aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2008-10-08 05:35:15 -0400
committerPatrick McHardy <kaber@trash.net>2008-10-08 05:35:15 -0400
commit2d06d4a5cc107046508d860a0b47dbc43b829b79 (patch)
treef3ff0b039d27ba0c5b802e6468b8960b943ab8fb /net
parent815377fe344c799228ca6278613ca3100b069ad5 (diff)
netfilter: change Ebtables function signatures to match Xtables's
Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
-rw-r--r--net/bridge/netfilter/ebt_802_3.c18
-rw-r--r--net/bridge/netfilter/ebt_among.c18
-rw-r--r--net/bridge/netfilter/ebt_arp.c18
-rw-r--r--net/bridge/netfilter/ebt_arpreply.c18
-rw-r--r--net/bridge/netfilter/ebt_dnat.c17
-rw-r--r--net/bridge/netfilter/ebt_ip.c19
-rw-r--r--net/bridge/netfilter/ebt_ip6.c19
-rw-r--r--net/bridge/netfilter/ebt_limit.c17
-rw-r--r--net/bridge/netfilter/ebt_log.c17
-rw-r--r--net/bridge/netfilter/ebt_mark.c17
-rw-r--r--net/bridge/netfilter/ebt_mark_m.c17
-rw-r--r--net/bridge/netfilter/ebt_nflog.c21
-rw-r--r--net/bridge/netfilter/ebt_pkttype.c20
-rw-r--r--net/bridge/netfilter/ebt_redirect.c18
-rw-r--r--net/bridge/netfilter/ebt_snat.c17
-rw-r--r--net/bridge/netfilter/ebt_stp.c18
-rw-r--r--net/bridge/netfilter/ebt_ulog.c17
-rw-r--r--net/bridge/netfilter/ebt_vlan.c18
-rw-r--r--net/bridge/netfilter/ebtables.c30
19 files changed, 198 insertions, 156 deletions
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c
index f9876f22757..6f1a69c28ed 100644
--- a/net/bridge/netfilter/ebt_802_3.c
+++ b/net/bridge/netfilter/ebt_802_3.c
@@ -12,9 +12,10 @@
12#include <linux/netfilter_bridge/ebtables.h> 12#include <linux/netfilter_bridge/ebtables.h>
13#include <linux/netfilter_bridge/ebt_802_3.h> 13#include <linux/netfilter_bridge/ebt_802_3.h>
14 14
15static bool ebt_filter_802_3(const struct sk_buff *skb, 15static bool
16 const struct net_device *in, 16ebt_802_3_mt(const struct sk_buff *skb, const struct net_device *in,
17 const struct net_device *out, const void *data, unsigned int datalen) 17 const struct net_device *out, const struct xt_match *match,
18 const void *data, int offset, unsigned int protoff, bool *hotdrop)
18{ 19{
19 const struct ebt_802_3_info *info = data; 20 const struct ebt_802_3_info *info = data;
20 const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb); 21 const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb);
@@ -37,9 +38,10 @@ static bool ebt_filter_802_3(const struct sk_buff *skb,
37 return true; 38 return true;
38} 39}
39 40
40static struct ebt_match filter_802_3; 41static bool
41static bool ebt_802_3_check(const char *tablename, unsigned int hookmask, 42ebt_802_3_mt_check(const char *table, const void *entry,
42 const struct ebt_entry *e, void *data, unsigned int datalen) 43 const struct xt_match *match, void *data,
44 unsigned int hook_mask)
43{ 45{
44 const struct ebt_802_3_info *info = data; 46 const struct ebt_802_3_info *info = data;
45 47
@@ -53,8 +55,8 @@ static struct ebt_match filter_802_3 __read_mostly = {
53 .name = EBT_802_3_MATCH, 55 .name = EBT_802_3_MATCH,
54 .revision = 0, 56 .revision = 0,
55 .family = NFPROTO_BRIDGE, 57 .family = NFPROTO_BRIDGE,
56 .match = ebt_filter_802_3, 58 .match = ebt_802_3_mt,
57 .check = ebt_802_3_check, 59 .checkentry = ebt_802_3_mt_check,
58 .matchsize = XT_ALIGN(sizeof(struct ebt_802_3_info)), 60 .matchsize = XT_ALIGN(sizeof(struct ebt_802_3_info)),
59 .me = THIS_MODULE, 61 .me = THIS_MODULE,
60}; 62};
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
index 88b5c9118a7..84a306f085b 100644
--- a/net/bridge/netfilter/ebt_among.c
+++ b/net/bridge/netfilter/ebt_among.c
@@ -127,10 +127,10 @@ static int get_ip_src(const struct sk_buff *skb, __be32 *addr)
127 return 0; 127 return 0;
128} 128}
129 129
130static bool ebt_filter_among(const struct sk_buff *skb, 130static bool
131 const struct net_device *in, 131ebt_among_mt(const struct sk_buff *skb, const struct net_device *in,
132 const struct net_device *out, const void *data, 132 const struct net_device *out, const struct xt_match *match,
133 unsigned int datalen) 133 const void *data, int offset, unsigned int protoff, bool *hotdrop)
134{ 134{
135 const struct ebt_among_info *info = data; 135 const struct ebt_among_info *info = data;
136 const char *dmac, *smac; 136 const char *dmac, *smac;
@@ -174,9 +174,9 @@ static bool ebt_filter_among(const struct sk_buff *skb,
174} 174}
175 175
176static bool 176static bool
177ebt_among_check(const char *tablename, unsigned int hookmask, 177ebt_among_mt_check(const char *table, const void *entry,
178 const struct ebt_entry *e, void *data, 178 const struct xt_match *match, void *data,
179 unsigned int datalen) 179 unsigned int hook_mask)
180{ 180{
181 const struct ebt_entry_match *em = 181 const struct ebt_entry_match *em =
182 container_of(data, const struct ebt_entry_match, data); 182 container_of(data, const struct ebt_entry_match, data);
@@ -215,8 +215,8 @@ static struct ebt_match filter_among __read_mostly = {
215 .name = EBT_AMONG_MATCH, 215 .name = EBT_AMONG_MATCH,
216 .revision = 0, 216 .revision = 0,
217 .family = NFPROTO_BRIDGE, 217 .family = NFPROTO_BRIDGE,
218 .match = ebt_filter_among, 218 .match = ebt_among_mt,
219 .check = ebt_among_check, 219 .checkentry = ebt_among_mt_check,
220 .matchsize = -1, /* special case */ 220 .matchsize = -1, /* special case */
221 .me = THIS_MODULE, 221 .me = THIS_MODULE,
222}; 222};
