diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2008-10-08 05:35:20 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:20 -0400 |
| commit | 92f3b2b1bc968caaabee8cd78bee75ab7c4af74e (patch) | |
| tree | 02f5884407a858908e4c74c66f9c213c617d3353 | |
| parent | 916a917dfec18535ff9e2afdafba82e6279eb4f4 (diff) | |
netfilter: xtables: cut down on static data for family-independent extensions
Using ->family in struct xt_*_param, multiple struct xt_{match,target}
can be squashed together.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
| -rw-r--r-- | net/netfilter/xt_CONNMARK.c | 39 | ||||
| -rw-r--r-- | net/netfilter/xt_CONNSECMARK.c | 40 | ||||
| -rw-r--r-- | net/netfilter/xt_NFLOG.c | 31 | ||||
| -rw-r--r-- | net/netfilter/xt_connbytes.c | 39 | ||||
| -rw-r--r-- | net/netfilter/xt_connlimit.c | 47 | ||||
| -rw-r--r-- | net/netfilter/xt_connmark.c | 39 | ||||
| -rw-r--r-- | net/netfilter/xt_conntrack.c | 26 | ||||
| -rw-r--r-- | net/netfilter/xt_helper.c | 38 | ||||
| -rw-r--r-- | net/netfilter/xt_pkttype.c | 30 |
9 files changed, 104 insertions, 225 deletions
diff --git a/net/netfilter/xt_CONNMARK.c b/net/netfilter/xt_CONNMARK.c index c5a5072e005d..d6e5ab463277 100644 --- a/net/netfilter/xt_CONNMARK.c +++ b/net/netfilter/xt_CONNMARK.c | |||
| @@ -128,9 +128,9 @@ static bool connmark_tg_check_v0(const struct xt_tgchk_param *par) | |||
| 128 | printk(KERN_WARNING "CONNMARK: Only supports 32bit mark\n"); | 128 | printk(KERN_WARNING "CONNMARK: Only supports 32bit mark\n"); |
| 129 | return false; | 129 | return false; |
| 130 | } | 130 | } |
| 131 | if (nf_ct_l3proto_try_module_get(par->target->family) < 0) { | 131 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
| 132 | printk(KERN_WARNING "can't load conntrack support for " | 132 | printk(KERN_WARNING "can't load conntrack support for " |
| 133 | "proto=%u\n", par->target->family); | 133 | "proto=%u\n", par->family); |
| 134 | return false; | 134 | return false; |
| 135 | } | 135 | } |
| 136 | return true; | 136 | return true; |
| @@ -138,9 +138,9 @@ static bool connmark_tg_check_v0(const struct xt_tgchk_param *par) | |||
| 138 | 138 | ||
| 139 | static bool connmark_tg_check(const struct xt_tgchk_param *par) | 139 | static bool connmark_tg_check(const struct xt_tgchk_param *par) |
| 140 | { | 140 | { |
| 141 | if (nf_ct_l3proto_try_module_get(par->target->family) < 0) { | 141 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
| 142 | printk(KERN_WARNING "cannot load conntrack support for " | 142 | printk(KERN_WARNING "cannot load conntrack support for " |
| 143 | "proto=%u\n", par->target->family); | 143 | "proto=%u\n", par->family); |
| 144 | return false; | 144 | return false; |
| 145 | } | 145 | } |
| 146 | return true; | 146 | return true; |
| @@ -148,7 +148,7 @@ static bool connmark_tg_check(const struct xt_tgchk_param *par) | |||
| 148 | 148 | ||
| 149 | static void connmark_tg_destroy(const struct xt_tgdtor_param *par) | 149 | static void connmark_tg_destroy(const struct xt_tgdtor_param *par) |
| 150 | { | 150 | { |
| 151 | nf_ct_l3proto_module_put(par->target->family); | 151 | nf_ct_l3proto_module_put(par->family); |
| 152 | } | 152 | } |
| 153 | 153 | ||
| 154 | #ifdef CONFIG_COMPAT | 154 | #ifdef CONFIG_COMPAT |
| @@ -186,7 +186,7 @@ static struct xt_target connmark_tg_reg[] __read_mostly = { | |||
| 186 | { | 186 | { |
| 187 | .name = "CONNMARK", | 187 | .name = "CONNMARK", |
| 188 | .revision = 0, | 188 | .revision = 0, |
| 189 | .family = NFPROTO_IPV4, | 189 | .family = NFPROTO_UNSPEC, |
| 190 | .checkentry = connmark_tg_check_v0, | 190 | .checkentry = connmark_tg_check_v0, |
| 191 | .destroy = connmark_tg_destroy, | 191 | .destroy = connmark_tg_destroy, |
| 192 | .target = connmark_tg_v0, | 192 | .target = connmark_tg_v0, |
| @@ -199,34 +199,9 @@ static struct xt_target connmark_tg_reg[] __read_mostly = { | |||
| 199 | .me = THIS_MODULE | 199 | .me = THIS_MODULE |
| 200 | }, | 200 | }, |
| 201 | { | 201 | { |
| 202 | .name = "CONNMARK", | ||
| 203 | .revision = 0, | ||
| 204 | .family = NFPROTO_IPV6, | ||
| 205 | .checkentry = connmark_tg_check_v0, | ||
