netfilter: xtables: move extension arguments into compound structure (5/6)

This patch does this for target extensions' checkentry functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Jan Engelhardt <jengelh@medozas.de> 2008-10-08 05:35:19 -0400
committer: Patrick McHardy <kaber@trash.net> 2008-10-08 05:35:19 -0400
commit: af5d6dc200eb0fcc6fbd3df1ab4d8969004cb37f (patch)
tree: 06f5805d0a98a421f23380bdb044f93216204b9d /net/bridge
parent: 7eb3558655aaa87a3e71a0c065dfaddda521fa6d (diff)
9 files changed, 48 insertions, 63 deletions
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c
index fc94699f719e..76584cd72e57 100644
--- a/net/bridge/netfilter/ebt_arpreply.c
+++ b/net/bridge/netfilter/ebt_arpreply.c
@@ -57,20 +57,16 @@ ebt_arpreply_tg(struct sk_buff *skb, const struct xt_target_param *par)
        return info->target;
 }
-static bool
+static bool ebt_arpreply_tg_check(const struct xt_tgchk_param *par)
-ebt_arpreply_tg_check(const char *tablename, const void *entry,
-                      const struct xt_target *target, void *data,
-                      unsigned int hookmask)
 {
-        const struct ebt_arpreply_info *info = data;
+        const struct ebt_arpreply_info *info = par->targinfo;
-        const struct ebt_entry *e = entry;
+        const struct ebt_entry *e = par->entryinfo;
        if (BASE_CHAIN && info->target == EBT_RETURN)
                return false;
        if (e->ethproto != htons(ETH_P_ARP) ||
            e->invflags & EBT_IPROTO)
                return false;
-        CLEAR_BASE_CHAIN_BIT;
        return true;
 }
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c
index bb5d79e0beea..6b49ea9e31fb 100644
--- a/net/bridge/netfilter/ebt_dnat.c
+++ b/net/bridge/netfilter/ebt_dnat.c
@@ -26,19 +26,20 @@ ebt_dnat_tg(struct sk_buff *skb, const struct xt_target_param *par)
        return info->target;
 }
-static bool
+static bool ebt_dnat_tg_check(const struct xt_tgchk_param *par)
-ebt_dnat_tg_check(const char *tablename, const void *entry,
-                  const struct xt_target *target, void *data,
-                  unsigned int hookmask)
 {
-        const struct ebt_nat_info *info = data;
+        const struct ebt_nat_info *info = par->targinfo;
+        unsigned int hook_mask;
        if (BASE_CHAIN && info->target == EBT_RETURN)
                return false;
-        CLEAR_BASE_CHAIN_BIT;
-        if ( (strcmp(tablename, "nat") ||
+        hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS);
-           (hookmask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT)))) &&
+        if ((strcmp(par->table, "nat") != 0 ||
-           (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) )
+            (hook_mask & ~((1 << NF_BR_PRE_ROUTING) |
+            (1 << NF_BR_LOCAL_OUT)))) &&
+            (strcmp(par->table, "broute") != 0 ||
+            hook_mask & ~(1 << NF_BR_BROUTING)))
                return false;
        if (INVALID_TARGET)
                return false;
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index 87de5fccb2f1..3d33c608906a 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -24,12 +24,9 @@
 static DEFINE_SPINLOCK(ebt_log_lock);
-static bool
+static bool ebt_log_tg_check(const struct xt_tgchk_param *par)
-ebt_log_tg_check(const char *table, const void *entry,
-                 const struct xt_target *target, void *data,
-                 unsigned int hook_mask)
 {
-        struct ebt_log_info *info = data;
+        struct ebt_log_info *info = par->targinfo;
        if (info->bitmask & ~EBT_LOG_MASK)
                return false;
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c
index aafc456c3c3b..2fee7e8e2e93 100644
--- a/net/bridge/netfilter/ebt_mark.c
+++ b/net/bridge/netfilter/ebt_mark.c
@@ -36,18 +36,14 @@ ebt_mark_tg(struct sk_buff *skb, const struct xt_target_param *par)
