Commit 11f7aee2 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: xt_CT: use pr ratelimiting 



checkpatch complains about line > 80 but this would require splitting
"literal" over two lines which is worse.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 1b6cd671

net/netfilter/xt_CT.c

+13 −12
Original line number Diff line number Diff line
@@ -82,15 +82,14 @@ xt_ct_set_helper(struct nf_conn *ct, const char *helper_name, 


	proto = xt_ct_find_proto(par);

	if (!proto) {

		pr_info("You must specify a L4 protocol, and not use "

			"inversions on it.\n");

		pr_info_ratelimited("You must specify a L4 protocol and not use inversions on it\n");

		return -ENOENT;

	}



	helper = nf_conntrack_helper_try_module_get(helper_name, par->family,

						    proto);

	if (helper == NULL) {

		pr_info("No such helper \"%s\"\n", helper_name);

		pr_info_ratelimited("No such helper \"%s\"\n", helper_name);

		return -ENOENT;

	}
@@ -124,6 +123,7 @@ xt_ct_set_timeout(struct nf_conn *ct, const struct xt_tgchk_param *par, 
	const struct nf_conntrack_l4proto *l4proto;

	struct ctnl_timeout *timeout;

	struct nf_conn_timeout *timeout_ext;

	const char *errmsg = NULL;

	int ret = 0;

	u8 proto;
@@ -131,29 +131,29 @@ xt_ct_set_timeout(struct nf_conn *ct, const struct xt_tgchk_param *par, 
	timeout_find_get = rcu_dereference(nf_ct_timeout_find_get_hook);

	if (timeout_find_get == NULL) {

		ret = -ENOENT;

		pr_info("Timeout policy base is empty\n");

		errmsg = "Timeout policy base is empty";

		goto out;

	}



	proto = xt_ct_find_proto(par);

	if (!proto) {

		ret = -EINVAL;

		pr_info("You must specify a L4 protocol, and not use "

			"inversions on it.\n");

		errmsg = "You must specify a L4 protocol and not use inversions on it";

		goto out;

	}



	timeout = timeout_find_get(par->net, timeout_name);

	if (timeout == NULL) {

		ret = -ENOENT;

		pr_info("No such timeout policy \"%s\"\n", timeout_name);

		pr_info_ratelimited("No such timeout policy \"%s\"\n",

				    timeout_name);

		goto out;

	}



	if (timeout->l3num != par->family) {

		ret = -EINVAL;

		pr_info("Timeout policy `%s' can only be used by L3 protocol "

			"number %d\n", timeout_name, timeout->l3num);

		pr_info_ratelimited("Timeout policy `%s' can only be used by L%d protocol number %d\n",

				    timeout_name, 3, timeout->l3num);

		goto err_put_timeout;

	}

	/* Make sure the timeout policy matches any existing protocol tracker,
@@ -162,9 +162,8 @@ xt_ct_set_timeout(struct nf_conn *ct, const struct xt_tgchk_param *par, 
	l4proto = __nf_ct_l4proto_find(par->family, proto);

	if (timeout->l4proto->l4proto != l4proto->l4proto) {

		ret = -EINVAL;

		pr_info("Timeout policy `%s' can only be used by L4 protocol "

			"number %d\n",

			timeout_name, timeout->l4proto->l4proto);

		pr_info_ratelimited("Timeout policy `%s' can only be used by L%d protocol number %d\n",

				    timeout_name, 4, timeout->l4proto->l4proto);

		goto err_put_timeout;

	}

	timeout_ext = nf_ct_timeout_ext_add(ct, timeout, GFP_ATOMIC);
@@ -180,6 +179,8 @@ err_put_timeout: 
	__xt_ct_tg_timeout_put(timeout);

out:

	rcu_read_unlock();

	if (errmsg)

		pr_info_ratelimited("%s\n", errmsg);

	return ret;

#else

	return -EOPNOTSUPP;

CRA Git | Maintained and supported by SUSTech CRA and CCSE