Merge bk://kernel.bkbits.net/davem/net-2.5

into home.transmeta.com:/home/torvalds/v2.5/linux

net/bridge/netfilter/ebtables.c

@@ -2,7 +2,7 @@
  *  ebtables
  *
  *  Author:
- *  Bart De Schuymer		<bart.de.schuymer@pandora.be>
+ *  Bart De Schuymer		<bdschuym@pandora.be>
  *
  *  ebtables.c,v 2.0, July, 2002
  *
@@ -15,7 +15,7 @@
  *  2 of the License, or (at your option) any later version.
  */
 
-// used for print_string
+/* used for print_string */
 #include <linux/sched.h>
 #include <linux/tty.h>
 
@@ -27,18 +27,20 @@
 #include <asm/uaccess.h>
 #include <linux/smp.h>
 #include <net/sock.h>
-// needed for logical [in,out]-dev filtering
+/* needed for logical [in,out]-dev filtering */
 #include "../br_private.h"
 
-// list_named_find
+/* list_named_find */
 #define ASSERT_READ_LOCK(x)
 #define ASSERT_WRITE_LOCK(x)
 #include <linux/netfilter_ipv4/listhelp.h>
 
-#if 0 // use this for remote debugging
-// Copyright (C) 1998 by Ori Pomerantz
-// Print the string to the appropriate tty, the one
-// the current task uses
+#if 0
+/* use this for remote debugging
+ * Copyright (C) 1998 by Ori Pomerantz
+ * Print the string to the appropriate tty, the one
+ * the current task uses
+ */
 static void print_string(char *str)
 {
 	struct tty_struct *my_tty;
@@ -55,20 +57,22 @@ static void print_string(char *str)
 #else
 #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
                                          "report to author: "format, ## args)
-// #define BUGPRINT(format, args...)
+/* #define BUGPRINT(format, args...) */
 #endif
 #define MEMPRINT(format, args...) printk("kernel msg: ebtables "\
                                          ": out of memory: "format, ## args)
-// #define MEMPRINT(format, args...)
+/* #define MEMPRINT(format, args...) */
 
 
 
-// Each cpu has its own set of counters, so there is no need for write_lock in
-// the softirq
-// For reading or updating the counters, the user context needs to
-// get a write_lock
+/*
+ * Each cpu has its own set of counters, so there is no need for write_lock in
+ * the softirq
+ * For reading or updating the counters, the user context needs to
+ * get a write_lock
+ */
 
-// The size of each set of counters is altered to get cache alignment
+/* The size of each set of counters is altered to get cache alignment */
 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
 #define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter)))
 #define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
@@ -91,7 +95,7 @@ static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
 {
 	w->u.watcher->watcher(skb, in, out, w->data,
 	   w->watcher_size);
-	// watchers don't give a verdict
+	/* watchers don't give a verdict */
 	return 0;
 }
 
@@ -113,7 +117,7 @@ static inline int ebt_dev_check(char *entry, const struct net_device *device)
 }
 
 #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))
-// process standard matches
+/* process standard matches */
 static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
    const struct net_device *in, const struct net_device *out)
 {
@@ -156,7 +160,7 @@ static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
 	return 0;
 }
 
-// Do some firewalling
+/* Do some firewalling */
 unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
    const struct net_device *in, const struct net_device *out,
    struct ebt_table *table)
@@ -182,7 +186,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
 	nentries = private->hook_entry[hook]->nentries;
 	point = (struct ebt_entry *)(private->hook_entry[hook]->data);
 	counter_base = cb_base + private->hook_entry[hook]->counter_offset;
-	// base for chain jumps
+	/* base for chain jumps */
 	base = private->entries;
 	i = 0;
 	while (i < nentries) {
@@ -192,18 +196,18 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
 		if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0)
 			goto letscontinue;
 
-		// increase counter
+		/* increase counter */
 		(*(counter_base + i)).pcnt++;
 		(*(counter_base + i)).bcnt+=(**pskb).len;
 
