net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros.
This patch removes CONFIG_NETFILTER_DEBUG and _ASSERT() macros as they are no longer required. Replace _ASSERT() macros with WARN_ON(). Signed-off-by: Varsha Rao <rvarsha016@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>zero-colors
parent
44d6e2f273
commit
9efdb14f76
|
@ -31,7 +31,6 @@ CONFIG_IP_PNP_BOOTP=y
|
||||||
CONFIG_INET6_IPCOMP=m
|
CONFIG_INET6_IPCOMP=m
|
||||||
CONFIG_IPV6_TUNNEL=m
|
CONFIG_IPV6_TUNNEL=m
|
||||||
CONFIG_NETFILTER=y
|
CONFIG_NETFILTER=y
|
||||||
CONFIG_NETFILTER_DEBUG=y
|
|
||||||
CONFIG_NET_PKTGEN=m
|
CONFIG_NET_PKTGEN=m
|
||||||
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
|
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
|
||||||
CONFIG_DEVTMPFS=y
|
CONFIG_DEVTMPFS=y
|
||||||
|
|
|
@ -28,7 +28,6 @@ CONFIG_IP_PNP_RARP=y
|
||||||
# CONFIG_INET_LRO is not set
|
# CONFIG_INET_LRO is not set
|
||||||
# CONFIG_IPV6 is not set
|
# CONFIG_IPV6 is not set
|
||||||
CONFIG_NETFILTER=y
|
CONFIG_NETFILTER=y
|
||||||
CONFIG_NETFILTER_DEBUG=y
|
|
||||||
CONFIG_IP_NF_QUEUE=y
|
CONFIG_IP_NF_QUEUE=y
|
||||||
CONFIG_MTD=y
|
CONFIG_MTD=y
|
||||||
CONFIG_MTD_PARTITIONS=y
|
CONFIG_MTD_PARTITIONS=y
|
||||||
|
|
|
@ -44,12 +44,6 @@ union nf_conntrack_expect_proto {
|
||||||
#include <linux/types.h>
|
#include <linux/types.h>
|
||||||
#include <linux/skbuff.h>
|
#include <linux/skbuff.h>
|
||||||
|
|
||||||
#ifdef CONFIG_NETFILTER_DEBUG
|
|
||||||
#define NF_CT_ASSERT(x) WARN_ON(!(x))
|
|
||||||
#else
|
|
||||||
#define NF_CT_ASSERT(x)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
|
||||||
#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
|
#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
|
||||||
|
|
||||||
|
|
|
@ -166,13 +166,6 @@ menuconfig NETFILTER
|
||||||
|
|
||||||
if NETFILTER
|
if NETFILTER
|
||||||
|
|
||||||
config NETFILTER_DEBUG
|
|
||||||
bool "Network packet filtering debugging"
|
|
||||||
depends on NETFILTER
|
|
||||||
help
|
|
||||||
You can say Y here if you want to get additional messages useful in
|
|
||||||
debugging the netfilter code.
