netfilter: xtables: move extension arguments into compound structure (2/6)

This patch does this for match extensions' checkentry functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Jan Engelhardt <jengelh@medozas.de> 2008-10-08 05:35:18 -0400
committer: Patrick McHardy <kaber@trash.net> 2008-10-08 05:35:18 -0400
commit: 9b4fce7a3508a9776534188b6065b206a9608ccf (patch)
tree: 7df90f099a72738900deb93124ad86724a2df207 /net/ipv6
parent: f7108a20dee44e5bb037f9e48f6a207b42e6ae1c (diff)
7 files changed, 35 insertions, 60 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index cf2c5370a4e8..9c843e3777bc 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -629,20 +629,20 @@ check_entry(struct ip6t_entry *e, const char *name)
        return 0;
 }
-static int check_match(struct ip6t_entry_match *m, const char *name,
+static int check_match(struct ip6t_entry_match *m, struct xt_mtchk_param *par,
-                              const struct ip6t_ip6 *ipv6,
+                       unsigned int *i)
-                              unsigned int hookmask, unsigned int *i)
 {
-        struct xt_match *match;
+        const struct ip6t_ip6 *ipv6 = par->entryinfo;
        int ret;
-        match = m->u.kernel.match;
+        par->match     = m->u.kernel.match;
-        ret = xt_check_match(match, AF_INET6, m->u.match_size - sizeof(*m),
+        par->matchinfo = m->data;
-                             name, hookmask, ipv6->proto,
-                             ipv6->invflags & IP6T_INV_PROTO, ipv6, m->data);
+        ret = xt_check_match(par, NFPROTO_IPV6, m->u.match_size - sizeof(*m),
+                             ipv6->proto, ipv6->invflags & IP6T_INV_PROTO);
        if (ret < 0) {
                duprintf("ip_tables: check failed for `%s'.\n",
-                         m->u.kernel.match->name);
+                         par.match->name);
                return ret;
        }
        ++*i;
@@ -650,10 +650,7 @@ static int check_match(struct ip6t_entry_match *m, const char *name,
 }
 static int
-find_check_match(struct ip6t_entry_match *m,
+find_check_match(struct ip6t_entry_match *m, struct xt_mtchk_param *par,
-                 const char *name,
-                 const struct ip6t_ip6 *ipv6,
-                 unsigned int hookmask,
                 unsigned int *i)
 {
        struct xt_match *match;
@@ -668,7 +665,7 @@ find_check_match(struct ip6t_entry_match *m,
        }
        m->u.kernel.match = match;
-        ret = check_match(m, name, ipv6, hookmask, i);
+        ret = check_match(m, par, i);
        if (ret)
                goto err;
@@ -705,14 +702,17 @@ find_check_entry(struct ip6t_entry *e, const char *name, unsigned int size,
        struct xt_target *target;
        int ret;
        unsigned int j;
+        struct xt_mtchk_param mtpar;
        ret = check_entry(e, name);
        if (ret)
                return ret;
        j = 0;
-        ret = IP6T_MATCH_ITERATE(e, find_check_match, name, &e->ipv6,
+        mtpar.table     = name;
-                                 e->comefrom, &j);
+        mtpar.entryinfo = &e->ipv6;
+        mtpar.hook_mask = e->comefrom;
+        ret = IP6T_MATCH_ITERATE(e, find_check_match, &mtpar, &j);
        if (ret != 0)
                goto cleanup_matches;
@@ -1669,10 +1669,13 @@ static int compat_check_entry(struct ip6t_entry *e, const char *name,
 {
        unsigned int j;
        int ret;
+        struct xt_mtchk_param mtpar;
        j = 0;
-        ret = IP6T_MATCH_ITERATE(e, check_match, name, &e->ipv6,
+        mtpar.table     = name;
-                                 e->comefrom, &j);
+        mtpar.entryinfo = &e->ipv6;
+        mtpar.hook_mask = e->comefrom;
+        ret = IP6T_MATCH_ITERATE(e, check_match, &mtpar, &j);
        if (ret)
                goto cleanup_matches;
@@ -2166,14 +2169,9 @@ icmp6_match(const struct sk_buff *skb, const struct xt_match_param *par)
 }
 /* Called when user tries to insert an entry of this type. */
-static bool