-		// these should only watch: not modify, nor tell us
-		// what to do with the packet
+		/* these should only watch: not modify, nor tell us
+		   what to do with the packet */
 		EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, in,
 		   out);
 
 		t = (struct ebt_entry_target *)
 		   (((char *)point) + point->target_offset);
-		// standard target
+		/* standard target */
 		if (!t->u.target->target)
 			verdict = ((struct ebt_standard_target *)t)->verdict;
 		else
@@ -222,12 +226,12 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
 #ifdef CONFIG_NETFILTER_DEBUG
 			if (sp == 0) {
 				BUGPRINT("RETURN on base chain");
-				// act like this is EBT_CONTINUE
+				/* act like this is EBT_CONTINUE */
 				goto letscontinue;
 			}
 #endif
 			sp--;
-			// put all the local variables right
+			/* put all the local variables right */
 			i = cs[sp].n;
 			chaininfo = cs[sp].chaininfo;
 			nentries = chaininfo->nentries;
@@ -245,7 +249,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
 			return NF_DROP;
 		}
 #endif
-		// jump to a udc
+		/* jump to a udc */
 		cs[sp].n = i + 1;
 		cs[sp].chaininfo = chaininfo;
 		cs[sp].e = (struct ebt_entry *)
@@ -270,7 +274,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
 		i++;
 	}
 
-	// I actually like this :)
+	/* I actually like this :) */
 	if (chaininfo->policy == EBT_RETURN)
 		goto letsreturn;
 	if (chaininfo->policy == EBT_ACCEPT) {
@@ -281,7 +285,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
 	return NF_DROP;
 }
 
-// If it succeeds, returns element and locks mutex
+/* If it succeeds, returns element and locks mutex */
 static inline void *
 find_inlist_lock_noload(struct list_head *head, const char *name, int *error,
    struct semaphore *mutex)
@@ -359,14 +363,15 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
 	if (!match)
 		return ret;
 	m->u.match = match;
-	if (match->me)
-		__MOD_INC_USE_COUNT(match->me);
+	if (!try_module_get(match->me)) {
+		up(&ebt_mutex);
+		return -EINVAL;
+	}
 	up(&ebt_mutex);
 	if (match->check &&
 	   match->check(name, hookmask, e, m->data, m->match_size) != 0) {
 		BUGPRINT("match->check failed\n");
-		if (match->me)
-			__MOD_DEC_USE_COUNT(match->me);
+		module_put(match->me);
 		return -EINVAL;
 	}
 	(*cnt)++;
@@ -387,22 +392,25 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
 	if (!watcher)
 		return ret;
 	w->u.watcher = watcher;
-	if (watcher->me)
-		__MOD_INC_USE_COUNT(watcher->me);
+	if (!try_module_get(watcher->me)) {
+		up(&ebt_mutex);
+		return -EINVAL;
+	}
 	up(&ebt_mutex);
 	if (watcher->check &&
 	   watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) {
 		BUGPRINT("watcher->check failed\n");
-		if (watcher->me)
-			__MOD_DEC_USE_COUNT(watcher->me);
+		module_put(watcher->me);
 		return -EINVAL;
 	}
 	(*cnt)++;
 	return 0;
 }
 