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c
index 4a5226cbab8..6e7cd2f5ad7 100644
--- a/net/bridge/netfilter/ebt_arp.c
+++ b/net/bridge/netfilter/ebt_arp.c
@@ -15,9 +15,10 @@
15#include <linux/netfilter_bridge/ebtables.h> 15#include <linux/netfilter_bridge/ebtables.h>
16#include <linux/netfilter_bridge/ebt_arp.h> 16#include <linux/netfilter_bridge/ebt_arp.h>
17 17
18static bool ebt_filter_arp(const struct sk_buff *skb, 18static bool
19 const struct net_device *in, 19ebt_arp_mt(const struct sk_buff *skb, const struct net_device *in,
20 const struct net_device *out, const void *data, unsigned int datalen) 20 const struct net_device *out, const struct xt_match *match,
21 const void *data, int offset, unsigned int protoff, bool *hotdrop)
21{ 22{
22 const struct ebt_arp_info *info = data; 23 const struct ebt_arp_info *info = data;
23 const struct arphdr *ah; 24 const struct arphdr *ah;
@@ -101,10 +102,13 @@ static bool ebt_filter_arp(const struct sk_buff *skb,
101 return true; 102 return true;
102} 103}
103 104
104static bool ebt_arp_check(const char *tablename, unsigned int hookmask, 105static bool
105 const struct ebt_entry *e, void *data, unsigned int datalen) 106ebt_arp_mt_check(const char *table, const void *entry,
107 const struct xt_match *match, void *data,
108 unsigned int hook_mask)
106{ 109{
107 const struct ebt_arp_info *info = data; 110 const struct ebt_arp_info *info = data;
111 const struct ebt_entry *e = entry;
108 112
109 if ((e->ethproto != htons(ETH_P_ARP) && 113 if ((e->ethproto != htons(ETH_P_ARP) &&
110 e->ethproto != htons(ETH_P_RARP)) || 114 e->ethproto != htons(ETH_P_RARP)) ||
@@ -119,8 +123,8 @@ static struct ebt_match filter_arp __read_mostly = {
119 .name = EBT_ARP_MATCH, 123 .name = EBT_ARP_MATCH,
120 .revision = 0, 124 .revision = 0,
121 .family = NFPROTO_BRIDGE, 125 .family = NFPROTO_BRIDGE,
122 .match = ebt_filter_arp, 126 .match = ebt_arp_mt,
123 .check = ebt_arp_check, 127 .checkentry = ebt_arp_mt_check,
124 .matchsize = XT_ALIGN(sizeof(struct ebt_arp_info)), 128 .matchsize = XT_ALIGN(sizeof(struct ebt_arp_info)),
125 .me = THIS_MODULE, 129 .me = THIS_MODULE,
126}; 130};
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c
index 7ab16556800..6f2f6589777 100644
--- a/net/bridge/netfilter/ebt_arpreply.c
+++ b/net/bridge/netfilter/ebt_arpreply.c
@@ -15,9 +15,10 @@
15#include <linux/netfilter_bridge/ebtables.h> 15#include <linux/netfilter_bridge/ebtables.h>
16#include <linux/netfilter_bridge/ebt_arpreply.h> 16#include <linux/netfilter_bridge/ebt_arpreply.h>
17 17
18static unsigned int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr, 18static unsigned int
19 const struct net_device *in, const struct net_device *out, 19ebt_arpreply_tg(struct sk_buff *skb, const struct net_device *in,
20 const void *data, unsigned int datalen) 20 const struct net_device *out, unsigned int hook_nr,
21 const struct xt_target *target, const void *data)
21{ 22{
22 struct ebt_arpreply_info *info = (void *)data; 23 struct ebt_arpreply_info *info = (void *)data;
23 const __be32 *siptr, *diptr; 24 const __be32 *siptr, *diptr;
@@ -58,10 +59,13 @@ static unsigned int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr,
58 return info->target; 59 return info->target;
59} 60}
60 61
61static bool ebt_target_reply_check(const char *tablename, unsigned int hookmask, 62static bool
62 const struct ebt_entry *e, void *data, unsigned int datalen) 63ebt_arpreply_tg_check(const char *tablename, const void *entry,
64 const struct xt_target *target, void *data,
65 unsigned int hookmask)
63{ 66{
64 const struct ebt_arpreply_info *info = data; 67 const struct ebt_arpreply_info *info = data;
68 const struct ebt_entry *e = entry;
65 69
66 if (BASE_CHAIN && info->target == EBT_RETURN) 70 if (BASE_CHAIN && info->target == EBT_RETURN)
67 return false; 71 return false;
@@ -78,8 +82,8 @@ static struct ebt_target reply_target __read_mostly = {
78 .name = EBT_ARPREPLY_TARGET, 82 .name = EBT_ARPREPLY_TARGET,
79 .revision = 0, 83 .revision = 0,
80 .family = NFPROTO_BRIDGE, 84 .family = NFPROTO_BRIDGE,
81 .target = ebt_target_reply, 85 .target = ebt_arpreply_tg,
82 .check = ebt_target_reply_check, 86 .checkentry = ebt_arpreply_tg_check,
83 .targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)), 87 .targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)),
84 .me = THIS_MODULE, 88 .me = THIS_MODULE,
85}; 89};
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c
index 64838e2835a..b7cc013bd37 100644
--- a/net/bridge/netfilter/ebt_dnat.c
+++ b/net/bridge/netfilter/ebt_dnat.c
@@ -14,9 +14,10 @@
14#include <linux/netfilter_bridge/ebtables.h> 14#include <linux/netfilter_bridge/ebtables.h>
15#include <linux/netfilter_bridge/ebt_nat.h> 15#include <linux/netfilter_bridge/ebt_nat.h>
16 16
17static unsigned int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr, 17static unsigned int
18 const struct net_device *in, const struct net_device *out, 18ebt_dnat_tg(struct sk_buff *skb, const struct net_device *in,
19 const void *data, unsigned int datalen) 19 const struct net_device *out, unsigned int hook_nr,
20 const struct xt_target *target, const void *data)
20{ 21{
21 const struct ebt_nat_info *info = data; 22 const struct ebt_nat_info *info = data;
22 23
@@ -27,8 +28,10 @@ static unsigned int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr,
