aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2008-10-08 05:35:14 -0400
committerPatrick McHardy <kaber@trash.net>2008-10-08 05:35:14 -0400
commit001a18d369f4813ed792629ff4a9a6ade2a4a031 (patch)
treea1207edd62e371eb8473cac524fd1e34a7b1cc62 /net
parent0ac6ab1f7915fc820ca0cf8f597290dbb249edcc (diff)
netfilter: add dummy members to Ebtables code to ease transition to Xtables
Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
-rw-r--r--net/bridge/netfilter/ebt_802_3.c2
-rw-r--r--net/bridge/netfilter/ebt_among.c2
-rw-r--r--net/bridge/netfilter/ebt_arp.c2
-rw-r--r--net/bridge/netfilter/ebt_arpreply.c2
-rw-r--r--net/bridge/netfilter/ebt_dnat.c2
-rw-r--r--net/bridge/netfilter/ebt_ip.c2
-rw-r--r--net/bridge/netfilter/ebt_ip6.c2
-rw-r--r--net/bridge/netfilter/ebt_limit.c2
-rw-r--r--net/bridge/netfilter/ebt_log.c2
-rw-r--r--net/bridge/netfilter/ebt_mark.c2
-rw-r--r--net/bridge/netfilter/ebt_mark_m.c2
-rw-r--r--net/bridge/netfilter/ebt_nflog.c2
-rw-r--r--net/bridge/netfilter/ebt_pkttype.c2
-rw-r--r--net/bridge/netfilter/ebt_redirect.c2
-rw-r--r--net/bridge/netfilter/ebt_snat.c2
-rw-r--r--net/bridge/netfilter/ebt_stp.c2
-rw-r--r--net/bridge/netfilter/ebt_ulog.c2
-rw-r--r--net/bridge/netfilter/ebt_vlan.c2
-rw-r--r--net/bridge/netfilter/ebtables.c58
19 files changed, 85 insertions, 9 deletions
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c
index 8ebe62b9bcc..f9876f22757 100644
--- a/net/bridge/netfilter/ebt_802_3.c
+++ b/net/bridge/netfilter/ebt_802_3.c
@@ -51,6 +51,8 @@ static bool ebt_802_3_check(const char *tablename, unsigned int hookmask,
51 51
52static struct ebt_match filter_802_3 __read_mostly = { 52static struct ebt_match filter_802_3 __read_mostly = {
53 .name = EBT_802_3_MATCH, 53 .name = EBT_802_3_MATCH,
54 .revision = 0,
55 .family = NFPROTO_BRIDGE,
54 .match = ebt_filter_802_3, 56 .match = ebt_filter_802_3,
55 .check = ebt_802_3_check, 57 .check = ebt_802_3_check,
56 .matchsize = XT_ALIGN(sizeof(struct ebt_802_3_info)), 58 .matchsize = XT_ALIGN(sizeof(struct ebt_802_3_info)),
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
index bfdc67bcbfa..568c890887b 100644
--- a/net/bridge/netfilter/ebt_among.c
+++ b/net/bridge/netfilter/ebt_among.c
@@ -211,6 +211,8 @@ ebt_among_check(const char *tablename, unsigned int hookmask,
211 211
212static struct ebt_match filter_among __read_mostly = { 212static struct ebt_match filter_among __read_mostly = {
213 .name = EBT_AMONG_MATCH, 213 .name = EBT_AMONG_MATCH,
214 .revision = 0,
215 .family = NFPROTO_BRIDGE,
214 .match = ebt_filter_among, 216 .match = ebt_filter_among,
215 .check = ebt_among_check, 217 .check = ebt_among_check,
216 .matchsize = -1, /* special case */ 218 .matchsize = -1, /* special case */
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c
index f1f0bcf5524..4a5226cbab8 100644
--- a/net/bridge/netfilter/ebt_arp.c
+++ b/net/bridge/netfilter/ebt_arp.c
@@ -117,6 +117,8 @@ static bool ebt_arp_check(const char *tablename, unsigned int hookmask,
117 117
118static struct ebt_match filter_arp __read_mostly = { 118static struct ebt_match filter_arp __read_mostly = {
