* published by the Free Software Foundation.
*
*/
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/netfilter/x_tables.h>
#include <net/netfilter/nf_conntrack.h>
#include <net/netfilter/nf_conntrack_ecache.h>
-#define PFX "CONNSECMARK: "
-
MODULE_LICENSE("GPL");
MODULE_AUTHOR("James Morris <jmorris@redhat.com>");
MODULE_DESCRIPTION("Xtables: target for copying between connection and security mark");
if (strcmp(par->table, "mangle") != 0 &&
strcmp(par->table, "security") != 0) {
- printk(KERN_INFO PFX "target only valid in the \'mangle\' "
- "or \'security\' tables, not \'%s\'.\n", par->table);
+ pr_info("target only valid in the \'mangle\' "
+ "or \'security\' tables, not \'%s\'.\n", par->table);
return false;
}
break;
default:
- printk(KERN_INFO PFX "invalid mode: %hu\n", info->mode);
+ pr_info("invalid mode: %hu\n", info->mode);
return false;
}
if (nf_ct_l3proto_try_module_get(par->family) < 0) {
- printk(KERN_WARNING "can't load conntrack support for "
- "proto=%u\n", par->family);
+ pr_info("cannot load conntrack support for proto=%u\n",
+ par->family);
return false;
}
return true;
*
* See RFC2474 for a description of the DSCP field within the IP Header.
*/
-
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
const struct xt_DSCP_info *info = par->targinfo;
if (info->dscp > XT_DSCP_MAX) {
- printk(KERN_WARNING "DSCP: dscp %x out of range\n", info->dscp);
+ pr_info("dscp %x out of range\n", info->dscp);
return false;
}
return true;
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
-
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
const struct ipt_TTL_info *info = par->targinfo;
if (info->mode > IPT_TTL_MAXMODE) {
- printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n",
- info->mode);
+ pr_info("TTL: invalid or unknown mode %u\n", info->mode);
return false;
}
if (info->mode != IPT_TTL_SET && info->ttl == 0)
const struct ip6t_HL_info *info = par->targinfo;
if (info->mode > IP6T_HL_MAXMODE) {
- printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n",
- info->mode);
+ pr_info("invalid or unknown mode %u\n", info->mode);
return false;
}
if (info->mode != IP6T_HL_SET && info->hop_limit == 0) {
- printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
+ pr_info("increment/decrement does not "
"make sense with value 0\n");
return false;
}
* 02110-1301 USA.
*
*/
-
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/netfilter/x_tables.h>
int err;
if (ledinfo->id[0] == '\0') {
- printk(KERN_ERR KBUILD_MODNAME ": No 'id' parameter given.\n");
+ pr_info("No 'id' parameter given.\n");
return false;
}
err = led_trigger_register(&ledinternal->netfilter_led_trigger);
if (err) {
- printk(KERN_CRIT KBUILD_MODNAME
- ": led_trigger_register() failed\n");
+ pr_warning("led_trigger_register() failed\n");
if (err == -EEXIST)
- printk(KERN_ERR KBUILD_MODNAME
- ": Trigger name is already in use.\n");
+ pr_warning("Trigger name is already in use.\n");
goto exit_alloc;
}
* published by the Free Software Foundation.
