diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2008-10-08 05:35:20 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:20 -0400 |
| commit | 916a917dfec18535ff9e2afdafba82e6279eb4f4 (patch) | |
| tree | ebd2e944684f3f1a9c184e3e69d06d1465ed2f69 /net/ipv6 | |
| parent | a2df1648ba615dd5908e9a1fa7b2f133fa302487 (diff) | |
netfilter: xtables: provide invoked family value to extensions
By passing in the family through which extensions were invoked, a bit
of data space can be reclaimed. The "family" member will be added to
the parameter structures and the check functions be adjusted.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index d934a6994632..a33485dc81cb 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -370,6 +370,7 @@ ip6t_do_table(struct sk_buff *skb, | |||
| 370 | mtpar.hotdrop = &hotdrop; | 370 | mtpar.hotdrop = &hotdrop; |
| 371 | mtpar.in = tgpar.in = in; | 371 | mtpar.in = tgpar.in = in; |
| 372 | mtpar.out = tgpar.out = out; | 372 | mtpar.out = tgpar.out = out; |
| 373 | mtpar.family = tgpar.family = NFPROTO_IPV6; | ||
| 373 | tgpar.hooknum = hook; | 374 | tgpar.hooknum = hook; |
| 374 | 375 | ||
| 375 | read_lock_bh(&table->lock); | 376 | read_lock_bh(&table->lock); |
| @@ -604,6 +605,7 @@ cleanup_match(struct ip6t_entry_match *m, unsigned int *i) | |||
| 604 | 605 | ||
| 605 | par.match = m->u.kernel.match; | 606 | par.match = m->u.kernel.match; |
| 606 | par.matchinfo = m->data; | 607 | par.matchinfo = m->data; |
| 608 | par.family = NFPROTO_IPV6; | ||
| 607 | if (par.match->destroy != NULL) | 609 | if (par.match->destroy != NULL) |
| 608 | par.match->destroy(&par); | 610 | par.match->destroy(&par); |
| 609 | module_put(par.match->me); | 611 | module_put(par.match->me); |
| @@ -640,7 +642,7 @@ static int check_match(struct ip6t_entry_match *m, struct xt_mtchk_param *par, | |||
| 640 | par->match = m->u.kernel.match; | 642 | par->match = m->u.kernel.match; |
| 641 | par->matchinfo = m->data; | 643 | par->matchinfo = m->data; |
| 642 | 644 | ||
| 643 | ret = xt_check_match(par, NFPROTO_IPV6, m->u.match_size - sizeof(*m), | 645 | ret = xt_check_match(par, m->u.match_size - sizeof(*m), |
| 644 | ipv6->proto, ipv6->invflags & IP6T_INV_PROTO); | 646 | ipv6->proto, ipv6->invflags & IP6T_INV_PROTO); |
| 645 | if (ret < 0) { | 647 | if (ret < 0) { |
| 646 | duprintf("ip_tables: check failed for `%s'.\n", | 648 | duprintf("ip_tables: check failed for `%s'.\n", |
| @@ -686,11 +688,12 @@ static int check_target(struct ip6t_entry *e, const char *name) | |||
| 686 | .target = t->u.kernel.target, | 688 | .target = t->u.kernel.target, |
| 687 | .targinfo = t->data, | 689 | .targinfo = t->data, |
| 688 | .hook_mask = e->comefrom, | 690 | .hook_mask = e->comefrom, |
| 691 | .family = NFPROTO_IPV6, | ||
| 689 | }; | 692 | }; |
| 690 | int ret; | 693 | int ret; |
| 691 | 694 | ||
| 692 | t = ip6t_get_target(e); | 695 | t = ip6t_get_target(e); |
| 693 | ret = xt_check_target(&par, NFPROTO_IPV6, t->u.target_size - sizeof(*t), | 696 | ret = xt_check_target(&par, t->u.target_size - sizeof(*t), |
| 694 | e->ipv6.proto, e->ipv6.invflags & IP6T_INV_PROTO); | 697 | e->ipv6.proto, e->ipv6.invflags & IP6T_INV_PROTO); |
| 695 | if (ret < 0) { | 698 | if (ret < 0) { |
| 696 | duprintf("ip_tables: check failed for `%s'.\n", | 699 | duprintf("ip_tables: check failed for `%s'.\n", |
| @@ -718,6 +721,7 @@ find_check_entry(struct ip6t_entry *e, const char *name, unsigned int size, | |||
| 718 | mtpar.table = name; | 721 | mtpar.table = name; |
| 719 | mtpar.entryinfo = &e->ipv6; | 722 | mtpar.entryinfo = &e->ipv6; |
| 720 | mtpar.hook_mask = e->comefrom; | 723 | mtpar.hook_mask = e->comefrom; |
| 724 | mtpar.family = NFPROTO_IPV6; | ||
| 721 | ret = IP6T_MATCH_ITERATE(e, find_check_match, &mtpar, &j); | 725 | ret = IP6T_MATCH_ITERATE(e, find_check_match, &mtpar, &j); |
| 722 | if (ret != 0) | 726 | if (ret != 0) |
| 723 | goto cleanup_matches; | 727 | goto cleanup_matches; |
| @@ -805,6 +809,7 @@ cleanup_entry(struct ip6t_entry *e, unsigned int *i) | |||
| 805 | 809 | ||
| 806 | par.target = t->u.kernel.target; | 810 | par.target = t->u.kernel.target; |
| 807 | par.targinfo = t->data; | 811 | par.targinfo = t->data; |
| 812 | par.family = NFPROTO_IPV6; | ||
| 808 | if (par.target->destroy != NULL) | 813 | if (par.target->destroy != NULL) |
| 809 | par.target->destroy(&par); | 814 | par.target->destroy(&par); |
| 810 | module_put(par.target->me); | 815 | module_put(par.target->me); |
| @@ -1685,6 +1690,7 @@ static int compat_check_entry(struct ip6t_entry *e, const char *name, | |||
| 1685 | mtpar.table = name; | 1690 | mtpar.table = name; |
| 1686 | mtpar.entryinfo = &e->ipv6; | 1691 | mtpar.entryinfo = &e->ipv6; |
| 1687 | mtpar.hook_mask = e->comefrom; | 1692 | mtpar.hook_mask = e->comefrom; |
| 1693 | mtpar.family = NFPROTO_IPV6; | ||
| 1688 | ret = IP6T_MATCH_ITERATE(e, check_match, &mtpar, &j); | 1694 | ret = IP6T_MATCH_ITERATE(e, check_match, &mtpar, &j); |
| 1689 | if (ret) | 1695 | if (ret) |
| 1690 | goto cleanup_matches; | 1696 | goto cleanup_matches; |