diff options
-rw-r--r-- | include/linux/netfilter_arp/arp_tables.h | 33 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ip_tables.h | 69 | ||||
-rw-r--r-- | include/linux/netfilter_ipv6/ip6_tables.h | 69 | ||||
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 14 | ||||
-rw-r--r-- | net/ipv4/netfilter/arpt_mangle.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 18 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 18 | ||||
-rw-r--r-- | net/sched/act_ipt.c | 2 |
8 files changed, 94 insertions, 131 deletions
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index 7e193c9241b3..6e2341a811d6 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h | |||
@@ -26,6 +26,14 @@ | |||
26 | #define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN | 26 | #define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN |
27 | #define arpt_entry_target xt_entry_target | 27 | #define arpt_entry_target xt_entry_target |
28 | #define arpt_standard_target xt_standard_target | 28 | #define arpt_standard_target xt_standard_target |
29 | #define ARPT_CONTINUE XT_CONTINUE | ||
30 | #define ARPT_RETURN XT_RETURN | ||
31 | #define arpt_counters_info xt_counters_info | ||
32 | #define arpt_counters xt_counters | ||
33 | #define ARPT_STANDARD_TARGET XT_STANDARD_TARGET | ||
34 | #define ARPT_ERROR_TARGET XT_ERROR_TARGET | ||
35 | #define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \ | ||
36 | XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args) | ||
29 | #endif | 37 | #endif |
30 | 38 | ||
31 | #define ARPT_DEV_ADDR_LEN_MAX 16 | 39 | #define ARPT_DEV_ADDR_LEN_MAX 16 |
@@ -126,12 +134,6 @@ struct arpt_entry | |||
126 | #define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3) | 134 | #define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3) |
127 | #define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET) | 135 | #define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET) |
128 | 136 | ||
129 | /* CONTINUE verdict for targets */ | ||
130 | #define ARPT_CONTINUE XT_CONTINUE | ||
131 | |||
132 | /* For standard target */ | ||
133 | #define ARPT_RETURN XT_RETURN | ||
134 | |||
135 | /* The argument to ARPT_SO_GET_INFO */ | 137 | /* The argument to ARPT_SO_GET_INFO */ |
136 | struct arpt_getinfo { | 138 | struct arpt_getinfo { |
137 | /* Which table: caller fills this in. */ | 139 | /* Which table: caller fills this in. */ |
@@ -185,10 +187,6 @@ struct arpt_replace { | |||
185 | struct arpt_entry entries[0]; | 187 | struct arpt_entry entries[0]; |
186 | }; | 188 | }; |
187 | 189 | ||
188 | /* The argument to ARPT_SO_ADD_COUNTERS. */ | ||
189 | #define arpt_counters_info xt_counters_info | ||
190 | #define arpt_counters xt_counters | ||
191 | |||
192 | /* The argument to ARPT_SO_GET_ENTRIES. */ | 190 | /* The argument to ARPT_SO_GET_ENTRIES. */ |
193 | struct arpt_get_entries { | 191 | struct arpt_get_entries { |
194 | /* Which table: user fills this in. */ | 192 | /* Which table: user fills this in. */ |
@@ -201,23 +199,12 @@ struct arpt_get_entries { | |||
201 | struct arpt_entry entrytable[0]; | 199 | struct arpt_entry entrytable[0]; |
202 | }; | 200 | }; |
203 | 201 | ||
204 | /* Standard return verdict, or do jump. */ | ||
205 | #define ARPT_STANDARD_TARGET XT_STANDARD_TARGET | ||
206 | /* Error verdict. */ | ||
207 | #define ARPT_ERROR_TARGET XT_ERROR_TARGET | ||
208 | |||
209 | /* Helper functions */ | 202 | /* Helper functions */ |
210 | static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e) | 203 | static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e) |
211 | { | 204 | { |
212 | return (void *)e + e->target_offset; | 205 | return (void *)e + e->target_offset; |
213 | } | 206 | } |
214 | 207 | ||
215 | #ifndef __KERNEL__ | ||
216 | /* fn returns 0 to continue iteration */ | ||
217 | #define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \ | ||
218 | XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args) | ||
219 | #endif | ||
220 | |||
221 | /* | 208 | /* |
222 | * Main firewall chains definitions and global var's definitions. | 209 | * Main firewall chains definitions and global var's definitions. |
223 | */ | 210 | */ |
@@ -248,7 +235,7 @@ struct arpt_error { | |||
