leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[NETFILTER]: Kill nf_debug

Browse Source 
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy 2005-06-21 14:01:57 -07:00 committed by David S. Miller
parent e45b1be8bc
commit 18b8afc771
13 changed files with 0 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/linux/netfilter_ipv4.h
View File

@ -75,12 +75,6 @@ enum nf_ip_hook_priorities {
#define SO_ORIGINAL_DST 80 #define SO_ORIGINAL_DST 80
#ifdef __KERNEL__ #ifdef __KERNEL__
#ifdef CONFIG_NETFILTER_DEBUG
void nf_debug_ip_local_deliver(struct sk_buff *skb);
void nf_debug_ip_loopback_xmit(struct sk_buff *newskb);
void nf_debug_ip_finish_output2(struct sk_buff *skb);
#endif /*CONFIG_NETFILTER_DEBUG*/
extern int ip_route_me_harder(struct sk_buff **pskb); extern int ip_route_me_harder(struct sk_buff **pskb);
/* Call this before modifying an existing IP packet: ensures it is /* Call this before modifying an existing IP packet: ensures it is

13
include/linux/skbuff.h
View File

@ -193,7 +193,6 @@ struct skb_shared_info {
* @nfcache: Cache info * @nfcache: Cache info
* @nfct: Associated connection, if any * @nfct: Associated connection, if any
* @nfctinfo: Relationship of this skb to the connection * @nfctinfo: Relationship of this skb to the connection
* @nf_debug: Netfilter debugging
* @nf_bridge: Saved data about a bridged frame - see br_netfilter.c * @nf_bridge: Saved data about a bridged frame - see br_netfilter.c
* @private: Data which is private to the HIPPI implementation * @private: Data which is private to the HIPPI implementation
* @tc_index: Traffic control index * @tc_index: Traffic control index
@ -264,9 +263,6 @@ struct sk_buff {
__u32 nfcache; __u32 nfcache;
__u32 nfctinfo; __u32 nfctinfo;
struct nf_conntrack *nfct; struct nf_conntrack *nfct;
#ifdef CONFIG_NETFILTER_DEBUG
unsigned int nf_debug;
#endif
#ifdef CONFIG_BRIDGE_NETFILTER #ifdef CONFIG_BRIDGE_NETFILTER
struct nf_bridge_info *nf_bridge; struct nf_bridge_info *nf_bridge;
#endif #endif
@ -1219,15 +1215,6 @@ static inline void nf_reset(struct sk_buff *skb)
{ {
nf_conntrack_put(skb->nfct); nf_conntrack_put(skb->nfct);
skb->nfct = NULL; skb->nfct = NULL;
#ifdef CONFIG_NETFILTER_DEBUG
skb->nf_debug = 0;
#endif
}
static inline void nf_reset_debug(struct sk_buff *skb)
{
#ifdef CONFIG_NETFILTER_DEBUG
skb->nf_debug = 0;
#endif
} }
#ifdef CONFIG_BRIDGE_NETFILTER #ifdef CONFIG_BRIDGE_NETFILTER

3
net/bridge/br_forward.c
View File

@ -57,9 +57,6 @@ int br_forward_finish(struct sk_buff *skb)
static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb) static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb)
{ {
skb->dev = to->dev; skb->dev = to->dev;
#ifdef CONFIG_NETFILTER_DEBUG
skb->nf_debug = 0;
#endif
NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
br_forward_finish); br_forward_finish);
} }

4
net/bridge/br_input.c
View File

@ -23,11 +23,7 @@ const unsigned char bridge_ula[6] = { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x00 };
static int br_pass_frame_up_finish(struct sk_buff *skb) static int br_pass_frame_up_finish(struct sk_buff *skb)
{ {
#ifdef CONFIG_NETFILTER_DEBUG
skb->nf_debug = 0;
#endif
netif_receive_skb(skb); netif_receive_skb(skb);
return 0; return 0;
} }