119 .name = EBT_ARP_MATCH, 119 .name = EBT_ARP_MATCH,
120 .revision = 0,
121 .family = NFPROTO_BRIDGE,
120 .match = ebt_filter_arp, 122 .match = ebt_filter_arp,
121 .check = ebt_arp_check, 123 .check = ebt_arp_check,
122 .matchsize = XT_ALIGN(sizeof(struct ebt_arp_info)), 124 .matchsize = XT_ALIGN(sizeof(struct ebt_arp_info)),
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c
index b444cf835f1..7ab16556800 100644
--- a/net/bridge/netfilter/ebt_arpreply.c
+++ b/net/bridge/netfilter/ebt_arpreply.c
@@ -76,6 +76,8 @@ static bool ebt_target_reply_check(const char *tablename, unsigned int hookmask,
76 76
77static struct ebt_target reply_target __read_mostly = { 77static struct ebt_target reply_target __read_mostly = {
78 .name = EBT_ARPREPLY_TARGET, 78 .name = EBT_ARPREPLY_TARGET,
79 .revision = 0,
80 .family = NFPROTO_BRIDGE,
79 .target = ebt_target_reply, 81 .target = ebt_target_reply,
80 .check = ebt_target_reply_check, 82 .check = ebt_target_reply_check,
81 .targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)), 83 .targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)),
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c
index d58b9e32338..64838e2835a 100644
--- a/net/bridge/netfilter/ebt_dnat.c
+++ b/net/bridge/netfilter/ebt_dnat.c
@@ -46,6 +46,8 @@ static bool ebt_target_dnat_check(const char *tablename, unsigned int hookmask,
46 46
47static struct ebt_target dnat __read_mostly = { 47static struct ebt_target dnat __read_mostly = {
48 .name = EBT_DNAT_TARGET, 48 .name = EBT_DNAT_TARGET,
49 .revision = 0,
50 .family = NFPROTO_BRIDGE,
49 .target = ebt_target_dnat, 51 .target = ebt_target_dnat,
50 .check = ebt_target_dnat_check, 52 .check = ebt_target_dnat_check,
51 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), 53 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c
index 018782f044c..0bef6f7bc83 100644
--- a/net/bridge/netfilter/ebt_ip.c
+++ b/net/bridge/netfilter/ebt_ip.c
@@ -108,6 +108,8 @@ static bool ebt_ip_check(const char *tablename, unsigned int hookmask,
108 108
109static struct ebt_match filter_ip __read_mostly = { 109static struct ebt_match filter_ip __read_mostly = {
110 .name = EBT_IP_MATCH, 110 .name = EBT_IP_MATCH,
111 .revision = 0,
112 .family = NFPROTO_BRIDGE,
111 .match = ebt_filter_ip, 113 .match = ebt_filter_ip,
112 .check = ebt_ip_check, 114 .check = ebt_ip_check,
113 .matchsize = XT_ALIGN(sizeof(struct ebt_ip_info)), 115 .matchsize = XT_ALIGN(sizeof(struct ebt_ip_info)),
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
index 7fc3928e3fb..afcabe205b8 100644
--- a/net/bridge/netfilter/ebt_ip6.c
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -121,6 +121,8 @@ static bool ebt_ip6_check(const char *tablename, unsigned int hookmask,
121static struct ebt_match filter_ip6 = 121static struct ebt_match filter_ip6 =
122{ 122{
123 .name = EBT_IP6_MATCH, 123 .name = EBT_IP6_MATCH,
124 .revision = 0,
125 .family = NFPROTO_BRIDGE,
124 .match = ebt_filter_ip6, 126 .match = ebt_filter_ip6,
125 .check = ebt_ip6_check, 127 .check = ebt_ip6_check,
126 .matchsize = XT_ALIGN(sizeof(struct ebt_ip6_info)), 128 .matchsize = XT_ALIGN(sizeof(struct ebt_ip6_info)),