-// this one is very careful, as it is the first function
-// to parse the userspace data
+/*
+ * this one is very careful, as it is the first function
+ * to parse the userspace data
+ */
 static inline int
 ebt_check_entry_size_and_hooks(struct ebt_entry *e,
    struct ebt_table_info *newinfo, char *base, char *limit,
@@ -418,24 +426,24 @@ ebt_check_entry_size_and_hooks(struct ebt_entry *e,
 		   (char *)e - newinfo->entries)
 			break;
 	}
-	// beginning of a new chain
-	// if i == NF_BR_NUMHOOKS it must be a user defined chain
+	/* beginning of a new chain
+	   if i == NF_BR_NUMHOOKS it must be a user defined chain */
 	if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
 		if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) != 0) {
-			// we make userspace set this right,
-			// so there is no misunderstanding
+			/* we make userspace set this right,
+			   so there is no misunderstanding */
 			BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
 			         "in distinguisher\n");
 			return -EINVAL;
 		}
-		// this checks if the previous chain has as many entries
-		// as it said it has
+		/* this checks if the previous chain has as many entries
+		   as it said it has */
 		if (*n != *cnt) {
 			BUGPRINT("nentries does not equal the nr of entries "
 		                 "in the chain\n");
 			return -EINVAL;
 		}
-		// before we look at the struct, be sure it is not too big
+		/* before we look at the struct, be sure it is not too big */
 		if ((char *)hook_entries[i] + sizeof(struct ebt_entries)
 		   > limit) {
 			BUGPRINT("entries_size too small\n");
@@ -443,14 +451,14 @@ ebt_check_entry_size_and_hooks(struct ebt_entry *e,
 		}
 		if (((struct ebt_entries *)e)->policy != EBT_DROP &&
 		   ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
-			// only RETURN from udc
+			/* only RETURN from udc */
 			if (i != NF_BR_NUMHOOKS ||
 			   ((struct ebt_entries *)e)->policy != EBT_RETURN) {
 				BUGPRINT("bad policy\n");
 				return -EINVAL;
 			}
 		}
-		if (i == NF_BR_NUMHOOKS) // it's a user defined chain
+		if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
 			(*udc_cnt)++;
 		else
 			newinfo->hook_entry[i] = (struct ebt_entries *)e;
@@ -462,14 +470,14 @@ ebt_check_entry_size_and_hooks(struct ebt_entry *e,
 		*cnt = 0;
 		return 0;
 	}
-	// a plain old entry, heh
+	/* a plain old entry, heh */
 	if (sizeof(struct ebt_entry) > e->watchers_offset ||
 	   e->watchers_offset > e->target_offset ||
 	   e->target_offset >= e->next_offset) {
 		BUGPRINT("entry offsets not in right order\n");
 		return -EINVAL;
 	}
-	// this is not checked anywhere else
+	/* this is not checked anywhere else */
 	if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
 		BUGPRINT("target size too small\n");
 		return -EINVAL;
@@ -487,8 +495,10 @@ struct ebt_cl_stack
 	unsigned int hookmask;
 };
 
-// we need these positions to check that the jumps to a different part of the
-// entries is a jump to the beginning of a new chain.
+/*
+ * we need these positions to check that the jumps to a different part of the
+ * entries is a jump to the beginning of a new chain.
+ */
 static inline int
 ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
    struct ebt_entries **hook_entries, unsigned int *n, unsigned int valid_hooks,
@@ -496,7 +506,7 @@ ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
 {
 	int i;
 
-	// we're only interested in chain starts
+	/* we're only interested in chain starts */
 	if (e->bitmask & EBT_ENTRY_OR_ENTRIES)
 		return 0;
 	for (i = 0; i < NF_BR_NUMHOOKS; i++) {
@@ -505,12 +515,12 @@ ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
 		if (newinfo->hook_entry[i] == (struct ebt_entries *)e)
 			break;
 	}
-	// only care about udc
+	/* only care about udc */
 	if (i != NF_BR_NUMHOOKS)
 		return 0;
 
 	udc[*n].cs.chaininfo = (struct ebt_entries *)e;
-	// these initialisations are depended on later in check_chainloops()
+	/* these initialisations are depended on later in check_chainloops() */
 	udc[*n].cs.n = 0;
 	udc[*n].hookmask = 0;
 
@@ -525,8 +535,7 @@ ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
 		return 1;
 	if (m->u.match->destroy)
 		m->u.match->destroy(m->data, m->match_size);
-	if (m->u.match->me)
-		__MOD_DEC_USE_COUNT(m->u.match->me);
+	module_put(m->u.match->me);
 
 	return 0;
 }
@@ -538,8 +547,7 @@ ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
 		return 1;
 	if (w->u.watcher->destroy)
 		w->u.watcher->destroy(w->data, w->watcher_size);
-	if (w->u.watcher->me)
-		__MOD_DEC_USE_COUNT(w->u.watcher->me);
+	module_put(w->u.watcher->me);
 
 	return 0;
 }
@@ -551,7 +559,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
 
 	if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
 		return 0;
-	// we're done
+	/* we're done */
 	if (cnt && (*cnt)-- == 0)
 		return 1;
 	EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
@@ -559,8 +567,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
 	t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
 	if (t->u.target->destroy)
 		t->u.target->destroy(t->data, t->target_size);
-	if (t->u.target->me)
-		__MOD_DEC_USE_COUNT(t->u.target->me);
+	module_put(t->u.target->me);
 
 	return 0;
 }
@@ -575,7 +582,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
 	unsigned int i, j, hook = 0, hookmask = 0;
 	int ret;
 
