redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity

net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros. 

This patch removes CONFIG_NETFILTER_DEBUG and _ASSERT() macros as they
are no longer required. Replace _ASSERT() macros with WARN_ON().

Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
zero-colors
Varsha Rao 2017-08-30 13:37:12 +05:30 committed by Pablo Neira Ayuso
parent 44d6e2f273
commit 9efdb14f76
7 changed files with 14 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
arch/parisc/configs/c3000_defconfig
View File

@ -31,7 +31,6 @@ CONFIG_IP_PNP_BOOTP=y
CONFIG_INET6_IPCOMP=m CONFIG_INET6_IPCOMP=m
CONFIG_IPV6_TUNNEL=m CONFIG_IPV6_TUNNEL=m
CONFIG_NETFILTER=y CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y
CONFIG_NET_PKTGEN=m CONFIG_NET_PKTGEN=m
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
CONFIG_DEVTMPFS=y CONFIG_DEVTMPFS=y

1
arch/sh/configs/se7751_defconfig
View File

@ -28,7 +28,6 @@ CONFIG_IP_PNP_RARP=y
# CONFIG_INET_LRO is not set # CONFIG_INET_LRO is not set
# CONFIG_IPV6 is not set # CONFIG_IPV6 is not set
CONFIG_NETFILTER=y CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y
CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_QUEUE=y
CONFIG_MTD=y CONFIG_MTD=y
CONFIG_MTD_PARTITIONS=y CONFIG_MTD_PARTITIONS=y

6
include/net/netfilter/nf_conntrack.h
View File

@ -44,12 +44,6 @@ union nf_conntrack_expect_proto {
#include <linux/types.h> #include <linux/types.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
#ifdef CONFIG_NETFILTER_DEBUG
#define NF_CT_ASSERT(x) WARN_ON(!(x))
#else
#define NF_CT_ASSERT(x)
#endif
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h> #include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
#include <net/netfilter/ipv6/nf_conntrack_ipv6.h> #include <net/netfilter/ipv6/nf_conntrack_ipv6.h>

7
net/Kconfig
View File

@ -166,13 +166,6 @@ menuconfig NETFILTER
if NETFILTER if NETFILTER
config NETFILTER_DEBUG
bool "Network packet filtering debugging"
depends on NETFILTER
help
You can say Y here if you want to get additional messages useful in
debugging the netfilter code.
config NETFILTER_ADVANCED config NETFILTER_ADVANCED
bool "Advanced netfilter configuration" bool "Advanced netfilter configuration"
depends on NETFILTER depends on NETFILTER

20
net/bridge/netfilter/ebtables.c
View File

@ -252,13 +252,11 @@ unsigned int ebt_do_table(struct sk_buff *skb,
} }
if (verdict == EBT_RETURN) { if (verdict == EBT_RETURN) {
letsreturn: letsreturn:
#ifdef CONFIG_NETFILTER_DEBUG if (WARN(sp == 0, "RETURN on base chain")) {
if (sp == 0) {
BUGPRINT("RETURN on base chain");
/* act like this is EBT_CONTINUE */ /* act like this is EBT_CONTINUE */
goto letscontinue; goto letscontinue;
} }
#endif
sp--; sp--;
/* put all the local variables right */ /* put all the local variables right */
i = cs[sp].n; i = cs[sp].n;
@ -271,26 +269,24 @@ letsreturn:
} }
if (verdict == EBT_CONTINUE) if (verdict == EBT_CONTINUE)
goto letscontinue; goto letscontinue;
#ifdef CONFIG_NETFILTER_DEBUG
if (verdict < 0) { if (WARN(verdict < 0, "bogus standard verdict\n")) {
BUGPRINT("bogus standard verdict\n");
read_unlock_bh(&table->lock); read_unlock_bh(&table->lock);
return NF_DROP; return NF_DROP;
} }
#endif
/* jump to a udc */ /* jump to a udc */
cs[sp].n = i + 1; cs[sp].n = i + 1;
cs[sp].chaininfo = chaininfo; cs[sp].chaininfo = chaininfo;
cs[sp].e = ebt_next_entry(point); cs[sp].e = ebt_next_entry(point);
i = 0; i = 0;
chaininfo = (struct ebt_entries *) (base + verdict); chaininfo = (struct ebt_entries *) (base + verdict);
#ifdef CONFIG_NETFILTER_DEBUG
if (chaininfo->distinguisher) { if (WARN(chaininfo->distinguisher, "jump to non-chain\n")) {
BUGPRINT("jump to non-chain\n");
read_unlock_bh(&table->lock); read_unlock_bh(&table->lock);
return NF_DROP; return NF_DROP;
} }
#endif
nentries = chaininfo->nentries; nentries = chaininfo->nentries;
point = (struct ebt_entry *)chaininfo->data; point = (struct ebt_entry *)chaininfo->data;
counter_base = cb_base + chaininfo->counter_offset; counter_base = cb_base + chaininfo->counter_offset;