| 206 | .destroy = connmark_tg_destroy, | ||
| 207 | .target = connmark_tg_v0, | ||
| 208 | .targetsize = sizeof(struct xt_connmark_target_info), | ||
| 209 | #ifdef CONFIG_COMPAT | ||
| 210 | .compatsize = sizeof(struct compat_xt_connmark_target_info), | ||
| 211 | .compat_from_user = connmark_tg_compat_from_user_v0, | ||
| 212 | .compat_to_user = connmark_tg_compat_to_user_v0, | ||
| 213 | #endif | ||
| 214 | .me = THIS_MODULE | ||
| 215 | }, | ||
| 216 | { | ||
| 217 | .name = "CONNMARK", | ||
| 218 | .revision = 1, | ||
| 219 | .family = NFPROTO_IPV4, | ||
| 220 | .checkentry = connmark_tg_check, | ||
| 221 | .target = connmark_tg, | ||
| 222 | .targetsize = sizeof(struct xt_connmark_tginfo1), | ||
| 223 | .destroy = connmark_tg_destroy, | ||
| 224 | .me = THIS_MODULE, | ||
| 225 | }, | ||
| 226 | { | ||
| 227 | .name = "CONNMARK", | 202 | .name = "CONNMARK", |
| 228 | .revision = 1, | 203 | .revision = 1, |
| 229 | .family = NFPROTO_IPV6, | 204 | .family = NFPROTO_UNSPEC, |
| 230 | .checkentry = connmark_tg_check, | 205 | .checkentry = connmark_tg_check, |
| 231 | .target = connmark_tg, | 206 | .target = connmark_tg, |
| 232 | .targetsize = sizeof(struct xt_connmark_tginfo1), | 207 | .targetsize = sizeof(struct xt_connmark_tginfo1), |
diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c index b6e3f3f125fd..b54c3756fdc3 100644 --- a/net/netfilter/xt_CONNSECMARK.c +++ b/net/netfilter/xt_CONNSECMARK.c | |||
| @@ -106,9 +106,9 @@ static bool connsecmark_tg_check(const struct xt_tgchk_param *par) | |||
| 106 | return false; | 106 | return false; |
| 107 | } | 107 | } |
| 108 | 108 | ||
| 109 | if (nf_ct_l3proto_try_module_get(par->target->family) < 0) { | 109 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
| 110 | printk(KERN_WARNING "can't load conntrack support for " | 110 | printk(KERN_WARNING "can't load conntrack support for " |
| 111 | "proto=%u\n", par->target->family); | 111 | "proto=%u\n", par->family); |
| 112 | return false; | 112 | return false; |
| 113 | } | 113 | } |
| 114 | return true; | 114 | return true; |
| @@ -116,40 +116,28 @@ static bool connsecmark_tg_check(const struct xt_tgchk_param *par) | |||
| 116 | 116 | ||
| 117 | static void connsecmark_tg_destroy(const struct xt_tgdtor_param *par) | 117 | static void connsecmark_tg_destroy(const struct xt_tgdtor_param *par) |
| 118 | { | 118 | { |
| 119 | nf_ct_l3proto_module_put(par->target->family); | 119 | nf_ct_l3proto_module_put(par->family); |
| 120 | } | 120 | } |
| 121 | 121 | ||
| 122 | static struct xt_target connsecmark_tg_reg[] __read_mostly = { | 122 | static struct xt_target connsecmark_tg_reg __read_mostly = { |
| 123 | { | 123 | .name = "CONNSECMARK", |
| 124 | .name = "CONNSECMARK", | 124 | .revision = 0, |
| 125 | .family = NFPROTO_IPV4, | 125 | .family = NFPROTO_UNSPEC, |
| 126 | .checkentry = connsecmark_tg_check, | 126 | .checkentry = connsecmark_tg_check, |
| 127 | .destroy = connsecmark_tg_destroy, | 127 | .destroy = connsecmark_tg_destroy, |
| 128 | .target = connsecmark_tg, | 128 | .target = connsecmark_tg, |
| 129 | .targetsize = sizeof(struct xt_connsecmark_target_info), | 129 | .targetsize = sizeof(struct xt_connsecmark_target_info), |
| 130 | .me = THIS_MODULE, | 130 | .me = THIS_MODULE, |
| 131 | }, | ||
| 132 | { | ||
| 133 | .name = "CONNSECMARK", | ||
| 134 | .family = NFPROTO_IPV6, | ||
| 135 | .checkentry = connsecmark_tg_check, | ||
| 136 | .destroy = connsecmark_tg_destroy, | ||
| 137 | .target = connsecmark_tg, | ||
| 138 | .targetsize = sizeof(struct xt_connsecmark_target_info), | ||
| 139 | .me = THIS_MODULE, | ||
| 140 | }, | ||
| 141 | }; | 131 | }; |
| 142 | 132 | ||
| 143 | static int __init connsecmark_tg_init(void) | 133 | static int __init connsecmark_tg_init(void) |
| 144 | { | 134 | { |
| 145 | return xt_register_targets(connsecmark_tg_reg, | 135 | return xt_register_target(&connsecmark_tg_reg); |
| 146 | ARRAY_SIZE(connsecmark_tg_reg)); | ||
| 147 | } | 136 | } |
| 148 | 137 | ||
| 149 | static void __exit connsecmark_tg_exit(void) | 138 | static void __exit connsecmark_tg_exit(void) |
| 150 | { | 139 | { |