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
index 925065a22a6..9ca0a2564c8 100644
--- a/net/bridge/netfilter/ebt_limit.c
+++ b/net/bridge/netfilter/ebt_limit.c
@@ -88,6 +88,8 @@ static bool ebt_limit_check(const char *tablename, unsigned int hookmask,
88 88
89static struct ebt_match ebt_limit_reg __read_mostly = { 89static struct ebt_match ebt_limit_reg __read_mostly = {
90 .name = EBT_LIMIT_MATCH, 90 .name = EBT_LIMIT_MATCH,
91 .revision = 0,
92 .family = NFPROTO_BRIDGE,
91 .match = ebt_limit_match, 93 .match = ebt_limit_match,
92 .check = ebt_limit_check, 94 .check = ebt_limit_check,
93 .matchsize = XT_ALIGN(sizeof(struct ebt_limit_info)), 95 .matchsize = XT_ALIGN(sizeof(struct ebt_limit_info)),
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index 2705d7a2a9b..c2e1c357025 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -215,6 +215,8 @@ static unsigned int ebt_log(const struct sk_buff *skb, unsigned int hooknr,
215static struct ebt_watcher log = 215static struct ebt_watcher log =
216{ 216{
217 .name = EBT_LOG_WATCHER, 217 .name = EBT_LOG_WATCHER,
218 .revision = 0,
219 .family = NFPROTO_BRIDGE,
218 .watcher = ebt_log, 220 .watcher = ebt_log,
219 .check = ebt_log_check, 221 .check = ebt_log_check,
220 .targetsize = XT_ALIGN(sizeof(struct ebt_log_info)), 222 .targetsize = XT_ALIGN(sizeof(struct ebt_log_info)),
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c
index e4b91d8e2c6..910721a1267 100644
--- a/net/bridge/netfilter/ebt_mark.c
+++ b/net/bridge/netfilter/ebt_mark.c
@@ -58,6 +58,8 @@ static bool ebt_target_mark_check(const char *tablename, unsigned int hookmask,
58 58
59static struct ebt_target mark_target __read_mostly = { 59static struct ebt_target mark_target __read_mostly = {
60 .name = EBT_MARK_TARGET, 60 .name = EBT_MARK_TARGET,
61 .revision = 0,
62 .family = NFPROTO_BRIDGE,
61 .target = ebt_target_mark, 63 .target = ebt_target_mark,
62 .check = ebt_target_mark_check, 64 .check = ebt_target_mark_check,
63 .targetsize = XT_ALIGN(sizeof(struct ebt_mark_t_info)), 65 .targetsize = XT_ALIGN(sizeof(struct ebt_mark_t_info)),
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c
index ec16c0e2868..6512ad9b409 100644
--- a/net/bridge/netfilter/ebt_mark_m.c
+++ b/net/bridge/netfilter/ebt_mark_m.c
@@ -39,6 +39,8 @@ static bool ebt_mark_check(const char *tablename, unsigned int hookmask,
39 39
40static struct ebt_match filter_mark __read_mostly = { 40static struct ebt_match filter_mark __read_mostly = {
41 .name = EBT_MARK_MATCH, 41 .name = EBT_MARK_MATCH,
42 .revision = 0,
43 .family = NFPROTO_BRIDGE,
42 .match = ebt_filter_mark, 44 .match = ebt_filter_mark,
43 .check = ebt_mark_check, 45 .check = ebt_mark_check,
44 .matchsize = XT_ALIGN(sizeof(struct ebt_mark_m_info)), 46 .matchsize = XT_ALIGN(sizeof(struct ebt_mark_m_info)),
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c
index 2c75023b326..aa0410c69a6 100644
--- a/net/bridge/netfilter/ebt_nflog.c
+++ b/net/bridge/netfilter/ebt_nflog.c
@@ -52,6 +52,8 @@ static bool ebt_nflog_check(const char *tablename,
52 52