        return info->target | ~EBT_VERDICT_BITS;
 }
-static bool
+static bool ebt_mark_tg_check(const struct xt_tgchk_param *par)
-ebt_mark_tg_check(const char *table, const void *e,
-                  const struct xt_target *target, void *data,
-                  unsigned int hookmask)
 {
-        const struct ebt_mark_t_info *info = data;
+        const struct ebt_mark_t_info *info = par->targinfo;
        int tmp;
        tmp = info->target | ~EBT_VERDICT_BITS;
        if (BASE_CHAIN && tmp == EBT_RETURN)
                return false;
-        CLEAR_BASE_CHAIN_BIT;
        if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0)
                return false;
        tmp = info->target & ~EBT_VERDICT_BITS;
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c
index 6a28d994cf7d..2a63d996dd4e 100644
--- a/net/bridge/netfilter/ebt_nflog.c
+++ b/net/bridge/netfilter/ebt_nflog.c
@@ -35,12 +35,9 @@ ebt_nflog_tg(struct sk_buff *skb, const struct xt_target_param *par)
        return EBT_CONTINUE;
 }
-static bool
+static bool ebt_nflog_tg_check(const struct xt_tgchk_param *par)
-ebt_nflog_tg_check(const char *table, const void *e,
-                   const struct xt_target *target, void *data,
-                   unsigned int hookmask)
 {
-        struct ebt_nflog_info *info = data;
+        struct ebt_nflog_info *info = par->targinfo;
        if (info->flags & ~EBT_NFLOG_MASK)
                return false;
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c
index 0cfe2fad9404..c8a49f7a57ba 100644
--- a/net/bridge/netfilter/ebt_redirect.c
+++ b/net/bridge/netfilter/ebt_redirect.c
@@ -32,18 +32,19 @@ ebt_redirect_tg(struct sk_buff *skb, const struct xt_target_param *par)
        return info->target;
 }
-static bool
+static bool ebt_redirect_tg_check(const struct xt_tgchk_param *par)
-ebt_redirect_tg_check(const char *tablename, const void *e,
-                      const struct xt_target *target, void *data,
-                      unsigned int hookmask)
 {
-        const struct ebt_redirect_info *info = data;
+        const struct ebt_redirect_info *info = par->targinfo;
+        unsigned int hook_mask;
        if (BASE_CHAIN && info->target == EBT_RETURN)
                return false;
-        CLEAR_BASE_CHAIN_BIT;
-        if ( (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING)) &&
+        hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS);
-             (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) )
+        if ((strcmp(par->table, "nat") != 0 ||
+            hook_mask & ~(1 << NF_BR_PRE_ROUTING)) &&
+            (strcmp(par->table, "broute") != 0 ||
+            hook_mask & ~(1 << NF_BR_BROUTING)))
                return false;
        if (INVALID_TARGET)
                return false;
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c
index f55960eee996..8d04d4c302bd 100644
--- a/net/bridge/netfilter/ebt_snat.c
+++ b/net/bridge/netfilter/ebt_snat.c
@@ -42,18 +42,14 @@ out:
        return info->target | ~EBT_VERDICT_BITS;
 }
-static bool
+static bool ebt_snat_tg_check(const struct xt_tgchk_param *par)
-ebt_snat_tg_check(const char *tablename, const void *e,
-                  const struct xt_target *target, void *data,
-                  unsigned int hookmask)
 {
-        const struct ebt_nat_info *info = data;
+        const struct ebt_nat_info *info = par->targinfo;
        int tmp;
        tmp = info->target | ~EBT_VERDICT_BITS;
        if (BASE_CHAIN && tmp == EBT_RETURN)
                return false;
-        CLEAR_BASE_CHAIN_BIT;
        if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0)
                return false;
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
index bfedf12cbf41..2c6d6823e703 100644
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -254,12 +254,9 @@ ebt_ulog_tg(struct sk_buff *skb, const struct xt_target_param *par)
        return EBT_CONTINUE;
 }
-static bool
+static bool ebt_ulog_tg_check(const struct xt_tgchk_param *par)
-ebt_ulog_tg_check(const char *table, const void *entry,
-                  const struct xt_target *target, void *data,
-                  unsigned int hookmask)
 {
-        struct ebt_ulog_info *uloginfo = data;
+        struct ebt_ulog_info *uloginfo = par->targinfo;
        if (uloginfo->nlgroup > 31)
                return false;
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index a1156bab4a03..cf823c21c166 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -363,9 +363,10 @@ ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
 }
 static inline int
-ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
+ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par,
-   const char *name, unsigned int hookmask, unsigned int *cnt)
+                  unsigned int *cnt)
 {
+        const struct ebt_entry *e = par->entryinfo;
        struct xt_target *watcher;
        size_t left = ((char *)e + e->target_offset) - (char *)w;
        int ret;
@@ -383,9 +384,10 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
                return -ENOENT;
        w->u.watcher = watcher;
-        ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size,
+        par->target   = watcher;
-              name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
+        par->targinfo = w->data;
-              e, w->data);
+        ret = xt_check_target(par, NFPROTO_BRIDGE, w->watcher_size,
+              e->ethproto, e->invflags & EBT_IPROTO);
        if (ret < 0) {
                module_put(watcher->me);
                return ret;
@@ -619,6 +621,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
        size_t gap;
        int ret;
        struct xt_mtchk_param mtpar;
+        struct xt_tgchk_param tgpar;
        /* don't mess with the struct ebt_entries */
        if (e->bitmask == 0)
@@ -660,14 +663,14 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
        }
        i = 0;
-        mtpar.table     = name;
+        mtpar.table     = tgpar.table     = name;
-        mtpar.entryinfo = e;
+        mtpar.entryinfo = tgpar.entryinfo = e;
-        mtpar.hook_mask = hookmask;
+        mtpar.hook_mask = tgpar.hook_mask = hookmask;
        ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
        if (ret != 0)
                goto cleanup_matches;
        j = 0;
-        ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j);
+        ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
        if (ret != 0)
                goto cleanup_watchers;
        t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
@@ -703,9 +706,10 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
                goto cleanup_watchers;
        }
-        ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size,
+        tgpar.target   = target;
-              name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
+        tgpar.targinfo = t->data;
-              e, t->data);
+        ret = xt_check_target(&tgpar, NFPROTO_BRIDGE, t->target_size,
+              e->ethproto, e->invflags & EBT_IPROTO);
        if (ret < 0) {
                module_put(target->me);
                goto cleanup_watchers;
author	Jan Engelhardt <jengelh@medozas.de>	2008-10-08 05:35:19 -0400
committer	Patrick McHardy <kaber@trash.net>	2008-10-08 05:35:19 -0400
commit	af5d6dc200eb0fcc6fbd3df1ab4d8969004cb37f (patch)
tree	06f5805d0a98a421f23380bdb044f93216204b9d /net/bridge
parent	7eb3558655aaa87a3e71a0c065dfaddda521fa6d (diff)

diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c index fc94699f719e..76584cd72e57 100644 --- a/net/bridge/netfilter/ebt_arpreply.c +++ b/net/bridge/netfilter/ebt_arpreply.c
@@ -57,20 +57,16 @@ ebt_arpreply_tg(struct sk_buff skb, const struct xt_target_param par)
57	return info->target;	57	return info->target;
58	}	58	}
59		59
60	static bool	60	static bool ebt_arpreply_tg_check(const struct xt_tgchk_param *par)
61	ebt_arpreply_tg_check(const char tablename, const void entry,
62	const struct xt_target target, void data,
63	unsigned int hookmask)
64	{	61	{
65	const struct ebt_arpreply_info *info = data;	62	const struct ebt_arpreply_info *info = par->targinfo;
66	const struct ebt_entry *e = entry;	63	const struct ebt_entry *e = par->entryinfo;
67		64
68	if (BASE_CHAIN && info->target == EBT_RETURN)	65	if (BASE_CHAIN && info->target == EBT_RETURN)
69	return false;	66	return false;
70	if (e->ethproto != htons(ETH_P_ARP) \|\|	67	if (e->ethproto != htons(ETH_P_ARP) \|\|
71	e->invflags & EBT_IPROTO)	68	e->invflags & EBT_IPROTO)
72	return false;	69	return false;
73	CLEAR_BASE_CHAIN_BIT;
74	return true;	70	return true;
75	}	71	}
76		72


diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c index bb5d79e0beea..6b49ea9e31fb 100644 --- a/net/bridge/netfilter/ebt_dnat.c +++ b/net/bridge/netfilter/ebt_dnat.c
@@ -26,19 +26,20 @@ ebt_dnat_tg(struct sk_buff skb, const struct xt_target_param par)
26	return info->target;	26	return info->target;
27	}	27	}
28		28
29	static bool	29	static bool ebt_dnat_tg_check(const struct xt_tgchk_param *par)
30	ebt_dnat_tg_check(const char tablename, const void entry,
31	const struct xt_target target, void data,
32	unsigned int hookmask)
33	{	30	{
34	const struct ebt_nat_info *info = data;	31	const struct ebt_nat_info *info = par->targinfo;
		32	unsigned int hook_mask;
35		33
36	if (BASE_CHAIN && info->target == EBT_RETURN)	34	if (BASE_CHAIN && info->target == EBT_RETURN)
37	return false;	35	return false;
38	CLEAR_BASE_CHAIN_BIT;	36
39	if ( (strcmp(tablename, "nat") \|\|	37	hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS);
40	(hookmask & ~((1 << NF_BR_PRE_ROUTING) \| (1 << NF_BR_LOCAL_OUT)))) &&	38	if ((strcmp(par->table, "nat") != 0 \|\|
41	(strcmp(tablename, "broute") \|\| hookmask & ~(1 << NF_BR_BROUTING)) )	39	(hook_mask & ~((1 << NF_BR_PRE_ROUTING) \|
		40	(1 << NF_BR_LOCAL_OUT)))) &&
		41	(strcmp(par->table, "broute") != 0 \|\|
		42	hook_mask & ~(1 << NF_BR_BROUTING)))
42	return false;	43	return false;
43	if (INVALID_TARGET)	44	if (INVALID_TARGET)
44	return false;	45	return false;


diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c index 87de5fccb2f1..3d33c608906a 100644 --- a/net/bridge/netfilter/ebt_log.c +++ b/net/bridge/netfilter/ebt_log.c
@@ -24,12 +24,9 @@
24		24
25	static DEFINE_SPINLOCK(ebt_log_lock);	25	static DEFINE_SPINLOCK(ebt_log_lock);
26		26
27	static bool	27	static bool ebt_log_tg_check(const struct xt_tgchk_param *par)
28	ebt_log_tg_check(const char table, const void entry,
29	const struct xt_target target, void data,
30	unsigned int hook_mask)
31	{	28	{
32	struct ebt_log_info *info = data;	29	struct ebt_log_info *info = par->targinfo;
33		30
34	if (info->bitmask & ~EBT_LOG_MASK)	31	if (info->bitmask & ~EBT_LOG_MASK)
35	return false;	32	return false;


diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c index aafc456c3c3b..2fee7e8e2e93 100644 --- a/net/bridge/netfilter/ebt_mark.c +++ b/net/bridge/netfilter/ebt_mark.c
@@ -36,18 +36,14 @@ ebt_mark_tg(struct sk_buff skb, const struct xt_target_param par)
36	return info->target \| ~EBT_VERDICT_BITS;	36	return info->target \| ~EBT_VERDICT_BITS;
37	}	37	}
38		38
39	static bool	39	static bool ebt_mark_tg_check(const struct xt_tgchk_param *par)
40	ebt_mark_tg_check(const char table, const void e,
41	const struct xt_target target, void data,
42	unsigned int hookmask)
43	{	40	{
44	const struct ebt_mark_t_info *info = data;	41	const struct ebt_mark_t_info *info = par->targinfo;
45	int tmp;	42	int tmp;
46		43
47	tmp = info->target \| ~EBT_VERDICT_BITS;	44	tmp = info->target \| ~EBT_VERDICT_BITS;
48	if (BASE_CHAIN && tmp == EBT_RETURN)	45	if (BASE_CHAIN && tmp == EBT_RETURN)
49	return false;	46	return false;
50	CLEAR_BASE_CHAIN_BIT;
51	if (tmp < -NUM_STANDARD_TARGETS \|\| tmp >= 0)	47	if (tmp < -NUM_STANDARD_TARGETS \|\| tmp >= 0)
52	return false;	48	return false;
53	tmp = info->target & ~EBT_VERDICT_BITS;	49	tmp = info->target & ~EBT_VERDICT_BITS;


diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c index 6a28d994cf7d..2a63d996dd4e 100644 --- a/net/bridge/netfilter/ebt_nflog.c +++ b/net/bridge/netfilter/ebt_nflog.c
@@ -35,12 +35,9 @@ ebt_nflog_tg(struct sk_buff skb, const struct xt_target_param par)
35	return EBT_CONTINUE;	35	return EBT_CONTINUE;
36	}	36	}
37		37
38	static bool	38	static bool ebt_nflog_tg_check(const struct xt_tgchk_param *par)
39	ebt_nflog_tg_check(const char table, const void e,
40	const struct xt_target target, void data,
41	unsigned int hookmask)
42	{	39	{
43	struct ebt_nflog_info *info = data;	40	struct ebt_nflog_info *info = par->targinfo;
44		41
45	if (info->flags & ~EBT_NFLOG_MASK)	42	if (info->flags & ~EBT_NFLOG_MASK)
46	return false;	43	return false;


diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c index 0cfe2fad9404..c8a49f7a57ba 100644 --- a/net/bridge/netfilter/ebt_redirect.c +++ b/net/bridge/netfilter/ebt_redirect.c
@@ -32,18 +32,19 @@ ebt_redirect_tg(struct sk_buff skb, const struct xt_target_param par)
32	return info->target;	32	return info->target;
33	}	33	}
34		34
35	static bool	35	static bool ebt_redirect_tg_check(const struct xt_tgchk_param *par)
36	ebt_redirect_tg_check(const char tablename, const void e,
37	const struct xt_target target, void data,
38	unsigned int hookmask)
39	{	36	{
40	const struct ebt_redirect_info *info = data;	37	const struct ebt_redirect_info *info = par->targinfo;
		38	unsigned int hook_mask;
41		39
42	if (BASE_CHAIN && info->target == EBT_RETURN)	40	if (BASE_CHAIN && info->target == EBT_RETURN)
43	return false;	41	return false;
44	CLEAR_BASE_CHAIN_BIT;	42
45	if ( (strcmp(tablename, "nat") \|\| hookmask & ~(1 << NF_BR_PRE_ROUTING)) &&	43	hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS);
46	(strcmp(tablename, "broute") \|\| hookmask & ~(1 << NF_BR_BROUTING)) )	44	if ((strcmp(par->table, "nat") != 0 \|\|
		45	hook_mask & ~(1 << NF_BR_PRE_ROUTING)) &&
		46	(strcmp(par->table, "broute") != 0 \|\|
		47	hook_mask & ~(1 << NF_BR_BROUTING)))
47	return false;	48	return false;
48	if (INVALID_TARGET)	49	if (INVALID_TARGET)
49	return false;	50	return false;


diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c index f55960eee996..8d04d4c302bd 100644 --- a/net/bridge/netfilter/ebt_snat.c +++ b/net/bridge/netfilter/ebt_snat.c
@@ -42,18 +42,14 @@ out:
42	return info->target \| ~EBT_VERDICT_BITS;	42	return info->target \| ~EBT_VERDICT_BITS;
43	}	43	}
44		44
45	static bool	45	static bool ebt_snat_tg_check(const struct xt_tgchk_param *par)
46	ebt_snat_tg_check(const char tablename, const void e,
47	const struct xt_target target, void data,
48	unsigned int hookmask)
49	{	46	{
50	const struct ebt_nat_info *info = data;	47	const struct ebt_nat_info *info = par->targinfo;
51	int tmp;	48	int tmp;
52		49
53	tmp = info->target \| ~EBT_VERDICT_BITS;	50	tmp = info->target \| ~EBT_VERDICT_BITS;
54	if (BASE_CHAIN && tmp == EBT_RETURN)	51	if (BASE_CHAIN && tmp == EBT_RETURN)
55	return false;	52	return false;
56	CLEAR_BASE_CHAIN_BIT;
57		53
58	if (tmp < -NUM_STANDARD_TARGETS \|\| tmp >= 0)	54	if (tmp < -NUM_STANDARD_TARGETS \|\| tmp >= 0)
59	return false;	55	return false;


diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c index bfedf12cbf41..2c6d6823e703 100644 --- a/net/bridge/netfilter/ebt_ulog.c +++ b/net/bridge/netfilter/ebt_ulog.c
@@ -254,12 +254,9 @@ ebt_ulog_tg(struct sk_buff skb, const struct xt_target_param par)
254	return EBT_CONTINUE;	254	return EBT_CONTINUE;
255	}	255	}
256		256
257	static bool	257	static bool ebt_ulog_tg_check(const struct xt_tgchk_param *par)
258	ebt_ulog_tg_check(const char table, const void entry,
259	const struct xt_target target, void data,
260	unsigned int hookmask)
261	{	258	{
262	struct ebt_ulog_info *uloginfo = data;	259	struct ebt_ulog_info *uloginfo = par->targinfo;
263		260
264	if (uloginfo->nlgroup > 31)	261	if (uloginfo->nlgroup > 31)
265	return false;	262	return false;


diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index a1156bab4a03..cf823c21c166 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c
@@ -363,9 +363,10 @@ ebt_check_match(struct ebt_entry_match m, struct xt_mtchk_param par,
363	}	363	}
364		364
365	static inline int	365	static inline int
366	ebt_check_watcher(struct ebt_entry_watcher w, struct ebt_entry e,	366	ebt_check_watcher(struct ebt_entry_watcher w, struct xt_tgchk_param par,
367	const char name, unsigned int hookmask, unsigned int cnt)	367	unsigned int *cnt)
368	{	368	{
		369	const struct ebt_entry *e = par->entryinfo;
369	struct xt_target *watcher;	370	struct xt_target *watcher;
370	size_t left = ((char )e + e->target_offset) - (char )w;	371	size_t left = ((char )e + e->target_offset) - (char )w;
371	int ret;	372	int ret;
@@ -383,9 +384,10 @@ ebt_check_watcher(struct ebt_entry_watcher w, struct ebt_entry e,
383	return -ENOENT;	384	return -ENOENT;
384	w->u.watcher = watcher;	385	w->u.watcher = watcher;
385		386
386	ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size,	387	par->target = watcher;
387	name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,	388	par->targinfo = w->data;
388	e, w->data);	389	ret = xt_check_target(par, NFPROTO_BRIDGE, w->watcher_size,
		390	e->ethproto, e->invflags & EBT_IPROTO);
389	if (ret < 0) {	391	if (ret < 0) {
390	module_put(watcher->me);	392	module_put(watcher->me);
391	return ret;	393	return ret;
@@ -619,6 +621,7 @@ ebt_check_entry(struct ebt_entry e, struct ebt_table_info newinfo,
619	size_t gap;	621	size_t gap;
620	int ret;	622	int ret;
621	struct xt_mtchk_param mtpar;	623	struct xt_mtchk_param mtpar;
		624	struct xt_tgchk_param tgpar;
622		625
623	/* don't mess with the struct ebt_entries */	626	/* don't mess with the struct ebt_entries */
624	if (e->bitmask == 0)	627	if (e->bitmask == 0)
@@ -660,14 +663,14 @@ ebt_check_entry(struct ebt_entry e, struct ebt_table_info newinfo,
660	}	663	}
661	i = 0;	664	i = 0;
662		665
663	mtpar.table = name;	666	mtpar.table = tgpar.table = name;
664	mtpar.entryinfo = e;	667	mtpar.entryinfo = tgpar.entryinfo = e;
665	mtpar.hook_mask = hookmask;	668	mtpar.hook_mask = tgpar.hook_mask = hookmask;
666	ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);	669	ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
667	if (ret != 0)	670	if (ret != 0)
668	goto cleanup_matches;	671	goto cleanup_matches;
669	j = 0;	672	j = 0;
670	ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j);	673	ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
671	if (ret != 0)	674	if (ret != 0)
672	goto cleanup_watchers;	675	goto cleanup_watchers;
673	t = (struct ebt_entry_target )(((char )e) + e->target_offset);	676	t = (struct ebt_entry_target )(((char )e) + e->target_offset);
@@ -703,9 +706,10 @@ ebt_check_entry(struct ebt_entry e, struct ebt_table_info newinfo,
703	goto cleanup_watchers;	706	goto cleanup_watchers;
704	}	707	}
705		708
706	ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size,	709	tgpar.target = target;
707	name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,	710	tgpar.targinfo = t->data;
708	e, t->data);	711	ret = xt_check_target(&tgpar, NFPROTO_BRIDGE, t->target_size,
		712	e->ethproto, e->invflags & EBT_IPROTO);
709	if (ret < 0) {	713	if (ret < 0) {
710	module_put(target->me);	714	module_put(target->me);
711	goto cleanup_watchers;	715	goto cleanup_watchers;