27 return info->target; 28 return info->target;
28} 29}
29 30
30static bool ebt_target_dnat_check(const char *tablename, unsigned int hookmask, 31static bool
31 const struct ebt_entry *e, void *data, unsigned int datalen) 32ebt_dnat_tg_check(const char *tablename, const void *entry,
33 const struct xt_target *target, void *data,
34 unsigned int hookmask)
32{ 35{
33 const struct ebt_nat_info *info = data; 36 const struct ebt_nat_info *info = data;
34 37
@@ -48,8 +51,8 @@ static struct ebt_target dnat __read_mostly = {
48 .name = EBT_DNAT_TARGET, 51 .name = EBT_DNAT_TARGET,
49 .revision = 0, 52 .revision = 0,
50 .family = NFPROTO_BRIDGE, 53 .family = NFPROTO_BRIDGE,
51 .target = ebt_target_dnat, 54 .target = ebt_dnat_tg,
52 .check = ebt_target_dnat_check, 55 .checkentry = ebt_dnat_tg_check,
53 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), 56 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
54 .me = THIS_MODULE, 57 .me = THIS_MODULE,
55}; 58};
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c
index 0bef6f7bc83..e7f3b1776b0 100644
--- a/net/bridge/netfilter/ebt_ip.c
+++ b/net/bridge/netfilter/ebt_ip.c
@@ -24,10 +24,10 @@ struct tcpudphdr {
24 __be16 dst; 24 __be16 dst;
25}; 25};
26 26
27static bool ebt_filter_ip(const struct sk_buff *skb, 27static bool
28 const struct net_device *in, 28ebt_ip_mt(const struct sk_buff *skb, const struct net_device *in,
29 const struct net_device *out, const void *data, 29 const struct net_device *out, const struct xt_match *match,
30 unsigned int datalen) 30 const void *data, int offset, unsigned int protoff, bool *hotdrop)
31{ 31{
32 const struct ebt_ip_info *info = data; 32 const struct ebt_ip_info *info = data;
33 const struct iphdr *ih; 33 const struct iphdr *ih;
@@ -79,10 +79,13 @@ static bool ebt_filter_ip(const struct sk_buff *skb,
79 return true; 79 return true;
80} 80}
81 81
82static bool ebt_ip_check(const char *tablename, unsigned int hookmask, 82static bool
83 const struct ebt_entry *e, void *data, unsigned int datalen) 83ebt_ip_mt_check(const char *table, const void *entry,
84 const struct xt_match *match, void *data,
85 unsigned int hook_mask)
84{ 86{
85 const struct ebt_ip_info *info = data; 87 const struct ebt_ip_info *info = data;
88 const struct ebt_entry *e = entry;
86 89
87 if (e->ethproto != htons(ETH_P_IP) || 90 if (e->ethproto != htons(ETH_P_IP) ||
88 e->invflags & EBT_IPROTO) 91 e->invflags & EBT_IPROTO)
@@ -110,8 +113,8 @@ static struct ebt_match filter_ip __read_mostly = {
110 .name = EBT_IP_MATCH, 113 .name = EBT_IP_MATCH,
111 .revision = 0, 114 .revision = 0,
112 .family = NFPROTO_BRIDGE, 115 .family = NFPROTO_BRIDGE,
113 .match = ebt_filter_ip, 116 .match = ebt_ip_mt,
114 .check = ebt_ip_check, 117 .checkentry = ebt_ip_mt_check,
115 .matchsize = XT_ALIGN(sizeof(struct ebt_ip_info)), 118 .matchsize = XT_ALIGN(sizeof(struct ebt_ip_info)),
116 .me = THIS_MODULE, 119 .me = THIS_MODULE,
117}; 120};
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
index afcabe205b8..807685da293 100644
--- a/net/bridge/netfilter/ebt_ip6.c
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -27,10 +27,10 @@ struct tcpudphdr {
27 __be16 dst; 27 __be16 dst;
28}; 28};
29 29
30static bool ebt_filter_ip6(const struct sk_buff *skb, 30static bool
31 const struct net_device *in, 31ebt_ip6_mt(const struct sk_buff *skb, const struct net_device *in,
32 const struct net_device *out, const void *data, 32 const struct net_device *out, const struct xt_match *match,
33 unsigned int datalen) 33 const void *data, int offset, unsigned int protoff, bool *hotdrop)
34{ 34{
35 const struct ebt_ip6_info *info = (struct ebt_ip6_info *)data; 35 const struct ebt_ip6_info *info = (struct ebt_ip6_info *)data;
36 const struct ipv6hdr *ih6; 36 const struct ipv6hdr *ih6;
@@ -92,9 +92,12 @@ static bool ebt_filter_ip6(const struct sk_buff *skb,
92 return true; 92 return true;
93} 93}
94 94
95static bool ebt_ip6_check(const char *tablename, unsigned int hookmask, 95static bool
96 const struct ebt_entry *e, void *data, unsigned int datalen) 96ebt_ip6_mt_check(const char *table, const void *entry,
97 const struct xt_match *match, void *data,
98 unsigned int hook_mask)
97{ 99{
100 const struct ebt_entry *e = entry;
98 struct ebt_ip6_info *info = (struct ebt_ip6_info *)data; 101 struct ebt_ip6_info *info = (struct ebt_ip6_info *)data;
99 102
100 if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO) 103 if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO)
@@ -123,8 +126,8 @@ static struct ebt_match filter_ip6 =
123 .name = EBT_IP6_MATCH, 126 .name = EBT_IP6_MATCH,
124 .revision = 0, 127 .revision = 0,
125 .family = NFPROTO_BRIDGE, 128 .family = NFPROTO_BRIDGE,
126 .match = ebt_filter_ip6, 129 .match = ebt_ip6_mt,
127 .check = ebt_ip6_check, 130 .checkentry = ebt_ip6_mt_check,
128 .matchsize = XT_ALIGN(sizeof(struct ebt_ip6_info)), 131 .matchsize = XT_ALIGN(sizeof(struct ebt_ip6_info)),
129 .me = THIS_MODULE, 132 .me = THIS_MODULE,
130}; 133};
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
index 9ca0a2564c8..d3372739227 100644
--- a/net/bridge/netfilter/ebt_limit.c
+++ b/net/bridge/netfilter/ebt_limit.c
@@ -30,9 +30,10 @@ static DEFINE_SPINLOCK(limit_lock);
30 30
31#define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ) 31#define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ)
32 32