38
net/bridge/br_netfilter.c
View File

@ -102,10 +102,6 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb)
{ {
struct nf_bridge_info *nf_bridge = skb->nf_bridge; struct nf_bridge_info *nf_bridge = skb->nf_bridge;
#ifdef CONFIG_NETFILTER_DEBUG
skb->nf_debug ^= (1 << NF_BR_PRE_ROUTING);
#endif
if (nf_bridge->mask & BRNF_PKT_TYPE) { if (nf_bridge->mask & BRNF_PKT_TYPE) {
skb->pkt_type = PACKET_OTHERHOST; skb->pkt_type = PACKET_OTHERHOST;
nf_bridge->mask ^= BRNF_PKT_TYPE; nf_bridge->mask ^= BRNF_PKT_TYPE;
@ -182,10 +178,6 @@ static void __br_dnat_complain(void)
* --Bart, 20021007 (updated) */ * --Bart, 20021007 (updated) */
static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb) static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb)
{ {
#ifdef CONFIG_NETFILTER_DEBUG
skb->nf_debug |= (1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_FORWARD);
#endif
if (skb->pkt_type == PACKET_OTHERHOST) { if (skb->pkt_type == PACKET_OTHERHOST) {
skb->pkt_type = PACKET_HOST; skb->pkt_type = PACKET_HOST;
skb->nf_bridge->mask |= BRNF_PKT_TYPE; skb->nf_bridge->mask |= BRNF_PKT_TYPE;
@ -207,10 +199,6 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb)
struct iphdr *iph = skb->nh.iph; struct iphdr *iph = skb->nh.iph;
struct nf_bridge_info *nf_bridge = skb->nf_bridge; struct nf_bridge_info *nf_bridge = skb->nf_bridge;
#ifdef CONFIG_NETFILTER_DEBUG
skb->nf_debug ^= (1 << NF_BR_PRE_ROUTING);
#endif
if (nf_bridge->mask & BRNF_PKT_TYPE) { if (nf_bridge->mask & BRNF_PKT_TYPE) {
skb->pkt_type = PACKET_OTHERHOST; skb->pkt_type = PACKET_OTHERHOST;
nf_bridge->mask ^= BRNF_PKT_TYPE; nf_bridge->mask ^= BRNF_PKT_TYPE;
@ -382,9 +370,6 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook,
if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb)) if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb))
goto inhdr_error; goto inhdr_error;
#ifdef CONFIG_NETFILTER_DEBUG
skb->nf_debug ^= (1 << NF_IP6_PRE_ROUTING);
#endif
if ((nf_bridge = nf_bridge_alloc(skb)) == NULL) if ((nf_bridge = nf_bridge_alloc(skb)) == NULL)
return NF_DROP; return NF_DROP;
setup_pre_routing(skb); setup_pre_routing(skb);
@ -468,9 +453,6 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
skb->ip_summed = CHECKSUM_NONE; skb->ip_summed = CHECKSUM_NONE;
} }
#ifdef CONFIG_NETFILTER_DEBUG
skb->nf_debug ^= (1 << NF_IP_PRE_ROUTING);
#endif
if ((nf_bridge = nf_bridge_alloc(skb)) == NULL) if ((nf_bridge = nf_bridge_alloc(skb)) == NULL)
return NF_DROP; return NF_DROP;
setup_pre_routing(skb); setup_pre_routing(skb);
@ -517,10 +499,6 @@ static int br_nf_forward_finish(struct sk_buff *skb)
struct net_device *in; struct net_device *in;
struct vlan_ethhdr *hdr = vlan_eth_hdr(skb); struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