*
*/
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/selinux.h>
err = selinux_string_to_sid(sel->selctx, &sel->selsid);
if (err) {
if (err == -EINVAL)
- printk(KERN_INFO PFX "invalid SELinux context \'%s\'\n",
- sel->selctx);
+ pr_info("invalid SELinux context \'%s\'\n",
+ sel->selctx);
return false;
}
if (!sel->selsid) {
- printk(KERN_INFO PFX "unable to map SELinux context \'%s\'\n",
- sel->selctx);
+ pr_info("unable to map SELinux context \'%s\'\n", sel->selctx);
return false;
}
err = selinux_secmark_relabel_packet_permission(sel->selsid);
if (err) {
- printk(KERN_INFO PFX "unable to obtain relabeling permission\n");
+ pr_info("unable to obtain relabeling permission\n");
return false;
}
if (strcmp(par->table, "mangle") != 0 &&
strcmp(par->table, "security") != 0) {
- printk(KERN_INFO PFX "target only valid in the \'mangle\' "
- "or \'security\' tables, not \'%s\'.\n", par->table);
+ pr_info("target only valid in the \'mangle\' "
+ "or \'security\' tables, not \'%s\'.\n", par->table);
return false;
}
if (mode && mode != info->mode) {
- printk(KERN_INFO PFX "mode already set to %hu cannot mix with "
- "rules for mode %hu\n", mode, info->mode);
+ pr_info("mode already set to %hu cannot mix with "
+ "rules for mode %hu\n", mode, info->mode);
return false;
}
break;
default:
- printk(KERN_INFO PFX "invalid mode: %hu\n", info->mode);
+ pr_info("invalid mode: %hu\n", info->mode);
return false;
}
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
-
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
if (dst_mtu(skb_dst(skb)) <= minlen) {
if (net_ratelimit())
- printk(KERN_ERR "xt_TCPMSS: "
+ pr_err("xt_TCPMSS: "
"unknown or invalid path-MTU (%u)\n",
dst_mtu(skb_dst(skb)));
return -1;
}
if (in_mtu <= minlen) {
if (net_ratelimit())
- printk(KERN_ERR "xt_TCPMSS: unknown or "
+ pr_err("xt_TCPMSS: unknown or "
"invalid path-MTU (%u)\n", in_mtu);
return -1;
}
(par->hook_mask & ~((1 << NF_INET_FORWARD) |
(1 << NF_INET_LOCAL_OUT) |
(1 << NF_INET_POST_ROUTING))) != 0) {
- printk("xt_TCPMSS: path-MTU clamping only supported in "
- "FORWARD, OUTPUT and POSTROUTING hooks\n");
+ pr_info("path-MTU clamping only supported in "
+ "FORWARD, OUTPUT and POSTROUTING hooks\n");
return false;
}
xt_ematch_foreach(ematch, e)
if (find_syn_match(ematch))
return true;
- printk("xt_TCPMSS: Only works on TCP SYN packets\n");
+ pr_info("Only works on TCP SYN packets\n");
return false;
}
(par->hook_mask & ~((1 << NF_INET_FORWARD) |
(1 << NF_INET_LOCAL_OUT) |
(1 << NF_INET_POST_ROUTING))) != 0) {
- printk("xt_TCPMSS: path-MTU clamping only supported in "
- "FORWARD, OUTPUT and POSTROUTING hooks\n");
+ pr_info("path-MTU clamping only supported in "
+ "FORWARD, OUTPUT and POSTROUTING hooks\n");
return false;
}
xt_ematch_foreach(ematch, e)
if (find_syn_match(ematch))
return true;
- printk("xt_TCPMSS: Only works on TCP SYN packets\n");
+ pr_info("Only works on TCP SYN packets\n");
return false;
}
#endif
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/jhash.h>
struct xt_cluster_match_info *info = par->matchinfo;
if (info->total_nodes > XT_CLUSTER_NODES_MAX) {
- printk(KERN_ERR "xt_cluster: you have exceeded the maximum "
- "number of cluster nodes (%u > %u)\n",
- info->total_nodes, XT_CLUSTER_NODES_MAX);
+ pr_info("you have exceeded the maximum "
+ "number of cluster nodes (%u > %u)\n",
+ info->total_nodes, XT_CLUSTER_NODES_MAX);
return false;
}
if (info->node_mask >= (1ULL << info->total_nodes)) {
- printk(KERN_ERR "xt_cluster: this node mask cannot be "
- "higher than the total number of nodes\n");
+ pr_info("this node mask cannot be "
+ "higher than the total number of nodes\n");
return false;
}
return true;
/* Kernel module to match connection tracking byte counter.
* GPL (C) 2002 Martin Devera (devik@cdi.cz).
*/
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/bitops.h>
#include <linux/skbuff.h>
return false;
if (nf_ct_l3proto_try_module_get(par->family) < 0) {
- printk(KERN_WARNING "can't load conntrack support for "
- "proto=%u\n", par->family);
+ pr_info("cannot load conntrack support for proto=%u\n",
+ par->family);
return false;
}
* Kernel module to match connection tracking information.
* GPL (C) 1999 Rusty Russell (rusty@rustcorp.com.au).
