aboutsummaryrefslogtreecommitdiffstats
path: root/net/bridge
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2008-10-08 05:35:15 -0400
committerPatrick McHardy <kaber@trash.net>2008-10-08 05:35:15 -0400
commitf2ff525c8dae57b3cda51d76443f60f764f34202 (patch)
treeb28a6ed575375014dc14fc5b758e3d6da64977c2 /net/bridge
parent102befab75c438bfa356c6976026326728771ebc (diff)
netfilter: ebtables: use generic table checking
Ebtables ORs (1 << NF_BR_NUMHOOKS) into the hook mask to indicate that the extension was called from a base chain. So this also needs to be present in the extensions' ->hooks. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/bridge')
-rw-r--r--net/bridge/netfilter/ebt_arpreply.c4
-rw-r--r--net/bridge/netfilter/ebt_dnat.c2
-rw-r--r--net/bridge/netfilter/ebt_redirect.c2
-rw-r--r--net/bridge/netfilter/ebt_snat.c6
4 files changed, 8 insertions, 6 deletions
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c
index 8071b64af46f..0e51c8d7e5f2 100644
--- a/net/bridge/netfilter/ebt_arpreply.c
+++ b/net/bridge/netfilter/ebt_arpreply.c
@@ -73,8 +73,6 @@ ebt_arpreply_tg_check(const char *tablename, const void *entry,
73 e->invflags & EBT_IPROTO) 73 e->invflags & EBT_IPROTO)
74 return false; 74 return false;
75 CLEAR_BASE_CHAIN_BIT; 75 CLEAR_BASE_CHAIN_BIT;
76 if (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING))
77 return false;
78 return true; 76 return true;
79} 77}
80 78
@@ -82,6 +80,8 @@ static struct xt_target ebt_arpreply_tg_reg __read_mostly = {
82 .name = "arpreply", 80 .name = "arpreply",
83 .revision = 0, 81 .revision = 0,
84 .family = NFPROTO_BRIDGE, 82 .family = NFPROTO_BRIDGE,
83 .table = "nat",
84 .hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING),
85 .target = ebt_arpreply_tg, 85 .target = ebt_arpreply_tg,
86 .checkentry = ebt_arpreply_tg_check, 86 .checkentry = ebt_arpreply_tg_check,
87 .targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)), 87 .targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)),
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c
index d2211c4a477e..cb80101e412c 100644
--- a/net/bridge/netfilter/ebt_dnat.c
+++ b/net/bridge/netfilter/ebt_dnat.c
@@ -51,6 +51,8 @@ static struct xt_target ebt_dnat_tg_reg __read_mostly = {
51 .name = "dnat", 51 .name = "dnat",
52 .revision = 0, 52 .revision = 0,
53 .family = NFPROTO_BRIDGE, 53 .family = NFPROTO_BRIDGE,
54 .hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING) |
55 (1 << NF_BR_LOCAL_OUT) | (1 << NF_BR_BROUTING),
54 .target = ebt_dnat_tg, 56 .target = ebt_dnat_tg,
55 .checkentry = ebt_dnat_tg_check, 57 .checkentry = ebt_dnat_tg_check,
56 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), 58 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c
index 1b7684ffe404..a50ffbe0e4fb 100644
--- a/net/bridge/netfilter/ebt_redirect.c
+++ b/net/bridge/netfilter/ebt_redirect.c
@@ -56,6 +56,8 @@ static struct xt_target ebt_redirect_tg_reg __read_mostly = {
56 .name = "redirect", 56 .name = "redirect",
57 .revision = 0, 57 .revision = 0,
58 .family = NFPROTO_BRIDGE, 58 .family = NFPROTO_BRIDGE,
59 .hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING) |
60 (1 << NF_BR_BROUTING),
59 .target = ebt_redirect_tg, 61 .target = ebt_redirect_tg,
60 .checkentry = ebt_redirect_tg_check, 62 .checkentry = ebt_redirect_tg_check,
61 .targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)), 63 .targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)),
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c
index c90217a4f9e1..8a55c7d49b55 100644
--- a/net/bridge/netfilter/ebt_snat.c
+++ b/net/bridge/netfilter/ebt_snat.c
@@ -56,10 +56,6 @@ ebt_snat_tg_check(const char *tablename, const void *e,
56 if (BASE_CHAIN && tmp == EBT_RETURN) 56 if (BASE_CHAIN && tmp == EBT_RETURN)
57 return false; 57 return false;
58 CLEAR_BASE_CHAIN_BIT; 58 CLEAR_BASE_CHAIN_BIT;
59 if (strcmp(tablename, "nat"))
60 return false;
61 if (hookmask & ~(1 << NF_BR_POST_ROUTING))
62 return false;
63 59
64 if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) 60 if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0)
65 return false; 61 return false;
@@ -73,6 +69,8 @@ static struct xt_target ebt_snat_tg_reg __read_mostly = {
73 .name = "snat", 69 .name = "snat",
74 .revision = 0, 70 .revision = 0,
75 .family = NFPROTO_BRIDGE, 71 .family = NFPROTO_BRIDGE,
72 .table = "nat",
73 .hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_POST_ROUTING),
76 .target = ebt_snat_tg, 74 .target = ebt_snat_tg,
77 .checkentry = ebt_snat_tg_check, 75 .checkentry = ebt_snat_tg_check,
78 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), 76 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),