diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2008-10-08 05:35:20 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:20 -0400 |
commit | 92f3b2b1bc968caaabee8cd78bee75ab7c4af74e (patch) | |
tree | 02f5884407a858908e4c74c66f9c213c617d3353 /net | |
parent | 916a917dfec18535ff9e2afdafba82e6279eb4f4 (diff) |
netfilter: xtables: cut down on static data for family-independent extensions
Using ->family in struct xt_*_param, multiple struct xt_{match,target}
can be squashed together.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/xt_CONNMARK.c | 39 | ||||
-rw-r--r-- | net/netfilter/xt_CONNSECMARK.c | 40 | ||||
-rw-r--r-- | net/netfilter/xt_NFLOG.c | 31 | ||||
-rw-r--r-- | net/netfilter/xt_connbytes.c | 39 | ||||
-rw-r--r-- | net/netfilter/xt_connlimit.c | 47 | ||||
-rw-r--r-- | net/netfilter/xt_connmark.c | 39 | ||||
-rw-r--r-- | net/netfilter/xt_conntrack.c | 26 | ||||
-rw-r--r-- | net/netfilter/xt_helper.c | 38 | ||||
-rw-r--r-- | net/netfilter/xt_pkttype.c | 30 |
9 files changed, 104 insertions, 225 deletions
diff --git a/net/netfilter/xt_CONNMARK.c b/net/netfilter/xt_CONNMARK.c index c5a5072e005d..d6e5ab463277 100644 --- a/net/netfilter/xt_CONNMARK.c +++ b/net/netfilter/xt_CONNMARK.c | |||
@@ -128,9 +128,9 @@ static bool connmark_tg_check_v0(const struct xt_tgchk_param *par) | |||
128 | printk(KERN_WARNING "CONNMARK: Only supports 32bit mark\n"); | 128 | printk(KERN_WARNING "CONNMARK: Only supports 32bit mark\n"); |
129 | return false; | 129 | return false; |
130 | } | 130 | } |
131 | if (nf_ct_l3proto_try_module_get(par->target->family) < 0) { | 131 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
132 | printk(KERN_WARNING "can't load conntrack support for " | 132 | printk(KERN_WARNING "can't load conntrack support for " |
133 | "proto=%u\n", par->target->family); | 133 | "proto=%u\n", par->family); |
134 | return false; | 134 | return false; |
135 | } | 135 | } |
136 | return true; | 136 | return true; |
@@ -138,9 +138,9 @@ static bool connmark_tg_check_v0(const struct xt_tgchk_param *par) | |||
138 | 138 | ||
139 | static bool connmark_tg_check(const struct xt_tgchk_param *par) | 139 | static bool connmark_tg_check(const struct xt_tgchk_param *par) |
140 | { | 140 | { |
141 | if (nf_ct_l3proto_try_module_get(par->target->family) < 0) { | 141 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
142 | printk(KERN_WARNING "cannot load conntrack support for " | 142 | printk(KERN_WARNING "cannot load conntrack support for " |
143 | "proto=%u\n", par->target->family); | 143 | "proto=%u\n", par->family); |
144 | return false; | 144 | return false; |
145 | } | 145 | } |
146 | return true; | 146 | return true; |
@@ -148,7 +148,7 @@ static bool connmark_tg_check(const struct xt_tgchk_param *par) | |||
148 | 148 | ||
149 | static void connmark_tg_destroy(const struct xt_tgdtor_param *par) | 149 | static void connmark_tg_destroy(const struct xt_tgdtor_param *par) |
150 | { | 150 | { |
151 | nf_ct_l3proto_module_put(par->target->family); | 151 | nf_ct_l3proto_module_put(par->family); |
152 | } | 152 | } |
153 | 153 | ||
154 | #ifdef CONFIG_COMPAT | 154 | #ifdef CONFIG_COMPAT |
@@ -186,7 +186,7 @@ static struct xt_target connmark_tg_reg[] __read_mostly = { | |||
186 | { | 186 | { |
187 | .name = "CONNMARK", | 187 | .name = "CONNMARK", |
188 | .revision = 0, | 188 | .revision = 0, |
189 | .family = NFPROTO_IPV4, | 189 | .family = NFPROTO_UNSPEC, |
190 | .checkentry = connmark_tg_check_v0, | 190 | .checkentry = connmark_tg_check_v0, |
191 | .destroy = connmark_tg_destroy, | 191 | .destroy = connmark_tg_destroy, |
192 | .target = connmark_tg_v0, | 192 | .target = connmark_tg_v0, |
@@ -199,34 +199,9 @@ static struct xt_target connmark_tg_reg[] __read_mostly = { | |||
199 | .me = THIS_MODULE | 199 | .me = THIS_MODULE |
200 | }, | 200 | }, |
201 | { | 201 | { |
202 | .name = "CONNMARK", | ||
203 | .revision = 0, | ||
204 | .family = NFPROTO_IPV6, | ||
205 | .checkentry = connmark_tg_check_v0, | ||
