netfilter: xtables: move extension arguments into compound structure (2/6)

This patch does this for match extensions' checkentry functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Jan Engelhardt <jengelh@medozas.de> 2008-10-08 05:35:18 -0400
committer: Patrick McHardy <kaber@trash.net> 2008-10-08 05:35:18 -0400
commit: 9b4fce7a3508a9776534188b6065b206a9608ccf (patch)
tree: 7df90f099a72738900deb93124ad86724a2df207 /net/bridge
parent: f7108a20dee44e5bb037f9e48f6a207b42e6ae1c (diff)
11 files changed, 39 insertions, 62 deletions
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c
index c9e1bc149513..bd91dc58d49b 100644
--- a/net/bridge/netfilter/ebt_802_3.c
+++ b/net/bridge/netfilter/ebt_802_3.c
@@ -36,12 +36,9 @@ ebt_802_3_mt(const struct sk_buff *skb, const struct xt_match_param *par)
        return true;
 }
-static bool
+static bool ebt_802_3_mt_check(const struct xt_mtchk_param *par)
-ebt_802_3_mt_check(const char *table, const void *entry,
-                   const struct xt_match *match, void *data,
-                   unsigned int hook_mask)
 {
-        const struct ebt_802_3_info *info = data;
+        const struct ebt_802_3_info *info = par->matchinfo;
        if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK)
                return false;
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
index 0ad0db3e815d..b595f091f35b 100644
--- a/net/bridge/netfilter/ebt_among.c
+++ b/net/bridge/netfilter/ebt_among.c
@@ -171,14 +171,11 @@ ebt_among_mt(const struct sk_buff *skb, const struct xt_match_param *par)
        return true;
 }
-static bool
+static bool ebt_among_mt_check(const struct xt_mtchk_param *par)
-ebt_among_mt_check(const char *table, const void *entry,
-                   const struct xt_match *match, void *data,
-                   unsigned int hook_mask)
 {
+        const struct ebt_among_info *info = par->matchinfo;
        const struct ebt_entry_match *em =
-                container_of(data, const struct ebt_entry_match, data);
+                container_of(par->matchinfo, const struct ebt_entry_match, data);
-        const struct ebt_among_info *info = data;
        int expected_length = sizeof(struct ebt_among_info);
        const struct ebt_mac_wormhash *wh_dst, *wh_src;
        int err;
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c
index 1ff8fa3a9e7b..b7ad60419f9a 100644
--- a/net/bridge/netfilter/ebt_arp.c
+++ b/net/bridge/netfilter/ebt_arp.c
@@ -100,13 +100,10 @@ ebt_arp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
        return true;
 }
-static bool
+static bool ebt_arp_mt_check(const struct xt_mtchk_param *par)
-ebt_arp_mt_check(const char *table, const void *entry,
-                 const struct xt_match *match, void *data,
-                 unsigned int hook_mask)
 {
-        const struct ebt_arp_info *info = data;
+        const struct ebt_arp_info *info = par->matchinfo;
-        const struct ebt_entry *e = entry;
+        const struct ebt_entry *e = par->entryinfo;
        if ((e->ethproto != htons(ETH_P_ARP) &&
           e->ethproto != htons(ETH_P_RARP)) ||
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c
index c70ea39840b7..d771bbfbcbe6 100644
--- a/net/bridge/netfilter/ebt_ip.c
+++ b/net/bridge/netfilter/ebt_ip.c
@@ -77,13 +77,10 @@ ebt_ip_mt(const struct sk_buff *skb, const struct xt_match_param *par)
        return true;
 }
-static bool
+static bool ebt_ip_mt_check(const struct xt_mtchk_param *par)
-ebt_ip_mt_check(const char *table, const void *entry,
-                const struct xt_match *match, void *data,
-                unsigned int hook_mask)
 {
-        const struct ebt_ip_info *info = data;