-	// Don't mess with the struct ebt_entries
+	/* don't mess with the struct ebt_entries */
 	if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0)
 		return 0;
 
@@ -591,7 +598,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
 		BUGPRINT("NOPROTO & 802_3 not allowed\n");
 		return -EINVAL;
 	}
-	// what hook do we belong to?
+	/* what hook do we belong to? */
 	for (i = 0; i < NF_BR_NUMHOOKS; i++) {
 		if ((valid_hooks & (1 << i)) == 0)
 			continue;
@@ -600,8 +607,8 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
 		else
 			break;
 	}
-	// (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
-	// a base chain
+	/* (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on
+	   a base chain */
 	if (i < NF_BR_NUMHOOKS)
 		hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS);
 	else {
@@ -625,8 +632,10 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
 	target = find_target_lock(t->u.name, &ret, &ebt_mutex);
 	if (!target)
 		goto cleanup_watchers;
-	if (target->me)
-		__MOD_INC_USE_COUNT(target->me);
+	if (!try_module_get(target->me)) {
+		up(&ebt_mutex);
+		goto cleanup_watchers;
+	}
 	up(&ebt_mutex);
 
 	t->u.target = target;
@@ -647,8 +656,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
 	   sizeof(struct ebt_entry_target) > e->next_offset) ||
 	   (t->u.target->check &&
 	   t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){
-		if (t->u.target->me)
-			__MOD_DEC_USE_COUNT(t->u.target->me);
+		module_put(t->u.target->me);
 		ret = -EFAULT;
 		goto cleanup_watchers;
 	}
@@ -661,10 +669,12 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
 	return ret;
 }
 
-// checks for loops and sets the hook mask for udc
-// the hook mask for udc tells us from which base chains the udc can be
-// accessed. This mask is a parameter to the check() functions of the extensions
-int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
+/*
+ * checks for loops and sets the hook mask for udc
+ * the hook mask for udc tells us from which base chains the udc can be
+ * accessed. This mask is a parameter to the check() functions of the extensions
+ */
+static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
    unsigned int udc_cnt, unsigned int hooknr, char *base)
 {
 	int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;
@@ -672,9 +682,9 @@ int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
 	struct ebt_entry_target *t;
 
 	while (pos < nentries || chain_nr != -1) {
-		// end of udc, go back one 'recursion' step
+		/* end of udc, go back one 'recursion' step */
 		if (pos == nentries) {
-			// put back values of the time when this chain was called
+			/* put back values of the time when this chain was called */
 			e = cl_s[chain_nr].cs.e;
 			if (cl_s[chain_nr].from != -1)
 				nentries =
@@ -682,7 +692,7 @@ int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
 			else
 				nentries = chain->nentries;
 			pos = cl_s[chain_nr].cs.n;
-			// make sure we won't see a loop that isn't one
+			/* make sure we won't see a loop that isn't one */
 			cl_s[chain_nr].cs.n = 0;
 			chain_nr = cl_s[chain_nr].from;
 			if (pos == nentries)
@@ -698,13 +708,13 @@ int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
 			return -1;
 		}
 		verdict = ((struct ebt_standard_target *)t)->verdict;
-		if (verdict >= 0) { // jump to another chain
+		if (verdict >= 0) { /* jump to another chain */
 			struct ebt_entries *hlp2 =
 			   (struct ebt_entries *)(base + verdict);
 			for (i = 0; i < udc_cnt; i++)
 				if (hlp2 == cl_s[i].cs.chaininfo)
 					break;
-			// bad destination or loop
+			/* bad destination or loop */
 			if (i == udc_cnt) {
 				BUGPRINT("bad destination\n");
 				return -1;
@@ -713,7 +723,7 @@ int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
 				BUGPRINT("loop\n");
 				return -1;
 			}
-			// this can't be 0, so the above test is correct
+			/* this can't be 0, so the above test is correct */
 			cl_s[i].cs.n = pos + 1;
 			pos = 0;
 			cl_s[i].cs.e = ((void *)e + e->next_offset);
@@ -721,7 +731,7 @@ int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
 			nentries = hlp2->nentries;
 			cl_s[i].from = chain_nr;
 			chain_nr = i;
-			// this udc is accessible from the base chain for hooknr
+			/* this udc is accessible from the base chain for hooknr */
 			cl_s[i].hookmask |= (1 << hooknr);
 			continue;
 		}
@@ -732,13 +742,13 @@ int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,
 	return 0;
 }
 