+static bool icmp6_checkentry(const struct xt_mtchk_param *par)
-icmp6_checkentry(const char *tablename,
-           const void *entry,
-           const struct xt_match *match,
-           void *matchinfo,
-           unsigned int hook_mask)
 {
-        const struct ip6t_icmp *icmpinfo = matchinfo;
+        const struct ip6t_icmp *icmpinfo = par->matchinfo;
        /* Must specify no unknown invflags */
        return !(icmpinfo->invflags & ~IP6T_ICMP_INV);
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c
index a04f2b8396e9..3a82f24746b9 100644
--- a/net/ipv6/netfilter/ip6t_ah.c
+++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -90,13 +90,9 @@ static bool ah_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
               !(ahinfo->hdrres && ah->reserved);
 }
-/* Called when user tries to insert an entry of this type. */
+static bool ah_mt6_check(const struct xt_mtchk_param *par)
-static bool
-ah_mt6_check(const char *tablename, const void *entry,
-             const struct xt_match *match, void *matchinfo,
-             unsigned int hook_mask)
 {
-        const struct ip6t_ah *ahinfo = matchinfo;
+        const struct ip6t_ah *ahinfo = par->matchinfo;
        if (ahinfo->invflags & ~IP6T_AH_INV_MASK) {
                pr_debug("ip6t_ah: unknown flags %X\n", ahinfo->invflags);
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c
index 6951d0dacf45..673aa0a5084e 100644
--- a/net/ipv6/netfilter/ip6t_frag.c
+++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -107,13 +107,9 @@ frag_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
                 && (ntohs(fh->frag_off) & IP6_MF));
 }
-/* Called when user tries to insert an entry of this type. */
+static bool frag_mt6_check(const struct xt_mtchk_param *par)
-static bool
-frag_mt6_check(const char *tablename, const void *ip,
-               const struct xt_match *match, void *matchinfo,
-               unsigned int hook_mask)
 {
-        const struct ip6t_frag *fraginfo = matchinfo;
+        const struct ip6t_frag *fraginfo = par->matchinfo;
        if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) {
                pr_debug("ip6t_frag: unknown flags %X\n", fraginfo->invflags);
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c
index d3351978819a..cbe8dec9744b 100644
--- a/net/ipv6/netfilter/ip6t_hbh.c
+++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -160,13 +160,9 @@ hbh_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
        return false;
 }
-/* Called when user tries to insert an entry of this type. */
+static bool hbh_mt6_check(const struct xt_mtchk_param *par)
-static bool
-hbh_mt6_check(const char *tablename, const void *entry,
-              const struct xt_match *match, void *matchinfo,
-              unsigned int hook_mask)
 {
-        const struct ip6t_opts *optsinfo = matchinfo;
+        const struct ip6t_opts *optsinfo = par->matchinfo;
        if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
                pr_debug("ip6t_opts: unknown flags %X\n", optsinfo->invflags);
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c
index 6aaca511d473..14e6724d5672 100644
--- a/net/ipv6/netfilter/ip6t_ipv6header.c
+++ b/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -118,12 +118,9 @@ ipv6header_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
        }
 }
-static bool
+static bool ipv6header_mt6_check(const struct xt_mtchk_param *par)
-ipv6header_mt6_check(const char *tablename, const void *ip,
-                     const struct xt_match *match, void *matchinfo,
-                     unsigned int hook_mask)
 {
-        const struct ip6t_ipv6header_info *info = matchinfo;
+        const struct ip6t_ipv6header_info *info = par->matchinfo;
        /* invflags is 0 or 0xff in hard mode */
        if ((!info->modeflag) && info->invflags != 0x00 &&
diff --git a/net/ipv6/netfilter/ip6t_mh.c b/net/ipv6/netfilter/ip6t_mh.c
index 2803258b6d07..aafe4e66577b 100644