*/
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/in.h>
#include <linux/in6.h>
#include <linux/ip.h>
connlimit_rnd_inited = true;
}
if (nf_ct_l3proto_try_module_get(par->family) < 0) {
- printk(KERN_WARNING "cannot load conntrack support for "
- "address family %u\n", par->family);
+ pr_info("cannot load conntrack support for "
+ "address family %u\n", par->family);
return false;
}
static bool connmark_tg_check(const struct xt_tgchk_param *par)
{
if (nf_ct_l3proto_try_module_get(par->family) < 0) {
- printk(KERN_WARNING "cannot load conntrack support for "
- "proto=%u\n", par->family);
+ pr_info("cannot load conntrack support for proto=%u\n",
+ par->family);
return false;
}
return true;
static bool connmark_mt_check(const struct xt_mtchk_param *par)
{
if (nf_ct_l3proto_try_module_get(par->family) < 0) {
- printk(KERN_WARNING "cannot load conntrack support for "
- "proto=%u\n", par->family);
+ pr_info("cannot load conntrack support for proto=%u\n",
+ par->family);
return false;
}
return true;
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
-
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/skbuff.h>
#include <net/ipv6.h>
static bool conntrack_mt_check(const struct xt_mtchk_param *par)
{
if (nf_ct_l3proto_try_module_get(par->family) < 0) {
- printk(KERN_WARNING "can't load conntrack support for "
- "proto=%u\n", par->family);
+ pr_info("cannot load conntrack support for proto=%u\n",
+ par->family);
return false;
}
return true;
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
-
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
const struct xt_dscp_info *info = par->matchinfo;
if (info->dscp > XT_DSCP_MAX) {
- printk(KERN_ERR "xt_dscp: dscp %x out of range\n", info->dscp);
+ pr_info("dscp %x out of range\n", info->dscp);
return false;
}
*
* Development of this code was funded by Astaro AG, http://www.astaro.com/
*/
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/spinlock.h>
#include <linux/random.h>
if (ht->cfg.max && ht->count >= ht->cfg.max) {
/* FIXME: do something. question is what.. */
if (net_ratelimit())
- printk(KERN_WARNING
- "xt_hashlimit: max count of %u reached\n",
- ht->cfg.max);
+ pr_err("max count of %u reached\n", ht->cfg.max);
return NULL;
}
ent = kmem_cache_alloc(hashlimit_cachep, GFP_ATOMIC);
if (!ent) {
if (net_ratelimit())
- printk(KERN_ERR
- "xt_hashlimit: can't allocate dsthash_ent\n");
+ pr_err("cannot allocate dsthash_ent\n");
return NULL;
}
memcpy(&ent->dst, dst, sizeof(ent->dst));
/* Check for overflow. */
if (r->cfg.burst == 0 ||
user2credits(r->cfg.avg * r->cfg.burst) < user2credits(r->cfg.avg)) {
- printk(KERN_ERR "xt_hashlimit: overflow, try lower: %u/%u\n",
- r->cfg.avg, r->cfg.burst);
+ pr_info("overflow, try lower: %u/%u\n",
+ r->cfg.avg, r->cfg.burst);
return false;
}
if (r->cfg.mode == 0 ||
if (info->cfg.burst == 0 ||
user2credits(info->cfg.avg * info->cfg.burst) <
user2credits(info->cfg.avg)) {
- printk(KERN_ERR "xt_hashlimit: overflow, try lower: %u/%u\n",
- info->cfg.avg, info->cfg.burst);
+ pr_info("overflow, try lower: %u/%u\n",
+ info->cfg.avg, info->cfg.burst);
return false;
}
if (info->cfg.gc_interval == 0 || info->cfg.expire == 0)
sizeof(struct dsthash_ent), 0, 0,
NULL);
if (!hashlimit_cachep) {
- printk(KERN_ERR "xt_hashlimit: unable to create slab cache\n");
+ pr_warning("unable to create slab cache\n");
goto err2;
}
return 0;
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
-
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/netfilter.h>
struct xt_helper_info *info = par->matchinfo;
if (nf_ct_l3proto_try_module_get(par->family) < 0) {
- printk(KERN_WARNING "can't load conntrack support for "
- "proto=%u\n", par->family);
+ pr_info("cannot load conntrack support for proto=%u\n",
+ par->family);
return false;
}
info->name[29] = '\0';
return ttl < info->ttl;
case IPT_TTL_GT:
return ttl > info->ttl;
- default:
- printk(KERN_WARNING "ipt_ttl: unknown mode %d\n",
- info->mode);
- return false;
}
return false;
switch (info->mode) {
case IP6T_HL_EQ:
