diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2008-10-08 05:35:17 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:17 -0400 |
| commit | 367c679007fa4f990eb7ee381326ec59d8148b0e (patch) | |
| tree | a543f22332eba9ef972ed8ea6e66448921671ef7 /net/bridge | |
| parent | 147c3844ad381b58715a6ee2ea697594e3c06284 (diff) | |
netfilter: xtables: do centralized checkentry call (1/2)
It used to be that {ip,ip6,etc}_tables called extension->checkentry
themselves, but this can be moved into the xtables core.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/bridge')
| -rw-r--r-- | net/bridge/netfilter/ebtables.c | 24 |
1 files changed, 6 insertions, 18 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 7d8ead52d25f..7ee72b71d3cb 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
| @@ -340,15 +340,11 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, | |||
| 340 | m->u.match = match; | 340 | m->u.match = match; |
| 341 | 341 | ||
| 342 | ret = xt_check_match(match, NFPROTO_BRIDGE, m->match_size, | 342 | ret = xt_check_match(match, NFPROTO_BRIDGE, m->match_size, |
| 343 | name, hookmask, e->ethproto, e->invflags & EBT_IPROTO); | 343 | name, hookmask, e->ethproto, e->invflags & EBT_IPROTO, |
| 344 | e, m->data); | ||
| 344 | if (ret < 0) { | 345 | if (ret < 0) { |
| 345 | module_put(match->me); | 346 | module_put(match->me); |
| 346 | return ret; | 347 | return ret; |
| 347 | } else if (match->checkentry != NULL && | ||
| 348 | !match->checkentry(name, e, NULL, m->data, hookmask)) { | ||
| 349 | module_put(match->me); | ||
| 350 | BUGPRINT("match->check failed\n"); | ||
| 351 | return -EINVAL; | ||
| 352 | } | 348 | } |
| 353 | 349 | ||
| 354 | (*cnt)++; | 350 | (*cnt)++; |
| @@ -377,15 +373,11 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, | |||
| 377 | w->u.watcher = watcher; | 373 | w->u.watcher = watcher; |
| 378 | 374 | ||
| 379 | ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size, | 375 | ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size, |
| 380 | name, hookmask, e->ethproto, e->invflags & EBT_IPROTO); | 376 | name, hookmask, e->ethproto, e->invflags & EBT_IPROTO, |
| 377 | e, w->data); | ||
| 381 | if (ret < 0) { | 378 | if (ret < 0) { |
| 382 | module_put(watcher->me); | 379 | module_put(watcher->me); |
| 383 | return ret; | 380 | return ret; |
| 384 | } else if (watcher->checkentry != NULL && | ||
| 385 | !watcher->checkentry(name, e, NULL, w->data, hookmask)) { | ||
| 386 | module_put(watcher->me); | ||
| 387 | BUGPRINT("watcher->check failed\n"); | ||
| 388 | return -EINVAL; | ||
| 389 | } | 381 | } |
| 390 | 382 | ||
| 391 | (*cnt)++; | 383 | (*cnt)++; |
| @@ -692,15 +684,11 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, | |||
| 692 | } | 684 | } |
| 693 | 685 | ||
| 694 | ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size, | 686 | ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size, |
| 695 | name, hookmask, e->ethproto, e->invflags & EBT_IPROTO); | 687 | name, hookmask, e->ethproto, e->invflags & EBT_IPROTO, |
| 688 | e, t->data); | ||
| 696 | if (ret < 0) { | 689 | if (ret < 0) { |
| 697 | module_put(target->me); | 690 | module_put(target->me); |
| 698 | goto cleanup_watchers; | 691 | goto cleanup_watchers; |
| 699 | } else if (t->u.target->checkentry && | ||
| 700 | !t->u.target->checkentry(name, e, NULL, t->data, hookmask)) { | ||
| 701 | module_put(t->u.target->me); | ||
| 702 | ret = -EINVAL; | ||
| 703 | goto cleanup_watchers; | ||
| 704 | } | 692 | } |
| 705 | (*cnt)++; | 693 | (*cnt)++; |
| 706 | return 0; | 694 | return 0; |