--- a/net/ipv6/netfilter/ip6t_mh.c
+++ b/net/ipv6/netfilter/ip6t_mh.c
@@ -67,13 +67,9 @@ static bool mh_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
                          !!(mhinfo->invflags & IP6T_MH_INV_TYPE));
 }
-/* Called when user tries to insert an entry of this type. */
+static bool mh_mt6_check(const struct xt_mtchk_param *par)
-static bool
-mh_mt6_check(const char *tablename, const void *entry,
-             const struct xt_match *match, void *matchinfo,
-             unsigned int hook_mask)
 {
-        const struct ip6t_mh *mhinfo = matchinfo;
+        const struct ip6t_mh *mhinfo = par->matchinfo;
        /* Must specify no unknown invflags */
        return !(mhinfo->invflags & ~IP6T_MH_INV_MASK);
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index 9cf4b8a37af7..356b8d6f6baa 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -186,13 +186,9 @@ static bool rt_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
        return false;
 }
-/* Called when user tries to insert an entry of this type. */
+static bool rt_mt6_check(const struct xt_mtchk_param *par)
-static bool
-rt_mt6_check(const char *tablename, const void *entry,
-             const struct xt_match *match, void *matchinfo,
-             unsigned int hook_mask)
 {
-        const struct ip6t_rt *rtinfo = matchinfo;
+        const struct ip6t_rt *rtinfo = par->matchinfo;
        if (rtinfo->invflags & ~IP6T_RT_INV_MASK) {
                pr_debug("ip6t_rt: unknown flags %X\n", rtinfo->invflags);
author	Jan Engelhardt <jengelh@medozas.de>	2008-10-08 05:35:18 -0400
committer	Patrick McHardy <kaber@trash.net>	2008-10-08 05:35:18 -0400
commit	9b4fce7a3508a9776534188b6065b206a9608ccf (patch)
tree	7df90f099a72738900deb93124ad86724a2df207 /net/ipv6
parent	f7108a20dee44e5bb037f9e48f6a207b42e6ae1c (diff)

diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index cf2c5370a4e8..9c843e3777bc 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c
@@ -629,20 +629,20 @@ check_entry(struct ip6t_entry e, const char name)
629	return 0;	629	return 0;
630	}	630	}
631		631
632	static int check_match(struct ip6t_entry_match m, const char name,	632	static int check_match(struct ip6t_entry_match m, struct xt_mtchk_param par,
633	const struct ip6t_ip6 *ipv6,	633	unsigned int *i)
634	unsigned int hookmask, unsigned int *i)
635	{	634	{
636	struct xt_match *match;	635	const struct ip6t_ip6 *ipv6 = par->entryinfo;
637	int ret;	636	int ret;
638		637
639	match = m->u.kernel.match;	638	par->match = m->u.kernel.match;
640	ret = xt_check_match(match, AF_INET6, m->u.match_size - sizeof(*m),	639	par->matchinfo = m->data;
641	name, hookmask, ipv6->proto,	640
642	ipv6->invflags & IP6T_INV_PROTO, ipv6, m->data);	641	ret = xt_check_match(par, NFPROTO_IPV6, m->u.match_size - sizeof(*m),
		642	ipv6->proto, ipv6->invflags & IP6T_INV_PROTO);
643	if (ret < 0) {	643	if (ret < 0) {
644	duprintf("ip_tables: check failed for `%s'.\n",	644	duprintf("ip_tables: check failed for `%s'.\n",
645	m->u.kernel.match->name);	645	par.match->name);
646	return ret;	646	return ret;
647	}	647	}
648	++*i;	648	++*i;
@@ -650,10 +650,7 @@ static int check_match(struct ip6t_entry_match m, const char name,
650	}	650	}
651		651
652	static int	652	static int
653	find_check_match(struct ip6t_entry_match *m,	653	find_check_match(struct ip6t_entry_match m, struct xt_mtchk_param par,
654	const char *name,
655	const struct ip6t_ip6 *ipv6,
656	unsigned int hookmask,
657	unsigned int *i)	654	unsigned int *i)
658	{	655	{
659	struct xt_match *match;	656	struct xt_match *match;
@@ -668,7 +665,7 @@ find_check_match(struct ip6t_entry_match *m,
668	}	665	}
669	m->u.kernel.match = match;	666	m->u.kernel.match = match;
670		667
671	ret = check_match(m, name, ipv6, hookmask, i);	668	ret = check_match(m, par, i);
672	if (ret)	669	if (ret)
673	goto err;	670	goto err;
674		671
@@ -705,14 +702,17 @@ find_check_entry(struct ip6t_entry e, const char name, unsigned int size,
