diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2008-10-08 05:35:19 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:19 -0400 |
| commit | af5d6dc200eb0fcc6fbd3df1ab4d8969004cb37f (patch) | |
| tree | 06f5805d0a98a421f23380bdb044f93216204b9d /net/ipv4 | |
| parent | 7eb3558655aaa87a3e71a0c065dfaddda521fa6d (diff) | |
netfilter: xtables: move extension arguments into compound structure (5/6)
This patch does this for target extensions' checkentry functions.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 20 | ||||
| -rw-r--r-- | net/ipv4/netfilter/arpt_mangle.c | 6 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 17 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_CLUSTERIP.c | 13 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_ECN.c | 9 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_LOG.c | 7 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_MASQUERADE.c | 7 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_NETMAP.c | 7 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_REDIRECT.c | 7 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_REJECT.c | 9 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_TTL.c | 7 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_ULOG.c | 7 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_rule.c | 16 |
13 files changed, 50 insertions, 82 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 5b631ad74b5f..b3238d0101cc 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
| @@ -457,16 +457,18 @@ static inline int check_entry(struct arpt_entry *e, const char *name) | |||
| 457 | 457 | ||
| 458 | static inline int check_target(struct arpt_entry *e, const char *name) | 458 | static inline int check_target(struct arpt_entry *e, const char *name) |
| 459 | { | 459 | { |
| 460 | struct arpt_entry_target *t; | 460 | struct arpt_entry_target *t = arpt_get_target(e); |
| 461 | struct xt_target *target; | ||
| 462 | int ret; | 461 | int ret; |
| 463 | 462 | struct xt_tgchk_param par = { | |
| 464 | t = arpt_get_target(e); | 463 | .table = name, |
| 465 | target = t->u.kernel.target; | 464 | .entryinfo = e, |
| 466 | 465 | .target = t->u.kernel.target, | |
| 467 | ret = xt_check_target(target, NFPROTO_ARP, | 466 | .targinfo = t->data, |
| 468 | t->u.target_size - sizeof(*t), | 467 | .hook_mask = e->comefrom, |
| 469 | name, e->comefrom, 0, 0, e, t->data); | 468 | }; |
| 469 | |||
| 470 | ret = xt_check_target(&par, NFPROTO_ARP, | ||
| 471 | t->u.target_size - sizeof(*t), 0, false); | ||
| 470 | if (ret < 0) { | 472 | if (ret < 0) { |
| 471 | duprintf("arp_tables: check failed for `%s'.\n", | 473 | duprintf("arp_tables: check failed for `%s'.\n", |
| 472 | t->u.kernel.target->name); | 474 | t->u.kernel.target->name); |
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c index 0bf81b353694..b0d5b1d0a769 100644 --- a/net/ipv4/netfilter/arpt_mangle.c +++ b/net/ipv4/netfilter/arpt_mangle.c | |||
| @@ -54,11 +54,9 @@ target(struct sk_buff *skb, const struct xt_target_param *par) | |||
| 54 | return mangle->target; | 54 | return mangle->target; |
| 55 | } | 55 | } |
| 56 | 56 | ||
| 57 | static bool | 57 | static bool checkentry(const struct xt_tgchk_param *par) |
| 58 | checkentry(const char *tablename, const void *e, const struct xt_target *target, | ||
| 59 | void *targinfo, unsigned int hook_mask) | ||
| 60 | { | 58 | { |
| 61 | const struct arpt_mangle *mangle = targinfo; | 59 | const struct arpt_mangle *mangle = par->targinfo; |
| 62 | 60 | ||
| 63 | if (mangle->flags & ~ARPT_MANGLE_MASK || | 61 | if (mangle->flags & ~ARPT_MANGLE_MASK || |
| 64 | !(mangle->flags & ARPT_MANGLE_MASK)) | 62 | !(mangle->flags & ARPT_MANGLE_MASK)) |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 0f8ecf390229..e592c54d4992 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -655,15 +655,18 @@ err: | |||
| 655 | 655 | ||
| 656 | static int check_target(struct ipt_entry *e, const char *name) | 656 | static int check_target(struct ipt_entry *e, const char *name) |
| 657 | { | 657 | { |
| 658 | struct ipt_entry_target *t; | 658 | struct ipt_entry_target *t = ipt_get_target(e); |
| 659 | struct xt_target *target; | 659 | struct xt_tgchk_param par = { |
| 660 | .table = name, | ||
| 661 | .entryinfo = e, | ||
| 662 | .target = t->u.kernel.target, | ||
| 663 | .targinfo = t->data, | ||
| 664 | .hook_mask = e->comefrom, | ||
| 665 | }; | ||
| 660 | int ret; | 666 | int ret; |
| 661 | 667 | ||
| 662 | t = ipt_get_target(e); | 668 | ret = xt_check_target(&par, NFPROTO_IPV4, t->u.target_size - sizeof(*t), |
| 663 | target = t->u.kernel.target; | 669 | e->ip.proto, e->ip.invflags & IPT_INV_PROTO); |
| 664 | ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t), | ||
| 665 | name, e->comefrom, e->ip.proto, | ||
| 666 | e->ip.invflags & IPT_INV_PROTO, e, t->data); | ||
| 667 | if (ret < 0) { | 670 | if (ret < 0) { |
| 668 | duprintf("ip_tables: check failed for `%s'.\n", | 671 | duprintf("ip_tables: check failed for `%s'.\n", |
| 669 | t->u.kernel.target->name); | 672 | t->u.kernel.target->name); |
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c index 67e8aa8f34f2..6c7254e02561 100644 --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c | |||
| @@ -347,13 +347,10 @@ clusterip_tg(struct sk_buff *skb, const struct xt_target_param *par) | |||
| 347 | return XT_CONTINUE; | 347 | return XT_CONTINUE; |
| 348 | } | 348 | } |
| 349 | 349 | ||
| 350 | static bool | 350 | static bool clusterip_tg_check(const struct xt_tgchk_param *par) |
| 351 | clusterip_tg_check(const char *tablename, const void *e_void, | ||
| 352 | const struct xt_target *target, void *targinfo, | ||
| 353 | unsigned int hook_mask) | ||
| 354 | { | 351 | { |
| 355 | struct ipt_clusterip_tgt_info *cipinfo = targinfo; | 352 | struct ipt_clusterip_tgt_info *cipinfo = par->targinfo; |
| 356 | const struct ipt_entry *e = e_void; | 353 | const struct ipt_entry *e = par->entryinfo; |
| 357 | 354 | ||
| 358 | struct clusterip_config *config; | 355 | struct clusterip_config *config; |
| 359 | 356 | ||
| @@ -404,9 +401,9 @@ clusterip_tg_check(const char *tablename, const void *e_void, | |||
| 404 | } | 401 | } |
| 405 | cipinfo->config = config; | 402 | cipinfo->config = config; |
| 406 | 403 | ||
| 407 | if (nf_ct_l3proto_try_module_get(target->family) < 0) { | 404 | if (nf_ct_l3proto_try_module_get(par->target->family) < 0) { |
| 408 | printk(KERN_WARNING "can't load conntrack support for " | 405 | printk(KERN_WARNING "can't load conntrack support for " |
| 409 | "proto=%u\n", target->family); | 406 | "proto=%u\n", par->target->family); |
| 410 | return false; | 407 | return false; |
| 411 | } | 408 | } |
| 412 | 409 | ||
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index e37f181e8298..f7e2fa0974dc 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c | |||
| @@ -93,13 +93,10 @@ ecn_tg(struct sk_buff *skb, const struct xt_target_param *par) | |||
| 93 | return XT_CONTINUE; | 93 | return XT_CONTINUE; |
| 94 | } | 94 | } |
| 95 | 95 | ||
| 96 | static bool | 96 | static bool ecn_tg_check(const struct xt_tgchk_param *par) |
| 97 | ecn_tg_check(const char *tablename, const void *e_void, | ||
| 98 | const struct xt_target *target, void *targinfo, | ||
| 99 | unsigned int hook_mask) | ||
| 100 | { | 97 | { |
| 101 | const struct ipt_ECN_info *einfo = targinfo; | 98 | const struct ipt_ECN_info *einfo = par->targinfo; |
| 102 | const struct ipt_entry *e = e_void; | 99 | const struct ipt_entry *e = par->entryinfo; |
| 103 | 100 | ||
| 104 | if (einfo->operation & IPT_ECN_OP_MASK) { | 101 | if (einfo->operation & IPT_ECN_OP_MASK) { |
| 105 | printk(KERN_WARNING "ECN: unsupported ECN operation %x\n", | 102 | printk(KERN_WARNING "ECN: unsupported ECN operation %x\n", |
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c index e9942aed35ae..fc6ce04a3e35 100644 --- a/net/ipv4/netfilter/ipt_LOG.c +++ b/net/ipv4/netfilter/ipt_LOG.c | |||
| @@ -440,12 +440,9 @@ log_tg(struct sk_buff *skb, const struct xt_target_param *par) | |||
| 440 | return XT_CONTINUE; | 440 | return XT_CONTINUE; |
| 441 | } | 441 | } |
| 442 | 442 | ||
| 443 | static bool | 443 | static bool log_tg_check(const struct xt_tgchk_param *par) |
| 444 | log_tg_check(const char *tablename, const void *e, | ||
| 445 | const struct xt_target *target, void *targinfo, | ||
| 446 | unsigned int hook_mask) | ||
| 447 | { | 444 | { |
| 448 | const struct ipt_log_info *loginfo = targinfo; | 445 | const struct ipt_log_info *loginfo = par->targinfo; |
| 449 | 446 | ||
| 450 | if (loginfo->level >= 8) { | 447 | if (loginfo->level >= 8) { |
| 451 | pr_debug("LOG: level %u >= 8\n", loginfo->level); | 448 | pr_debug("LOG: level %u >= 8\n", loginfo->level); |
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c index e0d9d49b79ee..f389f60cb105 100644 --- a/net/ipv4/netfilter/ipt_MASQUERADE.c +++ b/net/ipv4/netfilter/ipt_MASQUERADE.c | |||
| @@ -31,12 +31,9 @@ MODULE_DESCRIPTION("Xtables: automatic-address SNAT"); | |||
| 31 | static DEFINE_RWLOCK(masq_lock); | 31 | static DEFINE_RWLOCK(masq_lock); |
| 32 | 32 | ||
| 33 | /* FIXME: Multiple targets. --RR */ | 33 | /* FIXME: Multiple targets. --RR */ |
| 34 | static bool | 34 | static bool masquerade_tg_check(const struct xt_tgchk_param *par) |
| 35 | masquerade_tg_check(const char *tablename, const void *e, | ||
| 36 | const struct xt_target *target, void *targinfo, | ||
| 37 | unsigned int hook_mask) | ||
| 38 | { | 35 | { |
| 39 | const struct nf_nat_multi_range_compat *mr = targinfo; | 36 | const struct nf_nat_multi_range_compat *mr = par->targinfo; |
| 40 | 37 | ||
| 41 | if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { | 38 | if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { |
| 42 | pr_debug("masquerade_check: bad MAP_IPS.\n"); | 39 | pr_debug("masquerade_check: bad MAP_IPS.\n"); |
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c index cf18f23b3460..7c29582d4ec8 100644 --- a/net/ipv4/netfilter/ipt_NETMAP.c +++ b/net/ipv4/netfilter/ipt_NETMAP.c | |||
| @@ -22,12 +22,9 @@ MODULE_LICENSE("GPL"); | |||
| 22 | MODULE_AUTHOR("Svenning Soerensen <svenning@post5.tele.dk>"); | 22 | MODULE_AUTHOR("Svenning Soerensen <svenning@post5.tele.dk>"); |
| 23 | MODULE_DESCRIPTION("Xtables: 1:1 NAT mapping of IPv4 subnets"); | 23 | MODULE_DESCRIPTION("Xtables: 1:1 NAT mapping of IPv4 subnets"); |
| 24 | 24 | ||
| 25 | static bool | 25 | static bool netmap_tg_check(const struct xt_tgchk_param *par) |
| 26 | netmap_tg_check(const char *tablename, const void *e, | ||
| 27 | const struct xt_target *target, void *targinfo, | ||
| 28 | unsigned int hook_mask) | ||
| 29 | { | 26 | { |
| 30 | const struct nf_nat_multi_range_compat *mr = targinfo; | 27 | const struct nf_nat_multi_range_compat *mr = par->targinfo; |
| 31 | 28 | ||
| 32 | if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) { | 29 | if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) { |
| 33 | pr_debug("NETMAP:check: bad MAP_IPS.\n"); | 30 | pr_debug("NETMAP:check: bad MAP_IPS.\n"); |
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c index 23adb09ddfb4..698e5e78685b 100644 --- a/net/ipv4/netfilter/ipt_REDIRECT.c +++ b/net/ipv4/netfilter/ipt_REDIRECT.c | |||
| @@ -26,12 +26,9 @@ MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); | |||
| 26 | MODULE_DESCRIPTION("Xtables: Connection redirection to localhost"); | 26 | MODULE_DESCRIPTION("Xtables: Connection redirection to localhost"); |
| 27 | 27 | ||
| 28 | /* FIXME: Take multiple ranges --RR */ | 28 | /* FIXME: Take multiple ranges --RR */ |
| 29 | static bool | 29 | static bool redirect_tg_check(const struct xt_tgchk_param *par) |
| 30 | redirect_tg_check(const char *tablename, const void *e, | ||
| 31 | const struct xt_target *target, void *targinfo, | ||
| 32 | unsigned int hook_mask) | ||
| 33 | { | 30 | { |
| 34 | const struct nf_nat_multi_range_compat *mr = targinfo; | 31 | const struct nf_nat_multi_range_compat *mr = par->targinfo; |
| 35 | 32 | ||
| 36 | if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { | 33 | if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { |
| 37 | pr_debug("redirect_check: bad MAP_IPS.\n"); | 34 | pr_debug("redirect_check: bad MAP_IPS.\n"); |
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index b36071bb1077..0b4b6e0ff2b9 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c | |||
| @@ -175,13 +175,10 @@ reject_tg(struct sk_buff *skb, const struct xt_target_param *par) | |||
| 175 | return NF_DROP; | 175 | return NF_DROP; |
| 176 | } | 176 | } |
| 177 | 177 | ||
| 178 | static bool | 178 | static bool reject_tg_check(const struct xt_tgchk_param *par) |
| 179 | reject_tg_check(const char *tablename, const void *e_void, | ||
| 180 | const struct xt_target *target, void *targinfo, | ||
| 181 | unsigned int hook_mask) | ||
| 182 | { | 179 | { |
| 183 | const struct ipt_reject_info *rejinfo = targinfo; | 180 | const struct ipt_reject_info *rejinfo = par->targinfo; |
| 184 | const struct ipt_entry *e = e_void; | 181 | const struct ipt_entry *e = par->entryinfo; |
| 185 | 182 | ||
| 186 | if (rejinfo->with == IPT_ICMP_ECHOREPLY) { | 183 | if (rejinfo->with == IPT_ICMP_ECHOREPLY) { |
| 187 | printk("ipt_REJECT: ECHOREPLY no longer supported.\n"); | 184 | printk("ipt_REJECT: ECHOREPLY no longer supported.\n"); |
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c index 05cbfd2f7470..6d76aae90cc0 100644 --- a/net/ipv4/netfilter/ipt_TTL.c +++ b/net/ipv4/netfilter/ipt_TTL.c | |||
| @@ -59,12 +59,9 @@ ttl_tg(struct sk_buff *skb, const struct xt_target_param *par) | |||
| 59 | return XT_CONTINUE; | 59 | return XT_CONTINUE; |
| 60 | } | 60 | } |
| 61 | 61 | ||