-// do the parsing of the table/chains/entries/matches/watchers/targets, heh
+/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */
 static int translate_table(struct ebt_replace *repl,
    struct ebt_table_info *newinfo)
 {
 	unsigned int i, j, k, udc_cnt;
 	int ret;
-	struct ebt_cl_stack *cl_s = NULL; // used in the checking for chain loops
+	struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
 
 	i = 0;
 	while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i)))
@@ -751,8 +761,8 @@ static int translate_table(struct ebt_replace *repl,
 		BUGPRINT("Chains don't start at beginning\n");
 		return -EINVAL;
 	}
-	// make sure chains are ordered after each other in same order
-	// as their corresponding hooks
+	/* make sure chains are ordered after each other in same order
+	   as their corresponding hooks */
 	for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
 		if (!(repl->valid_hooks & (1 << j)))
 			continue;
@@ -769,12 +779,12 @@ static int translate_table(struct ebt_replace *repl,
 	newinfo->entries_size = repl->entries_size;
 	newinfo->nentries = repl->nentries;
 
-	// do some early checkings and initialize some things
-	i = 0; // holds the expected nr. of entries for the chain
-	j = 0; // holds the up to now counted entries for the chain
-	k = 0; // holds the total nr. of entries, should equal
-	       // newinfo->nentries afterwards
-	udc_cnt = 0; // will hold the nr. of user defined chains (udc)
+	/* do some early checkings and initialize some things */
+	i = 0; /* holds the expected nr. of entries for the chain */
+	j = 0; /* holds the up to now counted entries for the chain */
+	k = 0; /* holds the total nr. of entries, should equal
+	          newinfo->nentries afterwards */
+	udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
 	ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
 	   ebt_check_entry_size_and_hooks, newinfo, repl->entries,
 	   repl->entries + repl->entries_size, repl->hook_entry, &i, &j, &k,
@@ -793,7 +803,7 @@ static int translate_table(struct ebt_replace *repl,
 		return -EINVAL;
 	}
 
-	// check if all valid hooks have a chain
+	/* check if all valid hooks have a chain */
 	for (i = 0; i < NF_BR_NUMHOOKS; i++) {
 		if (newinfo->hook_entry[i] == NULL &&
 		   (repl->valid_hooks & (1 << i))) {
@@ -802,11 +812,11 @@ static int translate_table(struct ebt_replace *repl,
 		}
 	}
 
-	// Get the location of the udc, put them in an array
-	// While we're at it, allocate the chainstack
+	/* get the location of the udc, put them in an array
+	   while we're at it, allocate the chainstack */
 	if (udc_cnt) {
-		// this will get free'd in do_replace()/ebt_register_table()
-		// if an error occurs
+		/* this will get free'd in do_replace()/ebt_register_table()
+		   if an error occurs */
 		newinfo->chainstack = (struct ebt_chainstack **)
 		   vmalloc(NR_CPUS * sizeof(struct ebt_chainstack));
 		if (!newinfo->chainstack)
@@ -827,11 +837,11 @@ static int translate_table(struct ebt_replace *repl,
 		   vmalloc(udc_cnt * sizeof(struct ebt_cl_stack));
 		if (!cl_s)
 			return -ENOMEM;
-		i = 0; // the i'th udc
+		i = 0; /* the i'th udc */
 		EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
 		   ebt_get_udc_positions, newinfo, repl->hook_entry, &i,
 		   repl->valid_hooks, cl_s);
-		// sanity check
+		/* sanity check */
 		if (i != udc_cnt) {
 			BUGPRINT("i != udc_cnt\n");
 			vfree(cl_s);
@@ -839,7 +849,7 @@ static int translate_table(struct ebt_replace *repl,
 		}
 	}
 