return ip6h->hop_limit == info->hop_limit;
- break;
case IP6T_HL_NE:
return ip6h->hop_limit != info->hop_limit;
- break;
case IP6T_HL_LT:
return ip6h->hop_limit < info->hop_limit;
- break;
case IP6T_HL_GT:
return ip6h->hop_limit > info->hop_limit;
- break;
- default:
- printk(KERN_WARNING "ip6t_hl: unknown mode %d\n",
- info->mode);
- return false;
}
return false;
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
-
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/spinlock.h>
/* Check for overflow. */
if (r->burst == 0
|| user2credits(r->avg * r->burst) < user2credits(r->avg)) {
- printk("Overflow in xt_limit, try lower: %u/%u\n",
- r->avg, r->burst);
+ pr_info("Overflow, try lower: %u/%u\n",
+ r->avg, r->burst);
return false;
}
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
-
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/kernel.h>
err = nfnetlink_subsys_register(&xt_osf_nfnetlink);
if (err < 0) {
- printk(KERN_ERR "Failed (%d) to register OSF nsfnetlink helper.\n", err);
+ pr_err("Failed to register OSF nsfnetlink helper (%d)\n", err);
goto err_out_exit;
}
err = xt_register_match(&xt_osf_match);
if (err) {
- printk(KERN_ERR "Failed (%d) to register OS fingerprint "
- "matching module.\n", err);
+ pr_err("Failed to register OS fingerprint "
+ "matching module (%d)\n", err);
goto err_out_remove;
}
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
-
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/netfilter_bridge.h>
info->invert & XT_PHYSDEV_OP_BRIDGED) &&
par->hook_mask & ((1 << NF_INET_LOCAL_OUT) |
(1 << NF_INET_FORWARD) | (1 << NF_INET_POST_ROUTING))) {
- printk(KERN_WARNING "physdev match: using --physdev-out in the "
- "OUTPUT, FORWARD and POSTROUTING chains for non-bridged "
- "traffic is not supported anymore.\n");
+ pr_info("using --physdev-out in the OUTPUT, FORWARD and "
+ "POSTROUTING chains for non-bridged traffic is not "
+ "supported anymore.\n");
if (par->hook_mask & (1 << NF_INET_LOCAL_OUT))
return false;
}
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
-
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/skbuff.h>
const struct xt_policy_info *info = par->matchinfo;
if (!(info->flags & (XT_POLICY_MATCH_IN|XT_POLICY_MATCH_OUT))) {
- printk(KERN_ERR "xt_policy: neither incoming nor "
- "outgoing policy selected\n");
+ pr_info("neither incoming nor outgoing policy selected\n");
return false;
}
if (par->hook_mask & ((1 << NF_INET_PRE_ROUTING) |
(1 << NF_INET_LOCAL_IN)) && info->flags & XT_POLICY_MATCH_OUT) {
- printk(KERN_ERR "xt_policy: output policy not valid in "
- "PRE_ROUTING and INPUT\n");
+ pr_info("output policy not valid in PREROUTING and INPUT\n");
return false;
}
if (par->hook_mask & ((1 << NF_INET_POST_ROUTING) |
(1 << NF_INET_LOCAL_OUT)) && info->flags & XT_POLICY_MATCH_IN) {
- printk(KERN_ERR "xt_policy: input policy not valid in "
- "POST_ROUTING and OUTPUT\n");
+ pr_info("input policy not valid in POSTROUTING and OUTPUT\n");
return false;
}
if (info->len > XT_POLICY_MAX_ELEM) {
- printk(KERN_ERR "xt_policy: too many policy elements\n");
+ pr_info("too many policy elements\n");
return false;
}
return true;
* Author: Stephen Frost <sfrost@snowman.net>
* Copyright 2002-2003, Stephen Frost, 2.5.x port by laforge@netfilter.org
*/
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/init.h>
#include <linux/ip.h>
#include <linux/ipv6.h>
add = true;
break;
default:
- printk(KERN_INFO KBUILD_MODNAME ": Need +ip, -ip or /\n");
+ pr_info("Need \"+ip\", \"-ip\" or \"/\"\n");
return -EINVAL;
}
}
if (!succ) {
- printk(KERN_INFO KBUILD_MODNAME ": illegal address written "
- "to procfs\n");
+ pr_info("illegal address written to procfs\n");
return -EINVAL;
}
static bool state_mt_check(const struct xt_mtchk_param *par)
{
if (nf_ct_l3proto_try_module_get(par->family) < 0) {
- printk(KERN_WARNING "can't load conntrack support for "
- "proto=%u\n", par->family);
+ pr_info("cannot load conntrack support for proto=%u\n",
+ par->family);
return false;
}
return true;