| 62 | static bool | 62 | static bool ttl_tg_check(const struct xt_tgchk_param *par) |
| 63 | ttl_tg_check(const char *tablename, const void *e, | ||
| 64 | const struct xt_target *target, void *targinfo, | ||
| 65 | unsigned int hook_mask) | ||
| 66 | { | 63 | { |
| 67 | const struct ipt_TTL_info *info = targinfo; | 64 | const struct ipt_TTL_info *info = par->targinfo; |
| 68 | 65 | ||
| 69 | if (info->mode > IPT_TTL_MAXMODE) { | 66 | if (info->mode > IPT_TTL_MAXMODE) { |
| 70 | printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n", | 67 | printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n", |
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index 46c0df0dc2dc..18a2826b57c6 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c | |||
| @@ -313,12 +313,9 @@ static void ipt_logfn(u_int8_t pf, | |||
| 313 | ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix); | 313 | ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix); |
| 314 | } | 314 | } |
| 315 | 315 | ||
| 316 | static bool | 316 | static bool ulog_tg_check(const struct xt_tgchk_param *par) |
| 317 | ulog_tg_check(const char *tablename, const void *e, | ||
| 318 | const struct xt_target *target, void *targinfo, | ||
| 319 | unsigned int hookmask) | ||
| 320 | { | 317 | { |
| 321 | const struct ipt_ulog_info *loginfo = targinfo; | 318 | const struct ipt_ulog_info *loginfo = par->targinfo; |
| 322 | 319 | ||
| 323 | if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { | 320 | if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { |
| 324 | pr_debug("ipt_ULOG: prefix term %i\n", | 321 | pr_debug("ipt_ULOG: prefix term %i\n", |
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index 83170ff131f9..bea54a685109 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c | |||
| @@ -128,13 +128,9 @@ ipt_dnat_target(struct sk_buff *skb, const struct xt_target_param *par) | |||
| 128 | return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST); | 128 | return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST); |
| 129 | } | 129 | } |
| 130 | 130 | ||
| 131 | static bool ipt_snat_checkentry(const char *tablename, | 131 | static bool ipt_snat_checkentry(const struct xt_tgchk_param *par) |
| 132 | const void *entry, | ||
| 133 | const struct xt_target *target, | ||
| 134 | void *targinfo, | ||
| 135 | unsigned int hook_mask) | ||
| 136 | { | 132 | { |
| 137 | const struct nf_nat_multi_range_compat *mr = targinfo; | 133 | const struct nf_nat_multi_range_compat *mr = par->targinfo; |
| 138 | 134 | ||
| 139 | /* Must be a valid range */ | 135 | /* Must be a valid range */ |
| 140 | if (mr->rangesize != 1) { | 136 | if (mr->rangesize != 1) { |
| @@ -144,13 +140,9 @@ static bool ipt_snat_checkentry(const char *tablename, | |||
| 144 | return true; | 140 | return true; |
| 145 | } | 141 | } |
| 146 | 142 | ||
| 147 | static bool ipt_dnat_checkentry(const char *tablename, | 143 | static bool ipt_dnat_checkentry(const struct xt_tgchk_param *par) |
| 148 | const void *entry, | ||
| 149 | const struct xt_target *target, | ||
| 150 | void *targinfo, | ||
| 151 | unsigned int hook_mask) | ||
| 152 | { | 144 | { |
| 153 | const struct nf_nat_multi_range_compat *mr = targinfo; | 145 | const struct nf_nat_multi_range_compat *mr = par->targinfo; |
| 154 | 146 | ||
| 155 | /* Must be a valid range */ | 147 | /* Must be a valid range */ |
| 156 | if (mr->rangesize != 1) { | 148 | if (mr->rangesize != 1) { |