33static bool ebt_limit_match(const struct sk_buff *skb, 33static bool
34 const struct net_device *in, const struct net_device *out, 34ebt_limit_mt(const struct sk_buff *skb, const struct net_device *in,
35 const void *data, unsigned int datalen) 35 const struct net_device *out, const struct xt_match *match,
36 const void *data, int offset, unsigned int protoff, bool *hotdrop)
36{ 37{
37 struct ebt_limit_info *info = (struct ebt_limit_info *)data; 38 struct ebt_limit_info *info = (struct ebt_limit_info *)data;
38 unsigned long now = jiffies; 39 unsigned long now = jiffies;
@@ -65,8 +66,10 @@ user2credits(u_int32_t user)
65 return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE; 66 return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE;
66} 67}
67 68
68static bool ebt_limit_check(const char *tablename, unsigned int hookmask, 69static bool
69 const struct ebt_entry *e, void *data, unsigned int datalen) 70ebt_limit_mt_check(const char *table, const void *e,
71 const struct xt_match *match, void *data,
72 unsigned int hook_mask)
70{ 73{
71 struct ebt_limit_info *info = data; 74 struct ebt_limit_info *info = data;
72 75
@@ -90,8 +93,8 @@ static struct ebt_match ebt_limit_reg __read_mostly = {
90 .name = EBT_LIMIT_MATCH, 93 .name = EBT_LIMIT_MATCH,
91 .revision = 0, 94 .revision = 0,
92 .family = NFPROTO_BRIDGE, 95 .family = NFPROTO_BRIDGE,
93 .match = ebt_limit_match, 96 .match = ebt_limit_mt,
94 .check = ebt_limit_check, 97 .checkentry = ebt_limit_mt_check,
95 .matchsize = XT_ALIGN(sizeof(struct ebt_limit_info)), 98 .matchsize = XT_ALIGN(sizeof(struct ebt_limit_info)),
96 .me = THIS_MODULE, 99 .me = THIS_MODULE,
97}; 100};
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index c2e1c357025..424dfdf7f27 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -24,8 +24,10 @@
24 24
25static DEFINE_SPINLOCK(ebt_log_lock); 25static DEFINE_SPINLOCK(ebt_log_lock);
26 26
27static bool ebt_log_check(const char *tablename, unsigned int hookmask, 27static bool
28 const struct ebt_entry *e, void *data, unsigned int datalen) 28ebt_log_tg_check(const char *table, const void *entry,
29 const struct xt_target *target, void *data,
30 unsigned int hook_mask)
29{ 31{
30 struct ebt_log_info *info = data; 32 struct ebt_log_info *info = data;
31 33
@@ -192,9 +194,10 @@ out:
192 194
193} 195}
194 196
195static unsigned int ebt_log(const struct sk_buff *skb, unsigned int hooknr, 197static unsigned int
196 const struct net_device *in, const struct net_device *out, 198ebt_log_tg(struct sk_buff *skb, const struct net_device *in,
197 const void *data, unsigned int datalen) 199 const struct net_device *out, unsigned int hooknr,
200 const struct xt_target *target, const void *data)
198{ 201{
199 const struct ebt_log_info *info = data; 202 const struct ebt_log_info *info = data;
200 struct nf_loginfo li; 203 struct nf_loginfo li;
@@ -217,8 +220,8 @@ static struct ebt_watcher log =
217 .name = EBT_LOG_WATCHER, 220 .name = EBT_LOG_WATCHER,
218 .revision = 0, 221 .revision = 0,
219 .family = NFPROTO_BRIDGE, 222 .family = NFPROTO_BRIDGE,
220 .watcher = ebt_log, 223 .target = ebt_log_tg,
221 .check = ebt_log_check, 224 .checkentry = ebt_log_tg_check,
222 .targetsize = XT_ALIGN(sizeof(struct ebt_log_info)), 225 .targetsize = XT_ALIGN(sizeof(struct ebt_log_info)),
223 .me = THIS_MODULE, 226 .me = THIS_MODULE,
224}; 227};
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c
index 910721a1267..92c67271bd8 100644
--- a/net/bridge/netfilter/ebt_mark.c
+++ b/net/bridge/netfilter/ebt_mark.c
@@ -18,9 +18,10 @@
18#include <linux/netfilter_bridge/ebtables.h> 18#include <linux/netfilter_bridge/ebtables.h>
19#include <linux/netfilter_bridge/ebt_mark_t.h> 19#include <linux/netfilter_bridge/ebt_mark_t.h>
20 20
21static unsigned int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr, 21static unsigned int
22 const struct net_device *in, const struct net_device *out, 22ebt_mark_tg(struct sk_buff *skb, const struct net_device *in,
23 const void *data, unsigned int datalen) 23 const struct net_device *out, unsigned int hook_nr,
24 const struct xt_target *target, const void *data)
24{ 25{
25 const struct ebt_mark_t_info *info = data; 26 const struct ebt_mark_t_info *info = data;
26 int action = info->target & -16; 27 int action = info->target & -16;
@@ -37,8 +38,10 @@ static unsigned int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr,
37 return info->target | ~EBT_VERDICT_BITS; 38 return info->target | ~EBT_VERDICT_BITS;
38} 39}
39 40
40static bool ebt_target_mark_check(const char *tablename, unsigned int hookmask, 41static bool
41 const struct ebt_entry *e, void *data, unsigned int datalen) 42ebt_mark_tg_check(const char *table, const void *e,
43 const struct xt_target *target, void *data,
44 unsigned int hookmask)
42{ 45{
43 const struct ebt_mark_t_info *info = data; 46 const struct ebt_mark_t_info *info = data;
44 int tmp; 47 int tmp;
@@ -60,8 +63,8 @@ static struct ebt_target mark_target __read_mostly = {
60 .name = EBT_MARK_TARGET, 63 .name = EBT_MARK_TARGET,
61 .revision = 0, 64 .revision = 0,
62 .family = NFPROTO_BRIDGE, 65 .family = NFPROTO_BRIDGE,
63 .target = ebt_target_mark, 66 .target = ebt_mark_tg,
64 .check = ebt_target_mark_check, 67 .checkentry = ebt_mark_tg_check,
65 .targetsize = XT_ALIGN(sizeof(struct ebt_mark_t_info)), 68 .targetsize = XT_ALIGN(sizeof(struct ebt_mark_t_info)),