#ifdef CONFIG_NETFILTER_DEBUG
skb->nf_debug ^= (1 << NF_BR_FORWARD);
#endif
if (skb->protocol != __constant_htons(ETH_P_ARP) && !IS_VLAN_ARP) { if (skb->protocol != __constant_htons(ETH_P_ARP) && !IS_VLAN_ARP) {
in = nf_bridge->physindev; in = nf_bridge->physindev;
if (nf_bridge->mask & BRNF_PKT_TYPE) { if (nf_bridge->mask & BRNF_PKT_TYPE) {
@ -566,9 +544,6 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb,
(*pskb)->nh.raw += VLAN_HLEN; (*pskb)->nh.raw += VLAN_HLEN;
} }
#ifdef CONFIG_NETFILTER_DEBUG
skb->nf_debug ^= (1 << NF_BR_FORWARD);
#endif
nf_bridge = skb->nf_bridge; nf_bridge = skb->nf_bridge;
if (skb->pkt_type == PACKET_OTHERHOST) { if (skb->pkt_type == PACKET_OTHERHOST) {
skb->pkt_type = PACKET_HOST; skb->pkt_type = PACKET_HOST;
@ -605,10 +580,6 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb,
(*pskb)->nh.raw += VLAN_HLEN; (*pskb)->nh.raw += VLAN_HLEN;
} }
#ifdef CONFIG_NETFILTER_DEBUG
skb->nf_debug ^= (1 << NF_BR_FORWARD);
#endif
if (skb->nh.arph->ar_pln != 4) { if (skb->nh.arph->ar_pln != 4) {
if (IS_VLAN_ARP) { if (IS_VLAN_ARP) {
skb_push(*pskb, VLAN_HLEN); skb_push(*pskb, VLAN_HLEN);
@ -627,9 +598,6 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb,
/* PF_BRIDGE/LOCAL_OUT ***********************************************/ /* PF_BRIDGE/LOCAL_OUT ***********************************************/
static int br_nf_local_out_finish(struct sk_buff *skb) static int br_nf_local_out_finish(struct sk_buff *skb)
{ {
#ifdef CONFIG_NETFILTER_DEBUG
skb->nf_debug &= ~(1 << NF_BR_LOCAL_OUT);
#endif
if (skb->protocol == __constant_htons(ETH_P_8021Q)) { if (skb->protocol == __constant_htons(ETH_P_8021Q)) {
skb_push(skb, VLAN_HLEN); skb_push(skb, VLAN_HLEN);
skb->nh.raw -= VLAN_HLEN; skb->nh.raw -= VLAN_HLEN;
@ -731,10 +699,6 @@ static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb,
realoutdev, br_nf_local_out_finish, realoutdev, br_nf_local_out_finish,
NF_IP_PRI_BRIDGE_SABOTAGE_FORWARD + 1); NF_IP_PRI_BRIDGE_SABOTAGE_FORWARD + 1);
} else { } else {
#ifdef CONFIG_NETFILTER_DEBUG
skb->nf_debug ^= (1 << NF_IP_LOCAL_OUT);
#endif
NF_HOOK_THRESH(pf, NF_IP_LOCAL_OUT, skb, realindev, NF_HOOK_THRESH(pf, NF_IP_LOCAL_OUT, skb, realindev,
realoutdev, br_nf_local_out_finish, realoutdev, br_nf_local_out_finish,
NF_IP_PRI_BRIDGE_SABOTAGE_LOCAL_OUT + 1); NF_IP_PRI_BRIDGE_SABOTAGE_LOCAL_OUT + 1);
@ -779,8 +743,6 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
printk(KERN_CRIT "br_netfilter: skb->dst == NULL."); printk(KERN_CRIT "br_netfilter: skb->dst == NULL.");
goto print_error; goto print_error;
} }
skb->nf_debug ^= (1 << NF_IP_POST_ROUTING);
#endif #endif
/* We assume any code from br_dev_queue_push_xmit onwards doesn't care /* We assume any code from br_dev_queue_push_xmit onwards doesn't care