|
|
||||||
|
|
||||||
config NETFILTER_ADVANCED
|
config NETFILTER_ADVANCED
|
||||||
bool "Advanced netfilter configuration"
|
bool "Advanced netfilter configuration"
|
||||||
depends on NETFILTER
|
depends on NETFILTER
|
||||||
|
|
|
@ -252,13 +252,11 @@ unsigned int ebt_do_table(struct sk_buff *skb,
|
||||||
}
|
}
|
||||||
if (verdict == EBT_RETURN) {
|
if (verdict == EBT_RETURN) {
|
||||||
letsreturn:
|
letsreturn:
|
||||||
#ifdef CONFIG_NETFILTER_DEBUG
|
if (WARN(sp == 0, "RETURN on base chain")) {
|
||||||
if (sp == 0) {
|
|
||||||
BUGPRINT("RETURN on base chain");
|
|
||||||
/* act like this is EBT_CONTINUE */
|
/* act like this is EBT_CONTINUE */
|
||||||
goto letscontinue;
|
goto letscontinue;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
sp--;
|
sp--;
|
||||||
/* put all the local variables right */
|
/* put all the local variables right */
|
||||||
i = cs[sp].n;
|
i = cs[sp].n;
|
||||||
|
@ -271,26 +269,24 @@ letsreturn:
|
||||||
}
|
}
|
||||||
if (verdict == EBT_CONTINUE)
|
if (verdict == EBT_CONTINUE)
|
||||||
goto letscontinue;
|
goto letscontinue;
|
||||||
#ifdef CONFIG_NETFILTER_DEBUG
|
|
||||||
if (verdict < 0) {
|
if (WARN(verdict < 0, "bogus standard verdict\n")) {
|
||||||
BUGPRINT("bogus standard verdict\n");
|
|
||||||
read_unlock_bh(&table->lock);
|
read_unlock_bh(&table->lock);
|
||||||
return NF_DROP;
|
return NF_DROP;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
/* jump to a udc */
|
/* jump to a udc */
|
||||||
cs[sp].n = i + 1;
|
cs[sp].n = i + 1;
|
||||||
cs[sp].chaininfo = chaininfo;
|
cs[sp].chaininfo = chaininfo;
|
||||||
cs[sp].e = ebt_next_entry(point);
|
cs[sp].e = ebt_next_entry(point);
|
||||||
i = 0;
|
i = 0;
|
||||||
chaininfo = (struct ebt_entries *) (base + verdict);
|
chaininfo = (struct ebt_entries *) (base + verdict);
|
||||||
#ifdef CONFIG_NETFILTER_DEBUG
|
|
||||||
if (chaininfo->distinguisher) {
|
if (WARN(chaininfo->distinguisher, "jump to non-chain\n")) {
|
||||||
BUGPRINT("jump to non-chain\n");
|
|
||||||
read_unlock_bh(&table->lock);
|
read_unlock_bh(&table->lock);
|
||||||
return NF_DROP;
|
return NF_DROP;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
nentries = chaininfo->nentries;
|
nentries = chaininfo->nentries;
|
||||||
point = (struct ebt_entry *)chaininfo->data;
|
point = (struct ebt_entry *)chaininfo->data;
|
||||||
counter_base = cb_base + chaininfo->counter_offset;
|
counter_base = cb_base + chaininfo->counter_offset;
|
||||||
|
|
|
@ -35,12 +35,6 @@ MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
|
MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
|
||||||
MODULE_DESCRIPTION("IPv4 packet filter");
|
MODULE_DESCRIPTION("IPv4 packet filter");
|
||||||
|
|
||||||
#ifdef CONFIG_NETFILTER_DEBUG
|
|
||||||
#define IP_NF_ASSERT(x) WARN_ON(!(x))
|
|
||||||
#else
|
|
||||||
#define IP_NF_ASSERT(x)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
void *ipt_alloc_initial_table(const struct xt_table *info)
|
void *ipt_alloc_initial_table(const struct xt_table *info)
|
||||||
{
|
{
|
||||||
return xt_alloc_initial_table(ipt, IPT);
|
return xt_alloc_initial_table(ipt, IPT);
|
||||||
|
@ -263,7 +257,7 @@ ipt_do_table(struct sk_buff *skb,
|
||||||
acpar.hotdrop = false;
|
acpar.hotdrop = false;
|
||||||
acpar.state = state;
|
acpar.state = state;
|
||||||
|
|
||||||
IP_NF_ASSERT(table->valid_hooks & (1 << hook));
|
