diff options
| author | Jan Engelhardt <jengelh@computergmbh.de> | 2008-10-08 05:35:01 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:01 -0400 |
| commit | 55b69e91040c685a064198bd76e59885b7ad26c6 (patch) | |
| tree | f106ca5825afdda752b89cae7e7d384ba55a7d44 /net | |
| parent | ee999d8b9573df1b547aacdc6d79f86eb79c25cd (diff) | |
netfilter: implement NFPROTO_UNSPEC as a wildcard for extensions
When a match or target is looked up using xt_find_{match,target},
Xtables will also search the NFPROTO_UNSPEC module list. This allows
for protocol-independent extensions (like xt_time) to be reused from
other components (e.g. arptables, ebtables).
Extensions that take different codepaths depending on match->family
or target->family of course cannot use NFPROTO_UNSPEC within the
registration structure (e.g. xt_pkttype).
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/x_tables.c | 10 | ||||
| -rw-r--r-- | net/netfilter/xt_CLASSIFY.c | 38 | ||||
| -rw-r--r-- | net/netfilter/xt_MARK.c | 10 | ||||
| -rw-r--r-- | net/netfilter/xt_RATEEST.c | 33 | ||||
| -rw-r--r-- | net/netfilter/xt_SECMARK.c | 32 | ||||
| -rw-r--r-- | net/netfilter/xt_TRACE.c | 26 | ||||
| -rw-r--r-- | net/netfilter/xt_limit.c | 40 | ||||
| -rw-r--r-- | net/netfilter/xt_mark.c | 26 | ||||
| -rw-r--r-- | net/netfilter/xt_quota.c | 29 | ||||
| -rw-r--r-- | net/netfilter/xt_rateest.c | 33 | ||||
| -rw-r--r-- | net/netfilter/xt_statistic.c | 31 | ||||
| -rw-r--r-- | net/netfilter/xt_string.c | 31 | ||||
| -rw-r--r-- | net/netfilter/xt_time.c | 28 | ||||
| -rw-r--r-- | net/netfilter/xt_u32.c | 26 |
14 files changed, 124 insertions, 269 deletions
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 2a7eb1da5d03..aece6c2d134b 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c | |||
| @@ -209,6 +209,11 @@ struct xt_match *xt_find_match(u8 af, const char *name, u8 revision) | |||
| 209 | } | 209 | } |
| 210 | } | 210 | } |
| 211 | mutex_unlock(&xt[af].mutex); | 211 | mutex_unlock(&xt[af].mutex); |
| 212 | |||
| 213 | if (af != NFPROTO_UNSPEC) | ||
| 214 | /* Try searching again in the family-independent list */ | ||
| 215 | return xt_find_match(NFPROTO_UNSPEC, name, revision); | ||
| 216 | |||
| 212 | return ERR_PTR(err); | 217 | return ERR_PTR(err); |
| 213 | } | 218 | } |
| 214 | EXPORT_SYMBOL(xt_find_match); | 219 | EXPORT_SYMBOL(xt_find_match); |
| @@ -234,6 +239,11 @@ struct xt_target *xt_find_target(u8 af, const char *name, u8 revision) | |||
| 234 | } | 239 | } |
| 235 | } | 240 | } |
| 236 | mutex_unlock(&xt[af].mutex); | 241 | mutex_unlock(&xt[af].mutex); |
| 242 | |||
| 243 | if (af != NFPROTO_UNSPEC) | ||
| 244 | /* Try searching again in the family-independent list */ | ||
| 245 | return xt_find_target(NFPROTO_UNSPEC, name, revision); | ||
| 246 | |||
| 237 | return ERR_PTR(err); | 247 | return ERR_PTR(err); |
| 238 | } | 248 | } |
| 239 | EXPORT_SYMBOL(xt_find_target); | 249 | EXPORT_SYMBOL(xt_find_target); |
diff --git a/net/netfilter/xt_CLASSIFY.c b/net/netfilter/xt_CLASSIFY.c index 9d68da1748bb..8cffa295dd37 100644 --- a/net/netfilter/xt_CLASSIFY.c +++ b/net/netfilter/xt_CLASSIFY.c | |||
| @@ -37,40 +37,26 @@ classify_tg(struct sk_buff *skb, const struct net_device *in, | |||
| 37 | return XT_CONTINUE; | 37 | return XT_CONTINUE; |
| 38 | } | 38 | } |
| 39 | 39 | ||
| 40 | static struct xt_target classify_tg_reg[] __read_mostly = { | 40 | static struct xt_target classify_tg_reg __read_mostly = { |
| 41 | { | 41 | .name = "CLASSIFY", |
| 42 | .family = NFPROTO_IPV4, | 42 | .revision = 0, |
| 43 | .name = "CLASSIFY", | 43 | .family = NFPROTO_UNSPEC, |
| 44 | .target = classify_tg, | 44 | .table = "mangle", |