66 .me = THIS_MODULE, 69 .me = THIS_MODULE,
67}; 70};
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c
index 6512ad9b409..db64a0de4f7 100644
--- a/net/bridge/netfilter/ebt_mark_m.c
+++ b/net/bridge/netfilter/ebt_mark_m.c
@@ -12,9 +12,10 @@
12#include <linux/netfilter_bridge/ebtables.h> 12#include <linux/netfilter_bridge/ebtables.h>
13#include <linux/netfilter_bridge/ebt_mark_m.h> 13#include <linux/netfilter_bridge/ebt_mark_m.h>
14 14
15static bool ebt_filter_mark(const struct sk_buff *skb, 15static bool
16 const struct net_device *in, const struct net_device *out, const void *data, 16ebt_mark_mt(const struct sk_buff *skb, const struct net_device *in,
17 unsigned int datalen) 17 const struct net_device *out, const struct xt_match *match,
18 const void *data, int offset, unsigned int protoff, bool *hotdrop)
18{ 19{
19 const struct ebt_mark_m_info *info = data; 20 const struct ebt_mark_m_info *info = data;
20 21
@@ -23,8 +24,10 @@ static bool ebt_filter_mark(const struct sk_buff *skb,
23 return ((skb->mark & info->mask) == info->mark) ^ info->invert; 24 return ((skb->mark & info->mask) == info->mark) ^ info->invert;
24} 25}
25 26
26static bool ebt_mark_check(const char *tablename, unsigned int hookmask, 27static bool
27 const struct ebt_entry *e, void *data, unsigned int datalen) 28ebt_mark_mt_check(const char *table, const void *e,
29 const struct xt_match *match, void *data,
30 unsigned int hook_mask)
28{ 31{
29 const struct ebt_mark_m_info *info = data; 32 const struct ebt_mark_m_info *info = data;
30 33
@@ -41,8 +44,8 @@ static struct ebt_match filter_mark __read_mostly = {
41 .name = EBT_MARK_MATCH, 44 .name = EBT_MARK_MATCH,
42 .revision = 0, 45 .revision = 0,
43 .family = NFPROTO_BRIDGE, 46 .family = NFPROTO_BRIDGE,
44 .match = ebt_filter_mark, 47 .match = ebt_mark_mt,
45 .check = ebt_mark_check, 48 .checkentry = ebt_mark_mt_check,
46 .matchsize = XT_ALIGN(sizeof(struct ebt_mark_m_info)), 49 .matchsize = XT_ALIGN(sizeof(struct ebt_mark_m_info)),
47 .me = THIS_MODULE, 50 .me = THIS_MODULE,
48}; 51};
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c
index aa0410c69a6..b415f887188 100644
--- a/net/bridge/netfilter/ebt_nflog.c
+++ b/net/bridge/netfilter/ebt_nflog.c
@@ -19,11 +19,10 @@
19#include <linux/netfilter_bridge/ebt_nflog.h> 19#include <linux/netfilter_bridge/ebt_nflog.h>
20#include <net/netfilter/nf_log.h> 20#include <net/netfilter/nf_log.h>
21 21
22static unsigned int ebt_nflog(const struct sk_buff *skb, 22static unsigned int
23 unsigned int hooknr, 23ebt_nflog_tg(struct sk_buff *skb, const struct net_device *in,
24 const struct net_device *in, 24 const struct net_device *out, unsigned int hooknr,
25 const struct net_device *out, 25 const struct xt_target *target, const void *data)
26 const void *data, unsigned int datalen)
27{ 26{
28 struct ebt_nflog_info *info = (struct ebt_nflog_info *)data; 27 struct ebt_nflog_info *info = (struct ebt_nflog_info *)data;
29 struct nf_loginfo li; 28 struct nf_loginfo li;
@@ -37,10 +36,10 @@ static unsigned int ebt_nflog(const struct sk_buff *skb,
37 return EBT_CONTINUE; 36 return EBT_CONTINUE;
38} 37}
39 38
40static bool ebt_nflog_check(const char *tablename, 39static bool
41 unsigned int hookmask, 40ebt_nflog_tg_check(const char *table, const void *e,
42 const struct ebt_entry *e, 41 const struct xt_target *target, void *data,
43 void *data, unsigned int datalen) 42 unsigned int hookmask)
44{ 43{
45 struct ebt_nflog_info *info = (struct ebt_nflog_info *)data; 44 struct ebt_nflog_info *info = (struct ebt_nflog_info *)data;
46 45
@@ -54,8 +53,8 @@ static struct ebt_watcher nflog __read_mostly = {
54 .name = EBT_NFLOG_WATCHER, 53 .name = EBT_NFLOG_WATCHER,
55 .revision = 0, 54 .revision = 0,
56 .family = NFPROTO_BRIDGE, 55 .family = NFPROTO_BRIDGE,
57 .watcher = ebt_nflog, 56 .target = ebt_nflog_tg,
58 .check = ebt_nflog_check, 57 .checkentry = ebt_nflog_tg_check,
59 .targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)), 58 .targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)),
60 .me = THIS_MODULE, 59 .me = THIS_MODULE,
61}; 60};
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c
index a9acecc88e9..06393452ef9 100644
--- a/net/bridge/netfilter/ebt_pkttype.c
+++ b/net/bridge/netfilter/ebt_pkttype.c
@@ -12,19 +12,21 @@
12#include <linux/netfilter_bridge/ebtables.h> 12#include <linux/netfilter_bridge/ebtables.h>
13#include <linux/netfilter_bridge/ebt_pkttype.h> 13#include <linux/netfilter_bridge/ebt_pkttype.h>
14 14
15static bool ebt_filter_pkttype(const struct sk_buff *skb, 15static bool
16 const struct net_device *in, 16ebt_pkttype_mt(const struct sk_buff *skb, const struct net_device *in,
17 const struct net_device *out, 17 const struct net_device *out, const struct xt_match *match,
18 const void *data, 18 const void *data, int offset, unsigned int protoff,
19 unsigned int datalen) 19 bool *hotdrop)
20{ 20{
21 const struct ebt_pkttype_info *info = data; 21 const struct ebt_pkttype_info *info = data;
22 22
23 return (skb->pkt_type == info->pkt_type) ^ info->invert; 23 return (skb->pkt_type == info->pkt_type) ^ info->invert;
24} 24}
25 25
26static bool ebt_pkttype_check(const char *tablename, unsigned int hookmask, 26static bool
27 const struct ebt_entry *e, void *data, unsigned int datalen) 27ebt_pkttype_mt_check(const char *table, const void *e,
