aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter/x_tables.h8
-rw-r--r--net/ipv4/netfilter/arp_tables.c5
-rw-r--r--net/ipv4/netfilter/arpt_mangle.c2
-rw-r--r--net/ipv4/netfilter/ip_nat_rule.c2
-rw-r--r--net/ipv4/netfilter/ip_tables.c14
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c4
-rw-r--r--net/ipv4/netfilter/ipt_ECN.c1
-rw-r--r--net/ipv4/netfilter/ipt_LOG.c1
-rw-r--r--net/ipv4/netfilter/ipt_MASQUERADE.c1
-rw-r--r--net/ipv4/netfilter/ipt_NETMAP.c1
-rw-r--r--net/ipv4/netfilter/ipt_REDIRECT.c1
-rw-r--r--net/ipv4/netfilter/ipt_REJECT.c1
-rw-r--r--net/ipv4/netfilter/ipt_SAME.c4
-rw-r--r--net/ipv4/netfilter/ipt_TCPMSS.c1
-rw-r--r--net/ipv4/netfilter/ipt_TOS.c1
-rw-r--r--net/ipv4/netfilter/ipt_TTL.c1
-rw-r--r--net/ipv4/netfilter/ipt_ULOG.c1
-rw-r--r--net/ipv4/netfilter/ipt_ah.c1
-rw-r--r--net/ipv4/netfilter/ipt_ecn.c3
-rw-r--r--net/ipv4/netfilter/ipt_hashlimit.c4
-rw-r--r--net/ipv4/netfilter/ipt_owner.c1
-rw-r--r--net/ipv4/netfilter/ipt_recent.c5
-rw-r--r--net/ipv6/netfilter/ip6_tables.c10
-rw-r--r--net/ipv6/netfilter/ip6t_HL.c1
-rw-r--r--net/ipv6/netfilter/ip6t_LOG.c1
-rw-r--r--net/ipv6/netfilter/ip6t_REJECT.c1
-rw-r--r--net/ipv6/netfilter/ip6t_ah.c1
-rw-r--r--net/ipv6/netfilter/ip6t_dst.c1
-rw-r--r--net/ipv6/netfilter/ip6t_frag.c1
-rw-r--r--net/ipv6/netfilter/ip6t_hbh.c1
-rw-r--r--net/ipv6/netfilter/ip6t_ipv6header.c1
-rw-r--r--net/ipv6/netfilter/ip6t_owner.c1
-rw-r--r--net/ipv6/netfilter/ip6t_rt.c1
-rw-r--r--net/netfilter/xt_CONNMARK.c1
-rw-r--r--net/netfilter/xt_CONNSECMARK.c2
-rw-r--r--net/netfilter/xt_DSCP.c1
-rw-r--r--net/netfilter/xt_MARK.c2
-rw-r--r--net/netfilter/xt_SECMARK.c2
-rw-r--r--net/netfilter/xt_connbytes.c1
-rw-r--r--net/netfilter/xt_connmark.c3
-rw-r--r--net/netfilter/xt_conntrack.c3
-rw-r--r--net/netfilter/xt_dccp.c1
-rw-r--r--net/netfilter/xt_dscp.c1
-rw-r--r--net/netfilter/xt_esp.c1
-rw-r--r--net/netfilter/xt_helper.c3
-rw-r--r--net/netfilter/xt_limit.c1
-rw-r--r--net/netfilter/xt_mark.c1
-rw-r--r--net/netfilter/xt_multiport.c4
-rw-r--r--net/netfilter/xt_physdev.c1
-rw-r--r--net/netfilter/xt_policy.c3
-rw-r--r--net/netfilter/xt_quota.c2
-rw-r--r--net/netfilter/xt_sctp.c1
-rw-r--r--net/netfilter/xt_state.c3
-rw-r--r--net/netfilter/xt_statistic.c2
-rw-r--r--net/netfilter/xt_string.c4
-rw-r--r--net/netfilter/xt_tcpudp.c2
-rw-r--r--net/sched/act_ipt.c4
57 files changed, 26 insertions, 106 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 9cef0e91542b..9d97102a9347 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -174,12 +174,10 @@ struct xt_match
174 const void *ip, 174 const void *ip,
175 const struct xt_match *match, 175 const struct xt_match *match,
176 void *matchinfo, 176 void *matchinfo,
177 unsigned int matchinfosize,
178 unsigned int hook_mask); 177 unsigned int hook_mask);
179 178
180 /* Called when entry of this type deleted. */ 179 /* Called when entry of this type deleted. */
181 void (*destroy)(const struct xt_match *match, void *matchinfo, 180 void (*destroy)(const struct xt_match *match, void *matchinfo);
182 unsigned int matchinfosize);
183 181
184 /* Called when userspace align differs from kernel space one */ 182 /* Called when userspace align differs from kernel space one */
185 int (*compat)(void *match, void **dstptr, int *size, int convert); 183 int (*compat)(void *match, void **dstptr, int *size, int convert);
@@ -221,12 +219,10 @@ struct xt_target
221 const void *entry, 219 const void *entry,
222 const struct xt_target *target, 220 const struct xt_target *target,
223 void *targinfo, 221 void *targinfo,
224 unsigned int targinfosize,
225 unsigned int hook_mask); 222 unsigned int hook_mask);
226 223
227 /* Called when entry of this type deleted. */ 224 /* Called when entry of this type deleted. */
228 void (*destroy)(const struct xt_target *target, void *targinfo, 225 void (*destroy)(const struct xt_target *target, void *targinfo);
229 unsigned int targinfosize);
230 226
231 /* Called when userspace align differs from kernel space one */ 227 /* Called when userspace align differs from kernel space one */
232 int (*compat)(void *target, void **dstptr, int *size, int convert); 228 int (*compat)(void *target, void **dstptr, int *size, int convert);
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index c6bd270bf46a..4f10b06413a1 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -491,8 +491,6 @@ static inline int check_entry(struct arpt_entry *e, const char *name, unsigned i
491 } 491 }
492 } else if (t->u.kernel.target->checkentry 492 } else if (t->u.kernel.target->checkentry
493 && !t->u.kernel.target->checkentry(name, e, target, t->data, 493 && !t->u.kernel.target->checkentry(name, e, target, t->data,
494 t->u.target_size
495 - sizeof(*t),
496 e->comefrom)) { 494 e->comefrom)) {
497 duprintf("arp_tables: check failed for `%s'.\n", 495 duprintf("arp_tables: check failed for `%s'.\n",
498 t->u.kernel.target->name); 496 t->u.kernel.target->name);
@@ -559,8 +557,7 @@ static inline int cleanup_entry(struct arpt_entry *e, unsigned int *i)
559 557
560 t = arpt_get_target(e); 558 t = arpt_get_target(e);
561 if (t->u.kernel.target->destroy) 559 if (t->u.kernel.target->destroy)
562 t->u.kernel.target->destroy(t->u.kernel.target, t->data, 560 t->u.kernel.target->destroy(t->u.kernel.target, t->data);
563 t->u.target_size - sizeof(*t));
564 module_put(t->u.kernel.target->me); 561 module_put(t->u.kernel.target->me);
565 return 0; 562 return 0;
566} 563}
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c
index 05fb2421bb26..d12b1df252a1 100644
--- a/net/ipv4/netfilter/arpt_mangle.c
+++ b/net/ipv4/netfilter/arpt_mangle.c
@@ -67,7 +67,7 @@ target(struct sk_buff **pskb,
67 67
68static int 68static int
69checkentry(const char *tablename, const void *e, const struct xt_target *target, 69checkentry(const char *tablename, const void *e, const struct xt_target *target,
70 void *targinfo, unsigned int targinfosize, unsigned int hook_mask) 70 void *targinfo, unsigned int hook_mask)
71{ 71{
72 const struct arpt_mangle *mangle = targinfo; 72 const struct arpt_mangle *mangle = targinfo;
73 73
diff --git a/net/ipv4/netfilter/ip_nat_rule.c b/net/ipv4/netfilter/ip_nat_rule.c
index 1aa0e4f462a5..e59f5a8ecb6b 100644
--- a/net/ipv4/netfilter/ip_nat_rule.c
+++ b/net/ipv4/netfilter/ip_nat_rule.c