| 151 | xt_unregister_targets(connsecmark_tg_reg, | 140 | xt_unregister_target(&connsecmark_tg_reg); |
| 152 | ARRAY_SIZE(connsecmark_tg_reg)); | ||
| 153 | } | 141 | } |
| 154 | 142 | ||
| 155 | module_init(connsecmark_tg_init); | 143 | module_init(connsecmark_tg_init); |
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c index 56ee4f118b59..50e3a52d3b31 100644 --- a/net/netfilter/xt_NFLOG.c +++ b/net/netfilter/xt_NFLOG.c | |||
| @@ -31,7 +31,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_target_param *par) | |||
| 31 | li.u.ulog.group = info->group; | 31 | li.u.ulog.group = info->group; |
| 32 | li.u.ulog.qthreshold = info->threshold; | 32 | li.u.ulog.qthreshold = info->threshold; |
| 33 | 33 | ||
| 34 | nf_log_packet(par->target->family, par->hooknum, skb, par->in, | 34 | nf_log_packet(par->family, par->hooknum, skb, par->in, |
| 35 | par->out, &li, "%s", info->prefix); | 35 | par->out, &li, "%s", info->prefix); |
| 36 | return XT_CONTINUE; | 36 | return XT_CONTINUE; |
| 37 | } | 37 | } |
| @@ -47,33 +47,24 @@ static bool nflog_tg_check(const struct xt_tgchk_param *par) | |||
| 47 | return true; | 47 | return true; |
| 48 | } | 48 | } |
| 49 | 49 | ||
| 50 | static struct xt_target nflog_tg_reg[] __read_mostly = { | 50 | static struct xt_target nflog_tg_reg __read_mostly = { |
| 51 | { | 51 | .name = "NFLOG", |
| 52 | .name = "NFLOG", | 52 | .revision = 0, |
| 53 | .family = NFPROTO_IPV4, | 53 | .family = NFPROTO_UNSPEC, |
| 54 | .checkentry = nflog_tg_check, | 54 | .checkentry = nflog_tg_check, |
| 55 | .target = nflog_tg, | 55 | .target = nflog_tg, |
| 56 | .targetsize = sizeof(struct xt_nflog_info), | 56 | .targetsize = sizeof(struct xt_nflog_info), |
| 57 | .me = THIS_MODULE, | 57 | .me = THIS_MODULE, |
| 58 | }, | ||
| 59 | { | ||
| 60 | .name = "NFLOG", | ||
| 61 | .family = NFPROTO_IPV6, | ||
| 62 | .checkentry = nflog_tg_check, | ||
| 63 | .target = nflog_tg, | ||
| 64 | .targetsize = sizeof(struct xt_nflog_info), | ||
| 65 | .me = THIS_MODULE, | ||
| 66 | }, | ||
| 67 | }; | 58 | }; |
| 68 | 59 | ||
| 69 | static int __init nflog_tg_init(void) | 60 | static int __init nflog_tg_init(void) |
| 70 | { | 61 | { |
| 71 | return xt_register_targets(nflog_tg_reg, ARRAY_SIZE(nflog_tg_reg)); | 62 | return xt_register_target(&nflog_tg_reg); |
| 72 | } | 63 | } |
| 73 | 64 | ||
| 74 | static void __exit nflog_tg_exit(void) | 65 | static void __exit nflog_tg_exit(void) |
| 75 | { | 66 | { |
| 76 | xt_unregister_targets(nflog_tg_reg, ARRAY_SIZE(nflog_tg_reg)); | 67 | xt_unregister_target(&nflog_tg_reg); |
| 77 | } | 68 | } |
| 78 | 69 | ||
| 79 | module_init(nflog_tg_init); | 70 | module_init(nflog_tg_init); |
diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c index 5bf4aa08b0fd..955e6598a7f0 100644 --- a/net/netfilter/xt_connbytes.c +++ b/net/netfilter/xt_connbytes.c | |||
| @@ -106,9 +106,9 @@ static bool connbytes_mt_check(const struct xt_mtchk_param *par) | |||
| 106 | sinfo->direction != XT_CONNBYTES_DIR_BOTH) | 106 | sinfo->direction != XT_CONNBYTES_DIR_BOTH) |
| 107 | return false; | 107 | return false; |
| 108 | 108 | ||
| 109 | if (nf_ct_l3proto_try_module_get(par->match->family) < 0) { | 109 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
| 110 | printk(KERN_WARNING "can't load conntrack support for " | 110 | printk(KERN_WARNING "can't load conntrack support for " |
| 111 | "proto=%u\n", par->match->family); | 111 | "proto=%u\n", par->family); |
| 112 | return false; | 112 | return false; |
| 113 | } | 113 | } |
| 114 | 114 | ||
| @@ -117,39 +117,28 @@ static bool connbytes_mt_check(const struct xt_mtchk_param *par) | |||
| 117 | 117 | ||
| 118 | static void connbytes_mt_destroy(const struct xt_mtdtor_param *par) | 118 | static void connbytes_mt_destroy(const struct xt_mtdtor_param *par) |
| 119 | { | 119 | { |
| 120 | nf_ct_l3proto_module_put(par->match->family); | 120 | nf_ct_l3proto_module_put(par->family); |
| 121 | } | 121 | } |
| 122 | 122 | ||
| 123 | static struct xt_match connbytes_mt_reg[] __read_mostly = { | 123 | static struct xt_match connbytes_mt_reg __read_mostly = { |
| 124 | { | 124 | .name = "connbytes", |
| 125 | .name = "connbytes", | 125 | .revision = 0, |
| 126 | .family = NFPROTO_IPV4, | 126 | .family = NFPROTO_UNSPEC, |
| 127 | .checkentry = connbytes_mt_check, | 127 | .checkentry = connbytes_mt_check, |
| 128 | .match = connbytes_mt, | 128 | .match = connbytes_mt, |
| 129 | .destroy = connbytes_mt_destroy, | 129 | .destroy = connbytes_mt_destroy, |
| 130 | .matchsize = sizeof(struct xt_connbytes_info), | 130 | .matchsize = sizeof(struct xt_connbytes_info), |
| 131 | .me = THIS_MODULE | 131 | .me = THIS_MODULE, |
| 132 | }, | ||
| 133 | { | ||
| 134 | .name = "connbytes", | ||
| 135 | .family = NFPROTO_IPV6, | ||
| 136 | .checkentry = connbytes_mt_check, | ||
| 137 | .match = connbytes_mt, | ||
| 138 | .destroy = connbytes_mt_destroy, | ||
| 139 | .matchsize = sizeof(struct xt_connbytes_info), | ||
| 140 | .me = THIS_MODULE | ||
| 141 | }, | ||
| 142 | }; | 132 | }; |
| 143 | 133 | ||
| 144 | static int __init connbytes_mt_init(void) | 134 | static int __init connbytes_mt_init(void) |
| 145 | { | 135 | { |
| 146 | return xt_register_matches(connbytes_mt_reg, | 136 | return xt_register_match(&connbytes_mt_reg); |
| 147 | ARRAY_SIZE(connbytes_mt_reg)); | ||
| 148 | } | 137 | } |
| 149 | 138 | ||
| 150 | static void __exit connbytes_mt_exit(void) | 139 | static void __exit connbytes_mt_exit(void) |
| 151 | { | 140 | { |
| 152 | xt_unregister_matches(connbytes_mt_reg, ARRAY_SIZE(connbytes_mt_reg)); | 141 | xt_unregister_match(&connbytes_mt_reg); |
| 153 | } | 142 | } |
| 154 | 143 | ||
| 155 | module_init(connbytes_mt_init); | 144 | module_init(connbytes_mt_init); |
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c index bfb3ee6c7129..7f404cc64c83 100644 --- a/net/netfilter/xt_connlimit.c +++ b/net/netfilter/xt_connlimit.c | |||
| @@ -192,10 +192,10 @@ connlimit_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
| 192 | if (ct != NULL) | 192 | if (ct != NULL) |
| 193 | tuple_ptr = &ct->tuplehash[0].tuple; | 193 | tuple_ptr = &ct->tuplehash[0].tuple; |
| 194 | else if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb), | 194 | else if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb), |
| 195 | par->match->family, &tuple)) | 195 | par->family, &tuple)) |
| 196 | goto hotdrop; | 196 | goto hotdrop; |
| 197 | 197 | ||
| 198 | if (par->match->family == NFPROTO_IPV6) { | 198 | if (par->family == NFPROTO_IPV6) { |
| 199 | const struct ipv6hdr *iph = ipv6_hdr(skb); | 199 | const struct ipv6hdr *iph = ipv6_hdr(skb); |
| 200 | memcpy(&addr.ip6, &iph->saddr, sizeof(iph->saddr)); | 200 | memcpy(&addr.ip6, &iph->saddr, sizeof(iph->saddr)); |
| 201 | } else { | 201 | } else { |
| @@ -226,16 +226,16 @@ static bool connlimit_mt_check(const struct xt_mtchk_param *par) | |||
| 226 | struct xt_connlimit_info *info = par->matchinfo; | 226 | struct xt_connlimit_info *info = par->matchinfo; |
| 227 | unsigned int i; | 227 | unsigned int i; |
| 228 | 228 | ||
| 229 | if (nf_ct_l3proto_try_module_get(par->match->family) < 0) { | 229 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
| 230 | printk(KERN_WARNING "cannot load conntrack support for " | 230 | printk(KERN_WARNING "cannot load conntrack support for " |
| 231 | "address family %u\n", par->match->family); | 231 | "address family %u\n", par->family); |
| 232 | return false; | 232 | return false; |
| 233 | } | 233 | } |
| 234 | 234 | ||
| 235 | /* init private data */ | 235 | /* init private data */ |
| 236 | info->data = kmalloc(sizeof(struct xt_connlimit_data), GFP_KERNEL); | 236 | info->data = kmalloc(sizeof(struct xt_connlimit_data), GFP_KERNEL); |
| 237 | if (info->data == NULL) { | 237 | if (info->data == NULL) { |
| 238 | nf_ct_l3proto_module_put(par->match->family); | 238 | nf_ct_l3proto_module_put(par->family); |
| 239 | return false; | 239 | return false; |
| 240 | } | 240 | } |
| 241 | 241 | ||
| @@ -254,7 +254,7 @@ static void connlimit_mt_destroy(const struct xt_mtdtor_param *par) | |||
| 254 | struct list_head *hash = info->data->iphash; | 254 | struct list_head *hash = info->data->iphash; |
| 255 | unsigned int i; | 255 | unsigned int i; |
| 256 | 256 | ||
| 257 | nf_ct_l3proto_module_put(par->match->family); | 257 | nf_ct_l3proto_module_put(par->family); |