28 const struct xt_match *match, void *data,
29 unsigned int hook_mask)
28{ 30{
29 const struct ebt_pkttype_info *info = data; 31 const struct ebt_pkttype_info *info = data;
30 32
@@ -38,8 +40,8 @@ static struct ebt_match filter_pkttype __read_mostly = {
38 .name = EBT_PKTTYPE_MATCH, 40 .name = EBT_PKTTYPE_MATCH,
39 .revision = 0, 41 .revision = 0,
40 .family = NFPROTO_BRIDGE, 42 .family = NFPROTO_BRIDGE,
41 .match = ebt_filter_pkttype, 43 .match = ebt_pkttype_mt,
42 .check = ebt_pkttype_check, 44 .checkentry = ebt_pkttype_mt_check,
43 .matchsize = XT_ALIGN(sizeof(struct ebt_pkttype_info)), 45 .matchsize = XT_ALIGN(sizeof(struct ebt_pkttype_info)),
44 .me = THIS_MODULE, 46 .me = THIS_MODULE,
45}; 47};
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c
index 4c628108bcd..e9540cf4f6d 100644
--- a/net/bridge/netfilter/ebt_redirect.c
+++ b/net/bridge/netfilter/ebt_redirect.c
@@ -15,10 +15,10 @@
15#include <linux/netfilter_bridge/ebtables.h> 15#include <linux/netfilter_bridge/ebtables.h>
16#include <linux/netfilter_bridge/ebt_redirect.h> 16#include <linux/netfilter_bridge/ebt_redirect.h>
17 17
18static unsigned int ebt_target_redirect(struct sk_buff *skb, 18static unsigned int
19 unsigned int hooknr, 19ebt_redirect_tg(struct sk_buff *skb, const struct net_device *in,
20 const struct net_device *in, const struct net_device *out, 20 const struct net_device *out, unsigned int hooknr,
21 const void *data, unsigned int datalen) 21 const struct xt_target *target, const void *data)
22{ 22{
23 const struct ebt_redirect_info *info = data; 23 const struct ebt_redirect_info *info = data;
24 24
@@ -34,8 +34,10 @@ static unsigned int ebt_target_redirect(struct sk_buff *skb,
34 return info->target; 34 return info->target;
35} 35}
36 36
37static bool ebt_target_redirect_check(const char *tablename, unsigned int hookmask, 37static bool
38 const struct ebt_entry *e, void *data, unsigned int datalen) 38ebt_redirect_tg_check(const char *tablename, const void *e,
39 const struct xt_target *target, void *data,
40 unsigned int hookmask)
39{ 41{
40 const struct ebt_redirect_info *info = data; 42 const struct ebt_redirect_info *info = data;
41 43
@@ -54,8 +56,8 @@ static struct ebt_target redirect_target __read_mostly = {
54 .name = EBT_REDIRECT_TARGET, 56 .name = EBT_REDIRECT_TARGET,
55 .revision = 0, 57 .revision = 0,
56 .family = NFPROTO_BRIDGE, 58 .family = NFPROTO_BRIDGE,
57 .target = ebt_target_redirect, 59 .target = ebt_redirect_tg,
58 .check = ebt_target_redirect_check, 60 .checkentry = ebt_redirect_tg_check,
59 .targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)), 61 .targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)),
60 .me = THIS_MODULE, 62 .me = THIS_MODULE,
61}; 63};
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c
index 0e83de781c0..363d0051e04 100644
--- a/net/bridge/netfilter/ebt_snat.c
+++ b/net/bridge/netfilter/ebt_snat.c
@@ -16,9 +16,10 @@
16#include <linux/netfilter_bridge/ebtables.h> 16#include <linux/netfilter_bridge/ebtables.h>
17#include <linux/netfilter_bridge/ebt_nat.h> 17#include <linux/netfilter_bridge/ebt_nat.h>
18 18
19static unsigned int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr, 19static unsigned int
20 const struct net_device *in, const struct net_device *out, 20ebt_snat_tg(struct sk_buff *skb, const struct net_device *in,
21 const void *data, unsigned int datalen) 21 const struct net_device *out, unsigned int hook_nr,
22 const struct xt_target *target, const void *data)
22{ 23{
23 const struct ebt_nat_info *info = data; 24 const struct ebt_nat_info *info = data;
24 25
@@ -43,8 +44,10 @@ out:
43 return info->target | ~EBT_VERDICT_BITS; 44 return info->target | ~EBT_VERDICT_BITS;
44} 45}
45 46
46static bool ebt_target_snat_check(const char *tablename, unsigned int hookmask, 47static bool
47 const struct ebt_entry *e, void *data, unsigned int datalen) 48ebt_snat_tg_check(const char *tablename, const void *e,
49 const struct xt_target *target, void *data,
50 unsigned int hookmask)
48{ 51{
49 const struct ebt_nat_info *info = data; 52 const struct ebt_nat_info *info = data;
50 int tmp; 53 int tmp;
@@ -70,8 +73,8 @@ static struct ebt_target snat __read_mostly = {
70 .name = EBT_SNAT_TARGET, 73 .name = EBT_SNAT_TARGET,
71 .revision = 0, 74 .revision = 0,
72 .family = NFPROTO_BRIDGE, 75 .family = NFPROTO_BRIDGE,
73 .target = ebt_target_snat, 76 .target = ebt_snat_tg,
74 .check = ebt_target_snat_check, 77 .checkentry = ebt_snat_tg_check,
75 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), 78 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
76 .me = THIS_MODULE, 79 .me = THIS_MODULE,
77}; 80};
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c
index e6d8f0c140a..7576d1d62a4 100644
--- a/net/bridge/netfilter/ebt_stp.c
+++ b/net/bridge/netfilter/ebt_stp.c
@@ -119,9 +119,10 @@ static bool ebt_filter_config(const struct ebt_stp_info *info,
119 return true; 119 return true;
120} 120}
121 121
122static bool ebt_filter_stp(const struct sk_buff *skb, 122static bool
123 const struct net_device *in, 123ebt_stp_mt(const struct sk_buff *skb, const struct net_device *in,
124 const struct net_device *out, const void *data, unsigned int datalen) 124 const struct net_device *out, const struct xt_match *match,
125 const void *data, int offset, unsigned int protoff, bool *hotdrop)
125{ 126{
126 const struct ebt_stp_info *info = data; 127 const struct ebt_stp_info *info = data;
127 const struct stp_header *sp; 128 const struct stp_header *sp;
@@ -154,12 +155,15 @@ static bool ebt_filter_stp(const struct sk_buff *skb,
154 return true; 155 return true;
155} 156}
156 157
157static bool ebt_stp_check(const char *tablename, unsigned int hookmask, 158static bool
158 const struct ebt_entry *e, void *data, unsigned int datalen) 159ebt_stp_mt_check(const char *table, const void *entry,
160 const struct xt_match *match, void *data,
161 unsigned int hook_mask)
159{ 162{
160 const struct ebt_stp_info *info = data; 163 const struct ebt_stp_info *info = data;
161 const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00}; 164 const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00};
162 const uint8_t msk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 165 const uint8_t msk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
166 const struct ebt_entry *e = entry;
163 167
164 if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || 168 if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK ||
165 !(info->bitmask & EBT_STP_MASK)) 169 !(info->bitmask & EBT_STP_MASK))
@@ -176,8 +180,8 @@ static struct ebt_match filter_stp __read_mostly = {
176 .name = EBT_STP_MATCH, 180 .name = EBT_STP_MATCH,
177 .revision = 0, 181 .revision = 0,
178 .family = NFPROTO_BRIDGE, 182 .family = NFPROTO_BRIDGE,
179 .match = ebt_filter_stp, 183 .match = ebt_stp_mt,
180 .check = ebt_stp_check, 184 .checkentry = ebt_stp_mt_check,
181 .matchsize = XT_ALIGN(sizeof(struct ebt_stp_info)), 185 .matchsize = XT_ALIGN(sizeof(struct ebt_stp_info)),
182 .me = THIS_MODULE, 186 .me = THIS_MODULE,
183}; 187};
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
index 076b44590f1..77ff9c46b26 100644
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -246,9 +246,10 @@ static void ebt_log_packet(u_int8_t pf, unsigned int hooknum,
246 ebt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix); 246 ebt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
247} 247}
248 248
249static unsigned int ebt_ulog(const struct sk_buff *skb, unsigned int hooknr, 249static unsigned int
250 const struct net_device *in, const struct net_device *out, 250ebt_ulog_tg(struct sk_buff *skb, const struct net_device *in,
251 const void *data, unsigned int datalen) 251 const struct net_device *out, unsigned int hooknr,
252 const struct xt_target *target, const void *data)
252{ 253{
253 const struct ebt_ulog_info *uloginfo = data; 254 const struct ebt_ulog_info *uloginfo = data;
254 255
@@ -256,8 +257,10 @@ static unsigned int ebt_ulog(const struct sk_buff *skb, unsigned int hooknr,
256 return EBT_CONTINUE; 257 return EBT_CONTINUE;
257} 258}
258 259
259static bool ebt_ulog_check(const char *tablename, unsigned int hookmask, 260static bool
260 const struct ebt_entry *e, void *data, unsigned int datalen) 261ebt_ulog_tg_check(const char *table, const void *entry,
262 const struct xt_target *target, void *data,
263 unsigned int hookmask)
261{ 264{
262 struct ebt_ulog_info *uloginfo = data; 265 struct ebt_ulog_info *uloginfo = data;
263 266
@@ -276,8 +279,8 @@ static struct ebt_watcher ulog __read_mostly = {
276 .name = EBT_ULOG_WATCHER, 279 .name = EBT_ULOG_WATCHER,
277 .revision = 0, 280 .revision = 0,
278 .family = NFPROTO_BRIDGE, 281 .family = NFPROTO_BRIDGE,
279 .watcher = ebt_ulog, 282 .target = ebt_ulog_tg,
280 .check = ebt_ulog_check, 283 .checkentry = ebt_ulog_tg_check,
281 .targetsize = XT_ALIGN(sizeof(struct ebt_ulog_info)), 284 .targetsize = XT_ALIGN(sizeof(struct ebt_ulog_info)),
282 .me = THIS_MODULE, 285 .me = THIS_MODULE,
283}; 286};
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c
index 9e3a39ae466..3af688b0fc3 100644
--- a/net/bridge/netfilter/ebt_vlan.c
+++ b/net/bridge/netfilter/ebt_vlan.c
@@ -41,10 +41,9 @@ MODULE_LICENSE("GPL");
41#define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; } 41#define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; }
42 42
43static bool 43static bool
44ebt_filter_vlan(const struct sk_buff *skb, 44ebt_vlan_mt(const struct sk_buff *skb, const struct net_device *in,
45 const struct net_device *in, 45 const struct net_device *out, const struct xt_match *match,
46 const struct net_device *out, 46 const void *data, int offset, unsigned int protoff, bool *hotdrop)
47 const void *data, unsigned int datalen)
48{ 47{
49 const struct ebt_vlan_info *info = data; 48 const struct ebt_vlan_info *info = data;
50 const struct vlan_hdr *fp; 49 const struct vlan_hdr *fp;
@@ -88,11 +87,12 @@ ebt_filter_vlan(const struct sk_buff *skb,
88} 87}
89 88
90static bool 89static bool
91ebt_check_vlan(const char *tablename, 90ebt_vlan_mt_check(const char *table, const void *entry,
92 unsigned int hooknr, 91 const struct xt_match *match, void *data,
93 const struct ebt_entry *e, void *data, unsigned int datalen) 92 unsigned int hook_mask)
94{ 93{
95 struct ebt_vlan_info *info = data; 94 struct ebt_vlan_info *info = data;
95 const struct ebt_entry *e = entry;
96 96
97 /* Is it 802.1Q frame checked? */ 97 /* Is it 802.1Q frame checked? */
98 if (e->ethproto != htons(ETH_P_8021Q)) { 98 if (e->ethproto != htons(ETH_P_8021Q)) {
@@ -166,8 +166,8 @@ static struct ebt_match filter_vlan __read_mostly = {
166 .name = EBT_VLAN_MATCH, 166 .name = EBT_VLAN_MATCH,
