + ax25->rtt / HZ, + ax25->window, + ax25->paclen); + + if (ax25->sk != NULL) { + bh_lock_sock(ax25->sk); + seq_printf(seq," %d %d %ld\n", + atomic_read(&ax25->sk->sk_wmem_alloc), + atomic_read(&ax25->sk->sk_rmem_alloc), + ax25->sk->sk_socket != NULL ? SOCK_INODE(ax25->sk->sk_socket)->i_ino : 0L); + bh_unlock_sock(ax25->sk); + } else { + seq_puts(seq, " * * *\n"); } + return 0; +} - spin_unlock_bh(&ax25_list_lock); +static struct seq_operations ax25_info_seqops = { + .start = ax25_info_start, + .next = ax25_info_next, + .stop = ax25_info_stop, + .show = ax25_info_show, +}; - *start = buffer + (offset - begin); - len -= (offset - begin); +static int ax25_info_open(struct inode *inode, struct file *file) +{ + return seq_open(file, &ax25_info_seqops); +} - if (len > length) len = length; +static struct file_operations ax25_info_fops = { + .owner = THIS_MODULE, + .open = ax25_info_open, + .read = seq_read, + .llseek = seq_lseek, + .release = seq_release, +}; - return(len); -} +#endif static struct net_proto_family ax25_family_ops = { .family = PF_AX25, @@ -1986,9 +2012,9 @@ static int __init ax25_init(void) register_netdevice_notifier(&ax25_dev_notifier); ax25_register_sysctl(); - proc_net_create("ax25_route", 0, ax25_rt_get_info); - proc_net_create("ax25", 0, ax25_get_info); - proc_net_create("ax25_calls", 0, ax25_uid_get_info); + proc_net_fops_create("ax25_route", S_IRUGO, &ax25_route_fops); + proc_net_fops_create("ax25", S_IRUGO, &ax25_info_fops); + proc_net_fops_create("ax25_calls", S_IRUGO, &ax25_uid_fops); printk(banner); return 0; diff -puN net/ax25/ax25_dev.c~huge-net-update net/ax25/ax25_dev.c --- 25/net/ax25/ax25_dev.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ax25/ax25_dev.c 2003-08-24 12:09:15.000000000 -0700 @@ -67,6 +67,7 @@ void ax25_dev_device_up(struct net_devic dev->ax25_ptr = ax25_dev; ax25_dev->dev = dev; + dev_hold(dev); ax25_dev->forward = NULL; ax25_dev->values[AX25_VALUES_IPDEFMODE] = AX25_DEF_IPDEFMODE; @@ -121,6 +122,7 @@ void ax25_dev_device_down(struct net_dev if ((s = ax25_dev_list) == ax25_dev) { ax25_dev_list = s->next; spin_unlock_bh(&ax25_dev_lock); + dev_put(dev); kfree(ax25_dev); ax25_register_sysctl(); return; @@ -130,6 +132,7 @@ void ax25_dev_device_down(struct net_dev if (s->next == ax25_dev) { s->next = ax25_dev->next; spin_unlock_bh(&ax25_dev_lock); + dev_put(dev); kfree(ax25_dev); ax25_register_sysctl(); return; @@ -196,8 +199,8 @@ void __exit ax25_dev_free(void) ax25_dev = ax25_dev_list; while (ax25_dev != NULL) { s = ax25_dev; + dev_put(ax25_dev->dev); ax25_dev = ax25_dev->next; - kfree(s); } ax25_dev_list = NULL; diff -puN net/ax25/ax25_route.c~huge-net-update net/ax25/ax25_route.c --- 25/net/ax25/ax25_route.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ax25/ax25_route.c 2003-08-24 12:09:15.000000000 -0700 @@ -34,6 +34,7 @@ #include #include #include +#include static ax25_route *ax25_route_list; static rwlock_t ax25_route_lock = RW_LOCK_UNLOCKED; @@ -278,66 +279,100 @@ int ax25_rt_ioctl(unsigned int cmd, void } } -int ax25_rt_get_info(char *buffer, char **start, off_t offset, int length) -{ - ax25_route *ax25_rt; - int len = 0; - off_t pos = 0; - off_t begin = 0; - char *callsign; - int i; +#ifdef CONFIG_PROC_FS - read_lock(&ax25_route_lock); +#define AX25_PROC_START ((void *)1) - len += sprintf(buffer, "callsign dev mode digipeaters\n"); +static void *ax25_rt_seq_start(struct seq_file *seq, loff_t *pos) +{ + struct ax25_route *ax25_rt; + int i = 1; + + read_lock(&ax25_route_lock); + if (*pos == 0) + return AX25_PROC_START; for (ax25_rt = ax25_route_list; ax25_rt != NULL; ax25_rt = ax25_rt->next) { + if (i == *pos) + return ax25_rt; + ++i; + } + + return NULL; +} + +static void *ax25_rt_seq_next(struct seq_file *seq, void *v, loff_t *pos) +{ + ++*pos; + return (v == AX25_PROC_START) ? ax25_route_list : + ((struct ax25_route *) v)->next; +} + +static void ax25_rt_seq_stop(struct seq_file *seq, void *v) +{ + read_unlock(&ax25_route_lock); +} + +static int ax25_rt_seq_show(struct seq_file *seq, void *v) +{ + if (v == AX25_PROC_START) + seq_puts(seq, "callsign dev mode digipeaters\n"); + else { + struct ax25_route *ax25_rt = v; + const char *callsign; + int i; + if (ax25cmp(&ax25_rt->callsign, &null_ax25_address) == 0) callsign = "default"; else callsign = ax2asc(&ax25_rt->callsign); - len += sprintf(buffer + len, "%-9s %-4s", + + seq_printf(seq, "%-9s %-4s", callsign, ax25_rt->dev ? ax25_rt->dev->name : "???"); switch (ax25_rt->ip_mode) { case 'V': - len += sprintf(buffer + len, " vc"); + seq_puts(seq, " vc"); break; case 'D': - len += sprintf(buffer + len, " dg"); + seq_puts(seq, " dg"); break; default: - len += sprintf(buffer + len, " *"); + seq_puts(seq, " *"); break; } if (ax25_rt->digipeat != NULL) for (i = 0; i < ax25_rt->digipeat->ndigi; i++) - len += sprintf(buffer + len, " %s", ax2asc(&ax25_rt->digipeat->calls[i])); - - len += sprintf(buffer + len, "\n"); - - pos = begin + len; - - if (pos < offset) { - len = 0; - begin = pos; - } + seq_printf(seq, " %s", ax2asc(&ax25_rt->digipeat->calls[i])); - if (pos > offset + length) - break; + seq_puts(seq, "\n"); } - read_unlock(&ax25_route_lock); - - *start = buffer + (offset - begin); - len -= (offset - begin); + return 0; +} - if (len > length) - len = length; +static struct seq_operations ax25_rt_seqops = { + .start = ax25_rt_seq_start, + .next = ax25_rt_seq_next, + .stop = ax25_rt_seq_stop, + .show = ax25_rt_seq_show, +}; + +static int ax25_rt_info_open(struct inode *inode, struct file *file) +{ + return seq_open(file, &ax25_rt_seqops); +} + +struct file_operations ax25_route_fops = { + .owner = THIS_MODULE, + .open = ax25_rt_info_open, + .read = seq_read, + .llseek = seq_lseek, + .release = seq_release, +}; - return len; -} +#endif /* * Find AX.25 route diff -puN net/ax25/ax25_uid.c~huge-net-update net/ax25/ax25_uid.c --- 25/net/ax25/ax25_uid.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ax25/ax25_uid.c 2003-08-24 12:09:15.000000000 -0700 @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include @@ -141,40 +142,74 @@ int ax25_uid_ioctl(int cmd, struct socka return -EINVAL; /*NOTREACHED */ } -int ax25_uid_get_info(char *buffer, char **start, off_t offset, int length) +#ifdef CONFIG_PROC_FS + +#define AX25_PROC_START ((void *)1) + +static void *ax25_uid_seq_start(struct seq_file *seq, loff_t *pos) { - ax25_uid_assoc *pt; - int len = 0; - off_t pos = 0; - off_t begin = 0; + struct ax25_uid_assoc *pt; + int i = 1; read_lock(&ax25_uid_lock); - len += sprintf(buffer, "Policy: %d\n", ax25_uid_policy); + if (*pos == 0) + return AX25_PROC_START; for (pt = ax25_uid_list; pt != NULL; pt = pt->next) { - len += sprintf(buffer + len, "%6d %s\n", pt->uid, ax2asc(&pt->call)); - - pos = begin + len; + if (i == *pos) + return pt; + ++i; + } + return NULL; +} - if (pos < offset) { - len = 0; - begin = pos; - } +static void *ax25_uid_seq_next(struct seq_file *seq, void *v, loff_t *pos) +{ + ++*pos; + return (v == AX25_PROC_START) ? ax25_uid_list : + ((struct ax25_uid_assoc *) v)->next; +} - if (pos > offset + length) - break; - } +static void ax25_uid_seq_stop(struct seq_file *seq, void *v) +{ read_unlock(&ax25_uid_lock); +} + +static int ax25_uid_seq_show(struct seq_file *seq, void *v) +{ + if (v == AX25_PROC_START) + seq_printf(seq, "Policy: %d\n", ax25_uid_policy); + else { + struct ax25_uid_assoc *pt = v; + - *start = buffer + (offset - begin); - len -= offset - begin; + seq_printf(seq, "%6d %s\n", pt->uid, ax2asc(&pt->call)); + } + return 0; +} - if (len > length) - len = length; +static struct seq_operations ax25_uid_seqops = { + .start = ax25_uid_seq_start, + .next = ax25_uid_seq_next, + .stop = ax25_uid_seq_stop, + .show = ax25_uid_seq_show, +}; - return len; +static int ax25_uid_info_open(struct inode *inode, struct file *file) +{ + return seq_open(file, &ax25_uid_seqops); } +struct file_operations ax25_uid_fops = { + .owner = THIS_MODULE, + .open = ax25_uid_info_open, + .read = seq_read, + .llseek = seq_lseek, + .release = seq_release, +}; + +#endif + /* * Free all memory associated with UID/Callsign structures. */ diff -puN /dev/null net/bridge/netfilter/ebt_arpreply.c --- /dev/null 2002-08-30 16:31:37.000000000 -0700 +++ 25-akpm/net/bridge/netfilter/ebt_arpreply.c 2003-08-24 12:09:15.000000000 -0700 @@ -0,0 +1,89 @@ +/* + * ebt_arpreply + * + * Authors: + * Grzegorz Borowiak + * Bart De Schuymer + * + * August, 2003 + * + */ + +#include +#include +#include +#include +#include + +static int ebt_target_reply(struct sk_buff **pskb, unsigned int hooknr, + const struct net_device *in, const struct net_device *out, + const void *data, unsigned int datalen) +{ + struct ebt_arpreply_info *info = (struct ebt_arpreply_info *)data; + u32 sip, dip; + struct arphdr ah; + unsigned char sha[ETH_ALEN]; + struct sk_buff *skb = *pskb; + + if (skb_copy_bits(skb, 0, &ah, sizeof(ah))) + return EBT_DROP; + + if (ah.ar_op != __constant_htons(ARPOP_REQUEST) || ah.ar_hln != ETH_ALEN + || ah.ar_pro != __constant_htons(ETH_P_IP) || ah.ar_pln != 4) + return EBT_CONTINUE; + + if (skb_copy_bits(skb, sizeof(ah), &sha, ETH_ALEN)) + return EBT_DROP; + + if (skb_copy_bits(skb, sizeof(ah) + ETH_ALEN, &sip, sizeof(sip))) + return EBT_DROP; + + if (skb_copy_bits(skb, sizeof(ah) + 2 * ETH_ALEN + sizeof(sip), + &dip, sizeof(dip))) + return EBT_DROP; + + arp_send(ARPOP_REPLY, ETH_P_ARP, sip, (struct net_device *)in, + dip, sha, info->mac, sha); + + return info->target; +} + +static int ebt_target_reply_check(const char *tablename, unsigned int hookmask, + const struct ebt_entry *e, void *data, unsigned int datalen) +{ + struct ebt_arpreply_info *info = (struct ebt_arpreply_info *)data; + + if (datalen != EBT_ALIGN(sizeof(struct ebt_arpreply_info))) + return -EINVAL; + if (BASE_CHAIN && info->target == EBT_RETURN) + return -EINVAL; + if (e->ethproto != __constant_htons(ETH_P_ARP) || + e->invflags & EBT_IPROTO) + return -EINVAL; + CLEAR_BASE_CHAIN_BIT; + if (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING)) + return -EINVAL; + return 0; +} + +static struct ebt_target reply_target = +{ + .name = EBT_ARPREPLY_TARGET, + .target = ebt_target_reply, + .check = ebt_target_reply_check, + .me = THIS_MODULE, +}; + +static int __init init(void) +{ + return ebt_register_target(&reply_target); +} + +static void __exit fini(void) +{ + ebt_unregister_target(&reply_target); +} + +module_init(init); +module_exit(fini); +MODULE_LICENSE("GPL"); diff -puN net/bridge/netfilter/Kconfig~huge-net-update net/bridge/netfilter/Kconfig --- 25/net/bridge/netfilter/Kconfig~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/bridge/netfilter/Kconfig 2003-08-24 12:09:15.000000000 -0700 @@ -1,32 +1,19 @@ # # Bridge netfilter configuration # -config BRIDGE_NF_EBTABLES - tristate "Bridge: ebtables" - depends on NETFILTER && BRIDGE -config BRIDGE_EBT_T_FILTER - tristate "ebt: filter table support" - depends on BRIDGE_NF_EBTABLES - help - The ebtables filter table is used to define frame filtering rules at - local input, forwarding and local output. See the man page for - ebtables(8). - - If you want to compile it as a module, say M here and read - . If unsure, say `N'. +menu "Bridge: Netfilter Configuration" + depends on BRIDGE && NETFILTER -config BRIDGE_EBT_T_NAT - tristate "ebt: nat table support" - depends on BRIDGE_NF_EBTABLES +config BRIDGE_NF_EBTABLES + tristate "Ethernet Bridge tables (ebtables) support" help - The ebtables nat table is used to define rules that alter the MAC - source address (MAC SNAT) or the MAC destination address (MAC DNAT). - See the man page for ebtables(8). - - If you want to compile it as a module, say M here and read - . If unsure, say `N'. - + ebtables is a general, extensible frame/packet identification + framework. Say 'Y' or 'M' here if you want to do Ethernet + filtering/NAT/brouting on the Ethernet bridge. +# +# tables +# config BRIDGE_EBT_BROUTE tristate "ebt: broute table support" depends on BRIDGE_NF_EBTABLES @@ -39,26 +26,30 @@ config BRIDGE_EBT_BROUTE If you want to compile it as a module, say M here and read . If unsure, say `N'. -config BRIDGE_EBT_LOG - tristate "ebt: log support" +config BRIDGE_EBT_T_FILTER + tristate "ebt: filter table support" depends on BRIDGE_NF_EBTABLES help - This option adds the log target, that you can use in any rule in - any ebtables table. It records the frame header to the syslog. + The ebtables filter table is used to define frame filtering rules at + local input, forwarding and local output. See the man page for + ebtables(8). If you want to compile it as a module, say M here and read . If unsure, say `N'. -config BRIDGE_EBT_IP - tristate "ebt: IP filter support" +config BRIDGE_EBT_T_NAT + tristate "ebt: nat table support" depends on BRIDGE_NF_EBTABLES help - This option adds the IP match, which allows basic IP header field - filtering. + The ebtables nat table is used to define rules that alter the MAC + source address (MAC SNAT) or the MAC destination address (MAC DNAT). + See the man page for ebtables(8). If you want to compile it as a module, say M here and read . If unsure, say `N'. - +# +# matches +# config BRIDGE_EBT_ARP tristate "ebt: ARP filter support" depends on BRIDGE_NF_EBTABLES @@ -69,12 +60,12 @@ config BRIDGE_EBT_ARP If you want to compile it as a module, say M here and read . If unsure, say `N'. -config BRIDGE_EBT_VLAN - tristate "ebt: 802.1Q VLAN filter support" +config BRIDGE_EBT_IP + tristate "ebt: IP filter support" depends on BRIDGE_NF_EBTABLES help - This option adds the 802.1Q vlan match, which allows the filtering of - 802.1Q vlan fields. + This option adds the IP match, which allows basic IP header field + filtering. If you want to compile it as a module, say M here and read . If unsure, say `N'. @@ -113,12 +104,24 @@ config BRIDGE_EBT_STP If you want to compile it as a module, say M here and read . If unsure, say `N'. -config BRIDGE_EBT_SNAT - tristate "ebt: snat target support" +config BRIDGE_EBT_VLAN + tristate "ebt: 802.1Q VLAN filter support" depends on BRIDGE_NF_EBTABLES help - This option adds the MAC SNAT target, which allows altering the MAC - source address of frames. + This option adds the 802.1Q vlan match, which allows the filtering of + 802.1Q vlan fields. + + If you want to compile it as a module, say M here and read + . If unsure, say `N'. +# +# targets +# +config BRIDGE_EBT_ARPREPLY + tristate "ebt: arp reply target support" + depends on BRIDGE_NF_EBTABLES + help + This option adds the arp reply target, which allows + automatically sending arp replies to arp requests. If you want to compile it as a module, say M here and read . If unsure, say `N'. @@ -133,6 +136,18 @@ config BRIDGE_EBT_DNAT If you want to compile it as a module, say M here and read . If unsure, say `N'. +config BRIDGE_EBT_MARK_T + tristate "ebt: mark target support" + depends on BRIDGE_NF_EBTABLES + help + This option adds the mark target, which allows marking frames by + setting the 'nfmark' value in the frame. + This value is the same as the one used in the iptables mark match and + target. + + If you want to compile it as a module, say M here and read + . If unsure, say `N'. + config BRIDGE_EBT_REDIRECT tristate "ebt: redirect target support" depends on BRIDGE_NF_EBTABLES @@ -143,15 +158,26 @@ config BRIDGE_EBT_REDIRECT If you want to compile it as a module, say M here and read . If unsure, say `N'. -config BRIDGE_EBT_MARK_T - tristate "ebt: mark target support" +config BRIDGE_EBT_SNAT + tristate "ebt: snat target support" depends on BRIDGE_NF_EBTABLES help - This option adds the mark target, which allows marking frames by - setting the 'nfmark' value in the frame. - This value is the same as the one used in the iptables mark match and - target. + This option adds the MAC SNAT target, which allows altering the MAC + source address of frames. + + If you want to compile it as a module, say M here and read + . If unsure, say `N'. +# +# watchers +# +config BRIDGE_EBT_LOG + tristate "ebt: log support" + depends on BRIDGE_NF_EBTABLES + help + This option adds the log target, that you can use in any rule in + any ebtables table. It records the frame header to the syslog. If you want to compile it as a module, say M here and read . If unsure, say `N'. +endmenu diff -puN net/bridge/netfilter/Makefile~huge-net-update net/bridge/netfilter/Makefile --- 25/net/bridge/netfilter/Makefile~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/bridge/netfilter/Makefile 2003-08-24 12:09:15.000000000 -0700 @@ -3,17 +3,26 @@ # obj-$(CONFIG_BRIDGE_NF_EBTABLES) += ebtables.o + +# tables +obj-$(CONFIG_BRIDGE_EBT_BROUTE) += ebtable_broute.o obj-$(CONFIG_BRIDGE_EBT_T_FILTER) += ebtable_filter.o obj-$(CONFIG_BRIDGE_EBT_T_NAT) += ebtable_nat.o -obj-$(CONFIG_BRIDGE_EBT_BROUTE) += ebtable_broute.o -obj-$(CONFIG_BRIDGE_EBT_IP) += ebt_ip.o + +#matches obj-$(CONFIG_BRIDGE_EBT_ARP) += ebt_arp.o -obj-$(CONFIG_BRIDGE_EBT_VLAN) += ebt_vlan.o +obj-$(CONFIG_BRIDGE_EBT_IP) += ebt_ip.o obj-$(CONFIG_BRIDGE_EBT_MARK) += ebt_mark_m.o obj-$(CONFIG_BRIDGE_EBT_PKTTYPE) += ebt_pkttype.o obj-$(CONFIG_BRIDGE_EBT_STP) += ebt_stp.o -obj-$(CONFIG_BRIDGE_EBT_LOG) += ebt_log.o -obj-$(CONFIG_BRIDGE_EBT_SNAT) += ebt_snat.o +obj-$(CONFIG_BRIDGE_EBT_VLAN) += ebt_vlan.o + +# targets +obj-$(CONFIG_BRIDGE_EBT_ARPREPLY) += ebt_arpreply.o +obj-$(CONFIG_BRIDGE_EBT_MARK_T) += ebt_mark.o obj-$(CONFIG_BRIDGE_EBT_DNAT) += ebt_dnat.o obj-$(CONFIG_BRIDGE_EBT_REDIRECT) += ebt_redirect.o -obj-$(CONFIG_BRIDGE_EBT_MARK_T) += ebt_mark.o +obj-$(CONFIG_BRIDGE_EBT_SNAT) += ebt_snat.o + +# watchers +obj-$(CONFIG_BRIDGE_EBT_LOG) += ebt_log.o diff -puN net/core/scm.c~huge-net-update net/core/scm.c --- 25/net/core/scm.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/core/scm.c 2003-08-24 12:09:15.000000000 -0700 @@ -41,7 +41,7 @@ static __inline__ int scm_check_creds(struct ucred *creds) { - if ((creds->pid == current->pid || capable(CAP_SYS_ADMIN)) && + if ((creds->pid == current->tgid || capable(CAP_SYS_ADMIN)) && ((creds->uid == current->uid || creds->uid == current->euid || creds->uid == current->suid) || capable(CAP_SETUID)) && ((creds->gid == current->gid || creds->gid == current->egid || diff -puN net/ipv4/netfilter/arptable_filter.c~huge-net-update net/ipv4/netfilter/arptable_filter.c --- 25/net/ipv4/netfilter/arptable_filter.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/arptable_filter.c 2003-08-24 12:09:15.000000000 -0700 @@ -8,6 +8,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("David S. Miller "); +MODULE_DESCRIPTION("arptables filter table"); + #define FILTER_VALID_HOOKS ((1 << NF_ARP_IN) | (1 << NF_ARP_OUT) | \ (1 << NF_ARP_FORWARD)) @@ -209,4 +213,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/arp_tables.c~huge-net-update net/ipv4/netfilter/arp_tables.c --- 25/net/ipv4/netfilter/arp_tables.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/arp_tables.c 2003-08-24 12:09:15.000000000 -0700 @@ -25,6 +25,10 @@ #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("David S. Miller "); +MODULE_DESCRIPTION("arptables core"); + /*#define DEBUG_ARP_TABLES*/ /*#define DEBUG_ARP_TABLES_USER*/ @@ -1324,4 +1328,3 @@ EXPORT_SYMBOL(arpt_unregister_target); module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/arpt_mangle.c~huge-net-update net/ipv4/netfilter/arpt_mangle.c --- 25/net/ipv4/netfilter/arpt_mangle.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/arpt_mangle.c 2003-08-24 12:09:15.000000000 -0700 @@ -3,6 +3,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("David S. Miller "); +MODULE_DESCRIPTION("arptables mangle table"); + static unsigned int target(struct sk_buff **pskb, unsigned int hooknum, const struct net_device *in, const struct net_device *out, const void *targinfo, void *userinfo) @@ -98,4 +102,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipchains_core.c~huge-net-update net/ipv4/netfilter/ipchains_core.c --- 25/net/ipv4/netfilter/ipchains_core.