diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2008-10-08 05:35:17 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:17 -0400 |
| commit | 367c679007fa4f990eb7ee381326ec59d8148b0e (patch) | |
| tree | a543f22332eba9ef972ed8ea6e66448921671ef7 /net/ipv6 | |
| parent | 147c3844ad381b58715a6ee2ea697594e3c06284 (diff) | |
netfilter: xtables: do centralized checkentry call (1/2)
It used to be that {ip,ip6,etc}_tables called extension->checkentry
themselves, but this can be moved into the xtables core.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 23 |
1 files changed, 9 insertions, 14 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 0b4557e03431..12c41b8d365b 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -642,17 +642,14 @@ static int check_match(struct ip6t_entry_match *m, const char *name, | |||
| 642 | match = m->u.kernel.match; | 642 | match = m->u.kernel.match; |
| 643 | ret = xt_check_match(match, AF_INET6, m->u.match_size - sizeof(*m), | 643 | ret = xt_check_match(match, AF_INET6, m->u.match_size - sizeof(*m), |
| 644 | name, hookmask, ipv6->proto, | 644 | name, hookmask, ipv6->proto, |
| 645 | ipv6->invflags & IP6T_INV_PROTO); | 645 | ipv6->invflags & IP6T_INV_PROTO, ipv6, m->data); |
| 646 | if (!ret && m->u.kernel.match->checkentry | 646 | if (ret < 0) { |
| 647 | && !m->u.kernel.match->checkentry(name, ipv6, match, m->data, | ||
| 648 | hookmask)) { | ||
| 649 | duprintf("ip_tables: check failed for `%s'.\n", | 647 | duprintf("ip_tables: check failed for `%s'.\n", |
| 650 | m->u.kernel.match->name); | 648 | m->u.kernel.match->name); |
| 651 | ret = -EINVAL; | 649 | return ret; |
| 652 | } | 650 | } |
| 653 | if (!ret) | 651 | ++*i; |
| 654 | (*i)++; | 652 | return 0; |
| 655 | return ret; | ||
| 656 | } | 653 | } |
| 657 | 654 | ||
| 658 | static int | 655 | static int |
| @@ -694,15 +691,13 @@ static int check_target(struct ip6t_entry *e, const char *name) | |||
| 694 | target = t->u.kernel.target; | 691 | target = t->u.kernel.target; |
| 695 | ret = xt_check_target(target, AF_INET6, t->u.target_size - sizeof(*t), | 692 | ret = xt_check_target(target, AF_INET6, t->u.target_size - sizeof(*t), |
| 696 | name, e->comefrom, e->ipv6.proto, | 693 | name, e->comefrom, e->ipv6.proto, |
| 697 | e->ipv6.invflags & IP6T_INV_PROTO); | 694 | e->ipv6.invflags & IP6T_INV_PROTO, e, t->data); |
| 698 | if (!ret && t->u.kernel.target->checkentry | 695 | if (ret < 0) { |
| 699 | && !t->u.kernel.target->checkentry(name, e, target, t->data, | ||
| 700 | e->comefrom)) { | ||
| 701 | duprintf("ip_tables: check failed for `%s'.\n", | 696 | duprintf("ip_tables: check failed for `%s'.\n", |
| 702 | t->u.kernel.target->name); | 697 | t->u.kernel.target->name); |
| 703 | ret = -EINVAL; | 698 | return ret; |
| 704 | } | 699 | } |
| 705 | return ret; | 700 | return 0; |
| 706 | } | 701 | } |
| 707 | 702 | ||
| 708 | static int | 703 | static int |