| 45 | .targetsize = sizeof(struct xt_classify_target_info), | 45 | .hooks = (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_FORWARD) | |
| 46 | .table = "mangle", | 46 | (1 << NF_INET_POST_ROUTING), |
| 47 | .hooks = (1 << NF_INET_LOCAL_OUT) | | 47 | .target = classify_tg, |
| 48 | (1 << NF_INET_FORWARD) | | 48 | .targetsize = sizeof(struct xt_classify_target_info), |
| 49 | (1 << NF_INET_POST_ROUTING), | 49 | .me = THIS_MODULE, |
| 50 | .me = THIS_MODULE, | ||
| 51 | }, | ||
| 52 | { | ||
| 53 | .name = "CLASSIFY", | ||
| 54 | .family = NFPROTO_IPV6, | ||
| 55 | .target = classify_tg, | ||
| 56 | .targetsize = sizeof(struct xt_classify_target_info), | ||
| 57 | .table = "mangle", | ||
| 58 | .hooks = (1 << NF_INET_LOCAL_OUT) | | ||
| 59 | (1 << NF_INET_FORWARD) | | ||
| 60 | (1 << NF_INET_POST_ROUTING), | ||
| 61 | .me = THIS_MODULE, | ||
| 62 | }, | ||
| 63 | }; | 50 | }; |
| 64 | 51 | ||
| 65 | static int __init classify_tg_init(void) | 52 | static int __init classify_tg_init(void) |
| 66 | { | 53 | { |
| 67 | return xt_register_targets(classify_tg_reg, | 54 | return xt_register_target(&classify_tg_reg); |
| 68 | ARRAY_SIZE(classify_tg_reg)); | ||
| 69 | } | 55 | } |
| 70 | 56 | ||
| 71 | static void __exit classify_tg_exit(void) | 57 | static void __exit classify_tg_exit(void) |
| 72 | { | 58 | { |
| 73 | xt_unregister_targets(classify_tg_reg, ARRAY_SIZE(classify_tg_reg)); | 59 | xt_unregister_target(&classify_tg_reg); |
| 74 | } | 60 | } |
| 75 | 61 | ||
| 76 | module_init(classify_tg_init); | 62 | module_init(classify_tg_init); |
diff --git a/net/netfilter/xt_MARK.c b/net/netfilter/xt_MARK.c index 55ef0796c76c..c8ea7a809707 100644 --- a/net/netfilter/xt_MARK.c +++ b/net/netfilter/xt_MARK.c | |||
| @@ -222,15 +222,7 @@ static struct xt_target mark_tg_reg[] __read_mostly = { | |||
| 222 | { | 222 | { |
| 223 | .name = "MARK", | 223 | .name = "MARK", |
| 224 | .revision = 2, | 224 | .revision = 2, |
| 225 | .family = NFPROTO_IPV4, | 225 | .family = NFPROTO_UNSPEC, |
| 226 | .target = mark_tg, | ||
| 227 | .targetsize = sizeof(struct xt_mark_tginfo2), | ||
| 228 | .me = THIS_MODULE, | ||
| 229 | }, | ||
| 230 | { | ||
| 231 | .name = "MARK", | ||
| 232 | .revision = 2, | ||
| 233 | .family = NFPROTO_IPV6, | ||
| 234 | .target = mark_tg, | 226 | .target = mark_tg, |
| 235 | .targetsize = sizeof(struct xt_mark_tginfo2), | 227 | .targetsize = sizeof(struct xt_mark_tginfo2), |
| 236 | .me = THIS_MODULE, | 228 | .me = THIS_MODULE, |
diff --git a/net/netfilter/xt_RATEEST.c b/net/netfilter/xt_RATEEST.c index f7114fc5cfc2..da7946e6ecb2 100644 --- a/net/netfilter/xt_RATEEST.c +++ b/net/netfilter/xt_RATEEST.c | |||
| @@ -157,25 +157,15 @@ static void xt_rateest_tg_destroy(const struct xt_target *target, | |||
| 157 | xt_rateest_put(info->est); | 157 | xt_rateest_put(info->est); |
| 158 | } | 158 | } |
| 159 | 159 | ||
| 160 | static struct xt_target xt_rateest_target[] __read_mostly = { | 160 | static struct xt_target xt_rateest_tg_reg __read_mostly = { |
| 161 | { | 161 | .name = "RATEEST", |
| 162 | .family = NFPROTO_IPV4, | 162 | .revision = 0, |
| 163 | .name = "RATEEST", | 163 | .family = NFPROTO_UNSPEC, |
| 164 | .target = xt_rateest_tg, | 164 | .target = xt_rateest_tg, |
| 165 | .checkentry = xt_rateest_tg_checkentry, | 165 | .checkentry = xt_rateest_tg_checkentry, |
| 166 | .destroy = xt_rateest_tg_destroy, | 166 | .destroy = xt_rateest_tg_destroy, |
| 167 | .targetsize = sizeof(struct xt_rateest_target_info), | 167 | .targetsize = sizeof(struct xt_rateest_target_info), |
| 168 | .me = THIS_MODULE, | 168 | .me = THIS_MODULE, |
| 169 | }, | ||
| 170 | { | ||
| 171 | .family = NFPROTO_IPV6, | ||
| 172 | .name = "RATEEST", | ||
| 173 | .target = xt_rateest_tg, | ||
| 174 | .checkentry = xt_rateest_tg_checkentry, | ||
| 175 | .destroy = xt_rateest_tg_destroy, | ||
| 176 | .targetsize = sizeof(struct xt_rateest_target_info), | ||
| 177 | .me = THIS_MODULE, | ||
| 178 | }, | ||
| 179 | }; | 169 | }; |
| 180 | 170 | ||
| 181 | static int __init xt_rateest_tg_init(void) | 171 | static int __init xt_rateest_tg_init(void) |
| @@ -186,13 +176,12 @@ static int __init xt_rateest_tg_init(void) | |||
| 186 | INIT_HLIST_HEAD(&rateest_hash[i]); | 176 | INIT_HLIST_HEAD(&rateest_hash[i]); |
| 187 | 177 | ||
| 188 | get_random_bytes(&jhash_rnd, sizeof(jhash_rnd)); | 178 | get_random_bytes(&jhash_rnd, sizeof(jhash_rnd)); |
| 189 | return xt_register_targets(xt_rateest_target, | 179 | return xt_register_target(&xt_rateest_tg_reg); |
| 190 | ARRAY_SIZE(xt_rateest_target)); | ||
| 191 | } | 180 | } |
| 192 | 181 | ||
| 193 | static void __exit xt_rateest_tg_fini(void) | 182 | static void __exit xt_rateest_tg_fini(void) |
| 194 | { | 183 | { |
| 195 | xt_unregister_targets(xt_rateest_target, ARRAY_SIZE(xt_rateest_target)); | 184 | xt_unregister_target(&xt_rateest_tg_reg); |
| 196 | } | 185 | } |
| 197 | 186 | ||
| 198 | 187 | ||
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c index 8f8f57b93a61..2a2ab8334817 100644 --- a/net/netfilter/xt_SECMARK.c +++ b/net/netfilter/xt_SECMARK.c | |||
| @@ -125,35 +125,25 @@ static void secmark_tg_destroy(const struct xt_target *target, void *targinfo) | |||
| 125 | } | 125 | } |
| 126 | } | 126 | } |
| 127 | 127 | ||
| 128 | static struct xt_target secmark_tg_reg[] __read_mostly = { | 128 | static struct xt_target secmark_tg_reg __read_mostly = { |
| 129 | { | 129 | .name = "SECMARK", |
| 130 | .name = "SECMARK", | 130 | .revision = 0, |
| 131 | .family = NFPROTO_IPV4, | 131 | .family = NFPROTO_UNSPEC, |
| 132 | .checkentry = secmark_tg_check, | 132 | .checkentry = secmark_tg_check, |
| 133 | .destroy = secmark_tg_destroy, | 133 | .destroy = secmark_tg_destroy, |
| 134 | .target = secmark_tg, | 134 | .target = secmark_tg, |
| 135 | .targetsize = sizeof(struct xt_secmark_target_info), | 135 | .targetsize = sizeof(struct xt_secmark_target_info), |
| 136 | .me = THIS_MODULE, | 136 | .me = THIS_MODULE, |
| 137 | }, | ||
| 138 | { | ||
| 139 | .name = "SECMARK", | ||
| 140 | .family = NFPROTO_IPV6, | ||
| 141 | .checkentry = secmark_tg_check, | ||
| 142 | .destroy = secmark_tg_destroy, | ||
| 143 | .target = secmark_tg, | ||
| 144 | .targetsize = sizeof(struct xt_secmark_target_info), | ||
| 145 | .me = THIS_MODULE, | ||
| 146 | }, | ||
| 147 | }; | 137 | }; |
| 148 | 138 | ||
| 149 | static int __init secmark_tg_init(void) | 139 | static int __init secmark_tg_init(void) |
| 150 | { | 140 | { |
| 151 | return xt_register_targets(secmark_tg_reg, ARRAY_SIZE(secmark_tg_reg)); | 141 | return xt_register_target(&secmark_tg_reg); |
| 152 | } | 142 | } |
| 153 | 143 | ||
| 154 | static void __exit secmark_tg_exit(void) | 144 | static void __exit secmark_tg_exit(void) |
| 155 | { | 145 | { |
| 156 | xt_unregister_targets(secmark_tg_reg, ARRAY_SIZE(secmark_tg_reg)); | 146 | xt_unregister_target(&secmark_tg_reg); |
| 157 | } | 147 | } |
| 158 | 148 | ||
| 159 | module_init(secmark_tg_init); | 149 | module_init(secmark_tg_init); |
diff --git a/net/netfilter/xt_TRACE.c b/net/netfilter/xt_TRACE.c index e1bcad57914e..da35f9f1cd7b 100644 --- a/net/netfilter/xt_TRACE.c +++ b/net/netfilter/xt_TRACE.c | |||
| @@ -19,31 +19,23 @@ trace_tg(struct sk_buff *skb, const struct net_device *in, | |||
| 19 | return XT_CONTINUE; | 19 | return XT_CONTINUE; |
| 20 | } | 20 | } |
| 21 | 21 | ||
