aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter_arp/arp_tables.h33
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h69
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h69
-rw-r--r--net/ipv4/netfilter/arp_tables.c14
-rw-r--r--net/ipv4/netfilter/arpt_mangle.c2
-rw-r--r--net/ipv4/netfilter/ip_tables.c18
-rw-r--r--net/ipv6/netfilter/ip6_tables.c18
-rw-r--r--net/sched/act_ipt.c2
8 files changed, 94 insertions, 131 deletions
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index 7e193c9241b3..6e2341a811d6 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -26,6 +26,14 @@
26#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN 26#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
27#define arpt_entry_target xt_entry_target 27#define arpt_entry_target xt_entry_target
28#define arpt_standard_target xt_standard_target 28#define arpt_standard_target xt_standard_target
29#define ARPT_CONTINUE XT_CONTINUE
30#define ARPT_RETURN XT_RETURN
31#define arpt_counters_info xt_counters_info
32#define arpt_counters xt_counters
33#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
34#define ARPT_ERROR_TARGET XT_ERROR_TARGET
35#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
36 XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
29#endif 37#endif
30 38
31#define ARPT_DEV_ADDR_LEN_MAX 16 39#define ARPT_DEV_ADDR_LEN_MAX 16
@@ -126,12 +134,6 @@ struct arpt_entry
126#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3) 134#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3)
127#define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET) 135#define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET)
128 136
129/* CONTINUE verdict for targets */
130#define ARPT_CONTINUE XT_CONTINUE
131
132/* For standard target */
133#define ARPT_RETURN XT_RETURN
134
135/* The argument to ARPT_SO_GET_INFO */ 137/* The argument to ARPT_SO_GET_INFO */
136struct arpt_getinfo { 138struct arpt_getinfo {
137 /* Which table: caller fills this in. */ 139 /* Which table: caller fills this in. */
@@ -185,10 +187,6 @@ struct arpt_replace {
185 struct arpt_entry entries[0]; 187 struct arpt_entry entries[0];
186}; 188};
187 189
188/* The argument to ARPT_SO_ADD_COUNTERS. */
189#define arpt_counters_info xt_counters_info
190#define arpt_counters xt_counters
191
192/* The argument to ARPT_SO_GET_ENTRIES. */ 190/* The argument to ARPT_SO_GET_ENTRIES. */
193struct arpt_get_entries { 191struct arpt_get_entries {
194 /* Which table: user fills this in. */ 192 /* Which table: user fills this in. */
@@ -201,23 +199,12 @@ struct arpt_get_entries {
201 struct arpt_entry entrytable[0]; 199 struct arpt_entry entrytable[0];
202}; 200};
203 201
204/* Standard return verdict, or do jump. */
205#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
206/* Error verdict. */
207#define ARPT_ERROR_TARGET XT_ERROR_TARGET
208
209/* Helper functions */ 202/* Helper functions */
210static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e) 203static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e)
211{ 204{
212 return (void *)e + e->target_offset; 205 return (void *)e + e->target_offset;
213} 206}
214 207
215#ifndef __KERNEL__
216/* fn returns 0 to continue iteration */
217#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
218 XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
219#endif
220
221/* 208/*
222 * Main firewall chains definitions and global var's definitions. 209 * Main firewall chains definitions and global var's definitions.
