leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

netfilter: x_tables: remove pr_info where possible

Browse Source 
remove several pr_info messages that cannot be triggered with iptables,
the check is only to ensure input is sane.

iptables(8) already prints error messages in these cases.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal 2018-02-09 15:51:59 +01:00 committed by Pablo Neira Ayuso
parent db93a3632b
commit 0cc9501f94
7 changed files with 16 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
net/ipv4/netfilter/ipt_ECN.c
View File

@ -98,14 +98,12 @@ static int ecn_tg_check(const struct xt_tgchk_param *par)
const struct ipt_ECN_info *einfo = par->targinfo; const struct ipt_ECN_info *einfo = par->targinfo;
const struct ipt_entry *e = par->entryinfo; const struct ipt_entry *e = par->entryinfo;
if (einfo->operation & IPT_ECN_OP_MASK) { if (einfo->operation & IPT_ECN_OP_MASK)
pr_info("unsupported ECN operation %x\n", einfo->operation);
return -EINVAL; return -EINVAL;
}
if (einfo->ip_ect & ~IPT_ECN_IP_MASK) { if (einfo->ip_ect & ~IPT_ECN_IP_MASK)
pr_info("new ECT codepoint %x out of mask\n", einfo->ip_ect);
return -EINVAL; return -EINVAL;
}
if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) && if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) &&
(e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) { (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) {
pr_info("cannot use TCP operations on a non-tcp rule\n"); pr_info("cannot use TCP operations on a non-tcp rule\n");

5
net/netfilter/xt_CHECKSUM.c
View File

@ -39,10 +39,9 @@ static int checksum_tg_check(const struct xt_tgchk_param *par)
pr_info("unsupported CHECKSUM operation %x\n", einfo->operation); pr_info("unsupported CHECKSUM operation %x\n", einfo->operation);
return -EINVAL; return -EINVAL;
} }
if (!einfo->operation) { if (!einfo->operation)
pr_info("no CHECKSUM operation enabled\n");
return -EINVAL; return -EINVAL;
}
return 0; return 0;
} }

4
net/netfilter/xt_DSCP.c
View File

@ -66,10 +66,8 @@ static int dscp_tg_check(const struct xt_tgchk_param *par)
{ {
const struct xt_DSCP_info *info = par->targinfo; const struct xt_DSCP_info *info = par->targinfo;
if (info->dscp > XT_DSCP_MAX) { if (info->dscp > XT_DSCP_MAX)
pr_info("dscp %x out of range\n", info->dscp);
return -EDOM; return -EDOM;
}
return 0; return 0;
} }

13
net/netfilter/xt_HL.c
View File

@ -105,10 +105,8 @@ static int ttl_tg_check(const struct xt_tgchk_param *par)
{ {
const struct ipt_TTL_info *info = par->targinfo; const struct ipt_TTL_info *info = par->targinfo;
if (info->mode > IPT_TTL_MAXMODE) { if (info->mode > IPT_TTL_MAXMODE)
pr_info("TTL: invalid or unknown mode %u\n", info->mode);
return -EINVAL; return -EINVAL;
}
if (info->mode != IPT_TTL_SET && info->ttl == 0) if (info->mode != IPT_TTL_SET && info->ttl == 0)
return -EINVAL; return -EINVAL;
return 0; return 0;
@ -118,15 +116,10 @@ static int hl_tg6_check(const struct xt_tgchk_param *par)
{ {
const struct ip6t_HL_info *info = par->targinfo; const struct ip6t_HL_info *info = par->targinfo;
if (info->mode > IP6T_HL_MAXMODE) { if (info->mode > IP6T_HL_MAXMODE)
pr_info("invalid or unknown mode %u\n", info->mode);
return -EINVAL; return -EINVAL;
} if (info->mode != IP6T_HL_SET && info->hop_limit == 0)
if (info->mode != IP6T_HL_SET && info->hop_limit == 0) {
pr_info("increment/decrement does not "
"make sense with value 0\n");
return -EINVAL; return -EINVAL;
}
return 0; return 0;
} }

10
net/netfilter/xt_HMARK.c
View File

@ -313,10 +313,9 @@ static int hmark_tg_check(const struct xt_tgchk_param *par)
{ {
const struct xt_hmark_info *info = par->targinfo; const struct xt_hmark_info *info = par->targinfo;
if (!info->hmodulus) { if (!info->hmodulus)
pr_info("xt_HMARK: hash modulus can't be zero\n");
return -EINVAL; return -EINVAL;
}
if (info->proto_mask && if (info->proto_mask &&
(info->flags & XT_HMARK_FLAG(XT_HMARK_METHOD_L3))) { (info->flags & XT_HMARK_FLAG(XT_HMARK_METHOD_L3))) {
pr_info("xt_HMARK: proto mask must be zero with L3 mode\n"); pr_info("xt_HMARK: proto mask must be zero with L3 mode\n");
@ -324,10 +323,9 @@ static int hmark_tg_check(const struct xt_tgchk_param *par)
} }
if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPI_MASK) && if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPI_MASK) &&
(info->flags & (XT_HMARK_FLAG(XT_HMARK_SPORT_MASK) | (info->flags & (XT_HMARK_FLAG(XT_HMARK_SPORT_MASK) |
XT_HMARK_FLAG(XT_HMARK_DPORT_MASK)))) { XT_HMARK_FLAG(XT_HMARK_DPORT_MASK))))
pr_info("xt_HMARK: spi-mask and port-mask can't be combined\n");
return -EINVAL; return -EINVAL;
}
if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPI) && if (info->flags & XT_HMARK_FLAG(XT_HMARK_SPI) &&
(info->flags & (XT_HMARK_FLAG(XT_HMARK_SPORT) | (info->flags & (XT_HMARK_FLAG(XT_HMARK_SPORT) |
XT_HMARK_FLAG(XT_HMARK_DPORT)))) { XT_HMARK_FLAG(XT_HMARK_DPORT)))) {

4
net/netfilter/xt_LED.c
View File

@ -111,10 +111,8 @@ static int led_tg_check(const struct xt_tgchk_param *par)
struct xt_led_info_internal *ledinternal; struct xt_led_info_internal *ledinternal;
int err; int err;
if (ledinfo->id[0] == '\0') { if (ledinfo->id[0] == '\0')
pr_info("No 'id' parameter given.\n");
return -EINVAL; return -EINVAL;
}
mutex_lock(&xt_led_mutex); mutex_lock(&xt_led_mutex);

4
net/netfilter/xt_dscp.c
View File

@ -46,10 +46,8 @@ static int dscp_mt_check(const struct xt_mtchk_param *par)
{ {
const struct xt_dscp_info *info = par->matchinfo; const struct xt_dscp_info *info = par->matchinfo;
if (info->dscp > XT_DSCP_MAX) { if (info->dscp > XT_DSCP_MAX)
pr_info("dscp %x out of range\n", info->dscp);
return -EDOM; return -EDOM;
}
return 0; return 0;
} }