@@ -172,7 +172,6 @@ static int ipt_snat_checkentry(const char *tablename,
172 const void *entry, 172 const void *entry,
173 const struct ipt_target *target, 173 const struct ipt_target *target,
174 void *targinfo, 174 void *targinfo,
175 unsigned int targinfosize,
176 unsigned int hook_mask) 175 unsigned int hook_mask)
177{ 176{
178 struct ip_nat_multi_range_compat *mr = targinfo; 177 struct ip_nat_multi_range_compat *mr = targinfo;
@@ -189,7 +188,6 @@ static int ipt_dnat_checkentry(const char *tablename,
189 const void *entry, 188 const void *entry,
190 const struct ipt_target *target, 189 const struct ipt_target *target,
191 void *targinfo, 190 void *targinfo,
192 unsigned int targinfosize,
193 unsigned int hook_mask) 191 unsigned int hook_mask)
194{ 192{
195 struct ip_nat_multi_range_compat *mr = targinfo; 193 struct ip_nat_multi_range_compat *mr = targinfo;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 8ce5b6f76447..a0f36806998c 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -464,8 +464,7 @@ cleanup_match(struct ipt_entry_match *m, unsigned int *i)
464 return 1; 464 return 1;
465 465
466 if (m->u.kernel.match->destroy) 466 if (m->u.kernel.match->destroy)
467 m->u.kernel.match->destroy(m->u.kernel.match, m->data, 467 m->u.kernel.match->destroy(m->u.kernel.match, m->data);
468 m->u.match_size - sizeof(*m));
469 module_put(m->u.kernel.match->me); 468 module_put(m->u.kernel.match->me);
470 return 0; 469 return 0;
471} 470}
@@ -518,7 +517,6 @@ check_match(struct ipt_entry_match *m,
518 517
519 if (m->u.kernel.match->checkentry 518 if (m->u.kernel.match->checkentry
520 && !m->u.kernel.match->checkentry(name, ip, match, m->data, 519 && !m->u.kernel.match->checkentry(name, ip, match, m->data,
521 m->u.match_size - sizeof(*m),
522 hookmask)) { 520 hookmask)) {
523 duprintf("ip_tables: check failed for `%s'.\n", 521 duprintf("ip_tables: check failed for `%s'.\n",
524 m->u.kernel.match->name); 522 m->u.kernel.match->name);
@@ -579,8 +577,6 @@ check_entry(struct ipt_entry *e, const char *name, unsigned int size,
579 } 577 }
580 } else if (t->u.kernel.target->checkentry 578 } else if (t->u.kernel.target->checkentry
581 && !t->u.kernel.target->checkentry(name, e, target, t->data, 579 && !t->u.kernel.target->checkentry(name, e, target, t->data,
582 t->u.target_size
583 - sizeof(*t),
584 e->comefrom)) { 580 e->comefrom)) {
585 duprintf("ip_tables: check failed for `%s'.\n", 581 duprintf("ip_tables: check failed for `%s'.\n",
586 t->u.kernel.target->name); 582 t->u.kernel.target->name);
@@ -652,8 +648,7 @@ cleanup_entry(struct ipt_entry *e, unsigned int *i)
652 IPT_MATCH_ITERATE(e, cleanup_match, NULL); 648 IPT_MATCH_ITERATE(e, cleanup_match, NULL);
653 t = ipt_get_target(e); 649 t = ipt_get_target(e);
654 if (t->u.kernel.target->destroy) 650 if (t->u.kernel.target->destroy)
655 t->u.kernel.target->destroy(t->u.kernel.target, t->data, 651 t->u.kernel.target->destroy(t->u.kernel.target, t->data);
656 t->u.target_size - sizeof(*t));
657 module_put(t->u.kernel.target->me); 652 module_put(t->u.kernel.target->me);
658 return 0; 653 return 0;
659} 654}
@@ -1599,7 +1594,6 @@ static inline int compat_copy_match_from_user(struct ipt_entry_match *m,
1599 1594
1600 if (m->u.kernel.match->checkentry 1595 if (m->u.kernel.match->checkentry
1601 && !m->u.kernel.match->checkentry(name, ip, match, dm->data, 1596 && !m->u.kernel.match->checkentry(name, ip, match, dm->data,
1602 dm->u.match_size - sizeof(*dm),
1603 hookmask)) { 1597 hookmask)) {
1604 duprintf("ip_tables: check failed for `%s'.\n", 1598 duprintf("ip_tables: check failed for `%s'.\n",
1605 m->u.kernel.match->name); 1599 m->u.kernel.match->name);
@@ -1658,8 +1652,7 @@ static int compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr,
1658 goto out; 1652 goto out;
1659 } else if (t->u.kernel.target->checkentry 1653 } else if (t->u.kernel.target->checkentry
1660 && !t->u.kernel.target->checkentry(name, de, target, 1654 && !t->u.kernel.target->checkentry(name, de, target,
1661 t->data, t->u.target_size - sizeof(*t), 1655 t->data, de->comefrom)) {
1662 de->comefrom)) {
1663 duprintf("ip_tables: compat: check failed for `%s'.\n", 1656 duprintf("ip_tables: compat: check failed for `%s'.\n",
1664 t->u.kernel.target->name); 1657 t->u.kernel.target->name);
1665 goto out; 1658 goto out;
@@ -2182,7 +2175,6 @@ icmp_checkentry(const char *tablename,
2182 const void *info, 2175 const void *info,
2183 const struct xt_match *match, 2176 const struct xt_match *match,
2184 void *matchinfo, 2177 void *matchinfo,
2185 unsigned int matchsize,
2186 unsigned int hook_mask) 2178 unsigned int hook_mask)
2187{ 2179{
2188 const struct ipt_icmp *icmpinfo = matchinfo; 2180 const struct ipt_icmp *icmpinfo = matchinfo;
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index a08383cf9e7a..41589665fc5d 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -372,7 +372,6 @@ checkentry(const char *tablename,
372 const void *e_void, 372 const void *e_void,
373 const struct xt_target *target, 373 const struct xt_target *target,
374 void *targinfo, 374 void *targinfo,
375 unsigned int targinfosize,
376 unsigned int hook_mask) 375 unsigned int hook_mask)
377{ 376{
378 struct ipt_clusterip_tgt_info *cipinfo = targinfo; 377 struct ipt_clusterip_tgt_info *cipinfo = targinfo;
@@ -449,8 +448,7 @@ checkentry(const char *tablename,
449} 448}
450 449
451/* drop reference count of cluster config when rule is deleted */ 450/* drop reference count of cluster config when rule is deleted */
452static void destroy(const struct xt_target *target, void *targinfo, 451static void destroy(const struct xt_target *target, void *targinfo)
453 unsigned int targinfosize)
454{ 452{
455 struct ipt_clusterip_tgt_info *cipinfo = targinfo; 453 struct ipt_clusterip_tgt_info *cipinfo = targinfo;
456 454
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index 1c3da4a48e5f..23f9c7ebe7eb 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -106,7 +106,6 @@ checkentry(const char *tablename,
106 const void *e_void, 106 const void *e_void,
107 const struct xt_target *target, 107 const struct xt_target *target,
108 void *targinfo, 108 void *targinfo,
109 unsigned int targinfosize,
110 unsigned int hook_mask) 109 unsigned int hook_mask)
111{ 110{
112 const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo; 111 const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo;
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index a8d356c6191f..7dc820df8bc5 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -439,7 +439,6 @@ static int ipt_log_checkentry(const char *tablename,
439 const void *e, 439 const void *e,
440 const struct xt_target *target, 440 const struct xt_target *target,
441 void *targinfo, 441 void *targinfo,
442 unsigned int targinfosize,
443 unsigned int hook_mask) 442 unsigned int hook_mask)
444{ 443{
445 const struct ipt_log_info *loginfo = targinfo; 444 const struct ipt_log_info *loginfo = targinfo;
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 9659793c66c0..bc65168a3437 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -42,7 +42,6 @@ masquerade_check(const char *tablename,
42 const void *e, 42 const void *e,
43 const struct xt_target *target, 43 const struct xt_target *target,
44 void *targinfo, 44 void *targinfo,
45 unsigned int targinfosize,
46 unsigned int hook_mask) 45 unsigned int hook_mask)
47{ 46{
48 const struct ip_nat_multi_range_compat *mr = targinfo; 47 const struct ip_nat_multi_range_compat *mr = targinfo;
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index fd5e74a19fb5..beb2914225ff 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -33,7 +33,6 @@ check(const char *tablename,
33 const void *e, 33 const void *e,
34 const struct xt_target *target, 34 const struct xt_target *target,
35 void *targinfo, 35 void *targinfo,
36 unsigned int targinfosize,
37 unsigned int hook_mask) 36 unsigned int hook_mask)
38{ 37{
39 const struct ip_nat_multi_range_compat *mr = targinfo; 38 const struct ip_nat_multi_range_compat *mr = targinfo;
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index 839fe99f71d4..f03d43671c6d 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -36,7 +36,6 @@ redirect_check(const char *tablename,
36 const void *e, 36 const void *e,
37 const struct xt_target *target, 37 const struct xt_target *target,
38 void *targinfo, 38 void *targinfo,
39 unsigned int targinfosize,
40 unsigned int hook_mask) 39 unsigned int hook_mask)
41{ 40{
42 const struct ip_nat_multi_range_compat *mr = targinfo; 41 const struct ip_nat_multi_range_compat *mr = targinfo;
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index 1dfd8e56be8b..b81821edd893 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -276,7 +276,6 @@ static int check(const char *tablename,
276 const void *e_void, 276 const void *e_void,
277 const struct xt_target *target, 277 const struct xt_target *target,
278 void *targinfo, 278 void *targinfo,
279 unsigned int targinfosize,
280 unsigned int hook_mask) 279 unsigned int hook_mask)
281{ 280{
282 const struct ipt_reject_info *rejinfo = targinfo; 281 const struct ipt_reject_info *rejinfo = targinfo;
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c
index cf801749490f..efbcb1198832 100644
--- a/net/ipv4/netfilter/ipt_SAME.c
+++ b/net/ipv4/netfilter/ipt_SAME.c
@@ -52,7 +52,6 @@ same_check(const char *tablename,
52 const void *e, 52 const void *e,
53 const struct xt_target *target, 53 const struct xt_target *target,
54 void *targinfo, 54 void *targinfo,
55 unsigned int targinfosize,
56 unsigned int hook_mask) 55 unsigned int hook_mask)
57{ 56{
58 unsigned int count, countess, rangeip, index = 0; 57 unsigned int count, countess, rangeip, index = 0;
@@ -116,8 +115,7 @@ same_check(const char *tablename,
116} 115}
117 116
118static void 117static void
119same_destroy(const struct xt_target *target, void *targinfo, 118same_destroy(const struct xt_target *target, void *targinfo)
120 unsigned int targinfosize)
121{ 119{
122 struct ipt_same_info *mr = targinfo; 120 struct ipt_same_info *mr = targinfo;
123 121
diff --git a/net/ipv4/netfilter/ipt_TCPMSS.c b/net/ipv4/netfilter/ipt_TCPMSS.c
index 6d668dcfc22a..ac8a35eeea3f 100644
--- a/net/ipv4/netfilter/ipt_TCPMSS.c
+++ b/net/ipv4/netfilter/ipt_TCPMSS.c
@@ -207,7 +207,6 @@ ipt_tcpmss_checkentry(const char *tablename,
207 const void *e_void, 207 const void *e_void,
208 const struct xt_target *target, 208 const struct xt_target *target,
209 void *targinfo, 209 void *targinfo,
210 unsigned int targinfosize,
211 unsigned int hook_mask) 210 unsigned int hook_mask)
212{ 211{
213 const struct ipt_tcpmss_info *tcpmssinfo = targinfo; 212 const struct ipt_tcpmss_info *tcpmssinfo = targinfo;
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c
index 043df0137084..471a4c438b0a 100644
--- a/net/ipv4/netfilter/ipt_TOS.c
+++ b/net/ipv4/netfilter/ipt_TOS.c
@@ -49,7 +49,6 @@ checkentry(const char *tablename,
49 const void *e_void, 49 const void *e_void,
50 const struct xt_target *target, 50 const struct xt_target *target,
51 void *targinfo, 51 void *targinfo,
52 unsigned int targinfosize,
53 unsigned int hook_mask) 52 unsigned int hook_mask)
54{ 53{
55 const u_int8_t tos = ((struct ipt_tos_target_info *)targinfo)->tos; 54 const u_int8_t tos = ((struct ipt_tos_target_info *)targinfo)->tos;
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c
index 164007107b5e..214d9d9c428f 100644
--- a/net/ipv4/netfilter/ipt_TTL.c
+++ b/net/ipv4/netfilter/ipt_TTL.c
@@ -67,7 +67,6 @@ static int ipt_ttl_checkentry(const char *tablename,
67 const void *e, 67 const void *e,
68 const struct xt_target *target, 68 const struct xt_target *target,
69 void *targinfo, 69 void *targinfo,
70 unsigned int targinfosize,
71 unsigned int hook_mask) 70 unsigned int hook_mask)
72{ 71{
73 struct ipt_TTL_info *info = targinfo; 72 struct ipt_TTL_info *info = targinfo;
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index 4c5f0a117862..2b104ea54f48 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -346,7 +346,6 @@ static int ipt_ulog_checkentry(const char *tablename,
346 const void *e, 346 const void *e,
347 const struct xt_target *target, 347 const struct xt_target *target,
348 void *targinfo, 348 void *targinfo,
349 unsigned int targinfosize,
350 unsigned int hookmask) 349 unsigned int hookmask)
351{ 350{
352 struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; 351 struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
diff --git a/net/ipv4/netfilter/ipt_ah.c b/net/ipv4/netfilter/ipt_ah.c
index 2927135873d7..1798f86bc534 100644
--- a/net/ipv4/netfilter/ipt_ah.c
+++ b/net/ipv4/netfilter/ipt_ah.c
@@ -74,7 +74,6 @@ checkentry(const char *tablename,
74 const void *ip_void, 74 const void *ip_void,
75 const struct xt_match *match, 75 const struct xt_match *match,
76 void *matchinfo, 76 void *matchinfo,
77 unsigned int matchinfosize,
78 unsigned int hook_mask) 77 unsigned int hook_mask)
79{ 78{
80 const struct ipt_ah *ahinfo = matchinfo; 79 const struct ipt_ah *ahinfo = matchinfo;
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c
index b28250414933..dafbdec0efc0 100644
--- a/net/ipv4/netfilter/ipt_ecn.c
+++ b/net/ipv4/netfilter/ipt_ecn.c
@@ -88,8 +88,7 @@ static int match(const struct sk_buff *skb,
88 88
89static int checkentry(const char *tablename, const void *ip_void, 89static int checkentry(const char *tablename, const void *ip_void,
90 const struct xt_match *match, 90 const struct xt_match *match,
91 void *matchinfo, unsigned int matchsize, 91 void *matchinfo, unsigned int hook_mask)
92 unsigned int hook_mask)
93{ 92{
94 const struct ipt_ecn_info *info = matchinfo; 93 const struct ipt_ecn_info *info = matchinfo;
95 const struct ipt_ip *ip = ip_void; 94 const struct ipt_ip *ip = ip_void;
diff --git a/net/ipv4/netfilter/ipt_hashlimit.c b/net/ipv4/netfilter/ipt_hashlimit.c
index 3bd2368e1fc9..b5b74b07370c 100644
--- a/net/ipv4/netfilter/ipt_hashlimit.c
+++ b/net/ipv4/netfilter/ipt_hashlimit.c
@@ -478,7 +478,6 @@ hashlimit_checkentry(const char *tablename,
478 const void *inf, 478 const void *inf,
479 const struct xt_match *match, 479 const struct xt_match *match,
480 void *matchinfo, 480 void *matchinfo,
481 unsigned int matchsize,
482 unsigned int hook_mask) 481 unsigned int hook_mask)
483{ 482{
484 struct ipt_hashlimit_info *r = matchinfo; 483 struct ipt_hashlimit_info *r = matchinfo;
@@ -529,8 +528,7 @@ hashlimit_checkentry(const char *tablename,
529} 528}
530 529
531static void 530static void
532hashlimit_destroy(const struct xt_match *match, void *matchinfo, 531hashlimit_destroy(const struct xt_match *match, void *matchinfo)
533 unsigned int matchsize)
534{ 532{
535 struct ipt_hashlimit_info *r = matchinfo; 533 struct ipt_hashlimit_info *r = matchinfo;
536 534
diff --git a/net/ipv4/netfilter/ipt_owner.c b/net/ipv4/netfilter/ipt_owner.c
index 5ac6ac023b5e..78c336f12a9e 100644
--- a/net/ipv4/netfilter/ipt_owner.c
+++ b/net/ipv4/netfilter/ipt_owner.c
@@ -56,7 +56,6 @@ checkentry(const char *tablename,
56 const void *ip, 56 const void *ip,
57 const struct xt_match *match, 57 const struct xt_match *match,
58 void *matchinfo, 58 void *matchinfo,
59 unsigned int matchsize,
60 unsigned int hook_mask) 59 unsigned int hook_mask)
61{ 60{
62 const struct ipt_owner_info *info = matchinfo; 61 const struct ipt_owner_info *info = matchinfo;
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index 682c0946201e..32ae8d7ac506 100644
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -238,7 +238,7 @@ out:
238static int 238static int
239ipt_recent_checkentry(const char *tablename, const void *ip, 239ipt_recent_checkentry(const char *tablename, const void *ip,
240 const struct xt_match *match, void *matchinfo, 240 const struct xt_match *match, void *matchinfo,
241 unsigned int matchsize, unsigned int hook_mask) 241 unsigned int hook_mask)
242{ 242{
243 const struct ipt_recent_info *info = matchinfo; 243 const struct ipt_recent_info *info = matchinfo;
244 struct recent_table *t; 244 struct recent_table *t;
@@ -294,8 +294,7 @@ out:
294} 294}
295 295
296static void 296static void
297ipt_recent_destroy(const struct xt_match *match, void *matchinfo, 297ipt_recent_destroy(const struct xt_match *match, void *matchinfo)
298 unsigned int matchsize)
299{ 298{
300 const struct ipt_recent_info *info = matchinfo; 299 const struct ipt_recent_info *info = matchinfo;
301 struct recent_table *t; 300 struct recent_table *t;
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 38cd7ffda9a0..d1c315364ee7 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -504,8 +504,7 @@ cleanup_match(struct ip6t_entry_match *m, unsigned int *i)
504 return 1; 504 return 1;
505 505
506 if (m->u.kernel.match->destroy) 506 if (m->u.kernel.match->destroy)
507 m->u.kernel.match->destroy(m->u.kernel.match, m->data, 507 m->u.kernel.match->destroy(m->u.kernel.match, m->data);
508 m->u.match_size - sizeof(*m));
509 module_put(m->u.kernel.match->me); 508 module_put(m->u.kernel.match->me);
510 return 0; 509 return 0;
511} 510}
@@ -558,7 +557,6 @@ check_match(struct ip6t_entry_match *m,
558 557
559 if (m->u.kernel.match->checkentry 558 if (m->u.kernel.match->checkentry
560 && !m->u.kernel.match->checkentry(name, ipv6, match, m->data, 559 && !m->u.kernel.match->checkentry(name, ipv6, match, m->data,
561 m->u.match_size - sizeof(*m),
562 hookmask)) { 560 hookmask)) {
563 duprintf("ip_tables: check failed for `%s'.\n", 561 duprintf("ip_tables: check failed for `%s'.\n",
564 m->u.kernel.match->name); 562 m->u.kernel.match->name);
@@ -619,8 +617,6 @@ check_entry(struct ip6t_entry *e, const char *name, unsigned int size,
619 } 617 }
620 } else if (t->u.kernel.target->checkentry 618 } else if (t->u.kernel.target->checkentry
621 && !t->u.kernel.target->checkentry(name, e, target, t->data, 619 && !t->u.kernel.target->checkentry(name, e, target, t->data,
622 t->u.target_size
623 - sizeof(*t),
624 e->comefrom)) { 620 e->comefrom)) {
625 duprintf("ip_tables: check failed for `%s'.\n", 621 duprintf("ip_tables: check failed for `%s'.\n",
626 t->u.kernel.target->name); 622 t->u.kernel.target->name);
@@ -692,8 +688,7 @@ cleanup_entry(struct ip6t_entry *e, unsigned int *i)
692 IP6T_MATCH_ITERATE(e, cleanup_match, NULL); 688 IP6T_MATCH_ITERATE(e, cleanup_match, NULL);
693 t = ip6t_get_target(e); 689 t = ip6t_get_target(e);
694 if (t->u.kernel.target->destroy) 690 if (t->u.kernel.target->destroy)
695 t->u.kernel.target->destroy(t->u.kernel.target, t->data, 691 t->u.kernel.target->destroy(t->u.kernel.target, t->data);
696 t->u.target_size - sizeof(*t));
697 module_put(t->u.kernel.target->me); 692 module_put(t->u.kernel.target->me);
698 return 0; 693 return 0;
699} 694}
@@ -1349,7 +1344,6 @@ icmp6_checkentry(const char *tablename,
1349 const void *entry, 1344 const void *entry,
1350 const struct xt_match *match, 1345 const struct xt_match *match,
1351 void *matchinfo, 1346 void *matchinfo,
1352 unsigned int matchsize,
1353 unsigned int hook_mask) 1347 unsigned int hook_mask)
1354{ 1348{
1355 const struct ip6t_icmp *icmpinfo = matchinfo; 1349 const struct ip6t_icmp *icmpinfo = matchinfo;
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c
index c85d124f9a3d..e54ea92d107b 100644
--- a/net/ipv6/netfilter/ip6t_HL.c
+++ b/net/ipv6/netfilter/ip6t_HL.c
@@ -66,7 +66,6 @@ static int ip6t_hl_checkentry(const char *tablename,
66 const void *entry, 66 const void *entry,
67 const struct xt_target *target, 67 const struct xt_target *target,
68 void *targinfo, 68 void *targinfo,
69 unsigned int targinfosize,
70 unsigned int hook_mask) 69 unsigned int hook_mask)
71{ 70{
72 struct ip6t_HL_info *info = targinfo; 71 struct ip6t_HL_info *info = targinfo;
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
index acb91733e1fd..0cf537d30185 100644
--- a/net/ipv6/netfilter/ip6t_LOG.c
+++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -451,7 +451,6 @@ static int ip6t_log_checkentry(const char *tablename,
451 const void *entry, 451 const void *entry,
452 const struct xt_target *target, 452 const struct xt_target *target,
453 void *targinfo, 453 void *targinfo,
454 unsigned int targinfosize,
455 unsigned int hook_mask) 454 unsigned int hook_mask)
456{ 455{
457 const struct ip6t_log_info *loginfo = targinfo; 456 const struct ip6t_log_info *loginfo = targinfo;
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index 343acd3cbf5e..311eae82feb3 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -223,7 +223,6 @@ static int check(const char *tablename,
223 const void *entry, 223 const void *entry,
224 const struct xt_target *target, 224 const struct xt_target *target,
225 void *targinfo, 225 void *targinfo,
226 unsigned int targinfosize,
227 unsigned int hook_mask) 226 unsigned int hook_mask)
228{ 227{
229 const struct ip6t_reject_info *rejinfo = targinfo; 228 const struct ip6t_reject_info *rejinfo = targinfo;
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c
index 2f7bb20c758b..ec1b1608156c 100644
--- a/net/ipv6/netfilter/ip6t_ah.c
+++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -102,7 +102,6 @@ checkentry(const char *tablename,
102 const void *entry, 102 const void *entry,
103 const struct xt_match *match, 103 const struct xt_match *match,
104 void *matchinfo, 104 void *matchinfo,
105 unsigned int matchinfosize,
106 unsigned int hook_mask) 105 unsigned int hook_mask)
107{ 106{
108 const struct ip6t_ah *ahinfo = matchinfo; 107 const struct ip6t_ah *ahinfo = matchinfo;
diff --git a/net/ipv6/netfilter/ip6t_dst.c b/net/ipv6/netfilter/ip6t_dst.c
index 9422413d0571..223c335467cc 100644
--- a/net/ipv6/netfilter/ip6t_dst.c
+++ b/net/ipv6/netfilter/ip6t_dst.c
@@ -182,7 +182,6 @@ checkentry(const char *tablename,
182 const void *info, 182 const void *info,
183 const struct xt_match *match, 183 const struct xt_match *match,
184 void *matchinfo, 184 void *matchinfo,
185 unsigned int matchinfosize,
186 unsigned int hook_mask) 185 unsigned int hook_mask)
187{ 186{
188 const struct ip6t_opts *optsinfo = matchinfo; 187 const struct ip6t_opts *optsinfo = matchinfo;
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c
index 06768c84bd31..78d9c8b9e28a 100644
--- a/net/ipv6/netfilter/ip6t_frag.c
+++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -119,7 +119,6 @@ checkentry(const char *tablename,
119 const void *ip, 119 const void *ip,
120 const struct xt_match *match, 120 const struct xt_match *match,
121 void *matchinfo, 121 void *matchinfo,
122 unsigned int matchinfosize,
123 unsigned int hook_mask) 122 unsigned int hook_mask)
124{ 123{
125 const struct ip6t_frag *fraginfo = matchinfo; 124 const struct ip6t_frag *fraginfo = matchinfo;
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c
index 374f1be85c0d..72defc816563 100644
--- a/net/ipv6/netfilter/ip6t_hbh.c
+++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -182,7 +182,6 @@ checkentry(const char *tablename,
182 const void *entry, 182 const void *entry,
183 const struct xt_match *match, 183 const struct xt_match *match,
184 void *matchinfo, 184 void *matchinfo,
185 unsigned int matchinfosize,
186 unsigned int hook_mask) 185 unsigned int hook_mask)
187{ 186{
188 const struct ip6t_opts *optsinfo = matchinfo; 187 const struct ip6t_opts *optsinfo = matchinfo;
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c
index 9375eeb1369f..3093c398002f 100644
--- a/net/ipv6/netfilter/ip6t_ipv6header.c
+++ b/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -128,7 +128,6 @@ ipv6header_checkentry(const char *tablename,
128 const void *ip, 128 const void *ip,
129 const struct xt_match *match, 129 const struct xt_match *match,
130 void *matchinfo, 130 void *matchinfo,
131 unsigned int matchsize,
132 unsigned int hook_mask) 131 unsigned int hook_mask)
133{ 132{
134 const struct ip6t_ipv6header_info *info = matchinfo; 133 const struct ip6t_ipv6header_info *info = matchinfo;
diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c
index 5d047990cd44..4eb9bbc4ebc3 100644
--- a/net/ipv6/netfilter/ip6t_owner.c
+++ b/net/ipv6/netfilter/ip6t_owner.c
@@ -57,7 +57,6 @@ checkentry(const char *tablename,
57 const void *ip, 57 const void *ip,
58 const struct xt_match *match, 58 const struct xt_match *match,
59 void *matchinfo, 59 void *matchinfo,
60 unsigned int matchsize,
61 unsigned int hook_mask) 60 unsigned int hook_mask)
62{ 61{
63 const struct ip6t_owner_info *info = matchinfo; 62 const struct ip6t_owner_info *info = matchinfo;
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index fbb0184a41d8..bcb2e168a5bc 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -197,7 +197,6 @@ checkentry(const char *tablename,
197 const void *entry, 197 const void *entry,
198 const struct xt_match *match, 198 const struct xt_match *match,
199 void *matchinfo, 199 void *matchinfo,
200 unsigned int matchinfosize,
201 unsigned int hook_mask) 200 unsigned int hook_mask)
202{ 201{
203 const struct ip6t_rt *rtinfo = matchinfo; 202 const struct ip6t_rt *rtinfo = matchinfo;
diff --git a/net/netfilter/xt_CONNMARK.c b/net/netfilter/xt_CONNMARK.c
index c2125f6ee128..0e4249ddc17b 100644
--- a/net/netfilter/xt_CONNMARK.c
+++ b/net/netfilter/xt_CONNMARK.c
@@ -89,7 +89,6 @@ checkentry(const char *tablename,
89 const void *entry, 89 const void *entry,
90 const struct xt_target *target, 90 const struct xt_target *target,
91 void *targinfo, 91 void *targinfo,
92 unsigned int targinfosize,
93 unsigned int hook_mask) 92 unsigned int hook_mask)
94{ 93{
95 struct xt_connmark_target_info *matchinfo = targinfo; 94 struct xt_connmark_target_info *matchinfo = targinfo;
diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c
index 4b9cc65bb82b..4b0e14bb1726 100644
--- a/net/netfilter/xt_CONNSECMARK.c
+++ b/net/netfilter/xt_CONNSECMARK.c
@@ -89,7 +89,7 @@ static unsigned int target(struct sk_buff **pskb, const struct net_device *in,
89 89
90static int checkentry(const char *tablename, const void *entry, 90static int checkentry(const char *tablename, const void *entry,
91 const struct xt_target *target, void *targinfo, 91 const struct xt_target *target, void *targinfo,
92 unsigned int targinfosize, unsigned int hook_mask) 92 unsigned int hook_mask)
93{ 93{
94 struct xt_connsecmark_target_info *info = targinfo; 94 struct xt_connsecmark_target_info *info = targinfo;
95 95
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c
index 9d23c9580d80..a7cc75aeb38d 100644
--- a/net/netfilter/xt_DSCP.c
+++ b/net/netfilter/xt_DSCP.c
@@ -72,7 +72,6 @@ static int checkentry(const char *tablename,
72 const void *e_void, 72 const void *e_void,
73 const struct xt_target *target, 73 const struct xt_target *target,
74 void *targinfo, 74 void *targinfo,
75 unsigned int targinfosize,
76 unsigned int hook_mask) 75 unsigned int hook_mask)
77{ 76{
78 const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp; 77 const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp;
diff --git a/net/netfilter/xt_MARK.c b/net/netfilter/xt_MARK.c
index 95a171c87994..782f8d8c3edf 100644
--- a/net/netfilter/xt_MARK.c
+++ b/net/netfilter/xt_MARK.c
@@ -74,7 +74,6 @@ checkentry_v0(const char *tablename,
74 const void *entry, 74 const void *entry,
75 const struct xt_target *target, 75 const struct xt_target *target,
76 void *targinfo, 76 void *targinfo,
77 unsigned int targinfosize,
78 unsigned int hook_mask) 77 unsigned int hook_mask)
79{ 78{
80 struct xt_mark_target_info *markinfo = targinfo; 79 struct xt_mark_target_info *markinfo = targinfo;
@@ -91,7 +90,6 @@ checkentry_v1(const char *tablename,
91 const void *entry, 90 const void *entry,
92 const struct xt_target *target, 91 const struct xt_target *target,
93 void *targinfo, 92 void *targinfo,
94 unsigned int targinfosize,
95 unsigned int hook_mask) 93 unsigned int hook_mask)
96{ 94{
97 struct xt_mark_target_info_v1 *markinfo = targinfo; 95 struct xt_mark_target_info_v1 *markinfo = targinfo;
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
index 8a04dcf2611e..451b67c4bb53 100644
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -85,7 +85,7 @@ static int checkentry_selinux(struct xt_secmark_target_info *info)
85 85
86static int checkentry(const char *tablename, const void *entry, 86static int checkentry(const char *tablename, const void *entry,
87 const struct xt_target *target, void *targinfo, 87 const struct xt_target *target, void *targinfo,
88 unsigned int targinfosize, unsigned int hook_mask) 88 unsigned int hook_mask)
89{ 89{
90 struct xt_secmark_target_info *info = targinfo; 90 struct xt_secmark_target_info *info = targinfo;
91 91
diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c
index d725e8b84503..dcc497ea8183 100644
--- a/net/netfilter/xt_connbytes.c
+++ b/net/netfilter/xt_connbytes.c
@@ -125,7 +125,6 @@ static int check(const char *tablename,
125 const void *ip, 125 const void *ip,
126 const struct xt_match *match, 126 const struct xt_match *match,
127 void *matchinfo, 127 void *matchinfo,
128 unsigned int matchsize,
129 unsigned int hook_mask) 128 unsigned int hook_mask)
130{ 129{
131 const struct xt_connbytes_info *sinfo = matchinfo; 130 const struct xt_connbytes_info *sinfo = matchinfo;
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c
index a97b2d455b79..c9104d05a19c 100644
--- a/net/netfilter/xt_connmark.c
+++ b/net/netfilter/xt_connmark.c
@@ -55,7 +55,6 @@ checkentry(const char *tablename,
55 const void *ip, 55 const void *ip,
56 const struct xt_match *match, 56 const struct xt_match *match,
57 void *matchinfo, 57 void *matchinfo,
58 unsigned int matchsize,
59 unsigned int hook_mask) 58 unsigned int hook_mask)
60{ 59{
61 struct xt_connmark_info *cm = matchinfo; 60 struct xt_connmark_info *cm = matchinfo;
@@ -75,7 +74,7 @@ checkentry(const char *tablename,
75} 74}
76 75
77static void 76static void
78destroy(const struct xt_match *match, void *matchinfo, unsigned int matchsize) 77destroy(const struct xt_match *match, void *matchinfo)
79{ 78{
80#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 79#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
81 nf_ct_l3proto_module_put(match->family); 80 nf_ct_l3proto_module_put(match->family);
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index 1540885174ee..39c57e9f7563 100644
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c
@@ -208,7 +208,6 @@ checkentry(const char *tablename,
208 const void *ip, 208 const void *ip,
209 const struct xt_match *match, 209 const struct xt_match *match,
210 void *matchinfo, 210 void *matchinfo,
211 unsigned int matchsize,
212 unsigned int hook_mask) 211 unsigned int hook_mask)
213{ 212{
214#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 213#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
@@ -222,7 +221,7 @@ checkentry(const char *tablename,
222} 221}
223 222
224static void 223static void
225destroy(const struct xt_match *match, void *matchinfo, unsigned int matchsize) 224destroy(const struct xt_match *match, void *matchinfo)
226{ 225{
227#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 226#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
228 nf_ct_l3proto_module_put(match->family); 227 nf_ct_l3proto_module_put(match->family);
diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c
index 5ca6f5288f46..3e6cf430e518 100644
--- a/net/netfilter/xt_dccp.c
+++ b/net/netfilter/xt_dccp.c
@@ -131,7 +131,6 @@ checkentry(const char *tablename,
131 const void *inf, 131 const void *inf,
132 const struct xt_match *match, 132 const struct xt_match *match,
133 void *matchinfo, 133 void *matchinfo,
134 unsigned int matchsize,
135 unsigned int hook_mask) 134 unsigned int hook_mask)
136{ 135{
137 const struct xt_dccp_info *info = matchinfo; 136 const struct xt_dccp_info *info = matchinfo;
diff --git a/net/netfilter/xt_dscp.c b/net/netfilter/xt_dscp.c
index d84075c30159..26c7f4ad102a 100644
--- a/net/netfilter/xt_dscp.c
+++ b/net/netfilter/xt_dscp.c
@@ -58,7 +58,6 @@ static int checkentry(const char *tablename,
58 const void *info, 58 const void *info,
59 const struct xt_match *match, 59 const struct xt_match *match,
60 void *matchinfo, 60 void *matchinfo,
61 unsigned int matchsize,
62 unsigned int hook_mask) 61 unsigned int hook_mask)
63{ 62{
64 const u_int8_t dscp = ((struct xt_dscp_info *)matchinfo)->dscp; 63 const u_int8_t dscp = ((struct xt_dscp_info *)matchinfo)->dscp;
diff --git a/net/netfilter/xt_esp.c b/net/netfilter/xt_esp.c
index 7b19bc9ea205..7c95f149d942 100644
--- a/net/netfilter/xt_esp.c
+++ b/net/netfilter/xt_esp.c
@@ -79,7 +79,6 @@ checkentry(const char *tablename,
79 const void *ip_void, 79 const void *ip_void,
80 const struct xt_match *match, 80 const struct xt_match *match,
81 void *matchinfo, 81 void *matchinfo,
82 unsigned int matchinfosize,
83 unsigned int hook_mask) 82 unsigned int hook_mask)
84{ 83{
85 const struct xt_esp *espinfo = matchinfo; 84 const struct xt_esp *espinfo = matchinfo;
diff --git a/net/netfilter/xt_helper.c b/net/netfilter/xt_helper.c
index db453a7a154e..5d7818b73e3a 100644
--- a/net/netfilter/xt_helper.c
+++ b/net/netfilter/xt_helper.c
@@ -139,7 +139,6 @@ static int check(const char *tablename,
139 const void *inf, 139 const void *inf,
140 const struct xt_match *match, 140 const struct xt_match *match,
141 void *matchinfo, 141 void *matchinfo,
142 unsigned int matchsize,
143 unsigned int hook_mask) 142 unsigned int hook_mask)
144{ 143{
145 struct xt_helper_info *info = matchinfo; 144 struct xt_helper_info *info = matchinfo;
@@ -156,7 +155,7 @@ static int check(const char *tablename,
156} 155}
157 156
158static void 157static void
159destroy(const struct xt_match *match, void *matchinfo, unsigned int matchsize) 158destroy(const struct xt_match *match, void *matchinfo)
160{ 159{
161#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 160#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
162 nf_ct_l3proto_module_put(match->family); 161 nf_ct_l3proto_module_put(match->family);
diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c
index e8d5e7ac695a..b9c9ff3a06ea 100644
--- a/net/netfilter/xt_limit.c
+++ b/net/netfilter/xt_limit.c
@@ -110,7 +110,6 @@ ipt_limit_checkentry(const char *tablename,
110 const void *inf, 110 const void *inf,
111 const struct xt_match *match, 111 const struct xt_match *match,
112 void *matchinfo, 112 void *matchinfo,
113 unsigned int matchsize,
114 unsigned int hook_mask) 113 unsigned int hook_mask)
115{ 114{
116 struct xt_rateinfo *r = matchinfo; 115 struct xt_rateinfo *r = matchinfo;
diff --git a/net/netfilter/xt_mark.c b/net/netfilter/xt_mark.c
index 39f9b079f5d4..e8059cd17275 100644
--- a/net/netfilter/xt_mark.c
+++ b/net/netfilter/xt_mark.c
@@ -39,7 +39,6 @@ checkentry(const char *tablename,
39 const void *entry, 39 const void *entry,
40 const struct xt_match *match, 40 const struct xt_match *match,
41 void *matchinfo, 41 void *matchinfo,
42 unsigned int matchsize,
43 unsigned int hook_mask) 42 unsigned int hook_mask)
44{ 43{
45 const struct xt_mark_info *minfo = matchinfo; 44 const struct xt_mark_info *minfo = matchinfo;
diff --git a/net/netfilter/xt_multiport.c b/net/netfilter/xt_multiport.c
index e74f9bb98b3c..d3aefd380930 100644
--- a/net/netfilter/xt_multiport.c
+++ b/net/netfilter/xt_multiport.c
@@ -176,7 +176,6 @@ checkentry(const char *tablename,
176 const void *info, 176 const void *info,
177 const struct xt_match *match, 177 const struct xt_match *match,
178 void *matchinfo, 178 void *matchinfo,
179 unsigned int matchsize,
180 unsigned int hook_mask) 179 unsigned int hook_mask)
181{ 180{
182 const struct ipt_ip *ip = info; 181 const struct ipt_ip *ip = info;
@@ -191,7 +190,6 @@ checkentry_v1(const char *tablename,
191 const void *info, 190 const void *info,
192 const struct xt_match *match, 191 const struct xt_match *match,
193 void *matchinfo, 192 void *matchinfo,
194 unsigned int matchsize,
195 unsigned int hook_mask) 193 unsigned int hook_mask)
196{ 194{
197 const struct ipt_ip *ip = info; 195 const struct ipt_ip *ip = info;
@@ -206,7 +204,6 @@ checkentry6(const char *tablename,
206 const void *info, 204 const void *info,
207 const struct xt_match *match, 205 const struct xt_match *match,
208 void *matchinfo, 206 void *matchinfo,
209 unsigned int matchsize,
210 unsigned int hook_mask) 207 unsigned int hook_mask)
211{ 208{
212 const struct ip6t_ip6 *ip = info; 209 const struct ip6t_ip6 *ip = info;
@@ -221,7 +218,6 @@ checkentry6_v1(const char *tablename,
221 const void *info, 218 const void *info,
222 const struct xt_match *match, 219 const struct xt_match *match,
223 void *matchinfo, 220 void *matchinfo,
224 unsigned int matchsize,
225 unsigned int hook_mask) 221 unsigned int hook_mask)
226{ 222{
227 const struct ip6t_ip6 *ip = info; 223 const struct ip6t_ip6 *ip = info;
diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c
index af3d70f96ecd..fd8f954cded5 100644
--- a/net/netfilter/xt_physdev.c
+++ b/net/netfilter/xt_physdev.c
@@ -106,7 +106,6 @@ checkentry(const char *tablename,
106 const void *ip, 106 const void *ip,
107 const struct xt_match *match, 107 const struct xt_match *match,
108 void *matchinfo, 108 void *matchinfo,
109 unsigned int matchsize,
110 unsigned int hook_mask) 109 unsigned int hook_mask)
111{ 110{
112 const struct xt_physdev_info *info = matchinfo; 111 const struct xt_physdev_info *info = matchinfo;
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c
index f5639c451112..e9d81378d653 100644
--- a/net/netfilter/xt_policy.c
+++ b/net/netfilter/xt_policy.c
@@ -135,8 +135,7 @@ static int match(const struct sk_buff *skb,
135 135
136static int checkentry(const char *tablename, const void *ip_void, 136static int checkentry(const char *tablename, const void *ip_void,
137 const struct xt_match *match, 137 const struct xt_match *match,
138 void *matchinfo, unsigned int matchsize, 138 void *matchinfo, unsigned int hook_mask)
139 unsigned int hook_mask)
140{ 139{
141 struct xt_policy_info *info = matchinfo; 140 struct xt_policy_info *info = matchinfo;
142 141
diff --git a/net/netfilter/xt_quota.c b/net/netfilter/xt_quota.c
index cc44f87cb8e6..b75fa2c70e66 100644
--- a/net/netfilter/xt_quota.c
+++ b/net/netfilter/xt_quota.c
@@ -41,7 +41,7 @@ match(const struct sk_buff *skb,
41static int 41static int
42checkentry(const char *tablename, const void *entry, 42checkentry(const char *tablename, const void *entry,
43 const struct xt_match *match, void *matchinfo, 43 const struct xt_match *match, void *matchinfo,
44 unsigned int matchsize, unsigned int hook_mask) 44 unsigned int hook_mask)
45{ 45{
46 struct xt_quota_info *q = (struct xt_quota_info *)matchinfo; 46 struct xt_quota_info *q = (struct xt_quota_info *)matchinfo;
47 47
diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c
index 5628621170e6..7956acaaa24b 100644
--- a/net/netfilter/xt_sctp.c
+++ b/net/netfilter/xt_sctp.c
@@ -163,7 +163,6 @@ checkentry(const char *tablename,
163 const void *inf, 163 const void *inf,
164 const struct xt_match *match, 164 const struct xt_match *match,
165 void *matchinfo, 165 void *matchinfo,
166 unsigned int matchsize,
167 unsigned int hook_mask) 166 unsigned int hook_mask)
168{ 167{
169 const struct xt_sctp_info *info = matchinfo; 168 const struct xt_sctp_info *info = matchinfo;
diff --git a/net/netfilter/xt_state.c b/net/netfilter/xt_state.c
index 5f9492e3b2b1..d9010b16a1f9 100644
--- a/net/netfilter/xt_state.c
+++ b/net/netfilter/xt_state.c
@@ -48,7 +48,6 @@ static int check(const char *tablename,
48 const void *inf, 48 const void *inf,
49 const struct xt_match *match, 49 const struct xt_match *match,
50 void *matchinfo, 50 void *matchinfo,
51 unsigned int matchsize,
52 unsigned int hook_mask) 51 unsigned int hook_mask)
53{ 52{
54#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 53#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
@@ -62,7 +61,7 @@ static int check(const char *tablename,
62} 61}
63 62
64static void 63static void
65destroy(const struct xt_match *match, void *matchinfo, unsigned int matchsize) 64destroy(const struct xt_match *match, void *matchinfo)
66{ 65{
67#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 66#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
68 nf_ct_l3proto_module_put(match->family); 67 nf_ct_l3proto_module_put(match->family);
diff --git a/net/netfilter/xt_statistic.c b/net/netfilter/xt_statistic.c
index 5181630a87fc..091a9f89f5d5 100644
--- a/net/netfilter/xt_statistic.c
+++ b/net/netfilter/xt_statistic.c
@@ -55,7 +55,7 @@ match(const struct sk_buff *skb,
55static int 55static int
56checkentry(const char *tablename, const void *entry, 56checkentry(const char *tablename, const void *entry,
57 const struct xt_match *match, void *matchinfo, 57 const struct xt_match *match, void *matchinfo,
58 unsigned int matchsize, unsigned int hook_mask) 58 unsigned int hook_mask)
59{ 59{
60 struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo; 60 struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo;
61 61
diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c
index 1a1c1d17d85e..4453252400aa 100644
--- a/net/netfilter/xt_string.c
+++ b/net/netfilter/xt_string.c
@@ -46,7 +46,6 @@ static int checkentry(const char *tablename,
46 const void *ip, 46 const void *ip,
47 const struct xt_match *match, 47 const struct xt_match *match,
48 void *matchinfo, 48 void *matchinfo,
49 unsigned int matchsize,
50 unsigned int hook_mask) 49 unsigned int hook_mask)
51{ 50{
52 struct xt_string_info *conf = matchinfo; 51 struct xt_string_info *conf = matchinfo;
@@ -69,8 +68,7 @@ static int checkentry(const char *tablename,
69 return 1; 68 return 1;
70} 69}
71 70
72static void destroy(const struct xt_match *match, void *matchinfo, 71static void destroy(const struct xt_match *match, void *matchinfo)
73 unsigned int matchsize)
74{ 72{
75 textsearch_destroy(STRING_TEXT_PRIV(matchinfo)->config); 73 textsearch_destroy(STRING_TEXT_PRIV(matchinfo)->config);
76} 74}
diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c
index 54aab051af86..e76a68e0bc66 100644
--- a/net/netfilter/xt_tcpudp.c
+++ b/net/netfilter/xt_tcpudp.c
@@ -141,7 +141,6 @@ tcp_checkentry(const char *tablename,
141 const void *info, 141 const void *info,
142 const struct xt_match *match, 142 const struct xt_match *match,
143 void *matchinfo, 143 void *matchinfo,
144 unsigned int matchsize,
145 unsigned int hook_mask) 144 unsigned int hook_mask)
146{ 145{
147 const struct xt_tcp *tcpinfo = matchinfo; 146 const struct xt_tcp *tcpinfo = matchinfo;
@@ -190,7 +189,6 @@ udp_checkentry(const char *tablename,
190 const void *info, 189 const void *info,
191 const struct xt_match *match, 190 const struct xt_match *match,
192 void *matchinfo, 191 void *matchinfo,
193 unsigned int matchsize,
194 unsigned int hook_mask) 192 unsigned int hook_mask)
195{ 193{
196 const struct xt_tcp *udpinfo = matchinfo; 194 const struct xt_tcp *udpinfo = matchinfo;
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c
index 45a3143b8629..d8c9310da6e5 100644
--- a/net/sched/act_ipt.c
+++ b/net/sched/act_ipt.c
@@ -69,7 +69,6 @@ static int ipt_init_target(struct ipt_entry_target *t, char *table, unsigned int
69 if (t->u.kernel.target->checkentry 69 if (t->u.kernel.target->checkentry
70 && !t->u.kernel.target->checkentry(table, NULL, 70 && !t->u.kernel.target->checkentry(table, NULL,
71 t->u.kernel.target, t->data, 71 t->u.kernel.target, t->data,
72 t->u.target_size - sizeof(*t),
73 hook)) { 72 hook)) {
74 module_put(t->u.kernel.target->me); 73 module_put(t->u.kernel.target->me);
75 ret = -EINVAL; 74 ret = -EINVAL;
@@ -81,8 +80,7 @@ static int ipt_init_target(struct ipt_entry_target *t, char *table, unsigned int
81static void ipt_destroy_target(struct ipt_entry_target *t) 80static void ipt_destroy_target(struct ipt_entry_target *t)
82{ 81{
83 if (t->u.kernel.target->destroy) 82 if (t->u.kernel.target->destroy)
84 t->u.kernel.target->destroy(t->u.kernel.target, t->data, 83 t->u.kernel.target->destroy(t->u.kernel.target, t->data);
85 t->u.target_size - sizeof(*t));
86 module_put(t->u.kernel.target->me); 84 module_put(t->u.kernel.target->me);
87} 85}
88 86