| 22 | static struct xt_target trace_tg_reg[] __read_mostly = { | 22 | static struct xt_target trace_tg_reg __read_mostly = { |
| 23 | { | 23 | .name = "TRACE", |
| 24 | .name = "TRACE", | 24 | .revision = 0, |
| 25 | .family = NFPROTO_IPV4, | 25 | .family = NFPROTO_UNSPEC, |
| 26 | .target = trace_tg, | 26 | .table = "raw", |
| 27 | .table = "raw", | 27 | .target = trace_tg, |
| 28 | .me = THIS_MODULE, | 28 | .me = THIS_MODULE, |
| 29 | }, | ||
| 30 | { | ||
| 31 | .name = "TRACE", | ||
| 32 | .family = NFPROTO_IPV6, | ||
| 33 | .target = trace_tg, | ||
| 34 | .table = "raw", | ||
| 35 | .me = THIS_MODULE, | ||
| 36 | }, | ||
| 37 | }; | 29 | }; |
| 38 | 30 | ||
| 39 | static int __init trace_tg_init(void) | 31 | static int __init trace_tg_init(void) |
| 40 | { | 32 | { |
| 41 | return xt_register_targets(trace_tg_reg, ARRAY_SIZE(trace_tg_reg)); | 33 | return xt_register_target(&trace_tg_reg); |
| 42 | } | 34 | } |
| 43 | 35 | ||
| 44 | static void __exit trace_tg_exit(void) | 36 | static void __exit trace_tg_exit(void) |
| 45 | { | 37 | { |
| 46 | xt_unregister_targets(trace_tg_reg, ARRAY_SIZE(trace_tg_reg)); | 38 | xt_unregister_target(&trace_tg_reg); |
| 47 | } | 39 | } |
| 48 | 40 | ||
| 49 | module_init(trace_tg_init); | 41 | module_init(trace_tg_init); |
diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c index 584d66893c4b..00247bd1095e 100644 --- a/net/netfilter/xt_limit.c +++ b/net/netfilter/xt_limit.c | |||
| @@ -167,43 +167,29 @@ static int limit_mt_compat_to_user(void __user *dst, void *src) | |||
| 167 | } | 167 | } |
| 168 | #endif /* CONFIG_COMPAT */ | 168 | #endif /* CONFIG_COMPAT */ |
| 169 | 169 | ||
| 170 | static struct xt_match limit_mt_reg[] __read_mostly = { | 170 | static struct xt_match limit_mt_reg __read_mostly = { |
| 171 | { | 171 | .name = "limit", |
| 172 | .name = "limit", | 172 | .revision = 0, |
| 173 | .family = NFPROTO_IPV4, | 173 | .family = NFPROTO_UNSPEC, |
| 174 | .checkentry = limit_mt_check, | 174 | .match = limit_mt, |
| 175 | .match = limit_mt, | 175 | .checkentry = limit_mt_check, |
| 176 | .matchsize = sizeof(struct xt_rateinfo), | 176 | .matchsize = sizeof(struct xt_rateinfo), |
| 177 | #ifdef CONFIG_COMPAT | 177 | #ifdef CONFIG_COMPAT |
| 178 | .compatsize = sizeof(struct compat_xt_rateinfo), | 178 | .compatsize = sizeof(struct compat_xt_rateinfo), |
| 179 | .compat_from_user = limit_mt_compat_from_user, | 179 | .compat_from_user = limit_mt_compat_from_user, |
| 180 | .compat_to_user = limit_mt_compat_to_user, | 180 | .compat_to_user = limit_mt_compat_to_user, |
| 181 | #endif | 181 | #endif |
| 182 | .me = THIS_MODULE, | 182 | .me = THIS_MODULE, |
| 183 | }, | ||
| 184 | { | ||
| 185 | .name = "limit", | ||
| 186 | .family = NFPROTO_IPV6, | ||
| 187 | .checkentry = limit_mt_check, | ||
| 188 | .match = limit_mt, | ||
| 189 | .matchsize = sizeof(struct xt_rateinfo), | ||
| 190 | #ifdef CONFIG_COMPAT | ||
| 191 | .compatsize = sizeof(struct compat_xt_rateinfo), | ||
| 192 | .compat_from_user = limit_mt_compat_from_user, | ||
| 193 | .compat_to_user = limit_mt_compat_to_user, | ||
| 194 | #endif | ||
| 195 | .me = THIS_MODULE, | ||
| 196 | }, | ||
| 197 | }; | 183 | }; |
| 198 | 184 | ||
| 199 | static int __init limit_mt_init(void) | 185 | static int __init limit_mt_init(void) |
| 200 | { | 186 | { |
| 201 | return xt_register_matches(limit_mt_reg, ARRAY_SIZE(limit_mt_reg)); | 187 | return xt_register_match(&limit_mt_reg); |
| 202 | } | 188 | } |
| 203 | 189 | ||
| 204 | static void __exit limit_mt_exit(void) | 190 | static void __exit limit_mt_exit(void) |
| 205 | { | 191 | { |
| 206 | xt_unregister_matches(limit_mt_reg, ARRAY_SIZE(limit_mt_reg)); | 192 | xt_unregister_match(&limit_mt_reg); |
| 207 | } | 193 | } |
| 208 | 194 | ||
| 209 | module_init(limit_mt_init); | 195 | module_init(limit_mt_init); |
diff --git a/net/netfilter/xt_mark.c b/net/netfilter/xt_mark.c index c66affd5722f..96dd2b63b6b6 100644 --- a/net/netfilter/xt_mark.c +++ b/net/netfilter/xt_mark.c | |||
| @@ -92,7 +92,7 @@ static struct xt_match mark_mt_reg[] __read_mostly = { | |||
| 92 | { | 92 | { |
| 93 | .name = "mark", | 93 | .name = "mark", |
| 94 | .revision = 0, | 94 | .revision = 0, |
| 95 | .family = NFPROTO_IPV4, | 95 | .family = NFPROTO_UNSPEC, |
| 96 | .checkentry = mark_mt_check_v0, | 96 | .checkentry = mark_mt_check_v0, |
| 97 | .match = mark_mt_v0, | 97 | .match = mark_mt_v0, |
| 98 | .matchsize = sizeof(struct xt_mark_info), | 98 | .matchsize = sizeof(struct xt_mark_info), |
| @@ -104,31 +104,9 @@ static struct xt_match mark_mt_reg[] __read_mostly = { | |||
| 104 | .me = THIS_MODULE, | 104 | .me = THIS_MODULE, |
| 105 | }, | 105 | }, |
| 106 | { | 106 | { |
| 107 | .name = "mark", | ||
| 108 | .revision = 0, | ||
| 109 | .family = NFPROTO_IPV6, | ||
| 110 | .checkentry = mark_mt_check_v0, | ||
| 111 | .match = mark_mt_v0, | ||
| 112 | .matchsize = sizeof(struct xt_mark_info), | ||
| 113 | #ifdef CONFIG_COMPAT | ||
| 114 | .compatsize = sizeof(struct compat_xt_mark_info), | ||
| 115 | .compat_from_user = mark_mt_compat_from_user_v0, | ||
| 116 | .compat_to_user = mark_mt_compat_to_user_v0, | ||
| 117 | #endif | ||
| 118 | .me = THIS_MODULE, | ||
| 119 | }, | ||
| 120 | { | ||
| 121 | .name = "mark", | ||
| 122 | .revision = 1, | ||
| 123 | .family = NFPROTO_IPV4, | ||
| 124 | .match = mark_mt, | ||
| 125 | .matchsize = sizeof(struct xt_mark_mtinfo1), | ||
| 126 | .me = THIS_MODULE, | ||
| 127 | }, | ||
| 128 | { | ||
| 129 | .name = "mark", | 107 | .name = "mark", |
| 130 | .revision = 1, | 108 | .revision = 1, |
| 131 | .family = NFPROTO_IPV6, | 109 | .family = NFPROTO_UNSPEC, |
| 132 | .match = mark_mt, | 110 | .match = mark_mt, |
| 133 | .matchsize = sizeof(struct xt_mark_mtinfo1), | 111 | .matchsize = sizeof(struct xt_mark_mtinfo1), |
| 134 | .me = THIS_MODULE, | 112 | .me = THIS_MODULE, |
diff --git a/net/netfilter/xt_quota.c b/net/netfilter/xt_quota.c index 59f61e32b62b..a3c8798f0cc7 100644 --- a/net/netfilter/xt_quota.c +++ b/net/netfilter/xt_quota.c | |||
| @@ -54,33 +54,24 @@ quota_mt_check(const char *tablename, const void *entry, | |||
| 54 | return true; | 54 | return true; |
| 55 | } | 55 | } |
| 56 | 56 | ||
| 57 | static struct xt_match quota_mt_reg[] __read_mostly = { | 57 | static struct xt_match quota_mt_reg __read_mostly = { |
| 58 | { | 58 | .name = "quota", |
| 59 | .name = "quota", | 59 | .revision = 0, |
| 60 | .family = NFPROTO_IPV4, | 60 | .family = NFPROTO_UNSPEC, |
| 61 | .checkentry = quota_mt_check, | 61 | .match = quota_mt, |
| 62 | .match = quota_mt, | 62 | .checkentry = quota_mt_check, |
| 63 | .matchsize = sizeof(struct xt_quota_info), | 63 | .matchsize = sizeof(struct xt_quota_info), |
| 64 | .me = THIS_MODULE | 64 | .me = THIS_MODULE, |
| 65 | }, | ||
| 66 | { | ||
| 67 | .name = "quota", | ||
| 68 | .family = NFPROTO_IPV6, | ||
| 69 | .checkentry = quota_mt_check, | ||
| 70 | .match = quota_mt, | ||
| 71 | .matchsize = sizeof(struct xt_quota_info), | ||
| 72 | .me = THIS_MODULE | ||
| 73 | }, | ||
| 74 | }; | 65 | }; |
| 75 | 66 | ||
| 76 | static int __init quota_mt_init(void) | 67 | static int __init quota_mt_init(void) |
| 77 | { | 68 | { |
| 78 | return xt_register_matches(quota_mt_reg, ARRAY_SIZE(quota_mt_reg)); | 69 | return xt_register_match("a_mt_reg); |
| 79 | } | 70 | } |
| 80 | 71 | ||