167 .revision = 0, 167 .revision = 0,
168 .family = NFPROTO_BRIDGE, 168 .family = NFPROTO_BRIDGE,
169 .match = ebt_filter_vlan, 169 .match = ebt_vlan_mt,
170 .check = ebt_check_vlan, 170 .checkentry = ebt_vlan_mt_check,
171 .matchsize = XT_ALIGN(sizeof(struct ebt_vlan_info)), 171 .matchsize = XT_ALIGN(sizeof(struct ebt_vlan_info)),
172 .me = THIS_MODULE, 172 .me = THIS_MODULE,
173}; 173};
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index bc4b3f4f37c..340e1c6bdcb 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -67,11 +67,10 @@ static struct ebt_target ebt_standard_target = {
67}; 67};
68 68
69static inline int ebt_do_watcher (struct ebt_entry_watcher *w, 69static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
70 const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, 70 struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
71 const struct net_device *out) 71 const struct net_device *out)
72{ 72{
73 w->u.watcher->watcher(skb, hooknr, in, out, w->data, 73 w->u.watcher->target(skb, in, out, hooknr, NULL, w->data);
74 w->watcher_size);
75 /* watchers don't give a verdict */ 74 /* watchers don't give a verdict */
76 return 0; 75 return 0;
77} 76}
@@ -80,8 +79,7 @@ static inline int ebt_do_match (struct ebt_entry_match *m,
80 const struct sk_buff *skb, const struct net_device *in, 79 const struct sk_buff *skb, const struct net_device *in,
81 const struct net_device *out) 80 const struct net_device *out)
82{ 81{
83 return m->u.match->match(skb, in, out, m->data, 82 return m->u.match->match(skb, in, out, NULL, m->data, 0, 0, NULL);
84 m->match_size);
85} 83}
86 84
87static inline int ebt_dev_check(char *entry, const struct net_device *device) 85static inline int ebt_dev_check(char *entry, const struct net_device *device)
@@ -195,8 +193,8 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
195 if (!t->u.target->target) 193 if (!t->u.target->target)
196 verdict = ((struct ebt_standard_target *)t)->verdict; 194 verdict = ((struct ebt_standard_target *)t)->verdict;
197 else 195 else
198 verdict = t->u.target->target(skb, hook, 196 verdict = t->u.target->target(skb, in, out, hook,
199 in, out, t->data, t->target_size); 197 NULL, t->data);
200 if (verdict == EBT_ACCEPT) { 198 if (verdict == EBT_ACCEPT) {
201 read_unlock_bh(&table->lock); 199 read_unlock_bh(&table->lock);
202 return NF_ACCEPT; 200 return NF_ACCEPT;
@@ -376,8 +374,8 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
376 match->name, XT_ALIGN(match->matchsize), m->match_size); 374 match->name, XT_ALIGN(match->matchsize), m->match_size);
377 goto out; 375 goto out;
378 } 376 }
379 if (match->check && 377 if (match->checkentry &&
380 !match->check(name, hookmask, e, m->data, m->match_size)) { 378 !match->checkentry(name, e, NULL, m->data, hookmask)) {
381 BUGPRINT("match->check failed\n"); 379 BUGPRINT("match->check failed\n");
382 goto out; 380 goto out;
383 } 381 }
@@ -426,8 +424,8 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
426 w->watcher_size); 424 w->watcher_size);
427 goto out; 425 goto out;
428 } 426 }
429 if (watcher->check && 427 if (watcher->checkentry &&
430 !watcher->check(name, hookmask, e, w->data, w->watcher_size)) { 428 !watcher->checkentry(name, e, NULL, w->data, hookmask)) {
431 BUGPRINT("watcher->check failed\n"); 429 BUGPRINT("watcher->check failed\n");
432 goto out; 430 goto out;
433 } 431 }
@@ -609,7 +607,7 @@ ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
609 if (i && (*i)-- == 0) 607 if (i && (*i)-- == 0)
610 return 1; 608 return 1;
611 if (m->u.match->destroy) 609 if (m->u.match->destroy)
612 m->u.match->destroy(m->data, m->match_size); 610 m->u.match->destroy(NULL, m->data);
613 module_put(m->u.match->me); 611 module_put(m->u.match->me);
614 612
615 return 0; 613 return 0;
@@ -621,7 +619,7 @@ ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
621 if (i && (*i)-- == 0) 619 if (i && (*i)-- == 0)
622 return 1; 620 return 1;
623 if (w->u.watcher->destroy) 621 if (w->u.watcher->destroy)
624 w->u.watcher->destroy(w->data, w->watcher_size); 622 w->u.watcher->destroy(NULL, w->data);
625 module_put(w->u.watcher->me); 623 module_put(w->u.watcher->me);
626 624
627 return 0; 625 return 0;
@@ -641,7 +639,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
641 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); 639 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
642 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 640 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
643 if (t->u.target->destroy) 641 if (t->u.target->destroy)
644 t->u.target->destroy(t->data, t->target_size); 642 t->u.target->destroy(NULL, t->data);
645 module_put(t->u.target->me); 643 module_put(t->u.target->me);
646 644
647 return 0; 645 return 0;
@@ -755,8 +753,8 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
755 module_put(t->u.target->me); 753 module_put(t->u.target->me);
756 ret = -EINVAL; 754 ret = -EINVAL;
757 goto cleanup_watchers; 755 goto cleanup_watchers;
758 } else if (t->u.target->check && 756 } else if (t->u.target->checkentry &&
759 !t->u.target->check(name, hookmask, e, t->data, t->target_size)) { 757 !t->u.target->checkentry(name, e, NULL, t->data, hookmask)) {
760 module_put(t->u.target->me); 758 module_put(t->u.target->me);
761 ret = -EFAULT; 759 ret = -EFAULT;
762 goto cleanup_watchers; 760 goto cleanup_watchers;