248 | #define ARPT_STANDARD_INIT(__verdict) \ | 235 | #define ARPT_STANDARD_INIT(__verdict) \ |
249 | { \ | 236 | { \ |
250 | .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \ | 237 | .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \ |
251 | .target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \ | 238 | .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \ |
252 | sizeof(struct xt_standard_target)), \ | 239 | sizeof(struct xt_standard_target)), \ |
253 | .target.verdict = -(__verdict) - 1, \ | 240 | .target.verdict = -(__verdict) - 1, \ |
254 | } | 241 | } |
@@ -256,7 +243,7 @@ struct arpt_error { | |||
256 | #define ARPT_ERROR_INIT \ | 243 | #define ARPT_ERROR_INIT \ |
257 | { \ | 244 | { \ |
258 | .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_error)), \ | 245 | .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_error)), \ |
259 | .target = XT_TARGET_INIT(ARPT_ERROR_TARGET, \ | 246 | .target = XT_TARGET_INIT(XT_ERROR_TARGET, \ |
260 | sizeof(struct arpt_error_target)), \ | 247 | sizeof(struct arpt_error_target)), \ |
261 | .target.errorname = "ERROR", \ | 248 | .target.errorname = "ERROR", \ |
262 | } | 249 | } |
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index ec506918a9b9..ee54b3b7e237 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h | |||
@@ -38,6 +38,36 @@ | |||
38 | #define ipt_entry_target xt_entry_target | 38 | #define ipt_entry_target xt_entry_target |
39 | #define ipt_standard_target xt_standard_target | 39 | #define ipt_standard_target xt_standard_target |
40 | #define ipt_counters xt_counters | 40 | #define ipt_counters xt_counters |
41 | #define IPT_CONTINUE XT_CONTINUE | ||
42 | #define IPT_RETURN XT_RETURN | ||
43 | |||
44 | /* This group is older than old (iptables < v1.4.0-rc1~89) */ | ||
45 | #include <linux/netfilter/xt_tcpudp.h> | ||
46 | #define ipt_udp xt_udp | ||
47 | #define ipt_tcp xt_tcp | ||
48 | #define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT | ||
49 | #define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT | ||
50 | #define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS | ||
51 | #define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION | ||
52 | #define IPT_TCP_INV_MASK XT_TCP_INV_MASK | ||
53 | #define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT | ||
54 | #define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT | ||
55 | #define IPT_UDP_INV_MASK XT_UDP_INV_MASK | ||
56 | |||
57 | /* The argument to IPT_SO_ADD_COUNTERS. */ | ||
58 | #define ipt_counters_info xt_counters_info | ||
59 | /* Standard return verdict, or do jump. */ | ||
60 | #define IPT_STANDARD_TARGET XT_STANDARD_TARGET | ||
61 | /* Error verdict. */ | ||
62 | #define IPT_ERROR_TARGET XT_ERROR_TARGET | ||
63 | |||
64 | /* fn returns 0 to continue iteration */ | ||
65 | #define IPT_MATCH_ITERATE(e, fn, args...) \ | ||
66 | XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args) | ||
67 | |||
68 | /* fn returns 0 to continue iteration */ | ||
69 | #define IPT_ENTRY_ITERATE(entries, size, fn, args...) \ | ||
70 | XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args) | ||
41 | #endif | 71 | #endif |
42 | 72 | ||
43 | /* Yes, Virginia, you have to zero the padding. */ | 73 | /* Yes, Virginia, you have to zero the padding. */ |
@@ -116,23 +146,6 @@ struct ipt_entry { | |||
116 | #define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) | 146 | #define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) |
117 | #define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET | 147 | #define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET |
118 | 148 | ||
119 | #define IPT_CONTINUE XT_CONTINUE | ||
120 | #define IPT_RETURN XT_RETURN | ||
121 | |||
122 | #include <linux/netfilter/xt_tcpudp.h> | ||
123 | #define ipt_udp xt_udp | ||
124 | #define ipt_tcp xt_tcp | ||
125 | |||
126 | #define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT | ||
127 | #define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT | ||
128 | #define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS | ||
129 | #define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION | ||
130 | #define IPT_TCP_INV_MASK XT_TCP_INV_MASK | ||
131 | |||