12
net/ipv4/netfilter/ip_tables.c
View File

@ -35,12 +35,6 @@ MODULE_LICENSE("GPL");
MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
MODULE_DESCRIPTION("IPv4 packet filter"); MODULE_DESCRIPTION("IPv4 packet filter");
#ifdef CONFIG_NETFILTER_DEBUG
#define IP_NF_ASSERT(x) WARN_ON(!(x))
#else
#define IP_NF_ASSERT(x)
#endif
void *ipt_alloc_initial_table(const struct xt_table *info) void *ipt_alloc_initial_table(const struct xt_table *info)
{ {
return xt_alloc_initial_table(ipt, IPT); return xt_alloc_initial_table(ipt, IPT);
@ -263,7 +257,7 @@ ipt_do_table(struct sk_buff *skb,
acpar.hotdrop = false; acpar.hotdrop = false;
acpar.state = state; acpar.state = state;
IP_NF_ASSERT(table->valid_hooks & (1 << hook)); WARN_ON(!(table->valid_hooks & (1 << hook)));
local_bh_disable(); local_bh_disable();
addend = xt_write_recseq_begin(); addend = xt_write_recseq_begin();
private = table->private; private = table->private;
@ -293,7 +287,7 @@ ipt_do_table(struct sk_buff *skb,
const struct xt_entry_match *ematch; const struct xt_entry_match *ematch;
struct xt_counters *counter; struct xt_counters *counter;
IP_NF_ASSERT(e); WARN_ON(!e);
if (!ip_packet_match(ip, indev, outdev, if (!ip_packet_match(ip, indev, outdev,
&e->ip, acpar.fragoff)) { &e->ip, acpar.fragoff)) {
no_match: no_match:
@ -312,7 +306,7 @@ ipt_do_table(struct sk_buff *skb,
ADD_COUNTER(*counter, skb->len, 1); ADD_COUNTER(*counter, skb->len, 1);
t = ipt_get_target(e); t = ipt_get_target(e);
IP_NF_ASSERT(t->u.kernel.target); WARN_ON(!t->u.kernel.target);
#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
/* The packet is traced: log it */ /* The packet is traced: log it */

12
net/ipv6/netfilter/ip6_tables.c
View File

@ -39,12 +39,6 @@ MODULE_LICENSE("GPL");
MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
MODULE_DESCRIPTION("IPv6 packet filter"); MODULE_DESCRIPTION("IPv6 packet filter");
#ifdef CONFIG_NETFILTER_DEBUG
#define IP_NF_ASSERT(x) WARN_ON(!(x))
#else
#define IP_NF_ASSERT(x)
#endif
void *ip6t_alloc_initial_table(const struct xt_table *info) void *ip6t_alloc_initial_table(const struct xt_table *info)
{ {
return xt_alloc_initial_table(ip6t, IP6T); return xt_alloc_initial_table(ip6t, IP6T);
@ -284,7 +278,7 @@ ip6t_do_table(struct sk_buff *skb,
acpar.hotdrop = false; acpar.hotdrop = false;
acpar.state = state; acpar.state = state;
IP_NF_ASSERT(table->valid_hooks & (1 << hook)); WARN_ON(!(table->valid_hooks & (1 << hook)));
local_bh_disable(); local_bh_disable();
addend = xt_write_recseq_begin(); addend = xt_write_recseq_begin();
@ -315,7 +309,7 @@ ip6t_do_table(struct sk_buff *skb,
const struct xt_entry_match *ematch; const struct xt_entry_match *ematch;
struct xt_counters *counter; struct xt_counters *counter;
IP_NF_ASSERT(e); WARN_ON(!e);
acpar.thoff = 0; acpar.thoff = 0;
if (!ip6_packet_match(skb, indev, outdev, &e->ipv6, if (!ip6_packet_match(skb, indev, outdev, &e->ipv6,
&acpar.thoff, &acpar.fragoff, &acpar.hotdrop)) { &acpar.thoff, &acpar.fragoff, &acpar.hotdrop)) {
@ -335,7 +329,7 @@ ip6t_do_table(struct sk_buff *skb,
ADD_COUNTER(*counter, skb->len, 1); ADD_COUNTER(*counter, skb->len, 1);
t = ip6t_get_target_c(e); t = ip6t_get_target_c(e);
IP_NF_ASSERT(t->u.kernel.target); WARN_ON(!t->u.kernel.target);
#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
/* The packet is traced: log it */ /* The packet is traced: log it */