| 258 | 258 | ||
| 259 | for (i = 0; i < ARRAY_SIZE(info->data->iphash); ++i) { | 259 | for (i = 0; i < ARRAY_SIZE(info->data->iphash); ++i) { |
| 260 | list_for_each_entry_safe(conn, tmp, &hash[i], list) { | 260 | list_for_each_entry_safe(conn, tmp, &hash[i], list) { |
| @@ -266,41 +266,30 @@ static void connlimit_mt_destroy(const struct xt_mtdtor_param *par) | |||
| 266 | kfree(info->data); | 266 | kfree(info->data); |
| 267 | } | 267 | } |
| 268 | 268 | ||
| 269 | static struct xt_match connlimit_mt_reg[] __read_mostly = { | 269 | static struct xt_match connlimit_mt_reg __read_mostly = { |
| 270 | { | 270 | .name = "connlimit", |
| 271 | .name = "connlimit", | 271 | .revision = 0, |
| 272 | .family = NFPROTO_IPV4, | 272 | .family = NFPROTO_UNSPEC, |
| 273 | .checkentry = connlimit_mt_check, | 273 | .checkentry = connlimit_mt_check, |
| 274 | .match = connlimit_mt, | 274 | .match = connlimit_mt, |
| 275 | .matchsize = sizeof(struct xt_connlimit_info), | 275 | .matchsize = sizeof(struct xt_connlimit_info), |
| 276 | .destroy = connlimit_mt_destroy, | 276 | .destroy = connlimit_mt_destroy, |
| 277 | .me = THIS_MODULE, | 277 | .me = THIS_MODULE, |
| 278 | }, | ||
| 279 | { | ||
| 280 | .name = "connlimit", | ||
| 281 | .family = NFPROTO_IPV6, | ||
| 282 | .checkentry = connlimit_mt_check, | ||
| 283 | .match = connlimit_mt, | ||
| 284 | .matchsize = sizeof(struct xt_connlimit_info), | ||
| 285 | .destroy = connlimit_mt_destroy, | ||
| 286 | .me = THIS_MODULE, | ||
| 287 | }, | ||
| 288 | }; | 278 | }; |
| 289 | 279 | ||
| 290 | static int __init connlimit_mt_init(void) | 280 | static int __init connlimit_mt_init(void) |
| 291 | { | 281 | { |
| 292 | return xt_register_matches(connlimit_mt_reg, | 282 | return xt_register_match(&connlimit_mt_reg); |
| 293 | ARRAY_SIZE(connlimit_mt_reg)); | ||
| 294 | } | 283 | } |
| 295 | 284 | ||
| 296 | static void __exit connlimit_mt_exit(void) | 285 | static void __exit connlimit_mt_exit(void) |
| 297 | { | 286 | { |
| 298 | xt_unregister_matches(connlimit_mt_reg, ARRAY_SIZE(connlimit_mt_reg)); | 287 | xt_unregister_match(&connlimit_mt_reg); |
| 299 | } | 288 | } |
| 300 | 289 | ||
| 301 | module_init(connlimit_mt_init); | 290 | module_init(connlimit_mt_init); |
| 302 | module_exit(connlimit_mt_exit); | 291 | module_exit(connlimit_mt_exit); |
| 303 | MODULE_AUTHOR("Jan Engelhardt <jengelh@computergmbh.de>"); | 292 | MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>"); |
| 304 | MODULE_DESCRIPTION("Xtables: Number of connections matching"); | 293 | MODULE_DESCRIPTION("Xtables: Number of connections matching"); |
| 305 | MODULE_LICENSE("GPL"); | 294 | MODULE_LICENSE("GPL"); |
| 306 | MODULE_ALIAS("ipt_connlimit"); | 295 | MODULE_ALIAS("ipt_connlimit"); |
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c index c708577ea1bf..86cacab7a4a3 100644 --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c | |||
| @@ -69,9 +69,9 @@ static bool connmark_mt_check_v0(const struct xt_mtchk_param *par) | |||
| 69 | printk(KERN_WARNING "connmark: only support 32bit mark\n"); | 69 | printk(KERN_WARNING "connmark: only support 32bit mark\n"); |
| 70 | return false; | 70 | return false; |
| 71 | } | 71 | } |
| 72 | if (nf_ct_l3proto_try_module_get(par->match->family) < 0) { | 72 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
| 73 | printk(KERN_WARNING "can't load conntrack support for " | 73 | printk(KERN_WARNING "can't load conntrack support for " |
| 74 | "proto=%u\n", par->match->family); | 74 | "proto=%u\n", par->family); |
| 75 | return false; | 75 | return false; |
| 76 | } | 76 | } |
| 77 | return true; | 77 | return true; |
| @@ -79,9 +79,9 @@ static bool connmark_mt_check_v0(const struct xt_mtchk_param *par) | |||
| 79 | 79 | ||
| 80 | static bool connmark_mt_check(const struct xt_mtchk_param *par) | 80 | static bool connmark_mt_check(const struct xt_mtchk_param *par) |
| 81 | { | 81 | { |
| 82 | if (nf_ct_l3proto_try_module_get(par->match->family) < 0) { | 82 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
| 83 | printk(KERN_WARNING "cannot load conntrack support for " | 83 | printk(KERN_WARNING "cannot load conntrack support for " |
| 84 | "proto=%u\n", par->match->family); | 84 | "proto=%u\n", par->family); |
| 85 | return false; | 85 | return false; |
| 86 | } | 86 | } |
| 87 | return true; | 87 | return true; |
| @@ -89,7 +89,7 @@ static bool connmark_mt_check(const struct xt_mtchk_param *par) | |||
| 89 | 89 | ||
| 90 | static void connmark_mt_destroy(const struct xt_mtdtor_param *par) | 90 | static void connmark_mt_destroy(const struct xt_mtdtor_param *par) |
| 91 | { | 91 | { |
| 92 | nf_ct_l3proto_module_put(par->match->family); | 92 | nf_ct_l3proto_module_put(par->family); |
| 93 | } | 93 | } |
| 94 | 94 | ||
| 95 | #ifdef CONFIG_COMPAT | 95 | #ifdef CONFIG_COMPAT |
| @@ -127,7 +127,7 @@ static struct xt_match connmark_mt_reg[] __read_mostly = { | |||
| 127 | { | 127 | { |
| 128 | .name = "connmark", | 128 | .name = "connmark", |
| 129 | .revision = 0, | 129 | .revision = 0, |
| 130 | .family = NFPROTO_IPV4, | 130 | .family = NFPROTO_UNSPEC, |
| 131 | .checkentry = connmark_mt_check_v0, | 131 | .checkentry = connmark_mt_check_v0, |
| 132 | .match = connmark_mt_v0, | 132 | .match = connmark_mt_v0, |
| 133 | .destroy = connmark_mt_destroy, | 133 | .destroy = connmark_mt_destroy, |
| @@ -140,34 +140,9 @@ static struct xt_match connmark_mt_reg[] __read_mostly = { | |||
| 140 | .me = THIS_MODULE | 140 | .me = THIS_MODULE |
| 141 | }, | 141 | }, |
| 142 | { | 142 | { |
| 143 | .name = "connmark", | ||
| 144 | .revision = 0, | ||
| 145 | .family = NFPROTO_IPV6, | ||
| 146 | .checkentry = connmark_mt_check_v0, | ||
| 147 | .match = connmark_mt_v0, | ||
| 148 | .destroy = connmark_mt_destroy, | ||
| 149 | .matchsize = sizeof(struct xt_connmark_info), | ||
| 150 | #ifdef CONFIG_COMPAT | ||
| 151 | .compatsize = sizeof(struct compat_xt_connmark_info), | ||
| 152 | .compat_from_user = connmark_mt_compat_from_user_v0, | ||
| 153 | .compat_to_user = connmark_mt_compat_to_user_v0, | ||
| 154 | #endif | ||
| 155 | .me = THIS_MODULE | ||
| 156 | }, | ||
| 157 | { | ||
| 158 | .name = "connmark", | ||
| 159 | .revision = 1, | ||
| 160 | .family = NFPROTO_IPV4, | ||
| 161 | .checkentry = connmark_mt_check, | ||
| 162 | .match = connmark_mt, | ||
| 163 | .matchsize = sizeof(struct xt_connmark_mtinfo1), | ||
| 164 | .destroy = connmark_mt_destroy, | ||
| 165 | .me = THIS_MODULE, | ||
| 166 | }, | ||
| 167 | { | ||
| 168 | .name = "connmark", | 143 | .name = "connmark", |
| 169 | .revision = 1, | 144 | .revision = 1, |
| 170 | .family = NFPROTO_IPV6, | 145 | .family = NFPROTO_UNSPEC, |
| 171 | .checkentry = connmark_mt_check, | 146 | .checkentry = connmark_mt_check, |
| 172 | .match = connmark_mt, | 147 | .match = connmark_mt, |
| 173 | .matchsize = sizeof(struct xt_connmark_mtinfo1), | 148 | .matchsize = sizeof(struct xt_connmark_mtinfo1), |
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index 5cd58d7fcb1c..0b7139f3dd78 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c | |||
| @@ -238,22 +238,22 @@ conntrack_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
| 238 | return false; | 238 | return false; |
| 239 | 239 | ||
| 240 | if (info->match_flags & XT_CONNTRACK_ORIGSRC) | 240 | if (info->match_flags & XT_CONNTRACK_ORIGSRC) |
| 241 | if (conntrack_mt_origsrc(ct, info, par->match->family) ^ | 241 | if (conntrack_mt_origsrc(ct, info, par->family) ^ |
| 242 | !(info->invert_flags & XT_CONNTRACK_ORIGSRC)) | 242 | !(info->invert_flags & XT_CONNTRACK_ORIGSRC)) |
| 243 | return false; | 243 | return false; |
| 244 | 244 | ||
| 245 | if (info->match_flags & XT_CONNTRACK_ORIGDST) | 245 | if (info->match_flags & XT_CONNTRACK_ORIGDST) |
| 246 | if (conntrack_mt_origdst(ct, info, par->match->family) ^ | 246 | if (conntrack_mt_origdst(ct, info, par->family) ^ |
| 247 | !(info->invert_flags & XT_CONNTRACK_ORIGDST)) | 247 | !(info->invert_flags & XT_CONNTRACK_ORIGDST)) |
| 248 | return false; | 248 | return false; |
| 249 | 249 | ||
| 250 | if (info->match_flags & XT_CONNTRACK_REPLSRC) | 250 | if (info->match_flags & XT_CONNTRACK_REPLSRC) |
| 251 | if (conntrack_mt_replsrc(ct, info, par->match->family) ^ | 251 | if (conntrack_mt_replsrc(ct, info, par->family) ^ |
| 252 | !(info->invert_flags & XT_CONNTRACK_REPLSRC)) | 252 | !(info->invert_flags & XT_CONNTRACK_REPLSRC)) |
| 253 | return false; | 253 | return false; |
| 254 | 254 | ||
| 255 | if (info->match_flags & XT_CONNTRACK_REPLDST) | 255 | if (info->match_flags & XT_CONNTRACK_REPLDST) |
| 256 | if (conntrack_mt_repldst(ct, info, par->match->family) ^ | 256 | if (conntrack_mt_repldst(ct, info, par->family) ^ |
| 257 | !(info->invert_flags & XT_CONNTRACK_REPLDST)) | 257 | !(info->invert_flags & XT_CONNTRACK_REPLDST)) |
| 258 | return false; | 258 | return false; |
| 259 | 259 | ||
| @@ -280,9 +280,9 @@ conntrack_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
| 280 | 280 | ||
| 281 | static bool conntrack_mt_check(const struct xt_mtchk_param *par) | 281 | static bool conntrack_mt_check(const struct xt_mtchk_param *par) |
| 282 | { | 282 | { |
| 283 | if (nf_ct_l3proto_try_module_get(par->match->family) < 0) { | 283 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
| 284 | printk(KERN_WARNING "can't load conntrack support for " | 284 | printk(KERN_WARNING "can't load conntrack support for " |
| 285 | "proto=%u\n", par->match->family); | 285 | "proto=%u\n", par->family); |
| 286 | return false; | 286 | return false; |
| 287 | } | 287 | } |
| 288 | return true; | 288 | return true; |
| @@ -290,7 +290,7 @@ static bool conntrack_mt_check(const struct xt_mtchk_param *par) | |||
| 290 | 290 | ||
| 291 | static void conntrack_mt_destroy(const struct xt_mtdtor_param *par) | 291 | static void conntrack_mt_destroy(const struct xt_mtdtor_param *par) |
| 292 | { | 292 | { |
| 293 | nf_ct_l3proto_module_put(par->match->family); | 293 | nf_ct_l3proto_module_put(par->family); |
| 294 | } | 294 | } |
| 295 | 295 | ||
| 296 | #ifdef CONFIG_COMPAT | 296 | #ifdef CONFIG_COMPAT |
| @@ -361,17 +361,7 @@ static struct xt_match conntrack_mt_reg[] __read_mostly = { | |||
| 361 | { | 361 | { |
| 362 | .name = "conntrack", | 362 | .name = "conntrack", |
| 363 | .revision = 1, | 363 | .revision = 1, |
| 364 | .family = NFPROTO_IPV4, | 364 | .family = NFPROTO_UNSPEC, |
| 365 | .matchsize = sizeof(struct xt_conntrack_mtinfo1), | ||
| 366 | .match = conntrack_mt, | ||
| 367 | .checkentry = conntrack_mt_check, | ||
| 368 | .destroy = conntrack_mt_destroy, | ||
| 369 | .me = THIS_MODULE, | ||
| 370 | }, | ||
| 371 | { | ||
| 372 | .name = "conntrack", | ||
| 373 | .revision = 1, | ||
| 374 | .family = NFPROTO_IPV6, | ||
| 375 | .matchsize = sizeof(struct xt_conntrack_mtinfo1), | 365 | .matchsize = sizeof(struct xt_conntrack_mtinfo1), |
| 376 | .match = conntrack_mt, | 366 | .match = conntrack_mt, |
| 377 | .checkentry = conntrack_mt_check, | 367 | .checkentry = conntrack_mt_check, |
diff --git a/net/netfilter/xt_helper.c b/net/netfilter/xt_helper.c index 280c984349f3..64fc7f277221 100644 --- a/net/netfilter/xt_helper.c +++ b/net/netfilter/xt_helper.c | |||
| @@ -58,9 +58,9 @@ static bool helper_mt_check(const struct xt_mtchk_param *par) | |||
| 58 | { | 58 | { |
| 59 | struct xt_helper_info *info = par->matchinfo; | 59 | struct xt_helper_info *info = par->matchinfo; |
| 60 | 60 | ||
| 61 | if (nf_ct_l3proto_try_module_get(par->match->family) < 0) { | 61 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
| 62 | printk(KERN_WARNING "can't load conntrack support for " | 62 | printk(KERN_WARNING "can't load conntrack support for " |
| 63 | "proto=%u\n", par->match->family); | 63 | "proto=%u\n", par->family); |
| 64 | return false; | 64 | return false; |
| 65 | } | 65 | } |
| 66 | info->name[29] = '\0'; | 66 | info->name[29] = '\0'; |
| @@ -69,38 +69,28 @@ static bool helper_mt_check(const struct xt_mtchk_param *par) | |||
| 69 | 69 | ||
| 70 | static void helper_mt_destroy(const struct xt_mtdtor_param *par) | 70 | static void helper_mt_destroy(const struct xt_mtdtor_param *par) |
| 71 | { | 71 | { |
| 72 | nf_ct_l3proto_module_put(par->match->family); | 72 | nf_ct_l3proto_module_put(par->family); |
| 73 | } | 73 | } |
| 74 | 74 | ||
| 75 | static struct xt_match helper_mt_reg[] __read_mostly = { | 75 | static struct xt_match helper_mt_reg __read_mostly = { |
| 76 | { | 76 | .name = "helper", |
| 77 | .name = "helper", | 77 | .revision = 0, |
| 78 | .family = NFPROTO_IPV4, | 78 | .family = NFPROTO_UNSPEC, |
| 79 | .checkentry = helper_mt_check, | 79 | .checkentry = helper_mt_check, |
| 80 | .match = helper_mt, | 80 | .match = helper_mt, |
| 81 | .destroy = helper_mt_destroy, | 81 | .destroy = helper_mt_destroy, |
| 82 | .matchsize = sizeof(struct xt_helper_info), | 82 | .matchsize = sizeof(struct xt_helper_info), |
| 83 | .me = THIS_MODULE, | 83 | .me = THIS_MODULE, |
| 84 | }, | ||
| 85 | { | ||
| 86 | .name = "helper", | ||
| 87 | .family = NFPROTO_IPV6, | ||
| 88 | .checkentry = helper_mt_check, | ||
| 89 | .match = helper_mt, | ||
| 90 | .destroy = helper_mt_destroy, | ||
| 91 | .matchsize = sizeof(struct xt_helper_info), | ||
| 92 | .me = THIS_MODULE, | ||
| 93 | }, | ||
| 94 | }; | 84 | }; |
| 95 | 85 | ||
| 96 | static int __init helper_mt_init(void) | 86 | static int __init helper_mt_init(void) |
| 97 | { | 87 | { |
| 98 | return xt_register_matches(helper_mt_reg, ARRAY_SIZE(helper_mt_reg)); | 88 | return xt_register_match(&helper_mt_reg); |
| 99 | } | 89 | } |
| 100 | 90 | ||
| 101 | static void __exit helper_mt_exit(void) | 91 | static void __exit helper_mt_exit(void) |
| 102 | { | 92 | { |
| 103 | xt_unregister_matches(helper_mt_reg, ARRAY_SIZE(helper_mt_reg)); | 93 | xt_unregister_match(&helper_mt_reg); |
| 104 | } | 94 | } |
| 105 | 95 | ||
| 106 | module_init(helper_mt_init); | 96 | module_init(helper_mt_init); |
diff --git a/net/netfilter/xt_pkttype.c b/net/netfilter/xt_pkttype.c index 37753a377603..69da1d3a1d85 100644 --- a/net/netfilter/xt_pkttype.c +++ b/net/netfilter/xt_pkttype.c | |||
| @@ -30,10 +30,10 @@ pkttype_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
| 30 | 30 | ||
| 31 | if (skb->pkt_type != PACKET_LOOPBACK) | 31 | if (skb->pkt_type != PACKET_LOOPBACK) |
| 32 | type = skb->pkt_type; | 32 | type = skb->pkt_type; |
| 33 | else if (par->match->family == NFPROTO_IPV4 && | 33 | else if (par->family == NFPROTO_IPV4 && |
| 34 | ipv4_is_multicast(ip_hdr(skb)->daddr)) | 34 | ipv4_is_multicast(ip_hdr(skb)->daddr)) |
| 35 | type = PACKET_MULTICAST; | 35 | type = PACKET_MULTICAST; |
| 36 | else if (par->match->family == NFPROTO_IPV6 && | 36 | else if (par->family == NFPROTO_IPV6 && |
| 37 | ipv6_hdr(skb)->daddr.s6_addr[0] == 0xFF) | 37 | ipv6_hdr(skb)->daddr.s6_addr[0] == 0xFF) |
| 38 | type = PACKET_MULTICAST; | 38 | type = PACKET_MULTICAST; |
| 39 | else | 39 | else |
| @@ -42,31 +42,23 @@ pkttype_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
| 42 | return (type == info->pkttype) ^ info->invert; | 42 | return (type == info->pkttype) ^ info->invert; |
| 43 | } | 43 | } |
| 44 | 44 | ||
| 45 | static struct xt_match pkttype_mt_reg[] __read_mostly = { | 45 | static struct xt_match pkttype_mt_reg __read_mostly = { |
| 46 | { | 46 | .name = "pkttype", |
| 47 | .name = "pkttype", | 47 | .revision = 0, |
| 48 | .family = NFPROTO_IPV4, | 48 | .family = NFPROTO_UNSPEC, |
| 49 | .match = pkttype_mt, | 49 | .match = pkttype_mt, |
| 50 | .matchsize = sizeof(struct xt_pkttype_info), | 50 | .matchsize = sizeof(struct xt_pkttype_info), |
| 51 | .me = THIS_MODULE, | 51 | .me = THIS_MODULE, |
| 52 | }, | ||
| 53 | { | ||
| 54 | .name = "pkttype", | ||
| 55 | .family = NFPROTO_IPV6, | ||
| 56 | .match = pkttype_mt, | ||
| 57 | .matchsize = sizeof(struct xt_pkttype_info), | ||
| 58 | .me = THIS_MODULE, | ||
| 59 | }, | ||
| 60 | }; | 52 | }; |
| 61 | 53 | ||
| 62 | static int __init pkttype_mt_init(void) | 54 | static int __init pkttype_mt_init(void) |
| 63 | { | 55 | { |
| 64 | return xt_register_matches(pkttype_mt_reg, ARRAY_SIZE(pkttype_mt_reg)); | 56 | return xt_register_match(&pkttype_mt_reg); |
| 65 | } | 57 | } |
| 66 | 58 | ||
| 67 | static void __exit pkttype_mt_exit(void) | 59 | static void __exit pkttype_mt_exit(void) |
| 68 | { | 60 | { |
| 69 | xt_unregister_matches(pkttype_mt_reg, ARRAY_SIZE(pkttype_mt_reg)); | 61 | xt_unregister_match(&pkttype_mt_reg); |
| 70 | } | 62 | } |
| 71 | 63 | ||
| 72 | module_init(pkttype_mt_init); | 64 | module_init(pkttype_mt_init); |