132 | #define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT | ||
133 | #define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT | ||
134 | #define IPT_UDP_INV_MASK XT_UDP_INV_MASK | ||
135 | |||
136 | /* ICMP matching stuff */ | 149 | /* ICMP matching stuff */ |
137 | struct ipt_icmp { | 150 | struct ipt_icmp { |
138 | u_int8_t type; /* type to match */ | 151 | u_int8_t type; /* type to match */ |
@@ -196,9 +209,6 @@ struct ipt_replace { | |||
196 | struct ipt_entry entries[0]; | 209 | struct ipt_entry entries[0]; |
197 | }; | 210 | }; |
198 | 211 | ||
199 | /* The argument to IPT_SO_ADD_COUNTERS. */ | ||
200 | #define ipt_counters_info xt_counters_info | ||
201 | |||
202 | /* The argument to IPT_SO_GET_ENTRIES. */ | 212 | /* The argument to IPT_SO_GET_ENTRIES. */ |
203 | struct ipt_get_entries { | 213 | struct ipt_get_entries { |
204 | /* Which table: user fills this in. */ | 214 | /* Which table: user fills this in. */ |
@@ -211,11 +221,6 @@ struct ipt_get_entries { | |||
211 | struct ipt_entry entrytable[0]; | 221 | struct ipt_entry entrytable[0]; |
212 | }; | 222 | }; |
213 | 223 | ||
214 | /* Standard return verdict, or do jump. */ | ||
215 | #define IPT_STANDARD_TARGET XT_STANDARD_TARGET | ||
216 | /* Error verdict. */ | ||
217 | #define IPT_ERROR_TARGET XT_ERROR_TARGET | ||
218 | |||
219 | /* Helper functions */ | 224 | /* Helper functions */ |
220 | static __inline__ struct xt_entry_target * | 225 | static __inline__ struct xt_entry_target * |
221 | ipt_get_target(struct ipt_entry *e) | 226 | ipt_get_target(struct ipt_entry *e) |
@@ -223,16 +228,6 @@ ipt_get_target(struct ipt_entry *e) | |||
223 | return (void *)e + e->target_offset; | 228 | return (void *)e + e->target_offset; |
224 | } | 229 | } |
225 | 230 | ||
226 | #ifndef __KERNEL__ | ||
227 | /* fn returns 0 to continue iteration */ | ||
228 | #define IPT_MATCH_ITERATE(e, fn, args...) \ | ||
229 | XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args) | ||
230 | |||
231 | /* fn returns 0 to continue iteration */ | ||
232 | #define IPT_ENTRY_ITERATE(entries, size, fn, args...) \ | ||
233 | XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args) | ||
234 | #endif | ||
235 | |||
236 | /* | 231 | /* |
237 | * Main firewall chains definitions and global var's definitions. | 232 | * Main firewall chains definitions and global var's definitions. |
238 | */ | 233 | */ |
@@ -271,7 +266,7 @@ struct ipt_error { | |||
271 | #define IPT_STANDARD_INIT(__verdict) \ | 266 | #define IPT_STANDARD_INIT(__verdict) \ |
272 | { \ | 267 | { \ |
273 | .entry = IPT_ENTRY_INIT(sizeof(struct ipt_standard)), \ | 268 | .entry = IPT_ENTRY_INIT(sizeof(struct ipt_standard)), \ |
274 | .target = XT_TARGET_INIT(IPT_STANDARD_TARGET, \ | 269 | .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \ |
275 | sizeof(struct xt_standard_target)), \ | 270 | sizeof(struct xt_standard_target)), \ |
276 | .target.verdict = -(__verdict) - 1, \ | 271 | .target.verdict = -(__verdict) - 1, \ |
277 | } | 272 | } |
@@ -279,7 +274,7 @@ struct ipt_error { | |||
279 | #define IPT_ERROR_INIT \ | 274 | #define IPT_ERROR_INIT \ |
280 | { \ | 275 | { \ |
281 | .entry = IPT_ENTRY_INIT(sizeof(struct ipt_error)), \ | 276 | .entry = IPT_ENTRY_INIT(sizeof(struct ipt_error)), \ |
282 | .target = XT_TARGET_INIT(IPT_ERROR_TARGET, \ | 277 | .target = XT_TARGET_INIT(XT_ERROR_TARGET, \ |
283 | sizeof(struct ipt_error_target)), \ | 278 | sizeof(struct ipt_error_target)), \ |
284 | .target.errorname = "ERROR", \ | 279 | .target.errorname = "ERROR", \ |
285 | } | 280 | } |
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index 40d11fa05840..ac2b411ea63a 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h | |||
@@ -38,6 +38,29 @@ | |||
38 | #define ip6t_entry_target xt_entry_target | 38 | #define ip6t_entry_target xt_entry_target |
39 | #define ip6t_standard_target xt_standard_target | 39 | #define ip6t_standard_target xt_standard_target |
40 | #define ip6t_counters xt_counters | 40 | #define ip6t_counters xt_counters |
41 | #define IP6T_CONTINUE XT_CONTINUE | ||
42 | #define IP6T_RETURN XT_RETURN | ||
43 | |||
44 | /* Pre-iptables-1.4.0 */ | ||
45 | #include <linux/netfilter/xt_tcpudp.h> | ||
46 | #define ip6t_tcp xt_tcp | ||
