X-Git-Url: http://developer.intra2net.com/git/?p=ipt_ACCOUNT;a=blobdiff_plain;f=linux-2.6.36%2Fnet%2Fipv4%2Fnetfilter%2Fipt_ACCOUNT.c;h=c4eaea4f4db3107e2671164dec54776f4c4ed6f0;hp=671c1c4d782d1e134003d2224e80098888bb796e;hb=35fc8e31866e3566c204e56e4f528f1b63fb64d6;hpb=3b4b23d186ea5a0db3c0b7232a791c58d9cc887d diff --git a/linux-2.6.36/net/ipv4/netfilter/ipt_ACCOUNT.c b/linux-2.6.36/net/ipv4/netfilter/ipt_ACCOUNT.c index 671c1c4..c4eaea4 100644 --- a/linux-2.6.36/net/ipv4/netfilter/ipt_ACCOUNT.c +++ b/linux-2.6.36/net/ipv4/netfilter/ipt_ACCOUNT.c @@ -3,7 +3,7 @@ * See http://www.intra2net.com/opensource/ipt_account * * for further information * * * - * Copyright (C) 2004-2008 by Intra2net AG * + * Copyright (C) 2004-2011 by Intra2net AG * * opensource@intra2net.com * * * * This program is free software; you can redistribute it and/or modify * @@ -125,24 +125,24 @@ static int ipt_acc_table_insert(char *name, u_int32_t ip, u_int32_t netmask) { unsigned int i; - DEBUGP("ACCOUNT: ipt_acc_table_insert: %s, %u.%u.%u.%u/%u.%u.%u.%u\n", - name, NIPQUAD(ip), NIPQUAD(netmask)); + DEBUGP("ACCOUNT: ipt_acc_table_insert: %s, %pI4/%pI4\n", + name, &ip, &netmask); /* Look for existing table */ for (i = 0; i < ACCOUNT_MAX_TABLES; i++) { if (strncmp(ipt_acc_tables[i].name, name, ACCOUNT_TABLE_NAME_LEN) == 0) { DEBUGP("ACCOUNT: Found existing slot: %d - " - "%u.%u.%u.%u/%u.%u.%u.%u\n", i, - NIPQUAD(ipt_acc_tables[i].ip), - NIPQUAD(ipt_acc_tables[i].netmask)); + "%pI4/%pI4\n", i, + &ipt_acc_tables[i].ip, + &ipt_acc_tables[i].netmask); if (ipt_acc_tables[i].ip != ip || ipt_acc_tables[i].netmask != netmask) { printk("ACCOUNT: Table %s found, but IP/netmask mismatch. " - "IP/netmask found: %u.%u.%u.%u/%u.%u.%u.%u\n", - name, NIPQUAD(ipt_acc_tables[i].ip), - NIPQUAD(ipt_acc_tables[i].netmask)); + "IP/netmask found: %pI4/%pI4\n", + name, &ipt_acc_tables[i].ip, + &ipt_acc_tables[i].netmask); return -1; } @@ -206,7 +206,9 @@ static int ipt_acc_table_insert(char *name, u_int32_t ip, u_int32_t netmask) return -1; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,36) +static int ipt_acc_checkentry(const struct xt_tgchk_param *par) +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) static bool ipt_acc_checkentry(const struct xt_tgchk_param *par) #else #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) @@ -251,7 +253,9 @@ static int ipt_acc_checkentry(const char *tablename, if (table_nr == -1) { printk("ACCOUNT: Table insert problem. Aborting\n"); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,36) + return -EINVAL; +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) return false; #else return 0; @@ -261,7 +265,10 @@ static int ipt_acc_checkentry(const char *tablename, for every packet */ info->table_nr = table_nr; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) + /* All fine */ +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,36) + return 0; +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) return true; #else return 1; @@ -341,9 +348,9 @@ static void ipt_acc_depth0_insert(struct ipt_acc_mask_24 *mask_24, unsigned char is_src = 0, is_dst = 0, src_slot, dst_slot; char is_src_new_ip = 0, is_dst_new_ip = 0; /* Check if this entry is new */ - DEBUGP("ACCOUNT: ipt_acc_depth0_insert: %u.%u.%u.%u/%u.%u.%u.%u " - "for net %u.%u.%u.%u/%u.%u.%u.