705	struct xt_target *target;	702	struct xt_target *target;
706	int ret;	703	int ret;
707	unsigned int j;	704	unsigned int j;
		705	struct xt_mtchk_param mtpar;
708		706
709	ret = check_entry(e, name);	707	ret = check_entry(e, name);
710	if (ret)	708	if (ret)
711	return ret;	709	return ret;
712		710
713	j = 0;	711	j = 0;
714	ret = IP6T_MATCH_ITERATE(e, find_check_match, name, &e->ipv6,	712	mtpar.table = name;
715	e->comefrom, &j);	713	mtpar.entryinfo = &e->ipv6;
		714	mtpar.hook_mask = e->comefrom;
		715	ret = IP6T_MATCH_ITERATE(e, find_check_match, &mtpar, &j);
716	if (ret != 0)	716	if (ret != 0)
717	goto cleanup_matches;	717	goto cleanup_matches;
718		718
@@ -1669,10 +1669,13 @@ static int compat_check_entry(struct ip6t_entry e, const char name,
1669	{	1669	{
1670	unsigned int j;	1670	unsigned int j;
1671	int ret;	1671	int ret;
		1672	struct xt_mtchk_param mtpar;
1672		1673
1673	j = 0;	1674	j = 0;
1674	ret = IP6T_MATCH_ITERATE(e, check_match, name, &e->ipv6,	1675	mtpar.table = name;
1675	e->comefrom, &j);	1676	mtpar.entryinfo = &e->ipv6;
		1677	mtpar.hook_mask = e->comefrom;
		1678	ret = IP6T_MATCH_ITERATE(e, check_match, &mtpar, &j);
1676	if (ret)	1679	if (ret)
1677	goto cleanup_matches;	1680	goto cleanup_matches;
1678		1681
@@ -2166,14 +2169,9 @@ icmp6_match(const struct sk_buff skb, const struct xt_match_param par)
2166	}	2169	}
2167		2170
2168	/* Called when user tries to insert an entry of this type. */	2171	/* Called when user tries to insert an entry of this type. */
2169	static bool	2172	static bool icmp6_checkentry(const struct xt_mtchk_param *par)
2170	icmp6_checkentry(const char *tablename,
2171	const void *entry,
2172	const struct xt_match *match,
2173	void *matchinfo,
2174	unsigned int hook_mask)
2175	{	2173	{
2176	const struct ip6t_icmp *icmpinfo = matchinfo;	2174	const struct ip6t_icmp *icmpinfo = par->matchinfo;
2177		2175
2178	/* Must specify no unknown invflags */	2176	/* Must specify no unknown invflags */
2179	return !(icmpinfo->invflags & ~IP6T_ICMP_INV);	2177	return !(icmpinfo->invflags & ~IP6T_ICMP_INV);


diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c index a04f2b8396e9..3a82f24746b9 100644 --- a/net/ipv6/netfilter/ip6t_ah.c +++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -90,13 +90,9 @@ static bool ah_mt6(const struct sk_buff skb, const struct xt_match_param par)
90	!(ahinfo->hdrres && ah->reserved);	90	!(ahinfo->hdrres && ah->reserved);
91	}	91	}
92		92
93	/* Called when user tries to insert an entry of this type. */	93	static bool ah_mt6_check(const struct xt_mtchk_param *par)
94	static bool
95	ah_mt6_check(const char tablename, const void entry,
96	const struct xt_match match, void matchinfo,
97	unsigned int hook_mask)
98	{	94	{
99	const struct ip6t_ah *ahinfo = matchinfo;	95	const struct ip6t_ah *ahinfo = par->matchinfo;
100		96
101	if (ahinfo->invflags & ~IP6T_AH_INV_MASK) {	97	if (ahinfo->invflags & ~IP6T_AH_INV_MASK) {
102	pr_debug("ip6t_ah: unknown flags %X\n", ahinfo->invflags);	98	pr_debug("ip6t_ah: unknown flags %X\n", ahinfo->invflags);


diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c index 6951d0dacf45..673aa0a5084e 100644 --- a/net/ipv6/netfilter/ip6t_frag.c +++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -107,13 +107,9 @@ frag_mt6(const struct sk_buff skb, const struct xt_match_param par)
107	&& (ntohs(fh->frag_off) & IP6_MF));	107	&& (ntohs(fh->frag_off) & IP6_MF));
108	}	108	}
109		109
110	/* Called when user tries to insert an entry of this type. */	110	static bool frag_mt6_check(const struct xt_mtchk_param *par)
111	static bool
112	frag_mt6_check(const char tablename, const void ip,
113	const struct xt_match match, void matchinfo,
114	unsigned int hook_mask)
115	{	111	{
116	const struct ip6t_frag *fraginfo = matchinfo;	112	const struct ip6t_frag *fraginfo = par->matchinfo;
117		113
118	if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) {	114	if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) {