53static struct ebt_watcher nflog __read_mostly = { 53static struct ebt_watcher nflog __read_mostly = {
54 .name = EBT_NFLOG_WATCHER, 54 .name = EBT_NFLOG_WATCHER,
55 .revision = 0,
56 .family = NFPROTO_BRIDGE,
55 .watcher = ebt_nflog, 57 .watcher = ebt_nflog,
56 .check = ebt_nflog_check, 58 .check = ebt_nflog_check,
57 .targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)), 59 .targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)),
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c
index 74b44328436..a9acecc88e9 100644
--- a/net/bridge/netfilter/ebt_pkttype.c
+++ b/net/bridge/netfilter/ebt_pkttype.c
@@ -36,6 +36,8 @@ static bool ebt_pkttype_check(const char *tablename, unsigned int hookmask,
36 36
37static struct ebt_match filter_pkttype __read_mostly = { 37static struct ebt_match filter_pkttype __read_mostly = {
38 .name = EBT_PKTTYPE_MATCH, 38 .name = EBT_PKTTYPE_MATCH,
39 .revision = 0,
40 .family = NFPROTO_BRIDGE,
39 .match = ebt_filter_pkttype, 41 .match = ebt_filter_pkttype,
40 .check = ebt_pkttype_check, 42 .check = ebt_pkttype_check,
41 .matchsize = XT_ALIGN(sizeof(struct ebt_pkttype_info)), 43 .matchsize = XT_ALIGN(sizeof(struct ebt_pkttype_info)),
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c
index 7bf1390ad97..4c628108bcd 100644
--- a/net/bridge/netfilter/ebt_redirect.c
+++ b/net/bridge/netfilter/ebt_redirect.c
@@ -52,6 +52,8 @@ static bool ebt_target_redirect_check(const char *tablename, unsigned int hookma
52 52
53static struct ebt_target redirect_target __read_mostly = { 53static struct ebt_target redirect_target __read_mostly = {
54 .name = EBT_REDIRECT_TARGET, 54 .name = EBT_REDIRECT_TARGET,
55 .revision = 0,
56 .family = NFPROTO_BRIDGE,
55 .target = ebt_target_redirect, 57 .target = ebt_target_redirect,
56 .check = ebt_target_redirect_check, 58 .check = ebt_target_redirect_check,
57 .targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)), 59 .targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)),
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c
index d13f05d2620..0e83de781c0 100644
--- a/net/bridge/netfilter/ebt_snat.c
+++ b/net/bridge/netfilter/ebt_snat.c
@@ -68,6 +68,8 @@ static bool ebt_target_snat_check(const char *tablename, unsigned int hookmask,
68 68
69static struct ebt_target snat __read_mostly = { 69static struct ebt_target snat __read_mostly = {
70 .name = EBT_SNAT_TARGET, 70 .name = EBT_SNAT_TARGET,
71 .revision = 0,
72 .family = NFPROTO_BRIDGE,
71 .target = ebt_target_snat, 73 .target = ebt_target_snat,
72 .check = ebt_target_snat_check, 74 .check = ebt_target_snat_check,
73 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), 75 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c
index 7618206639e..e6d8f0c140a 100644
--- a/net/bridge/netfilter/ebt_stp.c
+++ b/net/bridge/netfilter/ebt_stp.c
@@ -174,6 +174,8 @@ static bool ebt_stp_check(const char *tablename, unsigned int hookmask,
174 174
175static struct ebt_match filter_stp __read_mostly = { 175static struct ebt_match filter_stp __read_mostly = {
176 .name = EBT_STP_MATCH, 176 .name = EBT_STP_MATCH,
177 .revision = 0,
178 .family = NFPROTO_BRIDGE,