138
net/core/netfilter.c
View File

@ -141,136 +141,6 @@ void nf_unregister_sockopt(struct nf_sockopt_ops *reg)
up(&nf_sockopt_mutex); up(&nf_sockopt_mutex);
} }
#ifdef CONFIG_NETFILTER_DEBUG
#include <net/ip.h>
#include <net/tcp.h>
#include <linux/netfilter_ipv4.h>
static void debug_print_hooks_ip(unsigned int nf_debug)
{
if (nf_debug & (1 << NF_IP_PRE_ROUTING)) {
printk("PRE_ROUTING ");
nf_debug ^= (1 << NF_IP_PRE_ROUTING);
}
if (nf_debug & (1 << NF_IP_LOCAL_IN)) {
printk("LOCAL_IN ");
nf_debug ^= (1 << NF_IP_LOCAL_IN);
}
if (nf_debug & (1 << NF_IP_FORWARD)) {
printk("FORWARD ");
nf_debug ^= (1 << NF_IP_FORWARD);
}
if (nf_debug & (1 << NF_IP_LOCAL_OUT)) {
printk("LOCAL_OUT ");
nf_debug ^= (1 << NF_IP_LOCAL_OUT);
}
if (nf_debug & (1 << NF_IP_POST_ROUTING)) {
printk("POST_ROUTING ");
nf_debug ^= (1 << NF_IP_POST_ROUTING);
}
if (nf_debug)
printk("Crap bits: 0x%04X", nf_debug);
printk("\n");
}
static void nf_dump_skb(int pf, struct sk_buff *skb)
{
printk("skb: pf=%i %s dev=%s len=%u\n",
pf,
skb->sk ? "(owned)" : "(unowned)",
skb->dev ? skb->dev->name : "(no dev)",
skb->len);
switch (pf) {
case PF_INET: {
const struct iphdr *ip = skb->nh.iph;
__u32 *opt = (__u32 *) (ip + 1);
int opti;
__u16 src_port = 0, dst_port = 0;
if (ip->protocol == IPPROTO_TCP
|| ip->protocol == IPPROTO_UDP) {
struct tcphdr *tcp=(struct tcphdr *)((__u32 *)ip+ip->ihl);
src_port = ntohs(tcp->source);
dst_port = ntohs(tcp->dest);
}
printk("PROTO=%d %u.%u.%u.%u:%hu %u.%u.%u.%u:%hu"
" L=%hu S=0x%2.2hX I=%hu F=0x%4.4hX T=%hu",
ip->protocol, NIPQUAD(ip->saddr),
src_port, NIPQUAD(ip->daddr),
dst_port,
ntohs(ip->tot_len), ip->tos, ntohs(ip->id),
ntohs(ip->frag_off), ip->ttl);
for (opti = 0; opti < (ip->ihl - sizeof(struct iphdr) / 4); opti++)
printk(" O=0x%8.8X", *opt++);
printk("\n");
}
}
}
void nf_debug_ip_local_deliver(struct sk_buff *skb)
{
/* If it's a loopback packet, it must have come through
* NF_IP_LOCAL_OUT, NF_IP_RAW_INPUT, NF_IP_PRE_ROUTING and
* NF_IP_LOCAL_IN. Otherwise, must have gone through
* NF_IP_RAW_INPUT and NF_IP_PRE_ROUTING. */
if (!skb->dev) {
printk("ip_local_deliver: skb->dev is NULL.\n");
} else {
if (skb->nf_debug != ((1<<NF_IP_PRE_ROUTING)
| (1<<NF_IP_LOCAL_IN))) {
printk("ip_local_deliver: bad skb: ");
debug_print_hooks_ip(skb->nf_debug);
nf_dump_skb(PF_INET, skb);
}
}
}
void nf_debug_ip_loopback_xmit(struct sk_buff *newskb)
{
if (newskb->nf_debug != ((1 << NF_IP_LOCAL_OUT)
| (1 << NF_IP_POST_ROUTING))) {
printk("ip_dev_loopback_xmit: bad owned skb = %p: ",
newskb);
debug_print_hooks_ip(newskb->nf_debug);
nf_dump_skb(PF_INET, newskb);
}
}
void nf_debug_ip_finish_output2(struct sk_buff *skb)
{
/* If it's owned, it must have gone through the
* NF_IP_LOCAL_OUT and NF_IP_POST_ROUTING.
* Otherwise, must have gone through
* NF_IP_PRE_ROUTING, NF_IP_FORWARD and NF_IP_POST_ROUTING.
*/
if (skb->sk) {
if (skb->nf_debug != ((1 << NF_IP_LOCAL_OUT)
| (1 << NF_IP_POST_ROUTING))) {
printk("ip_finish_output: bad owned skb = %p: ", skb);
debug_print_hooks_ip(skb->nf_debug);
nf_dump_skb(PF_INET, skb);
}
} else {
if (skb->nf_debug != ((1 << NF_IP_PRE_ROUTING)
| (1 << NF_IP_FORWARD)
| (1 << NF_IP_POST_ROUTING))) {
/* Fragments, entunnelled packets, TCP RSTs
generated by ipt_REJECT will have no
owners, but still may be local */
if (skb->nf_debug != ((1 << NF_IP_LOCAL_OUT)
| (1 << NF_IP_POST_ROUTING))){
printk("ip_finish_output:"
" bad unowned skb = %p: ",skb);
debug_print_hooks_ip(skb->nf_debug);
nf_dump_skb(PF_INET, skb);
}
}
}
}
#endif /*CONFIG_NETFILTER_DEBUG*/
/* Call get/setsockopt() */ /* Call get/setsockopt() */
static int nf_sockopt(struct sock *sk, int pf, int val, static int nf_sockopt(struct sock *sk, int pf, int val,
char __user *opt, int *len, int get) char __user *opt, int *len, int get)
@ -488,14 +358,6 @@ int nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb,
/* We may already have this, but read-locks nest anyway */ /* We may already have this, but read-locks nest anyway */
rcu_read_lock(); rcu_read_lock();
#ifdef CONFIG_NETFILTER_DEBUG
if (unlikely((*pskb)->nf_debug & (1 << hook))) {
printk("nf_hook: hook %i already set.\n", hook);
nf_dump_skb(pf, *pskb);
}
(*pskb)->nf_debug |= (1 << hook);
#endif
elem = &nf_hooks[pf][hook]; elem = &nf_hooks[pf][hook];
next_hook: next_hook:
verdict = nf_iterate(&nf_hooks[pf][hook], pskb, hook, indev, verdict = nf_iterate(&nf_hooks[pf][hook], pskb, hook, indev,

6
net/core/skbuff.c
View File

@ -365,9 +365,6 @@ struct sk_buff *skb_clone(struct sk_buff *skb, int gfp_mask)
C(nfct); C(nfct);
nf_conntrack_get(skb->nfct); nf_conntrack_get(skb->nfct);
C(nfctinfo); C(nfctinfo);
#ifdef CONFIG_NETFILTER_DEBUG
C(nf_debug);
#endif
#ifdef CONFIG_BRIDGE_NETFILTER #ifdef CONFIG_BRIDGE_NETFILTER
C(nf_bridge); C(nf_bridge);
nf_bridge_get(skb->nf_bridge); nf_bridge_get(skb->nf_bridge);
@ -432,9 +429,6 @@ static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
new->nfct = old->nfct; new->nfct = old->nfct;
nf_conntrack_get(old->nfct); nf_conntrack_get(old->nfct);
new->nfctinfo = old->nfctinfo; new->nfctinfo = old->nfctinfo;
#ifdef CONFIG_NETFILTER_DEBUG
new->nf_debug = old->nf_debug;
#endif
#ifdef CONFIG_BRIDGE_NETFILTER #ifdef CONFIG_BRIDGE_NETFILTER
new->nf_bridge = old->nf_bridge; new->nf_bridge = old->nf_bridge;
nf_bridge_get(old->nf_bridge); nf_bridge_get(old->nf_bridge);

4
net/ipv4/ip_input.c
View File

@ -200,10 +200,6 @@ static inline int ip_local_deliver_finish(struct sk_buff *skb)
{ {
int ihl = skb->nh.iph->ihl*4; int ihl = skb->nh.iph->ihl*4;
#ifdef CONFIG_NETFILTER_DEBUG
nf_debug_ip_local_deliver(skb);
#endif /*CONFIG_NETFILTER_DEBUG*/
__skb_pull(skb, ihl); __skb_pull(skb, ihl);
/* Free reference early: we don't need it any more, and it may /* Free reference early: we don't need it any more, and it may

11
net/ipv4/ip_output.c
View File

@ -107,10 +107,6 @@ static int ip_dev_loopback_xmit(struct sk_buff *newskb)
newskb->pkt_type = PACKET_LOOPBACK; newskb->pkt_type = PACKET_LOOPBACK;
newskb->ip_summed = CHECKSUM_UNNECESSARY; newskb->ip_summed = CHECKSUM_UNNECESSARY;
BUG_TRAP(newskb->dst); BUG_TRAP(newskb->dst);
#ifdef CONFIG_NETFILTER_DEBUG
nf_debug_ip_loopback_xmit(newskb);
#endif
nf_reset(newskb); nf_reset(newskb);
netif_rx(newskb); netif_rx(newskb);
return 0; return 0;
@ -192,10 +188,6 @@ static inline int ip_finish_output2(struct sk_buff *skb)
skb = skb2; skb = skb2;
} }
#ifdef CONFIG_NETFILTER_DEBUG
nf_debug_ip_finish_output2(skb);
#endif /*CONFIG_NETFILTER_DEBUG*/
nf_reset(skb); nf_reset(skb);
if (hh) { if (hh) {
@ -415,9 +407,6 @@ static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from)
to->nf_bridge = from->nf_bridge; to->nf_bridge = from->nf_bridge;
nf_bridge_get(to->nf_bridge); nf_bridge_get(to->nf_bridge);
#endif #endif
#ifdef CONFIG_NETFILTER_DEBUG
to->nf_debug = from->nf_debug;
#endif
#endif #endif
} }

1
net/ipv4/ipvs/ip_vs_xmit.c
View File

@ -127,7 +127,6 @@ ip_vs_dst_reset(struct ip_vs_dest *dest)
#define IP_VS_XMIT(skb, rt) \ #define IP_VS_XMIT(skb, rt) \
do { \ do { \
nf_reset_debug(skb); \
(skb)->nfcache |= NFC_IPVS_PROPERTY; \ (skb)->nfcache |= NFC_IPVS_PROPERTY; \
(skb)->ip_summed = CHECKSUM_NONE; \ (skb)->ip_summed = CHECKSUM_NONE; \
NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL, \ NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL, \

9
net/ipv4/netfilter/ip_conntrack_core.c
View File

@ -940,10 +940,6 @@ void ip_ct_refresh_acct(struct ip_conntrack *ct,
struct sk_buff * struct sk_buff *
ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user) ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user)
{ {
#ifdef CONFIG_NETFILTER_DEBUG
unsigned int olddebug = skb->nf_debug;
#endif
skb_orphan(skb); skb_orphan(skb);
local_bh_disable(); local_bh_disable();
@ -953,12 +949,7 @@ ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user)
if (skb) { if (skb) {
ip_send_check(skb->nh.iph); ip_send_check(skb->nh.iph);
skb->nfcache |= NFC_ALTERED; skb->nfcache |= NFC_ALTERED;
#ifdef CONFIG_NETFILTER_DEBUG
/* Packet path as if nothing had happened. */
skb->nf_debug = olddebug;
#endif
} }
return skb; return skb;
} }

3
net/ipv4/netfilter/ip_nat_helper.c
View File

@ -142,9 +142,6 @@ static int enlarge_skb(struct sk_buff **pskb, unsigned int extra)
/* Transfer socket to new skb. */ /* Transfer socket to new skb. */
if ((*pskb)->sk) if ((*pskb)->sk)
skb_set_owner_w(nskb, (*pskb)->sk); skb_set_owner_w(nskb, (*pskb)->sk);
#ifdef CONFIG_NETFILTER_DEBUG
nskb->nf_debug = (*pskb)->nf_debug;
#endif
kfree_skb(*pskb); kfree_skb(*pskb);
*pskb = nskb; *pskb = nskb;
return 1; return 1;

3
net/ipv6/ip6_output.c
View File

@ -484,9 +484,6 @@ static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
to->nf_bridge = from->nf_bridge; to->nf_bridge = from->nf_bridge;
nf_bridge_get(to->nf_bridge); nf_bridge_get(to->nf_bridge);
#endif #endif
#ifdef CONFIG_NETFILTER_DEBUG
to->nf_debug = from->nf_debug;
#endif
#endif #endif
} }