diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2008-10-08 05:35:15 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:15 -0400 |
| commit | f2ff525c8dae57b3cda51d76443f60f764f34202 (patch) | |
| tree | b28a6ed575375014dc14fc5b758e3d6da64977c2 /net | |
| parent | 102befab75c438bfa356c6976026326728771ebc (diff) | |
netfilter: ebtables: use generic table checking
Ebtables ORs (1 << NF_BR_NUMHOOKS) into the hook mask to indicate that
the extension was called from a base chain. So this also needs to be
present in the extensions' ->hooks.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/bridge/netfilter/ebt_arpreply.c | 4 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebt_dnat.c | 2 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebt_redirect.c | 2 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebt_snat.c | 6 |
4 files changed, 8 insertions, 6 deletions
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c index 8071b64af46f..0e51c8d7e5f2 100644 --- a/net/bridge/netfilter/ebt_arpreply.c +++ b/net/bridge/netfilter/ebt_arpreply.c | |||
| @@ -73,8 +73,6 @@ ebt_arpreply_tg_check(const char *tablename, const void *entry, | |||
| 73 | e->invflags & EBT_IPROTO) | 73 | e->invflags & EBT_IPROTO) |
| 74 | return false; | 74 | return false; |
| 75 | CLEAR_BASE_CHAIN_BIT; | 75 | CLEAR_BASE_CHAIN_BIT; |
| 76 | if (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING)) | ||
| 77 | return false; | ||
| 78 | return true; | 76 | return true; |
| 79 | } | 77 | } |
| 80 | 78 | ||
| @@ -82,6 +80,8 @@ static struct xt_target ebt_arpreply_tg_reg __read_mostly = { | |||
| 82 | .name = "arpreply", | 80 | .name = "arpreply", |
| 83 | .revision = 0, | 81 | .revision = 0, |
| 84 | .family = NFPROTO_BRIDGE, | 82 | .family = NFPROTO_BRIDGE, |
| 83 | .table = "nat", | ||
| 84 | .hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING), | ||
| 85 | .target = ebt_arpreply_tg, | 85 | .target = ebt_arpreply_tg, |
| 86 | .checkentry = ebt_arpreply_tg_check, | 86 | .checkentry = ebt_arpreply_tg_check, |
| 87 | .targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)), | 87 | .targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)), |
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c index d2211c4a477e..cb80101e412c 100644 --- a/net/bridge/netfilter/ebt_dnat.c +++ b/net/bridge/netfilter/ebt_dnat.c | |||
| @@ -51,6 +51,8 @@ static struct xt_target ebt_dnat_tg_reg __read_mostly = { | |||
| 51 | .name = "dnat", | 51 | .name = "dnat", |
| 52 | .revision = 0, | 52 | .revision = 0, |
| 53 | .family = NFPROTO_BRIDGE, | 53 | .family = NFPROTO_BRIDGE, |
| 54 | .hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING) | | ||
| 55 | (1 << NF_BR_LOCAL_OUT) | (1 << NF_BR_BROUTING), | ||
| 54 | .target = ebt_dnat_tg, | 56 | .target = ebt_dnat_tg, |
| 55 | .checkentry = ebt_dnat_tg_check, | 57 | .checkentry = ebt_dnat_tg_check, |
| 56 | .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), | 58 | .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), |
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c index 1b7684ffe404..a50ffbe0e4fb 100644 --- a/net/bridge/netfilter/ebt_redirect.c +++ b/net/bridge/netfilter/ebt_redirect.c | |||
| @@ -56,6 +56,8 @@ static struct xt_target ebt_redirect_tg_reg __read_mostly = { | |||
| 56 | .name = "redirect", | 56 | .name = "redirect", |
| 57 | .revision = 0, | 57 | .revision = 0, |
| 58 | .family = NFPROTO_BRIDGE, | 58 | .family = NFPROTO_BRIDGE, |
| 59 | .hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING) | | ||
| 60 | (1 << NF_BR_BROUTING), | ||
| 59 | .target = ebt_redirect_tg, | 61 | .target = ebt_redirect_tg, |
| 60 | .checkentry = ebt_redirect_tg_check, | 62 | .checkentry = ebt_redirect_tg_check, |
| 61 | .targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)), | 63 | .targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)), |
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c index c90217a4f9e1..8a55c7d49b55 100644 --- a/net/bridge/netfilter/ebt_snat.c +++ b/net/bridge/netfilter/ebt_snat.c | |||
| @@ -56,10 +56,6 @@ ebt_snat_tg_check(const char *tablename, const void *e, | |||
| 56 | if (BASE_CHAIN && tmp == EBT_RETURN) | 56 | if (BASE_CHAIN && tmp == EBT_RETURN) |
| 57 | return false; | 57 | return false; |
| 58 | CLEAR_BASE_CHAIN_BIT; | 58 | CLEAR_BASE_CHAIN_BIT; |
| 59 | if (strcmp(tablename, "nat")) | ||
| 60 | return false; | ||
| 61 | if (hookmask & ~(1 << NF_BR_POST_ROUTING)) | ||
| 62 | return false; | ||
| 63 | 59 | ||
| 64 | if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) | 60 | if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) |
| 65 | return false; | 61 | return false; |
| @@ -73,6 +69,8 @@ static struct xt_target ebt_snat_tg_reg __read_mostly = { | |||
| 73 | .name = "snat", | 69 | .name = "snat", |
| 74 | .revision = 0, | 70 | .revision = 0, |
| 75 | .family = NFPROTO_BRIDGE, | 71 | .family = NFPROTO_BRIDGE, |
| 72 | .table = "nat", | ||
| 73 | .hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_POST_ROUTING), | ||
| 76 | .target = ebt_snat_tg, | 74 | .target = ebt_snat_tg, |
| 77 | .checkentry = ebt_snat_tg_check, | 75 | .checkentry = ebt_snat_tg_check, |
| 78 | .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), | 76 | .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), |