223 */ 210 */
@@ -248,7 +235,7 @@ struct arpt_error {
248#define ARPT_STANDARD_INIT(__verdict) \ 235#define ARPT_STANDARD_INIT(__verdict) \
249{ \ 236{ \
250 .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \ 237 .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \
251 .target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \ 238 .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \
252 sizeof(struct xt_standard_target)), \ 239 sizeof(struct xt_standard_target)), \
253 .target.verdict = -(__verdict) - 1, \ 240 .target.verdict = -(__verdict) - 1, \
254} 241}
@@ -256,7 +243,7 @@ struct arpt_error {
256#define ARPT_ERROR_INIT \ 243#define ARPT_ERROR_INIT \
257{ \ 244{ \
258 .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_error)), \ 245 .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_error)), \
259 .target = XT_TARGET_INIT(ARPT_ERROR_TARGET, \ 246 .target = XT_TARGET_INIT(XT_ERROR_TARGET, \
260 sizeof(struct arpt_error_target)), \ 247 sizeof(struct arpt_error_target)), \
261 .target.errorname = "ERROR", \ 248 .target.errorname = "ERROR", \
262} 249}
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index ec506918a9b9..ee54b3b7e237 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -38,6 +38,36 @@
38#define ipt_entry_target xt_entry_target 38#define ipt_entry_target xt_entry_target
39#define ipt_standard_target xt_standard_target 39#define ipt_standard_target xt_standard_target
40#define ipt_counters xt_counters 40#define ipt_counters xt_counters
41#define IPT_CONTINUE XT_CONTINUE
42#define IPT_RETURN XT_RETURN
43
44/* This group is older than old (iptables < v1.4.0-rc1~89) */
45#include <linux/netfilter/xt_tcpudp.h>
46#define ipt_udp xt_udp
47#define ipt_tcp xt_tcp
48#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
49#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
50#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
51#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
52#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
53#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
54#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
55#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
56
57/* The argument to IPT_SO_ADD_COUNTERS. */
58#define ipt_counters_info xt_counters_info
59/* Standard return verdict, or do jump. */
60#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
61/* Error verdict. */
62#define IPT_ERROR_TARGET XT_ERROR_TARGET
63
64/* fn returns 0 to continue iteration */
65#define IPT_MATCH_ITERATE(e, fn, args...) \
66 XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
67
68/* fn returns 0 to continue iteration */
69#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
70 XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
41#endif 71#endif
42 72
43/* Yes, Virginia, you have to zero the padding. */ 73/* Yes, Virginia, you have to zero the padding. */
@@ -116,23 +146,6 @@ struct ipt_entry {
116#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) 146#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
117#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET 147#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET
118 148
119#define IPT_CONTINUE XT_CONTINUE
120#define IPT_RETURN XT_RETURN
121
122#include <linux/netfilter/xt_tcpudp.h>
123#define ipt_udp xt_udp
124#define ipt_tcp xt_tcp
125
126#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
127#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
128#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
129#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
130#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
131
132#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
133#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
134#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
135
136/* ICMP matching stuff */ 149/* ICMP matching stuff */
137struct ipt_icmp { 150struct ipt_icmp {
138 u_int8_t type; /* type to match */ 151 u_int8_t type; /* type to match */
@@ -196,9 +209,6 @@ struct ipt_replace {
196 struct ipt_entry entries[0]; 209 struct ipt_entry entries[0];
197}; 210};
198 211
199/* The argument to IPT_SO_ADD_COUNTERS. */
200#define ipt_counters_info xt_counters_info
201
202/* The argument to IPT_SO_GET_ENTRIES. */ 212/* The argument to IPT_SO_GET_ENTRIES. */
203struct ipt_get_entries { 213struct ipt_get_entries {
204 /* Which table: user fills this in. */ 214 /* Which table: user fills this in. */
@@ -211,11 +221,6 @@ struct ipt_get_entries {
211 struct ipt_entry entrytable[0]; 221 struct ipt_entry entrytable[0];
212}; 222};
213 223
214/* Standard return verdict, or do jump. */
215#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
216/* Error verdict. */
217#define IPT_ERROR_TARGET XT_ERROR_TARGET
218
219/* Helper functions */ 224/* Helper functions */
220static __inline__ struct xt_entry_target * 225static __inline__ struct xt_entry_target *
221ipt_get_target(struct ipt_entry *e) 226ipt_get_target(struct ipt_entry *e)
@@ -223,16 +228,6 @@ ipt_get_target(struct ipt_entry *e)
223 return (void *)e + e->target_offset; 228 return (void *)e + e->target_offset;
224} 229}
225 230
226#ifndef __KERNEL__
227/* fn returns 0 to continue iteration */
228#define IPT_MATCH_ITERATE(e, fn, args...) \
229 XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
230
231/* fn returns 0 to continue iteration */
232#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
233 XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
234#endif
235
236/* 231/*
237 * Main firewall chains definitions and global var's definitions. 232 * Main firewall chains definitions and global var's definitions.
