aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2008-10-08 05:35:15 -0400
committerPatrick McHardy <kaber@trash.net>2008-10-08 05:35:15 -0400
commit043ef46c7690bfdbd5b012e15812a14a19ca5604 (patch)
tree5758fd3b01b7fd338c7ae39496dc7cdf5a393dd9
parent2d06d4a5cc107046508d860a0b47dbc43b829b79 (diff)
netfilter: move Ebtables to use Xtables
Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r--include/linux/netfilter_bridge/ebtables.h6
-rw-r--r--net/bridge/netfilter/Kconfig1
-rw-r--r--net/bridge/netfilter/ebt_802_3.c8
-rw-r--r--net/bridge/netfilter/ebt_among.c14
-rw-r--r--net/bridge/netfilter/ebt_arp.c8
-rw-r--r--net/bridge/netfilter/ebt_arpreply.c8
-rw-r--r--net/bridge/netfilter/ebt_dnat.c8
-rw-r--r--net/bridge/netfilter/ebt_ip.c8
-rw-r--r--net/bridge/netfilter/ebt_ip6.c9
-rw-r--r--net/bridge/netfilter/ebt_limit.c8
-rw-r--r--net/bridge/netfilter/ebt_log.c9
-rw-r--r--net/bridge/netfilter/ebt_mark.c8
-rw-r--r--net/bridge/netfilter/ebt_mark_m.c8
-rw-r--r--net/bridge/netfilter/ebt_nflog.c16
-rw-r--r--net/bridge/netfilter/ebt_pkttype.c8
-rw-r--r--net/bridge/netfilter/ebt_redirect.c8
-rw-r--r--net/bridge/netfilter/ebt_snat.c8
-rw-r--r--net/bridge/netfilter/ebt_stp.c8
-rw-r--r--net/bridge/netfilter/ebt_ulog.c10
-rw-r--r--net/bridge/netfilter/ebt_vlan.c8
-rw-r--r--net/bridge/netfilter/ebtables.c173
-rw-r--r--net/netfilter/x_tables.c9
22 files changed, 158 insertions, 193 deletions
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index f20a57da7a2..d3f9243b9d9 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -124,7 +124,7 @@ struct ebt_entry_match
124{ 124{
125 union { 125 union {
126 char name[EBT_FUNCTION_MAXNAMELEN]; 126 char name[EBT_FUNCTION_MAXNAMELEN];
127 struct ebt_match *match; 127 struct xt_match *match;
128 } u; 128 } u;
129 /* size of data */ 129 /* size of data */
130 unsigned int match_size; 130 unsigned int match_size;
@@ -135,7 +135,7 @@ struct ebt_entry_watcher
135{ 135{
136 union { 136 union {
137 char name[EBT_FUNCTION_MAXNAMELEN]; 137 char name[EBT_FUNCTION_MAXNAMELEN];
138 struct ebt_watcher *watcher; 138 struct xt_target *watcher;
139 } u; 139 } u;
140 /* size of data */ 140 /* size of data */
141 unsigned int watcher_size; 141 unsigned int watcher_size;
@@ -146,7 +146,7 @@ struct ebt_entry_target
146{ 146{
147 union { 147 union {
148 char name[EBT_FUNCTION_MAXNAMELEN]; 148 char name[EBT_FUNCTION_MAXNAMELEN];
149 struct ebt_target *target; 149 struct xt_target *target;
150 } u; 150 } u;
151 /* size of data */ 151 /* size of data */
152 unsigned int target_size; 152 unsigned int target_size;
diff --git a/net/bridge/netfilter/Kconfig b/net/bridge/netfilter/Kconfig
index 90947979499..e7c197ffb2f 100644
--- a/net/bridge/netfilter/Kconfig
+++ b/net/bridge/netfilter/Kconfig
@@ -7,6 +7,7 @@ menu "Bridge: Netfilter Configuration"
7 7
8config BRIDGE_NF_EBTABLES 8config BRIDGE_NF_EBTABLES
9 tristate "Ethernet Bridge tables (ebtables) support" 9 tristate "Ethernet Bridge tables (ebtables) support"
10 select NETFILTER_XTABLES
10 help 11 help
11 ebtables is a general, extensible frame/packet identification 12 ebtables is a general, extensible frame/packet identification
12 framework. Say 'Y' or 'M' here if you want to do Ethernet 13 framework. Say 'Y' or 'M' here if you want to do Ethernet
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c
index 6f1a69c28ed..6fc2a59e09a 100644
--- a/net/bridge/netfilter/ebt_802_3.c
+++ b/net/bridge/netfilter/ebt_802_3.c
@@ -51,8 +51,8 @@ ebt_802_3_mt_check(const char *table, const void *entry,
51 return true; 51 return true;
52} 52}
53 53
54static struct ebt_match filter_802_3 __read_mostly = { 54static struct xt_match ebt_802_3_mt_reg __read_mostly = {
55 .name = EBT_802_3_MATCH, 55 .name = "802_3",
56 .revision = 0, 56 .revision = 0,
57 .family = NFPROTO_BRIDGE, 57 .family = NFPROTO_BRIDGE,
58 .match = ebt_802_3_mt, 58 .match = ebt_802_3_mt,
@@ -63,12 +63,12 @@ static struct ebt_match filter_802_3 __read_mostly = {
63 63
64static int __init ebt_802_3_init(void) 64static int __init ebt_802_3_init(void)
65{ 65{
66 return ebt_register_match(&filter_802_3); 66 return xt_register_match(&ebt_802_3_mt_reg);
67} 67}
68 68
69static void __exit ebt_802_3_fini(void) 69static void __exit ebt_802_3_fini(void)
70{ 70{
71 ebt_unregister_match(&filter_802_3); 71 xt_unregister_match(&ebt_802_3_mt_reg);
72} 72}
73 73
74module_init(ebt_802_3_init); 74module_init(ebt_802_3_init);
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
index 84a306f085b..084559e1840 100644
--- a/net/bridge/netfilter/ebt_among.c
+++ b/net/bridge/netfilter/ebt_among.c
@@ -7,12 +7,12 @@
7 * August, 2003 7 * August, 2003
8 * 8 *
9 */ 9 */
10
11#include <linux/netfilter_bridge/ebtables.h>
12#include <linux/netfilter_bridge/ebt_among.h>
13#include <linux/ip.h> 10#include <linux/ip.h>
14#include <linux/if_arp.h> 11#include <linux/if_arp.h>
15#include <linux/module.h> 12#include <linux/module.h>
13#include <linux/netfilter/x_tables.h>
14#include <linux/netfilter_bridge/ebtables.h>
15#include <linux/netfilter_bridge/ebt_among.h>
