Cloning a git repo, and it already has a dirty working directory... Whaaaaa?

Question

So, I'm confused as to what's going on. I've never hacked on the linux kernel, so maybe this is commonplace. If that's the case, sorry for the newb question.

$ git clone https://github.com/torvalds/linux.git 

Then,

$ git status 

.

# On branch master # Changes not staged for commit: #   (use "git add <file>..." to update what will be committed) #   (use "git checkout -- <file>..." to discard changes in working directory) # #   modified:   include/linux/netfilter/xt_CONNMARK.h #   modified:   include/linux/netfilter/xt_DSCP.h #   modified:   include/linux/netfilter/xt_MARK.h #   modified:   include/linux/netfilter/xt_RATEEST.h #   modified:   include/linux/netfilter/xt_TCPMSS.h #   modified:   include/linux/netfilter_ipv4/ipt_ECN.h #   modified:   include/linux/netfilter_ipv4/ipt_TTL.h #   modified:   include/linux/netfilter_ipv6/ip6t_HL.h #   modified:   net/ipv4/netfilter/ipt_ECN.c #   modified:   net/netfilter/xt_DSCP.c #   modified:   net/netfilter/xt_HL.c #   modified:   net/netfilter/xt_RATEEST.c #   modified:   net/netfilter/xt_TCPMSS.c # # Untracked files: #   (use "git add <file>..." to include in what will be committed) # #   samples/hidraw/ 

What's the deal?

EDIT : git diff output:

diff --git a/include/linux/netfilter/xt_CONNMARK.h b/include/linux/netfilter/xt_CONNMARK.h index 2f2e48e..efc17a8 100644 --- a/include/linux/netfilter/xt_CONNMARK.h +++ b/include/linux/netfilter/xt_CONNMARK.h @@ -1,6 +1,31 @@ -#ifndef _XT_CONNMARK_H_target -#define _XT_CONNMARK_H_target +#ifndef _XT_CONNMARK_H +#define _XT_CONNMARK_H  -#include <linux/netfilter/xt_connmark.h> +#include <linux/types.h>  -#endif /*_XT_CONNMARK_H_target*/ +/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> + * by Henrik Nordstrom <[email protected]> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +enum { +   XT_CONNMARK_SET = 0, +   XT_CONNMARK_SAVE, +   XT_CONNMARK_RESTORE +}; + +struct xt_connmark_tginfo1 { +   __u32 ctmark, ctmask, nfmask; +   __u8 mode; +}; + +struct xt_connmark_mtinfo1 { +   __u32 mark, mask; +   __u8 invert; +}; + +#endif /*_XT_CONNMARK_H*/ diff --git a/include/linux/netfilter/xt_DSCP.h b/include/linux/netfilter/xt_DSCP.h index 648e0b3..15f8932 100644 --- a/include/linux/netfilter/xt_DSCP.h +++ b/include/linux/netfilter/xt_DSCP.h @@ -1,26 +1,31 @@ -/* x_tables module for setting the IPv4/IPv6 DSCP field +/* x_tables module for matching the IPv4/IPv6 DSCP field   *   * (C) 2002 Harald Welte <[email protected]> - * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <[email protected]>   * This software is distributed under GNU GPL v2, 1991   *   * See RFC2474 for a description of the DSCP field within the IP Header.   * - * xt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp + * xt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp  */ -#ifndef _XT_DSCP_TARGET_H -#define _XT_DSCP_TARGET_H -#include <linux/netfilter/xt_dscp.h> +#ifndef _XT_DSCP_H +#define _XT_DSCP_H +  #include <linux/types.h>  -/* target info */ -struct xt_DSCP_info { +#define XT_DSCP_MASK   0xfc    /* 11111100 */ +#define XT_DSCP_SHIFT  2 +#define XT_DSCP_MAX    0x3f    /* 00111111 */ + +/* match info */ +struct xt_dscp_info {     __u8 dscp; +   __u8 invert;  };  -struct xt_tos_target_info { -   __u8 tos_value; +struct xt_tos_match_info {     __u8 tos_mask; +   __u8 tos_value; +   __u8 invert;  };  -#endif /* _XT_DSCP_TARGET_H */ +#endif /* _XT_DSCP_H */ diff --git a/include/linux/netfilter/xt_MARK.h b/include/linux/netfilter/xt_MARK.h index 41c456d..ecadc40 100644 --- a/include/linux/netfilter/xt_MARK.h +++ b/include/linux/netfilter/xt_MARK.h @@ -1,6 +1,15 @@ -#ifndef _XT_MARK_H_target -#define _XT_MARK_H_target +#ifndef _XT_MARK_H +#define _XT_MARK_H  -#include <linux/netfilter/xt_mark.h> +#include <linux/types.h>  -#endif /*_XT_MARK_H_target */ +struct xt_mark_tginfo2 { +   __u32 mark, mask; +}; + +struct xt_mark_mtinfo1 { +   __u32 mark, mask; +   __u8 invert; +}; + +#endif /*_XT_MARK_H*/ diff --git a/include/linux/netfilter/xt_RATEEST.h b/include/linux/netfilter/xt_RATEEST.h index 6605e20..d40a619 100644 --- a/include/linux/netfilter/xt_RATEEST.h +++ b/include/linux/netfilter/xt_RATEEST.h @@ -1,15 +1,37 @@ -#ifndef _XT_RATEEST_TARGET_H -#define _XT_RATEEST_TARGET_H +#ifndef _XT_RATEEST_MATCH_H +#define _XT_RATEEST_MATCH_H   #include <linux/types.h>  -struct xt_rateest_target_info { -   char            name[IFNAMSIZ]; -   __s8            interval; -   __u8        ewma_log; +enum xt_rateest_match_flags { +   XT_RATEEST_MATCH_INVERT = 1<<0, +   XT_RATEEST_MATCH_ABS    = 1<<1, +   XT_RATEEST_MATCH_REL    = 1<<2, +   XT_RATEEST_MATCH_DELTA  = 1<<3, +   XT_RATEEST_MATCH_BPS    = 1<<4, +   XT_RATEEST_MATCH_PPS    = 1<<5, +}; + +enum xt_rateest_match_mode { +   XT_RATEEST_MATCH_NONE, +   XT_RATEEST_MATCH_EQ, +   XT_RATEEST_MATCH_LT, +   XT_RATEEST_MATCH_GT, +}; + +struct xt_rateest_match_info { +   char            name1[IFNAMSIZ]; +   char            name2[IFNAMSIZ]; +   __u16       flags; +   __u16       mode; +   __u32       bps1; +   __u32       pps1; +   __u32       bps2; +   __u32       pps2;      /* Used internally by the kernel */ -   struct xt_rateest   *est __attribute__((aligned(8))); +   struct xt_rateest   *est1 __attribute__((aligned(8))); +   struct xt_rateest   *est2 __attribute__((aligned(8)));  };  -#endif /* _XT_RATEEST_TARGET_H */ +#endif /* _XT_RATEEST_MATCH_H */ diff --git a/include/linux/netfilter/xt_TCPMSS.h b/include/linux/netfilter/xt_TCPMSS.h index 9a6960a..fbac56b 100644 --- a/include/linux/netfilter/xt_TCPMSS.h +++ b/include/linux/netfilter/xt_TCPMSS.h @@ -1,12 +1,11 @@ -#ifndef _XT_TCPMSS_H -#define _XT_TCPMSS_H +#ifndef _XT_TCPMSS_MATCH_H +#define _XT_TCPMSS_MATCH_H   #include <linux/types.h>  -struct xt_tcpmss_info { -   __u16 mss; +struct xt_tcpmss_match_info { +    __u16 mss_min, mss_max; +    __u8 invert;  };  -#define XT_TCPMSS_CLAMP_PMTU 0xffff - -#endif /* _XT_TCPMSS_H */ +#endif /*_XT_TCPMSS_MATCH_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_ECN.h b/include/linux/netfilter_ipv4/ipt_ECN.h index bb88d53..eabf95f 100644 --- a/include/linux/netfilter_ipv4/ipt_ECN.h +++ b/include/linux/netfilter_ipv4/ipt_ECN.h @@ -1,33 +1,35 @@ -/* Header file for iptables ipt_ECN target +/* iptables module for matching the ECN header in IPv4 and TCP header   * - * (C) 2002 by Harald Welte <[email protected]> + * (C) 2002 Harald Welte <[email protected]>   *   * This software is distributed under GNU GPL v2, 1991   *  - * ipt_ECN.h,v 1.3 2002/05/29 12:17:40 laforge Exp + * ipt_ecn.h,v 1.4 2002/08/05 19:39:00 laforge Exp  */ -#ifndef _IPT_ECN_TARGET_H -#define _IPT_ECN_TARGET_H +#ifndef _IPT_ECN_H +#define _IPT_ECN_H   #include <linux/types.h> -#include <linux/netfilter/xt_DSCP.h> +#include <linux/netfilter/xt_dscp.h>   #define IPT_ECN_IP_MASK    (~XT_DSCP_MASK)  -#define IPT_ECN_OP_SET_IP  0x01    /* set ECN bits of IPv4 header */ -#define IPT_ECN_OP_SET_ECE 0x10    /* set ECE bit of TCP header */ -#define IPT_ECN_OP_SET_CWR 0x20    /* set CWR bit of TCP header */ +#define IPT_ECN_OP_MATCH_IP    0x01 +#define IPT_ECN_OP_MATCH_ECE   0x10 +#define IPT_ECN_OP_MATCH_CWR   0x20  -#define IPT_ECN_OP_MASK        0xce +#define IPT_ECN_OP_MATCH_MASK  0xce  -struct ipt_ECN_info { -   __u8 operation; /* bitset of operations */ -   __u8 ip_ect;    /* ECT codepoint of IPv4 header, pre-shifted */ +/* match info */ +struct ipt_ecn_info { +   __u8 operation; +   __u8 invert; +   __u8 ip_ect;     union {         struct { -           __u8 ece:1, cwr:1; /* TCP ECT bits */ +           __u8 ect;         } tcp;     } proto;  };  -#endif /* _IPT_ECN_TARGET_H */ +#endif /* _IPT_ECN_H */ diff --git a/include/linux/netfilter_ipv4/ipt_TTL.h b/include/linux/netfilter_ipv4/ipt_TTL.h index f6ac169..37bee44 100644 --- a/include/linux/netfilter_ipv4/ipt_TTL.h +++ b/include/linux/netfilter_ipv4/ipt_TTL.h @@ -1,5 +1,5 @@ -/* TTL modification module for IP tables - * (C) 2000 by Harald Welte <[email protected]> */ +/* IP tables module for matching the value of the TTL + * (C) 2000 by Harald Welte <[email protected]> */   #ifndef _IPT_TTL_H  #define _IPT_TTL_H @@ -7,14 +7,14 @@  #include <linux/types.h>   enum { -   IPT_TTL_SET = 0, -   IPT_TTL_INC, -   IPT_TTL_DEC +   IPT_TTL_EQ = 0,     /* equals */ +   IPT_TTL_NE,     /* not equals */ +   IPT_TTL_LT,     /* less than */ +   IPT_TTL_GT,     /* greater than */  };  -#define IPT_TTL_MAXMODE    IPT_TTL_DEC  -struct ipt_TTL_info { +struct ipt_ttl_info {     __u8    mode;     __u8    ttl;  }; diff --git a/include/linux/netfilter_ipv6/ip6t_HL.h b/include/linux/netfilter_ipv6/ip6t_HL.h index ebd8ead..6e76dbc 100644 --- a/include/linux/netfilter_ipv6/ip6t_HL.h +++ b/include/linux/netfilter_ipv6/ip6t_HL.h @@ -1,6 +1,6 @@ -/* Hop Limit modification module for ip6tables +/* ip6tables module for matching the Hop Limit value   * Maciej Soltysiak <[email protected]> - * Based on HW's TTL module */ + * Based on HW's ttl module */   #ifndef _IP6T_HL_H  #define _IP6T_HL_H @@ -8,14 +8,14 @@  #include <linux/types.h>   enum { -   IP6T_HL_SET = 0, -   IP6T_HL_INC, -   IP6T_HL_DEC +   IP6T_HL_EQ = 0,     /* equals */ +   IP6T_HL_NE,     /* not equals */ +   IP6T_HL_LT,     /* less than */ +   IP6T_HL_GT,     /* greater than */  };  -#define IP6T_HL_MAXMODE    IP6T_HL_DEC  -struct ip6t_HL_info { +struct ip6t_hl_info {     __u8    mode;     __u8    hop_limit;  }; diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index 4bf3dc4..2b57e52 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c @@ -1,138 +1,127 @@ -/* iptables module for the IPv4 and TCP ECN bits, Version 1.5 +/* IP tables module for matching the value of the IPv4 and TCP ECN bits   * - * (C) 2002 by Harald Welte <[email protected]> + * (C) 2002 by Harald Welte <[email protected]>   *   * This program is free software; you can redistribute it and/or modify   * it under the terms of the GNU General Public License version 2 as   * published by the Free Software Foundation. -*/ + */  #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt  #include <linux/in.h> -#include <linux/module.h> -#include <linux/skbuff.h>  #include <linux/ip.h>  #include <net/ip.h> +#include <linux/module.h> +#include <linux/skbuff.h>  #include <linux/tcp.h> -#include <net/checksum.h>   #include <linux/netfilter/x_tables.h>  #include <linux/netfilter_ipv4/ip_tables.h> -#include <linux/netfilter_ipv4/ipt_ECN.h> +#include <linux/netfilter_ipv4/ipt_ecn.h>  -MODULE_LICENSE("GPL");  MODULE_AUTHOR("Harald Welte <[email protected]>"); -MODULE_DESCRIPTION("Xtables: Explicit Congestion Notification (ECN) flag modification"); +MODULE_DESCRIPTION("Xtables: Explicit Congestion Notification (ECN) flag match for IPv4"); +MODULE_LICENSE("GPL");  -/* set ECT codepoint from IP header. - *     return false if there was an error. */ -static inline bool -set_ect_ip(struct sk_buff *skb, const struct ipt_ECN_info *einfo) +static inline bool match_ip(const struct sk_buff *skb, +               const struct ipt_ecn_info *einfo)  { -   struct iphdr *iph = ip_hdr(skb); - -   if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) { -       __u8 oldtos; -       if (!skb_make_writable(skb, sizeof(struct iphdr))) -           return false; -       iph = ip_hdr(skb); -       oldtos = iph->tos; -       iph->tos &= ~IPT_ECN_IP_MASK; -       iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK); -       csum_replace2(&iph->check, htons(oldtos), htons(iph->tos)); -   } -   return true; +   return ((ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect) ^ +          !!(einfo->invert & IPT_ECN_OP_MATCH_IP);  }  -/* Return false if there was an error. */ -static inline bool -set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo) +static inline bool match_tcp(const struct sk_buff *skb, +                const struct ipt_ecn_info *einfo, +                bool *hotdrop)  { -   struct tcphdr _tcph, *tcph; -   __be16 oldval; - -   /* Not enough header? */ -   tcph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph); -   if (!tcph) +   struct tcphdr _tcph; +   const struct tcphdr *th; + +   /* In practice, TCP match does this, so can't fail.  But let's +    * be good citizens. +    */ +   th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph); +   if (th == NULL) { +       *hotdrop = false;         return false; +   }  -   if ((!(einfo->operation & IPT_ECN_OP_SET_ECE) || -        tcph->ece == einfo->proto.tcp.ece) && -       (!(einfo->operation & IPT_ECN_OP_SET_CWR) || -        tcph->cwr == einfo->proto.tcp.cwr)) -       return true; - -   if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph))) -       return false; -   tcph = (void *)ip_hdr(skb) + ip_hdrlen(skb); 

...

(Truncated because it will exceed the stackoveflow post body limit otherwise.)

Answer 1

Which OS are you using? This error is caused by your filesystem not being case sensitive, like the default on Mac OS X.