%u, size: %u\n", NIPQUAD(src_ip), - NIPQUAD(dst_ip), NIPQUAD(net_ip), NIPQUAD(netmask), size); + DEBUGP("ACCOUNT: ipt_acc_depth0_insert: %pI4/%pI4 " + "for net %pI4/%pI4, size: %u\n", &src_ip, + &dst_ip, &net_ip, &netmask, size); /* Check if src/dst is inside our network. */ /* Special: net_ip = 0.0.0.0/0 gets stored as src in slot 0 */ @@ -355,9 +362,9 @@ static void ipt_acc_depth0_insert(struct ipt_acc_mask_24 *mask_24, is_dst = 1; if (!is_src && !is_dst) { - DEBUGP("ACCOUNT: Skipping packet %u.%u.%u.%u/%u.%u.%u.%u " - "for net %u.%u.%u.%u/%u.%u.%u.%u\n", NIPQUAD(src_ip), - NIPQUAD(dst_ip), NIPQUAD(net_ip), NIPQUAD(netmask)); + DEBUGP("ACCOUNT: Skipping packet %pI4/%pI4 " + "for net %pI4/%pI4\n", &src_ip, + &dst_ip, &net_ip, &netmask); return; } @@ -396,11 +403,11 @@ static void ipt_acc_depth0_insert(struct ipt_acc_mask_24 *mask_24, } } else { if (is_src_new_ip) { - DEBUGP("ACCOUNT: New src_ip: %u.%u.%u.%u\n", NIPQUAD(src_ip)); + DEBUGP("ACCOUNT: New src_ip: %pI4\n", &src_ip); (*itemcount)++; } if (is_dst_new_ip) { - DEBUGP("ACCOUNT: New dst_ip: %u.%u.%u.%u\n", NIPQUAD(dst_ip)); + DEBUGP("ACCOUNT: New dst_ip: %pI4\n", &dst_ip); (*itemcount)++; } } @@ -483,7 +490,9 @@ static void ipt_acc_depth2_insert(struct ipt_acc_mask_8 *mask_8, } } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,36) +static unsigned int ipt_acc_target(struct sk_buff *skb, const struct xt_action_param *par) +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) static unsigned int ipt_acc_target(struct sk_buff *skb, const struct xt_target_param *par) #else #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) @@ -532,10 +541,10 @@ static unsigned int ipt_acc_target(struct sk_buff **pskb, if (ipt_acc_tables[info->table_nr].name[0] == 0) { printk("ACCOUNT: ipt_acc_target: Invalid table id %u. " - "IPs %u.%u.%u.%u/%u.%u.%u.%u\n", info->table_nr, - NIPQUAD(src_ip), NIPQUAD(dst_ip)); + "IPs %pI4/%pI4\n", info->table_nr, + &src_ip, &dst_ip); spin_unlock_bh(&ipt_acc_lock); - return IPT_CONTINUE; + return XT_CONTINUE; } /* 8 bit network or "any" network */ @@ -547,7 +556,7 @@ static unsigned int ipt_acc_target(struct sk_buff **pskb, ipt_acc_tables[info->table_nr].netmask, src_ip, dst_ip, size, &ipt_acc_tables[info->table_nr].itemcount); spin_unlock_bh(&ipt_acc_lock); - return IPT_CONTINUE; + return XT_CONTINUE; } /* 16 bit network */ @@ -558,7 +567,7 @@ static unsigned int ipt_acc_target(struct sk_buff **pskb, ipt_acc_tables[info->table_nr].netmask, src_ip, dst_ip, size, &ipt_acc_tables[info->table_nr].itemcount); spin_unlock_bh(&ipt_acc_lock); - return IPT_CONTINUE; + return XT_CONTINUE; } /* 24 bit network */ @@ -569,15 +578,15 @@ static unsigned int ipt_acc_target(struct sk_buff **pskb, ipt_acc_tables[info->table_nr].netmask, src_ip, dst_ip, size, &ipt_acc_tables[info->table_nr].itemcount); spin_unlock_bh(&ipt_acc_lock); - return IPT_CONTINUE; + return XT_CONTINUE; } printk("ACCOUNT: ipt_acc_target: Unable to process packet. " - "Table id %u. IPs %u.%u.%u.%u/%u.%u.%u.%u\n", - info->table_nr, NIPQUAD(src_ip), NIPQUAD(dst_ip)); + "Table id %u. IPs %pI4/%pI4\n", + info->table_nr, &src_ip, &dst_ip); spin_unlock_bh(&ipt_acc_lock); - return IPT_CONTINUE; + return XT_CONTINUE; } /* @@ -1152,7 +1161,7 @@ static struct nf_sockopt_ops ipt_acc_sockopts = { static int __init init(void) { - init_MUTEX(&ipt_acc_userspace_mutex); + sema_init(&ipt_acc_userspace_mutex, 1); if ((ipt_acc_tables = kmalloc(ACCOUNT_MAX_TABLES *