Merge branch 'master' of git://dev.medozas.de/linux

author: Patrick McHardy <kaber@trash.net> 2010-05-11 12:59:21 -0400
committer: Patrick McHardy <kaber@trash.net> 2010-05-11 12:59:21 -0400
commit: cba7a98a474a4f2a9316473734ba76829191a78a (patch)
tree: 28a0ab87dba93385353bedb76a26a1fc45b3a0c6 /net/ipv4
parent: d250fe91ae129bff0968e685cc9c466d3a5e3482 (diff)
parent: 4538506be386f9736b83bf9892f829adbbb70fea (diff)
15 files changed, 101 insertions, 126 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 07a699059390..03352fcba172 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -224,7 +224,7 @@ static inline int arp_checkentry(const struct arpt_arp *arp)
 }
 static unsigned int
-arpt_error(struct sk_buff *skb, const struct xt_target_param *par)
+arpt_error(struct sk_buff *skb, const struct xt_action_param *par)
 {
        if (net_ratelimit())
                printk("arp_tables: error: '%s'\n",
@@ -260,12 +260,11 @@ unsigned int arpt_do_table(struct sk_buff *skb,
        static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));
        unsigned int verdict = NF_DROP;
        const struct arphdr *arp;
-        bool hotdrop = false;
        struct arpt_entry *e, *back;
        const char *indev, *outdev;
        void *table_base;
        const struct xt_table_info *private;
-        struct xt_target_param tgpar;
+        struct xt_action_param acpar;
        if (!pskb_may_pull(skb, arp_hdr_len(skb->dev)))
                return NF_DROP;
@@ -280,10 +279,11 @@ unsigned int arpt_do_table(struct sk_buff *skb,
        e = get_entry(table_base, private->hook_entry[hook]);
        back = get_entry(table_base, private->underflow[hook]);
-        tgpar.in      = in;
+        acpar.in      = in;
-        tgpar.out     = out;
+        acpar.out     = out;
-        tgpar.hooknum = hook;
+        acpar.hooknum = hook;
-        tgpar.family  = NFPROTO_ARP;
+        acpar.family  = NFPROTO_ARP;
+        acpar.hotdrop = false;
        arp = arp_hdr(skb);
        do {
@@ -333,9 +333,9 @@ unsigned int arpt_do_table(struct sk_buff *skb,
                /* Targets which reenter must return
                 * abs. verdicts
                 */
-                tgpar.target   = t->u.kernel.target;
+                acpar.target   = t->u.kernel.target;
-                tgpar.targinfo = t->data;
+                acpar.targinfo = t->data;
-                verdict = t->u.kernel.target->target(skb, &tgpar);
+                verdict = t->u.kernel.target->target(skb, &acpar);
                /* Target might have changed stuff. */
                arp = arp_hdr(skb);
@@ -345,10 +345,10 @@ unsigned int arpt_do_table(struct sk_buff *skb,
                else
                        /* Verdict */
                        break;
-        } while (!hotdrop);
+        } while (!acpar.hotdrop);
        xt_info_rdunlock_bh();
-        if (hotdrop)
+        if (acpar.hotdrop)
                return NF_DROP;
        else
                return verdict;
@@ -1828,22 +1828,23 @@ void arpt_unregister_table(struct xt_table *table)
 }
 /* The built-in targets: standard (NULL) and error. */
-static struct xt_target arpt_standard_target __read_mostly = {
+static struct xt_target arpt_builtin_tg[] __read_mostly = {
-        .name           = ARPT_STANDARD_TARGET,
+        {
-        .targetsize     = sizeof(int),
+                .name             = ARPT_STANDARD_TARGET,
-        .family         = NFPROTO_ARP,
+                .targetsize       = sizeof(int),
+                .family           = NFPROTO_ARP,
 #ifdef CONFIG_COMPAT
-        .compatsize     = sizeof(compat_int_t),
+                .compatsize       = sizeof(compat_int_t),
-        .compat_from_user = compat_standard_from_user,
+                .compat_from_user = compat_standard_from_user,
-        .compat_to_user = compat_standard_to_user,
+                .compat_to_user   = compat_standard_to_user,
 #endif
-};
+        },
+        {
-static struct xt_target arpt_error_target __read_mostly = {
+                .name             = ARPT_ERROR_TARGET,
-        .name           = ARPT_ERROR_TARGET,
+                .target           = arpt_error,
-        .target         = arpt_error,
+                .targetsize       = ARPT_FUNCTION_MAXNAMELEN,
-        .targetsize     = ARPT_FUNCTION_MAXNAMELEN,
+                .family           = NFPROTO_ARP,
-        .family         = NFPROTO_ARP,
+        },
 };
 static struct nf_sockopt_ops arpt_sockopts = {
@@ -1887,12 +1888,9 @@ static int __init arp_tables_init(void)
                goto err1;
        /* Noone else will be downing sem now, so we won't sleep */
-        ret = xt_register_target(&arpt_standard_target);
+        ret = xt_register_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
        if (ret < 0)
                goto err2;
-        ret = xt_register_target(&arpt_error_target);
-        if (ret < 0)
-                goto err3;
        /* Register setsockopt */
        ret = nf_register_sockopt(&arpt_sockopts);
@@ -1903,9 +1901,7 @@ static int __init arp_tables_init(void)
        return 0;
 err4:
-        xt_unregister_target(&arpt_error_target);
+        xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
-err3:
-        xt_unregister_target(&arpt_standard_target);
 err2:
        unregister_pernet_subsys(&arp_tables_net_ops);
 err1:
@@ -1915,8 +1911,7 @@ err1:
 static void __exit arp_tables_fini(void)
 {
        nf_unregister_sockopt(&arpt_sockopts);
-        xt_unregister_target(&arpt_error_target);
+        xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
-        xt_unregister_target(&arpt_standard_target);
        unregister_pernet_subsys(&arp_tables_net_ops);
 }
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c
index 4b51a027f307..e1be7dd1171b 100644
--- a/net/ipv4/netfilter/arpt_mangle.c
+++ b/net/ipv4/netfilter/arpt_mangle.c
@@ -9,7 +9,7 @@ MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>");
 MODULE_DESCRIPTION("arptables arp payload mangle target");
 static unsigned int
-target(struct sk_buff *skb, const struct xt_target_param *par)
+target(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct arpt_mangle *mangle = par->targinfo;
        const struct arphdr *arp;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 3e6af1036fbc..49b9e4fb5460 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -165,7 +165,7 @@ ip_checkentry(const struct ipt_ip *ip)
 }
 static unsigned int
-ipt_error(struct sk_buff *skb, const struct xt_target_param *par)
+ipt_error(struct sk_buff *skb, const struct xt_action_param *par)
 {
        if (net_ratelimit())
                pr_info("error: `%s'\n", (const char *)par->targinfo);
@@ -173,21 +173,6 @@ ipt_error(struct sk_buff *skb, const struct xt_target_param *par)
        return NF_DROP;
 }
-/* Performance critical - called for every packet */
-static inline bool
-do_match(const struct ipt_entry_match *m, const struct sk_buff *skb,
-         struct xt_match_param *par)
-{
-        par->match     = m->u.kernel.match;
-        par->matchinfo = m->data;
-        /* Stop iteration if it doesn't match */
-        if (!m->u.kernel.match->match(skb, par))
-                return true;
-        else
-                return false;
-}
 /* Performance critical */
 static inline struct ipt_entry *
 get_entry(const void *base, unsigned int offset)
@@ -323,7 +308,6 @@ ipt_do_table(struct sk_buff *skb,
 {
        static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));
        const struct iphdr *ip;
-        bool hotdrop = false;
        /* Initializing verdict to NF_DROP keeps gcc happy. */
        unsigned int verdict = NF_DROP;
        const char *indev, *outdev;
@@ -331,8 +315,7 @@ ipt_do_table(struct sk_buff *skb,
        struct ipt_entry *e, **jumpstack;
        unsigned int *stackptr, origptr, cpu;
        const struct xt_table_info *private;
-        struct xt_match_param mtpar;
+        struct xt_action_param acpar;
-        struct xt_target_param tgpar;
        /* Initialization */
        ip = ip_hdr(skb);
@@ -344,13 +327,13 @@ ipt_do_table(struct sk_buff *skb,
         * things we don't know, ie. tcp syn flag or ports).  If the
         * rule is also a fragment-specific rule, non-fragments won't
         * match it. */
-        mtpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET;
+        acpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET;
-        mtpar.thoff   = ip_hdrlen(skb);
+        acpar.thoff   = ip_hdrlen(skb);
-        mtpar.hotdrop = &hotdrop;
+        acpar.hotdrop = false;
-        mtpar.in      = tgpar.in  = in;
+        acpar.in      = in;
-        mtpar.out     = tgpar.out = out;
+        acpar.out     = out;
-        mtpar.family  = tgpar.family = NFPROTO_IPV4;
+        acpar.family  = NFPROTO_IPV4;
-        mtpar.hooknum = tgpar.hooknum = hook;
+        acpar.hooknum = hook;
        IP_NF_ASSERT(table->valid_hooks & (1 << hook));
        xt_info_rdlock_bh();
@@ -373,15 +356,18 @@ ipt_do_table(struct sk_buff *skb,
                IP_NF_ASSERT(e);
                if (!ip_packet_match(ip, indev, outdev,
-                    &e->ip, mtpar.fragoff)) {
+                    &e->ip, acpar.fragoff)) {
 no_match:
                        e = ipt_next_entry(e);
                        continue;
                }
-                xt_ematch_foreach(ematch, e)
+                xt_ematch_foreach(ematch, e) {
-                        if (do_match(ematch, skb, &mtpar) != 0)
+                        acpar.match     = ematch->u.kernel.match;
+                        acpar.matchinfo = ematch->data;
+                        if (!acpar.match->match(skb, &acpar))
                                goto no_match;
+                }
                ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1);
@@ -434,11 +420,10 @@ ipt_do_table(struct sk_buff *skb,
                        continue;
                }
-                tgpar.target   = t->u.kernel.target;
+                acpar.target   = t->u.kernel.target;
-                tgpar.targinfo = t->data;
+                acpar.targinfo = t->data;
-                verdict = t->u.kernel.target->target(skb, &tgpar);
+                verdict = t->u.kernel.target->target(skb, &acpar);
                /* Target might have changed stuff. */
                ip = ip_hdr(skb);
                if (verdict == IPT_CONTINUE)
@@ -446,7 +431,7 @@ ipt_do_table(struct sk_buff *skb,
                else
                        /* Verdict */
                        break;
-        } while (!hotdrop);
+        } while (!acpar.hotdrop);
        xt_info_rdunlock_bh();
        pr_debug("Exiting %s; resetting sp from %u to %u\n",
                 __func__, *stackptr, origptr);
@@ -454,7 +439,7 @@ ipt_do_table(struct sk_buff *skb,
 #ifdef DEBUG_ALLOW_ALL
        return NF_ACCEPT;
 #else
-        if (hotdrop)
+        if (acpar.hotdrop)
                return NF_DROP;
        else return verdict;
 #endif
@@ -591,7 +576,7 @@ check_entry(const struct ipt_entry *e, const char *name)
        const struct ipt_entry_target *t;
        if (!ip_checkentry(&e->ip)) {
-                duprintf("ip check failed %p %s.\n", e, name);
+                duprintf("ip check failed %p %s.\n", e, par->match->name);
                return -EINVAL;
        }
@@ -618,7 +603,7 @@ check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par)
        ret = xt_check_match(par, m->u.match_size - sizeof(*m),
              ip->proto, ip->invflags & IPT_INV_PROTO);
        if (ret < 0) {
-                duprintf("check failed for `%s'.\n", par.match->name);
+                duprintf("check failed for `%s'.\n", par->match->name);
                return ret;
        }
        return 0;
@@ -2152,7 +2137,7 @@ icmp_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code,
 }
 static bool
-icmp_match(const struct sk_buff *skb, const struct xt_match_param *par)
+icmp_match(const struct sk_buff *skb, struct xt_action_param *par)
 {
        const struct icmphdr *ic;
        struct icmphdr _icmph;
@@ -2168,7 +2153,7 @@ icmp_match(const struct sk_buff *skb, const struct xt_match_param *par)
                 * can't.  Hence, no choice but to drop.
                 */
                duprintf("Dropping evil ICMP tinygram.\n");
-                *par->hotdrop = true;
+                par->hotdrop = true;
                return false;
        }
@@ -2187,23 +2172,23 @@ static int icmp_checkentry(const struct xt_mtchk_param *par)
        return (icmpinfo->invflags & ~IPT_ICMP_INV) ? -EINVAL : 0;
 }
-/* The built-in targets: standard (NULL) and error. */
+static struct xt_target ipt_builtin_tg[] __read_mostly = {
-static struct xt_target ipt_standard_target __read_mostly = {
+        {
-        .name           = IPT_STANDARD_TARGET,
+                .name             = IPT_STANDARD_TARGET,
-        .targetsize     = sizeof(int),
+                .targetsize       = sizeof(int),
-        .family         = NFPROTO_IPV4,
+                .family           = NFPROTO_IPV4,
 #ifdef CONFIG_COMPAT
-        .compatsize     = sizeof(compat_int_t),
+                .compatsize       = sizeof(compat_int_t),
-        .compat_from_user = compat_standard_from_user,
+                .compat_from_user = compat_standard_from_user,
-        .compat_to_user = compat_standard_to_user,
+                .compat_to_user   = compat_standard_to_user,
 #endif
-};
+        },
+        {
-static struct xt_target ipt_error_target __read_mostly = {
+                .name             = IPT_ERROR_TARGET,
-        .name           = IPT_ERROR_TARGET,
+                .target           = ipt_error,
-        .target         = ipt_error,
+                .targetsize       = IPT_FUNCTION_MAXNAMELEN,
-        .targetsize     = IPT_FUNCTION_MAXNAMELEN,
+                .family           = NFPROTO_IPV4,
-        .family         = NFPROTO_IPV4,
+        },
 };
 static struct nf_sockopt_ops ipt_sockopts = {
@@ -2223,13 +2208,15 @@ static struct nf_sockopt_ops ipt_sockopts = {
        .owner          = THIS_MODULE,
 };
-static struct xt_match icmp_matchstruct __read_mostly = {
+static struct xt_match ipt_builtin_mt[] __read_mostly = {
-        .name           = "icmp",
+        {
-        .match          = icmp_match,
+                .name       = "icmp",
-        .matchsize      = sizeof(struct ipt_icmp),
+                .match      = icmp_match,
-        .checkentry     = icmp_checkentry,
+                .matchsize  = sizeof(struct ipt_icmp),
-        .proto          = IPPROTO_ICMP,
+                .checkentry = icmp_checkentry,
-        .family         = NFPROTO_IPV4,
+                .proto      = IPPROTO_ICMP,
+                .family     = NFPROTO_IPV4,
+        },
 };
 static int __net_init ip_tables_net_init(struct net *net)
@@ -2256,13 +2243,10 @@ static int __init ip_tables_init(void)
                goto err1;
        /* Noone else will be downing sem now, so we won't sleep */
-        ret = xt_register_target(&ipt_standard_target);
+        ret = xt_register_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg));
        if (ret < 0)
                goto err2;
-        ret = xt_register_target(&ipt_error_target);
+        ret = xt_register_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt));
-        if (ret < 0)
-                goto err3;
-        ret = xt_register_match(&icmp_matchstruct);
        if (ret < 0)
                goto err4;
@@ -2275,11 +2259,9 @@ static int __init ip_tables_init(void)
        return 0;
 err5:
-        xt_unregister_match(&icmp_matchstruct);
+        xt_unregister_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt));
 err4:
-        xt_unregister_target(&ipt_error_target);
+        xt_unregister_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg));
-err3:
-        xt_unregister_target(&ipt_standard_target);
 err2:
        unregister_pernet_subsys(&ip_tables_net_ops);
 err1:
@@ -2290,10 +2272,8 @@ static void __exit ip_tables_fini(void)
 {
        nf_unregister_sockopt(&ipt_sockopts);
-        xt_unregister_match(&icmp_matchstruct);
+        xt_unregister_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt));
-        xt_unregister_target(&ipt_error_target);
+        xt_unregister_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg));
-        xt_unregister_target(&ipt_standard_target);
        unregister_pernet_subsys(&ip_tables_net_ops);
 }
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 8815d458de46..f91c94b9a790 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -282,7 +282,7 @@ clusterip_responsible(const struct clusterip_config *config, u_int32_t hash)
 ***********************************************************************/
 static unsigned int
-clusterip_tg(struct sk_buff *skb, const struct xt_target_param *par)
+clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct ipt_clusterip_tgt_info *cipinfo = par->targinfo;
        struct nf_conn *ct;
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index 563049f31aef..4bf3dc49ad1e 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -77,7 +77,7 @@ set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
 }
 static unsigned int
-ecn_tg(struct sk_buff *skb, const struct xt_target_param *par)
+ecn_tg(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct ipt_ECN_info *einfo = par->targinfo;
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index 3bd35f370817..5234f4f3499a 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -425,7 +425,7 @@ ipt_log_packet(u_int8_t pf,
 }
 static unsigned int
-log_tg(struct sk_buff *skb, const struct xt_target_param *par)
+log_tg(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct ipt_log_info *loginfo = par->targinfo;
        struct nf_loginfo li;
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 02b1bc477998..d2ed9dc74ebc 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -44,7 +44,7 @@ static int masquerade_tg_check(const struct xt_tgchk_param *par)
 }
 static unsigned int
-masquerade_tg(struct sk_buff *skb, const struct xt_target_param *par)
+masquerade_tg(struct sk_buff *skb, const struct xt_action_param *par)
 {
        struct nf_conn *ct;
        struct nf_conn_nat *nat;
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index 708c7f8f7eea..f43867d1697f 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -38,7 +38,7 @@ static int netmap_tg_check(const struct xt_tgchk_param *par)
 }
 static unsigned int
-netmap_tg(struct sk_buff *skb, const struct xt_target_param *par)
+netmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
 {
        struct nf_conn *ct;
        enum ip_conntrack_info ctinfo;
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index 3cf101916523..18a0656505a0 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -42,7 +42,7 @@ static int redirect_tg_check(const struct xt_tgchk_param *par)
 }
 static unsigned int
-redirect_tg(struct sk_buff *skb, const struct xt_target_param *par)
+redirect_tg(struct sk_buff *skb, const struct xt_action_param *par)
 {
        struct nf_conn *ct;
        enum ip_conntrack_info ctinfo;
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index a86135a28058..f5f4a888e4ec 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -136,7 +136,7 @@ static inline void send_unreach(struct sk_buff *skb_in, int code)
 }
 static unsigned int
-reject_tg(struct sk_buff *skb, const struct xt_target_param *par)
+reject_tg(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct ipt_reject_info *reject = par->targinfo;
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index 8f60749e87a3..446e0f467a17 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -276,7 +276,7 @@ alloc_failure:
 }
 static unsigned int
-ulog_tg(struct sk_buff *skb, const struct xt_target_param *par)
+ulog_tg(struct sk_buff *skb, const struct xt_action_param *par)
 {
        ipt_ulog_packet(par->hooknum, skb, par->in, par->out,
                        par->targinfo, NULL);
