diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2009-07-04 06:50:00 -0400 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@medozas.de> | 2010-05-11 12:36:18 -0400 |
| commit | 4538506be386f9736b83bf9892f829adbbb70fea (patch) | |
| tree | 3e3be09f45b3af19edc1143f2eb44ad1751ecfa7 | |
| parent | b4ba26119b06052888696491f614201817491a0d (diff) | |
netfilter: xtables: combine built-in extension structs
Prepare the arrays for use with the multiregister function. The
future layer-3 xt matches can then be easily added to it without
needing more (un)register code.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| -rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 41 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 65 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 64 |
3 files changed, 78 insertions, 92 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 8cc56d26e937..03352fcba172 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
| @@ -1828,22 +1828,23 @@ void arpt_unregister_table(struct xt_table *table) | |||
| 1828 | } | 1828 | } |
| 1829 | 1829 | ||
| 1830 | /* The built-in targets: standard (NULL) and error. */ | 1830 | /* The built-in targets: standard (NULL) and error. */ |
| 1831 | static struct xt_target arpt_standard_target __read_mostly = { | 1831 | static struct xt_target arpt_builtin_tg[] __read_mostly = { |
| 1832 | .name = ARPT_STANDARD_TARGET, | 1832 | { |
| 1833 | .targetsize = sizeof(int), | 1833 | .name = ARPT_STANDARD_TARGET, |
| 1834 | .family = NFPROTO_ARP, | 1834 | .targetsize = sizeof(int), |
| 1835 | .family = NFPROTO_ARP, | ||
| 1835 | #ifdef CONFIG_COMPAT | 1836 | #ifdef CONFIG_COMPAT |
| 1836 | .compatsize = sizeof(compat_int_t), | 1837 | .compatsize = sizeof(compat_int_t), |
| 1837 | .compat_from_user = compat_standard_from_user, | 1838 | .compat_from_user = compat_standard_from_user, |
| 1838 | .compat_to_user = compat_standard_to_user, | 1839 | .compat_to_user = compat_standard_to_user, |
| 1839 | #endif | 1840 | #endif |
| 1840 | }; | 1841 | }, |
| 1841 | 1842 | { | |
| 1842 | static struct xt_target arpt_error_target __read_mostly = { | 1843 | .name = ARPT_ERROR_TARGET, |
| 1843 | .name = ARPT_ERROR_TARGET, | 1844 | .target = arpt_error, |
| 1844 | .target = arpt_error, | 1845 | .targetsize = ARPT_FUNCTION_MAXNAMELEN, |
| 1845 | .targetsize = ARPT_FUNCTION_MAXNAMELEN, | 1846 | .family = NFPROTO_ARP, |
| 1846 | .family = NFPROTO_ARP, | 1847 | }, |
| 1847 | }; | 1848 | }; |
| 1848 | 1849 | ||
| 1849 | static struct nf_sockopt_ops arpt_sockopts = { | 1850 | static struct nf_sockopt_ops arpt_sockopts = { |
| @@ -1887,12 +1888,9 @@ static int __init arp_tables_init(void) | |||
| 1887 | goto err1; | 1888 | goto err1; |
| 1888 | 1889 | ||
| 1889 | /* Noone else will be downing sem now, so we won't sleep */ | 1890 | /* Noone else will be downing sem now, so we won't sleep */ |
| 1890 | ret = xt_register_target(&arpt_standard_target); | 1891 | ret = xt_register_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg)); |
| 1891 | if (ret < 0) | 1892 | if (ret < 0) |
| 1892 | goto err2; | 1893 | goto err2; |
| 1893 | ret = xt_register_target(&arpt_error_target); | ||
| 1894 | if (ret < 0) | ||
| 1895 | goto err3; | ||
| 1896 | 1894 | ||
| 1897 | /* Register setsockopt */ | 1895 | /* Register setsockopt */ |
| 1898 | ret = nf_register_sockopt(&arpt_sockopts); | 1896 | ret = nf_register_sockopt(&arpt_sockopts); |
| @@ -1903,9 +1901,7 @@ static int __init arp_tables_init(void) | |||
| 1903 | return 0; | 1901 | return 0; |
| 1904 | 1902 | ||
| 1905 | err4: | 1903 | err4: |
| 1906 | xt_unregister_target(&arpt_error_target); | 1904 | xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg)); |
| 1907 | err3: | ||
| 1908 | xt_unregister_target(&arpt_standard_target); | ||
| 1909 | err2: | 1905 | err2: |
| 1910 | unregister_pernet_subsys(&arp_tables_net_ops); | 1906 | unregister_pernet_subsys(&arp_tables_net_ops); |
| 1911 | err1: | 1907 | err1: |
| @@ -1915,8 +1911,7 @@ err1: | |||
| 1915 | static void __exit arp_tables_fini(void) | 1911 | static void __exit arp_tables_fini(void) |
| 1916 | { | 1912 | { |
| 1917 | nf_unregister_sockopt(&arpt_sockopts); | 1913 | nf_unregister_sockopt(&arpt_sockopts); |
| 1918 | xt_unregister_target(&arpt_error_target); | 1914 | xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg)); |
| 1919 | xt_unregister_target(&arpt_standard_target); | ||
| 1920 | unregister_pernet_subsys(&arp_tables_net_ops); | 1915 | unregister_pernet_subsys(&arp_tables_net_ops); |
| 1921 | } | 1916 | } |
| 1922 | 1917 | ||
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 607f89f16b76..49b9e4fb5460 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -2172,23 +2172,23 @@ static int icmp_checkentry(const struct xt_mtchk_param *par) | |||
| 2172 | return (icmpinfo->invflags & ~IPT_ICMP_INV) ? -EINVAL : 0; | 2172 | return (icmpinfo->invflags & ~IPT_ICMP_INV) ? -EINVAL : 0; |
| 2173 | } | 2173 | } |
| 2174 | 2174 | ||
| 2175 | /* The built-in targets: standard (NULL) and error. */ | 2175 | static struct xt_target ipt_builtin_tg[] __read_mostly = { |
| 2176 | static struct xt_target ipt_standard_target __read_mostly = { | 2176 | { |
| 2177 | .name = IPT_STANDARD_TARGET, | 2177 | .name = IPT_STANDARD_TARGET, |
| 2178 | .targetsize = sizeof(int), | 2178 | .targetsize = sizeof(int), |
| 2179 | .family = NFPROTO_IPV4, | 2179 | .family = NFPROTO_IPV4, |
| 2180 | #ifdef CONFIG_COMPAT | 2180 | #ifdef CONFIG_COMPAT |
| 2181 | .compatsize = sizeof(compat_int_t), | 2181 | .compatsize = sizeof(compat_int_t), |
| 2182 | .compat_from_user = compat_standard_from_user, | 2182 | .compat_from_user = compat_standard_from_user, |
| 2183 | .compat_to_user = compat_standard_to_user, | 2183 | .compat_to_user = compat_standard_to_user, |
| 2184 | #endif | 2184 | #endif |
| 2185 | }; | 2185 | }, |
| 2186 | 2186 | { | |
| 2187 | static struct xt_target ipt_error_target __read_mostly = { | 2187 | .name = IPT_ERROR_TARGET, |
| 2188 | .name = IPT_ERROR_TARGET, | 2188 | .target = ipt_error, |
| 2189 | .target = ipt_error, | 2189 | .targetsize = IPT_FUNCTION_MAXNAMELEN, |
| 2190 | .targetsize = IPT_FUNCTION_MAXNAMELEN, | 2190 | .family = NFPROTO_IPV4, |
| 2191 | .family = NFPROTO_IPV4, | 2191 | }, |
| 2192 | }; | 2192 | }; |
| 2193 | 2193 | ||
| 2194 | static struct nf_sockopt_ops ipt_sockopts = { | 2194 | static struct nf_sockopt_ops ipt_sockopts = { |
| @@ -2208,13 +2208,15 @@ static struct nf_sockopt_ops ipt_sockopts = { | |||
| 2208 | .owner = THIS_MODULE, | 2208 | .owner = THIS_MODULE, |
| 2209 | }; | 2209 | }; |
| 2210 | 2210 | ||
| 2211 | static struct xt_match icmp_matchstruct __read_mostly = { | 2211 | static struct xt_match ipt_builtin_mt[] __read_mostly = { |
| 2212 | .name = "icmp", | 2212 | { |
| 2213 | .match = icmp_match, | 2213 | .name = "icmp", |
| 2214 | .matchsize = sizeof(struct ipt_icmp), | 2214 | .match = icmp_match, |
| 2215 | .checkentry = icmp_checkentry, | 2215 | .matchsize = sizeof(struct ipt_icmp), |
| 2216 | .proto = IPPROTO_ICMP, | 2216 | .checkentry = icmp_checkentry, |
| 2217 | .family = NFPROTO_IPV4, | 2217 | .proto = IPPROTO_ICMP, |
| 2218 | .family = NFPROTO_IPV4, | ||
| 2219 | }, | ||
| 2218 | }; | 2220 | }; |
| 2219 | 2221 | ||
| 2220 | static int __net_init ip_tables_net_init(struct net *net) | 2222 | static int __net_init ip_tables_net_init(struct net *net) |