238 */ 233 */
@@ -271,7 +266,7 @@ struct ipt_error {
271#define IPT_STANDARD_INIT(__verdict) \ 266#define IPT_STANDARD_INIT(__verdict) \
272{ \ 267{ \
273 .entry = IPT_ENTRY_INIT(sizeof(struct ipt_standard)), \ 268 .entry = IPT_ENTRY_INIT(sizeof(struct ipt_standard)), \
274 .target = XT_TARGET_INIT(IPT_STANDARD_TARGET, \ 269 .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \
275 sizeof(struct xt_standard_target)), \ 270 sizeof(struct xt_standard_target)), \
276 .target.verdict = -(__verdict) - 1, \ 271 .target.verdict = -(__verdict) - 1, \
277} 272}
@@ -279,7 +274,7 @@ struct ipt_error {
279#define IPT_ERROR_INIT \ 274#define IPT_ERROR_INIT \
280{ \ 275{ \
281 .entry = IPT_ENTRY_INIT(sizeof(struct ipt_error)), \ 276 .entry = IPT_ENTRY_INIT(sizeof(struct ipt_error)), \
282 .target = XT_TARGET_INIT(IPT_ERROR_TARGET, \ 277 .target = XT_TARGET_INIT(XT_ERROR_TARGET, \
283 sizeof(struct ipt_error_target)), \ 278 sizeof(struct ipt_error_target)), \
284 .target.errorname = "ERROR", \ 279 .target.errorname = "ERROR", \
285} 280}
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index 40d11fa05840..ac2b411ea63a 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -38,6 +38,29 @@
38#define ip6t_entry_target xt_entry_target 38#define ip6t_entry_target xt_entry_target
39#define ip6t_standard_target xt_standard_target 39#define ip6t_standard_target xt_standard_target
40#define ip6t_counters xt_counters 40#define ip6t_counters xt_counters
41#define IP6T_CONTINUE XT_CONTINUE
42#define IP6T_RETURN XT_RETURN
43
44/* Pre-iptables-1.4.0 */
45#include <linux/netfilter/xt_tcpudp.h>
46#define ip6t_tcp xt_tcp
47#define ip6t_udp xt_udp
48#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
49#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
50#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
51#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
52#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
53#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
54#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
55#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
56
57#define ip6t_counters_info xt_counters_info
58#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
59#define IP6T_ERROR_TARGET XT_ERROR_TARGET
60#define IP6T_MATCH_ITERATE(e, fn, args...) \
61 XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
62#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
63 XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
41#endif 64#endif
42 65
43/* Yes, Virginia, you have to zero the padding. */ 66/* Yes, Virginia, you have to zero the padding. */
@@ -133,7 +156,7 @@ struct ip6t_error {
133#define IP6T_STANDARD_INIT(__verdict) \ 156#define IP6T_STANDARD_INIT(__verdict) \
134{ \ 157{ \
135 .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \ 158 .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
136 .target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \ 159 .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \
137 sizeof(struct xt_standard_target)), \ 160 sizeof(struct xt_standard_target)), \
138 .target.verdict = -(__verdict) - 1, \ 161 .target.verdict = -(__verdict) - 1, \
139} 162}
@@ -141,7 +164,7 @@ struct ip6t_error {
141#define IP6T_ERROR_INIT \ 164#define IP6T_ERROR_INIT \
142{ \ 165{ \
143 .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \ 166 .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \
144 .target = XT_TARGET_INIT(IP6T_ERROR_TARGET, \ 167 .target = XT_TARGET_INIT(XT_ERROR_TARGET, \
145 sizeof(struct ip6t_error_target)), \ 168 sizeof(struct ip6t_error_target)), \
146 .target.errorname = "ERROR", \ 169 .target.errorname = "ERROR", \
147} 170}
@@ -165,30 +188,6 @@ struct ip6t_error {
165#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5) 188#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5)
166#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET 189#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET
167 190
168/* CONTINUE verdict for targets */
169#define IP6T_CONTINUE XT_CONTINUE
170
171/* For standard target */
172#define IP6T_RETURN XT_RETURN
173
174/* TCP/UDP matching stuff */
175#include <linux/netfilter/xt_tcpudp.h>
176
177#define ip6t_tcp xt_tcp
178#define ip6t_udp xt_udp
179
180/* Values for "inv" field in struct ipt_tcp. */
181#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
182#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
183#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
184#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
185#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
186
187/* Values for "invflags" field in struct ipt_udp. */
188#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
189#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
190#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
191
192/* ICMP matching stuff */ 191/* ICMP matching stuff */
193struct ip6t_icmp { 192struct ip6t_icmp {
194 u_int8_t type; /* type to match */ 193 u_int8_t type; /* type to match */
@@ -252,9 +251,6 @@ struct ip6t_replace {
252 struct ip6t_entry entries[0]; 251 struct ip6t_entry entries[0];
253}; 252};
254 253
255/* The argument to IP6T_SO_ADD_COUNTERS. */
256#define ip6t_counters_info xt_counters_info
257
258/* The argument to IP6T_SO_GET_ENTRIES. */ 254/* The argument to IP6T_SO_GET_ENTRIES. */
259struct ip6t_get_entries { 255struct ip6t_get_entries {
260 /* Which table: user fills this in. */ 256 /* Which table: user fills this in. */
@@ -267,11 +263,6 @@ struct ip6t_get_entries {
267 struct ip6t_entry entrytable[0]; 263 struct ip6t_entry entrytable[0];
268}; 264};
269 265
270/* Standard return verdict, or do jump. */
271#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
272/* Error verdict. */
273#define IP6T_ERROR_TARGET XT_ERROR_TARGET
274
275/* Helper functions */ 266/* Helper functions */
276static __inline__ struct xt_entry_target * 267static __inline__ struct xt_entry_target *
277ip6t_get_target(struct ip6t_entry *e) 268ip6t_get_target(struct ip6t_entry *e)
@@ -279,16 +270,6 @@ ip6t_get_target(struct ip6t_entry *e)
279 return (void *)e + e->target_offset; 270 return (void *)e + e->target_offset;
280} 271}
281 272
282#ifndef __KERNEL__
283/* fn returns 0 to continue iteration */
284#define IP6T_MATCH_ITERATE(e, fn, args...) \
285 XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
286
287/* fn returns 0 to continue iteration */
288#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
289 XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
290#endif
291
292/* 273/*
293 * Main firewall chains definitions and global var's definitions. 274 * Main firewall chains definitions and global var's definitions.
294 */ 275 */
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index ed178cbe6626..d756edae59ec 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -300,7 +300,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
300 v = ((struct xt_standard_target *)t)->verdict; 300 v = ((struct xt_standard_target *)t)->verdict;
301 if (v < 0) { 301 if (v < 0) {
302 /* Pop from stack? */ 302 /* Pop from stack? */
303 if (v != ARPT_RETURN) { 303 if (v != XT_RETURN) {
304 verdict = (unsigned)(-v) - 1; 304 verdict = (unsigned)(-v) - 1;
305 break; 305 break;
306 } 306 }
@@ -332,7 +332,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
332 /* Target might have changed stuff. */ 332 /* Target might have changed stuff. */
333 arp = arp_hdr(skb); 333 arp = arp_hdr(skb);
334 334
335 if (verdict == ARPT_CONTINUE) 335 if (verdict == XT_CONTINUE)
336 e = arpt_next_entry(e); 336 e = arpt_next_entry(e);
337 else 337 else
338 /* Verdict */ 338 /* Verdict */
@@ -392,13 +392,13 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
392 /* Unconditional return/END. */ 392 /* Unconditional return/END. */
393 if ((e->target_offset == sizeof(struct arpt_entry) && 393 if ((e->target_offset == sizeof(struct arpt_entry) &&
394 (strcmp(t->target.u.user.name, 394 (strcmp(t->target.u.user.name,
395 ARPT_STANDARD_TARGET) == 0) && 395 XT_STANDARD_TARGET) == 0) &&
396 t->verdict < 0 && unconditional(&e->arp)) || 396 t->verdict < 0 && unconditional(&e->arp)) ||
397 visited) { 397 visited) {
398 unsigned int oldpos, size; 398 unsigned int oldpos, size;
399 399
400 if ((strcmp(t->target.u.user.name, 400 if ((strcmp(t->target.u.user.name,
401 ARPT_STANDARD_TARGET) == 0) && 401 XT_STANDARD_TARGET) == 0) &&
402 t->verdict < -NF_MAX_VERDICT - 1) { 402 t->verdict < -NF_MAX_VERDICT - 1) {
403 duprintf("mark_source_chains: bad " 403 duprintf("mark_source_chains: bad "
404 "negative verdict (%i)\n", 404 "negative verdict (%i)\n",
@@ -433,7 +433,7 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
433 int newpos = t->verdict; 433 int newpos = t->verdict;
434 434
435 if (strcmp(t->target.u.user.name, 435 if (strcmp(t->target.u.user.name,
436 ARPT_STANDARD_TARGET) == 0 && 436 XT_STANDARD_TARGET) == 0 &&
437 newpos >= 0) { 437 newpos >= 0) {
438 if (newpos > newinfo->size - 438 if (newpos > newinfo->size -
439 sizeof(struct arpt_entry)) { 439 sizeof(struct arpt_entry)) {
@@ -1828,7 +1828,7 @@ void arpt_unregister_table(struct xt_table *table)
1828/* The built-in targets: standard (NULL) and error. */ 1828/* The built-in targets: standard (NULL) and error. */
1829static struct xt_target arpt_builtin_tg[] __read_mostly = { 1829static struct xt_target arpt_builtin_tg[] __read_mostly = {
1830 { 1830 {
1831 .name = ARPT_STANDARD_TARGET, 1831 .name = XT_STANDARD_TARGET,
1832 .targetsize = sizeof(int), 1832 .targetsize = sizeof(int),
1833 .family = NFPROTO_ARP, 1833 .family = NFPROTO_ARP,
1834#ifdef CONFIG_COMPAT 1834#ifdef CONFIG_COMPAT
@@ -1838,7 +1838,7 @@ static struct xt_target arpt_builtin_tg[] __read_mostly = {
1838#endif 1838#endif
1839 }, 1839 },
1840 { 1840 {
1841 .name = ARPT_ERROR_TARGET, 1841 .name = XT_ERROR_TARGET,
1842 .target = arpt_error, 1842 .target = arpt_error,
1843 .targetsize = XT_FUNCTION_MAXNAMELEN, 1843 .targetsize = XT_FUNCTION_MAXNAMELEN,
1844 .family = NFPROTO_ARP, 1844 .family = NFPROTO_ARP,
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c
index e1be7dd1171b..b8ddcc480ed9 100644
--- a/net/ipv4/netfilter/arpt_mangle.c
+++ b/net/ipv4/netfilter/arpt_mangle.c
@@ -63,7 +63,7 @@ static int checkentry(const struct xt_tgchk_param *par)
63 return false; 63 return false;
64 64
65 if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT && 65 if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT &&
66 mangle->target != ARPT_CONTINUE) 66 mangle->target != XT_CONTINUE)
67 return false; 67 return false;
68 return true; 68 return true;
69} 69}
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index cb108880050a..d31b007a6d80 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -232,7 +232,7 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e,
232{ 232{
233 const struct xt_standard_target *t = (void *)ipt_get_target_c(s); 233 const struct xt_standard_target *t = (void *)ipt_get_target_c(s);
234 234
235 if (strcmp(t->target.u.kernel.target->name, IPT_ERROR_TARGET) == 0) { 235 if (strcmp(t->target.u.kernel.target->name, XT_ERROR_TARGET) == 0) {
236 /* Head of user chain: ERROR target with chainname */ 236 /* Head of user chain: ERROR target with chainname */
237 *chainname = t->target.data; 237 *chainname = t->target.data;
238 (*rulenum) = 0; 238 (*rulenum) = 0;
@@ -241,7 +241,7 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e,
241 241
242 if (s->target_offset == sizeof(struct ipt_entry) && 242 if (s->target_offset == sizeof(struct ipt_entry) &&
243 strcmp(t->target.u.kernel.target->name, 243 strcmp(t->target.u.kernel.target->name,
244 IPT_STANDARD_TARGET) == 0 && 244 XT_STANDARD_TARGET) == 0 &&
245 t->verdict < 0 && 245 t->verdict < 0 &&
246 unconditional(&s->ip)) { 246 unconditional(&s->ip)) {
247 /* Tail of chains: STANDARD target (return/policy) */ 247 /* Tail of chains: STANDARD target (return/policy) */
@@ -383,7 +383,7 @@ ipt_do_table(struct sk_buff *skb,
383 v = ((struct xt_standard_target *)t)->verdict; 383 v = ((struct xt_standard_target *)t)->verdict;
384 if (v < 0) { 384 if (v < 0) {
385 /* Pop from stack? */ 385 /* Pop from stack? */
386 if (v != IPT_RETURN) { 386 if (v != XT_RETURN) {
387 verdict = (unsigned)(-v) - 1; 387 verdict = (unsigned)(-v) - 1;
388 break; 388 break;
389 } 389 }
@@ -421,7 +421,7 @@ ipt_do_table(struct sk_buff *skb,
421 verdict = t->u.kernel.target->target(skb, &acpar); 421 verdict = t->u.kernel.target->target(skb, &acpar);
422 /* Target might have changed stuff. */ 422 /* Target might have changed stuff. */
423 ip = ip_hdr(skb); 423 ip = ip_hdr(skb);
424 if (verdict == IPT_CONTINUE) 424 if (verdict == XT_CONTINUE)
425 e = ipt_next_entry(e); 425 e = ipt_next_entry(e);
426 else 426 else
427 /* Verdict */ 427 /* Verdict */
@@ -475,13 +475,13 @@ mark_source_chains(const struct xt_table_info *newinfo,
475 /* Unconditional return/END. */ 475 /* Unconditional return/END. */
476 if ((e->target_offset == sizeof(struct ipt_entry) && 476 if ((e->target_offset == sizeof(struct ipt_entry) &&
477 (strcmp(t->target.u.user.name, 477 (strcmp(t->target.u.user.name,
478 IPT_STANDARD_TARGET) == 0) && 478 XT_STANDARD_TARGET) == 0) &&
479 t->verdict < 0 && unconditional(&e->ip)) || 479 t->verdict < 0 && unconditional(&e->ip)) ||
480 visited) { 480 visited) {
481 unsigned int oldpos, size; 481 unsigned int oldpos, size;
482 482
483 if ((strcmp(t->target.u.user.name, 483 if ((strcmp(t->target.u.user.name,
484 IPT_STANDARD_TARGET) == 0) && 484 XT_STANDARD_TARGET) == 0) &&
485 t->verdict < -NF_MAX_VERDICT - 1) { 485 t->verdict < -NF_MAX_VERDICT - 1) {
486 duprintf("mark_source_chains: bad " 486 duprintf("mark_source_chains: bad "
487 "negative verdict (%i)\n", 487 "negative verdict (%i)\n",
@@ -524,7 +524,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
524 int newpos = t->verdict; 524 int newpos = t->verdict;
525 525
526 if (strcmp(t->target.u.user.name, 526 if (strcmp(t->target.u.user.name,
527 IPT_STANDARD_TARGET) == 0 && 527 XT_STANDARD_TARGET) == 0 &&
528 newpos >= 0) { 528 newpos >= 0) {
529 if (newpos > newinfo->size - 529 if (newpos > newinfo->size -
530 sizeof(struct ipt_entry)) { 530 sizeof(struct ipt_entry)) {
@@ -2176,7 +2176,7 @@ static int icmp_checkentry(const struct xt_mtchk_param *par)
2176 2176
2177static struct xt_target ipt_builtin_tg[] __read_mostly = { 2177static struct xt_target ipt_builtin_tg[] __read_mostly = {
2178 { 2178 {
2179 .name = IPT_STANDARD_TARGET, 2179 .name = XT_STANDARD_TARGET,
2180 .targetsize = sizeof(int), 2180 .targetsize = sizeof(int),
2181 .family = NFPROTO_IPV4, 2181 .family = NFPROTO_IPV4,
2182#ifdef CONFIG_COMPAT 2182#ifdef CONFIG_COMPAT
@@ -2186,7 +2186,7 @@ static struct xt_target ipt_builtin_tg[] __read_mostly = {
2186#endif 2186#endif
2187 }, 2187 },
2188 { 2188 {
2189 .name = IPT_ERROR_TARGET, 2189 .name = XT_ERROR_TARGET,
2190 .target = ipt_error, 2190 .target = ipt_error,
2191 .targetsize = XT_FUNCTION_MAXNAMELEN, 2191 .targetsize = XT_FUNCTION_MAXNAMELEN,
2192 .family = NFPROTO_IPV4, 2192 .family = NFPROTO_IPV4,
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index c7334c10a4b3..c683e9e7023b 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -262,7 +262,7 @@ get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e,
262{ 262{
263 const struct xt_standard_target *t = (void *)ip6t_get_target_c(s); 263 const struct xt_standard_target *t = (void *)ip6t_get_target_c(s);
264 264
265 if (strcmp(t->target.u.kernel.target->name, IP6T_ERROR_TARGET) == 0) { 265 if (strcmp(t->target.u.kernel.target->name, XT_ERROR_TARGET) == 0) {
266 /* Head of user chain: ERROR target with chainname */ 266 /* Head of user chain: ERROR target with chainname */
267 *chainname = t->target.data; 267 *chainname = t->target.data;
268 (*rulenum) = 0; 268 (*rulenum) = 0;
@@ -271,7 +271,7 @@ get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e,
271 271
272 if (s->target_offset == sizeof(struct ip6t_entry) && 272 if (s->target_offset == sizeof(struct ip6t_entry) &&
273 strcmp(t->target.u.kernel.target->name, 273 strcmp(t->target.u.kernel.target->name,
274 IP6T_STANDARD_TARGET) == 0 && 274 XT_STANDARD_TARGET) == 0 &&
275 t->verdict < 0 && 275 t->verdict < 0 &&
276 unconditional(&s->ipv6)) { 276 unconditional(&s->ipv6)) {
277 /* Tail of chains: STANDARD target (return/policy) */ 277 /* Tail of chains: STANDARD target (return/policy) */
@@ -406,7 +406,7 @@ ip6t_do_table(struct sk_buff *skb,
406 v = ((struct xt_standard_target *)t)->verdict; 406 v = ((struct xt_standard_target *)t)->verdict;
407 if (v < 0) { 407 if (v < 0) {
408 /* Pop from stack? */ 408 /* Pop from stack? */
409 if (v != IP6T_RETURN) { 409 if (v != XT_RETURN) {
410 verdict = (unsigned)(-v) - 1; 410 verdict = (unsigned)(-v) - 1;
411 break; 411 break;
412 } 412 }
@@ -434,7 +434,7 @@ ip6t_do_table(struct sk_buff *skb,
434 acpar.targinfo = t->data; 434 acpar.targinfo = t->data;
435 435
436 verdict = t->u.kernel.target->target(skb, &acpar); 436 verdict = t->u.kernel.target->target(skb, &acpar);
437 if (verdict == IP6T_CONTINUE) 437 if (verdict == XT_CONTINUE)
438 e = ip6t_next_entry(e); 438 e = ip6t_next_entry(e);
439 else 439 else
440 /* Verdict */ 440 /* Verdict */
@@ -488,13 +488,13 @@ mark_source_chains(const struct xt_table_info *newinfo,
488 /* Unconditional return/END. */ 488 /* Unconditional return/END. */
489 if ((e->target_offset == sizeof(struct ip6t_entry) && 489 if ((e->target_offset == sizeof(struct ip6t_entry) &&
490 (strcmp(t->target.u.user.name, 490 (strcmp(t->target.u.user.name,
491 IP6T_STANDARD_TARGET) == 0) && 491 XT_STANDARD_TARGET) == 0) &&
492 t->verdict < 0 && 492 t->verdict < 0 &&
493 unconditional(&e->ipv6)) || visited) { 493 unconditional(&e->ipv6)) || visited) {
494 unsigned int oldpos, size; 494 unsigned int oldpos, size;
495 495
496 if ((strcmp(t->target.u.user.name, 496 if ((strcmp(t->target.u.user.name,
497 IP6T_STANDARD_TARGET) == 0) && 497 XT_STANDARD_TARGET) == 0) &&
498 t->verdict < -NF_MAX_VERDICT - 1) { 498 t->verdict < -NF_MAX_VERDICT - 1) {
499 duprintf("mark_source_chains: bad " 499 duprintf("mark_source_chains: bad "
500 "negative verdict (%i)\n", 500 "negative verdict (%i)\n",
@@ -537,7 +537,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
537 int newpos = t->verdict; 537 int newpos = t->verdict;
538 538
539 if (strcmp(t->target.u.user.name, 539 if (strcmp(t->target.u.user.name,
540 IP6T_STANDARD_TARGET) == 0 && 540 XT_STANDARD_TARGET) == 0 &&
541 newpos >= 0) { 541 newpos >= 0) {
542 if (newpos > newinfo->size - 542 if (newpos > newinfo->size -
543 sizeof(struct ip6t_entry)) { 543 sizeof(struct ip6t_entry)) {
@@ -2191,7 +2191,7 @@ static int icmp6_checkentry(const struct xt_mtchk_param *par)
2191/* The built-in targets: standard (NULL) and error. */ 2191/* The built-in targets: standard (NULL) and error. */
2192static struct xt_target ip6t_builtin_tg[] __read_mostly = { 2192static struct xt_target ip6t_builtin_tg[] __read_mostly = {
2193 { 2193 {
2194 .name = IP6T_STANDARD_TARGET, 2194 .name = XT_STANDARD_TARGET,
2195 .targetsize = sizeof(int), 2195 .targetsize = sizeof(int),
2196 .family = NFPROTO_IPV6, 2196 .family = NFPROTO_IPV6,
2197#ifdef CONFIG_COMPAT 2197#ifdef CONFIG_COMPAT
@@ -2201,7 +2201,7 @@ static struct xt_target ip6t_builtin_tg[] __read_mostly = {
2201#endif 2201#endif
2202 }, 2202 },
2203 { 2203 {
2204 .name = IP6T_ERROR_TARGET, 2204 .name = XT_ERROR_TARGET,
2205 .target = ip6t_error, 2205 .target = ip6t_error,
2206 .targetsize = XT_FUNCTION_MAXNAMELEN, 2206 .targetsize = XT_FUNCTION_MAXNAMELEN,
2207 .family = NFPROTO_IPV6, 2207 .family = NFPROTO_IPV6,
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c
index f6d464f993ef..8daef9632255 100644
--- a/net/sched/act_ipt.c
+++ b/net/sched/act_ipt.c
@@ -230,7 +230,7 @@ static int tcf_ipt(struct sk_buff *skb, struct tc_action *a,
230 result = TC_ACT_SHOT; 230 result = TC_ACT_SHOT;
231 ipt->tcf_qstats.drops++; 231 ipt->tcf_qstats.drops++;
232 break; 232 break;
233 case IPT_CONTINUE: 233 case XT_CONTINUE:
234 result = TC_ACT_PIPE; 234 result = TC_ACT_PIPE;
235 break; 235 break;
236 default: 236 default: