diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2008-10-08 05:35:20 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:20 -0400 |
| commit | 916a917dfec18535ff9e2afdafba82e6279eb4f4 (patch) | |
| tree | ebd2e944684f3f1a9c184e3e69d06d1465ed2f69 /net/ipv4 | |
| parent | a2df1648ba615dd5908e9a1fa7b2f133fa302487 (diff) | |
netfilter: xtables: provide invoked family value to extensions
By passing in the family through which extensions were invoked, a bit
of data space can be reclaimed. The "family" member will be added to
the parameter structures and the check functions be adjusted.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 6 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 10 |
2 files changed, 12 insertions, 4 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 3bab78330cf..8d70d29f1cc 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
| @@ -246,6 +246,7 @@ unsigned int arpt_do_table(struct sk_buff *skb, | |||
| 246 | tgpar.in = in; | 246 | tgpar.in = in; |
| 247 | tgpar.out = out; | 247 | tgpar.out = out; |
| 248 | tgpar.hooknum = hook; | 248 | tgpar.hooknum = hook; |
| 249 | tgpar.family = NFPROTO_ARP; | ||
| 249 | 250 | ||
| 250 | arp = arp_hdr(skb); | 251 | arp = arp_hdr(skb); |
| 251 | do { | 252 | do { |
| @@ -465,10 +466,10 @@ static inline int check_target(struct arpt_entry *e, const char *name) | |||
| 465 | .target = t->u.kernel.target, | 466 | .target = t->u.kernel.target, |
| 466 | .targinfo = t->data, | 467 | .targinfo = t->data, |
| 467 | .hook_mask = e->comefrom, | 468 | .hook_mask = e->comefrom, |
| 469 | .family = NFPROTO_ARP, | ||
| 468 | }; | 470 | }; |
| 469 | 471 | ||
| 470 | ret = xt_check_target(&par, NFPROTO_ARP, | 472 | ret = xt_check_target(&par, t->u.target_size - sizeof(*t), 0, false); |
| 471 | t->u.target_size - sizeof(*t), 0, false); | ||
| 472 | if (ret < 0) { | 473 | if (ret < 0) { |
| 473 | duprintf("arp_tables: check failed for `%s'.\n", | 474 | duprintf("arp_tables: check failed for `%s'.\n", |
| 474 | t->u.kernel.target->name); | 475 | t->u.kernel.target->name); |
| @@ -566,6 +567,7 @@ static inline int cleanup_entry(struct arpt_entry *e, unsigned int *i) | |||
| 566 | t = arpt_get_target(e); | 567 | t = arpt_get_target(e); |
| 567 | par.target = t->u.kernel.target; | 568 | par.target = t->u.kernel.target; |
| 568 | par.targinfo = t->data; | 569 | par.targinfo = t->data; |
| 570 | par.family = NFPROTO_ARP; | ||
| 569 | if (par.target->destroy != NULL) | 571 | if (par.target->destroy != NULL) |
| 570 | par.target->destroy(&par); | 572 | par.target->destroy(&par); |
| 571 | module_put(par.target->me); | 573 | module_put(par.target->me); |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 50b9a6c34c3..213fb27debc 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -348,6 +348,7 @@ ipt_do_table(struct sk_buff *skb, | |||
| 348 | mtpar.hotdrop = &hotdrop; | 348 | mtpar.hotdrop = &hotdrop; |
| 349 | mtpar.in = tgpar.in = in; | 349 | mtpar.in = tgpar.in = in; |
| 350 | mtpar.out = tgpar.out = out; | 350 | mtpar.out = tgpar.out = out; |
| 351 | mtpar.family = tgpar.family = NFPROTO_IPV4; | ||
| 351 | tgpar.hooknum = hook; | 352 | tgpar.hooknum = hook; |
| 352 | 353 | ||
| 353 | read_lock_bh(&table->lock); | 354 | read_lock_bh(&table->lock); |
| @@ -579,6 +580,7 @@ cleanup_match(struct ipt_entry_match *m, unsigned int *i) | |||
| 579 | 580 | ||
| 580 | par.match = m->u.kernel.match; | 581 | par.match = m->u.kernel.match; |
| 581 | par.matchinfo = m->data; | 582 | par.matchinfo = m->data; |
| 583 | par.family = NFPROTO_IPV4; | ||
| 582 | if (par.match->destroy != NULL) | 584 | if (par.match->destroy != NULL) |
| 583 | par.match->destroy(&par); | 585 | par.match->destroy(&par); |
| 584 | module_put(par.match->me); | 586 | module_put(par.match->me); |
| @@ -616,7 +618,7 @@ check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par, | |||
| 616 | par->match = m->u.kernel.match; | 618 | par->match = m->u.kernel.match; |
| 617 | par->matchinfo = m->data; | 619 | par->matchinfo = m->data; |
| 618 | 620 | ||
| 619 | ret = xt_check_match(par, NFPROTO_IPV4, m->u.match_size - sizeof(*m), | 621 | ret = xt_check_match(par, m->u.match_size - sizeof(*m), |
| 620 | ip->proto, ip->invflags & IPT_INV_PROTO); | 622 | ip->proto, ip->invflags & IPT_INV_PROTO); |
| 621 | if (ret < 0) { | 623 | if (ret < 0) { |
| 622 | duprintf("ip_tables: check failed for `%s'.\n", | 624 | duprintf("ip_tables: check failed for `%s'.\n", |
| @@ -662,10 +664,11 @@ static int check_target(struct ipt_entry *e, const char *name) | |||
| 662 | .target = t->u.kernel.target, | 664 | .target = t->u.kernel.target, |
| 663 | .targinfo = t->data, | 665 | .targinfo = t->data, |
| 664 | .hook_mask = e->comefrom, | 666 | .hook_mask = e->comefrom, |
| 667 | .family = NFPROTO_IPV4, | ||
| 665 | }; | 668 | }; |
| 666 | int ret; | 669 | int ret; |
| 667 | 670 | ||
| 668 | ret = xt_check_target(&par, NFPROTO_IPV4, t->u.target_size - sizeof(*t), | 671 | ret = xt_check_target(&par, t->u.target_size - sizeof(*t), |
| 669 | e->ip.proto, e->ip.invflags & IPT_INV_PROTO); | 672 | e->ip.proto, e->ip.invflags & IPT_INV_PROTO); |
| 670 | if (ret < 0) { | 673 | if (ret < 0) { |
| 671 | duprintf("ip_tables: check failed for `%s'.\n", | 674 | duprintf("ip_tables: check failed for `%s'.\n", |
| @@ -693,6 +696,7 @@ find_check_entry(struct ipt_entry *e, const char *name, unsigned int size, | |||
| 693 | mtpar.table = name; | 696 | mtpar.table = name; |
| 694 | mtpar.entryinfo = &e->ip; | 697 | mtpar.entryinfo = &e->ip; |
| 695 | mtpar.hook_mask = e->comefrom; | 698 | mtpar.hook_mask = e->comefrom; |
| 699 | mtpar.family = NFPROTO_IPV4; | ||
| 696 | ret = IPT_MATCH_ITERATE(e, find_check_match, &mtpar, &j); | 700 | ret = IPT_MATCH_ITERATE(e, find_check_match, &mtpar, &j); |
| 697 | if (ret != 0) | 701 | if (ret != 0) |
| 698 | goto cleanup_matches; | 702 | goto cleanup_matches; |
| @@ -780,6 +784,7 @@ cleanup_entry(struct ipt_entry *e, unsigned int *i) | |||
| 780 | 784 | ||
| 781 | par.target = t->u.kernel.target; | 785 | par.target = t->u.kernel.target; |
| 782 | par.targinfo = t->data; | 786 | par.targinfo = t->data; |
| 787 | par.family = NFPROTO_IPV4; | ||
| 783 | if (par.target->destroy != NULL) | 788 | if (par.target->destroy != NULL) |
| 784 | par.target->destroy(&par); | 789 | par.target->destroy(&par); |
| 785 | module_put(par.target->me); | 790 | module_put(par.target->me); |
| @@ -1659,6 +1664,7 @@ compat_check_entry(struct ipt_entry *e, const char *name, | |||
| 1659 | mtpar.table = name; | 1664 | mtpar.table = name; |
| 1660 | mtpar.entryinfo = &e->ip; | 1665 | mtpar.entryinfo = &e->ip; |
| 1661 | mtpar.hook_mask = e->comefrom; | 1666 | mtpar.hook_mask = e->comefrom; |
| 1667 | mtpar.family = NFPROTO_IPV4; | ||
| 1662 | ret = IPT_MATCH_ITERATE(e, check_match, &mtpar, &j); | 1668 | ret = IPT_MATCH_ITERATE(e, check_match, &mtpar, &j); |
| 1663 | if (ret) | 1669 | if (ret) |
| 1664 | goto cleanup_matches; | 1670 | goto cleanup_matches; |