| @@ -2241,13 +2243,10 @@ static int __init ip_tables_init(void) | |||
| 2241 | goto err1; | 2243 | goto err1; |
| 2242 | 2244 | ||
| 2243 | /* Noone else will be downing sem now, so we won't sleep */ | 2245 | /* Noone else will be downing sem now, so we won't sleep */ |
| 2244 | ret = xt_register_target(&ipt_standard_target); | 2246 | ret = xt_register_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg)); |
| 2245 | if (ret < 0) | 2247 | if (ret < 0) |
| 2246 | goto err2; | 2248 | goto err2; |
| 2247 | ret = xt_register_target(&ipt_error_target); | 2249 | ret = xt_register_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt)); |
| 2248 | if (ret < 0) | ||
| 2249 | goto err3; | ||
| 2250 | ret = xt_register_match(&icmp_matchstruct); | ||
| 2251 | if (ret < 0) | 2250 | if (ret < 0) |
| 2252 | goto err4; | 2251 | goto err4; |
| 2253 | 2252 | ||
| @@ -2260,11 +2259,9 @@ static int __init ip_tables_init(void) | |||
| 2260 | return 0; | 2259 | return 0; |
| 2261 | 2260 | ||
| 2262 | err5: | 2261 | err5: |
| 2263 | xt_unregister_match(&icmp_matchstruct); | 2262 | xt_unregister_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt)); |
| 2264 | err4: | 2263 | err4: |
| 2265 | xt_unregister_target(&ipt_error_target); | 2264 | xt_unregister_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg)); |
| 2266 | err3: | ||
| 2267 | xt_unregister_target(&ipt_standard_target); | ||
| 2268 | err2: | 2265 | err2: |
| 2269 | unregister_pernet_subsys(&ip_tables_net_ops); | 2266 | unregister_pernet_subsys(&ip_tables_net_ops); |
| 2270 | err1: | 2267 | err1: |
| @@ -2275,10 +2272,8 @@ static void __exit ip_tables_fini(void) | |||
| 2275 | { | 2272 | { |
| 2276 | nf_unregister_sockopt(&ipt_sockopts); | 2273 | nf_unregister_sockopt(&ipt_sockopts); |
| 2277 | 2274 | ||
| 2278 | xt_unregister_match(&icmp_matchstruct); | 2275 | xt_unregister_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt)); |
| 2279 | xt_unregister_target(&ipt_error_target); | 2276 | xt_unregister_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg)); |
| 2280 | xt_unregister_target(&ipt_standard_target); | ||
| 2281 | |||
| 2282 | unregister_pernet_subsys(&ip_tables_net_ops); | 2277 | unregister_pernet_subsys(&ip_tables_net_ops); |
| 2283 | } | 2278 | } |
| 2284 | 2279 | ||
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 557fac9689c0..56782336474f 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -2190,22 +2190,23 @@ static int icmp6_checkentry(const struct xt_mtchk_param *par) | |||
| 2190 | } | 2190 | } |
| 2191 | 2191 | ||
| 2192 | /* The built-in targets: standard (NULL) and error. */ | 2192 | /* The built-in targets: standard (NULL) and error. */ |
| 2193 | static struct xt_target ip6t_standard_target __read_mostly = { | 2193 | static struct xt_target ip6t_builtin_tg[] __read_mostly = { |
| 2194 | .name = IP6T_STANDARD_TARGET, | 2194 | { |
| 2195 | .targetsize = sizeof(int), | 2195 | .name = IP6T_STANDARD_TARGET, |
| 2196 | .family = NFPROTO_IPV6, | 2196 | .targetsize = sizeof(int), |
| 2197 | .family = NFPROTO_IPV6, | ||
| 2197 | #ifdef CONFIG_COMPAT | 2198 | #ifdef CONFIG_COMPAT |
| 2198 | .compatsize = sizeof(compat_int_t), | 2199 | .compatsize = sizeof(compat_int_t), |
| 2199 | .compat_from_user = compat_standard_from_user, | 2200 | .compat_from_user = compat_standard_from_user, |
| 2200 | .compat_to_user = compat_standard_to_user, | 2201 | .compat_to_user = compat_standard_to_user, |
| 2201 | #endif | 2202 | #endif |
| 2202 | }; | 2203 | }, |
| 2203 | 2204 | { | |
| 2204 | static struct xt_target ip6t_error_target __read_mostly = { | 2205 | .name = IP6T_ERROR_TARGET, |
| 2205 | .name = IP6T_ERROR_TARGET, | 2206 | .target = ip6t_error, |
| 2206 | .target = ip6t_error, | 2207 | .targetsize = IP6T_FUNCTION_MAXNAMELEN, |
| 2207 | .targetsize = IP6T_FUNCTION_MAXNAMELEN, | 2208 | .family = NFPROTO_IPV6, |
| 2208 | .family = NFPROTO_IPV6, | 2209 | }, |
| 2209 | }; | 2210 | }; |
| 2210 | 2211 | ||
| 2211 | static struct nf_sockopt_ops ip6t_sockopts = { | 2212 | static struct nf_sockopt_ops ip6t_sockopts = { |
| @@ -2225,13 +2226,15 @@ static struct nf_sockopt_ops ip6t_sockopts = { | |||
| 2225 | .owner = THIS_MODULE, | 2226 | .owner = THIS_MODULE, |
| 2226 | }; | 2227 | }; |
| 2227 | 2228 | ||
| 2228 | static struct xt_match icmp6_matchstruct __read_mostly = { | 2229 | static struct xt_match ip6t_builtin_mt[] __read_mostly = { |
| 2229 | .name = "icmp6", | 2230 | { |
| 2230 | .match = icmp6_match, | 2231 | .name = "icmp6", |
| 2231 | .matchsize = sizeof(struct ip6t_icmp), | 2232 | .match = icmp6_match, |
| 2232 | .checkentry = icmp6_checkentry, | 2233 | .matchsize = sizeof(struct ip6t_icmp), |
| 2233 | .proto = IPPROTO_ICMPV6, | 2234 | .checkentry = icmp6_checkentry, |
| 2234 | .family = NFPROTO_IPV6, | 2235 | .proto = IPPROTO_ICMPV6, |
| 2236 | .family = NFPROTO_IPV6, | ||
| 2237 | }, | ||
| 2235 | }; | 2238 | }; |
| 2236 | 2239 | ||
| 2237 | static int __net_init ip6_tables_net_init(struct net *net) | 2240 | static int __net_init ip6_tables_net_init(struct net *net) |
| @@ -2258,13 +2261,10 @@ static int __init ip6_tables_init(void) | |||
| 2258 | goto err1; | 2261 | goto err1; |
| 2259 | 2262 | ||
| 2260 | /* Noone else will be downing sem now, so we won't sleep */ | 2263 | /* Noone else will be downing sem now, so we won't sleep */ |
| 2261 | ret = xt_register_target(&ip6t_standard_target); | 2264 | ret = xt_register_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg)); |
| 2262 | if (ret < 0) | 2265 | if (ret < 0) |
| 2263 | goto err2; | 2266 | goto err2; |
| 2264 | ret = xt_register_target(&ip6t_error_target); | 2267 | ret = xt_register_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt)); |
| 2265 | if (ret < 0) | ||
| 2266 | goto err3; | ||
| 2267 | ret = xt_register_match(&icmp6_matchstruct); | ||
| 2268 | if (ret < 0) | 2268 | if (ret < 0) |
| 2269 | goto err4; | 2269 | goto err4; |
| 2270 | 2270 | ||
| @@ -2277,11 +2277,9 @@ static int __init ip6_tables_init(void) | |||
| 2277 | return 0; | 2277 | return 0; |
| 2278 | 2278 | ||
| 2279 | err5: | 2279 | err5: |
| 2280 | xt_unregister_match(&icmp6_matchstruct); | 2280 | xt_unregister_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt)); |
| 2281 | err4: | 2281 | err4: |
| 2282 | xt_unregister_target(&ip6t_error_target); | 2282 | xt_unregister_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg)); |
| 2283 | err3: | ||
| 2284 | xt_unregister_target(&ip6t_standard_target); | ||
| 2285 | err2: | 2283 | err2: |
| 2286 | unregister_pernet_subsys(&ip6_tables_net_ops); | 2284 | unregister_pernet_subsys(&ip6_tables_net_ops); |
| 2287 | err1: | 2285 | err1: |
| @@ -2292,10 +2290,8 @@ static void __exit ip6_tables_fini(void) | |||
| 2292 | { | 2290 | { |
| 2293 | nf_unregister_sockopt(&ip6t_sockopts); | 2291 | nf_unregister_sockopt(&ip6t_sockopts); |
| 2294 | 2292 | ||
| 2295 | xt_unregister_match(&icmp6_matchstruct); | 2293 | xt_unregister_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt)); |
| 2296 | xt_unregister_target(&ip6t_error_target); | 2294 | xt_unregister_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg)); |
| 2297 | xt_unregister_target(&ip6t_standard_target); | ||
| 2298 | |||
| 2299 | unregister_pernet_subsys(&ip6_tables_net_ops); | 2295 | unregister_pernet_subsys(&ip6_tables_net_ops); |
| 2300 | } | 2296 | } |
| 2301 | 2297 | ||