-	// Check for loops
+	/* Check for loops */
 	for (i = 0; i < NF_BR_NUMHOOKS; i++)
 		if (repl->valid_hooks & (1 << i))
 			if (check_chainloops(newinfo->hook_entry[i],
@@ -849,17 +859,17 @@ static int translate_table(struct ebt_replace *repl,
 				return -EINVAL;
 			}
 
-	// we now know the following (along with E=mc):
-	// - the nr of entries in each chain is right
-	// - the size of the allocated space is right
-	// - all valid hooks have a corresponding chain
-	// - there are no loops
-	// - wrong data can still be on the level of a single entry
-	// - could be there are jumps to places that are not the
-	//   beginning of a chain. This can only occur in chains that
-	//   are not accessible from any base chains, so we don't care.
-
-	// used to know what we need to clean up if something goes wrong
+	/* we now know the following (along with E=mc):
+	   - the nr of entries in each chain is right
+	   - the size of the allocated space is right
+	   - all valid hooks have a corresponding chain
+	   - there are no loops
+	   - wrong data can still be on the level of a single entry
+	   - could be there are jumps to places that are not the
+	     beginning of a chain. This can only occur in chains that
+	     are not accessible from any base chains, so we don't care. */
+
+	/* used to know what we need to clean up if something goes wrong */
 	i = 0;
 	ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
 	   ebt_check_entry, newinfo, repl->name, &i, repl->valid_hooks,
@@ -873,17 +883,17 @@ static int translate_table(struct ebt_replace *repl,
 	return ret;
 }
 
-// called under write_lock
+/* called under write_lock */
 static void get_counters(struct ebt_counter *oldcounters,
    struct ebt_counter *counters, unsigned int nentries)
 {
 	int i, cpu;
 	struct ebt_counter *counter_base;
 
-	// counters of cpu 0
+	/* counters of cpu 0 */
 	memcpy(counters, oldcounters,
 	   sizeof(struct ebt_counter) * nentries);
-	// add other counters to those of cpu 0
+	/* add other counters to those of cpu 0 */
 	for (cpu = 1; cpu < NR_CPUS; cpu++) {
 		counter_base = COUNTER_BASE(oldcounters, nentries, cpu);
 		for (i = 0; i < nentries; i++) {
@@ -893,7 +903,7 @@ static void get_counters(struct ebt_counter *oldcounters,
 	}
 }
 
-// replace the table
+/* replace the table */
 static int do_replace(void *user, unsigned int len)
 {
 	int ret, i, countersize;
@@ -901,7 +911,7 @@ static int do_replace(void *user, unsigned int len)
 	struct ebt_replace tmp;
 	struct ebt_table *t;
 	struct ebt_counter *counterstmp = NULL;
-	// used to be able to unlock earlier
+	/* used to be able to unlock earlier */
 	struct ebt_table_info *table;
 
 	if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
@@ -937,8 +947,8 @@ static int do_replace(void *user, unsigned int len)
 		goto free_entries;
 	}
 
-	// the user wants counters back
-	// the check on the size is done later, when we have the lock
+	/* the user wants counters back
+	   the check on the size is done later, when we have the lock */
 	if (tmp.num_counters) {
 		counterstmp = (struct ebt_counter *)
 		   vmalloc(tmp.num_counters * sizeof(struct ebt_counter));
@@ -950,7 +960,7 @@ static int do_replace(void *user, unsigned int len)
 	else
 		counterstmp = NULL;
 
-	// this can get initialized by translate_table()
+	/* this can get initialized by translate_table() */
 	newinfo->chainstack = NULL;
 	ret = translate_table(&tmp, newinfo);
 
@@ -961,7 +971,7 @@ static int do_replace(void *user, unsigned int len)
 	if (!t)
 		goto free_iterate;
 
-	// the table doesn't like it
+	/* the table doesn't like it */
 	if (t->check && (ret = t->check(newinfo, tmp.valid_hooks)))
 		goto free_unlock;
 