47 | #define ip6t_udp xt_udp | ||
48 | #define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT | ||
49 | #define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT | ||
50 | #define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS | ||
51 | #define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION | ||
52 | #define IP6T_TCP_INV_MASK XT_TCP_INV_MASK | ||
53 | #define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT | ||
54 | #define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT | ||
55 | #define IP6T_UDP_INV_MASK XT_UDP_INV_MASK | ||
56 | |||
57 | #define ip6t_counters_info xt_counters_info | ||
58 | #define IP6T_STANDARD_TARGET XT_STANDARD_TARGET | ||
59 | #define IP6T_ERROR_TARGET XT_ERROR_TARGET | ||
60 | #define IP6T_MATCH_ITERATE(e, fn, args...) \ | ||
61 | XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args) | ||
62 | #define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \ | ||
63 | XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args) | ||
41 | #endif | 64 | #endif |
42 | 65 | ||
43 | /* Yes, Virginia, you have to zero the padding. */ | 66 | /* Yes, Virginia, you have to zero the padding. */ |
@@ -133,7 +156,7 @@ struct ip6t_error { | |||
133 | #define IP6T_STANDARD_INIT(__verdict) \ | 156 | #define IP6T_STANDARD_INIT(__verdict) \ |
134 | { \ | 157 | { \ |
135 | .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \ | 158 | .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \ |
136 | .target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \ | 159 | .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \ |
137 | sizeof(struct xt_standard_target)), \ | 160 | sizeof(struct xt_standard_target)), \ |
138 | .target.verdict = -(__verdict) - 1, \ | 161 | .target.verdict = -(__verdict) - 1, \ |
139 | } | 162 | } |
@@ -141,7 +164,7 @@ struct ip6t_error { | |||
141 | #define IP6T_ERROR_INIT \ | 164 | #define IP6T_ERROR_INIT \ |
142 | { \ | 165 | { \ |
143 | .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \ | 166 | .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \ |
144 | .target = XT_TARGET_INIT(IP6T_ERROR_TARGET, \ | 167 | .target = XT_TARGET_INIT(XT_ERROR_TARGET, \ |
145 | sizeof(struct ip6t_error_target)), \ | 168 | sizeof(struct ip6t_error_target)), \ |
146 | .target.errorname = "ERROR", \ | 169 | .target.errorname = "ERROR", \ |
147 | } | 170 | } |
@@ -165,30 +188,6 @@ struct ip6t_error { | |||
165 | #define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5) | 188 | #define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5) |
166 | #define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET | 189 | #define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET |
167 | 190 | ||
168 | /* CONTINUE verdict for targets */ | ||
169 | #define IP6T_CONTINUE XT_CONTINUE | ||
170 | |||
171 | /* For standard target */ | ||
172 | #define IP6T_RETURN XT_RETURN | ||
173 | |||
174 | /* TCP/UDP matching stuff */ | ||
175 | #include <linux/netfilter/xt_tcpudp.h> | ||
176 | |||
177 | #define ip6t_tcp xt_tcp | ||
178 | #define ip6t_udp xt_udp | ||
179 | |||
180 | /* Values for "inv" field in struct ipt_tcp. */ | ||
181 | #define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT | ||
182 | #define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT | ||
183 | #define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS | ||
184 | #define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION | ||
185 | #define IP6T_TCP_INV_MASK XT_TCP_INV_MASK | ||
186 | |||
187 | /* Values for "invflags" field in struct ipt_udp. */ | ||
188 | #define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT | ||
189 | #define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT | ||
190 | #define IP6T_UDP_INV_MASK XT_UDP_INV_MASK | ||
191 | |||
192 | /* ICMP matching stuff */ | 191 | /* ICMP matching stuff */ |
193 | struct ip6t_icmp { | 192 | struct ip6t_icmp { |
194 | u_int8_t type; /* type to match */ | 193 | u_int8_t type; /* type to match */ |
@@ -252,9 +251,6 @@ struct ip6t_replace { | |||
252 | struct ip6t_entry entries[0]; | 251 | struct ip6t_entry entries[0]; |
253 | }; | 252 | }; |
254 | 253 | ||
255 | /* The argument to IP6T_SO_ADD_COUNTERS. */ | ||
256 | #define ip6t_counters_info xt_counters_info | ||
257 | |||
258 | /* The argument to IP6T_SO_GET_ENTRIES. */ | 254 | /* The argument to IP6T_SO_GET_ENTRIES. */ |
259 | struct ip6t_get_entries { | 255 | struct ip6t_get_entries { |
260 | /* Which table: user fills this in. */ | 256 | /* Which table: user fills this in. */ |
@@ -267,11 +263,6 @@ struct ip6t_get_entries { | |||
267 | struct ip6t_entry entrytable[0]; | 263 | struct ip6t_entry entrytable[0]; |
268 | }; | 264 | }; |
269 | 265 | ||
270 | /* Standard return verdict, or do jump. */ | ||
271 | #define IP6T_STANDARD_TARGET XT_STANDARD_TARGET | ||
272 | /* Error verdict. */ | ||
273 | #define IP6T_ERROR_TARGET XT_ERROR_TARGET | ||
274 | |||
275 | /* Helper functions */ | 266 | /* Helper functions */ |
276 | static __inline__ struct xt_entry_target * | 267 | static __inline__ struct xt_entry_target * |
277 | ip6t_get_target(struct ip6t_entry *e) | 268 | ip6t_get_target(struct ip6t_entry *e) |
@@ -279,16 +270,6 @@ ip6t_get_target(struct ip6t_entry *e) | |||
279 | return (void *)e + e->target_offset; | 270 | return (void *)e + e->target_offset; |
280 | } | 271 | } |
281 | 272 | ||
282 | #ifndef __KERNEL__ | ||
283 | /* fn returns 0 to continue iteration */ | ||
284 | #define IP6T_MATCH_ITERATE(e, fn, args...) \ | ||
285 | XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args) | ||
286 | |||
287 | /* fn returns 0 to continue iteration */ | ||
288 | #define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \ | ||
289 | XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args) | ||
290 | #endif | ||
291 | |||
292 | /* | 273 | /* |
293 | * Main firewall chains definitions and global var's definitions. | 274 | * Main firewall chains definitions and global var's definitions. |
294 | */ | 275 | */ |
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index ed178cbe6626..d756edae59ec 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -300,7 +300,7 @@ unsigned int arpt_do_table(struct sk_buff *skb, | |||
300 | v = ((struct xt_standard_target *)t)->verdict; | 300 | v = ((struct xt_standard_target *)t)->verdict; |
301 | if (v < 0) { | 301 | if (v < 0) { |
302 | /* Pop from stack? */ | 302 | /* Pop from stack? */ |
303 | if (v != ARPT_RETURN) { | 303 | if (v != XT_RETURN) { |
304 | verdict = (unsigned)(-v) - 1; | 304 | verdict = (unsigned)(-v) - 1; |
305 | break; | 305 | break; |
306 | } | 306 | } |
@@ -332,7 +332,7 @@ unsigned int arpt_do_table(struct sk_buff *skb, | |||
332 | /* Target might have changed stuff. */ | 332 | /* Target might have changed stuff. */ |
333 | arp = arp_hdr(skb); | 333 | arp = arp_hdr(skb); |
334 | 334 | ||
335 | if (verdict == ARPT_CONTINUE) | 335 | if (verdict == XT_CONTINUE) |
336 | e = arpt_next_entry(e); | 336 | e = arpt_next_entry(e); |
337 | else | 337 | else |
338 | /* Verdict */ | 338 | /* Verdict */ |
@@ -392,13 +392,13 @@ static int mark_source_chains(const struct xt_table_info *newinfo, | |||
392 | /* Unconditional return/END. */ | 392 | /* Unconditional return/END. */ |
393 | if ((e->target_offset == sizeof(struct arpt_entry) && | 393 | if ((e->target_offset == sizeof(struct arpt_entry) && |
394 | (strcmp(t->target.u.user.name, | 394 | (strcmp(t->target.u.user.name, |
395 | ARPT_STANDARD_TARGET) == 0) && | 395 | XT_STANDARD_TARGET) == 0) && |
396 | t->verdict < 0 && unconditional(&e->arp)) || | 396 | t->verdict < 0 && unconditional(&e->arp)) || |
397 | visited) { | 397 | visited) { |
398 | unsigned int oldpos, size; | 398 | unsigned int oldpos, size; |
399 | 399 | ||
400 | if ((strcmp(t->target.u.user.name, | 400 | if ((strcmp(t->target.u.user.name, |
401 | ARPT_STANDARD_TARGET) == 0) && | 401 | XT_STANDARD_TARGET) == 0) && |
402 | t->verdict < -NF_MAX_VERDICT - 1) { | 402 | t->verdict < -NF_MAX_VERDICT - 1) { |
403 | duprintf("mark_source_chains: bad " | 403 | duprintf("mark_source_chains: bad " |
404 | "negative verdict (%i)\n", | 404 | "negative verdict (%i)\n", |
@@ -433,7 +433,7 @@ static int mark_source_chains(const struct xt_table_info *newinfo, | |||
433 | int newpos = t->verdict; | 433 | int newpos = t->verdict; |
434 | 434 | ||
435 | if (strcmp(t->target.u.user.name, | 435 | if (strcmp(t->target.u.user.name, |