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c
index e4b8f2bf8aaa..db8bff0fb86d 100644
--- a/net/ipv4/netfilter/ipt_addrtype.c
+++ b/net/ipv4/netfilter/ipt_addrtype.c
@@ -30,7 +30,7 @@ static inline bool match_type(struct net *net, const struct net_device *dev,
 }
 static bool
-addrtype_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par)
+addrtype_mt_v0(const struct sk_buff *skb, struct xt_action_param *par)
 {
        struct net *net = dev_net(par->in ? par->in : par->out);
        const struct ipt_addrtype_info *info = par->matchinfo;
@@ -48,7 +48,7 @@ addrtype_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par)
 }
 static bool
-addrtype_mt_v1(const struct sk_buff *skb, const struct xt_match_param *par)
+addrtype_mt_v1(const struct sk_buff *skb, struct xt_action_param *par)
 {
        struct net *net = dev_net(par->in ? par->in : par->out);
        const struct ipt_addrtype_info_v1 *info = par->matchinfo;
diff --git a/net/ipv4/netfilter/ipt_ah.c b/net/ipv4/netfilter/ipt_ah.c
index 9f9810204892..14a2aa8b8a14 100644
--- a/net/ipv4/netfilter/ipt_ah.c
+++ b/net/ipv4/netfilter/ipt_ah.c
@@ -30,7 +30,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
        return r;
 }
-static bool ah_mt(const struct sk_buff *skb, const struct xt_match_param *par)
+static bool ah_mt(const struct sk_buff *skb, struct xt_action_param *par)
 {
        struct ip_auth_hdr _ahdr;
        const struct ip_auth_hdr *ah;
@@ -46,7 +46,7 @@ static bool ah_mt(const struct sk_buff *skb, const struct xt_match_param *par)
                 * can't.  Hence, no choice but to drop.
                 */
                pr_debug("Dropping evil AH tinygram.\n");
-                *par->hotdrop = true;
+                par->hotdrop = true;
                return 0;
        }
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c
index 32e24100d8d1..af6e9c778345 100644
--- a/net/ipv4/netfilter/ipt_ecn.c
+++ b/net/ipv4/netfilter/ipt_ecn.c
@@ -67,7 +67,7 @@ static inline bool match_tcp(const struct sk_buff *skb,
        return true;
 }
-static bool ecn_mt(const struct sk_buff *skb, const struct xt_match_param *par)
+static bool ecn_mt(const struct sk_buff *skb, struct xt_action_param *par)
 {
        const struct ipt_ecn_info *info = par->matchinfo;
@@ -78,7 +78,7 @@ static bool ecn_mt(const struct sk_buff *skb, const struct xt_match_param *par)
        if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) {
                if (ip_hdr(skb)->protocol != IPPROTO_TCP)
                        return false;
-                if (!match_tcp(skb, info, par->hotdrop))
+                if (!match_tcp(skb, info, &par->hotdrop))
                        return false;
        }
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index b48a0fc3d9ed..98ed78281aee 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -39,7 +39,7 @@ static const struct xt_table nat_table = {
 /* Source NAT */
 static unsigned int
-ipt_snat_target(struct sk_buff *skb, const struct xt_target_param *par)
+ipt_snat_target(struct sk_buff *skb, const struct xt_action_param *par)
 {
        struct nf_conn *ct;
        enum ip_conntrack_info ctinfo;
@@ -58,7 +58,7 @@ ipt_snat_target(struct sk_buff *skb, const struct xt_target_param *par)
 }
 static unsigned int
-ipt_dnat_target(struct sk_buff *skb, const struct xt_target_param *par)
+ipt_dnat_target(struct sk_buff *skb, const struct xt_action_param *par)
 {
        struct nf_conn *ct;
        enum ip_conntrack_info ctinfo;
author	Patrick McHardy <kaber@trash.net>	2010-05-11 12:59:21 -0400
committer	Patrick McHardy <kaber@trash.net>	2010-05-11 12:59:21 -0400
commit	cba7a98a474a4f2a9316473734ba76829191a78a (patch)
tree	28a0ab87dba93385353bedb76a26a1fc45b3a0c6 /net/ipv4
parent	d250fe91ae129bff0968e685cc9c466d3a5e3482 (diff)
parent	4538506be386f9736b83bf9892f829adbbb70fea (diff)