206 | .destroy = connmark_tg_destroy, | ||
207 | .target = connmark_tg_v0, | ||
208 | .targetsize = sizeof(struct xt_connmark_target_info), | ||
209 | #ifdef CONFIG_COMPAT | ||
210 | .compatsize = sizeof(struct compat_xt_connmark_target_info), | ||
211 | .compat_from_user = connmark_tg_compat_from_user_v0, | ||
212 | .compat_to_user = connmark_tg_compat_to_user_v0, | ||
213 | #endif | ||
214 | .me = THIS_MODULE | ||
215 | }, | ||
216 | { | ||
217 | .name = "CONNMARK", | ||
218 | .revision = 1, | ||
219 | .family = NFPROTO_IPV4, | ||
220 | .checkentry = connmark_tg_check, | ||
221 | .target = connmark_tg, | ||
222 | .targetsize = sizeof(struct xt_connmark_tginfo1), | ||
223 | .destroy = connmark_tg_destroy, | ||
224 | .me = THIS_MODULE, | ||
225 | }, | ||
226 | { | ||
227 | .name = "CONNMARK", | 202 | .name = "CONNMARK", |
228 | .revision = 1, | 203 | .revision = 1, |
229 | .family = NFPROTO_IPV6, | 204 | .family = NFPROTO_UNSPEC, |
230 | .checkentry = connmark_tg_check, | 205 | .checkentry = connmark_tg_check, |
231 | .target = connmark_tg, | 206 | .target = connmark_tg, |
232 | .targetsize = sizeof(struct xt_connmark_tginfo1), | 207 | .targetsize = sizeof(struct xt_connmark_tginfo1), |
diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c index b6e3f3f125fd..b54c3756fdc3 100644 --- a/net/netfilter/xt_CONNSECMARK.c +++ b/net/netfilter/xt_CONNSECMARK.c | |||
@@ -106,9 +106,9 @@ static bool connsecmark_tg_check(const struct xt_tgchk_param *par) | |||
106 | return false; | 106 | return false; |
107 | } | 107 | } |
108 | 108 | ||
109 | if (nf_ct_l3proto_try_module_get(par->target->family) < 0) { | 109 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
110 | printk(KERN_WARNING "can't load conntrack support for " | 110 | printk(KERN_WARNING "can't load conntrack support for " |
111 | "proto=%u\n", par->target->family); | 111 | "proto=%u\n", par->family); |
112 | return false; | 112 | return false; |
113 | } | 113 | } |
114 | return true; | 114 | return true; |
@@ -116,40 +116,28 @@ static bool connsecmark_tg_check(const struct xt_tgchk_param *par) | |||
116 | 116 | ||
117 | static void connsecmark_tg_destroy(const struct xt_tgdtor_param *par) | 117 | static void connsecmark_tg_destroy(const struct xt_tgdtor_param *par) |
118 | { | 118 | { |
119 | nf_ct_l3proto_module_put(par->target->family); | 119 | nf_ct_l3proto_module_put(par->family); |
120 | } | 120 | } |
121 | 121 | ||
122 | static struct xt_target connsecmark_tg_reg[] __read_mostly = { | 122 | static struct xt_target connsecmark_tg_reg __read_mostly = { |
123 | { | 123 | .name = "CONNSECMARK", |
124 | .name = "CONNSECMARK", | 124 | .revision = 0, |
125 | .family = NFPROTO_IPV4, | 125 | .family = NFPROTO_UNSPEC, |
126 | .checkentry = connsecmark_tg_check, | 126 | .checkentry = connsecmark_tg_check, |
127 | .destroy = connsecmark_tg_destroy, | 127 | .destroy = connsecmark_tg_destroy, |
128 | .target = connsecmark_tg, | 128 | .target = connsecmark_tg, |
129 | .targetsize = sizeof(struct xt_connsecmark_target_info), | 129 | .targetsize = sizeof(struct xt_connsecmark_target_info), |
130 | .me = THIS_MODULE, | 130 | .me = THIS_MODULE, |
131 | }, | ||
132 | { | ||
133 | .name = "CONNSECMARK", | ||
134 | .family = NFPROTO_IPV6, | ||
135 | .checkentry = connsecmark_tg_check, | ||
136 | .destroy = connsecmark_tg_destroy, | ||
137 | .target = connsecmark_tg, | ||
138 | .targetsize = sizeof(struct xt_connsecmark_target_info), | ||
139 | .me = THIS_MODULE, | ||
140 | }, | ||
141 | }; | 131 | }; |
142 | 132 | ||
143 | static int __init connsecmark_tg_init(void) | 133 | static int __init connsecmark_tg_init(void) |
144 | { | 134 | { |
145 | return xt_register_targets(connsecmark_tg_reg, | 135 | return xt_register_target(&connsecmark_tg_reg); |
146 | ARRAY_SIZE(connsecmark_tg_reg)); | ||
147 | } | 136 | } |
148 | 137 | ||
149 | static void __exit connsecmark_tg_exit(void) | 138 | static void __exit connsecmark_tg_exit(void) |
150 | { | 139 | { |
151 | xt_unregister_targets(connsecmark_tg_reg, | 140 | xt_unregister_target(&connsecmark_tg_reg); |
152 | ARRAY_SIZE(connsecmark_tg_reg)); | ||
153 | } | 141 | } |
154 | 142 | ||
155 | module_init(connsecmark_tg_init); | 143 | module_init(connsecmark_tg_init); |
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c index 56ee4f118b59..50e3a52d3b31 100644 --- a/net/netfilter/xt_NFLOG.c +++ b/net/netfilter/xt_NFLOG.c | |||
@@ -31,7 +31,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_target_param *par) | |||
31 | li.u.ulog.group = info->group; | 31 | li.u.ulog.group = info->group; |
32 | li.u.ulog.qthreshold = info->threshold; | 32 | li.u.ulog.qthreshold = info->threshold; |
33 | 33 | ||
34 | nf_log_packet(par->target->family, par->hooknum, skb, par->in, | 34 | nf_log_packet(par->family, par->hooknum, skb, par->in, |
35 | par->out, &li, "%s", info->prefix); | 35 | par->out, &li, "%s", info->prefix); |
36 | return XT_CONTINUE; | 36 | return XT_CONTINUE; |
37 | } | 37 | } |
@@ -47,33 +47,24 @@ static bool nflog_tg_check(const struct xt_tgchk_param *par) | |||
47 | return true; | 47 | return true; |
48 | } | 48 | } |
49 | 49 | ||
50 | static struct xt_target nflog_tg_reg[] __read_mostly = { | 50 | static struct xt_target nflog_tg_reg __read_mostly = { |
51 | { | 51 | .name = "NFLOG", |
52 | .name = "NFLOG", | 52 | .revision = 0, |
53 | .family = NFPROTO_IPV4, | 53 | .family = NFPROTO_UNSPEC, |
54 | .checkentry = nflog_tg_check, | 54 | .checkentry = nflog_tg_check, |
55 | .target = nflog_tg, | 55 | .target = nflog_tg, |
56 | .targetsize = sizeof(struct xt_nflog_info), | 56 | .targetsize = sizeof(struct xt_nflog_info), |
57 | .me = THIS_MODULE, | 57 | .me = THIS_MODULE, |
58 | }, | ||
59 | { | ||
60 | .name = "NFLOG", | ||
61 | .family = NFPROTO_IPV6, | ||
62 | .checkentry = nflog_tg_check, | ||
63 | .target = nflog_tg, | ||
64 | .targetsize = sizeof(struct xt_nflog_info), | ||
65 | .me = THIS_MODULE, | ||
66 | }, | ||
67 | }; | 58 | }; |
68 | 59 | ||
69 | static int __init nflog_tg_init(void) | 60 | static int __init nflog_tg_init(void) |
70 | { | 61 | { |
71 | return xt_register_targets(nflog_tg_reg, ARRAY_SIZE(nflog_tg_reg)); | 62 | return xt_register_target(&nflog_tg_reg); |
72 | } | 63 | } |
73 | 64 | ||
74 | static void __exit nflog_tg_exit(void) | 65 | static void __exit nflog_tg_exit(void) |
75 | { | 66 | { |
76 | xt_unregister_targets(nflog_tg_reg, ARRAY_SIZE(nflog_tg_reg)); | 67 | xt_unregister_target(&nflog_tg_reg); |
77 | } | 68 | } |
78 | 69 | ||
79 | module_init(nflog_tg_init); | 70 | module_init(nflog_tg_init); |
diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c index 5bf4aa08b0fd..955e6598a7f0 100644 --- a/net/netfilter/xt_connbytes.c +++ b/net/netfilter/xt_connbytes.c | |||
@@ -106,9 +106,9 @@ static bool connbytes_mt_check(const struct xt_mtchk_param *par) | |||
106 | sinfo->direction != XT_CONNBYTES_DIR_BOTH) | 106 | sinfo->direction != XT_CONNBYTES_DIR_BOTH) |
107 | return false; | 107 | return false; |
108 | 108 | ||
109 | if (nf_ct_l3proto_try_module_get(par->match->family) < 0) { | 109 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
110 | printk(KERN_WARNING "can't load conntrack support for " | 110 | printk(KERN_WARNING "can't load conntrack support for " |
111 | "proto=%u\n", par->match->family); | 111 | "proto=%u\n", par->family); |
112 | return false; | 112 | return false; |
113 | } | 113 | } |
114 | 114 | ||
@@ -117,39 +117,28 @@ static bool connbytes_mt_check(const struct xt_mtchk_param *par) | |||
117 | 117 | ||
118 | static void connbytes_mt_destroy(const struct xt_mtdtor_param *par) | 118 | static void connbytes_mt_destroy(const struct xt_mtdtor_param *par) |
119 | { | 119 | { |
120 | nf_ct_l3proto_module_put(par->match->family); | 120 | nf_ct_l3proto_module_put(par->family); |
121 | } | 121 | } |
122 | 122 | ||
123 | static struct xt_match connbytes_mt_reg[] __read_mostly = { | 123 | static struct xt_match connbytes_mt_reg __read_mostly = { |
124 | { | 124 | .name = "connbytes", |
125 | .name = "connbytes", | 125 | .revision = 0, |
126 | .family = NFPROTO_IPV4, | 126 | .family = NFPROTO_UNSPEC, |
127 | .checkentry = connbytes_mt_check, | 127 | .checkentry = connbytes_mt_check, |
128 | .match = connbytes_mt, | 128 | .match = connbytes_mt, |
129 | .destroy = connbytes_mt_destroy, | 129 | .destroy = connbytes_mt_destroy, |
130 | .matchsize = sizeof(struct xt_connbytes_info), | 130 | .matchsize = sizeof(struct xt_connbytes_info), |
131 | .me = THIS_MODULE | 131 | .me = THIS_MODULE, |
132 | }, | ||
133 | { | ||
134 | .name = "connbytes", | ||
135 | .family = NFPROTO_IPV6, | ||
136 | .checkentry = connbytes_mt_check, | ||
137 | .match = connbytes_mt, | ||
138 | .destroy = connbytes_mt_destroy, | ||
139 | .matchsize = sizeof(struct xt_connbytes_info), | ||
140 | .me = THIS_MODULE | ||
141 | }, | ||
142 | }; | 132 | }; |
143 | 133 | ||
144 | static int __init connbytes_mt_init(void) | 134 | static int __init connbytes_mt_init(void) |
145 | { | 135 | { |
146 | return xt_register_matches(connbytes_mt_reg, | 136 | return xt_register_match(&connbytes_mt_reg); |
147 | ARRAY_SIZE(connbytes_mt_reg)); | ||
148 | } | 137 | } |
149 | 138 | ||
150 | static void __exit connbytes_mt_exit(void) | 139 | static void __exit connbytes_mt_exit(void) |
151 | { | 140 | { |
152 | xt_unregister_matches(connbytes_mt_reg, ARRAY_SIZE(connbytes_mt_reg)); | 141 | xt_unregister_match(&connbytes_mt_reg); |
153 | } | 142 | } |
154 | 143 | ||
155 | module_init(connbytes_mt_init); | 144 | module_init(connbytes_mt_init); |
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c index bfb3ee6c7129..7f404cc64c83 100644 --- a/net/netfilter/xt_connlimit.c +++ b/net/netfilter/xt_connlimit.c | |||
@@ -192,10 +192,10 @@ connlimit_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
192 | if (ct != NULL) | 192 | if (ct != NULL) |
193 | tuple_ptr = &ct->tuplehash[0].tuple; | 193 | tuple_ptr = &ct->tuplehash[0].tuple; |
194 | else if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb), | 194 | else if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb), |
195 | par->match->family, &tuple)) | 195 | par->family, &tuple)) |
196 | goto hotdrop; | 196 | goto hotdrop; |
197 | 197 | ||
198 | if (par->match->family == NFPROTO_IPV6) { | 198 | if (par->family == NFPROTO_IPV6) { |
199 | const struct ipv6hdr *iph = ipv6_hdr(skb); | 199 | const struct ipv6hdr *iph = ipv6_hdr(skb); |
200 | memcpy(&addr.ip6, &iph->saddr, sizeof(iph->saddr)); | 200 | memcpy(&addr.ip6, &iph->saddr, sizeof(iph->saddr)); |
201 | } else { | 201 | } else { |
@@ -226,16 +226,16 @@ static bool connlimit_mt_check(const struct xt_mtchk_param *par) | |||
226 | struct xt_connlimit_info *info = par->matchinfo; | 226 | struct xt_connlimit_info *info = par->matchinfo; |
227 | unsigned int i; | 227 | unsigned int i; |
228 | 228 | ||
229 | if (nf_ct_l3proto_try_module_get(par->match->family) < 0) { | 229 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
230 | printk(KERN_WARNING "cannot load conntrack support for " | 230 | printk(KERN_WARNING "cannot load conntrack support for " |
231 | "address family %u\n", par->match->family); | 231 | "address family %u\n", par->family); |
232 | return false; | 232 | return false; |
233 | } | 233 | } |
234 | 234 | ||
235 | /* init private data */ | 235 | /* init private data */ |
236 | info->data = kmalloc(sizeof(struct xt_connlimit_data), GFP_KERNEL); | 236 | info->data = kmalloc(sizeof(struct xt_connlimit_data), GFP_KERNEL); |
237 | if (info->data == NULL) { | 237 | if (info->data == NULL) { |
238 | nf_ct_l3proto_module_put(par->match->family); | 238 | nf_ct_l3proto_module_put(par->family); |
239 | return false; | 239 | return false; |
240 | } | 240 | } |
241 | 241 | ||
@@ -254,7 +254,7 @@ static void connlimit_mt_destroy(const struct xt_mtdtor_param *par) | |||
254 | struct list_head *hash = info->data->iphash; | 254 | struct list_head *hash = info->data->iphash; |
255 | unsigned int i; | 255 | unsigned int i; |
256 | 256 | ||
257 | nf_ct_l3proto_module_put(par->match->family); | 257 | nf_ct_l3proto_module_put(par->family); |
258 | 258 | ||
259 | for (i = 0; i < ARRAY_SIZE(info->data->iphash); ++i) { | 259 | for (i = 0; i < ARRAY_SIZE(info->data->iphash); ++i) { |
260 | list_for_each_entry_safe(conn, tmp, &hash[i], list) { | 260 | list_for_each_entry_safe(conn, tmp, &hash[i], list) { |
@@ -266,41 +266,30 @@ static void connlimit_mt_destroy(const struct xt_mtdtor_param *par) | |||
266 | kfree(info->data); | 266 | kfree(info->data); |
267 | } | 267 | } |
268 | 268 | ||
269 | static struct xt_match connlimit_mt_reg[] __read_mostly = { | 269 | static struct xt_match connlimit_mt_reg __read_mostly = { |
270 | { | 270 | .name = "connlimit", |
271 | .name = "connlimit", | 271 | .revision = 0, |
272 | .family = NFPROTO_IPV4, | 272 | .family = NFPROTO_UNSPEC, |
273 | .checkentry = connlimit_mt_check, | 273 | .checkentry = connlimit_mt_check, |
274 | .match = connlimit_mt, | 274 | .match = connlimit_mt, |
275 | .matchsize = sizeof(struct xt_connlimit_info), | 275 | .matchsize = sizeof(struct xt_connlimit_info), |
276 | .destroy = connlimit_mt_destroy, | 276 | .destroy = connlimit_mt_destroy, |
277 | .me = THIS_MODULE, | 277 | .me = THIS_MODULE, |
278 | }, | ||
279 | { | ||
280 | .name = "connlimit", | ||
281 | .family = NFPROTO_IPV6, | ||
282 | .checkentry = connlimit_mt_check, | ||
283 | .match = connlimit_mt, | ||
284 | .matchsize = sizeof(struct xt_connlimit_info), | ||
285 | .destroy = connlimit_mt_destroy, | ||
286 | .me = THIS_MODULE, | ||
287 | }, | ||
288 | }; | 278 | }; |
289 | 279 | ||
290 | static int __init connlimit_mt_init(void) | 280 | static int __init connlimit_mt_init(void) |
291 | { | 281 | { |
292 | return xt_register_matches(connlimit_mt_reg, | 282 | return xt_register_match(&connlimit_mt_reg); |
293 | ARRAY_SIZE(connlimit_mt_reg)); | ||
294 | } | 283 | } |
295 | 284 | ||
296 | static void __exit connlimit_mt_exit(void) | 285 | static void __exit connlimit_mt_exit(void) |
297 | { | 286 | { |
298 | xt_unregister_matches(connlimit_mt_reg, ARRAY_SIZE(connlimit_mt_reg)); | 287 | xt_unregister_match(&connlimit_mt_reg); |
299 | } | 288 | } |
300 | 289 | ||
301 | module_init(connlimit_mt_init); | 290 | module_init(connlimit_mt_init); |
302 | module_exit(connlimit_mt_exit); | 291 | module_exit(connlimit_mt_exit); |
303 | MODULE_AUTHOR("Jan Engelhardt <jengelh@computergmbh.de>"); | 292 | MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>"); |
304 | MODULE_DESCRIPTION("Xtables: Number of connections matching"); | 293 | MODULE_DESCRIPTION("Xtables: Number of connections matching"); |
305 | MODULE_LICENSE("GPL"); | 294 | MODULE_LICENSE("GPL"); |
306 | MODULE_ALIAS("ipt_connlimit"); | 295 | MODULE_ALIAS("ipt_connlimit"); |
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c index c708577ea1bf..86cacab7a4a3 100644 --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c | |||
@@ -69,9 +69,9 @@ static bool connmark_mt_check_v0(const struct xt_mtchk_param *par) | |||
69 | printk(KERN_WARNING "connmark: only support 32bit mark\n"); | 69 | printk(KERN_WARNING "connmark: only support 32bit mark\n"); |
70 | return false; | 70 | return false; |
71 | } | 71 | } |
72 | if (nf_ct_l3proto_try_module_get(par->match->family) < 0) { | 72 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
73 | printk(KERN_WARNING "can't load conntrack support for " | 73 | printk(KERN_WARNING "can't load conntrack support for " |
74 | "proto=%u\n", par->match->family); | 74 | "proto=%u\n", par->family); |
75 | return false; | 75 | return false; |
76 | } | 76 | } |
77 | return true; | 77 | return true; |
@@ -79,9 +79,9 @@ static bool connmark_mt_check_v0(const struct xt_mtchk_param *par) | |||
79 | 79 | ||
80 | static bool connmark_mt_check(const struct xt_mtchk_param *par) | 80 | static bool connmark_mt_check(const struct xt_mtchk_param *par) |
81 | { | 81 | { |
82 | if (nf_ct_l3proto_try_module_get(par->match->family) < 0) { | 82 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
83 | printk(KERN_WARNING "cannot load conntrack support for " | 83 | printk(KERN_WARNING "cannot load conntrack support for " |
84 | "proto=%u\n", par->match->family); | 84 | "proto=%u\n", par->family); |
85 | return false; | 85 | return false; |
86 | } | 86 | } |
87 | return true; | 87 | return true; |
@@ -89,7 +89,7 @@ static bool connmark_mt_check(const struct xt_mtchk_param *par) | |||
89 | 89 | ||
90 | static void connmark_mt_destroy(const struct xt_mtdtor_param *par) | 90 | static void connmark_mt_destroy(const struct xt_mtdtor_param *par) |
91 | { | 91 | { |
92 | nf_ct_l3proto_module_put(par->match->family); | 92 | nf_ct_l3proto_module_put(par->family); |
93 | } | 93 | } |
94 | 94 | ||
95 | #ifdef CONFIG_COMPAT | 95 | #ifdef CONFIG_COMPAT |
@@ -127,7 +127,7 @@ static struct xt_match connmark_mt_reg[] __read_mostly = { | |||
127 | { | 127 | { |
128 | .name = "connmark", | 128 | .name = "connmark", |
129 | .revision = 0, | 129 | .revision = 0, |
130 | .family = NFPROTO_IPV4, | 130 | .family = NFPROTO_UNSPEC, |
131 | .checkentry = connmark_mt_check_v0, | 131 | .checkentry = connmark_mt_check_v0, |
132 | .match = connmark_mt_v0, | 132 | .match = connmark_mt_v0, |
133 | .destroy = connmark_mt_destroy, | 133 | .destroy = connmark_mt_destroy, |
@@ -140,34 +140,9 @@ static struct xt_match connmark_mt_reg[] __read_mostly = { | |||
140 | .me = THIS_MODULE | 140 | .me = THIS_MODULE |
141 | }, | 141 | }, |
142 | { | 142 | { |
143 | .name = "connmark", | ||
144 | .revision = 0, | ||
145 | .family = NFPROTO_IPV6, | ||
146 | .checkentry = connmark_mt_check_v0, | ||
147 | .match = connmark_mt_v0, | ||
148 | .destroy = connmark_mt_destroy, | ||
149 | .matchsize = sizeof(struct xt_connmark_info), | ||
150 | #ifdef CONFIG_COMPAT | ||
151 | .compatsize = sizeof(struct compat_xt_connmark_info), | ||
152 | .compat_from_user = connmark_mt_compat_from_user_v0, | ||
153 | .compat_to_user = connmark_mt_compat_to_user_v0, | ||
154 | #endif | ||
155 | .me = THIS_MODULE | ||
156 | }, | ||
157 | { | ||
158 | .name = "connmark", | ||
159 | .revision = 1, | ||
160 | .family = NFPROTO_IPV4, | ||
161 | .checkentry = connmark_mt_check, | ||
162 | .match = connmark_mt, | ||
163 | .matchsize = sizeof(struct xt_connmark_mtinfo1), | ||
164 | .destroy = connmark_mt_destroy, | ||
165 | .me = THIS_MODULE, | ||
166 | }, | ||
167 | { | ||
168 | .name = "connmark", | 143 | .name = "connmark", |
169 | .revision = 1, | 144 | .revision = 1, |
170 | .family = NFPROTO_IPV6, | 145 | .family = NFPROTO_UNSPEC, |
171 | .checkentry = connmark_mt_check, | 146 | .checkentry = connmark_mt_check, |
172 | .match = connmark_mt, | 147 | .match = connmark_mt, |
173 | .matchsize = sizeof(struct xt_connmark_mtinfo1), | 148 | .matchsize = sizeof(struct xt_connmark_mtinfo1), |
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index 5cd58d7fcb1c..0b7139f3dd78 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c | |||
@@ -238,22 +238,22 @@ conntrack_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
238 | return false; | 238 | return false; |
239 | 239 | ||
240 | if (info->match_flags & XT_CONNTRACK_ORIGSRC) | 240 | if (info->match_flags & XT_CONNTRACK_ORIGSRC) |
241 | if (conntrack_mt_origsrc(ct, info, par->match->family) ^ | 241 | if (conntrack_mt_origsrc(ct, info, par->family) ^ |
242 | !(info->invert_flags & XT_CONNTRACK_ORIGSRC)) | 242 | !(info->invert_flags & XT_CONNTRACK_ORIGSRC)) |
243 | return false; | 243 | return false; |
244 | 244 | ||
245 | if (info->match_flags & XT_CONNTRACK_ORIGDST) | 245 | if (info->match_flags & XT_CONNTRACK_ORIGDST) |
246 | if (conntrack_mt_origdst(ct, info, par->match->family) ^ | 246 | if (conntrack_mt_origdst(ct, info, par->family) ^ |
247 | !(info->invert_flags & XT_CONNTRACK_ORIGDST)) | 247 | !(info->invert_flags & XT_CONNTRACK_ORIGDST)) |
248 | return false; | 248 | return false; |
249 | 249 | ||
250 | if (info->match_flags & XT_CONNTRACK_REPLSRC) | 250 | if (info->match_flags & XT_CONNTRACK_REPLSRC) |
251 | if (conntrack_mt_replsrc(ct, info, par->match->family) ^ | 251 | if (conntrack_mt_replsrc(ct, info, par->family) ^ |
252 | !(info->invert_flags & XT_CONNTRACK_REPLSRC)) | 252 | !(info->invert_flags & XT_CONNTRACK_REPLSRC)) |
253 | return false; | 253 | return false; |
254 | 254 | ||
255 | if (info->match_flags & XT_CONNTRACK_REPLDST) | 255 | if (info->match_flags & XT_CONNTRACK_REPLDST) |
256 | if (conntrack_mt_repldst(ct, info, par->match->family) ^ | 256 | if (conntrack_mt_repldst(ct, info, par->family) ^ |
257 | !(info->invert_flags & XT_CONNTRACK_REPLDST)) | 257 | !(info->invert_flags & XT_CONNTRACK_REPLDST)) |
258 | return false; | 258 | return false; |
259 | 259 | ||
@@ -280,9 +280,9 @@ conntrack_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
280 | 280 | ||
281 | static bool conntrack_mt_check(const struct xt_mtchk_param *par) | 281 | static bool conntrack_mt_check(const struct xt_mtchk_param *par) |
282 | { | 282 | { |
283 | if (nf_ct_l3proto_try_module_get(par->match->family) < 0) { | 283 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
284 | printk(KERN_WARNING "can't load conntrack support for " | 284 | printk(KERN_WARNING "can't load conntrack support for " |
285 | "proto=%u\n", par->match->family); | 285 | "proto=%u\n", par->family); |
286 | return false; | 286 | return false; |
287 | } | 287 | } |
288 | return true; | 288 | return true; |
@@ -290,7 +290,7 @@ static bool conntrack_mt_check(const struct xt_mtchk_param *par) | |||
290 | 290 | ||
291 | static void conntrack_mt_destroy(const struct xt_mtdtor_param *par) | 291 | static void conntrack_mt_destroy(const struct xt_mtdtor_param *par) |
292 | { | 292 | { |
293 | nf_ct_l3proto_module_put(par->match->family); | 293 | nf_ct_l3proto_module_put(par->family); |
294 | } | 294 | } |
295 | 295 | ||
296 | #ifdef CONFIG_COMPAT | 296 | #ifdef CONFIG_COMPAT |
@@ -361,17 +361,7 @@ static struct xt_match conntrack_mt_reg[] __read_mostly = { | |||
361 | { | 361 | { |
362 | .name = "conntrack", | 362 | .name = "conntrack", |
363 | .revision = 1, | 363 | .revision = 1, |
364 | .family = NFPROTO_IPV4, | 364 | .family = NFPROTO_UNSPEC, |
365 | .matchsize = sizeof(struct xt_conntrack_mtinfo1), | ||
366 | .match = conntrack_mt, | ||
367 | .checkentry = conntrack_mt_check, | ||
368 | .destroy = conntrack_mt_destroy, | ||
369 | .me = THIS_MODULE, | ||
370 | }, | ||
371 | { | ||
372 | .name = "conntrack", | ||
373 | .revision = 1, | ||
374 | .family = NFPROTO_IPV6, | ||
375 | .matchsize = sizeof(struct xt_conntrack_mtinfo1), | 365 | .matchsize = sizeof(struct xt_conntrack_mtinfo1), |
376 | .match = conntrack_mt, | 366 | .match = conntrack_mt, |
377 | .checkentry = conntrack_mt_check, | 367 | .checkentry = conntrack_mt_check, |
diff --git a/net/netfilter/xt_helper.c b/net/netfilter/xt_helper.c index 280c984349f3..64fc7f277221 100644 --- a/net/netfilter/xt_helper.c +++ b/net/netfilter/xt_helper.c | |||
@@ -58,9 +58,9 @@ static bool helper_mt_check(const struct xt_mtchk_param *par) | |||
58 | { | 58 | { |
59 | struct xt_helper_info *info = par->matchinfo; | 59 | struct xt_helper_info *info = par->matchinfo; |
60 | 60 | ||
61 | if (nf_ct_l3proto_try_module_get(par->match->family) < 0) { | 61 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
62 | printk(KERN_WARNING "can't load conntrack support for " | 62 | printk(KERN_WARNING "can't load conntrack support for " |
63 | "proto=%u\n", par->match->family); | 63 | "proto=%u\n", par->family); |
64 | return false; | 64 | return false; |
65 | } | 65 | } |
66 | info->name[29] = '\0'; | 66 | info->name[29] = '\0'; |
@@ -69,38 +69,28 @@ static bool helper_mt_check(const struct xt_mtchk_param *par) | |||
69 | 69 | ||
70 | static void helper_mt_destroy(const struct xt_mtdtor_param *par) | 70 | static void helper_mt_destroy(const struct xt_mtdtor_param *par) |
71 | { | 71 | { |
72 | nf_ct_l3proto_module_put(par->match->family); | 72 | nf_ct_l3proto_module_put(par->family); |
73 | } | 73 | } |
74 | 74 | ||
75 | static struct xt_match helper_mt_reg[] __read_mostly = { | 75 | static struct xt_match helper_mt_reg __read_mostly = { |
76 | { | 76 | .name = "helper", |
77 | .name = "helper", | 77 | .revision = 0, |
78 | .family = NFPROTO_IPV4, | 78 | .family = NFPROTO_UNSPEC, |
79 | .checkentry = helper_mt_check, | 79 | .checkentry = helper_mt_check, |
80 | .match = helper_mt, | 80 | .match = helper_mt, |
81 | .destroy = helper_mt_destroy, | 81 | .destroy = helper_mt_destroy, |
82 | .matchsize = sizeof(struct xt_helper_info), | 82 | .matchsize = sizeof(struct xt_helper_info), |
83 | .me = THIS_MODULE, | 83 | .me = THIS_MODULE, |
84 | }, | ||
85 | { | ||
86 | .name = "helper", | ||
87 | .family = NFPROTO_IPV6, | ||
88 | .checkentry = helper_mt_check, | ||
89 | .match = helper_mt, | ||
90 | .destroy = helper_mt_destroy, | ||
91 | .matchsize = sizeof(struct xt_helper_info), | ||
92 | .me = THIS_MODULE, | ||
93 | }, | ||
94 | }; | 84 | }; |
95 | 85 | ||
96 | static int __init helper_mt_init(void) | 86 | static int __init helper_mt_init(void) |
97 | { | 87 | { |
98 | return xt_register_matches(helper_mt_reg, ARRAY_SIZE(helper_mt_reg)); | 88 | return xt_register_match(&helper_mt_reg); |
99 | } | 89 | } |
100 | 90 | ||
101 | static void __exit helper_mt_exit(void) | 91 | static void __exit helper_mt_exit(void) |
102 | { | 92 | { |
103 | xt_unregister_matches(helper_mt_reg, ARRAY_SIZE(helper_mt_reg)); | 93 | xt_unregister_match(&helper_mt_reg); |
104 | } | 94 | } |
105 | 95 | ||
106 | module_init(helper_mt_init); | 96 | module_init(helper_mt_init); |
diff --git a/net/netfilter/xt_pkttype.c b/net/netfilter/xt_pkttype.c index 37753a377603..69da1d3a1d85 100644 --- a/net/netfilter/xt_pkttype.c +++ b/net/netfilter/xt_pkttype.c | |||
@@ -30,10 +30,10 @@ pkttype_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
30 | 30 | ||
31 | if (skb->pkt_type != PACKET_LOOPBACK) | 31 | if (skb->pkt_type != PACKET_LOOPBACK) |
32 | type = skb->pkt_type; | 32 | type = skb->pkt_type; |
33 | else if (par->match->family == NFPROTO_IPV4 && | 33 | else if (par->family == NFPROTO_IPV4 && |
34 | ipv4_is_multicast(ip_hdr(skb)->daddr)) | 34 | ipv4_is_multicast(ip_hdr(skb)->daddr)) |
35 | type = PACKET_MULTICAST; | 35 | type = PACKET_MULTICAST; |
36 | else if (par->match->family == NFPROTO_IPV6 && | 36 | else if (par->family == NFPROTO_IPV6 && |
37 | ipv6_hdr(skb)->daddr.s6_addr[0] == 0xFF) | 37 | ipv6_hdr(skb)->daddr.s6_addr[0] == 0xFF) |
38 | type = PACKET_MULTICAST; | 38 | type = PACKET_MULTICAST; |
39 | else | 39 | else |
@@ -42,31 +42,23 @@ pkttype_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
42 | return (type == info->pkttype) ^ info->invert; | 42 | return (type == info->pkttype) ^ info->invert; |
43 | } | 43 | } |
44 | 44 | ||
45 | static struct xt_match pkttype_mt_reg[] __read_mostly = { | 45 | static struct xt_match pkttype_mt_reg __read_mostly = { |
46 | { | 46 | .name = "pkttype", |
47 | .name = "pkttype", | 47 | .revision = 0, |
48 | .family = NFPROTO_IPV4, | 48 | .family = NFPROTO_UNSPEC, |
49 | .match = pkttype_mt, | 49 | .match = pkttype_mt, |
50 | .matchsize = sizeof(struct xt_pkttype_info), | 50 | .matchsize = sizeof(struct xt_pkttype_info), |
51 | .me = THIS_MODULE, | 51 | .me = THIS_MODULE, |
52 | }, | ||
53 | { | ||
54 | .name = "pkttype", | ||
55 | .family = NFPROTO_IPV6, | ||
56 | .match = pkttype_mt, | ||
57 | .matchsize = sizeof(struct xt_pkttype_info), | ||
58 | .me = THIS_MODULE, | ||
59 | }, | ||
60 | }; | 52 | }; |
61 | 53 | ||
62 | static int __init pkttype_mt_init(void) | 54 | static int __init pkttype_mt_init(void) |
63 | { | 55 | { |
64 | return xt_register_matches(pkttype_mt_reg, ARRAY_SIZE(pkttype_mt_reg)); | 56 | return xt_register_match(&pkttype_mt_reg); |
65 | } | 57 | } |
66 | 58 | ||
67 | static void __exit pkttype_mt_exit(void) | 59 | static void __exit pkttype_mt_exit(void) |
68 | { | 60 | { |
69 | xt_unregister_matches(pkttype_mt_reg, ARRAY_SIZE(pkttype_mt_reg)); | 61 | xt_unregister_match(&pkttype_mt_reg); |
70 | } | 62 | } |
71 | 63 | ||
72 | module_init(pkttype_mt_init); | 64 | module_init(pkttype_mt_init); |