| 81 | static void __exit quota_mt_exit(void) | 72 | static void __exit quota_mt_exit(void) |
| 82 | { | 73 | { |
| 83 | xt_unregister_matches(quota_mt_reg, ARRAY_SIZE(quota_mt_reg)); | 74 | xt_unregister_match("a_mt_reg); |
| 84 | } | 75 | } |
| 85 | 76 | ||
| 86 | module_init(quota_mt_init); | 77 | module_init(quota_mt_init); |
diff --git a/net/netfilter/xt_rateest.c b/net/netfilter/xt_rateest.c index ba1cb5760f48..4dcfd7353dba 100644 --- a/net/netfilter/xt_rateest.c +++ b/net/netfilter/xt_rateest.c | |||
| @@ -137,36 +137,25 @@ static void xt_rateest_mt_destroy(const struct xt_match *match, | |||
| 137 | xt_rateest_put(info->est2); | 137 | xt_rateest_put(info->est2); |
| 138 | } | 138 | } |
| 139 | 139 | ||
| 140 | static struct xt_match xt_rateest_match[] __read_mostly = { | 140 | static struct xt_match xt_rateest_mt_reg __read_mostly = { |
| 141 | { | 141 | .name = "rateest", |
| 142 | .family = NFPROTO_IPV4, | 142 | .revision = 0, |
| 143 | .name = "rateest", | 143 | .family = NFPROTO_UNSPEC, |
| 144 | .match = xt_rateest_mt, | 144 | .match = xt_rateest_mt, |
| 145 | .checkentry = xt_rateest_mt_checkentry, | 145 | .checkentry = xt_rateest_mt_checkentry, |
| 146 | .destroy = xt_rateest_mt_destroy, | 146 | .destroy = xt_rateest_mt_destroy, |
| 147 | .matchsize = sizeof(struct xt_rateest_match_info), | 147 | .matchsize = sizeof(struct xt_rateest_match_info), |
| 148 | .me = THIS_MODULE, | 148 | .me = THIS_MODULE, |
| 149 | }, | ||
| 150 | { | ||
| 151 | .family = NFPROTO_IPV6, | ||
| 152 | .name = "rateest", | ||
| 153 | .match = xt_rateest_mt, | ||
| 154 | .checkentry = xt_rateest_mt_checkentry, | ||
| 155 | .destroy = xt_rateest_mt_destroy, | ||
| 156 | .matchsize = sizeof(struct xt_rateest_match_info), | ||
| 157 | .me = THIS_MODULE, | ||
| 158 | }, | ||
| 159 | }; | 149 | }; |
| 160 | 150 | ||
| 161 | static int __init xt_rateest_mt_init(void) | 151 | static int __init xt_rateest_mt_init(void) |
| 162 | { | 152 | { |
| 163 | return xt_register_matches(xt_rateest_match, | 153 | return xt_register_match(&xt_rateest_mt_reg); |
| 164 | ARRAY_SIZE(xt_rateest_match)); | ||
| 165 | } | 154 | } |
| 166 | 155 | ||
| 167 | static void __exit xt_rateest_mt_fini(void) | 156 | static void __exit xt_rateest_mt_fini(void) |
| 168 | { | 157 | { |
| 169 | xt_unregister_matches(xt_rateest_match, ARRAY_SIZE(xt_rateest_match)); | 158 | xt_unregister_match(&xt_rateest_mt_reg); |
| 170 | } | 159 | } |
| 171 | 160 | ||
| 172 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); | 161 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); |
diff --git a/net/netfilter/xt_statistic.c b/net/netfilter/xt_statistic.c index fd3bb1400df4..f41a92322e6e 100644 --- a/net/netfilter/xt_statistic.c +++ b/net/netfilter/xt_statistic.c | |||
| @@ -66,35 +66,24 @@ statistic_mt_check(const char *tablename, const void *entry, | |||
| 66 | return true; | 66 | return true; |
| 67 | } | 67 | } |
| 68 | 68 | ||
| 69 | static struct xt_match statistic_mt_reg[] __read_mostly = { | 69 | static struct xt_match xt_statistic_mt_reg __read_mostly = { |
| 70 | { | 70 | .name = "statistic", |
| 71 | .name = "statistic", | 71 | .revision = 0, |
| 72 | .family = NFPROTO_IPV4, | 72 | .family = NFPROTO_UNSPEC, |
| 73 | .checkentry = statistic_mt_check, | 73 | .match = statistic_mt, |
| 74 | .match = statistic_mt, | 74 | .checkentry = statistic_mt_check, |
| 75 | .matchsize = sizeof(struct xt_statistic_info), | 75 | .matchsize = sizeof(struct xt_statistic_info), |
| 76 | .me = THIS_MODULE, | 76 | .me = THIS_MODULE, |
| 77 | }, | ||
| 78 | { | ||
| 79 | .name = "statistic", | ||
| 80 | .family = NFPROTO_IPV6, | ||
| 81 | .checkentry = statistic_mt_check, | ||
| 82 | .match = statistic_mt, | ||
| 83 | .matchsize = sizeof(struct xt_statistic_info), | ||
| 84 | .me = THIS_MODULE, | ||
| 85 | }, | ||
| 86 | }; | 77 | }; |
| 87 | 78 | ||
| 88 | static int __init statistic_mt_init(void) | 79 | static int __init statistic_mt_init(void) |
| 89 | { | 80 | { |
| 90 | return xt_register_matches(statistic_mt_reg, | 81 | return xt_register_match(&xt_statistic_mt_reg); |
| 91 | ARRAY_SIZE(statistic_mt_reg)); | ||
| 92 | } | 82 | } |
| 93 | 83 | ||
| 94 | static void __exit statistic_mt_exit(void) | 84 | static void __exit statistic_mt_exit(void) |
| 95 | { | 85 | { |
| 96 | xt_unregister_matches(statistic_mt_reg, | 86 | xt_unregister_match(&xt_statistic_mt_reg); |
| 97 | ARRAY_SIZE(statistic_mt_reg)); | ||
| 98 | } | 87 | } |
| 99 | 88 | ||
| 100 | module_init(statistic_mt_init); | 89 | module_init(statistic_mt_init); |
diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c index 501697183774..18d8884e7370 100644 --- a/net/netfilter/xt_string.c +++ b/net/netfilter/xt_string.c | |||
| @@ -81,11 +81,11 @@ static void string_mt_destroy(const struct xt_match *match, void *matchinfo) | |||
| 81 | textsearch_destroy(STRING_TEXT_PRIV(matchinfo)->config); | 81 | textsearch_destroy(STRING_TEXT_PRIV(matchinfo)->config); |
| 82 | } | 82 | } |
| 83 | 83 | ||
| 84 | static struct xt_match string_mt_reg[] __read_mostly = { | 84 | static struct xt_match xt_string_mt_reg[] __read_mostly = { |
| 85 | { | 85 | { |
| 86 | .name = "string", | 86 | .name = "string", |
| 87 | .revision = 0, | 87 | .revision = 0, |
| 88 | .family = NFPROTO_IPV4, | 88 | .family = NFPROTO_UNSPEC, |
| 89 | .checkentry = string_mt_check, | 89 | .checkentry = string_mt_check, |
| 90 | .match = string_mt, | 90 | .match = string_mt, |
| 91 | .destroy = string_mt_destroy, | 91 | .destroy = string_mt_destroy, |
| @@ -95,27 +95,7 @@ static struct xt_match string_mt_reg[] __read_mostly = { | |||
| 95 | { | 95 | { |
| 96 | .name = "string", | 96 | .name = "string", |
| 97 | .revision = 1, | 97 | .revision = 1, |
| 98 | .family = NFPROTO_IPV4, | 98 | .family = NFPROTO_UNSPEC, |
| 99 | .checkentry = string_mt_check, | ||
| 100 | .match = string_mt, | ||
| 101 | .destroy = string_mt_destroy, | ||
| 102 | .matchsize = sizeof(struct xt_string_info), | ||
| 103 | .me = THIS_MODULE | ||
| 104 | }, | ||
| 105 | { | ||
| 106 | .name = "string", | ||
| 107 | .revision = 0, | ||
| 108 | .family = NFPROTO_IPV6, | ||
| 109 | .checkentry = string_mt_check, | ||
| 110 | .match = string_mt, | ||
| 111 | .destroy = string_mt_destroy, | ||
| 112 | .matchsize = sizeof(struct xt_string_info), | ||
| 113 | .me = THIS_MODULE | ||
| 114 | }, | ||
| 115 | { | ||
| 116 | .name = "string", | ||
| 117 | .revision = 1, | ||
| 118 | .family = NFPROTO_IPV6, | ||
| 119 | .checkentry = string_mt_check, | 99 | .checkentry = string_mt_check, |
| 120 | .match = string_mt, | 100 | .match = string_mt, |
| 121 | .destroy = string_mt_destroy, | 101 | .destroy = string_mt_destroy, |
| @@ -126,12 +106,13 @@ static struct xt_match string_mt_reg[] __read_mostly = { | |||
| 126 | 106 | ||
| 127 | static int __init string_mt_init(void) | 107 | static int __init string_mt_init(void) |
| 128 | { | 108 | { |
| 129 | return xt_register_matches(string_mt_reg, ARRAY_SIZE(string_mt_reg)); | 109 | return xt_register_matches(xt_string_mt_reg, |
| 110 | ARRAY_SIZE(xt_string_mt_reg)); | ||
| 130 | } | 111 | } |
| 131 | 112 | ||
| 132 | static void __exit string_mt_exit(void) | 113 | static void __exit string_mt_exit(void) |
| 133 | { | 114 | { |
| 134 | xt_unregister_matches(string_mt_reg, ARRAY_SIZE(string_mt_reg)); | 115 | xt_unregister_matches(xt_string_mt_reg, ARRAY_SIZE(xt_string_mt_reg)); |
| 135 | } | 116 | } |
| 136 | 117 | ||
| 137 | module_init(string_mt_init); | 118 | module_init(string_mt_init); |
diff --git a/net/netfilter/xt_time.c b/net/netfilter/xt_time.c index fe9dae2b4f55..32d4c769caa4 100644 --- a/net/netfilter/xt_time.c +++ b/net/netfilter/xt_time.c | |||
| @@ -237,33 +237,23 @@ time_mt_check(const char *tablename, const void *ip, | |||
| 237 | return true; | 237 | return true; |
| 238 | } | 238 | } |
| 239 | 239 | ||
| 240 | static struct xt_match time_mt_reg[] __read_mostly = { | 240 | static struct xt_match xt_time_mt_reg __read_mostly = { |
| 241 | { | 241 | .name = "time", |
| 242 | .name = "time", | 242 | .family = NFPROTO_UNSPEC, |
| 243 | .family = NFPROTO_IPV4, | 243 | .match = time_mt, |
| 244 | .match = time_mt, | 244 | .checkentry = time_mt_check, |
| 245 | .matchsize = sizeof(struct xt_time_info), | 245 | .matchsize = sizeof(struct xt_time_info), |
| 246 | .checkentry = time_mt_check, | 246 | .me = THIS_MODULE, |
| 247 | .me = THIS_MODULE, | ||
| 248 | }, | ||
| 249 | { | ||
| 250 | .name = "time", | ||
| 251 | .family = NFPROTO_IPV6, | ||
| 252 | .match = time_mt, | ||
| 253 | .matchsize = sizeof(struct xt_time_info), | ||
| 254 | .checkentry = time_mt_check, | ||
| 255 | .me = THIS_MODULE, | ||
| 256 | }, | ||
| 257 | }; | 247 | }; |
| 258 | 248 | ||
| 259 | static int __init time_mt_init(void) | 249 | static int __init time_mt_init(void) |
| 260 | { | 250 | { |
| 261 | return xt_register_matches(time_mt_reg, ARRAY_SIZE(time_mt_reg)); | 251 | return xt_register_match(&xt_time_mt_reg); |
| 262 | } | 252 | } |
| 263 | 253 | ||
| 264 | static void __exit time_mt_exit(void) | 254 | static void __exit time_mt_exit(void) |
| 265 | { | 255 | { |
| 266 | xt_unregister_matches(time_mt_reg, ARRAY_SIZE(time_mt_reg)); | 256 | xt_unregister_match(&xt_time_mt_reg); |
| 267 | } | 257 | } |
| 268 | 258 | ||
| 269 | module_init(time_mt_init); | 259 | module_init(time_mt_init); |
diff --git a/net/netfilter/xt_u32.c b/net/netfilter/xt_u32.c index ed9f83406112..a6b971dc5d38 100644 --- a/net/netfilter/xt_u32.c +++ b/net/netfilter/xt_u32.c | |||
| @@ -99,31 +99,23 @@ u32_mt(const struct sk_buff *skb, const struct net_device *in, | |||
| 99 | return ret ^ data->invert; | 99 | return ret ^ data->invert; |
| 100 | } | 100 | } |
| 101 | 101 | ||
| 102 | static struct xt_match u32_mt_reg[] __read_mostly = { | 102 | static struct xt_match xt_u32_mt_reg __read_mostly = { |
| 103 | { | 103 | .name = "u32", |
| 104 | .name = "u32", | 104 | .revision = 0, |
| 105 | .family = NFPROTO_IPV4, | 105 | .family = NFPROTO_UNSPEC, |
| 106 | .match = u32_mt, | 106 | .match = u32_mt, |
| 107 | .matchsize = sizeof(struct xt_u32), | 107 | .matchsize = sizeof(struct xt_u32), |
| 108 | .me = THIS_MODULE, | 108 | .me = THIS_MODULE, |
| 109 | }, | ||
| 110 | { | ||
| 111 | .name = "u32", | ||
| 112 | .family = NFPROTO_IPV6, | ||
| 113 | .match = u32_mt, | ||
| 114 | .matchsize = sizeof(struct xt_u32), | ||
| 115 | .me = THIS_MODULE, | ||
| 116 | }, | ||
| 117 | }; | 109 | }; |
| 118 | 110 | ||
| 119 | static int __init u32_mt_init(void) | 111 | static int __init u32_mt_init(void) |
| 120 | { | 112 | { |
| 121 | return xt_register_matches(u32_mt_reg, ARRAY_SIZE(u32_mt_reg)); | 113 | return xt_register_match(&xt_u32_mt_reg); |
| 122 | } | 114 | } |
| 123 | 115 | ||
| 124 | static void __exit u32_mt_exit(void) | 116 | static void __exit u32_mt_exit(void) |
| 125 | { | 117 | { |
| 126 | xt_unregister_matches(u32_mt_reg, ARRAY_SIZE(u32_mt_reg)); | 118 | xt_unregister_match(&xt_u32_mt_reg); |
| 127 | } | 119 | } |
| 128 | 120 | ||
| 129 | module_init(u32_mt_init); | 121 | module_init(u32_mt_init); |