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipchains_core.c 2003-08-24 12:09:15.000000000 -0700 @@ -100,6 +100,9 @@ #include #include +MODULE_LICENSE("Dual BSD/GPL"); +MODULE_DESCRIPTION("ipchains backwards compatibility layer"); + /* Understanding locking in this code: (thanks to Alan Cox for using * little words to explain this to me). -- PR * @@ -1842,4 +1845,3 @@ int ipfw_init_or_cleanup(int init) #endif return ret; } -MODULE_LICENSE("Dual BSD/GPL"); diff -puN net/ipv4/netfilter/ip_conntrack_core.c~huge-net-update net/ipv4/netfilter/ip_conntrack_core.c --- 25/net/ipv4/netfilter/ip_conntrack_core.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ip_conntrack_core.c 2003-08-24 12:09:15.000000000 -0700 @@ -285,14 +285,15 @@ static void remove_expectations(struct i static void clean_from_lists(struct ip_conntrack *ct) { + unsigned int ho, hr; + DEBUGP("clean_from_lists(%p)\n", ct); MUST_BE_WRITE_LOCKED(&ip_conntrack_lock); - LIST_DELETE(&ip_conntrack_hash - [hash_conntrack(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple)], - &ct->tuplehash[IP_CT_DIR_ORIGINAL]); - LIST_DELETE(&ip_conntrack_hash - [hash_conntrack(&ct->tuplehash[IP_CT_DIR_REPLY].tuple)], - &ct->tuplehash[IP_CT_DIR_REPLY]); + + ho = hash_conntrack(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); + hr = hash_conntrack(&ct->tuplehash[IP_CT_DIR_REPLY].tuple); + LIST_DELETE(&ip_conntrack_hash[ho], &ct->tuplehash[IP_CT_DIR_ORIGINAL]); + LIST_DELETE(&ip_conntrack_hash[hr], &ct->tuplehash[IP_CT_DIR_REPLY]); /* Destroy all un-established, pending expectations */ remove_expectations(ct, 1); @@ -364,9 +365,10 @@ __ip_conntrack_find(const struct ip_conn const struct ip_conntrack *ignored_conntrack) { struct ip_conntrack_tuple_hash *h; + unsigned int hash = hash_conntrack(tuple); MUST_BE_READ_LOCKED(&ip_conntrack_lock); - h = LIST_FIND(&ip_conntrack_hash[hash_conntrack(tuple)], + h = LIST_FIND(&ip_conntrack_hash[hash], conntrack_tuple_cmp, struct ip_conntrack_tuple_hash *, tuple, ignored_conntrack); diff -puN net/ipv4/netfilter/ip_conntrack_ftp.c~huge-net-update net/ipv4/netfilter/ip_conntrack_ftp.c --- 25/net/ipv4/netfilter/ip_conntrack_ftp.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ip_conntrack_ftp.c 2003-08-24 12:09:15.000000000 -0700 @@ -11,6 +11,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Rusty Russell "); +MODULE_DESCRIPTION("ftp connection tracking helper"); + /* This is slow, but it's simple. --RR */ static char ftp_buffer[65536]; @@ -439,6 +443,5 @@ static int __init init(void) PROVIDES_CONNTRACK(ftp); EXPORT_SYMBOL(ip_ftp_lock); -MODULE_LICENSE("GPL"); module_init(init); module_exit(fini); diff -puN net/ipv4/netfilter/ip_conntrack_irc.c~huge-net-update net/ipv4/netfilter/ip_conntrack_irc.c --- 25/net/ipv4/netfilter/ip_conntrack_irc.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ip_conntrack_irc.c 2003-08-24 12:09:15.000000000 -0700 @@ -41,8 +41,8 @@ static unsigned int dcc_timeout = 300; /* This is slow, but it's simple. --RR */ static char irc_buffer[65536]; -MODULE_AUTHOR("Harald Welte "); -MODULE_DESCRIPTION("IRC (DCC) connection tracking module"); +MODULE_AUTHOR("Harald Welte "); +MODULE_DESCRIPTION("IRC (DCC) connection tracking helper"); MODULE_LICENSE("GPL"); #ifdef MODULE_PARM MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i"); diff -puN net/ipv4/netfilter/ip_conntrack_tftp.c~huge-net-update net/ipv4/netfilter/ip_conntrack_tftp.c --- 25/net/ipv4/netfilter/ip_conntrack_tftp.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ip_conntrack_tftp.c 2003-08-24 12:09:15.000000000 -0700 @@ -17,7 +17,7 @@ #include MODULE_AUTHOR("Magnus Boden "); -MODULE_DESCRIPTION("Netfilter connection tracking module for tftp"); +MODULE_DESCRIPTION("tftp connection tracking helper"); MODULE_LICENSE("GPL"); #define MAX_PORTS 8 @@ -44,7 +44,7 @@ static int tftp_help(struct sk_buff *skb if (skb_copy_bits(skb, skb->nh.iph->ihl * 4 + sizeof(struct udphdr), &tftph, sizeof(tftph)) != 0) - return -1; + return NF_ACCEPT; switch (ntohs(tftph.opcode)) { /* RRQ and WRQ works the same way */ diff -puN net/ipv4/netfilter/ipfwadm_core.c~huge-net-update net/ipv4/netfilter/ipfwadm_core.c --- 25/net/ipv4/netfilter/ipfwadm_core.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipfwadm_core.c 2003-08-24 12:09:15.000000000 -0700 @@ -134,6 +134,7 @@ #include MODULE_LICENSE("Dual BSD/GPL"); +MODULE_DESCRIPTION("ipfwadm backwards compatibility layer"); /* * Implement IP packet firewall diff -puN net/ipv4/netfilter/ip_nat_amanda.c~huge-net-update net/ipv4/netfilter/ip_nat_amanda.c --- 25/net/ipv4/netfilter/ip_nat_amanda.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ip_nat_amanda.c 2003-08-24 12:09:15.000000000 -0700 @@ -35,7 +35,7 @@ #endif MODULE_AUTHOR("Brian J. Murrell "); -MODULE_DESCRIPTION("Amanda network address translation module"); +MODULE_DESCRIPTION("Amanda NAT helper"); MODULE_LICENSE("GPL"); /* protects amanda part of conntracks */ diff -puN net/ipv4/netfilter/ip_nat_core.c~huge-net-update net/ipv4/netfilter/ip_nat_core.c --- 25/net/ipv4/netfilter/ip_nat_core.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ip_nat_core.c 2003-08-24 12:09:15.000000000 -0700 @@ -68,6 +68,7 @@ hash_by_src(const struct ip_conntrack_ma static void ip_nat_cleanup_conntrack(struct ip_conntrack *conn) { struct ip_nat_info *info = &conn->nat.info; + unsigned int hs, hp; if (!info->initialized) return; @@ -75,21 +76,18 @@ static void ip_nat_cleanup_conntrack(str IP_NF_ASSERT(info->bysource.conntrack); IP_NF_ASSERT(info->byipsproto.conntrack); + hs = hash_by_src(&conn->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src, + conn->tuplehash[IP_CT_DIR_ORIGINAL] + .tuple.dst.protonum); + + hp = hash_by_ipsproto(conn->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip, + conn->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip, + conn->tuplehash[IP_CT_DIR_REPLY] + .tuple.dst.protonum); + WRITE_LOCK(&ip_nat_lock); - LIST_DELETE(&bysource[hash_by_src(&conn->tuplehash[IP_CT_DIR_ORIGINAL] - .tuple.src, - conn->tuplehash[IP_CT_DIR_ORIGINAL] - .tuple.dst.protonum)], - &info->bysource); - - LIST_DELETE(&byipsproto - [hash_by_ipsproto(conn->tuplehash[IP_CT_DIR_REPLY] - .tuple.src.ip, - conn->tuplehash[IP_CT_DIR_REPLY] - .tuple.dst.ip, - conn->tuplehash[IP_CT_DIR_REPLY] - .tuple.dst.protonum)], - &info->byipsproto); + LIST_DELETE(&bysource[hs], &info->bysource); + LIST_DELETE(&byipsproto[hp], &info->byipsproto); WRITE_UNLOCK(&ip_nat_lock); } @@ -246,11 +244,12 @@ count_maps(u_int32_t src, u_int32_t dst, const struct ip_conntrack *conntrack) { unsigned int score = 0; + unsigned int h; MUST_BE_READ_LOCKED(&ip_nat_lock); - LIST_FIND(&byipsproto[hash_by_ipsproto(src, dst, protonum)], - fake_cmp, struct ip_nat_hash *, src, dst, protonum, &score, - conntrack); + h = hash_by_ipsproto(src, dst, protonum); + LIST_FIND(&byipsproto[h], fake_cmp, struct ip_nat_hash *, + src, dst, protonum, &score, conntrack); return score; } diff -puN net/ipv4/netfilter/ip_nat_ftp.c~huge-net-update net/ipv4/netfilter/ip_nat_ftp.c --- 25/net/ipv4/netfilter/ip_nat_ftp.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ip_nat_ftp.c 2003-08-24 12:09:15.000000000 -0700 @@ -10,6 +10,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Rusty Russell "); +MODULE_DESCRIPTION("ftp NAT helper"); + #if 0 #define DEBUGP printk #else @@ -342,4 +346,3 @@ NEEDS_CONNTRACK(ftp); module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ip_nat_irc.c~huge-net-update net/ipv4/netfilter/ip_nat_irc.c --- 25/net/ipv4/netfilter/ip_nat_irc.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ip_nat_irc.c 2003-08-24 12:09:15.000000000 -0700 @@ -39,7 +39,7 @@ static int ports[MAX_PORTS]; static int ports_c; MODULE_AUTHOR("Harald Welte "); -MODULE_DESCRIPTION("IRC (DCC) network address translation module"); +MODULE_DESCRIPTION("IRC (DCC) NAT helper"); MODULE_LICENSE("GPL"); #ifdef MODULE_PARM MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i"); diff -puN net/ipv4/netfilter/ip_nat_snmp_basic.c~huge-net-update net/ipv4/netfilter/ip_nat_snmp_basic.c --- 25/net/ipv4/netfilter/ip_nat_snmp_basic.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ip_nat_snmp_basic.c 2003-08-24 12:09:15.000000000 -0700 @@ -56,7 +56,9 @@ #include #include - +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("James Morris "); +MODULE_DESCRIPTION("Basic SNMP Application Layer Gateway"); #define SNMP_PORT 161 #define SNMP_TRAP_PORT 162 @@ -1357,5 +1359,3 @@ module_init(init); module_exit(fini); MODULE_PARM(debug, "i"); -MODULE_DESCRIPTION("Basic SNMP Application Layer Gateway"); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ip_nat_tftp.c~huge-net-update net/ipv4/netfilter/ip_nat_tftp.c --- 25/net/ipv4/netfilter/ip_nat_tftp.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ip_nat_tftp.c 2003-08-24 12:09:15.000000000 -0700 @@ -30,7 +30,7 @@ #include MODULE_AUTHOR("Magnus Boden "); -MODULE_DESCRIPTION("Netfilter NAT helper for tftp"); +MODULE_DESCRIPTION("tfpt NAT helper"); MODULE_LICENSE("GPL"); #define MAX_PORTS 8 diff -puN net/ipv4/netfilter/iptable_filter.c~huge-net-update net/ipv4/netfilter/iptable_filter.c --- 25/net/ipv4/netfilter/iptable_filter.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/iptable_filter.c 2003-08-24 12:09:15.000000000 -0700 @@ -6,6 +6,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Netfilter Core Team "); +MODULE_DESCRIPTION("iptables filter table"); + #define FILTER_VALID_HOOKS ((1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT)) /* Standard entry. */ @@ -200,4 +204,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/iptable_mangle.c~huge-net-update net/ipv4/netfilter/iptable_mangle.c --- 25/net/ipv4/netfilter/iptable_mangle.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/iptable_mangle.c 2003-08-24 12:09:15.000000000 -0700 @@ -14,6 +14,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Netfilter Core Team "); +MODULE_DESCRIPTION("iptables mangle table"); + #define MANGLE_VALID_HOOKS ((1 << NF_IP_PRE_ROUTING) | \ (1 << NF_IP_LOCAL_IN) | \ (1 << NF_IP_FORWARD) | \ @@ -267,4 +271,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ip_tables.c~huge-net-update net/ipv4/netfilter/ip_tables.c --- 25/net/ipv4/netfilter/ip_tables.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ip_tables.c 2003-08-24 12:09:15.000000000 -0700 @@ -25,6 +25,10 @@ #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Netfilter Core Team "); +MODULE_DESCRIPTION("IPv4 packet filter"); + /*#define DEBUG_IP_FIREWALL*/ /*#define DEBUG_ALLOW_ALL*/ /* Useful for remote debugging */ /*#define DEBUG_IP_FIREWALL_USER*/ @@ -1845,4 +1849,3 @@ EXPORT_SYMBOL(ipt_unregister_target); module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_ah.c~huge-net-update net/ipv4/netfilter/ipt_ah.c --- 25/net/ipv4/netfilter/ipt_ah.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_ah.c 2003-08-24 12:09:15.000000000 -0700 @@ -7,6 +7,8 @@ #include MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Yon Uriarte "); +MODULE_DESCRIPTION("iptables AH SPI match module"); #ifdef DEBUG_CONNTRACK #define duprintf(format, args...) printk(format , ## args) diff -puN net/ipv4/netfilter/ipt_conntrack.c~huge-net-update net/ipv4/netfilter/ipt_conntrack.c --- 25/net/ipv4/netfilter/ipt_conntrack.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_conntrack.c 2003-08-24 12:09:15.000000000 -0700 @@ -8,6 +8,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Marc Boucher "); +MODULE_DESCRIPTION("iptables connection tracking match module"); + static int match(const struct sk_buff *skb, const struct net_device *in, @@ -122,4 +126,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_dscp.c~huge-net-update net/ipv4/netfilter/ipt_dscp.c --- 25/net/ipv4/netfilter/ipt_dscp.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_dscp.c 2003-08-24 12:09:15.000000000 -0700 @@ -13,8 +13,8 @@ #include #include -MODULE_AUTHOR("Harald Welte "); -MODULE_DESCRIPTION("IP tables DSCP matching module"); +MODULE_AUTHOR("Harald Welte "); +MODULE_DESCRIPTION("iptables DSCP matching module"); MODULE_LICENSE("GPL"); static int match(const struct sk_buff *skb, const struct net_device *in, diff -puN net/ipv4/netfilter/ipt_DSCP.c~huge-net-update net/ipv4/netfilter/ipt_DSCP.c --- 25/net/ipv4/netfilter/ipt_DSCP.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_DSCP.c 2003-08-24 12:09:15.000000000 -0700 @@ -17,8 +17,8 @@ #include #include -MODULE_AUTHOR("Harald Welte "); -MODULE_DESCRIPTION("IP tables DSCP modification module"); +MODULE_AUTHOR("Harald Welte "); +MODULE_DESCRIPTION("iptables DSCP modification module"); MODULE_LICENSE("GPL"); static unsigned int diff -puN net/ipv4/netfilter/ipt_ecn.c~huge-net-update net/ipv4/netfilter/ipt_ecn.c --- 25/net/ipv4/netfilter/ipt_ecn.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_ecn.c 2003-08-24 12:09:15.000000000 -0700 @@ -14,8 +14,8 @@ #include #include -MODULE_AUTHOR("Harald Welte "); -MODULE_DESCRIPTION("IP tables ECN matching module"); +MODULE_AUTHOR("Harald Welte "); +MODULE_DESCRIPTION("iptables ECN matching module"); MODULE_LICENSE("GPL"); static inline int match_ip(const struct sk_buff *skb, diff -puN net/ipv4/netfilter/ipt_ECN.c~huge-net-update net/ipv4/netfilter/ipt_ECN.c --- 25/net/ipv4/netfilter/ipt_ECN.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_ECN.c 2003-08-24 12:09:15.000000000 -0700 @@ -17,6 +17,8 @@ #include MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Harald Welte "); +MODULE_DESCRIPTION("iptables ECN modification module"); /* set ECT codepoint from IP header. * return 0 if there was an error. */ diff -puN net/ipv4/netfilter/ipt_esp.c~huge-net-update net/ipv4/netfilter/ipt_esp.c --- 25/net/ipv4/netfilter/ipt_esp.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_esp.c 2003-08-24 12:09:15.000000000 -0700 @@ -7,6 +7,8 @@ #include MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Yon Uriarte "); +MODULE_DESCRIPTION("iptables ESP SPI match module"); #ifdef DEBUG_CONNTRACK #define duprintf(format, args...) printk(format , ## args) diff -puN net/ipv4/netfilter/ipt_helper.c~huge-net-update net/ipv4/netfilter/ipt_helper.c --- 25/net/ipv4/netfilter/ipt_helper.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_helper.c 2003-08-24 12:09:15.000000000 -0700 @@ -17,6 +17,8 @@ #include MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Martin Josefsson "); +MODULE_DESCRIPTION("iptables helper match module"); #if 0 #define DEBUGP printk diff -puN net/ipv4/netfilter/ipt_limit.c~huge-net-update net/ipv4/netfilter/ipt_limit.c --- 25/net/ipv4/netfilter/ipt_limit.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_limit.c 2003-08-24 12:09:15.000000000 -0700 @@ -15,6 +15,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Herve Eychenne "); +MODULE_DESCRIPTION("iptables rate limit match"); + /* The algorithm used is the Simple Token Bucket Filter (TBF) * see net/sched/sch_tbf.c in the linux source tree */ @@ -134,4 +138,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_LOG.c~huge-net-update net/ipv4/netfilter/ipt_LOG.c --- 25/net/ipv4/netfilter/ipt_LOG.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_LOG.c 2003-08-24 12:09:15.000000000 -0700 @@ -13,6 +13,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Netfilter Core Team "); +MODULE_DESCRIPTION("iptables syslog logging module"); + #if 0 #define DEBUGP printk #else @@ -413,4 +417,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_mac.c~huge-net-update net/ipv4/netfilter/ipt_mac.c --- 25/net/ipv4/netfilter/ipt_mac.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_mac.c 2003-08-24 12:09:15.000000000 -0700 @@ -6,6 +6,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Netfilter Core Team "); +MODULE_DESCRIPTION("iptables mac matching module"); + static int match(const struct sk_buff *skb, const struct net_device *in, @@ -64,4 +68,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_mark.c~huge-net-update net/ipv4/netfilter/ipt_mark.c --- 25/net/ipv4/netfilter/ipt_mark.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_mark.c 2003-08-24 12:09:15.000000000 -0700 @@ -5,6 +5,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Marc Boucher "); +MODULE_DESCRIPTION("iptables mark matching module"); + static int match(const struct sk_buff *skb, const struct net_device *in, @@ -50,4 +54,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_MARK.c~huge-net-update net/ipv4/netfilter/ipt_MARK.c --- 25/net/ipv4/netfilter/ipt_MARK.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_MARK.c 2003-08-24 12:09:15.000000000 -0700 @@ -7,6 +7,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Marc Boucher "); +MODULE_DESCRIPTION("iptables MARK modification module"); + static unsigned int target(struct sk_buff **pskb, const struct net_device *in, @@ -68,4 +72,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_MASQUERADE.c~huge-net-update net/ipv4/netfilter/ipt_MASQUERADE.c --- 25/net/ipv4/netfilter/ipt_MASQUERADE.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_MASQUERADE.c 2003-08-24 12:09:15.000000000 -0700 @@ -12,6 +12,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Netfilter Core Team "); +MODULE_DESCRIPTION("iptables MASQUERADE target module"); + #if 0 #define DEBUGP printk #else @@ -213,4 +217,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN -L net/ipv4/netfilter/ipt_MIRROR.c net/ipv4/netfilter/ipt_MIRROR.c~huge-net-update /dev/null --- 25/net/ipv4/netfilter/ipt_MIRROR.c +++ /dev/null 2002-08-30 16:31:37.000000000 -0700 @@ -1,222 +0,0 @@ -/* - This is a module which is used for resending packets with inverted src and dst. - - Based on code from: ip_nat_dumb.c,v 1.9 1999/08/20 - and various sources. - - Copyright (C) 2000 Emmanuel Roger - - Changes: - 25 Aug 2001 Harald Welte - - decrement and check TTL if not called from FORWARD hook - 18 Jul 2003 Harald Welte - - merge Patrick McHardy's mirror fixes from 2.4.22 to - 2.6.0-test1 - 19 Jul 2003 Harald Welte - - merge Patrick McHardy's rp_filter fixes from 2.4.22 to - 2.6.0-test1 - - This program is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by the - Free Software Foundation; either version 2 of the License, or (at your - option) any later version. - - This program is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#if 0 -#define DEBUGP printk -#else -#define DEBUGP(format, args...) -#endif - -static inline struct rtable *route_mirror(struct sk_buff *skb, int local) -{ - struct iphdr *iph = skb->nh.iph; - struct dst_entry *odst; - struct flowi fl = {}; - struct rtable *rt; - - if (local) { - fl.nl_u.ip4_u.daddr = iph->saddr; - fl.nl_u.ip4_u.saddr = iph->daddr; - fl.nl_u.ip4_u.tos = RT_TOS(iph->tos); - - if (ip_route_output_key(&rt, &fl) != 0) - return NULL; - } else { - /* non-local src, find valid iif to satisfy - * rp-filter when calling ip_route_input(). */ - fl.nl_u.ip4_u.daddr = iph->daddr; - if (ip_route_output_key(&rt, &fl) != 0) - return NULL; - - odst = skb->dst; - if (ip_route_input(skb, iph->saddr, iph->daddr, - RT_TOS(iph->tos), rt->u.dst.dev) != 0) { - dst_release(&rt->u.dst); - return NULL; - } - dst_release(&rt->u.dst); - rt = (struct rtable *)skb->dst; - skb->dst = odst; - } - - if (rt->u.dst.error) { - dst_release(&rt->u.dst); - rt = NULL; - } - - return rt; -} - -static inline void ip_rewrite(struct sk_buff *skb) -{ - u32 odaddr, osaddr; - - odaddr = skb->nh.iph->saddr; - osaddr = skb->nh.iph->daddr; - - skb->nfcache |= NFC_ALTERED; - - /* Rewrite IP header */ - skb->nh.iph->daddr = odaddr; - skb->nh.iph->saddr = osaddr; -} - -/* Stolen from ip_finish_output2 */ -static void ip_direct_send(struct sk_buff *skb) -{ - struct dst_entry *dst = skb->dst; - struct hh_cache *hh = dst->hh; - - if (hh) { - int hh_alen; - - read_lock_bh(&hh->hh_lock); - hh_alen = HH_DATA_ALIGN(hh->hh_len); - memcpy(skb->data - hh_alen, hh->hh_data, hh_alen); - read_unlock_bh(&hh->hh_lock); - skb_push(skb, hh->hh_len); - hh->hh_output(skb); - } else if (dst->neighbour) - dst->neighbour->output(skb); - else { - printk(KERN_DEBUG "khm in MIRROR\n"); - kfree_skb(skb); - } -} - -static unsigned int