+        const struct ebt_ip_info *info = par->matchinfo;
-        const struct ebt_entry *e = entry;
+        const struct ebt_entry *e = par->entryinfo;
        if (e->ethproto != htons(ETH_P_IP) ||
           e->invflags & EBT_IPROTO)
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
index 5acee02de723..784a6573876c 100644
--- a/net/bridge/netfilter/ebt_ip6.c
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -90,13 +90,10 @@ ebt_ip6_mt(const struct sk_buff *skb, const struct xt_match_param *par)
        return true;
 }
-static bool
+static bool ebt_ip6_mt_check(const struct xt_mtchk_param *par)
-ebt_ip6_mt_check(const char *table, const void *entry,
-                 const struct xt_match *match, void *data,
-                 unsigned int hook_mask)
 {
-        const struct ebt_entry *e = entry;
+        const struct ebt_entry *e = par->entryinfo;
-        struct ebt_ip6_info *info = data;
+        struct ebt_ip6_info *info = par->matchinfo;
        if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO)
                return false;
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
index 9a3ec8cadaa4..f7bd9192ff0c 100644
--- a/net/bridge/netfilter/ebt_limit.c
+++ b/net/bridge/netfilter/ebt_limit.c
@@ -64,12 +64,9 @@ user2credits(u_int32_t user)
        return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE;
 }
-static bool
+static bool ebt_limit_mt_check(const struct xt_mtchk_param *par)
-ebt_limit_mt_check(const char *table, const void *e,
-                   const struct xt_match *match, void *data,
-                   unsigned int hook_mask)
 {
-        struct ebt_limit_info *info = data;
+        struct ebt_limit_info *info = par->matchinfo;
        /* Check for overflow. */
        if (info->burst == 0 ||
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c
index 5b22ef96127c..ea570f214b1d 100644
--- a/net/bridge/netfilter/ebt_mark_m.c
+++ b/net/bridge/netfilter/ebt_mark_m.c
@@ -22,12 +22,9 @@ ebt_mark_mt(const struct sk_buff *skb, const struct xt_match_param *par)
        return ((skb->mark & info->mask) == info->mark) ^ info->invert;
 }
-static bool
+static bool ebt_mark_mt_check(const struct xt_mtchk_param *par)
-ebt_mark_mt_check(const char *table, const void *e,
-                  const struct xt_match *match, void *data,
-                  unsigned int hook_mask)
 {
-        const struct ebt_mark_m_info *info = data;
+        const struct ebt_mark_m_info *info = par->matchinfo;
        if (info->bitmask & ~EBT_MARK_MASK)
                return false;
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c
index b756f88fb10f..883e96e2a542 100644
--- a/net/bridge/netfilter/ebt_pkttype.c
+++ b/net/bridge/netfilter/ebt_pkttype.c
@@ -20,12 +20,9 @@ ebt_pkttype_mt(const struct sk_buff *skb, const struct xt_match_param *par)
        return (skb->pkt_type == info->pkt_type) ^ info->invert;
 }
-static bool
+static bool ebt_pkttype_mt_check(const struct xt_mtchk_param *par)
-ebt_pkttype_mt_check(const char *table, const void *e,
-                     const struct xt_match *match, void *data,
-                     unsigned int hook_mask)
 {
-        const struct ebt_pkttype_info *info = data;
+        const struct ebt_pkttype_info *info = par->matchinfo;
        if (info->invert != 0 && info->invert != 1)
                return false;
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c
index 06d777c62c32..48527e621626 100644
--- a/net/bridge/netfilter/ebt_stp.c
+++ b/net/bridge/netfilter/ebt_stp.c
@@ -153,15 +153,12 @@ ebt_stp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
        return true;
 }
-static bool
+static bool ebt_stp_mt_check(const struct xt_mtchk_param *par)
-ebt_stp_mt_check(const char *table, const void *entry,
-                 const struct xt_match *match, void *data,
-                 unsigned int hook_mask)
 {
-        const struct ebt_stp_info *info = data;
+        const struct ebt_stp_info *info = par->matchinfo;
        const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00};
        const uint8_t msk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
-        const struct ebt_entry *e = entry;
+        const struct ebt_entry *e = par->entryinfo;
        if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK ||
            !(info->bitmask & EBT_STP_MASK))
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c
index b05b4a818341..3dddd489328e 100644
--- a/net/bridge/netfilter/ebt_vlan.c
+++ b/net/bridge/netfilter/ebt_vlan.c
@@ -84,13 +84,10 @@ ebt_vlan_mt(const struct sk_buff *skb, const struct xt_match_param *par)
        return true;
 }
-static bool
+static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par)
-ebt_vlan_mt_check(const char *table, const void *entry,
-                  const struct xt_match *match, void *data,
-                  unsigned int hook_mask)
 {
-        struct ebt_vlan_info *info = data;
+        struct ebt_vlan_info *info = par->matchinfo;
-        const struct ebt_entry *e = entry;
+        const struct ebt_entry *e = par->entryinfo;
        /* Is it 802.1Q frame checked? */
        if (e->ethproto != htons(ETH_P_8021Q)) {
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index f8e1822f38d4..5ce37b2f5b84 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -324,9 +324,10 @@ find_table_lock(const char *name, int *error, struct mutex *mutex)
 }
 static inline int
-ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
+ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
-   const char *name, unsigned int hookmask, unsigned int *cnt)
+                unsigned int *cnt)
 {
+        const struct ebt_entry *e = par->entryinfo;
        struct xt_match *match;
        size_t left = ((char *)e + e->watchers_offset) - (char *)m;
        int ret;
@@ -343,9 +344,10 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
                return -ENOENT;
        m->u.match = match;
-        ret = xt_check_match(match, NFPROTO_BRIDGE, m->match_size,
+        par->match     = match;
-              name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
+        par->matchinfo = m->data;
-              e, m->data);
+        ret = xt_check_match(par, NFPROTO_BRIDGE, m->match_size,
+              e->ethproto, e->invflags & EBT_IPROTO);
        if (ret < 0) {
                module_put(match->me);
                return ret;
@@ -607,6 +609,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
        unsigned int i, j, hook = 0, hookmask = 0;
        size_t gap;
        int ret;
+        struct xt_mtchk_param par;
        /* don't mess with the struct ebt_entries */
        if (e->bitmask == 0)
@@ -647,7 +650,11 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
                        hookmask = cl_s[i - 1].hookmask;
        }
        i = 0;
-        ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i);
+        par.table     = name;
+        par.entryinfo = e;
+        par.hook_mask = hookmask;
+        ret = EBT_MATCH_ITERATE(e, ebt_check_match, &par, &i);
        if (ret != 0)
                goto cleanup_matches;
        j = 0;
author	Jan Engelhardt <jengelh@medozas.de>	2008-10-08 05:35:18 -0400
committer	Patrick McHardy <kaber@trash.net>	2008-10-08 05:35:18 -0400
commit	9b4fce7a3508a9776534188b6065b206a9608ccf (patch)
tree	7df90f099a72738900deb93124ad86724a2df207 /net/bridge
parent	f7108a20dee44e5bb037f9e48f6a207b42e6ae1c (diff)

diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c index c9e1bc149513..bd91dc58d49b 100644 --- a/net/bridge/netfilter/ebt_802_3.c +++ b/net/bridge/netfilter/ebt_802_3.c
@@ -36,12 +36,9 @@ ebt_802_3_mt(const struct sk_buff skb, const struct xt_match_param par)
36	return true;	36	return true;
37	}	37	}
38		38
39	static bool	39	static bool ebt_802_3_mt_check(const struct xt_mtchk_param *par)
40	ebt_802_3_mt_check(const char table, const void entry,
41	const struct xt_match match, void data,
42	unsigned int hook_mask)
43	{	40	{
44	const struct ebt_802_3_info *info = data;	41	const struct ebt_802_3_info *info = par->matchinfo;
45		42
46	if (info->bitmask & ~EBT_802_3_MASK \|\| info->invflags & ~EBT_802_3_MASK)	43	if (info->bitmask & ~EBT_802_3_MASK \|\| info->invflags & ~EBT_802_3_MASK)
47	return false;	44	return false;


diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c index 0ad0db3e815d..b595f091f35b 100644 --- a/net/bridge/netfilter/ebt_among.c +++ b/net/bridge/netfilter/ebt_among.c
@@ -171,14 +171,11 @@ ebt_among_mt(const struct sk_buff skb, const struct xt_match_param par)
171	return true;	171	return true;
172	}	172	}
173		173
174	static bool	174	static bool ebt_among_mt_check(const struct xt_mtchk_param *par)
175	ebt_among_mt_check(const char table, const void entry,
176	const struct xt_match match, void data,
177	unsigned int hook_mask)
178	{	175	{
		176	const struct ebt_among_info *info = par->matchinfo;
179	const struct ebt_entry_match *em =	177	const struct ebt_entry_match *em =
180	container_of(data, const struct ebt_entry_match, data);	178	container_of(par->matchinfo, const struct ebt_entry_match, data);
181	const struct ebt_among_info *info = data;
182	int expected_length = sizeof(struct ebt_among_info);	179	int expected_length = sizeof(struct ebt_among_info);
183	const struct ebt_mac_wormhash wh_dst, wh_src;	180	const struct ebt_mac_wormhash wh_dst, wh_src;
184	int err;	181	int err;


diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c index 1ff8fa3a9e7b..b7ad60419f9a 100644 --- a/net/bridge/netfilter/ebt_arp.c +++ b/net/bridge/netfilter/ebt_arp.c
@@ -100,13 +100,10 @@ ebt_arp_mt(const struct sk_buff skb, const struct xt_match_param par)
100	return true;	100	return true;
101	}	101	}
102		102
103	static bool	103	static bool ebt_arp_mt_check(const struct xt_mtchk_param *par)
104	ebt_arp_mt_check(const char table, const void entry,
105	const struct xt_match match, void data,
106	unsigned int hook_mask)
107	{	104	{
108	const struct ebt_arp_info *info = data;	105	const struct ebt_arp_info *info = par->matchinfo;
109	const struct ebt_entry *e = entry;	106	const struct ebt_entry *e = par->entryinfo;
110		107
111	if ((e->ethproto != htons(ETH_P_ARP) &&	108	if ((e->ethproto != htons(ETH_P_ARP) &&
112	e->ethproto != htons(ETH_P_RARP)) \|\|	109	e->ethproto != htons(ETH_P_RARP)) \|\|


diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c index c70ea39840b7..d771bbfbcbe6 100644 --- a/net/bridge/netfilter/ebt_ip.c +++ b/net/bridge/netfilter/ebt_ip.c
@@ -77,13 +77,10 @@ ebt_ip_mt(const struct sk_buff skb, const struct xt_match_param par)
77	return true;	77	return true;
78	}	78	}
79		79
80	static bool	80	static bool ebt_ip_mt_check(const struct xt_mtchk_param *par)
81	ebt_ip_mt_check(const char table, const void entry,
82	const struct xt_match match, void data,
83	unsigned int hook_mask)
84	{	81	{
85	const struct ebt_ip_info *info = data;	82	const struct ebt_ip_info *info = par->matchinfo;
86	const struct ebt_entry *e = entry;	83	const struct ebt_entry *e = par->entryinfo;
87		84
88	if (e->ethproto != htons(ETH_P_IP) \|\|	85	if (e->ethproto != htons(ETH_P_IP) \|\|
89	e->invflags & EBT_IPROTO)	86	e->invflags & EBT_IPROTO)


diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c index 5acee02de723..784a6573876c 100644 --- a/net/bridge/netfilter/ebt_ip6.c +++ b/net/bridge/netfilter/ebt_ip6.c
@@ -90,13 +90,10 @@ ebt_ip6_mt(const struct sk_buff skb, const struct xt_match_param par)
90	return true;	90	return true;
91	}	91	}
92		92
93	static bool	93	static bool ebt_ip6_mt_check(const struct xt_mtchk_param *par)
94	ebt_ip6_mt_check(const char table, const void entry,
95	const struct xt_match match, void data,
96	unsigned int hook_mask)
97	{	94	{
98	const struct ebt_entry *e = entry;	95	const struct ebt_entry *e = par->entryinfo;
99	struct ebt_ip6_info *info = data;	96	struct ebt_ip6_info *info = par->matchinfo;
100		97
101	if (e->ethproto != htons(ETH_P_IPV6) \|\| e->invflags & EBT_IPROTO)	98	if (e->ethproto != htons(ETH_P_IPV6) \|\| e->invflags & EBT_IPROTO)
102	return false;	99	return false;


diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c index 9a3ec8cadaa4..f7bd9192ff0c 100644 --- a/net/bridge/netfilter/ebt_limit.c +++ b/net/bridge/netfilter/ebt_limit.c
@@ -64,12 +64,9 @@ user2credits(u_int32_t user)
64	return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE;	64	return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE;
65	}	65	}
66		66
67	static bool	67	static bool ebt_limit_mt_check(const struct xt_mtchk_param *par)
68	ebt_limit_mt_check(const char table, const void e,
69	const struct xt_match match, void data,
70	unsigned int hook_mask)
71	{	68	{
72	struct ebt_limit_info *info = data;	69	struct ebt_limit_info *info = par->matchinfo;
73		70
74	/* Check for overflow. */	71	/* Check for overflow. */
75	if (info->burst == 0 \|\|	72	if (info->burst == 0 \|\|


diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c index 5b22ef96127c..ea570f214b1d 100644 --- a/net/bridge/netfilter/ebt_mark_m.c +++ b/net/bridge/netfilter/ebt_mark_m.c
@@ -22,12 +22,9 @@ ebt_mark_mt(const struct sk_buff skb, const struct xt_match_param par)
22	return ((skb->mark & info->mask) == info->mark) ^ info->invert;	22	return ((skb->mark & info->mask) == info->mark) ^ info->invert;
23	}	23	}
24		24
25	static bool	25	static bool ebt_mark_mt_check(const struct xt_mtchk_param *par)
26	ebt_mark_mt_check(const char table, const void e,
27	const struct xt_match match, void data,
28	unsigned int hook_mask)
29	{	26	{
30	const struct ebt_mark_m_info *info = data;	27	const struct ebt_mark_m_info *info = par->matchinfo;
31		28
32	if (info->bitmask & ~EBT_MARK_MASK)	29	if (info->bitmask & ~EBT_MARK_MASK)
33	return false;	30	return false;


diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c index b756f88fb10f..883e96e2a542 100644 --- a/net/bridge/netfilter/ebt_pkttype.c +++ b/net/bridge/netfilter/ebt_pkttype.c
@@ -20,12 +20,9 @@ ebt_pkttype_mt(const struct sk_buff skb, const struct xt_match_param par)
20	return (skb->pkt_type == info->pkt_type) ^ info->invert;	20	return (skb->pkt_type == info->pkt_type) ^ info->invert;
21	}	21	}
22		22
23	static bool	23	static bool ebt_pkttype_mt_check(const struct xt_mtchk_param *par)
24	ebt_pkttype_mt_check(const char table, const void e,
25	const struct xt_match match, void data,
26	unsigned int hook_mask)
27	{	24	{
28	const struct ebt_pkttype_info *info = data;	25	const struct ebt_pkttype_info *info = par->matchinfo;
29		26
30	if (info->invert != 0 && info->invert != 1)	27	if (info->invert != 0 && info->invert != 1)
31	return false;	28	return false;


diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c index 06d777c62c32..48527e621626 100644 --- a/net/bridge/netfilter/ebt_stp.c +++ b/net/bridge/netfilter/ebt_stp.c
@@ -153,15 +153,12 @@ ebt_stp_mt(const struct sk_buff skb, const struct xt_match_param par)
153	return true;	153	return true;
154	}	154	}
155		155
156	static bool	156	static bool ebt_stp_mt_check(const struct xt_mtchk_param *par)
157	ebt_stp_mt_check(const char table, const void entry,
158	const struct xt_match match, void data,
159	unsigned int hook_mask)
160	{	157	{
161	const struct ebt_stp_info *info = data;	158	const struct ebt_stp_info *info = par->matchinfo;
162	const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00};	159	const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00};
163	const uint8_t msk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};	160	const uint8_t msk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
164	const struct ebt_entry *e = entry;	161	const struct ebt_entry *e = par->entryinfo;
165		162
166	if (info->bitmask & ~EBT_STP_MASK \|\| info->invflags & ~EBT_STP_MASK \|\|	163	if (info->bitmask & ~EBT_STP_MASK \|\| info->invflags & ~EBT_STP_MASK \|\|
167	!(info->bitmask & EBT_STP_MASK))	164	!(info->bitmask & EBT_STP_MASK))


diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c index b05b4a818341..3dddd489328e 100644 --- a/net/bridge/netfilter/ebt_vlan.c +++ b/net/bridge/netfilter/ebt_vlan.c
@@ -84,13 +84,10 @@ ebt_vlan_mt(const struct sk_buff skb, const struct xt_match_param par)
84	return true;	84	return true;
85	}	85	}
86		86
87	static bool	87	static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par)
88	ebt_vlan_mt_check(const char table, const void entry,
89	const struct xt_match match, void data,
90	unsigned int hook_mask)
91	{	88	{
92	struct ebt_vlan_info *info = data;	89	struct ebt_vlan_info *info = par->matchinfo;
93	const struct ebt_entry *e = entry;	90	const struct ebt_entry *e = par->entryinfo;
94		91
95	/* Is it 802.1Q frame checked? */	92	/* Is it 802.1Q frame checked? */
96	if (e->ethproto != htons(ETH_P_8021Q)) {	93	if (e->ethproto != htons(ETH_P_8021Q)) {


diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index f8e1822f38d4..5ce37b2f5b84 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c
@@ -324,9 +324,10 @@ find_table_lock(const char name, int error, struct mutex *mutex)
324	}	324	}
325		325
326	static inline int	326	static inline int
327	ebt_check_match(struct ebt_entry_match m, struct ebt_entry e,	327	ebt_check_match(struct ebt_entry_match m, struct xt_mtchk_param par,
328	const char name, unsigned int hookmask, unsigned int cnt)	328	unsigned int *cnt)
329	{	329	{
		330	const struct ebt_entry *e = par->entryinfo;
330	struct xt_match *match;	331	struct xt_match *match;
331	size_t left = ((char )e + e->watchers_offset) - (char )m;	332	size_t left = ((char )e + e->watchers_offset) - (char )m;
332	int ret;	333	int ret;
@@ -343,9 +344,10 @@ ebt_check_match(struct ebt_entry_match m, struct ebt_entry e,
343	return -ENOENT;	344	return -ENOENT;
344	m->u.match = match;	345	m->u.match = match;
345		346
346	ret = xt_check_match(match, NFPROTO_BRIDGE, m->match_size,	347	par->match = match;
347	name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,	348	par->matchinfo = m->data;
348	e, m->data);	349	ret = xt_check_match(par, NFPROTO_BRIDGE, m->match_size,
		350	e->ethproto, e->invflags & EBT_IPROTO);
349	if (ret < 0) {	351	if (ret < 0) {
350	module_put(match->me);	352	module_put(match->me);
351	return ret;	353	return ret;
@@ -607,6 +609,7 @@ ebt_check_entry(struct ebt_entry e, struct ebt_table_info newinfo,
607	unsigned int i, j, hook = 0, hookmask = 0;	609	unsigned int i, j, hook = 0, hookmask = 0;
608	size_t gap;	610	size_t gap;
609	int ret;	611	int ret;
		612	struct xt_mtchk_param par;
610		613
611	/* don't mess with the struct ebt_entries */	614	/* don't mess with the struct ebt_entries */
612	if (e->bitmask == 0)	615	if (e->bitmask == 0)
@@ -647,7 +650,11 @@ ebt_check_entry(struct ebt_entry e, struct ebt_table_info newinfo,
647	hookmask = cl_s[i - 1].hookmask;	650	hookmask = cl_s[i - 1].hookmask;
648	}	651	}
649	i = 0;	652	i = 0;
650	ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i);	653
		654	par.table = name;
		655	par.entryinfo = e;
		656	par.hook_mask = hookmask;
		657	ret = EBT_MATCH_ITERATE(e, ebt_check_match, &par, &i);
651	if (ret != 0)	658	if (ret != 0)
652	goto cleanup_matches;	659	goto cleanup_matches;
653	j = 0;	660	j = 0;