11 files changed, 30 insertions, 47 deletions
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c
index 6fc2a59e09a..c9e1bc14951 100644
--- a/net/bridge/netfilter/ebt_802_3.c
+++ b/net/bridge/netfilter/ebt_802_3.c
@@ -13,11 +13,9 @@
 #include <linux/netfilter_bridge/ebt_802_3.h>
 static bool
-ebt_802_3_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_802_3_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-             const struct net_device *out, const struct xt_match *match,
-             const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        const struct ebt_802_3_info *info = data;
+        const struct ebt_802_3_info *info = par->matchinfo;
        const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb);
        __be16 type = hdr->llc.ui.ctrl & IS_UI ? hdr->llc.ui.type : hdr->llc.ni.type;
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
index 084559e1840..0ad0db3e815 100644
--- a/net/bridge/netfilter/ebt_among.c
+++ b/net/bridge/netfilter/ebt_among.c
@@ -128,11 +128,9 @@ static int get_ip_src(const struct sk_buff *skb, __be32 *addr)
 }
 static bool
-ebt_among_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_among_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-             const struct net_device *out, const struct xt_match *match,
-             const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        const struct ebt_among_info *info = data;
+        const struct ebt_among_info *info = par->matchinfo;
        const char *dmac, *smac;
        const struct ebt_mac_wormhash *wh_dst, *wh_src;
        __be32 dip = 0, sip = 0;
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c
index a073dffe7a1..1ff8fa3a9e7 100644
--- a/net/bridge/netfilter/ebt_arp.c
+++ b/net/bridge/netfilter/ebt_arp.c
@@ -16,11 +16,9 @@
 #include <linux/netfilter_bridge/ebt_arp.h>
 static bool
-ebt_arp_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_arp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-           const struct net_device *out, const struct xt_match *match,
-           const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        const struct ebt_arp_info *info = data;
+        const struct ebt_arp_info *info = par->matchinfo;
        const struct arphdr *ah;
        struct arphdr _arph;
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c
index b42c7ce799b..c70ea39840b 100644
--- a/net/bridge/netfilter/ebt_ip.c
+++ b/net/bridge/netfilter/ebt_ip.c
@@ -25,11 +25,9 @@ struct tcpudphdr {
 };
 static bool
-ebt_ip_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_ip_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-          const struct net_device *out, const struct xt_match *match,
-          const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        const struct ebt_ip_info *info = data;
+        const struct ebt_ip_info *info = par->matchinfo;
        const struct iphdr *ih;
        struct iphdr _iph;
        const struct tcpudphdr *pptr;
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
index 7bd98312967..5acee02de72 100644
--- a/net/bridge/netfilter/ebt_ip6.c
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -28,11 +28,9 @@ struct tcpudphdr {
 };
 static bool
-ebt_ip6_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_ip6_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-           const struct net_device *out, const struct xt_match *match,
-           const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        const struct ebt_ip6_info *info = data;
+        const struct ebt_ip6_info *info = par->matchinfo;
        const struct ipv6hdr *ih6;
        struct ipv6hdr _ip6h;
        const struct tcpudphdr *pptr;
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
index 58aaaa14906..9a3ec8cadaa 100644
--- a/net/bridge/netfilter/ebt_limit.c
+++ b/net/bridge/netfilter/ebt_limit.c
@@ -31,11 +31,9 @@ static DEFINE_SPINLOCK(limit_lock);
 #define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ)
 static bool
-ebt_limit_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_limit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-             const struct net_device *out, const struct xt_match *match,
-             const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        struct ebt_limit_info *info = (void *)data;
+        struct ebt_limit_info *info = (void *)par->matchinfo;
        unsigned long now = jiffies;
        spin_lock_bh(&limit_lock);
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c
index aa6781c7f98..5b22ef96127 100644
--- a/net/bridge/netfilter/ebt_mark_m.c
+++ b/net/bridge/netfilter/ebt_mark_m.c
@@ -13,11 +13,9 @@
 #include <linux/netfilter_bridge/ebt_mark_m.h>
 static bool
-ebt_mark_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_mark_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-            const struct net_device *out, const struct xt_match *match,
-            const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        const struct ebt_mark_m_info *info = data;
+        const struct ebt_mark_m_info *info = par->matchinfo;
        if (info->bitmask & EBT_MARK_OR)
                return !!(skb->mark & info->mask) ^ info->invert;
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c
index 1c04ce5a52c..b756f88fb10 100644
--- a/net/bridge/netfilter/ebt_pkttype.c
+++ b/net/bridge/netfilter/ebt_pkttype.c
@@ -13,12 +13,9 @@
 #include <linux/netfilter_bridge/ebt_pkttype.h>
 static bool
-ebt_pkttype_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_pkttype_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-               const struct net_device *out, const struct xt_match *match,
-               const void *data, int offset, unsigned int protoff,
-               bool *hotdrop)
 {
-        const struct ebt_pkttype_info *info = data;
+        const struct ebt_pkttype_info *info = par->matchinfo;
        return (skb->pkt_type == info->pkt_type) ^ info->invert;
 }
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c
index 28bb48b67a8..06d777c62c3 100644
--- a/net/bridge/netfilter/ebt_stp.c
+++ b/net/bridge/netfilter/ebt_stp.c
@@ -120,11 +120,9 @@ static bool ebt_filter_config(const struct ebt_stp_info *info,
 }
 static bool
-ebt_stp_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_stp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-           const struct net_device *out, const struct xt_match *match,
-           const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        const struct ebt_stp_info *info = data;
+        const struct ebt_stp_info *info = par->matchinfo;
        const struct stp_header *sp;
        struct stp_header _stph;
        const uint8_t header[6] = {0x42, 0x42, 0x03, 0x00, 0x00, 0x00};
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c
index 5addef6d62f..b05b4a81834 100644
--- a/net/bridge/netfilter/ebt_vlan.c
+++ b/net/bridge/netfilter/ebt_vlan.c
@@ -41,11 +41,9 @@ MODULE_LICENSE("GPL");
 #define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; }
 static bool
-ebt_vlan_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_vlan_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-            const struct net_device *out, const struct xt_match *match,
-            const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        const struct ebt_vlan_info *info = data;
+        const struct ebt_vlan_info *info = par->matchinfo;
        const struct vlan_hdr *fp;
        struct vlan_hdr _frame;
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 7ee72b71d3c..f8e1822f38d 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -74,11 +74,11 @@ static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
 }
 static inline int ebt_do_match (struct ebt_entry_match *m,
-   const struct sk_buff *skb, const struct net_device *in,
+   const struct sk_buff *skb, struct xt_match_param *par)
-   const struct net_device *out, bool *hotdrop)
 {
-        return m->u.match->match(skb, in, out, m->u.match,
+        par->match     = m->u.match;
-               m->data, 0, 0, hotdrop);
+        par->matchinfo = m->data;
+        return m->u.match->match(skb, par);
 }
 static inline int ebt_dev_check(char *entry, const struct net_device *device)
@@ -155,6 +155,11 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
        char *base;
        struct ebt_table_info *private;
        bool hotdrop = false;
+        struct xt_match_param mtpar;
+        mtpar.in      = in;
+        mtpar.out     = out;
+        mtpar.hotdrop = &hotdrop;
        read_lock_bh(&table->lock);
        private = table->private;
@@ -175,8 +180,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
                if (ebt_basic_match(point, eth_hdr(skb), in, out))
                        goto letscontinue;
-                if (EBT_MATCH_ITERATE(point, ebt_do_match, skb,
+                if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
-                    in, out, &hotdrop) != 0)
                        goto letscontinue;
                if (hotdrop) {
                        read_unlock_bh(&table->lock);