WARN_ON(!(table->valid_hooks & (1 << hook)));
|
||||||
local_bh_disable();
|
local_bh_disable();
|
||||||
addend = xt_write_recseq_begin();
|
addend = xt_write_recseq_begin();
|
||||||
private = table->private;
|
private = table->private;
|
||||||
|
@ -293,7 +287,7 @@ ipt_do_table(struct sk_buff *skb,
|
||||||
const struct xt_entry_match *ematch;
|
const struct xt_entry_match *ematch;
|
||||||
struct xt_counters *counter;
|
struct xt_counters *counter;
|
||||||
|
|
||||||
IP_NF_ASSERT(e);
|
WARN_ON(!e);
|
||||||
if (!ip_packet_match(ip, indev, outdev,
|
if (!ip_packet_match(ip, indev, outdev,
|
||||||
&e->ip, acpar.fragoff)) {
|
&e->ip, acpar.fragoff)) {
|
||||||
no_match:
|
no_match:
|
||||||
|
@ -312,7 +306,7 @@ ipt_do_table(struct sk_buff *skb,
|
||||||
ADD_COUNTER(*counter, skb->len, 1);
|
ADD_COUNTER(*counter, skb->len, 1);
|
||||||
|
|
||||||
t = ipt_get_target(e);
|
t = ipt_get_target(e);
|
||||||
IP_NF_ASSERT(t->u.kernel.target);
|
WARN_ON(!t->u.kernel.target);
|
||||||
|
|
||||||
#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
|
#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
|
||||||
/* The packet is traced: log it */
|
/* The packet is traced: log it */
|
||||||
|
|
|
@ -39,12 +39,6 @@ MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
|
MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
|
||||||
MODULE_DESCRIPTION("IPv6 packet filter");
|
MODULE_DESCRIPTION("IPv6 packet filter");
|
||||||
|
|
||||||
#ifdef CONFIG_NETFILTER_DEBUG
|
|
||||||
#define IP_NF_ASSERT(x) WARN_ON(!(x))
|
|
||||||
#else
|
|
||||||
#define IP_NF_ASSERT(x)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
void *ip6t_alloc_initial_table(const struct xt_table *info)
|
void *ip6t_alloc_initial_table(const struct xt_table *info)
|
||||||
{
|
{
|
||||||
return xt_alloc_initial_table(ip6t, IP6T);
|
return xt_alloc_initial_table(ip6t, IP6T);
|
||||||
|
@ -284,7 +278,7 @@ ip6t_do_table(struct sk_buff *skb,
|
||||||
acpar.hotdrop = false;
|
acpar.hotdrop = false;
|
||||||
acpar.state = state;
|
acpar.state = state;
|
||||||
|
|
||||||
IP_NF_ASSERT(table->valid_hooks & (1 << hook));
|
WARN_ON(!(table->valid_hooks & (1 << hook)));
|
||||||
|
|
||||||
local_bh_disable();
|
local_bh_disable();
|
||||||
addend = xt_write_recseq_begin();
|
addend = xt_write_recseq_begin();
|
||||||
|
@ -315,7 +309,7 @@ ip6t_do_table(struct sk_buff *skb,
|
||||||
const struct xt_entry_match *ematch;
|
const struct xt_entry_match *ematch;
|
||||||
struct xt_counters *counter;
|
struct xt_counters *counter;
|
||||||
|
|
||||||
IP_NF_ASSERT(e);
|
WARN_ON(!e);
|
||||||
acpar.thoff = 0;
|
acpar.thoff = 0;
|
||||||
if (!ip6_packet_match(skb, indev, outdev, &e->ipv6,
|
if (!ip6_packet_match(skb, indev, outdev, &e->ipv6,
|
||||||
&acpar.thoff, &acpar.fragoff, &acpar.hotdrop)) {
|
&acpar.thoff, &acpar.fragoff, &acpar.hotdrop)) {
|
||||||
|
@ -335,7 +329,7 @@ ip6t_do_table(struct sk_buff *skb,
|
||||||
ADD_COUNTER(*counter, skb->len, 1);
|
ADD_COUNTER(*counter, skb->len, 1);
|
||||||
|
|
||||||
t = ip6t_get_target_c(e);
|
t = ip6t_get_target_c(e);
|
||||||
IP_NF_ASSERT(t->u.kernel.target);
|
WARN_ON(!t->u.kernel.target);
|
||||||
|
|
||||||
#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
|
#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
|
||||||
/* The packet is traced: log it */
|
/* The packet is traced: log it */
|
||||||
|
|
Loading…
Reference in New Issue