119	pr_debug("ip6t_frag: unknown flags %X\n", fraginfo->invflags);	115	pr_debug("ip6t_frag: unknown flags %X\n", fraginfo->invflags);


diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c index d3351978819a..cbe8dec9744b 100644 --- a/net/ipv6/netfilter/ip6t_hbh.c +++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -160,13 +160,9 @@ hbh_mt6(const struct sk_buff skb, const struct xt_match_param par)
160	return false;	160	return false;
161	}	161	}
162		162
163	/* Called when user tries to insert an entry of this type. */	163	static bool hbh_mt6_check(const struct xt_mtchk_param *par)
164	static bool
165	hbh_mt6_check(const char tablename, const void entry,
166	const struct xt_match match, void matchinfo,
167	unsigned int hook_mask)
168	{	164	{
169	const struct ip6t_opts *optsinfo = matchinfo;	165	const struct ip6t_opts *optsinfo = par->matchinfo;
170		166
171	if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {	167	if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
172	pr_debug("ip6t_opts: unknown flags %X\n", optsinfo->invflags);	168	pr_debug("ip6t_opts: unknown flags %X\n", optsinfo->invflags);


diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c index 6aaca511d473..14e6724d5672 100644 --- a/net/ipv6/netfilter/ip6t_ipv6header.c +++ b/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -118,12 +118,9 @@ ipv6header_mt6(const struct sk_buff skb, const struct xt_match_param par)
118	}	118	}
119	}	119	}
120		120
121	static bool	121	static bool ipv6header_mt6_check(const struct xt_mtchk_param *par)
122	ipv6header_mt6_check(const char tablename, const void ip,
123	const struct xt_match match, void matchinfo,
124	unsigned int hook_mask)
125	{	122	{
126	const struct ip6t_ipv6header_info *info = matchinfo;	123	const struct ip6t_ipv6header_info *info = par->matchinfo;
127		124
128	/* invflags is 0 or 0xff in hard mode */	125	/* invflags is 0 or 0xff in hard mode */
129	if ((!info->modeflag) && info->invflags != 0x00 &&	126	if ((!info->modeflag) && info->invflags != 0x00 &&


diff --git a/net/ipv6/netfilter/ip6t_mh.c b/net/ipv6/netfilter/ip6t_mh.c index 2803258b6d07..aafe4e66577b 100644 --- a/net/ipv6/netfilter/ip6t_mh.c +++ b/net/ipv6/netfilter/ip6t_mh.c
@@ -67,13 +67,9 @@ static bool mh_mt6(const struct sk_buff skb, const struct xt_match_param par)
67	!!(mhinfo->invflags & IP6T_MH_INV_TYPE));	67	!!(mhinfo->invflags & IP6T_MH_INV_TYPE));
68	}	68	}
69		69
70	/* Called when user tries to insert an entry of this type. */	70	static bool mh_mt6_check(const struct xt_mtchk_param *par)
71	static bool
72	mh_mt6_check(const char tablename, const void entry,
73	const struct xt_match match, void matchinfo,
74	unsigned int hook_mask)
75	{	71	{
76	const struct ip6t_mh *mhinfo = matchinfo;	72	const struct ip6t_mh *mhinfo = par->matchinfo;
77		73
78	/* Must specify no unknown invflags */	74	/* Must specify no unknown invflags */
79	return !(mhinfo->invflags & ~IP6T_MH_INV_MASK);	75	return !(mhinfo->invflags & ~IP6T_MH_INV_MASK);


diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c index 9cf4b8a37af7..356b8d6f6baa 100644 --- a/net/ipv6/netfilter/ip6t_rt.c +++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -186,13 +186,9 @@ static bool rt_mt6(const struct sk_buff skb, const struct xt_match_param par)
186	return false;	186	return false;
187	}	187	}
188		188
189	/* Called when user tries to insert an entry of this type. */	189	static bool rt_mt6_check(const struct xt_mtchk_param *par)
190	static bool
191	rt_mt6_check(const char tablename, const void entry,
192	const struct xt_match match, void matchinfo,
193	unsigned int hook_mask)
194	{	190	{
195	const struct ip6t_rt *rtinfo = matchinfo;	191	const struct ip6t_rt *rtinfo = par->matchinfo;
196		192
197	if (rtinfo->invflags & ~IP6T_RT_INV_MASK) {	193	if (rtinfo->invflags & ~IP6T_RT_INV_MASK) {
198	pr_debug("ip6t_rt: unknown flags %X\n", rtinfo->invflags);	194	pr_debug("ip6t_rt: unknown flags %X\n", rtinfo->invflags);