@@ -971,9 +981,9 @@ static int do_replace(void *user, unsigned int len)
 		goto free_unlock;
 	}
 
-	// we have the mutex lock, so no danger in reading this pointer
+	/* we have the mutex lock, so no danger in reading this pointer */
 	table = t->private;
-	// we need an atomic snapshot of the counters
+	/* we need an atomic snapshot of the counters */
 	write_lock_bh(&t->lock);
 	if (tmp.num_counters)
 		get_counters(t->private->counters, counterstmp,
@@ -982,10 +992,10 @@ static int do_replace(void *user, unsigned int len)
 	t->private = newinfo;
 	write_unlock_bh(&t->lock);
 	up(&ebt_mutex);
-	// So, a user can change the chains while having messed up her counter
-	// allocation. Only reason why this is done is because this way the lock
-	// is held only once, while this doesn't bring the kernel into a
-	// dangerous state.
+	/* so, a user can change the chains while having messed up her counter
+	   allocation. Only reason why this is done is because this way the lock
+	   is held only once, while this doesn't bring the kernel into a
+	   dangerous state. */
 	if (tmp.num_counters &&
 	   copy_to_user(tmp.counters, counterstmp,
 	   tmp.num_counters * sizeof(struct ebt_counter))) {
@@ -995,7 +1005,7 @@ static int do_replace(void *user, unsigned int len)
 	else
 		ret = 0;
 
-	// decrease module count and free resources
+	/* decrease module count and free resources */
 	EBT_ENTRY_ITERATE(table->entries, table->entries_size,
 	   ebt_cleanup_entry, NULL);
 
@@ -1019,7 +1029,7 @@ static int do_replace(void *user, unsigned int len)
 free_counterstmp:
 	if (counterstmp)
 		vfree(counterstmp);
-	// can be initialized in translate_table()
+	/* can be initialized in translate_table() */
 	if (newinfo->chainstack) {
 		for (i = 0; i < NR_CPUS; i++)
 			vfree(newinfo->chainstack[i]);
@@ -1046,7 +1056,6 @@ int ebt_register_target(struct ebt_target *target)
 		return -EEXIST;
 	}
 	up(&ebt_mutex);
-	MOD_INC_USE_COUNT;
 
 	return 0;
 }
@@ -1056,7 +1065,6 @@ void ebt_unregister_target(struct ebt_target *target)
 	down(&ebt_mutex);
 	LIST_DELETE(&ebt_targets, target);
 	up(&ebt_mutex);
-	MOD_DEC_USE_COUNT;
 }
 
 int ebt_register_match(struct ebt_match *match)
@@ -1071,7 +1079,6 @@ int ebt_register_match(struct ebt_match *match)
 		return -EEXIST;
 	}
 	up(&ebt_mutex);
-	MOD_INC_USE_COUNT;
 
 	return 0;
 }
@@ -1081,7 +1088,6 @@ void ebt_unregister_match(struct ebt_match *match)
 	down(&ebt_mutex);
 	LIST_DELETE(&ebt_matches, match);
 	up(&ebt_mutex);
-	MOD_DEC_USE_COUNT;
 }
 
 int ebt_register_watcher(struct ebt_watcher *watcher)
@@ -1096,7 +1102,6 @@ int ebt_register_watcher(struct ebt_watcher *watcher)
 		return -EEXIST;
 	}
 	up(&ebt_mutex);
-	MOD_INC_USE_COUNT;
 
 	return 0;
 }
@@ -1106,7 +1111,6 @@ void ebt_unregister_watcher(struct ebt_watcher *watcher)
 	down(&ebt_mutex);
 	LIST_DELETE(&ebt_watchers, watcher);
 	up(&ebt_mutex);
-	MOD_DEC_USE_COUNT;
 }
 
 int ebt_register_table(struct ebt_table *table)
@@ -1138,7 +1142,7 @@ int ebt_register_table(struct ebt_table *table)
 	if (countersize)
 		memset(newinfo->counters, 0, countersize);
 