177 .match = ebt_filter_stp, 179 .match = ebt_filter_stp,
178 .check = ebt_stp_check, 180 .check = ebt_stp_check,
179 .matchsize = XT_ALIGN(sizeof(struct ebt_stp_info)), 181 .matchsize = XT_ALIGN(sizeof(struct ebt_stp_info)),
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
index 5f86f555f6d..076b44590f1 100644
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -274,6 +274,8 @@ static bool ebt_ulog_check(const char *tablename, unsigned int hookmask,
274 274
275static struct ebt_watcher ulog __read_mostly = { 275static struct ebt_watcher ulog __read_mostly = {
276 .name = EBT_ULOG_WATCHER, 276 .name = EBT_ULOG_WATCHER,
277 .revision = 0,
278 .family = NFPROTO_BRIDGE,
277 .watcher = ebt_ulog, 279 .watcher = ebt_ulog,
278 .check = ebt_ulog_check, 280 .check = ebt_ulog_check,
279 .targetsize = XT_ALIGN(sizeof(struct ebt_ulog_info)), 281 .targetsize = XT_ALIGN(sizeof(struct ebt_ulog_info)),
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c
index 8cc4257a1ad..9e3a39ae466 100644
--- a/net/bridge/netfilter/ebt_vlan.c
+++ b/net/bridge/netfilter/ebt_vlan.c
@@ -164,6 +164,8 @@ ebt_check_vlan(const char *tablename,
164 164
165static struct ebt_match filter_vlan __read_mostly = { 165static struct ebt_match filter_vlan __read_mostly = {
166 .name = EBT_VLAN_MATCH, 166 .name = EBT_VLAN_MATCH,
167 .revision = 0,
168 .family = NFPROTO_BRIDGE,
167 .match = ebt_filter_vlan, 169 .match = ebt_filter_vlan,
168 .check = ebt_check_vlan, 170 .check = ebt_check_vlan,
169 .matchsize = XT_ALIGN(sizeof(struct ebt_vlan_info)), 171 .matchsize = XT_ALIGN(sizeof(struct ebt_vlan_info)),
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index fe499527729..bc4b3f4f37c 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -61,7 +61,9 @@ static LIST_HEAD(ebt_matches);
61static LIST_HEAD(ebt_watchers); 61static LIST_HEAD(ebt_watchers);
62 62
63static struct ebt_target ebt_standard_target = { 63static struct ebt_target ebt_standard_target = {
64 .name = "standard", 64 .name = "standard",
65 .revision = 0,
66 .family = NFPROTO_BRIDGE,
65}; 67};
66 68
67static inline int ebt_do_watcher (struct ebt_entry_watcher *w, 69static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
@@ -352,6 +354,17 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
352 return -ENOENT; 354 return -ENOENT;
353 } 355 }
354 mutex_unlock(&ebt_mutex); 356 mutex_unlock(&ebt_mutex);
357 if (match->family != NFPROTO_BRIDGE) {
358 printk(KERN_WARNING "ebtables: %s match: not for ebtables?\n",
359 match->name);
360 goto out;
361 }
362 if (match->revision != 0) {
363 printk(KERN_WARNING "ebtables: %s match: ebtables is not "
364 "supporting revisions at this time\n",
365 match->name);
366 goto out;
367 }
355 if (XT_ALIGN(match->matchsize) != m->match_size && 368 if (XT_ALIGN(match->matchsize) != m->match_size &&
356 match->matchsize != -1) { 369 match->matchsize != -1) {
357 /* 370 /*
@@ -361,17 +374,18 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
361 printk(KERN_WARNING "ebtables: %s match: " 374 printk(KERN_WARNING "ebtables: %s match: "
362 "invalid size %Zu != %u\n", 375 "invalid size %Zu != %u\n",