436 | ARPT_STANDARD_TARGET) == 0 && | 436 | XT_STANDARD_TARGET) == 0 && |
437 | newpos >= 0) { | 437 | newpos >= 0) { |
438 | if (newpos > newinfo->size - | 438 | if (newpos > newinfo->size - |
439 | sizeof(struct arpt_entry)) { | 439 | sizeof(struct arpt_entry)) { |
@@ -1828,7 +1828,7 @@ void arpt_unregister_table(struct xt_table *table) | |||
1828 | /* The built-in targets: standard (NULL) and error. */ | 1828 | /* The built-in targets: standard (NULL) and error. */ |
1829 | static struct xt_target arpt_builtin_tg[] __read_mostly = { | 1829 | static struct xt_target arpt_builtin_tg[] __read_mostly = { |
1830 | { | 1830 | { |
1831 | .name = ARPT_STANDARD_TARGET, | 1831 | .name = XT_STANDARD_TARGET, |
1832 | .targetsize = sizeof(int), | 1832 | .targetsize = sizeof(int), |
1833 | .family = NFPROTO_ARP, | 1833 | .family = NFPROTO_ARP, |
1834 | #ifdef CONFIG_COMPAT | 1834 | #ifdef CONFIG_COMPAT |
@@ -1838,7 +1838,7 @@ static struct xt_target arpt_builtin_tg[] __read_mostly = { | |||
1838 | #endif | 1838 | #endif |
1839 | }, | 1839 | }, |
1840 | { | 1840 | { |
1841 | .name = ARPT_ERROR_TARGET, | 1841 | .name = XT_ERROR_TARGET, |
1842 | .target = arpt_error, | 1842 | .target = arpt_error, |
1843 | .targetsize = XT_FUNCTION_MAXNAMELEN, | 1843 | .targetsize = XT_FUNCTION_MAXNAMELEN, |
1844 | .family = NFPROTO_ARP, | 1844 | .family = NFPROTO_ARP, |
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c index e1be7dd1171b..b8ddcc480ed9 100644 --- a/net/ipv4/netfilter/arpt_mangle.c +++ b/net/ipv4/netfilter/arpt_mangle.c | |||
@@ -63,7 +63,7 @@ static int checkentry(const struct xt_tgchk_param *par) | |||
63 | return false; | 63 | return false; |
64 | 64 | ||
65 | if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT && | 65 | if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT && |
66 | mangle->target != ARPT_CONTINUE) | 66 | mangle->target != XT_CONTINUE) |
67 | return false; | 67 | return false; |
68 | return true; | 68 | return true; |
69 | } | 69 | } |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index cb108880050a..d31b007a6d80 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -232,7 +232,7 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e, | |||
232 | { | 232 | { |
233 | const struct xt_standard_target *t = (void *)ipt_get_target_c(s); | 233 | const struct xt_standard_target *t = (void *)ipt_get_target_c(s); |
234 | 234 | ||
235 | if (strcmp(t->target.u.kernel.target->name, IPT_ERROR_TARGET) == 0) { | 235 | if (strcmp(t->target.u.kernel.target->name, XT_ERROR_TARGET) == 0) { |
236 | /* Head of user chain: ERROR target with chainname */ | 236 | /* Head of user chain: ERROR target with chainname */ |
237 | *chainname = t->target.data; | 237 | *chainname = t->target.data; |
238 | (*rulenum) = 0; | 238 | (*rulenum) = 0; |
@@ -241,7 +241,7 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e, | |||
241 | 241 | ||
242 | if (s->target_offset == sizeof(struct ipt_entry) && | 242 | if (s->target_offset == sizeof(struct ipt_entry) && |
243 | strcmp(t->target.u.kernel.target->name, | 243 | strcmp(t->target.u.kernel.target->name, |
244 | IPT_STANDARD_TARGET) == 0 && | 244 | XT_STANDARD_TARGET) == 0 && |
245 | t->verdict < 0 && | 245 | t->verdict < 0 && |
246 | unconditional(&s->ip)) { | 246 | unconditional(&s->ip)) { |
247 | /* Tail of chains: STANDARD target (return/policy) */ | 247 | /* Tail of chains: STANDARD target (return/policy) */ |
@@ -383,7 +383,7 @@ ipt_do_table(struct sk_buff *skb, | |||
383 | v = ((struct xt_standard_target *)t)->verdict; | 383 | v = ((struct xt_standard_target *)t)->verdict; |
384 | if (v < 0) { | 384 | if (v < 0) { |
385 | /* Pop from stack? */ | 385 | /* Pop from stack? */ |
386 | if (v != IPT_RETURN) { | 386 | if (v != XT_RETURN) { |
387 | verdict = (unsigned)(-v) - 1; | 387 | verdict = (unsigned)(-v) - 1; |
388 | break; | 388 | break; |
389 | } | 389 | } |
@@ -421,7 +421,7 @@ ipt_do_table(struct sk_buff *skb, | |||
421 | verdict = t->u.kernel.target->target(skb, &acpar); | 421 | verdict = t->u.kernel.target->target(skb, &acpar); |
422 | /* Target might have changed stuff. */ | 422 | /* Target might have changed stuff. */ |
423 | ip = ip_hdr(skb); | 423 | ip = ip_hdr(skb); |
424 | if (verdict == IPT_CONTINUE) | 424 | if (verdict == XT_CONTINUE) |
425 | e = ipt_next_entry(e); | 425 | e = ipt_next_entry(e); |
426 | else | 426 | else |
427 | /* Verdict */ | 427 | /* Verdict */ |
@@ -475,13 +475,13 @@ mark_source_chains(const struct xt_table_info *newinfo, | |||
475 | /* Unconditional return/END. */ | 475 | /* Unconditional return/END. */ |
476 | if ((e->target_offset == sizeof(struct ipt_entry) && | 476 | if ((e->target_offset == sizeof(struct ipt_entry) && |
477 | (strcmp(t->target.u.user.name, | 477 | (strcmp(t->target.u.user.name, |
478 | IPT_STANDARD_TARGET) == 0) && | 478 | XT_STANDARD_TARGET) == 0) && |
479 | t->verdict < 0 && unconditional(&e->ip)) || | 479 | t->verdict < 0 && unconditional(&e->ip)) || |
480 | visited) { | 480 | visited) { |
481 | unsigned int oldpos, size; | 481 | unsigned int oldpos, size; |
482 | 482 | ||
483 | if ((strcmp(t->target.u.user.name, | 483 | if ((strcmp(t->target.u.user.name, |
484 | IPT_STANDARD_TARGET) == 0) && | 484 | XT_STANDARD_TARGET) == 0) && |
485 | t->verdict < -NF_MAX_VERDICT - 1) { | 485 | t->verdict < -NF_MAX_VERDICT - 1) { |
486 | duprintf("mark_source_chains: bad " | 486 | duprintf("mark_source_chains: bad " |
487 | "negative verdict (%i)\n", | 487 | "negative verdict (%i)\n", |
@@ -524,7 +524,7 @@ mark_source_chains(const struct xt_table_info *newinfo, | |||
524 | int newpos = t->verdict; | 524 | int newpos = t->verdict; |
525 | 525 | ||
526 | if (strcmp(t->target.u.user.name, | 526 | if (strcmp(t->target.u.user.name, |
527 | IPT_STANDARD_TARGET) == 0 && | 527 | XT_STANDARD_TARGET) == 0 && |
528 | newpos >= 0) { | 528 | newpos >= 0) { |
529 | if (newpos > newinfo->size - | 529 | if (newpos > newinfo->size - |
530 | sizeof(struct ipt_entry)) { | 530 | sizeof(struct ipt_entry)) { |
@@ -2176,7 +2176,7 @@ static int icmp_checkentry(const struct xt_mtchk_param *par) | |||
2176 | 2176 | ||
2177 | static struct xt_target ipt_builtin_tg[] __read_mostly = { | 2177 | static struct xt_target ipt_builtin_tg[] __read_mostly = { |
2178 | { | 2178 | { |
2179 | .name = IPT_STANDARD_TARGET, | 2179 | .name = XT_STANDARD_TARGET, |
2180 | .targetsize = sizeof(int), | 2180 | .targetsize = sizeof(int), |
2181 | .family = NFPROTO_IPV4, | 2181 | .family = NFPROTO_IPV4, |
2182 | #ifdef CONFIG_COMPAT | 2182 | #ifdef CONFIG_COMPAT |
@@ -2186,7 +2186,7 @@ static struct xt_target ipt_builtin_tg[] __read_mostly = { | |||
2186 | #endif | 2186 | #endif |
2187 | }, | 2187 | }, |
2188 | { | 2188 | { |
2189 | .name = IPT_ERROR_TARGET, | 2189 | .name = XT_ERROR_TARGET, |
2190 | .target = ipt_error, | 2190 | .target = ipt_error, |
2191 | .targetsize = XT_FUNCTION_MAXNAMELEN, | 2191 | .targetsize = XT_FUNCTION_MAXNAMELEN, |
2192 | .family = NFPROTO_IPV4, | 2192 | .family = NFPROTO_IPV4, |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index c7334c10a4b3..c683e9e7023b 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -262,7 +262,7 @@ get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e, | |||
262 | { | 262 | { |
263 | const struct xt_standard_target *t = (void *)ip6t_get_target_c(s); | 263 | const struct xt_standard_target *t = (void *)ip6t_get_target_c(s); |
264 | 264 | ||
265 | if (strcmp(t->target.u.kernel.target->name, IP6T_ERROR_TARGET) == 0) { | 265 | if (strcmp(t->target.u.kernel.target->name, XT_ERROR_TARGET) == 0) { |
266 | /* Head of user chain: ERROR target with chainname */ | 266 | /* Head of user chain: ERROR target with chainname */ |
267 | *chainname = t->target.data; | 267 | *chainname = t->target.data; |
268 | (*rulenum) = 0; | 268 | (*rulenum) = 0; |
@@ -271,7 +271,7 @@ get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e, | |||
271 | 271 | ||
272 | if (s->target_offset == sizeof(struct ip6t_entry) && | 272 | if (s->target_offset == sizeof(struct ip6t_entry) && |
273 | strcmp(t->target.u.kernel.target->name, | 273 | strcmp(t->target.u.kernel.target->name, |
274 | IP6T_STANDARD_TARGET) == 0 && | 274 | XT_STANDARD_TARGET) == 0 && |
275 | t->verdict < 0 && | 275 | t->verdict < 0 && |
276 | unconditional(&s->ipv6)) { | 276 | unconditional(&s->ipv6)) { |
277 | /* Tail of chains: STANDARD target (return/policy) */ | 277 | /* Tail of chains: STANDARD target (return/policy) */ |
@@ -406,7 +406,7 @@ ip6t_do_table(struct sk_buff *skb, | |||
406 | v = ((struct xt_standard_target *)t)->verdict; | 406 | v = ((struct xt_standard_target *)t)->verdict; |
407 | if (v < 0) { | 407 | if (v < 0) { |
408 | /* Pop from stack? */ | 408 | /* Pop from stack? */ |
409 | if (v != IP6T_RETURN) { | 409 | if (v != XT_RETURN) { |
410 | verdict = (unsigned)(-v) - 1; | 410 | verdict = (unsigned)(-v) - 1; |
411 | break; | 411 | break; |
412 | } | 412 | } |
@@ -434,7 +434,7 @@ ip6t_do_table(struct sk_buff *skb, | |||
434 | acpar.targinfo = t->data; | 434 | acpar.targinfo = t->data; |
435 | 435 | ||
436 | verdict = t->u.kernel.target->target(skb, &acpar); | 436 | verdict = t->u.kernel.target->target(skb, &acpar); |
437 | if (verdict == IP6T_CONTINUE) | 437 | if (verdict == XT_CONTINUE) |
438 | e = ip6t_next_entry(e); | 438 | e = ip6t_next_entry(e); |
439 | else | 439 | else |
440 | /* Verdict */ | 440 | /* Verdict */ |
@@ -488,13 +488,13 @@ mark_source_chains(const struct xt_table_info *newinfo, | |||
488 | /* Unconditional return/END. */ | 488 | /* Unconditional return/END. */ |
489 | if ((e->target_offset == sizeof(struct ip6t_entry) && | 489 | if ((e->target_offset == sizeof(struct ip6t_entry) && |
490 | (strcmp(t->target.u.user.name, | 490 | (strcmp(t->target.u.user.name, |
491 | IP6T_STANDARD_TARGET) == 0) && | 491 | XT_STANDARD_TARGET) == 0) && |
492 | t->verdict < 0 && | 492 | t->verdict < 0 && |
493 | unconditional(&e->ipv6)) || visited) { | 493 | unconditional(&e->ipv6)) || visited) { |
494 | unsigned int oldpos, size; | 494 | unsigned int oldpos, size; |
495 | 495 | ||
496 | if ((strcmp(t->target.u.user.name, | 496 | if ((strcmp(t->target.u.user.name, |
497 | IP6T_STANDARD_TARGET) == 0) && | 497 | XT_STANDARD_TARGET) == 0) && |
498 | t->verdict < -NF_MAX_VERDICT - 1) { | 498 | t->verdict < -NF_MAX_VERDICT - 1) { |
499 | duprintf("mark_source_chains: bad " | 499 | duprintf("mark_source_chains: bad " |
500 | "negative verdict (%i)\n", | 500 | "negative verdict (%i)\n", |
@@ -537,7 +537,7 @@ mark_source_chains(const struct xt_table_info *newinfo, | |||
537 | int newpos = t->verdict; | 537 | int newpos = t->verdict; |
538 | 538 | ||
539 | if (strcmp(t->target.u.user.name, | 539 | if (strcmp(t->target.u.user.name, |
540 | IP6T_STANDARD_TARGET) == 0 && | 540 | XT_STANDARD_TARGET) == 0 && |
541 | newpos >= 0) { | 541 | newpos >= 0) { |
542 | if (newpos > newinfo->size - | 542 | if (newpos > newinfo->size - |
543 | sizeof(struct ip6t_entry)) { | 543 | sizeof(struct ip6t_entry)) { |
@@ -2191,7 +2191,7 @@ static int icmp6_checkentry(const struct xt_mtchk_param *par) | |||
2191 | /* The built-in targets: standard (NULL) and error. */ | 2191 | /* The built-in targets: standard (NULL) and error. */ |
2192 | static struct xt_target ip6t_builtin_tg[] __read_mostly = { | 2192 | static struct xt_target ip6t_builtin_tg[] __read_mostly = { |
2193 | { | 2193 | { |
2194 | .name = IP6T_STANDARD_TARGET, | 2194 | .name = XT_STANDARD_TARGET, |
2195 | .targetsize = sizeof(int), | 2195 | .targetsize = sizeof(int), |
2196 | .family = NFPROTO_IPV6, | 2196 | .family = NFPROTO_IPV6, |
2197 | #ifdef CONFIG_COMPAT | 2197 | #ifdef CONFIG_COMPAT |
@@ -2201,7 +2201,7 @@ static struct xt_target ip6t_builtin_tg[] __read_mostly = { | |||
2201 | #endif | 2201 | #endif |
2202 | }, | 2202 | }, |
2203 | { | 2203 | { |
2204 | .name = IP6T_ERROR_TARGET, | 2204 | .name = XT_ERROR_TARGET, |
2205 | .target = ip6t_error, | 2205 | .target = ip6t_error, |
2206 | .targetsize = XT_FUNCTION_MAXNAMELEN, | 2206 | .targetsize = XT_FUNCTION_MAXNAMELEN, |
2207 | .family = NFPROTO_IPV6, | 2207 | .family = NFPROTO_IPV6, |
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c index f6d464f993ef..8daef9632255 100644 --- a/net/sched/act_ipt.c +++ b/net/sched/act_ipt.c | |||
@@ -230,7 +230,7 @@ static int tcf_ipt(struct sk_buff *skb, struct tc_action *a, | |||
230 | result = TC_ACT_SHOT; | 230 | result = TC_ACT_SHOT; |
231 | ipt->tcf_qstats.drops++; | 231 | ipt->tcf_qstats.drops++; |
232 | break; | 232 | break; |
233 | case IPT_CONTINUE: | 233 | case XT_CONTINUE: |
234 | result = TC_ACT_PIPE; | 234 | result = TC_ACT_PIPE; |
235 | break; | 235 | break; |
236 | default: | 236 | default: |