diff --git a/extensions/libxt_pknock.c b/extensions/libxt_pknock.c index eef8f71..0167f7c 100644 --- a/extensions/libxt_pknock.c +++ b/extensions/libxt_pknock.c @@ -71,7 +71,7 @@ parse_ports(const char *portstring, uint16_t *ports, const char *proto) *next++ = '\0'; ports[i] = xtables_parse_port(cp, proto); } - + if (cp != NULL) xtables_error(PARAMETER_PROBLEM, "too many ports specified"); @@ -109,7 +109,7 @@ check_proto(uint16_t pnum, uint8_t invflags) } /* Function which parses command options; returns true if it ate an option */ -static int +static int __pknock_parse(int c, char **argv, int invert, unsigned int *flags, struct xt_entry_match **match, uint16_t pnum, uint16_t invflags) @@ -230,7 +230,7 @@ static int pknock_parse(int c, char **argv, int invert, unsigned int *flags, const void *e, struct xt_entry_match **match) { const struct ipt_entry *entry = e; - return __pknock_parse(c, argv, invert, flags, match, + return __pknock_parse(c, argv, invert, flags, match, entry->ip.proto, entry->ip.invflags); } @@ -274,7 +274,7 @@ static void pknock_check(unsigned int flags) } /* Prints out the matchinfo. */ -static void pknock_print(const void *ip, +static void pknock_print(const void *ip, const struct xt_entry_match *match, int numeric) { const struct xt_pknock_mtinfo *info = (void *)match->data; @@ -338,7 +338,7 @@ static struct xtables_match pknock_match = { .extra_opts = pknock_opts }; -void _init(void) +void _init(void) { xtables_register_match(&pknock_match); } diff --git a/extensions/xt_pknock.c b/extensions/xt_pknock.c index 5ad962c..8d0b392 100644 --- a/extensions/xt_pknock.c +++ b/extensions/xt_pknock.c @@ -171,7 +171,7 @@ alloc_hashtable(unsigned int size) hash = kmalloc(sizeof(*hash) * size, GFP_ATOMIC); if (hash == NULL) { - printk(KERN_ERR PKNOCK + printk(KERN_ERR PKNOCK "kmalloc() error in alloc_hashtable() function.\n"); return NULL; } @@ -366,7 +366,7 @@ peer_gc(unsigned long r) hashtable_for_each_safe(pos, n, rule->peer_head, peer_hashsize, i) { peer = list_entry(pos, struct peer, head); - if (!has_logged_during_this_minute(peer) && + if (!has_logged_during_this_minute(peer) && is_time_exceeded(peer, rule->max_time)) { pk_debug("DESTROYED", peer); @@ -976,7 +976,7 @@ static bool pknock_mt(const struct sk_buff *skb, #endif default: - printk(KERN_INFO PKNOCK + printk(KERN_INFO PKNOCK "IP payload protocol is neither tcp nor udp.\n"); return false; } @@ -986,7 +986,7 @@ static bool pknock_mt(const struct sk_buff *skb, /* Searches a rule from the list depending on info structure options. */ rule = search_rule(info); if (rule == NULL) { - printk(KERN_INFO PKNOCK "The rule %s doesn't exist.\n", + printk(KERN_INFO PKNOCK "The rule %s doesn't exist.\n", info->rule_name); goto out; } @@ -998,17 +998,17 @@ static bool pknock_mt(const struct sk_buff *skb, ret = is_allowed(peer); goto out; } - + if (iph->protocol == IPPROTO_UDP) { hdr.payload = (void *)iph + hdr_len; hdr.payload_len = skb->len - hdr_len; } - + /* Sets, updates, removes or checks the peer matching status. */ if (info->option & XT_PKNOCK_KNOCKPORT) { if ((ret = is_allowed(peer))) { #ifdef PK_CRYPTO - if (info->option & XT_PKNOCK_CLOSESECRET && + if (info->option & XT_PKNOCK_CLOSESECRET && iph->protocol == IPPROTO_UDP) { if (is_close_knock(peer, info, hdr.payload, hdr.payload_len)) @@ -1069,10 +1069,10 @@ static bool pknock_mt_check(const struct xt_mtchk_param *par) RETURN_ERR("Can't specify --knockports with --checkip.\n"); #ifdef PK_CRYPTO if ((info->option & XT_PKNOCK_OPENSECRET) && - !(info->option & XT_PKNOCK_CLOSESECRET)) + !(info->option & XT_PKNOCK_CLOSESECRET)) RETURN_ERR("--opensecret must go with --closesecret.\n"); if ((info->option & XT_PKNOCK_CLOSESECRET) && - !(info->option & XT_PKNOCK_OPENSECRET)) + !(info->option & XT_PKNOCK_OPENSECRET)) RETURN_ERR("--closesecret must go with --opensecret.\n"); #endif } @@ -1135,7 +1135,7 @@ static int __init xt_pknock_mt_init(void) crypto.tfm = crypto_alloc_hash(crypto.algo, 0, CRYPTO_ALG_ASYNC); if (crypto.tfm == NULL) { - printk(KERN_ERR PKNOCK "failed to load transform for %s\n", + printk(KERN_ERR PKNOCK "failed to load transform for %s\n", crypto.algo); return -ENXIO; }