16 16
17static bool ebt_mac_wormhash_contains(const struct ebt_mac_wormhash *wh, 17static bool ebt_mac_wormhash_contains(const struct ebt_mac_wormhash *wh,
18 const char *mac, __be32 ip) 18 const char *mac, __be32 ip)
@@ -211,8 +211,8 @@ ebt_among_mt_check(const char *table, const void *entry,
211 return true; 211 return true;
212} 212}
213 213
214static struct ebt_match filter_among __read_mostly = { 214static struct xt_match ebt_among_mt_reg __read_mostly = {
215 .name = EBT_AMONG_MATCH, 215 .name = "among",
216 .revision = 0, 216 .revision = 0,
217 .family = NFPROTO_BRIDGE, 217 .family = NFPROTO_BRIDGE,
218 .match = ebt_among_mt, 218 .match = ebt_among_mt,
@@ -223,12 +223,12 @@ static struct ebt_match filter_among __read_mostly = {
223 223
224static int __init ebt_among_init(void) 224static int __init ebt_among_init(void)
225{ 225{
226 return ebt_register_match(&filter_among); 226 return xt_register_match(&ebt_among_mt_reg);
227} 227}
228 228
229static void __exit ebt_among_fini(void) 229static void __exit ebt_among_fini(void)
230{ 230{
231 ebt_unregister_match(&filter_among); 231 xt_unregister_match(&ebt_among_mt_reg);
232} 232}
233 233
234module_init(ebt_among_init); 234module_init(ebt_among_init);
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c
index 6e7cd2f5ad7..a073dffe7a1 100644
--- a/net/bridge/netfilter/ebt_arp.c
+++ b/net/bridge/netfilter/ebt_arp.c
@@ -119,8 +119,8 @@ ebt_arp_mt_check(const char *table, const void *entry,
119 return true; 119 return true;
120} 120}
121 121
122static struct ebt_match filter_arp __read_mostly = { 122static struct xt_match ebt_arp_mt_reg __read_mostly = {
123 .name = EBT_ARP_MATCH, 123 .name = "arp",
124 .revision = 0, 124 .revision = 0,
125 .family = NFPROTO_BRIDGE, 125 .family = NFPROTO_BRIDGE,
126 .match = ebt_arp_mt, 126 .match = ebt_arp_mt,
@@ -131,12 +131,12 @@ static struct ebt_match filter_arp __read_mostly = {
131 131
132static int __init ebt_arp_init(void) 132static int __init ebt_arp_init(void)
133{ 133{
134 return ebt_register_match(&filter_arp); 134 return xt_register_match(&ebt_arp_mt_reg);
135} 135}
136 136
137static void __exit ebt_arp_fini(void) 137static void __exit ebt_arp_fini(void)
138{ 138{
139 ebt_unregister_match(&filter_arp); 139 xt_unregister_match(&ebt_arp_mt_reg);
140} 140}
141 141
142module_init(ebt_arp_init); 142module_init(ebt_arp_init);
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c
index 6f2f6589777..8071b64af46 100644
--- a/net/bridge/netfilter/ebt_arpreply.c
+++ b/net/bridge/netfilter/ebt_arpreply.c
@@ -78,8 +78,8 @@ ebt_arpreply_tg_check(const char *tablename, const void *entry,
78 return true; 78 return true;
79} 79}
80 80
81static struct ebt_target reply_target __read_mostly = { 81static struct xt_target ebt_arpreply_tg_reg __read_mostly = {
82 .name = EBT_ARPREPLY_TARGET, 82 .name = "arpreply",
83 .revision = 0, 83 .revision = 0,
84 .family = NFPROTO_BRIDGE, 84 .family = NFPROTO_BRIDGE,
85 .target = ebt_arpreply_tg, 85 .target = ebt_arpreply_tg,
@@ -90,12 +90,12 @@ static struct ebt_target reply_target __read_mostly = {
90 90
91static int __init ebt_arpreply_init(void) 91static int __init ebt_arpreply_init(void)
92{ 92{
93 return ebt_register_target(&reply_target); 93 return xt_register_target(&ebt_arpreply_tg_reg);
94} 94}
95 95
96static void __exit ebt_arpreply_fini(void) 96static void __exit ebt_arpreply_fini(void)
97{ 97{
98 ebt_unregister_target(&reply_target); 98 xt_unregister_target(&ebt_arpreply_tg_reg);
99} 99}
100 100
101module_init(ebt_arpreply_init); 101module_init(ebt_arpreply_init);
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c
index b7cc013bd37..d2211c4a477 100644
--- a/net/bridge/netfilter/ebt_dnat.c
+++ b/net/bridge/netfilter/ebt_dnat.c
@@ -47,8 +47,8 @@ ebt_dnat_tg_check(const char *tablename, const void *entry,
47 return true; 47 return true;
48} 48}
49 49
50static struct ebt_target dnat __read_mostly = { 50static struct xt_target ebt_dnat_tg_reg __read_mostly = {
51 .name = EBT_DNAT_TARGET, 51 .name = "dnat",
52 .revision = 0, 52 .revision = 0,
53 .family = NFPROTO_BRIDGE, 53 .family = NFPROTO_BRIDGE,
54 .target = ebt_dnat_tg, 54 .target = ebt_dnat_tg,
@@ -59,12 +59,12 @@ static struct ebt_target dnat __read_mostly = {
59 59
60static int __init ebt_dnat_init(void) 60static int __init ebt_dnat_init(void)
61{ 61{
62 return ebt_register_target(&dnat); 62 return xt_register_target(&ebt_dnat_tg_reg);
63} 63}
64 64
65static void __exit ebt_dnat_fini(void) 65static void __exit ebt_dnat_fini(void)
66{ 66{
67 ebt_unregister_target(&dnat); 67 xt_unregister_target(&ebt_dnat_tg_reg);
68} 68}
69 69
70module_init(ebt_dnat_init); 70module_init(ebt_dnat_init);
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c
index e7f3b1776b0..b42c7ce799b 100644
--- a/net/bridge/netfilter/ebt_ip.c
+++ b/net/bridge/netfilter/ebt_ip.c
@@ -109,8 +109,8 @@ ebt_ip_mt_check(const char *table, const void *entry,
109 return true; 109 return true;
110} 110}
111 111
112static struct ebt_match filter_ip __read_mostly = { 112static struct xt_match ebt_ip_mt_reg __read_mostly = {
113 .name = EBT_IP_MATCH, 113 .name = "ip",
114 .revision = 0, 114 .revision = 0,
115 .family = NFPROTO_BRIDGE, 115 .family = NFPROTO_BRIDGE,
116 .match = ebt_ip_mt, 116 .match = ebt_ip_mt,
@@ -121,12 +121,12 @@ static struct ebt_match filter_ip __read_mostly = {
121 121
122static int __init ebt_ip_init(void) 122static int __init ebt_ip_init(void)
123{ 123{
124 return ebt_register_match(&filter_ip); 124 return xt_register_match(&ebt_ip_mt_reg);
125} 125}
126 126
127static void __exit ebt_ip_fini(void) 127static void __exit ebt_ip_fini(void)
128{ 128{
129 ebt_unregister_match(&filter_ip); 129 xt_unregister_match(&ebt_ip_mt_reg);
130} 130}
131 131
132module_init(ebt_ip_init); 132module_init(ebt_ip_init);
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
index 807685da293..317e624ae59 100644
--- a/net/bridge/netfilter/ebt_ip6.c
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -121,9 +121,8 @@ ebt_ip6_mt_check(const char *table, const void *entry,
121 return true; 121 return true;
122} 122}
123 123
124static struct ebt_match filter_ip6 = 124static struct xt_match ebt_ip6_mt_reg __read_mostly = {
125{ 125 .name = "ip6",
126 .name = EBT_IP6_MATCH,
127 .revision = 0, 126 .revision = 0,
128 .family = NFPROTO_BRIDGE, 127 .family = NFPROTO_BRIDGE,
129 .match = ebt_ip6_mt, 128 .match = ebt_ip6_mt,
@@ -134,12 +133,12 @@ static struct ebt_match filter_ip6 =
134 133
135static int __init ebt_ip6_init(void) 134static int __init ebt_ip6_init(void)
136{ 135{
137 return ebt_register_match(&filter_ip6); 136 return xt_register_match(&ebt_ip6_mt_reg);
138} 137}
139 138
140static void __exit ebt_ip6_fini(void) 139static void __exit ebt_ip6_fini(void)
141{ 140{
142 ebt_unregister_match(&filter_ip6); 141 xt_unregister_match(&ebt_ip6_mt_reg);
143} 142}
144 143
145module_init(ebt_ip6_init); 144module_init(ebt_ip6_init);
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
index d3372739227..43d9a500363 100644
--- a/net/bridge/netfilter/ebt_limit.c
+++ b/net/bridge/netfilter/ebt_limit.c
@@ -89,8 +89,8 @@ ebt_limit_mt_check(const char *table, const void *e,
89 return true; 89 return true;
90} 90}
91 91
92static struct ebt_match ebt_limit_reg __read_mostly = { 92static struct xt_match ebt_limit_mt_reg __read_mostly = {
93 .name = EBT_LIMIT_MATCH, 93 .name = "limit",
94 .revision = 0, 94 .revision = 0,
95 .family = NFPROTO_BRIDGE, 95 .family = NFPROTO_BRIDGE,
96 .match = ebt_limit_mt, 96 .match = ebt_limit_mt,
@@ -101,12 +101,12 @@ static struct ebt_match ebt_limit_reg __read_mostly = {
101 101
102static int __init ebt_limit_init(void) 102static int __init ebt_limit_init(void)
103{ 103{
104 return ebt_register_match(&ebt_limit_reg); 104 return xt_register_match(&ebt_limit_mt_reg);
105} 105}
106 106
107static void __exit ebt_limit_fini(void) 107static void __exit ebt_limit_fini(void)
108{ 108{
109 ebt_unregister_match(&ebt_limit_reg); 109 xt_unregister_match(&ebt_limit_mt_reg);
110} 110}
111 111
112module_init(ebt_limit_init); 112module_init(ebt_limit_init);
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index 424dfdf7f27..b40f9ed4c34 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -215,9 +215,8 @@ ebt_log_tg(struct sk_buff *skb, const struct net_device *in,
215 return EBT_CONTINUE; 215 return EBT_CONTINUE;
216} 216}
217 217
218static struct ebt_watcher log = 218static struct xt_target ebt_log_tg_reg __read_mostly = {
219{ 219 .name = "log",
220 .name = EBT_LOG_WATCHER,
221 .revision = 0, 220 .revision = 0,
222 .family = NFPROTO_BRIDGE, 221 .family = NFPROTO_BRIDGE,
223 .target = ebt_log_tg, 222 .target = ebt_log_tg,
@@ -236,7 +235,7 @@ static int __init ebt_log_init(void)
236{ 235{
237 int ret; 236 int ret;
238 237
239 ret = ebt_register_watcher(&log); 238 ret = xt_register_target(&ebt_log_tg_reg);
240 if (ret < 0) 239 if (ret < 0)
241 return ret; 240 return ret;
242 nf_log_register(NFPROTO_BRIDGE, &ebt_log_logger); 241 nf_log_register(NFPROTO_BRIDGE, &ebt_log_logger);
@@ -246,7 +245,7 @@ static int __init ebt_log_init(void)
246static void __exit ebt_log_fini(void) 245static void __exit ebt_log_fini(void)
247{ 246{
248 nf_log_unregister(&ebt_log_logger); 247 nf_log_unregister(&ebt_log_logger);
249 ebt_unregister_watcher(&log); 248 xt_unregister_target(&ebt_log_tg_reg);
250} 249}
251 250
252module_init(ebt_log_init); 251module_init(ebt_log_init);
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c
index 92c67271bd8..dff19fc91cf 100644
--- a/net/bridge/netfilter/ebt_mark.c
+++ b/net/bridge/netfilter/ebt_mark.c
@@ -59,8 +59,8 @@ ebt_mark_tg_check(const char *table, const void *e,
59 return true; 59 return true;
60} 60}
61 61
62static struct ebt_target mark_target __read_mostly = { 62static struct xt_target ebt_mark_tg_reg __read_mostly = {
63 .name = EBT_MARK_TARGET, 63 .name = "mark",
64 .revision = 0, 64 .revision = 0,
65 .family = NFPROTO_BRIDGE, 65 .family = NFPROTO_BRIDGE,
66 .target = ebt_mark_tg, 66 .target = ebt_mark_tg,
@@ -71,12 +71,12 @@ static struct ebt_target mark_target __read_mostly = {
71 71
72static int __init ebt_mark_init(void) 72static int __init ebt_mark_init(void)
73{ 73{
74 return ebt_register_target(&mark_target); 74 return xt_register_target(&ebt_mark_tg_reg);
75} 75}
76 76
77static void __exit ebt_mark_fini(void) 77static void __exit ebt_mark_fini(void)
78{ 78{
79 ebt_unregister_target(&mark_target); 79 xt_unregister_target(&ebt_mark_tg_reg);
80} 80}
81 81
82module_init(ebt_mark_init); 82module_init(ebt_mark_init);
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c
index db64a0de4f7..aa6781c7f98 100644
--- a/net/bridge/netfilter/ebt_mark_m.c
+++ b/net/bridge/netfilter/ebt_mark_m.c
@@ -40,8 +40,8 @@ ebt_mark_mt_check(const char *table, const void *e,
40 return true; 40 return true;
41} 41}
42 42
43static struct ebt_match filter_mark __read_mostly = { 43static struct xt_match ebt_mark_mt_reg __read_mostly = {
44 .name = EBT_MARK_MATCH, 44 .name = "mark_m",
45 .revision = 0, 45 .revision = 0,
46 .family = NFPROTO_BRIDGE, 46 .family = NFPROTO_BRIDGE,
47 .match = ebt_mark_mt, 47 .match = ebt_mark_mt,
@@ -52,12 +52,12 @@ static struct ebt_match filter_mark __read_mostly = {
52 52
53static int __init ebt_mark_m_init(void) 53static int __init ebt_mark_m_init(void)
54{ 54{
55 return ebt_register_match(&filter_mark); 55 return xt_register_match(&ebt_mark_mt_reg);
56} 56}
57 57
58static void __exit ebt_mark_m_fini(void) 58static void __exit ebt_mark_m_fini(void)
59{ 59{
60 ebt_unregister_match(&filter_mark); 60 xt_unregister_match(&ebt_mark_mt_reg);
61} 61}
62 62
63module_init(ebt_mark_m_init); 63module_init(ebt_mark_m_init);
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c
index b415f887188..917ac360079 100644
--- a/net/bridge/netfilter/ebt_nflog.c
+++ b/net/bridge/netfilter/ebt_nflog.c
@@ -49,24 +49,24 @@ ebt_nflog_tg_check(const char *table, const void *e,
49 return true; 49 return true;
50} 50}
51 51
52static struct ebt_watcher nflog __read_mostly = { 52static struct xt_target ebt_nflog_tg_reg __read_mostly = {
53 .name = EBT_NFLOG_WATCHER, 53 .name = "nflog",
54 .revision = 0, 54 .revision = 0,
55 .family = NFPROTO_BRIDGE, 55 .family = NFPROTO_BRIDGE,
56 .target = ebt_nflog_tg, 56 .target = ebt_nflog_tg,
57 .checkentry = ebt_nflog_tg_check, 57 .checkentry = ebt_nflog_tg_check,
58 .targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)), 58 .targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)),
59 .me = THIS_MODULE, 59 .me = THIS_MODULE,
60}; 60};
61 61
62static int __init ebt_nflog_init(void) 62static int __init ebt_nflog_init(void)
63{ 63{
64 return ebt_register_watcher(&nflog); 64 return xt_register_target(&ebt_nflog_tg_reg);
65} 65}
66 66
67static void __exit ebt_nflog_fini(void) 67static void __exit ebt_nflog_fini(void)
68{ 68{
69 ebt_unregister_watcher(&nflog); 69 xt_unregister_target(&ebt_nflog_tg_reg);
70} 70}
71 71
72module_init(ebt_nflog_init); 72module_init(ebt_nflog_init);
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c
index 06393452ef9..1c04ce5a52c 100644
--- a/net/bridge/netfilter/ebt_pkttype.c
+++ b/net/bridge/netfilter/ebt_pkttype.c
@@ -36,8 +36,8 @@ ebt_pkttype_mt_check(const char *table, const void *e,
36 return true; 36 return true;
37} 37}
38 38
39static struct ebt_match filter_pkttype __read_mostly = { 39static struct xt_match ebt_pkttype_mt_reg __read_mostly = {
40 .name = EBT_PKTTYPE_MATCH, 40 .name = "pkttype",
41 .revision = 0, 41 .revision = 0,
42 .family = NFPROTO_BRIDGE, 42 .family = NFPROTO_BRIDGE,
43 .match = ebt_pkttype_mt, 43 .match = ebt_pkttype_mt,
@@ -48,12 +48,12 @@ static struct ebt_match filter_pkttype __read_mostly = {
48 48
49static int __init ebt_pkttype_init(void) 49static int __init ebt_pkttype_init(void)
50{ 50{
51 return ebt_register_match(&filter_pkttype); 51 return xt_register_match(&ebt_pkttype_mt_reg);
52} 52}
53 53
54static void __exit ebt_pkttype_fini(void) 54static void __exit ebt_pkttype_fini(void)
55{ 55{
56 ebt_unregister_match(&filter_pkttype); 56 xt_unregister_match(&ebt_pkttype_mt_reg);
57} 57}
58 58
59module_init(ebt_pkttype_init); 59module_init(ebt_pkttype_init);
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c
index e9540cf4f6d..1b7684ffe40 100644
--- a/net/bridge/netfilter/ebt_redirect.c
+++ b/net/bridge/netfilter/ebt_redirect.c
@@ -52,8 +52,8 @@ ebt_redirect_tg_check(const char *tablename, const void *e,
52 return true; 52 return true;
53} 53}
54 54
55static struct ebt_target redirect_target __read_mostly = { 55static struct xt_target ebt_redirect_tg_reg __read_mostly = {
56 .name = EBT_REDIRECT_TARGET, 56 .name = "redirect",
57 .revision = 0, 57 .revision = 0,
58 .family = NFPROTO_BRIDGE, 58 .family = NFPROTO_BRIDGE,
59 .target = ebt_redirect_tg, 59 .target = ebt_redirect_tg,
@@ -64,12 +64,12 @@ static struct ebt_target redirect_target __read_mostly = {
64 64
65static int __init ebt_redirect_init(void) 65static int __init ebt_redirect_init(void)
66{ 66{
67 return ebt_register_target(&redirect_target); 67 return xt_register_target(&ebt_redirect_tg_reg);
68} 68}
69 69
70static void __exit ebt_redirect_fini(void) 70static void __exit ebt_redirect_fini(void)
71{ 71{
72 ebt_unregister_target(&redirect_target); 72 xt_unregister_target(&ebt_redirect_tg_reg);
73} 73}
74 74
75module_init(ebt_redirect_init); 75module_init(ebt_redirect_init);
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c
index 363d0051e04..c90217a4f9e 100644
--- a/net/bridge/netfilter/ebt_snat.c
+++ b/net/bridge/netfilter/ebt_snat.c
@@ -69,8 +69,8 @@ ebt_snat_tg_check(const char *tablename, const void *e,
69 return true; 69 return true;
70} 70}
71 71
72static struct ebt_target snat __read_mostly = { 72static struct xt_target ebt_snat_tg_reg __read_mostly = {
73 .name = EBT_SNAT_TARGET, 73 .name = "snat",
74 .revision = 0, 74 .revision = 0,
75 .family = NFPROTO_BRIDGE, 75 .family = NFPROTO_BRIDGE,
76 .target = ebt_snat_tg, 76 .target = ebt_snat_tg,
@@ -81,12 +81,12 @@ static struct ebt_target snat __read_mostly = {
81 81
82static int __init ebt_snat_init(void) 82static int __init ebt_snat_init(void)
83{ 83{
84 return ebt_register_target(&snat); 84 return xt_register_target(&ebt_snat_tg_reg);
85} 85}
86 86
87static void __exit ebt_snat_fini(void) 87static void __exit ebt_snat_fini(void)
88{ 88{
89 ebt_unregister_target(&snat); 89 xt_unregister_target(&ebt_snat_tg_reg);
90} 90}
91 91
92module_init(ebt_snat_init); 92module_init(ebt_snat_init);
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c
index 7576d1d62a4..28bb48b67a8 100644
--- a/net/bridge/netfilter/ebt_stp.c
+++ b/net/bridge/netfilter/ebt_stp.c
@@ -176,8 +176,8 @@ ebt_stp_mt_check(const char *table, const void *entry,
176 return true; 176 return true;
177} 177}
178 178
179static struct ebt_match filter_stp __read_mostly = { 179static struct xt_match ebt_stp_mt_reg __read_mostly = {
180 .name = EBT_STP_MATCH, 180 .name = "stp",
181 .revision = 0, 181 .revision = 0,
182 .family = NFPROTO_BRIDGE, 182 .family = NFPROTO_BRIDGE,
183 .match = ebt_stp_mt, 183 .match = ebt_stp_mt,
@@ -188,12 +188,12 @@ static struct ebt_match filter_stp __read_mostly = {
188 188
189static int __init ebt_stp_init(void) 189static int __init ebt_stp_init(void)
190{ 190{
191 return ebt_register_match(&filter_stp); 191 return xt_register_match(&ebt_stp_mt_reg);
192} 192}
193 193
194static void __exit ebt_stp_fini(void) 194static void __exit ebt_stp_fini(void)
195{ 195{
196 ebt_unregister_match(&filter_stp); 196 xt_unregister_match(&ebt_stp_mt_reg);
197} 197}
198 198
199module_init(ebt_stp_init); 199module_init(ebt_stp_init);
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
index 77ff9c46b26..25ca6467349 100644
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -275,8 +275,8 @@ ebt_ulog_tg_check(const char *table, const void *entry,
275 return 0; 275 return 0;
276} 276}
277 277
278static struct ebt_watcher ulog __read_mostly = { 278static struct xt_target ebt_ulog_tg_reg __read_mostly = {
279 .name = EBT_ULOG_WATCHER, 279 .name = "ulog",
280 .revision = 0, 280 .revision = 0,
281 .family = NFPROTO_BRIDGE, 281 .family = NFPROTO_BRIDGE,
282 .target = ebt_ulog_tg, 282 .target = ebt_ulog_tg,
@@ -286,7 +286,7 @@ static struct ebt_watcher ulog __read_mostly = {
286}; 286};
287 287
288static const struct nf_logger ebt_ulog_logger = { 288static const struct nf_logger ebt_ulog_logger = {
289 .name = EBT_ULOG_WATCHER, 289 .name = "ulog",
290 .logfn = &ebt_log_packet, 290 .logfn = &ebt_log_packet,
291 .me = THIS_MODULE, 291 .me = THIS_MODULE,
292}; 292};
@@ -315,7 +315,7 @@ static int __init ebt_ulog_init(void)
315 printk(KERN_WARNING KBUILD_MODNAME ": out of memory trying to " 315 printk(KERN_WARNING KBUILD_MODNAME ": out of memory trying to "
316 "call netlink_kernel_create\n"); 316 "call netlink_kernel_create\n");
317 ret = false; 317 ret = false;
318 } else if (ebt_register_watcher(&ulog) != 0) { 318 } else if (xt_register_target(&ebt_ulog_tg_reg) != 0) {
319 netlink_kernel_release(ebtulognl); 319 netlink_kernel_release(ebtulognl);
320 } 320 }
321 321
@@ -331,7 +331,7 @@ static void __exit ebt_ulog_fini(void)
331 int i; 331 int i;
332 332
333 nf_log_unregister(&ebt_ulog_logger); 333 nf_log_unregister(&ebt_ulog_logger);
334 ebt_unregister_watcher(&ulog); 334 xt_unregister_target(&ebt_ulog_tg_reg);
335 for (i = 0; i < EBT_ULOG_MAXNLGROUPS; i++) { 335 for (i = 0; i < EBT_ULOG_MAXNLGROUPS; i++) {
336 ub = &ulog_buffers[i]; 336 ub = &ulog_buffers[i];
337 if (timer_pending(&ub->timer)) 337 if (timer_pending(&ub->timer))
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c
index 3af688b0fc3..5addef6d62f 100644
--- a/net/bridge/netfilter/ebt_vlan.c
+++ b/net/bridge/netfilter/ebt_vlan.c
@@ -162,8 +162,8 @@ ebt_vlan_mt_check(const char *table, const void *entry,
162 return true; 162 return true;
163} 163}
164 164
165static struct ebt_match filter_vlan __read_mostly = { 165static struct xt_match ebt_vlan_mt_reg __read_mostly = {
166 .name = EBT_VLAN_MATCH, 166 .name = "vlan",
167 .revision = 0, 167 .revision = 0,
168 .family = NFPROTO_BRIDGE, 168 .family = NFPROTO_BRIDGE,
169 .match = ebt_vlan_mt, 169 .match = ebt_vlan_mt,
@@ -177,12 +177,12 @@ static int __init ebt_vlan_init(void)
177 DEBUG_MSG("ebtables 802.1Q extension module v" 177 DEBUG_MSG("ebtables 802.1Q extension module v"
178 MODULE_VERS "\n"); 178 MODULE_VERS "\n");
179 DEBUG_MSG("module debug=%d\n", !!debug); 179 DEBUG_MSG("module debug=%d\n", !!debug);
180 return ebt_register_match(&filter_vlan); 180 return xt_register_match(&ebt_vlan_mt_reg);
181} 181}
182 182
183static void __exit ebt_vlan_fini(void) 183static void __exit ebt_vlan_fini(void)
184{ 184{
185 ebt_unregister_match(&filter_vlan); 185 xt_unregister_match(&ebt_vlan_mt_reg);
186} 186}
187 187
188module_init(ebt_vlan_init); 188module_init(ebt_vlan_init);
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 340e1c6bdcb..c4f7a2e8ed3 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -60,17 +60,18 @@ static LIST_HEAD(ebt_targets);
60static LIST_HEAD(ebt_matches); 60static LIST_HEAD(ebt_matches);
61static LIST_HEAD(ebt_watchers); 61static LIST_HEAD(ebt_watchers);
62 62
63static struct ebt_target ebt_standard_target = { 63static struct xt_target ebt_standard_target = {
64 .name = "standard", 64 .name = "standard",
65 .revision = 0, 65 .revision = 0,
66 .family = NFPROTO_BRIDGE, 66 .family = NFPROTO_BRIDGE,
67 .targetsize = sizeof(int),
67}; 68};
68 69
69static inline int ebt_do_watcher (struct ebt_entry_watcher *w, 70static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
70 struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, 71 struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
71 const struct net_device *out) 72 const struct net_device *out)
72{ 73{
73 w->u.watcher->target(skb, in, out, hooknr, NULL, w->data); 74 w->u.watcher->target(skb, in, out, hooknr, w->u.watcher, w->data);
74 /* watchers don't give a verdict */ 75 /* watchers don't give a verdict */
75 return 0; 76 return 0;
76} 77}
@@ -79,7 +80,7 @@ static inline int ebt_do_match (struct ebt_entry_match *m,
79 const struct sk_buff *skb, const struct net_device *in, 80 const struct sk_buff *skb, const struct net_device *in,
80 const struct net_device *out) 81 const struct net_device *out)
81{ 82{
82 return m->u.match->match(skb, in, out, NULL, m->data, 0, 0, NULL); 83 return m->u.match->match(skb, in, out, m->u.match, m->data, 0, 0, NULL);
83} 84}
84 85
85static inline int ebt_dev_check(char *entry, const struct net_device *device) 86static inline int ebt_dev_check(char *entry, const struct net_device *device)
@@ -194,7 +195,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
194 verdict = ((struct ebt_standard_target *)t)->verdict; 195 verdict = ((struct ebt_standard_target *)t)->verdict;
195 else 196 else
196 verdict = t->u.target->target(skb, in, out, hook, 197 verdict = t->u.target->target(skb, in, out, hook,
197 NULL, t->data); 198 t->u.target, t->data);
198 if (verdict == EBT_ACCEPT) { 199 if (verdict == EBT_ACCEPT) {
199 read_unlock_bh(&table->lock); 200 read_unlock_bh(&table->lock);
200 return NF_ACCEPT; 201 return NF_ACCEPT;
@@ -336,104 +337,73 @@ static inline int
336ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, 337ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
337 const char *name, unsigned int hookmask, unsigned int *cnt) 338 const char *name, unsigned int hookmask, unsigned int *cnt)
338{ 339{
339 struct ebt_match *match; 340 struct xt_match *match;
340 size_t left = ((char *)e + e->watchers_offset) - (char *)m; 341 size_t left = ((char *)e + e->watchers_offset) - (char *)m;
341 int ret; 342 int ret;
342 343
343 if (left < sizeof(struct ebt_entry_match) || 344 if (left < sizeof(struct ebt_entry_match) ||
344 left - sizeof(struct ebt_entry_match) < m->match_size) 345 left - sizeof(struct ebt_entry_match) < m->match_size)
345 return -EINVAL; 346 return -EINVAL;
346 match = find_match_lock(m->u.name, &ret, &ebt_mutex); 347
347 if (!match) 348 match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
348 return ret; 349 m->u.name, 0), "ebt_%s", m->u.name);
349 m->u.match = match; 350 if (IS_ERR(match))
350 if (!try_module_get(match->me)) { 351 return PTR_ERR(match);
351 mutex_unlock(&ebt_mutex); 352 if (match == NULL)
352 return -ENOENT; 353 return -ENOENT;
353 } 354 m->u.match = match;
354 mutex_unlock(&ebt_mutex); 355
355 if (match->family != NFPROTO_BRIDGE) { 356 ret = xt_check_match(match, NFPROTO_BRIDGE, m->match_size,
356 printk(KERN_WARNING "ebtables: %s match: not for ebtables?\n", 357 name, hookmask, e->ethproto, e->invflags & EBT_IPROTO);
357 match->name); 358 if (ret < 0) {
358 goto out; 359 module_put(match->me);
359 } 360 return ret;
360 if (match->revision != 0) { 361 } else if (match->checkentry != NULL &&
361 printk(KERN_WARNING "ebtables: %s match: ebtables is not "
362 "supporting revisions at this time\n",
363 match->name);
364 goto out;
365 }
366 if (XT_ALIGN(match->matchsize) != m->match_size &&
367 match->matchsize != -1) {
368 /*
369 * ebt_among is exempt from centralized matchsize checking
370 * because it uses a dynamic-size data set.
371 */
372 printk(KERN_WARNING "ebtables: %s match: "
373 "invalid size %Zu != %u\n",
374 match->name, XT_ALIGN(match->matchsize), m->match_size);
375 goto out;
376 }
377 if (match->checkentry &&
378 !match->checkentry(name, e, NULL, m->data, hookmask)) { 362 !match->checkentry(name, e, NULL, m->data, hookmask)) {
363 module_put(match->me);
379 BUGPRINT("match->check failed\n"); 364 BUGPRINT("match->check failed\n");
380 goto out; 365 return -EINVAL;
381 } 366 }
367
382 (*cnt)++; 368 (*cnt)++;
383 return 0; 369 return 0;
384 out:
385 module_put(match->me);
386 return -EINVAL;
387} 370}
388 371
389static inline int 372static inline int
390ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, 373ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
391 const char *name, unsigned int hookmask, unsigned int *cnt) 374 const char *name, unsigned int hookmask, unsigned int *cnt)
392{ 375{
393 struct ebt_watcher *watcher; 376 struct xt_target *watcher;
394 size_t left = ((char *)e + e->target_offset) - (char *)w; 377 size_t left = ((char *)e + e->target_offset) - (char *)w;
395 int ret; 378 int ret;
396 379
397 if (left < sizeof(struct ebt_entry_watcher) || 380 if (left < sizeof(struct ebt_entry_watcher) ||
398 left - sizeof(struct ebt_entry_watcher) < w->watcher_size) 381 left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
399 return -EINVAL; 382 return -EINVAL;
400 watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex); 383
401 if (!watcher) 384 watcher = try_then_request_module(
402 return ret; 385 xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
403 w->u.watcher = watcher; 386 "ebt_%s", w->u.name);
404 if (!try_module_get(watcher->me)) { 387 if (IS_ERR(watcher))
405 mutex_unlock(&ebt_mutex); 388 return PTR_ERR(watcher);
389 if (watcher == NULL)
406 return -ENOENT; 390 return -ENOENT;
407 } 391 w->u.watcher = watcher;
408 mutex_unlock(&ebt_mutex); 392
409 if (watcher->family != NFPROTO_BRIDGE) { 393 ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size,
410 printk(KERN_WARNING "ebtables: %s watcher: not for ebtables?\n", 394 name, hookmask, e->ethproto, e->invflags & EBT_IPROTO);
411 watcher->name); 395 if (ret < 0) {
412 goto out; 396 module_put(watcher->me);
413 } 397 return ret;
414 if (watcher->revision != 0) { 398 } else if (watcher->checkentry != NULL &&
415 printk(KERN_WARNING "ebtables: %s watcher: ebtables is not "
416 "supporting revisions at this time\n",
417 watcher->name);
418 goto out;
419 }
420 if (XT_ALIGN(watcher->targetsize) != w->watcher_size) {
421 printk(KERN_WARNING "ebtables: %s watcher: "
422 "invalid size %Zu != %u\n",
423 watcher->name, XT_ALIGN(watcher->targetsize),
424 w->watcher_size);
425 goto out;
426 }
427 if (watcher->checkentry &&
428 !watcher->checkentry(name, e, NULL, w->data, hookmask)) { 399 !watcher->checkentry(name, e, NULL, w->data, hookmask)) {
400 module_put(watcher->me);
429 BUGPRINT("watcher->check failed\n"); 401 BUGPRINT("watcher->check failed\n");
430 goto out; 402 return -EINVAL;
431 } 403 }
404
432 (*cnt)++; 405 (*cnt)++;
433 return 0; 406 return 0;
434 out:
435 module_put(watcher->me);
436 return -EINVAL;
437} 407}
438 408
439static int ebt_verify_pointers(struct ebt_replace *repl, 409static int ebt_verify_pointers(struct ebt_replace *repl,
@@ -607,7 +577,7 @@ ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
607 if (i && (*i)-- == 0) 577 if (i && (*i)-- == 0)
608 return 1; 578 return 1;
609 if (m->u.match->destroy) 579 if (m->u.match->destroy)
610 m->u.match->destroy(NULL, m->data); 580 m->u.match->destroy(m->u.match, m->data);
611 module_put(m->u.match->me); 581 module_put(m->u.match->me);
612 582
613 return 0; 583 return 0;
@@ -619,7 +589,7 @@ ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
619 if (i && (*i)-- == 0) 589 if (i && (*i)-- == 0)
620 return 1; 590 return 1;
621 if (w->u.watcher->destroy) 591 if (w->u.watcher->destroy)
622 w->u.watcher->destroy(NULL, w->data); 592 w->u.watcher->destroy(w->u.watcher, w->data);
623 module_put(w->u.watcher->me); 593 module_put(w->u.watcher->me);
624 594
625 return 0; 595 return 0;
@@ -639,7 +609,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
639 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); 609 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
640 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 610 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
641 if (t->u.target->destroy) 611 if (t->u.target->destroy)
642 t->u.target->destroy(NULL, t->data); 612 t->u.target->destroy(t->u.target, t->data);
643 module_put(t->u.target->me); 613 module_put(t->u.target->me);
644 614
645 return 0; 615 return 0;
@@ -651,7 +621,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
651 struct ebt_cl_stack *cl_s, unsigned int udc_cnt) 621 struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
652{ 622{
653 struct ebt_entry_target *t; 623 struct ebt_entry_target *t;
654 struct ebt_target *target; 624 struct xt_target *target;
655 unsigned int i, j, hook = 0, hookmask = 0; 625 unsigned int i, j, hook = 0, hookmask = 0;
656 size_t gap; 626 size_t gap;
657 int ret; 627 int ret;
@@ -704,27 +674,15 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
704 goto cleanup_watchers; 674 goto cleanup_watchers;
705 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 675 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
706 gap = e->next_offset - e->target_offset; 676 gap = e->next_offset - e->target_offset;
707 target = find_target_lock(t->u.name, &ret, &ebt_mutex);
708 if (!target)
709 goto cleanup_watchers;
710 if (!try_module_get(target->me)) {
711 mutex_unlock(&ebt_mutex);
712 ret = -ENOENT;
713 goto cleanup_watchers;
714 }
715 mutex_unlock(&ebt_mutex);
716 677
717 if (target->family != NFPROTO_BRIDGE) { 678 target = try_then_request_module(
718 printk(KERN_WARNING "ebtables: %s target: not for ebtables?\n", 679 xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
719 target->name); 680 "ebt_%s", t->u.name);
720 ret = -EINVAL; 681 if (IS_ERR(target)) {
682 ret = PTR_ERR(target);
721 goto cleanup_watchers; 683 goto cleanup_watchers;
722 } 684 } else if (target == NULL) {
723 if (target->revision != 0) { 685 ret = -ENOENT;
724 printk(KERN_WARNING "ebtables: %s target: ebtables is not "
725 "supporting revisions at this time\n",
726 target->name);
727 ret = -EINVAL;
728 goto cleanup_watchers; 686 goto cleanup_watchers;
729 } 687 }
730 688
@@ -745,13 +703,12 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
745 module_put(t->u.target->me); 703 module_put(t->u.target->me);
746 ret = -EFAULT; 704 ret = -EFAULT;
747 goto cleanup_watchers; 705 goto cleanup_watchers;
748 } else if (XT_ALIGN(target->targetsize) != t->target_size) { 706 }
749 printk(KERN_WARNING "ebtables: %s target: " 707
750 "invalid size %Zu != %u\n", 708 ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size,
751 target->name, XT_ALIGN(target->targetsize), 709 name, hookmask, e->ethproto, e->invflags & EBT_IPROTO);
752 t->target_size); 710 if (ret < 0) {
753 module_put(t->u.target->me); 711 module_put(target->me);
754 ret = -EINVAL;
755 goto cleanup_watchers; 712 goto cleanup_watchers;
756 } else if (t->u.target->checkentry && 713 } else if (t->u.target->checkentry &&
757 !t->u.target->checkentry(name, e, NULL, t->data, hookmask)) { 714 !t->u.target->checkentry(name, e, NULL, t->data, hookmask)) {
@@ -1589,11 +1546,14 @@ static int __init ebtables_init(void)
1589{ 1546{
1590 int ret; 1547 int ret;
1591 1548
1592 mutex_lock(&ebt_mutex); 1549 ret = xt_register_target(&ebt_standard_target);
1593 list_add(&ebt_standard_target.list, &ebt_targets); 1550 if (ret < 0)
1594 mutex_unlock(&ebt_mutex);
1595 if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0)
1596 return ret; 1551 return ret;
1552 ret = nf_register_sockopt(&ebt_sockopts);
1553 if (ret < 0) {
1554 xt_unregister_target(&ebt_standard_target);
1555 return ret;
1556 }
1597 1557
1598 printk(KERN_INFO "Ebtables v2.0 registered\n"); 1558 printk(KERN_INFO "Ebtables v2.0 registered\n");
1599 return 0; 1559 return 0;
@@ -1602,6 +1562,7 @@ static int __init ebtables_init(void)
1602static void __exit ebtables_fini(void) 1562static void __exit ebtables_fini(void)
1603{ 1563{
1604 nf_unregister_sockopt(&ebt_sockopts); 1564 nf_unregister_sockopt(&ebt_sockopts);
1565 xt_unregister_target(&ebt_standard_target);
1605 printk(KERN_INFO "Ebtables v2.0 unregistered\n"); 1566 printk(KERN_INFO "Ebtables v2.0 unregistered\n");
1606} 1567}
1607 1568
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index aece6c2d134..0e23f42e341 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -30,7 +30,7 @@
30 30
31MODULE_LICENSE("GPL"); 31MODULE_LICENSE("GPL");
32MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); 32MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
33MODULE_DESCRIPTION("[ip,ip6,arp]_tables backend module"); 33MODULE_DESCRIPTION("{ip,ip6,arp,eb}_tables backend module");
34 34
35#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) 35#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
36 36
@@ -325,7 +325,12 @@ int xt_check_match(const struct xt_match *match, unsigned short family,
325 unsigned int size, const char *table, unsigned int hook_mask, 325 unsigned int size, const char *table, unsigned int hook_mask,
326 unsigned short proto, int inv_proto) 326 unsigned short proto, int inv_proto)
327{ 327{
328 if (XT_ALIGN(match->matchsize) != size) { 328 if (XT_ALIGN(match->matchsize) != size &&
329 match->matchsize != -1) {
330 /*
331 * ebt_among is exempt from centralized matchsize checking
332 * because it uses a dynamic-size data set.
333 */
329 printk("%s_tables: %s match: invalid size %Zu != %u\n", 334 printk("%s_tables: %s match: invalid size %Zu != %u\n",
330 xt_prefix[family], match->name, 335 xt_prefix[family], match->name,
331 XT_ALIGN(match->matchsize), size); 336 XT_ALIGN(match->matchsize), size);