ipt_mirror_target(struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - unsigned int hooknum, - const void *targinfo, - void *userinfo) -{ - struct rtable *rt; - struct sk_buff *nskb; - unsigned int hh_len; - - /* Make skb writable */ - if (!skb_ip_make_writable(pskb, sizeof(struct iphdr))) - return 0; - - /* If we are not at FORWARD hook (INPUT/PREROUTING), - * the TTL isn't decreased by the IP stack */ - if (hooknum != NF_IP_FORWARD) { - if ((*pskb)->nh.iph->ttl <= 1) { - /* this will traverse normal stack, and - * thus call conntrack on the icmp packet */ - icmp_send(*pskb, ICMP_TIME_EXCEEDED, - ICMP_EXC_TTL, 0); - return NF_DROP; - } - ip_decrease_ttl((*pskb)->nh.iph); - } - - if ((rt = route_mirror(*pskb, hooknum == NF_IP_LOCAL_IN)) == NULL) - return NF_DROP; - - hh_len = (rt->u.dst.dev->hard_header_len + 15) & ~15; - - /* Copy skb (even if skb is about to be dropped, we can't just - * clone it because there may be other things, such as tcpdump, - * interested in it). We also need to expand headroom in case - * hh_len of incoming interface < hh_len of outgoing interface */ - nskb = skb_copy_expand(*pskb, hh_len, skb_tailroom(*pskb), GFP_ATOMIC); - if (nskb == NULL) { - dst_release(&rt->u.dst); - return NF_DROP; - } - - dst_release(nskb->dst); - nskb->dst = &rt->u.dst; - - ip_rewrite(nskb); - /* Don't let conntrack code see this packet: - * it will think we are starting a new - * connection! --RR */ - ip_direct_send(nskb); - - return NF_DROP; -} - -static int ipt_mirror_checkentry(const char *tablename, - const struct ipt_entry *e, - void *targinfo, - unsigned int targinfosize, - unsigned int hook_mask) -{ - /* Only on INPUT, FORWARD or PRE_ROUTING, otherwise loop danger. */ - if (hook_mask & ~((1 << NF_IP_PRE_ROUTING) - | (1 << NF_IP_FORWARD) - | (1 << NF_IP_LOCAL_IN))) { - DEBUGP("MIRROR: bad hook\n"); - return 0; - } - - if (targinfosize != IPT_ALIGN(0)) { - DEBUGP("MIRROR: targinfosize %u != 0\n", targinfosize); - return 0; - } - - return 1; -} - -static struct ipt_target ipt_mirror_reg = { - .name = "MIRROR", - .target = ipt_mirror_target, - .checkentry = ipt_mirror_checkentry, - .me = THIS_MODULE, -}; - -static int __init init(void) -{ - return ipt_register_target(&ipt_mirror_reg); -} - -static void __exit fini(void) -{ - ipt_unregister_target(&ipt_mirror_reg); -} - -module_init(init); -module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_multiport.c~huge-net-update net/ipv4/netfilter/ipt_multiport.c --- 25/net/ipv4/netfilter/ipt_multiport.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_multiport.c 2003-08-24 12:09:15.000000000 -0700 @@ -8,6 +8,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Netfilter Core Team "); +MODULE_DESCRIPTION("iptables multiple port match module"); + #if 0 #define duprintf(format, args...) printk(format , ## args) #else @@ -106,4 +110,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_owner.c~huge-net-update net/ipv4/netfilter/ipt_owner.c --- 25/net/ipv4/netfilter/ipt_owner.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_owner.c 2003-08-24 12:09:15.000000000 -0700 @@ -11,6 +11,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Marc Boucher "); +MODULE_DESCRIPTION("iptables owner match"); + static int match_comm(const struct sk_buff *skb, const char *comm) { @@ -198,4 +202,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_physdev.c~huge-net-update net/ipv4/netfilter/ipt_physdev.c --- 25/net/ipv4/netfilter/ipt_physdev.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_physdev.c 2003-08-24 12:09:15.000000000 -0700 @@ -8,6 +8,10 @@ #define MATCH 1 #define NOMATCH 0 +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Bart De Schuymer "); +MODULE_DESCRIPTION("iptables bridge physical device match module"); + static int match(const struct sk_buff *skb, const struct net_device *in, @@ -120,4 +124,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_REDIRECT.c~huge-net-update net/ipv4/netfilter/ipt_REDIRECT.c --- 25/net/ipv4/netfilter/ipt_REDIRECT.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_REDIRECT.c 2003-08-24 12:09:15.000000000 -0700 @@ -12,6 +12,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Netfilter Core Team "); +MODULE_DESCRIPTION("iptables REDIRECT target module"); + #if 0 #define DEBUGP printk #else @@ -115,4 +119,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_REJECT.c~huge-net-update net/ipv4/netfilter/ipt_REJECT.c --- 25/net/ipv4/netfilter/ipt_REJECT.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_REJECT.c 2003-08-24 12:09:15.000000000 -0700 @@ -16,6 +16,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Netfilter Core Team "); +MODULE_DESCRIPTION("iptables REJECT target module"); + #if 0 #define DEBUGP printk #else @@ -137,6 +141,10 @@ static void send_reset(struct sk_buff *o nskb->nf_debug = 0; #endif nskb->nfmark = 0; +#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) + nf_bridge_put(nskb->nf_bridge); + nskb->nf_bridge = NULL; +#endif tcph = (struct tcphdr *)((u_int32_t*)nskb->nh.iph + nskb->nh.iph->ihl); @@ -462,4 +470,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_state.c~huge-net-update net/ipv4/netfilter/ipt_state.c --- 25/net/ipv4/netfilter/ipt_state.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_state.c 2003-08-24 12:09:15.000000000 -0700 @@ -7,6 +7,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Rusty Russell "); +MODULE_DESCRIPTION("iptables connection tracking state match module"); + static int match(const struct sk_buff *skb, const struct net_device *in, @@ -59,4 +63,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_tcpmss.c~huge-net-update net/ipv4/netfilter/ipt_tcpmss.c --- 25/net/ipv4/netfilter/ipt_tcpmss.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_tcpmss.c 2003-08-24 12:09:15.000000000 -0700 @@ -8,6 +8,10 @@ #define TH_SYN 0x02 +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Marc Boucher "); +MODULE_DESCRIPTION("iptables TCP MSS match module"); + /* Returns 1 if the mss option is set and matched by the range, 0 otherwise */ static inline int mssoption_match(u_int16_t min, u_int16_t max, @@ -117,4 +121,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_TCPMSS.c~huge-net-update net/ipv4/netfilter/ipt_TCPMSS.c --- 25/net/ipv4/netfilter/ipt_TCPMSS.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_TCPMSS.c 2003-08-24 12:09:15.000000000 -0700 @@ -12,6 +12,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Marc Boucher "); +MODULE_DESCRIPTION("iptables TCP MSS modification module"); + #if 0 #define DEBUGP printk #else @@ -250,4 +254,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_tos.c~huge-net-update net/ipv4/netfilter/ipt_tos.c --- 25/net/ipv4/netfilter/ipt_tos.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_tos.c 2003-08-24 12:09:15.000000000 -0700 @@ -5,6 +5,9 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("iptables TOS match module"); + static int match(const struct sk_buff *skb, const struct net_device *in, @@ -50,4 +53,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_TOS.c~huge-net-update net/ipv4/netfilter/ipt_TOS.c --- 25/net/ipv4/netfilter/ipt_TOS.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_TOS.c 2003-08-24 12:09:15.000000000 -0700 @@ -7,6 +7,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Netfilter Core Team "); +MODULE_DESCRIPTION("iptables TOS mangling module"); + static unsigned int target(struct sk_buff **pskb, const struct net_device *in, @@ -93,4 +97,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/ipt_ULOG.c~huge-net-update net/ipv4/netfilter/ipt_ULOG.c --- 25/net/ipv4/netfilter/ipt_ULOG.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_ULOG.c 2003-08-24 12:09:15.000000000 -0700 @@ -55,7 +55,7 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Harald Welte "); -MODULE_DESCRIPTION("IP tables userspace logging module"); +MODULE_DESCRIPTION("iptables userspace logging module"); #define ULOG_NL_EVENT 111 /* Harald's favorite number */ #define ULOG_MAXNLGROUPS 32 /* numer of nlgroups */ diff -puN -L net/ipv4/netfilter/ipt_unclean.c net/ipv4/netfilter/ipt_unclean.c~huge-net-update /dev/null --- 25/net/ipv4/netfilter/ipt_unclean.c +++ /dev/null 2002-08-30 16:31:37.000000000 -0700 @@ -1,610 +0,0 @@ -/* Kernel module to match suspect packets. */ -#include -#include -#include -#include -#include -#include -#include - -#include - -#define limpk(format, args...) \ -do { \ - if (net_ratelimit()) \ - printk("ipt_unclean: %s" format, \ - embedded ? "(embedded packet) " : "" , ## args); \ -} while(0) - -enum icmp_error_status -{ - ICMP_MAY_BE_ERROR, - ICMP_IS_ERROR, - ICMP_NOT_ERROR -}; - -struct icmp_info -{ - size_t min_len, max_len; - enum icmp_error_status err; - u_int8_t min_code, max_code; -}; - -static int -check_ip(const struct sk_buff *skb, unsigned int offset); - -/* ICMP-specific checks. */ -static int -check_icmp(const struct sk_buff *skb, - unsigned int offset, - unsigned int fragoff, - int more_frags, - int embedded) -{ - struct icmphdr icmph; - static struct icmp_info info[] - = { [ICMP_ECHOREPLY] - = { 8, 65536, ICMP_NOT_ERROR, 0, 0 }, - [ICMP_DEST_UNREACH] - = { 8 + 28, 65536, ICMP_IS_ERROR, 0, 15 }, - [ICMP_SOURCE_QUENCH] - = { 8 + 28, 65536, ICMP_IS_ERROR, 0, 0 }, - [ICMP_REDIRECT] - = { 8 + 28, 65536, ICMP_IS_ERROR, 0, 3 }, - [ICMP_ECHO] - = { 8, 65536, ICMP_NOT_ERROR, 0, 0 }, - /* Router advertisement. */ - [9] - = { 8, 8 + 255 * 8, ICMP_NOT_ERROR, 0, 0 }, - /* Router solicitation. */ - [10] - = { 8, 8, ICMP_NOT_ERROR, 0, 0 }, - [ICMP_TIME_EXCEEDED] - = { 8 + 28, 65536, ICMP_IS_ERROR, 0, 1 }, - [ICMP_PARAMETERPROB] - = { 8 + 28, 65536, ICMP_IS_ERROR, 0, 1 }, - [ICMP_TIMESTAMP] - = { 20, 20, ICMP_NOT_ERROR, 0, 0 }, - [ICMP_TIMESTAMPREPLY] - = { 20, 20, ICMP_NOT_ERROR, 0, 0 }, - [ICMP_INFO_REQUEST] - = { 8, 65536, ICMP_NOT_ERROR, 0, 0 }, - [ICMP_INFO_REPLY] - = { 8, 65536, ICMP_NOT_ERROR, 0, 0 }, - [ICMP_ADDRESS] - = { 12, 12, ICMP_NOT_ERROR, 0, 0 }, - [ICMP_ADDRESSREPLY] - = { 12, 12, ICMP_NOT_ERROR, 0, 0 } }; - - /* Can't do anything if it's a fragment. */ - if (fragoff) - return 1; - - /* CHECK: Must have whole header.. */ - if (skb_copy_bits(skb, offset, &icmph, sizeof(icmph)) < 0) { - limpk("ICMP len=%u too short\n", skb->len - offset); - return 0; - } - - /* If not embedded in an ICMP error already. */ - if (!embedded) { - /* CHECK: Truncated ICMP (even if first fragment). */ - if (icmph.type < sizeof(info)/sizeof(struct icmp_info) - && info[icmph.type].min_len != 0 - && skb->len - offset < info[icmph.type].min_len) { - limpk("ICMP type %u len %u too short\n", - icmph.type, skb->len - offset); - return 0; - } - - /* CHECK: Check within known error ICMPs. */ - if (icmph.type < sizeof(info)/sizeof(struct icmp_info) - && info[icmph.type].err == ICMP_IS_ERROR) { - /* Max IP header size = 60 */ - char inner[60 + 8]; - struct iphdr *inner_ip = (struct iphdr *)inner; - - /* CHECK: Embedded packet must be at least - length of iph + 8 bytes. */ - if (skb_copy_bits(skb, offset + sizeof(icmph), - inner, sizeof(struct iphdr)+8) < 0) { - limpk("ICMP error internal way too short\n"); - return 0; - } - - /* iphhdr may actually be longer: still need 8 - actual protocol bytes. */ - if (offset + sizeof(icmph) + inner_ip->ihl*4 + 8 - > skb->len) { - limpk("ICMP error internal too short\n"); - return 0; - } - if (!check_ip(skb, offset + sizeof(icmph))) - return 0; - } - } else { - /* CHECK: Can't embed ICMP unless known non-error. */ - if (icmph.type >= sizeof(info)/sizeof(struct icmp_info) - || info[icmph.type].err != ICMP_NOT_ERROR) { - limpk("ICMP type %u not embeddable\n", - icmph.type); - return 0; - } - } - - /* CHECK: Invalid ICMP codes. */ - if (icmph.type < sizeof(info)/sizeof(struct icmp_info) - && (icmph.code < info[icmph.type].min_code - || icmph.code > info[icmph.type].max_code)) { - limpk("ICMP type=%u code=%u\n", - icmph.type, icmph.code); - return 0; - } - - /* CHECK: Above maximum length. */ - if (icmph.type < sizeof(info)/sizeof(struct icmp_info) - && info[icmph.type].max_len != 0 - && skb->len - offset > info[icmph.type].max_len) { - limpk("ICMP type=%u too long: %u bytes\n", - icmph.type, skb->len - offset); - return 0; - } - - switch (icmph.type) { - case ICMP_PARAMETERPROB: { - /* CHECK: Problem param must be within error packet's - * IP header. */ - u_int32_t arg = ntohl(icmph.un.gateway); - - if (icmph.code == 0) { - /* We've already made sure it's long enough. */ - struct iphdr iph; - skb_copy_bits(skb, offset + sizeof(icmph), &iph, - sizeof(iph)); - /* Code 0 means that upper 8 bits is pointer - to problem. */ - if ((arg >> 24) >= iph.ihl*4) { - limpk("ICMP PARAMETERPROB ptr = %u\n", - ntohl(icmph.un.gateway) >> 24); - return 0; - } - arg &= 0x00FFFFFF; - } - - /* CHECK: Rest must be zero. */ - if (arg) { - limpk("ICMP PARAMETERPROB nonzero arg = %u\n", - arg); - return 0; - } - break; - } - - case ICMP_TIME_EXCEEDED: - case ICMP_SOURCE_QUENCH: - /* CHECK: Unused must be zero. */ - if (icmph.un.gateway != 0) { - limpk("ICMP type=%u unused = %u\n", - icmph.type, ntohl(icmph.un.gateway)); - return 0; - } - break; - } - - return 1; -} - -/* UDP-specific checks. */ -static int -check_udp(const struct sk_buff *skb, - unsigned int offset, - unsigned int fragoff, - int more_frags, - int embedded) -{ - struct udphdr udph; - - /* Can't do anything if it's a fragment. */ - if (fragoff) - return 1; - - /* CHECK: Must cover UDP header. */ - if (skb_copy_bits(skb, offset, &udph, sizeof(udph)) < 0) { - limpk("UDP len=%u too short\n", skb->len - offset); - return 0; - } - - /* CHECK: Destination port can't be zero. */ - if (!udph.dest) { - limpk("UDP zero destination port\n"); - return 0; - } - - if (!more_frags) { - if (!embedded) { - /* CHECK: UDP length must match. */ - if (ntohs(udph.len) != skb->len - offset) { - limpk("UDP len too short %u vs %u\n", - ntohs(udph.len), skb->len - offset); - return 0; - } - } else { - /* CHECK: UDP length be >= this truncated pkt. */ - if (ntohs(udph.len) < skb->len - offset) { - limpk("UDP len too long %u vs %u\n", - ntohs(udph.len), skb->len - offset); - return 0; - } - } - } else { - /* CHECK: UDP length must be > this frag's length. */ - if (ntohs(udph.len) <= skb->len - offset) { - limpk("UDP fragment len too short %u vs %u\n", - ntohs(udph.len), skb->len - offset); - return 0; - } - } - - return 1; -} - -/* TCP-specific checks. */ -static int -check_tcp(const struct sk_buff *skb, - unsigned int offset, - unsigned int fragoff, - int more_frags, - int embedded) -{ - struct tcphdr tcph; - unsigned char opt[15 * 4 - sizeof(struct tcphdr)]; - u32 tcpflags; - int end_of_options = 0; - unsigned int i, optlen; - - /* CHECK: Can't have offset=1: used to override TCP syn-checks. */ - /* In fact, this is caught below (offset < 516). */ - - /* Can't do anything if it's a fragment. */ - if (fragoff) - return 1; - - /* CHECK: Smaller than minimal TCP hdr. */ - if (skb_copy_bits(skb, offset, &tcph, sizeof(tcph)) < 0) { - u16 ports[2]; - - if (!embedded) { - limpk("Packet length %u < TCP header.\n", - skb->len - offset); - return 0; - } - - /* Must have ports available (datalen >= 8), from - check_icmp which set embedded = 1 */ - /* CHECK: TCP ports inside ICMP error */ - skb_copy_bits(skb, offset, ports, sizeof(ports)); - if (!ports[0] || !ports[1]) { - limpk("Zero TCP ports %u/%u.\n", - htons(ports[0]), htons(ports[1])); - return 0; - } - return 1; - } - - /* CHECK: TCP header claims tiny size. */ - if (tcph.doff * 4 < sizeof(tcph)) { - limpk("TCP header claims tiny size %u\n", tcph.doff * 4); - return 0; - } - - /* CHECK: Packet smaller than actual TCP hdr. */ - optlen = tcph.doff*4 - sizeof(tcph); - if (skb_copy_bits(skb, offset + sizeof(tcph), opt, optlen) < 0) { - if (!embedded) { - limpk("Packet length %u < actual TCP header.\n", - skb->len - offset); - return 0; - } else - return 1; - } - - /* CHECK: TCP ports non-zero */ - if (!tcph.source || !tcph.dest) { - limpk("Zero TCP ports %u/%u.\n", - htons(tcph.source), htons(tcph.dest)); - return 0; - } - - tcpflags = tcp_flag_word(&tcph); - - /* CHECK: TCP reserved bits zero. */ - if (tcpflags & TCP_RESERVED_BITS) { - limpk("TCP reserved bits not zero\n"); - return 0; - } - - tcpflags &= ~(TCP_DATA_OFFSET | TCP_FLAG_CWR | TCP_FLAG_ECE - | __constant_htonl(0x0000FFFF)); - - /* CHECK: TCP flags. */ - if (tcpflags != TCP_FLAG_SYN - && tcpflags != (TCP_FLAG_SYN|TCP_FLAG_ACK) - && tcpflags != TCP_FLAG_RST - && tcpflags != (TCP_FLAG_RST|TCP_FLAG_ACK) - && tcpflags != (TCP_FLAG_RST|TCP_FLAG_ACK|TCP_FLAG_PSH) - && tcpflags != (TCP_FLAG_FIN|TCP_FLAG_ACK) - && tcpflags != TCP_FLAG_ACK - && tcpflags != (TCP_FLAG_ACK|TCP_FLAG_PSH) - && tcpflags != (TCP_FLAG_ACK|TCP_FLAG_URG) - && tcpflags != (TCP_FLAG_ACK|TCP_FLAG_URG|TCP_FLAG_PSH) - && tcpflags != (TCP_FLAG_FIN|TCP_FLAG_ACK|TCP_FLAG_PSH) - && tcpflags != (TCP_FLAG_FIN|TCP_FLAG_ACK|TCP_FLAG_URG) - && tcpflags != (TCP_FLAG_FIN|TCP_FLAG_ACK|TCP_FLAG_URG - |TCP_FLAG_PSH)) { - limpk("TCP flags bad: 0x%04X\n", ntohl(tcpflags) >> 16); - return 0; - } - - for (i = 0; i < optlen; ) { - switch (opt[i]) { - case 0: - end_of_options = 1; - i++; - break; - case 1: - i++; - break; - default: - /* CHECK: options after EOO. */ - if (end_of_options) { - limpk("TCP option %u after end\n", - opt[i]); - return 0; - } - /* CHECK: options at tail. */ - else if (i+1 >= optlen) { - limpk("TCP option %u at tail\n", - opt[i]); - return 0; - } - /* CHECK: zero-length options. */ - else if (opt[i+1] == 0) { - limpk("TCP option %u 0 len\n", - opt[i]); - return 0; - } - /* CHECK: oversize options. */ - else if (i + opt[i+1] > optlen) { - limpk("TCP option %u at %u too long\n", - (unsigned int) opt[i], i); - return 0; - } - /* Move to next option */ - i += opt[i+1]; - } - } - - return 1; -} - -/* Returns 1 if ok */ -/* Standard IP checks. */ -static int -check_ip(const struct sk_buff *skb, unsigned int offset) -{ - int end_of_options = 0; - unsigned int datalen, optlen; - unsigned int i; - unsigned int fragoff; - struct iphdr iph; - unsigned char opt[15 * 4 - sizeof(struct iphdr)]; - int embedded = offset; - - /* Should only happen for local outgoing raw-socket packets. */ - /* CHECK: length >= ip header. */ - if (skb_copy_bits(skb, offset, &iph, sizeof(iph)) < 0) { - limpk("Packet length %u < IP header.\n", skb->len - offset); - return 0; - } - if (iph.ihl * 4 < sizeof(iph)) { - limpk("IP len %u < minimum IP header.\n", iph.ihl*4); - return 0; - } - - optlen = iph.ihl * 4 - sizeof(iph); - if (skb_copy_bits(skb, offset+sizeof(struct iphdr), opt, optlen)<0) { - limpk("Packet length %u < IP header %u.\n", - skb->len - offset, iph.ihl * 4); - return 0; - } - - fragoff = (ntohs(iph.frag_off) & IP_OFFSET); - datalen = skb->len - (offset + sizeof(struct iphdr) + optlen); - - /* CHECK: Embedded fragment. */ - if (offset && fragoff) { - limpk("Embedded fragment.\n"); - return 0; - } - - for (i = 0; i < optlen; ) { - switch (opt[i]) { - case 0: - end_of_options = 1; - i++; - break; - case 1: - i++; - break; - default: - /* CHECK: options after EOO. */ - if (end_of_options) { - limpk("IP option %u after end\n", - opt[i]); - return 0; - } - /* CHECK: options at tail. */ - else if (i+1 >= optlen) { - limpk("IP option %u at tail\n", - opt[i]); - return 0; - } - /* CHECK: zero-length or one-length options. */ - else if (opt[i+1] < 2) { - limpk("IP option %u %u len\n", - opt[i], opt[i+1]); - return 0; - } - /* CHECK: oversize options. */ - else if (i + opt[i+1] > optlen) { - limpk("IP option %u at %u too long\n", - opt[i], i); - return 0; - } - /* Move to next option */ - i += opt[i+1]; - } - } - - /* Fragment checks. */ - - /* CHECK: More fragments, but doesn't fill 8-byte boundary. */ - if ((ntohs(iph.frag_off) & IP_MF) - && (ntohs(iph.tot_len) % 8) != 0) { - limpk("Truncated fragment %u long.\n", ntohs(iph.tot_len)); - return 0; - } - - /* CHECK: Oversize fragment a-la Ping of Death. */ - if (fragoff * 8 + datalen > 65535) { - limpk("Oversize fragment to %u.\n", fragoff * 8); - return 0; - } - - /* CHECK: DF set and fragoff or MF set. */ - if ((ntohs(iph.frag_off) & IP_DF) - && (fragoff || (ntohs(iph.frag_off) & IP_MF))) { - limpk("DF set and offset=%u, MF=%u.\n", - fragoff, ntohs(iph.frag_off) & IP_MF); - return 0; - } - - /* CHECK: Zero-sized fragments. */ - if ((fragoff || (ntohs(iph.frag_off) & IP_MF)) - && datalen == 0) { - limpk("Zero size fragment offset=%u\n", fragoff); - return 0; - } - - /* Note: we can have even middle fragments smaller than this: - consider a large packet passing through a 600MTU then - 576MTU link: this gives a fragment of 24 data bytes. But - everyone packs fragments largest first, hence a fragment - can't START before 576 - MAX_IP_HEADER_LEN. */ - - /* Used to be min-size 576: I recall Alan Cox saying ax25 goes - down to 128 (576 taken from RFC 791: All hosts must be - prepared to accept datagrams of up to 576 octets). Use 128 - here. */ -#define MIN_LIKELY_MTU 128 - /* CHECK: Min size of first frag = 128. */ - if ((ntohs(iph.frag_off) & IP_MF) - && fragoff == 0 - && ntohs(iph.tot_len) < MIN_LIKELY_MTU) { - limpk("First fragment size %u < %u\n", ntohs(iph.tot_len), - MIN_LIKELY_MTU); - return 0; - } - - /* CHECK: Min offset of frag = 128 - IP hdr len. */ - if (fragoff && fragoff * 8 < MIN_LIKELY_MTU - iph.ihl * 4) { - limpk("Fragment starts at %u < %u\n", fragoff * 8, - MIN_LIKELY_MTU - iph.ihl * 4); - return 0; - } - - /* CHECK: Protocol specification non-zero. */ - if (iph.protocol == 0) { - limpk("Zero protocol\n"); - return 0; - } - - /* FIXME: This is already checked for in "Oversize fragment" - above --RR */ - /* CHECK: Do not use what is unused. - * First bit of fragmentation flags should be unused. - * May be used by OS fingerprinting tools. - * 04 Jun 2002, Maciej Soltysiak, solt@dns.toxicfilms.tv - */ - if (ntohs(iph.frag_off)>>15) { - limpk("IP unused bit set\n"); - return 0; - } - - /* Per-protocol checks. */ - switch (iph.protocol) { - case IPPROTO_ICMP: - return check_icmp(skb, offset + iph.ihl*4, fragoff, - (ntohs(iph.frag_off) & IP_MF), - embedded); - - case IPPROTO_UDP: - return check_udp(skb, offset + iph.ihl*4, fragoff, - (ntohs(iph.frag_off) & IP_MF), - embedded); - - case IPPROTO_TCP: - return check_tcp(skb, offset + iph.ihl*4, fragoff, - (ntohs(iph.frag_off) & IP_MF), - embedded); - default: - /* Ignorance is bliss. */ - return 1; - } -} - -static int -match(const struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - const void *matchinfo, - int offset, - int *hotdrop) -{ - return !check_ip(skb, 0); -} - -/* Called when user tries to insert an entry of this type. */ -static int -checkentry(const char *tablename, - const struct ipt_ip *ip, - void *matchinfo, - unsigned int matchsize, - unsigned int hook_mask) -{ - if (matchsize != IPT_ALIGN(0)) - return 0; - - return 1; -} - -static struct ipt_match unclean_match = { - .name = "unclean", - .match = &match, - .checkentry = &checkentry, - .me = THIS_MODULE, -}; - -static int __init init(void) -{ - return ipt_register_match(&unclean_match); -} - -static void __exit fini(void) -{ - ipt_unregister_match(&unclean_match); -} - -module_init(init); -module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv4/netfilter/Kconfig~huge-net-update net/ipv4/netfilter/Kconfig --- 25/net/ipv4/netfilter/Kconfig~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/Kconfig 2003-08-24 12:09:15.000000000 -0700 @@ -74,8 +74,7 @@ config IP_NF_AMANDA . If unsure, say `Y'. config IP_NF_QUEUE - tristate "Userspace queueing via NETLINK (EXPERIMENTAL)" - depends on EXPERIMENTAL + tristate "Userspace queueing via NETLINK" help Netfilter has the ability to queue packets to user space: the netlink device can be used to access them using this driver. @@ -271,19 +270,9 @@ config IP_NF_MATCH_CONNTRACK If you want to compile it as a module, say M here and read Documentation/modules.txt. If unsure, say `N'. -config IP_NF_MATCH_UNCLEAN - tristate "Unclean match support (EXPERIMENTAL)" - depends on EXPERIMENTAL && IP_NF_IPTABLES - help - Unclean packet matching matches any strange or invalid packets, by - looking at a series of fields in the IP, TCP, UDP and ICMP headers. - - If you want to compile it as a module, say M here and read - . If unsure, say `N'. - config IP_NF_MATCH_OWNER - tristate "Owner match support (EXPERIMENTAL)" - depends on EXPERIMENTAL && IP_NF_IPTABLES + tristate "Owner match support" + depends on IP_NF_IPTABLES help Packet owner matching allows you to match locally-generated packets based on who created them: the user, group, process or session. @@ -324,16 +313,6 @@ config IP_NF_TARGET_REJECT If you want to compile it as a module, say M here and read . If unsure, say `N'. -config IP_NF_TARGET_MIRROR - tristate "MIRROR target support (EXPERIMENTAL)" - depends on EXPERIMENTAL && IP_NF_FILTER - help - The MIRROR target allows a filtering rule to specify that an - incoming packet should be bounced back to the sender. - - If you want to compile it as a module, say M here and read - . If unsure, say `N'. - config IP_NF_NAT tristate "Full NAT" depends on IP_NF_IPTABLES && IP_NF_CONNTRACK diff -puN net/ipv4/netfilter/Makefile~huge-net-update net/ipv4/netfilter/Makefile --- 25/net/ipv4/netfilter/Makefile~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/Makefile 2003-08-24 12:09:15.000000000 -0700 @@ -61,14 +61,12 @@ obj-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_ obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o obj-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state.o obj-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack.o -obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean.o obj-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss.o obj-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev.o # targets obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o -obj-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR.o obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o obj-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP.o diff -puN net/ipv4/route.c~huge-net-update net/ipv4/route.c --- 25/net/ipv4/route.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv4/route.c 2003-08-24 12:09:15.000000000 -0700 @@ -312,49 +312,6 @@ static int rt_cache_seq_show(struct seq_ return 0; } -static int rt_cache_stat_get_info(char *buffer, char **start, off_t offset, int length) -{ - unsigned int dst_entries = atomic_read(&ipv4_dst_ops.entries); - int i; - int len = 0; - - for (i = 0; i < NR_CPUS; i++) { - if (!cpu_possible(i)) - continue; - len += sprintf(buffer+len, "%08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x \n", - dst_entries, - per_cpu_ptr(rt_cache_stat, i)->in_hit, - per_cpu_ptr(rt_cache_stat, i)->in_slow_tot, - per_cpu_ptr(rt_cache_stat, i)->in_slow_mc, - per_cpu_ptr(rt_cache_stat, i)->in_no_route, - per_cpu_ptr(rt_cache_stat, i)->in_brd, - per_cpu_ptr(rt_cache_stat, i)->in_martian_dst, - per_cpu_ptr(rt_cache_stat, i)->in_martian_src, - - per_cpu_ptr(rt_cache_stat, i)->out_hit, - per_cpu_ptr(rt_cache_stat, i)->out_slow_tot, - per_cpu_ptr(rt_cache_stat, i)->out_slow_mc, - - per_cpu_ptr(rt_cache_stat, i)->gc_total, - per_cpu_ptr(rt_cache_stat, i)->gc_ignored, - per_cpu_ptr(rt_cache_stat, i)->gc_goal_miss, - per_cpu_ptr(rt_cache_stat, i)->gc_dst_overflow, - per_cpu_ptr(rt_cache_stat, i)->in_hlist_search, - per_cpu_ptr(rt_cache_stat, i)->out_hlist_search - - ); - } - len -= offset; - - if (len > length) - len = length; - if (len < 0) - len = 0; - - *start = buffer + offset; - return len; -} - static struct seq_operations rt_cache_seq_ops = { .start = rt_cache_seq_start, .next = rt_cache_seq_next, @@ -391,22 +348,89 @@ static struct file_operations rt_cache_s .release = seq_release_private, }; -int __init rt_cache_proc_init(void) + +static void *rt_cpu_seq_start(struct seq_file *seq, loff_t *pos) { - int rc = 0; - struct proc_dir_entry *p = create_proc_entry("rt_cache", S_IRUGO, - proc_net); - if (p) - p->proc_fops = &rt_cache_seq_fops; - else - rc = -ENOMEM; - return rc; + int cpu; + + for (cpu = *pos; cpu < NR_CPUS; ++cpu) { + if (!cpu_possible(cpu)) + continue; + *pos = cpu; + return per_cpu_ptr(rt_cache_stat, cpu); + } + return NULL; +} + +static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos) +{ + int cpu; + + for (cpu = *pos + 1; cpu < NR_CPUS; ++cpu) { + if (!cpu_possible(cpu)) + continue; + *pos = cpu; + return per_cpu_ptr(rt_cache_stat, cpu); + } + return NULL; + } -void __init rt_cache_proc_exit(void) +static void rt_cpu_seq_stop(struct seq_file *seq, void *v) { - remove_proc_entry("rt_cache", proc_net); + } + +static int rt_cpu_seq_show(struct seq_file *seq, void *v) +{ + struct rt_cache_stat *st = v; + + seq_printf(seq,"%08x %08x %08x %08x %08x %08x %08x %08x " + " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n", + atomic_read(&ipv4_dst_ops.entries), + st->in_hit, + st->in_slow_tot, + st->in_slow_mc, + st->in_no_route, + st->in_brd, + st->in_martian_dst, + st->in_martian_src, + + st->out_hit, + st->out_slow_tot, + st->out_slow_mc, + + st->gc_total, + st->gc_ignored, + st->gc_goal_miss, + st->gc_dst_overflow, + st->in_hlist_search, + st->out_hlist_search + ); + return 0; +} + +static struct seq_operations rt_cpu_seq_ops = { + .start = rt_cpu_seq_start, + .next = rt_cpu_seq_next, + .stop = rt_cpu_seq_stop, + .show = rt_cpu_seq_show, +}; + + +static int rt_cpu_seq_open(struct inode *inode, struct file *file) +{ + return seq_open(file, &rt_cpu_seq_ops); +} + +static struct file_operations rt_cpu_seq_fops = { + .owner = THIS_MODULE, + .open = rt_cpu_seq_open, + .read = seq_read, + .llseek = seq_lseek, + .release = seq_release_private, +}; + #endif /* CONFIG_PROC_FS */ static __inline__ void rt_free(struct rtable *rt) @@ -2779,11 +2803,12 @@ int __init ip_rt_init(void) add_timer(&rt_secret_timer); #ifdef CONFIG_PROC_FS - if (rt_cache_proc_init()) + if (!proc_net_fops_create("rt_cache", S_IRUGO, &rt_cache_seq_fops) || + !proc_net_fops_create("rt_cache_stat", S_IRUGO, &rt_cpu_seq_fops)) goto out_enomem; - proc_net_create ("rt_cache_stat", 0, rt_cache_stat_get_info); + #ifdef CONFIG_NET_CLS_ROUTE - create_proc_read_entry("net/rt_acct", 0, 0, ip_rt_acct_read, NULL); + create_proc_read_entry("rt_acct", proc_net, 0, ip_rt_acct_read, NULL); #endif #endif #ifdef CONFIG_XFRM diff -puN net/ipv6/netfilter/ip6table_filter.c~huge-net-update net/ipv6/netfilter/ip6table_filter.c --- 25/net/ipv6/netfilter/ip6table_filter.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv6/netfilter/ip6table_filter.c 2003-08-24 12:09:15.000000000 -0700 @@ -6,6 +6,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Netfilter Core Team "); +MODULE_DESCRIPTION("ip6tables filter table"); + #define FILTER_VALID_HOOKS ((1 << NF_IP6_LOCAL_IN) | (1 << NF_IP6_FORWARD) | (1 << NF_IP6_LOCAL_OUT)) /* Standard entry. */ @@ -202,4 +206,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv6/netfilter/ip6table_mangle.c~huge-net-update net/ipv6/netfilter/ip6table_mangle.c --- 25/net/ipv6/netfilter/ip6table_mangle.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv6/netfilter/ip6table_mangle.c 2003-08-24 12:09:15.000000000 -0700 @@ -6,6 +6,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Netfilter Core Team "); +MODULE_DESCRIPTION("ip6tables mangle table"); + #define MANGLE_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | \ (1 << NF_IP6_LOCAL_IN) | \ (1 << NF_IP6_FORWARD) | \ @@ -279,4 +283,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv6/netfilter/ip6_tables.c~huge-net-update net/ipv6/netfilter/ip6_tables.c --- 25/net/ipv6/netfilter/ip6_tables.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv6/netfilter/ip6_tables.c 2003-08-24 12:09:15.000000000 -0700 @@ -26,6 +26,10 @@ #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Netfilter Core Team "); +MODULE_DESCRIPTION("IPv6 packet filter"); + #define IPV6_HDR_LEN (sizeof(struct ipv6hdr)) #define IPV6_OPTHDR_LEN (sizeof(struct ipv6_opt_hdr)) @@ -1923,4 +1927,3 @@ EXPORT_SYMBOL(ip6t_ext_hdr); module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv6/netfilter/ip6t_eui64.c~huge-net-update net/ipv6/netfilter/ip6t_eui64.c --- 25/net/ipv6/netfilter/ip6t_eui64.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv6/netfilter/ip6t_eui64.c 2003-08-24 12:09:15.000000000 -0700 @@ -6,6 +6,10 @@ #include +MODULE_DESCRIPTION("IPv6 EUI64 address checking match"); +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Andras Kis-Szabo "); + static int match(const struct sk_buff *skb, const struct net_device *in, @@ -88,6 +92,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_DESCRIPTION("IPv6 EUI64 address checking match"); -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Andras Kis-Szabo "); diff -puN net/ipv6/netfilter/ip6t_length.c~huge-net-update net/ipv6/netfilter/ip6t_length.c --- 25/net/ipv6/netfilter/ip6t_length.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv6/netfilter/ip6t_length.c 2003-08-24 12:09:15.000000000 -0700 @@ -5,6 +5,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("James Morris "); +MODULE_DESCRIPTION("IPv6 packet length match"); + static int match(const struct sk_buff *skb, const struct net_device *in, diff -puN net/ipv6/netfilter/ip6t_limit.c~huge-net-update net/ipv6/netfilter/ip6t_limit.c --- 25/net/ipv6/netfilter/ip6t_limit.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv6/netfilter/ip6t_limit.c 2003-08-24 12:09:15.000000000 -0700 @@ -15,6 +15,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Herve Eychenne "); +MODULE_DESCRIPTION("rate limiting within ip6tables"); + /* The algorithm used is the Simple Token Bucket Filter (TBF) * see net/sched/sch_tbf.c in the linux source tree */ @@ -136,4 +140,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv6/netfilter/ip6t_mac.c~huge-net-update net/ipv6/netfilter/ip6t_mac.c --- 25/net/ipv6/netfilter/ip6t_mac.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv6/netfilter/ip6t_mac.c 2003-08-24 12:09:15.000000000 -0700 @@ -6,6 +6,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("MAC address matching module for IPv6"); +MODULE_AUTHOR("Netfilter Core Teaam "); + static int match(const struct sk_buff *skb, const struct net_device *in, @@ -66,5 +70,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); -MODULE_DESCRIPTION("MAC address matching module for IPv6"); diff -puN net/ipv6/netfilter/ip6t_mark.c~huge-net-update net/ipv6/netfilter/ip6t_mark.c --- 25/net/ipv6/netfilter/ip6t_mark.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv6/netfilter/ip6t_mark.c 2003-08-24 12:09:15.000000000 -0700 @@ -5,6 +5,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Netfilter Core Team "); +MODULE_DESCRIPTION("ip6tables mark match"); + static int match(const struct sk_buff *skb, const struct net_device *in, @@ -52,4 +56,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv6/netfilter/ip6t_MARK.c~huge-net-update net/ipv6/netfilter/ip6t_MARK.c --- 25/net/ipv6/netfilter/ip6t_MARK.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv6/netfilter/ip6t_MARK.c 2003-08-24 12:09:15.000000000 -0700 @@ -7,6 +7,9 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Netfilter Core Team "); + static unsigned int target(struct sk_buff **pskb, unsigned int hooknum, @@ -65,4 +68,3 @@ static void __exit fini(void) module_init(init); module_exit(fini); -MODULE_LICENSE("GPL"); diff -puN net/ipv6/netfilter/ip6t_multiport.c~huge-net-update net/ipv6/netfilter/ip6t_multiport.c --- 25/net/ipv6/netfilter/ip6t_multiport.c~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv6/netfilter/ip6t_multiport.c 2003-08-24 12:09:15.000000000 -0700 @@ -9,6 +9,10 @@ #include #include +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Netfilter Core Team "); +MODULE_DESCRIPTION("ip6tables match for multiple ports"); + #if 0 #define duprintf(format, args...) printk(format , ## args) #else diff -puN net/ipv6/netfilter/Kconfig~huge-net-update net/ipv6/netfilter/Kconfig --- 25/net/ipv6/netfilter/Kconfig~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/ipv6/netfilter/Kconfig 2003-08-24 12:09:15.000000000 -0700 @@ -3,14 +3,14 @@ # menu "IPv6: Netfilter Configuration" - depends on INET && EXPERIMENTAL && IPV6!=n && NETFILTER + depends on INET && IPV6!=n && NETFILTER #tristate 'Connection tracking (required for masq/NAT)' CONFIG_IP6_NF_CONNTRACK #if [ "$CONFIG_IP6_NF_CONNTRACK" != "n" ]; then # dep_tristate ' FTP protocol support' CONFIG_IP6_NF_FTP $CONFIG_IP6_NF_CONNTRACK #fi config IP6_NF_QUEUE - tristate "Userspace queueing via NETLINK (EXPERIMENTAL)" + tristate "Userspace queueing via NETLINK" ---help--- This option adds a queue handler to the kernel for IPv6 @@ -62,7 +62,7 @@ config IP6_NF_MATCH_MAC config IP6_NF_MATCH_RT tristate "Routing header match support" - depends on IP6_NF_IPTABLES && EXPERIMENTAL + depends on IP6_NF_IPTABLES help rt matching allows you to match packets based on the routing header of the packet. @@ -72,7 +72,7 @@ config IP6_NF_MATCH_RT config IP6_NF_MATCH_OPTS tristate "Hop-by-hop and Dst opts header match support" - depends on IP6_NF_IPTABLES && EXPERIMENTAL + depends on IP6_NF_IPTABLES help This allows one to match packets based on the hop-by-hop and destination options headers of a packet. @@ -82,7 +82,7 @@ config IP6_NF_MATCH_OPTS config IP6_NF_MATCH_FRAG tristate "Fragmentation header match support" - depends on IP6_NF_IPTABLES && EXPERIMENTAL + depends on IP6_NF_IPTABLES help frag matching allows you to match packets based on the fragmentation header of the packet. @@ -112,7 +112,7 @@ config IP6_NF_MATCH_MULTIPORT . If unsure, say `N'. config IP6_NF_MATCH_OWNER - tristate "Owner match support (EXPERIMENTAL)" + tristate "Owner match support" depends on IP6_NF_IPTABLES help Packet owner matching allows you to match locally-generated packets @@ -134,8 +134,8 @@ config IP6_NF_MATCH_MARK . If unsure, say `N'. config IP6_NF_MATCH_IPV6HEADER - tristate "IPv6 Extension Headers Match (EXPERIMENTAL)" - depends on IP6_NF_IPTABLES && EXPERIMENTAL + tristate "IPv6 Extension Headers Match" + depends on IP6_NF_IPTABLES help This module allows one to match packets based upon the ipv6 extension headers. @@ -144,8 +144,8 @@ config IP6_NF_MATCH_IPV6HEADER . If unsure, say `N'. config IP6_NF_MATCH_AHESP - tristate "AH/ESP match support (EXPERIMENTAL)" - depends on IP6_NF_IPTABLES && EXPERIMENTAL + tristate "AH/ESP match support" + depends on IP6_NF_IPTABLES help This module allows one to match AH and ESP packets. @@ -163,7 +163,7 @@ config IP6_NF_MATCH_LENGTH Documentation/modules.txt. If unsure, say `N'. config IP6_NF_MATCH_EUI64 - tristate "EUI64 address check (EXPERIMENTAL)" + tristate "EUI64 address check" depends on IP6_NF_IPTABLES help This module performs checking on the IPv6 source address diff -puN net/Kconfig~huge-net-update net/Kconfig --- 25/net/Kconfig~huge-net-update 2003-08-24 12:09:15.000000000 -0700 +++ 25-akpm/net/Kconfig 2003-08-24 12:09:15.000000000 -0700 @@ -191,9 +191,11 @@ config BRIDGE information. If you enable iptables support along with the bridge support then you - turn your bridge into a bridging firewall. + turn your bridge into a bridging IP firewall. iptables will then see the IP packets being bridged, so you need to take this into account when setting up your firewall rules. + Enabling arptables support when bridging will let arptables see + bridged ARP traffic in the arptables FORWARD chain. If you want to compile this code as a module ( = code which can be inserted in and removed from the running kernel whenever you want), @@ -243,6 +245,12 @@ menuconfig NETFILTER box can transparently forward the traffic to a local server, typically a caching proxy server. + Yet another use of Netfilter is building a bridging firewall. Using + a bridge with Network packet filtering enabled makes iptables "see" + the bridged traffic. For filtering on the lower network and Ethernet + protocols over the bridge, use ebtables (under bridge netfilter + configuration). + Various modules exist for netfilter which replace the previous masquerading (ipmasqadm), packet filtering (ipchains), transparent proxying, and portforwarding mechanisms. Please see _