anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-12 15:44:57 +02:00
Code Issues Releases Wiki Activity

pknock: remove some extraneous messages and source lines

Browse Source 
- $Id$ in a comment is pointless.
- remove unneeded/commented-out includes.
- remove warning messages on allocation failure
  (if that happens it is almost too late anyway;
  not wanting to spam the logs)
- remove warning messages about unhandled packets
  (attacker filling up logs)
This commit is contained in:
Jan Engelhardt
2009-10-04 00:08:34 +02:00
parent da6a9b932c
commit 3c3adcbd07
2 changed files with 7 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
extensions/libxt_pknock.c
View File

@@ -5,8 +5,6 @@
* (C) 2006-2009 J. Federico Hernandez <fede.hernandez@gmail.com> * (C) 2006-2009 J. Federico Hernandez <fede.hernandez@gmail.com>
* (C) 2006 Luis Floreani <luis.floreani@gmail.com> * (C) 2006 Luis Floreani <luis.floreani@gmail.com>
* *
* $Id$
*
* This program is released under the terms of GNU GPL version 2. * This program is released under the terms of GNU GPL version 2.
*/ */
#include <getopt.h> #include <getopt.h>
@@ -17,7 +15,6 @@
#include <xtables.h> #include <xtables.h>
#include <linux/netfilter.h> #include <linux/netfilter.h>
#include <linux/netfilter_ipv4/ip_tables.h> #include <linux/netfilter_ipv4/ip_tables.h>
//#include <linux/netfilter_ipv4/ipt_pknock.h>
#include "xt_pknock.h" #include "xt_pknock.h"
static const struct option pknock_mt_opts[] = { static const struct option pknock_mt_opts[] = {
@@ -105,7 +102,6 @@ check_proto(uint16_t pnum, uint8_t invflags)
xtables_error(PARAMETER_PROBLEM, PKNOCK "only works with TCP and UDP."); xtables_error(PARAMETER_PROBLEM, PKNOCK "only works with TCP and UDP.");
} }
/* Function which parses command options; returns true if it ate an option */
static int static int
__pknock_parse(int c, char **argv, int invert, unsigned int *flags, __pknock_parse(int c, char **argv, int invert, unsigned int *flags,
struct xt_entry_match **match, uint16_t pnum, struct xt_entry_match **match, uint16_t pnum,

39
extensions/xt_pknock.c
View File

@@ -4,8 +4,6 @@
* (C) 2006-2009 J. Federico Hernandez Scarso <fede.hernandez@gmail.com> * (C) 2006-2009 J. Federico Hernandez Scarso <fede.hernandez@gmail.com>
* (C) 2006 Luis A. Floreani <luis.floreani@gmail.com> * (C) 2006 Luis A. Floreani <luis.floreani@gmail.com>
* *
* $Id$
*
* This program is released under the terms of GNU GPL version 2. * This program is released under the terms of GNU GPL version 2.
*/ */
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
@@ -31,8 +29,6 @@
#include <linux/connector.h> #include <linux/connector.h>
#include <linux/netfilter/x_tables.h> #include <linux/netfilter/x_tables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
//#include <linux/netfilter_ipv4/ipt_pknock.h>
#include "xt_pknock.h" #include "xt_pknock.h"
#include "compat_xtables.h" #include "compat_xtables.h"
@@ -169,12 +165,8 @@ alloc_hashtable(unsigned int size)
unsigned int i; unsigned int i;
hash = kmalloc(sizeof(*hash) * size, GFP_ATOMIC); hash = kmalloc(sizeof(*hash) * size, GFP_ATOMIC);
if (hash == NULL) { if (hash == NULL)
printk(KERN_ERR PKNOCK
"kmalloc() error in alloc_hashtable() function.\n");
return NULL; return NULL;
}
for (i = 0; i < size; ++i) for (i = 0; i < size; ++i)
INIT_LIST_HEAD(&hash[i]); INIT_LIST_HEAD(&hash[i]);
@@ -442,10 +434,8 @@ add_rule(struct xt_pknock_mtinfo *info)
} }
rule = kmalloc(sizeof(*rule), GFP_ATOMIC); rule = kmalloc(sizeof(*rule), GFP_ATOMIC);
if (rule == NULL) { if (rule == NULL)
printk(KERN_ERR PKNOCK "kmalloc() error in add_rule().\n");
return false; return false;
}
INIT_LIST_HEAD(&rule->head); INIT_LIST_HEAD(&rule->head);
@@ -456,10 +446,8 @@ add_rule(struct xt_pknock_mtinfo *info)
rule->ref_count = 1; rule->ref_count = 1;
rule->max_time = info->max_time; rule->max_time = info->max_time;
rule->peer_head = alloc_hashtable(peer_hashsize); rule->peer_head = alloc_hashtable(peer_hashsize);
if (rule->peer_head == NULL) { if (rule->peer_head == NULL)
printk(KERN_ERR PKNOCK "alloc_hashtable() error in add_rule().\n");
return false; return false;
}
init_timer(&rule->timer); init_timer(&rule->timer);
rule->timer.function = peer_gc; rule->timer.function = peer_gc;
@@ -467,8 +455,6 @@ add_rule(struct xt_pknock_mtinfo *info)
rule->status_proc = create_proc_entry(info->rule_name, 0, pde); rule->status_proc = create_proc_entry(info->rule_name, 0, pde);
if (rule->status_proc == NULL) { if (rule->status_proc == NULL) {
printk(KERN_ERR PKNOCK "create_proc_entry() error in add_rule()"
" function.\n");
kfree(rule); kfree(rule);
return false; return false;
} }
@@ -580,10 +566,8 @@ static struct peer *new_peer(__be32 ip, uint8_t proto)
{ {
struct peer *peer = kmalloc(sizeof(*peer), GFP_ATOMIC); struct peer *peer = kmalloc(sizeof(*peer), GFP_ATOMIC);
if (peer == NULL) { if (peer == NULL)
printk(KERN_ERR PKNOCK "kmalloc() error in new_peer().\n");
return NULL; return NULL;
}
INIT_LIST_HEAD(&peer->head); INIT_LIST_HEAD(&peer->head);
peer->ip = ip; peer->ip = ip;
@@ -682,11 +666,8 @@ msg_to_userspace_nl(const struct xt_pknock_mtinfo *info,
struct xt_pknock_nl_msg msg; struct xt_pknock_nl_msg msg;
m = kmalloc(sizeof(*m) + sizeof(msg), GFP_ATOMIC); m = kmalloc(sizeof(*m) + sizeof(msg), GFP_ATOMIC);
if (m == NULL) { if (m == NULL)
printk(KERN_ERR PKNOCK "kmalloc() error in "
"msg_to_userspace_nl().\n");
return false; return false;
}
memset(m, 0, sizeof(*m) + sizeof(msg)); memset(m, 0, sizeof(*m) + sizeof(msg));
m->seq = 0; m->seq = 0;
@@ -759,10 +740,8 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
return false; return false;
hexresult = kmalloc(hexa_size, GFP_ATOMIC); hexresult = kmalloc(hexa_size, GFP_ATOMIC);
if (hexresult == NULL) { if (hexresult == NULL)
printk(KERN_ERR PKNOCK "kmalloc() error in has_secret().\n");
return false; return false;
}
memset(result, 0, sizeof(result)); memset(result, 0, sizeof(result));
memset(hexresult, 0, hexa_size); memset(hexresult, 0, hexa_size);
@@ -975,8 +954,7 @@ static bool pknock_mt(const struct sk_buff *skb,
#endif #endif
default: default:
printk(KERN_INFO PKNOCK pr_debug("IP payload protocol is neither tcp nor udp.\n");
"IP payload protocol is neither tcp nor udp.\n");
return false; return false;
} }
@@ -1122,8 +1100,6 @@ static struct xt_match xt_pknock_mt_reg __read_mostly = {
static int __init xt_pknock_mt_init(void) static int __init xt_pknock_mt_init(void)
{ {
printk(KERN_INFO PKNOCK "register.\n");
#ifdef PK_CRYPTO #ifdef PK_CRYPTO
if (request_module(crypto.algo) < 0) { if (request_module(crypto.algo) < 0) {
printk(KERN_ERR PKNOCK "request_module('%s') error.\n", printk(KERN_ERR PKNOCK "request_module('%s') error.\n",
@@ -1156,7 +1132,6 @@ static int __init xt_pknock_mt_init(void)
static void __exit xt_pknock_mt_exit(void) static void __exit xt_pknock_mt_exit(void)
{ {
printk(KERN_INFO PKNOCK "unregister.\n");
remove_proc_entry("xt_pknock", init_net__proc_net); remove_proc_entry("xt_pknock", init_net__proc_net);
xt_unregister_match(&xt_pknock_mt_reg); xt_unregister_match(&xt_pknock_mt_reg);
kfree(rule_hashtable); kfree(rule_hashtable);