diff options
| author | Thomas Graf <tgraf@redhat.com> | 2011-03-16 13:32:13 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2011-03-16 13:32:13 -0400 |
| commit | 400b871ba623b5e8263a3a43de7b45fab0103a57 (patch) | |
| tree | 5c77a794cba654ddae9c5c480067d6d6b1a679aa /net | |
| parent | 2f5dc63123905a89d4260ab8ee08d19ec104db04 (diff) | |
netfilter ebtables: fix xt_AUDIT to work with ebtables
Even though ebtables uses xtables it still requires targets to
return EBT_CONTINUE instead of XT_CONTINUE. This prevented
xt_AUDIT to work as ebt module.
Upon Jan's suggestion, use a separate struct xt_target for
NFPROTO_BRIDGE having its own target callback returning
EBT_CONTINUE instead of cloning the module.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/xt_AUDIT.c | 36 |
1 files changed, 27 insertions, 9 deletions
diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c index 81802d27346e..363a99ec0637 100644 --- a/net/netfilter/xt_AUDIT.c +++ b/net/netfilter/xt_AUDIT.c | |||
| @@ -19,6 +19,7 @@ | |||
| 19 | #include <linux/if_arp.h> | 19 | #include <linux/if_arp.h> |
| 20 | #include <linux/netfilter/x_tables.h> | 20 | #include <linux/netfilter/x_tables.h> |
| 21 | #include <linux/netfilter/xt_AUDIT.h> | 21 | #include <linux/netfilter/xt_AUDIT.h> |
| 22 | #include <linux/netfilter_bridge/ebtables.h> | ||
| 22 | #include <net/ipv6.h> | 23 | #include <net/ipv6.h> |
| 23 | #include <net/ip.h> | 24 | #include <net/ip.h> |
| 24 | 25 | ||
| @@ -168,6 +169,13 @@ errout: | |||
| 168 | return XT_CONTINUE; | 169 | return XT_CONTINUE; |
| 169 | } | 170 | } |
| 170 | 171 | ||
| 172 | static unsigned int | ||
| 173 | audit_tg_ebt(struct sk_buff *skb, const struct xt_action_param *par) | ||
| 174 | { | ||
| 175 | audit_tg(skb, par); | ||
| 176 | return EBT_CONTINUE; | ||
| 177 | } | ||
| 178 | |||
| 171 | static int audit_tg_check(const struct xt_tgchk_param *par) | 179 | static int audit_tg_check(const struct xt_tgchk_param *par) |
| 172 | { | 180 | { |
| 173 | const struct xt_audit_info *info = par->targinfo; | 181 | const struct xt_audit_info *info = par->targinfo; |
| @@ -181,23 +189,33 @@ static int audit_tg_check(const struct xt_tgchk_param *par) | |||
| 181 | return 0; | 189 | return 0; |
| 182 | } | 190 | } |
| 183 | 191 | ||
| 184 | static struct xt_target audit_tg_reg __read_mostly = { | 192 | static struct xt_target audit_tg_reg[] __read_mostly = { |
| 185 | .name = "AUDIT", | 193 | { |
| 186 | .family = NFPROTO_UNSPEC, | 194 | .name = "AUDIT", |
| 187 | .target = audit_tg, | 195 | .family = NFPROTO_UNSPEC, |
| 188 | .targetsize = sizeof(struct xt_audit_info), | 196 | .target = audit_tg, |
| 189 | .checkentry = audit_tg_check, | 197 | .targetsize = sizeof(struct xt_audit_info), |
| 190 | .me = THIS_MODULE, | 198 | .checkentry = audit_tg_check, |
| 199 | .me = THIS_MODULE, | ||
| 200 | }, | ||
| 201 | { | ||
| 202 | .name = "AUDIT", | ||
| 203 | .family = NFPROTO_BRIDGE, | ||
| 204 | .target = audit_tg_ebt, | ||
| 205 | .targetsize = sizeof(struct xt_audit_info), | ||
| 206 | .checkentry = audit_tg_check, | ||
| 207 | .me = THIS_MODULE, | ||
| 208 | }, | ||
| 191 | }; | 209 | }; |
| 192 | 210 | ||
| 193 | static int __init audit_tg_init(void) | 211 | static int __init audit_tg_init(void) |
| 194 | { | 212 | { |
| 195 | return xt_register_target(&audit_tg_reg); | 213 | return xt_register_targets(audit_tg_reg, ARRAY_SIZE(audit_tg_reg)); |
| 196 | } | 214 | } |
| 197 | 215 | ||
| 198 | static void __exit audit_tg_exit(void) | 216 | static void __exit audit_tg_exit(void) |
| 199 | { | 217 | { |
| 200 | xt_unregister_target(&audit_tg_reg); | 218 | xt_unregister_targets(audit_tg_reg, ARRAY_SIZE(audit_tg_reg)); |
| 201 | } | 219 | } |
| 202 | 220 | ||
| 203 | module_init(audit_tg_init); | 221 | module_init(audit_tg_init); |