diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2008-10-08 05:35:15 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:15 -0400 |
commit | 043ef46c7690bfdbd5b012e15812a14a19ca5604 (patch) | |
tree | 5758fd3b01b7fd338c7ae39496dc7cdf5a393dd9 | |
parent | 2d06d4a5cc107046508d860a0b47dbc43b829b79 (diff) |
netfilter: move Ebtables to use Xtables
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r-- | include/linux/netfilter_bridge/ebtables.h | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/Kconfig | 1 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_802_3.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_among.c | 14 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_arp.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_arpreply.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_dnat.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ip.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ip6.c | 9 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_limit.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_log.c | 9 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_mark.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_mark_m.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_nflog.c | 16 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_pkttype.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_redirect.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_snat.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_stp.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ulog.c | 10 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_vlan.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebtables.c | 173 | ||||
-rw-r--r-- | net/netfilter/x_tables.c | 9 |
22 files changed, 158 insertions, 193 deletions
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h index f20a57da7a2..d3f9243b9d9 100644 --- a/include/linux/netfilter_bridge/ebtables.h +++ b/include/linux/netfilter_bridge/ebtables.h | |||
@@ -124,7 +124,7 @@ struct ebt_entry_match | |||
124 | { | 124 | { |
125 | union { | 125 | union { |
126 | char name[EBT_FUNCTION_MAXNAMELEN]; | 126 | char name[EBT_FUNCTION_MAXNAMELEN]; |
127 | struct ebt_match *match; | 127 | struct xt_match *match; |
128 | } u; | 128 | } u; |
129 | /* size of data */ | 129 | /* size of data */ |
130 | unsigned int match_size; | 130 | unsigned int match_size; |
@@ -135,7 +135,7 @@ struct ebt_entry_watcher | |||
135 | { | 135 | { |
136 | union { | 136 | union { |
137 | char name[EBT_FUNCTION_MAXNAMELEN]; | 137 | char name[EBT_FUNCTION_MAXNAMELEN]; |
138 | struct ebt_watcher *watcher; | 138 | struct xt_target *watcher; |
139 | } u; | 139 | } u; |
140 | /* size of data */ | 140 | /* size of data */ |
141 | unsigned int watcher_size; | 141 | unsigned int watcher_size; |
@@ -146,7 +146,7 @@ struct ebt_entry_target | |||
146 | { | 146 | { |
147 | union { | 147 | union { |
148 | char name[EBT_FUNCTION_MAXNAMELEN]; | 148 | char name[EBT_FUNCTION_MAXNAMELEN]; |
149 | struct ebt_target *target; | 149 | struct xt_target *target; |
150 | } u; | 150 | } u; |
151 | /* size of data */ | 151 | /* size of data */ |
152 | unsigned int target_size; | 152 | unsigned int target_size; |
diff --git a/net/bridge/netfilter/Kconfig b/net/bridge/netfilter/Kconfig index 90947979499..e7c197ffb2f 100644 --- a/net/bridge/netfilter/Kconfig +++ b/net/bridge/netfilter/Kconfig | |||
@@ -7,6 +7,7 @@ menu "Bridge: Netfilter Configuration" | |||
7 | 7 | ||
8 | config BRIDGE_NF_EBTABLES | 8 | config BRIDGE_NF_EBTABLES |
9 | tristate "Ethernet Bridge tables (ebtables) support" | 9 | tristate "Ethernet Bridge tables (ebtables) support" |
10 | select NETFILTER_XTABLES | ||
10 | help | 11 | help |
11 | ebtables is a general, extensible frame/packet identification | 12 | ebtables is a general, extensible frame/packet identification |
12 | framework. Say 'Y' or 'M' here if you want to do Ethernet | 13 | framework. Say 'Y' or 'M' here if you want to do Ethernet |
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c index 6f1a69c28ed..6fc2a59e09a 100644 --- a/net/bridge/netfilter/ebt_802_3.c +++ b/net/bridge/netfilter/ebt_802_3.c | |||
@@ -51,8 +51,8 @@ ebt_802_3_mt_check(const char *table, const void *entry, | |||
51 | return true; | 51 | return true; |
52 | } | 52 | } |
53 | 53 | ||
54 | static struct ebt_match filter_802_3 __read_mostly = { | 54 | static struct xt_match ebt_802_3_mt_reg __read_mostly = { |
55 | .name = EBT_802_3_MATCH, | 55 | .name = "802_3", |
56 | .revision = 0, | 56 | .revision = 0, |
57 | .family = NFPROTO_BRIDGE, | 57 | .family = NFPROTO_BRIDGE, |
58 | .match = ebt_802_3_mt, | 58 | .match = ebt_802_3_mt, |
@@ -63,12 +63,12 @@ static struct ebt_match filter_802_3 __read_mostly = { | |||
63 | 63 | ||
64 | static int __init ebt_802_3_init(void) | 64 | static int __init ebt_802_3_init(void) |
65 | { | 65 | { |
66 | return ebt_register_match(&filter_802_3); | 66 | return xt_register_match(&ebt_802_3_mt_reg); |
67 | } | 67 | } |
68 | 68 | ||
69 | static void __exit ebt_802_3_fini(void) | 69 | static void __exit ebt_802_3_fini(void) |
70 | { | 70 | { |
71 | ebt_unregister_match(&filter_802_3); | 71 | xt_unregister_match(&ebt_802_3_mt_reg); |
72 | } | 72 | } |
73 | 73 | ||
74 | module_init(ebt_802_3_init); | 74 | module_init(ebt_802_3_init); |
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c index 84a306f085b..084559e1840 100644 --- a/net/bridge/netfilter/ebt_among.c +++ b/net/bridge/netfilter/ebt_among.c | |||
@@ -7,12 +7,12 @@ | |||
7 | * August, 2003 | 7 | * August, 2003 |
8 | * | 8 | * |
9 | */ | 9 | */ |
10 | |||
11 | #include <linux/netfilter_bridge/ebtables.h> | ||
12 | #include <linux/netfilter_bridge/ebt_among.h> | ||
13 | #include <linux/ip.h> | 10 | #include <linux/ip.h> |
14 | #include <linux/if_arp.h> | 11 | #include <linux/if_arp.h> |
15 | #include <linux/module.h> | 12 | #include <linux/module.h> |
13 | #include <linux/netfilter/x_tables.h> | ||
14 | #include <linux/netfilter_bridge/ebtables.h> | ||
15 | #include <linux/netfilter_bridge/ebt_among.h> | ||
16 | 16 | ||
17 | static bool ebt_mac_wormhash_contains(const struct ebt_mac_wormhash *wh, | 17 | static bool ebt_mac_wormhash_contains(const struct ebt_mac_wormhash *wh, |
18 | const char *mac, __be32 ip) | 18 | const char *mac, __be32 ip) |
@@ -211,8 +211,8 @@ ebt_among_mt_check(const char *table, const void *entry, | |||
211 | return true; | 211 | return true; |
212 | } | 212 | } |
213 | 213 | ||
214 | static struct ebt_match filter_among __read_mostly = { | 214 | static struct xt_match ebt_among_mt_reg __read_mostly = { |
215 | .name = EBT_AMONG_MATCH, | 215 | .name = "among", |
216 | .revision = 0, | 216 | .revision = 0, |
217 | .family = NFPROTO_BRIDGE, | 217 | .family = NFPROTO_BRIDGE, |
218 | .match = ebt_among_mt, | 218 | .match = ebt_among_mt, |
@@ -223,12 +223,12 @@ static struct ebt_match filter_among __read_mostly = { | |||
223 | 223 | ||
224 | static int __init ebt_among_init(void) | 224 | static int __init ebt_among_init(void) |
225 | { | 225 | { |
226 | return ebt_register_match(&filter_among); | 226 | return xt_register_match(&ebt_among_mt_reg); |
227 | } | 227 | } |
228 | 228 | ||
229 | static void __exit ebt_among_fini(void) | 229 | static void __exit ebt_among_fini(void) |
230 | { | 230 | { |
231 | ebt_unregister_match(&filter_among); | 231 | xt_unregister_match(&ebt_among_mt_reg); |
232 | } | 232 | } |
233 | 233 | ||
234 | module_init(ebt_among_init); | 234 | module_init(ebt_among_init); |
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c index 6e7cd2f5ad7..a073dffe7a1 100644 --- a/net/bridge/netfilter/ebt_arp.c +++ b/net/bridge/netfilter/ebt_arp.c | |||
@@ -119,8 +119,8 @@ ebt_arp_mt_check(const char *table, const void *entry, | |||
119 | return true; | 119 | return true; |
120 | } | 120 | } |
121 | 121 | ||
122 | static struct ebt_match filter_arp __read_mostly = { | 122 | static struct xt_match ebt_arp_mt_reg __read_mostly = { |
123 | .name = EBT_ARP_MATCH, | 123 | .name = "arp", |
124 | .revision = 0, | 124 | .revision = 0, |
125 | .family = NFPROTO_BRIDGE, | 125 | .family = NFPROTO_BRIDGE, |
126 | .match = ebt_arp_mt, | 126 | .match = ebt_arp_mt, |
@@ -131,12 +131,12 @@ static struct ebt_match filter_arp __read_mostly = { | |||
131 | 131 | ||
132 | static int __init ebt_arp_init(void) | 132 | static int __init ebt_arp_init(void) |
133 | { | 133 | { |
134 | return ebt_register_match(&filter_arp); | 134 | return xt_register_match(&ebt_arp_mt_reg); |
135 | } | 135 | } |
136 | 136 | ||
137 | static void __exit ebt_arp_fini(void) | 137 | static void __exit ebt_arp_fini(void) |
138 | { | 138 | { |
139 | ebt_unregister_match(&filter_arp); | 139 | xt_unregister_match(&ebt_arp_mt_reg); |
140 | } | 140 | } |
141 | 141 | ||
142 | module_init(ebt_arp_init); | 142 | module_init(ebt_arp_init); |
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c index 6f2f6589777..8071b64af46 100644 --- a/net/bridge/netfilter/ebt_arpreply.c +++ b/net/bridge/netfilter/ebt_arpreply.c | |||
@@ -78,8 +78,8 @@ ebt_arpreply_tg_check(const char *tablename, const void *entry, | |||
78 | return true; | 78 | return true; |
79 | } | 79 | } |
80 | 80 | ||
81 | static struct ebt_target reply_target __read_mostly = { | 81 | static struct xt_target ebt_arpreply_tg_reg __read_mostly = { |
82 | .name = EBT_ARPREPLY_TARGET, | 82 | .name = "arpreply", |
83 | .revision = 0, | 83 | .revision = 0, |
84 | .family = NFPROTO_BRIDGE, | 84 | .family = NFPROTO_BRIDGE, |
85 | .target = ebt_arpreply_tg, | 85 | .target = ebt_arpreply_tg, |
@@ -90,12 +90,12 @@ static struct ebt_target reply_target __read_mostly = { | |||
90 | 90 | ||
91 | static int __init ebt_arpreply_init(void) | 91 | static int __init ebt_arpreply_init(void) |
92 | { | 92 | { |
93 | return ebt_register_target(&reply_target); | 93 | return xt_register_target(&ebt_arpreply_tg_reg); |
94 | } | 94 | } |
95 | 95 | ||
96 | static void __exit ebt_arpreply_fini(void) | 96 | static void __exit ebt_arpreply_fini(void) |
97 | { | 97 | { |
98 | ebt_unregister_target(&reply_target); | 98 | xt_unregister_target(&ebt_arpreply_tg_reg); |
99 | } | 99 | } |
100 | 100 | ||
101 | module_init(ebt_arpreply_init); | 101 | module_init(ebt_arpreply_init); |
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c index b7cc013bd37..d2211c4a477 100644 --- a/net/bridge/netfilter/ebt_dnat.c +++ b/net/bridge/netfilter/ebt_dnat.c | |||
@@ -47,8 +47,8 @@ ebt_dnat_tg_check(const char *tablename, const void *entry, | |||
47 | return true; | 47 | return true; |
48 | } | 48 | } |
49 | 49 | ||
50 | static struct ebt_target dnat __read_mostly = { | 50 | static struct xt_target ebt_dnat_tg_reg __read_mostly = { |
51 | .name = EBT_DNAT_TARGET, | 51 | .name = "dnat", |
52 | .revision = 0, | 52 | .revision = 0, |
53 | .family = NFPROTO_BRIDGE, | 53 | .family = NFPROTO_BRIDGE, |
54 | .target = ebt_dnat_tg, | 54 | .target = ebt_dnat_tg, |
@@ -59,12 +59,12 @@ static struct ebt_target dnat __read_mostly = { | |||
59 | 59 | ||
60 | static int __init ebt_dnat_init(void) | 60 | static int __init ebt_dnat_init(void) |
61 | { | 61 | { |
62 | return ebt_register_target(&dnat); | 62 | return xt_register_target(&ebt_dnat_tg_reg); |
63 | } | 63 | } |
64 | 64 | ||
65 | static void __exit ebt_dnat_fini(void) | 65 | static void __exit ebt_dnat_fini(void) |
66 | { | 66 | { |
67 | ebt_unregister_target(&dnat); | 67 | xt_unregister_target(&ebt_dnat_tg_reg); |
68 | } | 68 | } |
69 | 69 | ||
70 | module_init(ebt_dnat_init); | 70 | module_init(ebt_dnat_init); |
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c index e7f3b1776b0..b42c7ce799b 100644 --- a/net/bridge/netfilter/ebt_ip.c +++ b/net/bridge/netfilter/ebt_ip.c | |||
@@ -109,8 +109,8 @@ ebt_ip_mt_check(const char *table, const void *entry, | |||
109 | return true; | 109 | return true; |
110 | } | 110 | } |
111 | 111 | ||
112 | static struct ebt_match filter_ip __read_mostly = { | 112 | static struct xt_match ebt_ip_mt_reg __read_mostly = { |
113 | .name = EBT_IP_MATCH, | 113 | .name = "ip", |
114 | .revision = 0, | 114 | .revision = 0, |
115 | .family = NFPROTO_BRIDGE, | 115 | .family = NFPROTO_BRIDGE, |
116 | .match = ebt_ip_mt, | 116 | .match = ebt_ip_mt, |
@@ -121,12 +121,12 @@ static struct ebt_match filter_ip __read_mostly = { | |||
121 | 121 | ||
122 | static int __init ebt_ip_init(void) | 122 | static int __init ebt_ip_init(void) |
123 | { | 123 | { |
124 | return ebt_register_match(&filter_ip); | 124 | return xt_register_match(&ebt_ip_mt_reg); |
125 | } | 125 | } |
126 | 126 | ||
127 | static void __exit ebt_ip_fini(void) | 127 | static void __exit ebt_ip_fini(void) |
128 | { | 128 | { |
129 | ebt_unregister_match(&filter_ip); | 129 | xt_unregister_match(&ebt_ip_mt_reg); |
130 | } | 130 | } |
131 | 131 | ||
132 | module_init(ebt_ip_init); | 132 | module_init(ebt_ip_init); |
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c index 807685da293..317e624ae59 100644 --- a/net/bridge/netfilter/ebt_ip6.c +++ b/net/bridge/netfilter/ebt_ip6.c | |||
@@ -121,9 +121,8 @@ ebt_ip6_mt_check(const char *table, const void *entry, | |||
121 | return true; | 121 | return true; |
122 | } | 122 | } |
123 | 123 | ||
124 | static struct ebt_match filter_ip6 = | 124 | static struct xt_match ebt_ip6_mt_reg __read_mostly = { |
125 | { | 125 | .name = "ip6", |
126 | .name = EBT_IP6_MATCH, | ||
127 | .revision = 0, | 126 | .revision = 0, |
128 | .family = NFPROTO_BRIDGE, | 127 | .family = NFPROTO_BRIDGE, |
129 | .match = ebt_ip6_mt, | 128 | .match = ebt_ip6_mt, |
@@ -134,12 +133,12 @@ static struct ebt_match filter_ip6 = | |||
134 | 133 | ||
135 | static int __init ebt_ip6_init(void) | 134 | static int __init ebt_ip6_init(void) |
136 | { | 135 | { |
137 | return ebt_register_match(&filter_ip6); | 136 | return xt_register_match(&ebt_ip6_mt_reg); |
138 | } | 137 | } |
139 | 138 | ||
140 | static void __exit ebt_ip6_fini(void) | 139 | static void __exit ebt_ip6_fini(void) |
141 | { | 140 | { |
142 | ebt_unregister_match(&filter_ip6); | 141 | xt_unregister_match(&ebt_ip6_mt_reg); |
143 | } | 142 | } |
144 | 143 | ||
145 | module_init(ebt_ip6_init); | 144 | module_init(ebt_ip6_init); |
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c index d3372739227..43d9a500363 100644 --- a/net/bridge/netfilter/ebt_limit.c +++ b/net/bridge/netfilter/ebt_limit.c | |||
@@ -89,8 +89,8 @@ ebt_limit_mt_check(const char *table, const void *e, | |||
89 | return true; | 89 | return true; |
90 | } | 90 | } |
91 | 91 | ||
92 | static struct ebt_match ebt_limit_reg __read_mostly = { | 92 | static struct xt_match ebt_limit_mt_reg __read_mostly = { |
93 | .name = EBT_LIMIT_MATCH, | 93 | .name = "limit", |
94 | .revision = 0, | 94 | .revision = 0, |
95 | .family = NFPROTO_BRIDGE, | 95 | .family = NFPROTO_BRIDGE, |
96 | .match = ebt_limit_mt, | 96 | .match = ebt_limit_mt, |
@@ -101,12 +101,12 @@ static struct ebt_match ebt_limit_reg __read_mostly = { | |||
101 | 101 | ||
102 | static int __init ebt_limit_init(void) | 102 | static int __init ebt_limit_init(void) |
103 | { | 103 | { |
104 | return ebt_register_match(&ebt_limit_reg); | 104 | return xt_register_match(&ebt_limit_mt_reg); |
105 | } | 105 | } |
106 | 106 | ||
107 | static void __exit ebt_limit_fini(void) | 107 | static void __exit ebt_limit_fini(void) |
108 | { | 108 | { |
109 | ebt_unregister_match(&ebt_limit_reg); | 109 | xt_unregister_match(&ebt_limit_mt_reg); |
110 | } | 110 | } |
111 | 111 | ||
112 | module_init(ebt_limit_init); | 112 | module_init(ebt_limit_init); |
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c index 424dfdf7f27..b40f9ed4c34 100644 --- a/net/bridge/netfilter/ebt_log.c +++ b/net/bridge/netfilter/ebt_log.c | |||
@@ -215,9 +215,8 @@ ebt_log_tg(struct sk_buff *skb, const struct net_device *in, | |||
215 | return EBT_CONTINUE; | 215 | return EBT_CONTINUE; |
216 | } | 216 | } |
217 | 217 | ||
218 | static struct ebt_watcher log = | 218 | static struct xt_target ebt_log_tg_reg __read_mostly = { |
219 | { | 219 | .name = "log", |
220 | .name = EBT_LOG_WATCHER, | ||
221 | .revision = 0, | 220 | .revision = 0, |
222 | .family = NFPROTO_BRIDGE, | 221 | .family = NFPROTO_BRIDGE, |
223 | .target = ebt_log_tg, | 222 | .target = ebt_log_tg, |
@@ -236,7 +235,7 @@ static int __init ebt_log_init(void) | |||
236 | { | 235 | { |
237 | int ret; | 236 | int ret; |
238 | 237 | ||
239 | ret = ebt_register_watcher(&log); | 238 | ret = xt_register_target(&ebt_log_tg_reg); |
240 | if (ret < 0) | 239 | if (ret < 0) |
241 | return ret; | 240 | return ret; |
242 | nf_log_register(NFPROTO_BRIDGE, &ebt_log_logger); | 241 | nf_log_register(NFPROTO_BRIDGE, &ebt_log_logger); |
@@ -246,7 +245,7 @@ static int __init ebt_log_init(void) | |||
246 | static void __exit ebt_log_fini(void) | 245 | static void __exit ebt_log_fini(void) |
247 | { | 246 | { |
248 | nf_log_unregister(&ebt_log_logger); | 247 | nf_log_unregister(&ebt_log_logger); |
249 | ebt_unregister_watcher(&log); | 248 | xt_unregister_target(&ebt_log_tg_reg); |
250 | } | 249 | } |
251 | 250 | ||
252 | module_init(ebt_log_init); | 251 | module_init(ebt_log_init); |
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c index 92c67271bd8..dff19fc91cf 100644 --- a/net/bridge/netfilter/ebt_mark.c +++ b/net/bridge/netfilter/ebt_mark.c | |||
@@ -59,8 +59,8 @@ ebt_mark_tg_check(const char *table, const void *e, | |||
59 | return true; | 59 | return true; |
60 | } | 60 | } |
61 | 61 | ||
62 | static struct ebt_target mark_target __read_mostly = { | 62 | static struct xt_target ebt_mark_tg_reg __read_mostly = { |
63 | .name = EBT_MARK_TARGET, | 63 | .name = "mark", |
64 | .revision = 0, | 64 | .revision = 0, |
65 | .family = NFPROTO_BRIDGE, | 65 | .family = NFPROTO_BRIDGE, |
66 | .target = ebt_mark_tg, | 66 | .target = ebt_mark_tg, |
@@ -71,12 +71,12 @@ static struct ebt_target mark_target __read_mostly = { | |||
71 | 71 | ||
72 | static int __init ebt_mark_init(void) | 72 | static int __init ebt_mark_init(void) |
73 | { | 73 | { |
74 | return ebt_register_target(&mark_target); | 74 | return xt_register_target(&ebt_mark_tg_reg); |
75 | } | 75 | } |
76 | 76 | ||
77 | static void __exit ebt_mark_fini(void) | 77 | static void __exit ebt_mark_fini(void) |
78 | { | 78 | { |
79 | ebt_unregister_target(&mark_target); | 79 | xt_unregister_target(&ebt_mark_tg_reg); |
80 | } | 80 | } |
81 | 81 | ||
82 | module_init(ebt_mark_init); | 82 | module_init(ebt_mark_init); |
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c index db64a0de4f7..aa6781c7f98 100644 --- a/net/bridge/netfilter/ebt_mark_m.c +++ b/net/bridge/netfilter/ebt_mark_m.c | |||
@@ -40,8 +40,8 @@ ebt_mark_mt_check(const char *table, const void *e, | |||
40 | return true; | 40 | return true; |
41 | } | 41 | } |
42 | 42 | ||
43 | static struct ebt_match filter_mark __read_mostly = { | 43 | static struct xt_match ebt_mark_mt_reg __read_mostly = { |
44 | .name = EBT_MARK_MATCH, | 44 | .name = "mark_m", |
45 | .revision = 0, | 45 | .revision = 0, |
46 | .family = NFPROTO_BRIDGE, | 46 | .family = NFPROTO_BRIDGE, |
47 | .match = ebt_mark_mt, | 47 | .match = ebt_mark_mt, |
@@ -52,12 +52,12 @@ static struct ebt_match filter_mark __read_mostly = { | |||
52 | 52 | ||
53 | static int __init ebt_mark_m_init(void) | 53 | static int __init ebt_mark_m_init(void) |
54 | { | 54 | { |
55 | return ebt_register_match(&filter_mark); | 55 | return xt_register_match(&ebt_mark_mt_reg); |
56 | } | 56 | } |
57 | 57 | ||
58 | static void __exit ebt_mark_m_fini(void) | 58 | static void __exit ebt_mark_m_fini(void) |
59 | { | 59 | { |
60 | ebt_unregister_match(&filter_mark); | 60 | xt_unregister_match(&ebt_mark_mt_reg); |
61 | } | 61 | } |
62 | 62 | ||
63 | module_init(ebt_mark_m_init); | 63 | module_init(ebt_mark_m_init); |
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c index b415f887188..917ac360079 100644 --- a/net/bridge/netfilter/ebt_nflog.c +++ b/net/bridge/netfilter/ebt_nflog.c | |||
@@ -49,24 +49,24 @@ ebt_nflog_tg_check(const char *table, const void *e, | |||
49 | return true; | 49 | return true; |
50 | } | 50 | } |
51 | 51 | ||
52 | static struct ebt_watcher nflog __read_mostly = { | 52 | static struct xt_target ebt_nflog_tg_reg __read_mostly = { |
53 | .name = EBT_NFLOG_WATCHER, | 53 | .name = "nflog", |
54 | .revision = 0, | 54 | .revision = 0, |
55 | .family = NFPROTO_BRIDGE, | 55 | .family = NFPROTO_BRIDGE, |
56 | .target = ebt_nflog_tg, | 56 | .target = ebt_nflog_tg, |
57 | .checkentry = ebt_nflog_tg_check, | 57 | .checkentry = ebt_nflog_tg_check, |
58 | .targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)), | 58 | .targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)), |
59 | .me = THIS_MODULE, | 59 | .me = THIS_MODULE, |
60 | }; | 60 | }; |
61 | 61 | ||
62 | static int __init ebt_nflog_init(void) | 62 | static int __init ebt_nflog_init(void) |
63 | { | 63 | { |
64 | return ebt_register_watcher(&nflog); | 64 | return xt_register_target(&ebt_nflog_tg_reg); |
65 | } | 65 | } |
66 | 66 | ||
67 | static void __exit ebt_nflog_fini(void) | 67 | static void __exit ebt_nflog_fini(void) |
68 | { | 68 | { |
69 | ebt_unregister_watcher(&nflog); | 69 | xt_unregister_target(&ebt_nflog_tg_reg); |
70 | } | 70 | } |
71 | 71 | ||
72 | module_init(ebt_nflog_init); | 72 | module_init(ebt_nflog_init); |
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c index 06393452ef9..1c04ce5a52c 100644 --- a/net/bridge/netfilter/ebt_pkttype.c +++ b/net/bridge/netfilter/ebt_pkttype.c | |||
@@ -36,8 +36,8 @@ ebt_pkttype_mt_check(const char *table, const void *e, | |||
36 | return true; | 36 | return true; |
37 | } | 37 | } |
38 | 38 | ||
39 | static struct ebt_match filter_pkttype __read_mostly = { | 39 | static struct xt_match ebt_pkttype_mt_reg __read_mostly = { |
40 | .name = EBT_PKTTYPE_MATCH, | 40 | .name = "pkttype", |
41 | .revision = 0, | 41 | .revision = 0, |
42 | .family = NFPROTO_BRIDGE, | 42 | .family = NFPROTO_BRIDGE, |
43 | .match = ebt_pkttype_mt, | 43 | .match = ebt_pkttype_mt, |
@@ -48,12 +48,12 @@ static struct ebt_match filter_pkttype __read_mostly = { | |||
48 | 48 | ||
49 | static int __init ebt_pkttype_init(void) | 49 | static int __init ebt_pkttype_init(void) |
50 | { | 50 | { |
51 | return ebt_register_match(&filter_pkttype); | 51 | return xt_register_match(&ebt_pkttype_mt_reg); |
52 | } | 52 | } |
53 | 53 | ||
54 | static void __exit ebt_pkttype_fini(void) | 54 | static void __exit ebt_pkttype_fini(void) |
55 | { | 55 | { |
56 | ebt_unregister_match(&filter_pkttype); | 56 | xt_unregister_match(&ebt_pkttype_mt_reg); |
57 | } | 57 | } |
58 | 58 | ||
59 | module_init(ebt_pkttype_init); | 59 | module_init(ebt_pkttype_init); |
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c index e9540cf4f6d..1b7684ffe40 100644 --- a/net/bridge/netfilter/ebt_redirect.c +++ b/net/bridge/netfilter/ebt_redirect.c | |||
@@ -52,8 +52,8 @@ ebt_redirect_tg_check(const char *tablename, const void *e, | |||
52 | return true; | 52 | return true; |
53 | } | 53 | } |
54 | 54 | ||
55 | static struct ebt_target redirect_target __read_mostly = { | 55 | static struct xt_target ebt_redirect_tg_reg __read_mostly = { |
56 | .name = EBT_REDIRECT_TARGET, | 56 | .name = "redirect", |
57 | .revision = 0, | 57 | .revision = 0, |
58 | .family = NFPROTO_BRIDGE, | 58 | .family = NFPROTO_BRIDGE, |
59 | .target = ebt_redirect_tg, | 59 | .target = ebt_redirect_tg, |
@@ -64,12 +64,12 @@ static struct ebt_target redirect_target __read_mostly = { | |||
64 | 64 | ||
65 | static int __init ebt_redirect_init(void) | 65 | static int __init ebt_redirect_init(void) |
66 | { | 66 | { |
67 | return ebt_register_target(&redirect_target); | 67 | return xt_register_target(&ebt_redirect_tg_reg); |
68 | } | 68 | } |
69 | 69 | ||
70 | static void __exit ebt_redirect_fini(void) | 70 | static void __exit ebt_redirect_fini(void) |
71 | { | 71 | { |
72 | ebt_unregister_target(&redirect_target); | 72 | xt_unregister_target(&ebt_redirect_tg_reg); |
73 | } | 73 | } |
74 | 74 | ||
75 | module_init(ebt_redirect_init); | 75 | module_init(ebt_redirect_init); |
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c index 363d0051e04..c90217a4f9e 100644 --- a/net/bridge/netfilter/ebt_snat.c +++ b/net/bridge/netfilter/ebt_snat.c | |||
@@ -69,8 +69,8 @@ ebt_snat_tg_check(const char *tablename, const void *e, | |||
69 | return true; | 69 | return true; |
70 | } | 70 | } |
71 | 71 | ||
72 | static struct ebt_target snat __read_mostly = { | 72 | static struct xt_target ebt_snat_tg_reg __read_mostly = { |
73 | .name = EBT_SNAT_TARGET, | 73 | .name = "snat", |
74 | .revision = 0, | 74 | .revision = 0, |
75 | .family = NFPROTO_BRIDGE, | 75 | .family = NFPROTO_BRIDGE, |
76 | .target = ebt_snat_tg, | 76 | .target = ebt_snat_tg, |
@@ -81,12 +81,12 @@ static struct ebt_target snat __read_mostly = { | |||
81 | 81 | ||
82 | static int __init ebt_snat_init(void) | 82 | static int __init ebt_snat_init(void) |
83 | { | 83 | { |
84 | return ebt_register_target(&snat); | 84 | return xt_register_target(&ebt_snat_tg_reg); |
85 | } | 85 | } |
86 | 86 | ||
87 | static void __exit ebt_snat_fini(void) | 87 | static void __exit ebt_snat_fini(void) |
88 | { | 88 | { |
89 | ebt_unregister_target(&snat); | 89 | xt_unregister_target(&ebt_snat_tg_reg); |
90 | } | 90 | } |
91 | 91 | ||
92 | module_init(ebt_snat_init); | 92 | module_init(ebt_snat_init); |
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c index 7576d1d62a4..28bb48b67a8 100644 --- a/net/bridge/netfilter/ebt_stp.c +++ b/net/bridge/netfilter/ebt_stp.c | |||
@@ -176,8 +176,8 @@ ebt_stp_mt_check(const char *table, const void *entry, | |||
176 | return true; | 176 | return true; |
177 | } | 177 | } |
178 | 178 | ||
179 | static struct ebt_match filter_stp __read_mostly = { | 179 | static struct xt_match ebt_stp_mt_reg __read_mostly = { |
180 | .name = EBT_STP_MATCH, | 180 | .name = "stp", |
181 | .revision = 0, | 181 | .revision = 0, |
182 | .family = NFPROTO_BRIDGE, | 182 | .family = NFPROTO_BRIDGE, |
183 | .match = ebt_stp_mt, | 183 | .match = ebt_stp_mt, |
@@ -188,12 +188,12 @@ static struct ebt_match filter_stp __read_mostly = { | |||
188 | 188 | ||
189 | static int __init ebt_stp_init(void) | 189 | static int __init ebt_stp_init(void) |
190 | { | 190 | { |
191 | return ebt_register_match(&filter_stp); | 191 | return xt_register_match(&ebt_stp_mt_reg); |
192 | } | 192 | } |
193 | 193 | ||
194 | static void __exit ebt_stp_fini(void) | 194 | static void __exit ebt_stp_fini(void) |
195 | { | 195 | { |
196 | ebt_unregister_match(&filter_stp); | 196 | xt_unregister_match(&ebt_stp_mt_reg); |
197 | } | 197 | } |
198 | 198 | ||
199 | module_init(ebt_stp_init); | 199 | module_init(ebt_stp_init); |
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c index 77ff9c46b26..25ca6467349 100644 --- a/net/bridge/netfilter/ebt_ulog.c +++ b/net/bridge/netfilter/ebt_ulog.c | |||
@@ -275,8 +275,8 @@ ebt_ulog_tg_check(const char *table, const void *entry, | |||
275 | return 0; | 275 | return 0; |
276 | } | 276 | } |
277 | 277 | ||
278 | static struct ebt_watcher ulog __read_mostly = { | 278 | static struct xt_target ebt_ulog_tg_reg __read_mostly = { |
279 | .name = EBT_ULOG_WATCHER, | 279 | .name = "ulog", |
280 | .revision = 0, | 280 | .revision = 0, |
281 | .family = NFPROTO_BRIDGE, | 281 | .family = NFPROTO_BRIDGE, |
282 | .target = ebt_ulog_tg, | 282 | .target = ebt_ulog_tg, |
@@ -286,7 +286,7 @@ static struct ebt_watcher ulog __read_mostly = { | |||
286 | }; | 286 | }; |
287 | 287 | ||
288 | static const struct nf_logger ebt_ulog_logger = { | 288 | static const struct nf_logger ebt_ulog_logger = { |
289 | .name = EBT_ULOG_WATCHER, | 289 | .name = "ulog", |
290 | .logfn = &ebt_log_packet, | 290 | .logfn = &ebt_log_packet, |
291 | .me = THIS_MODULE, | 291 | .me = THIS_MODULE, |
292 | }; | 292 | }; |
@@ -315,7 +315,7 @@ static int __init ebt_ulog_init(void) | |||
315 | printk(KERN_WARNING KBUILD_MODNAME ": out of memory trying to " | 315 | printk(KERN_WARNING KBUILD_MODNAME ": out of memory trying to " |
316 | "call netlink_kernel_create\n"); | 316 | "call netlink_kernel_create\n"); |
317 | ret = false; | 317 | ret = false; |
318 | } else if (ebt_register_watcher(&ulog) != 0) { | 318 | } else if (xt_register_target(&ebt_ulog_tg_reg) != 0) { |
319 | netlink_kernel_release(ebtulognl); | 319 | netlink_kernel_release(ebtulognl); |
320 | } | 320 | } |
321 | 321 | ||
@@ -331,7 +331,7 @@ static void __exit ebt_ulog_fini(void) | |||
331 | int i; | 331 | int i; |
332 | 332 | ||
333 | nf_log_unregister(&ebt_ulog_logger); | 333 | nf_log_unregister(&ebt_ulog_logger); |
334 | ebt_unregister_watcher(&ulog); | 334 | xt_unregister_target(&ebt_ulog_tg_reg); |
335 | for (i = 0; i < EBT_ULOG_MAXNLGROUPS; i++) { | 335 | for (i = 0; i < EBT_ULOG_MAXNLGROUPS; i++) { |
336 | ub = &ulog_buffers[i]; | 336 | ub = &ulog_buffers[i]; |
337 | if (timer_pending(&ub->timer)) | 337 | if (timer_pending(&ub->timer)) |
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c index 3af688b0fc3..5addef6d62f 100644 --- a/net/bridge/netfilter/ebt_vlan.c +++ b/net/bridge/netfilter/ebt_vlan.c | |||
@@ -162,8 +162,8 @@ ebt_vlan_mt_check(const char *table, const void *entry, | |||
162 | return true; | 162 | return true; |
163 | } | 163 | } |
164 | 164 | ||
165 | static struct ebt_match filter_vlan __read_mostly = { | 165 | static struct xt_match ebt_vlan_mt_reg __read_mostly = { |
166 | .name = EBT_VLAN_MATCH, | 166 | .name = "vlan", |
167 | .revision = 0, | 167 | .revision = 0, |
168 | .family = NFPROTO_BRIDGE, | 168 | .family = NFPROTO_BRIDGE, |
169 | .match = ebt_vlan_mt, | 169 | .match = ebt_vlan_mt, |
@@ -177,12 +177,12 @@ static int __init ebt_vlan_init(void) | |||
177 | DEBUG_MSG("ebtables 802.1Q extension module v" | 177 | DEBUG_MSG("ebtables 802.1Q extension module v" |
178 | MODULE_VERS "\n"); | 178 | MODULE_VERS "\n"); |
179 | DEBUG_MSG("module debug=%d\n", !!debug); | 179 | DEBUG_MSG("module debug=%d\n", !!debug); |
180 | return ebt_register_match(&filter_vlan); | 180 | return xt_register_match(&ebt_vlan_mt_reg); |
181 | } | 181 | } |
182 | 182 | ||
183 | static void __exit ebt_vlan_fini(void) | 183 | static void __exit ebt_vlan_fini(void) |
184 | { | 184 | { |
185 | ebt_unregister_match(&filter_vlan); | 185 | xt_unregister_match(&ebt_vlan_mt_reg); |
186 | } | 186 | } |
187 | 187 | ||
188 | module_init(ebt_vlan_init); | 188 | module_init(ebt_vlan_init); |
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 340e1c6bdcb..c4f7a2e8ed3 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
@@ -60,17 +60,18 @@ static LIST_HEAD(ebt_targets); | |||
60 | static LIST_HEAD(ebt_matches); | 60 | static LIST_HEAD(ebt_matches); |
61 | static LIST_HEAD(ebt_watchers); | 61 | static LIST_HEAD(ebt_watchers); |
62 | 62 | ||
63 | static struct ebt_target ebt_standard_target = { | 63 | static struct xt_target ebt_standard_target = { |
64 | .name = "standard", | 64 | .name = "standard", |
65 | .revision = 0, | 65 | .revision = 0, |
66 | .family = NFPROTO_BRIDGE, | 66 | .family = NFPROTO_BRIDGE, |
67 | .targetsize = sizeof(int), | ||
67 | }; | 68 | }; |
68 | 69 | ||
69 | static inline int ebt_do_watcher (struct ebt_entry_watcher *w, | 70 | static inline int ebt_do_watcher (struct ebt_entry_watcher *w, |
70 | struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, | 71 | struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, |
71 | const struct net_device *out) | 72 | const struct net_device *out) |
72 | { | 73 | { |
73 | w->u.watcher->target(skb, in, out, hooknr, NULL, w->data); | 74 | w->u.watcher->target(skb, in, out, hooknr, w->u.watcher, w->data); |
74 | /* watchers don't give a verdict */ | 75 | /* watchers don't give a verdict */ |
75 | return 0; | 76 | return 0; |
76 | } | 77 | } |
@@ -79,7 +80,7 @@ static inline int ebt_do_match (struct ebt_entry_match *m, | |||
79 | const struct sk_buff *skb, const struct net_device *in, | 80 | const struct sk_buff *skb, const struct net_device *in, |
80 | const struct net_device *out) | 81 | const struct net_device *out) |
81 | { | 82 | { |
82 | return m->u.match->match(skb, in, out, NULL, m->data, 0, 0, NULL); | 83 | return m->u.match->match(skb, in, out, m->u.match, m->data, 0, 0, NULL); |
83 | } | 84 | } |
84 | 85 | ||
85 | static inline int ebt_dev_check(char *entry, const struct net_device *device) | 86 | static inline int ebt_dev_check(char *entry, const struct net_device *device) |
@@ -194,7 +195,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, | |||
194 | verdict = ((struct ebt_standard_target *)t)->verdict; | 195 | verdict = ((struct ebt_standard_target *)t)->verdict; |
195 | else | 196 | else |
196 | verdict = t->u.target->target(skb, in, out, hook, | 197 | verdict = t->u.target->target(skb, in, out, hook, |
197 | NULL, t->data); | 198 | t->u.target, t->data); |
198 | if (verdict == EBT_ACCEPT) { | 199 | if (verdict == EBT_ACCEPT) { |
199 | read_unlock_bh(&table->lock); | 200 | read_unlock_bh(&table->lock); |
200 | return NF_ACCEPT; | 201 | return NF_ACCEPT; |
@@ -336,104 +337,73 @@ static inline int | |||
336 | ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, | 337 | ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, |
337 | const char *name, unsigned int hookmask, unsigned int *cnt) | 338 | const char *name, unsigned int hookmask, unsigned int *cnt) |
338 | { | 339 | { |
339 | struct ebt_match *match; | 340 | struct xt_match *match; |
340 | size_t left = ((char *)e + e->watchers_offset) - (char *)m; | 341 | size_t left = ((char *)e + e->watchers_offset) - (char *)m; |
341 | int ret; | 342 | int ret; |
342 | 343 | ||
343 | if (left < sizeof(struct ebt_entry_match) || | 344 | if (left < sizeof(struct ebt_entry_match) || |
344 | left - sizeof(struct ebt_entry_match) < m->match_size) | 345 | left - sizeof(struct ebt_entry_match) < m->match_size) |
345 | return -EINVAL; | 346 | return -EINVAL; |
346 | match = find_match_lock(m->u.name, &ret, &ebt_mutex); | 347 | |
347 | if (!match) | 348 | match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE, |
348 | return ret; | 349 | m->u.name, 0), "ebt_%s", m->u.name); |
349 | m->u.match = match; | 350 | if (IS_ERR(match)) |
350 | if (!try_module_get(match->me)) { | 351 | return PTR_ERR(match); |
351 | mutex_unlock(&ebt_mutex); | 352 | if (match == NULL) |
352 | return -ENOENT; | 353 | return -ENOENT; |
353 | } | 354 | m->u.match = match; |
354 | mutex_unlock(&ebt_mutex); | 355 | |
355 | if (match->family != NFPROTO_BRIDGE) { | 356 | ret = xt_check_match(match, NFPROTO_BRIDGE, m->match_size, |
356 | printk(KERN_WARNING "ebtables: %s match: not for ebtables?\n", | 357 | name, hookmask, e->ethproto, e->invflags & EBT_IPROTO); |
357 | match->name); | 358 | if (ret < 0) { |
358 | goto out; | 359 | module_put(match->me); |
359 | } | 360 | return ret; |
360 | if (match->revision != 0) { | 361 | } else if (match->checkentry != NULL && |
361 | printk(KERN_WARNING "ebtables: %s match: ebtables is not " | ||
362 | "supporting revisions at this time\n", | ||
363 | match->name); | ||
364 | goto out; | ||
365 | } | ||
366 | if (XT_ALIGN(match->matchsize) != m->match_size && | ||
367 | match->matchsize != -1) { | ||
368 | /* | ||
369 | * ebt_among is exempt from centralized matchsize checking | ||
370 | * because it uses a dynamic-size data set. | ||
371 | */ | ||
372 | printk(KERN_WARNING "ebtables: %s match: " | ||
373 | "invalid size %Zu != %u\n", | ||
374 | match->name, XT_ALIGN(match->matchsize), m->match_size); | ||
375 | goto out; | ||
376 | } | ||
377 | if (match->checkentry && | ||
378 | !match->checkentry(name, e, NULL, m->data, hookmask)) { | 362 | !match->checkentry(name, e, NULL, m->data, hookmask)) { |
363 | module_put(match->me); | ||
379 | BUGPRINT("match->check failed\n"); | 364 | BUGPRINT("match->check failed\n"); |
380 | goto out; | 365 | return -EINVAL; |
381 | } | 366 | } |
367 | |||
382 | (*cnt)++; | 368 | (*cnt)++; |
383 | return 0; | 369 | return 0; |
384 | out: | ||
385 | module_put(match->me); | ||
386 | return -EINVAL; | ||
387 | } | 370 | } |
388 | 371 | ||
389 | static inline int | 372 | static inline int |
390 | ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, | 373 | ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, |
391 | const char *name, unsigned int hookmask, unsigned int *cnt) | 374 | const char *name, unsigned int hookmask, unsigned int *cnt) |
392 | { | 375 | { |
393 | struct ebt_watcher *watcher; | 376 | struct xt_target *watcher; |
394 | size_t left = ((char *)e + e->target_offset) - (char *)w; | 377 | size_t left = ((char *)e + e->target_offset) - (char *)w; |
395 | int ret; | 378 | int ret; |
396 | 379 | ||
397 | if (left < sizeof(struct ebt_entry_watcher) || | 380 | if (left < sizeof(struct ebt_entry_watcher) || |
398 | left - sizeof(struct ebt_entry_watcher) < w->watcher_size) | 381 | left - sizeof(struct ebt_entry_watcher) < w->watcher_size) |
399 | return -EINVAL; | 382 | return -EINVAL; |
400 | watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex); | 383 | |
401 | if (!watcher) | 384 | watcher = try_then_request_module( |
402 | return ret; | 385 | xt_find_target(NFPROTO_BRIDGE, w->u.name, 0), |
403 | w->u.watcher = watcher; | 386 | "ebt_%s", w->u.name); |
404 | if (!try_module_get(watcher->me)) { | 387 | if (IS_ERR(watcher)) |
405 | mutex_unlock(&ebt_mutex); | 388 | return PTR_ERR(watcher); |
389 | if (watcher == NULL) | ||
406 | return -ENOENT; | 390 | return -ENOENT; |
407 | } | 391 | w->u.watcher = watcher; |
408 | mutex_unlock(&ebt_mutex); | 392 | |
409 | if (watcher->family != NFPROTO_BRIDGE) { | 393 | ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size, |
410 | printk(KERN_WARNING "ebtables: %s watcher: not for ebtables?\n", | 394 | name, hookmask, e->ethproto, e->invflags & EBT_IPROTO); |
411 | watcher->name); | 395 | if (ret < 0) { |
412 | goto out; | 396 | module_put(watcher->me); |
413 | } | 397 | return ret; |
414 | if (watcher->revision != 0) { | 398 | } else if (watcher->checkentry != NULL && |
415 | printk(KERN_WARNING "ebtables: %s watcher: ebtables is not " | ||
416 | "supporting revisions at this time\n", | ||
417 | watcher->name); | ||
418 | goto out; | ||
419 | } | ||
420 | if (XT_ALIGN(watcher->targetsize) != w->watcher_size) { | ||
421 | printk(KERN_WARNING "ebtables: %s watcher: " | ||
422 | "invalid size %Zu != %u\n", | ||
423 | watcher->name, XT_ALIGN(watcher->targetsize), | ||
424 | w->watcher_size); | ||
425 | goto out; | ||
426 | } | ||
427 | if (watcher->checkentry && | ||
428 | !watcher->checkentry(name, e, NULL, w->data, hookmask)) { | 399 | !watcher->checkentry(name, e, NULL, w->data, hookmask)) { |
400 | module_put(watcher->me); | ||
429 | BUGPRINT("watcher->check failed\n"); | 401 | BUGPRINT("watcher->check failed\n"); |
430 | goto out; | 402 | return -EINVAL; |
431 | } | 403 | } |
404 | |||
432 | (*cnt)++; | 405 | (*cnt)++; |
433 | return 0; | 406 | return 0; |
434 | out: | ||
435 | module_put(watcher->me); | ||
436 | return -EINVAL; | ||
437 | } | 407 | } |
438 | 408 | ||
439 | static int ebt_verify_pointers(struct ebt_replace *repl, | 409 | static int ebt_verify_pointers(struct ebt_replace *repl, |
@@ -607,7 +577,7 @@ ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) | |||
607 | if (i && (*i)-- == 0) | 577 | if (i && (*i)-- == 0) |
608 | return 1; | 578 | return 1; |
609 | if (m->u.match->destroy) | 579 | if (m->u.match->destroy) |
610 | m->u.match->destroy(NULL, m->data); | 580 | m->u.match->destroy(m->u.match, m->data); |
611 | module_put(m->u.match->me); | 581 | module_put(m->u.match->me); |
612 | 582 | ||
613 | return 0; | 583 | return 0; |
@@ -619,7 +589,7 @@ ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i) | |||
619 | if (i && (*i)-- == 0) | 589 | if (i && (*i)-- == 0) |
620 | return 1; | 590 | return 1; |
621 | if (w->u.watcher->destroy) | 591 | if (w->u.watcher->destroy) |
622 | w->u.watcher->destroy(NULL, w->data); | 592 | w->u.watcher->destroy(w->u.watcher, w->data); |
623 | module_put(w->u.watcher->me); | 593 | module_put(w->u.watcher->me); |
624 | 594 | ||
625 | return 0; | 595 | return 0; |
@@ -639,7 +609,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) | |||
639 | EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); | 609 | EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); |
640 | t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); | 610 | t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); |
641 | if (t->u.target->destroy) | 611 | if (t->u.target->destroy) |
642 | t->u.target->destroy(NULL, t->data); | 612 | t->u.target->destroy(t->u.target, t->data); |
643 | module_put(t->u.target->me); | 613 | module_put(t->u.target->me); |
644 | 614 | ||
645 | return 0; | 615 | return 0; |
@@ -651,7 +621,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, | |||
651 | struct ebt_cl_stack *cl_s, unsigned int udc_cnt) | 621 | struct ebt_cl_stack *cl_s, unsigned int udc_cnt) |
652 | { | 622 | { |
653 | struct ebt_entry_target *t; | 623 | struct ebt_entry_target *t; |
654 | struct ebt_target *target; | 624 | struct xt_target *target; |
655 | unsigned int i, j, hook = 0, hookmask = 0; | 625 | unsigned int i, j, hook = 0, hookmask = 0; |
656 | size_t gap; | 626 | size_t gap; |
657 | int ret; | 627 | int ret; |
@@ -704,27 +674,15 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, | |||
704 | goto cleanup_watchers; | 674 | goto cleanup_watchers; |
705 | t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); | 675 | t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); |
706 | gap = e->next_offset - e->target_offset; | 676 | gap = e->next_offset - e->target_offset; |
707 | target = find_target_lock(t->u.name, &ret, &ebt_mutex); | ||
708 | if (!target) | ||
709 | goto cleanup_watchers; | ||
710 | if (!try_module_get(target->me)) { | ||
711 | mutex_unlock(&ebt_mutex); | ||
712 | ret = -ENOENT; | ||
713 | goto cleanup_watchers; | ||
714 | } | ||
715 | mutex_unlock(&ebt_mutex); | ||
716 | 677 | ||
717 | if (target->family != NFPROTO_BRIDGE) { | 678 | target = try_then_request_module( |
718 | printk(KERN_WARNING "ebtables: %s target: not for ebtables?\n", | 679 | xt_find_target(NFPROTO_BRIDGE, t->u.name, 0), |
719 | target->name); | 680 | "ebt_%s", t->u.name); |
720 | ret = -EINVAL; | 681 | if (IS_ERR(target)) { |
682 | ret = PTR_ERR(target); | ||
721 | goto cleanup_watchers; | 683 | goto cleanup_watchers; |
722 | } | 684 | } else if (target == NULL) { |
723 | if (target->revision != 0) { | 685 | ret = -ENOENT; |
724 | printk(KERN_WARNING "ebtables: %s target: ebtables is not " | ||
725 | "supporting revisions at this time\n", | ||
726 | target->name); | ||
727 | ret = -EINVAL; | ||
728 | goto cleanup_watchers; | 686 | goto cleanup_watchers; |
729 | } | 687 | } |
730 | 688 | ||
@@ -745,13 +703,12 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, | |||
745 | module_put(t->u.target->me); | 703 | module_put(t->u.target->me); |
746 | ret = -EFAULT; | 704 | ret = -EFAULT; |
747 | goto cleanup_watchers; | 705 | goto cleanup_watchers; |
748 | } else if (XT_ALIGN(target->targetsize) != t->target_size) { | 706 | } |
749 | printk(KERN_WARNING "ebtables: %s target: " | 707 | |
750 | "invalid size %Zu != %u\n", | 708 | ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size, |
751 | target->name, XT_ALIGN(target->targetsize), | 709 | name, hookmask, e->ethproto, e->invflags & EBT_IPROTO); |
752 | t->target_size); | 710 | if (ret < 0) { |
753 | module_put(t->u.target->me); | 711 | module_put(target->me); |
754 | ret = -EINVAL; | ||
755 | goto cleanup_watchers; | 712 | goto cleanup_watchers; |
756 | } else if (t->u.target->checkentry && | 713 | } else if (t->u.target->checkentry && |
757 | !t->u.target->checkentry(name, e, NULL, t->data, hookmask)) { | 714 | !t->u.target->checkentry(name, e, NULL, t->data, hookmask)) { |
@@ -1589,11 +1546,14 @@ static int __init ebtables_init(void) | |||
1589 | { | 1546 | { |
1590 | int ret; | 1547 | int ret; |
1591 | 1548 | ||
1592 | mutex_lock(&ebt_mutex); | 1549 | ret = xt_register_target(&ebt_standard_target); |
1593 | list_add(&ebt_standard_target.list, &ebt_targets); | 1550 | if (ret < 0) |
1594 | mutex_unlock(&ebt_mutex); | ||
1595 | if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0) | ||
1596 | return ret; | 1551 | return ret; |
1552 | ret = nf_register_sockopt(&ebt_sockopts); | ||
1553 | if (ret < 0) { | ||
1554 | xt_unregister_target(&ebt_standard_target); | ||
1555 | return ret; | ||
1556 | } | ||
1597 | 1557 | ||
1598 | printk(KERN_INFO "Ebtables v2.0 registered\n"); | 1558 | printk(KERN_INFO "Ebtables v2.0 registered\n"); |
1599 | return 0; | 1559 | return 0; |
@@ -1602,6 +1562,7 @@ static int __init ebtables_init(void) | |||
1602 | static void __exit ebtables_fini(void) | 1562 | static void __exit ebtables_fini(void) |
1603 | { | 1563 | { |
1604 | nf_unregister_sockopt(&ebt_sockopts); | 1564 | nf_unregister_sockopt(&ebt_sockopts); |
1565 | xt_unregister_target(&ebt_standard_target); | ||
1605 | printk(KERN_INFO "Ebtables v2.0 unregistered\n"); | 1566 | printk(KERN_INFO "Ebtables v2.0 unregistered\n"); |
1606 | } | 1567 | } |
1607 | 1568 | ||
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index aece6c2d134..0e23f42e341 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c | |||
@@ -30,7 +30,7 @@ | |||
30 | 30 | ||
31 | MODULE_LICENSE("GPL"); | 31 | MODULE_LICENSE("GPL"); |
32 | MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); | 32 | MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); |
33 | MODULE_DESCRIPTION("[ip,ip6,arp]_tables backend module"); | 33 | MODULE_DESCRIPTION("{ip,ip6,arp,eb}_tables backend module"); |
34 | 34 | ||
35 | #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) | 35 | #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) |
36 | 36 | ||
@@ -325,7 +325,12 @@ int xt_check_match(const struct xt_match *match, unsigned short family, | |||
325 | unsigned int size, const char *table, unsigned int hook_mask, | 325 | unsigned int size, const char *table, unsigned int hook_mask, |
326 | unsigned short proto, int inv_proto) | 326 | unsigned short proto, int inv_proto) |
327 | { | 327 | { |
328 | if (XT_ALIGN(match->matchsize) != size) { | 328 | if (XT_ALIGN(match->matchsize) != size && |
329 | match->matchsize != -1) { | ||
330 | /* | ||
331 | * ebt_among is exempt from centralized matchsize checking | ||
332 | * because it uses a dynamic-size data set. | ||
333 | */ | ||
329 | printk("%s_tables: %s match: invalid size %Zu != %u\n", | 334 | printk("%s_tables: %s match: invalid size %Zu != %u\n", |
330 | xt_prefix[family], match->name, | 335 | xt_prefix[family], match->name, |
331 | XT_ALIGN(match->matchsize), size); | 336 | XT_ALIGN(match->matchsize), size); |