On Tue, 2013-02-19 at 01:10 +0100, pablo@xxxxxxxxxxxxx wrote:
> This patch modifies the existing code to provide more specific
> error message in the scope of each helper to help users to debug
> the reason why the packet has been dropped, ie:
[]
> diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h
[]
> @@ -100,6 +100,9 @@ struct nf_ct_helper_expectfn {
> void (*expectfn)(struct nf_conn *ct, struct nf_conntrack_expect *exp);
> };
>
> +extern void nf_ct_helper_log(struct sk_buff *skb, const struct nf_conn *,
> + const char *fmt, ...);
this should be declared
__printf(3, 4)
void nf_ct_helper_log(etc...)
to get the compiler to verify format and arguments.
> @@ -210,8 +212,11 @@ static int help(struct sk_buff *skb, unsigned int protoff,
> addr_beg_p - ib_ptr,
> addr_end_p - addr_beg_p,
> exp);
> - else if (nf_ct_expect_related(exp) != 0)
> + else if (nf_ct_expect_related(exp) != 0) {
> + nf_ct_helper_log(skb, ct, "cannot add "
> + "expectation");
do please try to avoid splitting formats
nf_ct_helper_log(skb, ct,
"cannot add expectation");
> @@ -1123,8 +1130,11 @@ static int process_sdp(struct sk_buff *skb, unsigned int protoff,
> dptr, datalen, mediaoff,
> SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
> &rtp_addr);
> - if (ret != NF_ACCEPT)
> + if (ret != NF_ACCEPT) {
> + nf_ct_helper_log(skb, ct, "cannot mangle "
> + "media connection");
here too, etc...
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