363 match->name, XT_ALIGN(match->matchsize), m->match_size); 376 match->name, XT_ALIGN(match->matchsize), m->match_size);
364 module_put(match->me); 377 goto out;
365 return -EINVAL;
366 } 378 }
367 if (match->check && 379 if (match->check &&
368 !match->check(name, hookmask, e, m->data, m->match_size)) { 380 !match->check(name, hookmask, e, m->data, m->match_size)) {
369 BUGPRINT("match->check failed\n"); 381 BUGPRINT("match->check failed\n");
370 module_put(match->me); 382 goto out;
371 return -EINVAL;
372 } 383 }
373 (*cnt)++; 384 (*cnt)++;
374 return 0; 385 return 0;
386 out:
387 module_put(match->me);
388 return -EINVAL;
375} 389}
376 390
377static inline int 391static inline int
@@ -394,22 +408,34 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
394 return -ENOENT; 408 return -ENOENT;
395 } 409 }
396 mutex_unlock(&ebt_mutex); 410 mutex_unlock(&ebt_mutex);
411 if (watcher->family != NFPROTO_BRIDGE) {
412 printk(KERN_WARNING "ebtables: %s watcher: not for ebtables?\n",
413 watcher->name);
414 goto out;
415 }
416 if (watcher->revision != 0) {
417 printk(KERN_WARNING "ebtables: %s watcher: ebtables is not "
418 "supporting revisions at this time\n",
419 watcher->name);
420 goto out;
421 }
397 if (XT_ALIGN(watcher->targetsize) != w->watcher_size) { 422 if (XT_ALIGN(watcher->targetsize) != w->watcher_size) {
398 printk(KERN_WARNING "ebtables: %s watcher: " 423 printk(KERN_WARNING "ebtables: %s watcher: "
399 "invalid size %Zu != %u\n", 424 "invalid size %Zu != %u\n",
400 watcher->name, XT_ALIGN(watcher->targetsize), 425 watcher->name, XT_ALIGN(watcher->targetsize),
401 w->watcher_size); 426 w->watcher_size);
402 module_put(watcher->me); 427 goto out;
403 return -EINVAL;
404 } 428 }
405 if (watcher->check && 429 if (watcher->check &&
406 !watcher->check(name, hookmask, e, w->data, w->watcher_size)) { 430 !watcher->check(name, hookmask, e, w->data, w->watcher_size)) {
407 BUGPRINT("watcher->check failed\n"); 431 BUGPRINT("watcher->check failed\n");
408 module_put(watcher->me); 432 goto out;
409 return -EINVAL;
410 } 433 }
411 (*cnt)++; 434 (*cnt)++;
412 return 0; 435 return 0;
436 out:
437 module_put(watcher->me);
438 return -EINVAL;
413} 439}
414 440
415static int ebt_verify_pointers(struct ebt_replace *repl, 441static int ebt_verify_pointers(struct ebt_replace *repl,
@@ -690,6 +716,20 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
690 } 716 }
691 mutex_unlock(&ebt_mutex); 717 mutex_unlock(&ebt_mutex);
692 718
719 if (target->family != NFPROTO_BRIDGE) {
720 printk(KERN_WARNING "ebtables: %s target: not for ebtables?\n",
721 target->name);
722 ret = -EINVAL;
723 goto cleanup_watchers;
724 }
725 if (target->revision != 0) {
726 printk(KERN_WARNING "ebtables: %s target: ebtables is not "
727 "supporting revisions at this time\n",
728 target->name);
729 ret = -EINVAL;
730 goto cleanup_watchers;
731 }
732
693 t->u.target = target; 733 t->u.target = target;
694 if (t->u.target == &ebt_standard_target) { 734 if (t->u.target == &ebt_standard_target) {
695 if (gap < sizeof(struct ebt_standard_target)) { 735 if (gap < sizeof(struct ebt_standard_target)) {