-	// fill in newinfo and parse the entries
+	/* fill in newinfo and parse the entries */
 	newinfo->chainstack = NULL;
 	ret = translate_table(table->table, newinfo);
 	if (ret != 0) {
@@ -1165,7 +1169,6 @@ int ebt_register_table(struct ebt_table *table)
 
 	list_prepend(&ebt_tables, table);
 	up(&ebt_mutex);
-	MOD_INC_USE_COUNT;
 	return 0;
 free_unlock:
 	up(&ebt_mutex);
@@ -1202,10 +1205,9 @@ void ebt_unregister_table(struct ebt_table *table)
 		vfree(table->private->chainstack);
 	}
 	vfree(table->private);
-	MOD_DEC_USE_COUNT;
 }
 
-// userspace just supplied us with counters
+/* userspace just supplied us with counters */
 static int update_counters(void *user, unsigned int len)
 {
 	int i, ret;
@@ -1244,10 +1246,10 @@ static int update_counters(void *user, unsigned int len)
 		goto unlock_mutex;
 	}
 
-	// we want an atomic add of the counters
+	/* we want an atomic add of the counters */
 	write_lock_bh(&t->lock);
 
-	// we add to the counters of the first cpu
+	/* we add to the counters of the first cpu */
 	for (i = 0; i < hlp.num_counters; i++) {
 		t->private->counters[i].pcnt += tmp[i].pcnt;
 		t->private->counters[i].bcnt += tmp[i].bcnt;
@@ -1303,7 +1305,7 @@ static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase)
 	return 0;
 }
 
-// called with ebt_mutex down
+/* called with ebt_mutex down */
 static int copy_everything_to_user(struct ebt_table *t, void *user,
    int *len, int cmd)
 {
@@ -1345,7 +1347,7 @@ static int copy_everything_to_user(struct ebt_table *t, void *user,
 		return -EINVAL;
 	}
 
-	// userspace might not need the counters
+	/* userspace might not need the counters */
 	if (tmp.num_counters) {
 		if (tmp.num_counters != nentries) {
 			BUGPRINT("Num_counters wrong\n");
@@ -1374,7 +1376,7 @@ static int copy_everything_to_user(struct ebt_table *t, void *user,
 		BUGPRINT("Couldn't copy entries to userspace\n");
 		return -EFAULT;
 	}
-	// set the match/watcher/target names right
+	/* set the match/watcher/target names right */
 	return EBT_ENTRY_ITERATE(entries, entries_size,
 	   ebt_make_names, entries, tmp.entries);
 }
@@ -1465,14 +1467,14 @@ static int __init init(void)
 	if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0)
 		return ret;
 
-	printk("Ebtables v2.0 registered");
+	printk(KERN_NOTICE "Ebtables v2.0 registered\n");
 	return 0;
 }
 
 static void __exit fini(void)
 {
 	nf_unregister_sockopt(&ebt_sockopts);
-	printk("Ebtables v2.0 unregistered");
+	printk(KERN_NOTICE "Ebtables v2.0 unregistered\n");
 }
 
 EXPORT_SYMBOL(ebt_register_table);

net/ipv4/route.c

@@ -2672,11 +2672,13 @@ int __init ip_rt_init(void)
 					ip_rt_gc_interval;
 	add_timer(&rt_periodic_timer);
 
+#ifdef CONFIG_PROC_FS
 	if (rt_cache_proc_init())
 		goto out_enomem;
 	proc_net_create ("rt_cache_stat", 0, rt_cache_stat_get_info);
 #ifdef CONFIG_NET_CLS_ROUTE
 	create_proc_read_entry("net/rt_acct", 0, 0, ip_rt_acct_read, NULL);
+#endif
 #endif
 	xfrm_init();
 out:

net/ipv4/tcp_ipv4.c

@@ -2412,7 +2412,8 @@ static void tcp_seq_stop(struct seq_file *seq, void *v)
 			read_unlock_bh(&tp->syn_wait_lock);
 		}
 	case TCP_SEQ_STATE_LISTENING:
-		tcp_listen_unlock();
+		if (v != (void *)1)
+			tcp_listen_unlock();
 		break;
 	case TCP_SEQ_STATE_TIME_WAIT:
 	case TCP_SEQ_STATE_ESTABLISHED: