netfilter: xtables: move extension arguments into compound structure (4/6)

This patch does this for target extensions' target functions.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>

13 files changed, 70 insertions, 103 deletions

diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index ae525a9afbec..5b631ad74b5f 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -200,15 +200,12 @@ static inline int arp_checkentry(const struct arpt_arp *arp)
         return 1;
 }
 
-static unsigned int arpt_error(struct sk_buff *skb,
-                               const struct net_device *in,
-                               const struct net_device *out,
-                               unsigned int hooknum,
-                               const struct xt_target *target,
-                               const void *targinfo)
+static unsigned int
+arpt_error(struct sk_buff *skb, const struct xt_target_param *par)
 {
         if (net_ratelimit())
-                printk("arp_tables: error: '%s'\n", (char *)targinfo);
+                printk("arp_tables: error: '%s'\n",
+                       (const char *)par->targinfo);
 
         return NF_DROP;
 }
@@ -232,6 +229,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
         const char *indev, *outdev;
         void *table_base;
         const struct xt_table_info *private;
+        struct xt_target_param tgpar;
 
         if (!pskb_may_pull(skb, arp_hdr_len(skb->dev)))
                 return NF_DROP;
@@ -245,6 +243,10 @@ unsigned int arpt_do_table(struct sk_buff *skb,
         e = get_entry(table_base, private->hook_entry[hook]);
         back = get_entry(table_base, private->underflow[hook]);
 
+        tgpar.in      = in;
+        tgpar.out     = out;
+        tgpar.hooknum = hook;
+
         arp = arp_hdr(skb);
         do {
                 if (arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {
@@ -290,11 +292,10 @@ unsigned int arpt_do_table(struct sk_buff *skb,
                                 /* Targets which reenter must return
                                  * abs. verdicts
                                  */
+                                tgpar.target   = t->u.kernel.target;
+                                tgpar.targinfo = t->data;
                                 verdict = t->u.kernel.target->target(skb,
-                                                                     in, out,
-                                                                     hook,
-                                                                     t->u.kernel.target,
-                                                                     t->data);
+                                                                     &tgpar);
 
                                 /* Target might have changed stuff. */
                                 arp = arp_hdr(skb);
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c
index 3f9e4ccd6168..0bf81b353694 100644
--- a/net/ipv4/netfilter/arpt_mangle.c
+++ b/net/ipv4/netfilter/arpt_mangle.c
@@ -9,12 +9,9 @@ MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>");
 MODULE_DESCRIPTION("arptables arp payload mangle target");
 
 static unsigned int
-target(struct sk_buff *skb,
-       const struct net_device *in, const struct net_device *out,
-       unsigned int hooknum, const struct xt_target *target,
-       const void *targinfo)
+target(struct sk_buff *skb, const struct xt_target_param *par)
 {
-        const struct arpt_mangle *mangle = targinfo;
+        const struct arpt_mangle *mangle = par->targinfo;
         const struct arphdr *arp;
         unsigned char *arpptr;
         int pln, hln;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 12ad4d5c55d6..0f8ecf390229 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -171,15 +171,11 @@ ip_checkentry(const struct ipt_ip *ip)
 }
 
 static unsigned int
-ipt_error(struct sk_buff *skb,
-          const struct net_device *in,
-          const struct net_device *out,
-          unsigned int hooknum,
-          const struct xt_target *target,
-          const void *targinfo)
+ipt_error(struct sk_buff *skb, const struct xt_target_param *par)
 {
         if (net_ratelimit())
-                printk("ip_tables: error: `%s'\n", (char *)targinfo);
+                printk("ip_tables: error: `%s'\n",
+                       (const char *)par->targinfo);
 
         return NF_DROP;
 }
@@ -334,6 +330,7 @@ ipt_do_table(struct sk_buff *skb,
         struct ipt_entry *e, *back;
         struct xt_table_info *private;
         struct xt_match_param mtpar;
+        struct xt_target_param tgpar;
 
         /* Initialization */
         ip = ip_hdr(skb);
@@ -349,8 +346,9 @@ ipt_do_table(struct sk_buff *skb,
         mtpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET;
         mtpar.thoff   = ip_hdrlen(skb);
         mtpar.hotdrop = &hotdrop;
-        mtpar.in      = in;
-        mtpar.out     = out;
+        mtpar.in      = tgpar.in  = in;
+        mtpar.out     = tgpar.out = out;
+        tgpar.hooknum = hook;
 
         read_lock_bh(&table->lock);
         IP_NF_ASSERT(table->valid_hooks & (1 << hook));
@@ -414,16 +412,14 @@ ipt_do_table(struct sk_buff *skb,
                         } else {
                                 /* Targets which reenter must return
                                    abs. verdicts */
+                                tgpar.target   = t->u.kernel.target;
+                                tgpar.targinfo = t->data;
 #ifdef CONFIG_NETFILTER_DEBUG
                                 ((struct ipt_entry *)table_base)->comefrom
                                         = 0xeeeeeeec;
 #endif
                                 verdict = t->u.kernel.target->target(skb,
-                                                                     in, out,
-                                                                     hook,
-                                                                     t->u.kernel.target,
-                                                                     t->data);
-
+                                                                     &tgpar);
 #ifdef CONFIG_NETFILTER_DEBUG
                                 if (((struct ipt_entry *)table_base)->comefrom
                                     != 0xeeeeeeec
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 63faddc18a1c..67e8aa8f34f2 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -281,11 +281,9 @@ clusterip_responsible(const struct clusterip_config *config, u_int32_t hash)
  ***********************************************************************/
 
 static unsigned int
-clusterip_tg(struct sk_buff *skb, const struct net_device *in,
-             const struct net_device *out, unsigned int hooknum,
-             const struct xt_target *target, const void *targinfo)
+clusterip_tg(struct sk_buff *skb, const struct xt_target_param *par)
 {
-        const struct ipt_clusterip_tgt_info *cipinfo = targinfo;
+        const struct ipt_clusterip_tgt_info *cipinfo = par->targinfo;
         struct nf_conn *ct;
         enum ip_conntrack_info ctinfo;
         u_int32_t hash;
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index aee2364afffd..e37f181e8298 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -77,11 +77,9 @@ set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
 }
 
 static unsigned int
-ecn_tg(struct sk_buff *skb, const struct net_device *in,
-       const struct net_device *out, unsigned int hooknum,
-       const struct xt_target *target, const void *targinfo)
+ecn_tg(struct sk_buff *skb, const struct xt_target_param *par)
 {
-        const struct ipt_ECN_info *einfo = targinfo;
+        const struct ipt_ECN_info *einfo = par->targinfo;
 
         if (einfo->operation & IPT_ECN_OP_SET_IP)
                 if (!set_ect_ip(skb, einfo))
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index 1c9785df4df7..e9942aed35ae 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -426,18 +426,16 @@ ipt_log_packet(u_int8_t pf,
 }
 
 static unsigned int
-log_tg(struct sk_buff *skb, const struct net_device *in,
-       const struct net_device *out, unsigned int hooknum,
-       const struct xt_target *target, const void *targinfo)
+log_tg(struct sk_buff *skb, const struct xt_target_param *par)
 {
-        const struct ipt_log_info *loginfo = targinfo;
+        const struct ipt_log_info *loginfo = par->targinfo;
         struct nf_loginfo li;
 
         li.type = NF_LOG_TYPE_LOG;
         li.u.log.level = loginfo->level;
         li.u.log.logflags = loginfo->logflags;
 
-        ipt_log_packet(NFPROTO_IPV4, hooknum, skb, in, out, &li,
+        ipt_log_packet(NFPROTO_IPV4, par->hooknum, skb, par->in, par->out, &li,
                        loginfo->prefix);
         return XT_CONTINUE;
 }
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 65c811b27b7b..e0d9d49b79ee 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -50,9 +50,7 @@ masquerade_tg_check(const char *tablename, const void *e,
 }
 
 static unsigned int
-masquerade_tg(struct sk_buff *skb, const struct net_device *in,
-              const struct net_device *out, unsigned int hooknum,
-              const struct xt_target *target, const void *targinfo)
+masquerade_tg(struct sk_buff *skb, const struct xt_target_param *par)
 {
         struct nf_conn *ct;
         struct nf_conn_nat *nat;
@@ -62,7 +60,7 @@ masquerade_tg(struct sk_buff *skb, const struct net_device *in,
         const struct rtable *rt;
         __be32 newsrc;
 
-        NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING);
+        NF_CT_ASSERT(par->hooknum == NF_INET_POST_ROUTING);
 
         ct = nf_ct_get(skb, &ctinfo);
         nat = nfct_nat(ct);
@@ -76,16 +74,16 @@ masquerade_tg(struct sk_buff *skb, const struct net_device *in,
         if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip == 0)
                 return NF_ACCEPT;
 
-        mr = targinfo;
+        mr = par->targinfo;
         rt = skb->rtable;
-        newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
+        newsrc = inet_select_addr(par->out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
         if (!newsrc) {
-                printk("MASQUERADE: %s ate my IP address\n", out->name);
+                printk("MASQUERADE: %s ate my IP address\n", par->out->name);
                 return NF_DROP;
         }
 
         write_lock_bh(&masq_lock);
-        nat->masq_index = out->ifindex;
+        nat->masq_index = par->out->ifindex;
         write_unlock_bh(&masq_lock);
 
         /* Transfer from original range. */
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index f281500bd7fa..cf18f23b3460 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -41,24 +41,23 @@ netmap_tg_check(const char *tablename, const void *e,
 }
 
 static unsigned int
-netmap_tg(struct sk_buff *skb, const struct net_device *in,
-          const struct net_device *out, unsigned int hooknum,
-          const struct xt_target *target, const void *targinfo)
+netmap_tg(struct sk_buff *skb, const struct xt_target_param *par)
 {
         struct nf_conn *ct;
         enum ip_conntrack_info ctinfo;
         __be32 new_ip, netmask;
-        const struct nf_nat_multi_range_compat *mr = targinfo;
+        const struct nf_nat_multi_range_compat *mr = par->targinfo;
         struct nf_nat_range newrange;
 
-        NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING
-                     || hooknum == NF_INET_POST_ROUTING
-                     || hooknum == NF_INET_LOCAL_OUT);
+        NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
+                     par->hooknum == NF_INET_POST_ROUTING ||
+                     par->hooknum == NF_INET_LOCAL_OUT);
         ct = nf_ct_get(skb, &ctinfo);
 
         netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
 
-        if (hooknum == NF_INET_PRE_ROUTING || hooknum == NF_INET_LOCAL_OUT)
+        if (par->hooknum == NF_INET_PRE_ROUTING ||
+            par->hooknum == NF_INET_LOCAL_OUT)
                 new_ip = ip_hdr(skb)->daddr & ~netmask;
         else
                 new_ip = ip_hdr(skb)->saddr & ~netmask;
@@ -70,7 +69,7 @@ netmap_tg(struct sk_buff *skb, const struct net_device *in,
                   mr->range[0].min, mr->range[0].max });
 
         /* Hand modified range to generic setup. */
-        return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(hooknum));
+        return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
 }
 
 static struct xt_target netmap_tg_reg __read_mostly = {
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index ef496105eae1..23adb09ddfb4 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -45,24 +45,22 @@ redirect_tg_check(const char *tablename, const void *e,
 }
 
 static unsigned int
-redirect_tg(struct sk_buff *skb, const struct net_device *in,
-            const struct net_device *out, unsigned int hooknum,
-            const struct xt_target *target, const void *targinfo)
+redirect_tg(struct sk_buff *skb, const struct xt_target_param *par)
 {
         struct nf_conn *ct;
         enum ip_conntrack_info ctinfo;
         __be32 newdst;
-        const struct nf_nat_multi_range_compat *mr = targinfo;
+        const struct nf_nat_multi_range_compat *mr = par->targinfo;
         struct nf_nat_range newrange;
 
-        NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING
-                     || hooknum == NF_INET_LOCAL_OUT);
+        NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
+                     par->hooknum == NF_INET_LOCAL_OUT);
 
         ct = nf_ct_get(skb, &ctinfo);
         NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
 
         /* Local packets: make them go to loopback */
-        if (hooknum == NF_INET_LOCAL_OUT)
+        if (par->hooknum == NF_INET_LOCAL_OUT)
                 newdst = htonl(0x7F000001);
         else {
                 struct in_device *indev;
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index 9f5da0c2cae8..b36071bb1077 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -136,11 +136,9 @@ static inline void send_unreach(struct sk_buff *skb_in, int code)
 }
 
 static unsigned int
-reject_tg(struct sk_buff *skb, const struct net_device *in,
-          const struct net_device *out, unsigned int hooknum,
-          const struct xt_target *target, const void *targinfo)
+reject_tg(struct sk_buff *skb, const struct xt_target_param *par)
 {
-        const struct ipt_reject_info *reject = targinfo;
+        const struct ipt_reject_info *reject = par->targinfo;
 
         /* WARNING: This code causes reentry within iptables.
            This means that the iptables jump stack is now crap.  We
@@ -168,7 +166,7 @@ reject_tg(struct sk_buff *skb, const struct net_device *in,
                 send_unreach(skb, ICMP_PKT_FILTERED);
                 break;
         case IPT_TCP_RESET:
-                send_reset(skb, hooknum);
+                send_reset(skb, par->hooknum);
         case IPT_ICMP_ECHOREPLY:
                 /* Doesn't happen. */
                 break;
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c
index 7d01d424a71a..05cbfd2f7470 100644
--- a/net/ipv4/netfilter/ipt_TTL.c
+++ b/net/ipv4/netfilter/ipt_TTL.c
@@ -20,12 +20,10 @@ MODULE_DESCRIPTION("Xtables: IPv4 TTL field modification target");
 MODULE_LICENSE("GPL");
 
 static unsigned int
-ttl_tg(struct sk_buff *skb, const struct net_device *in,
-       const struct net_device *out, unsigned int hooknum,
-       const struct xt_target *target, const void *targinfo)
+ttl_tg(struct sk_buff *skb, const struct xt_target_param *par)
 {
         struct iphdr *iph;
-        const struct ipt_TTL_info *info = targinfo;
+        const struct ipt_TTL_info *info = par->targinfo;
         int new_ttl;
 
         if (!skb_make_writable(skb, skb->len))
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index 9065e4a34fbc..46c0df0dc2dc 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -281,14 +281,10 @@ alloc_failure:
 }
 
 static unsigned int
-ulog_tg(struct sk_buff *skb, const struct net_device *in,
-        const struct net_device *out, unsigned int hooknum,
-        const struct xt_target *target, const void *targinfo)
+ulog_tg(struct sk_buff *skb, const struct xt_target_param *par)
 {
-        struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
-
-        ipt_ulog_packet(hooknum, skb, in, out, loginfo, NULL);
-
+        ipt_ulog_packet(par->hooknum, skb, par->in, par->out,
+                        par->targinfo, NULL);
         return XT_CONTINUE;
 }
 
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index f929352ec0ee..83170ff131f9 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -67,25 +67,21 @@ static struct xt_table nat_table = {
 };
 
 /* Source NAT */
-static unsigned int ipt_snat_target(struct sk_buff *skb,
-                                    const struct net_device *in,
-                                    const struct net_device *out,
-                                    unsigned int hooknum,
-                                    const struct xt_target *target,
-                                    const void *targinfo)
+static unsigned int
+ipt_snat_target(struct sk_buff *skb, const struct xt_target_param *par)
 {
         struct nf_conn *ct;
         enum ip_conntrack_info ctinfo;
-        const struct nf_nat_multi_range_compat *mr = targinfo;
+        const struct nf_nat_multi_range_compat *mr = par->targinfo;
 
-        NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING);
+        NF_CT_ASSERT(par->hooknum == NF_INET_POST_ROUTING);
 
         ct = nf_ct_get(skb, &ctinfo);
 
         /* Connection must be valid and new. */
         NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
                             ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
-        NF_CT_ASSERT(out);
+        NF_CT_ASSERT(par->out != NULL);
 
         return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_SRC);
 }
@@ -109,28 +105,24 @@ static void warn_if_extra_mangle(struct net *net, __be32 dstip, __be32 srcip)
         ip_rt_put(rt);
 }
 
-static unsigned int ipt_dnat_target(struct sk_buff *skb,
-                                    const struct net_device *in,
-                                    const struct net_device *out,
-                                    unsigned int hooknum,
-                                    const struct xt_target *target,
-                                    const void *targinfo)
+static unsigned int
+ipt_dnat_target(struct sk_buff *skb, const struct xt_target_param *par)
 {
         struct nf_conn *ct;
         enum ip_conntrack_info ctinfo;
-        const struct nf_nat_multi_range_compat *mr = targinfo;
+        const struct nf_nat_multi_range_compat *mr = par->targinfo;
 
-        NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING ||
-                     hooknum == NF_INET_LOCAL_OUT);
+        NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
+                     par->hooknum == NF_INET_LOCAL_OUT);
 
         ct = nf_ct_get(skb, &ctinfo);
 
         /* Connection must be valid and new. */
         NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
 
-        if (hooknum == NF_INET_LOCAL_OUT &&
+        if (par->hooknum == NF_INET_LOCAL_OUT &&
             mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)
-                warn_if_extra_mangle(dev_net(out), ip_hdr(skb)->daddr,
+                warn_if_extra_mangle(dev_net(par->out), ip_hdr(skb)->daddr,
                                      mr->range[0].min_ip);
 
         return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST);