aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter_bridge/ebtables.h6
-rw-r--r--net/bridge/netfilter/ebt_802_3.c2
-rw-r--r--net/bridge/netfilter/ebt_among.c2
-rw-r--r--net/bridge/netfilter/ebt_arp.c2
-rw-r--r--net/bridge/netfilter/ebt_arpreply.c2
-rw-r--r--net/bridge/netfilter/ebt_dnat.c2
-rw-r--r--net/bridge/netfilter/ebt_ip.c2
-rw-r--r--net/bridge/netfilter/ebt_ip6.c2
-rw-r--r--net/bridge/netfilter/ebt_limit.c2
-rw-r--r--net/bridge/netfilter/ebt_log.c2
-rw-r--r--net/bridge/netfilter/ebt_mark.c2
-rw-r--r--net/bridge/netfilter/ebt_mark_m.c2
-rw-r--r--net/bridge/netfilter/ebt_nflog.c2
-rw-r--r--net/bridge/netfilter/ebt_pkttype.c2
-rw-r--r--net/bridge/netfilter/ebt_redirect.c2
-rw-r--r--net/bridge/netfilter/ebt_snat.c2
-rw-r--r--net/bridge/netfilter/ebt_stp.c2
-rw-r--r--net/bridge/netfilter/ebt_ulog.c2
-rw-r--r--net/bridge/netfilter/ebt_vlan.c2
-rw-r--r--net/bridge/netfilter/ebtables.c58
20 files changed, 91 insertions, 9 deletions
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index 097432b94c55..82f854bf37e7 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -214,6 +214,8 @@ struct ebt_match
214 const struct ebt_entry *e, void *matchdata, unsigned int datalen); 214 const struct ebt_entry *e, void *matchdata, unsigned int datalen);
215 void (*destroy)(void *matchdata, unsigned int datalen); 215 void (*destroy)(void *matchdata, unsigned int datalen);
216 unsigned int matchsize; 216 unsigned int matchsize;
217 u_int8_t revision;
218 u_int8_t family;
217 struct module *me; 219 struct module *me;
218}; 220};
219 221
@@ -228,6 +230,8 @@ struct ebt_watcher
228 const struct ebt_entry *e, void *watcherdata, unsigned int datalen); 230 const struct ebt_entry *e, void *watcherdata, unsigned int datalen);
229 void (*destroy)(void *watcherdata, unsigned int datalen); 231 void (*destroy)(void *watcherdata, unsigned int datalen);
230 unsigned int targetsize; 232 unsigned int targetsize;
233 u_int8_t revision;
234 u_int8_t family;
231 struct module *me; 235 struct module *me;
232}; 236};
233 237
@@ -243,6 +247,8 @@ struct ebt_target
243 const struct ebt_entry *e, void *targetdata, unsigned int datalen); 247 const struct ebt_entry *e, void *targetdata, unsigned int datalen);
244 void (*destroy)(void *targetdata, unsigned int datalen); 248 void (*destroy)(void *targetdata, unsigned int datalen);
245 unsigned int targetsize; 249 unsigned int targetsize;
250 u_int8_t revision;
251 u_int8_t family;
246 struct module *me; 252 struct module *me;
247}; 253};
248 254
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c
index 8ebe62b9bcc1..f9876f227574 100644
--- a/net/bridge/netfilter/ebt_802_3.c
+++ b/net/bridge/netfilter/ebt_802_3.c
@@ -51,6 +51,8 @@ static bool ebt_802_3_check(const char *tablename, unsigned int hookmask,
51 51
52static struct ebt_match filter_802_3 __read_mostly = { 52static struct ebt_match filter_802_3 __read_mostly = {
53 .name = EBT_802_3_MATCH, 53 .name = EBT_802_3_MATCH,
54 .revision = 0,
55 .family = NFPROTO_BRIDGE,
54 .match = ebt_filter_802_3, 56 .match = ebt_filter_802_3,
55 .check = ebt_802_3_check, 57 .check = ebt_802_3_check,
56 .matchsize = XT_ALIGN(sizeof(struct ebt_802_3_info)), 58 .matchsize = XT_ALIGN(sizeof(struct ebt_802_3_info)),
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
index bfdc67bcbfaf..568c890887b5 100644
--- a/net/bridge/netfilter/ebt_among.c
+++ b/net/bridge/netfilter/ebt_among.c
@@ -211,6 +211,8 @@ ebt_among_check(const char *tablename, unsigned int hookmask,
211 211
212static struct ebt_match filter_among __read_mostly = { 212static struct ebt_match filter_among __read_mostly = {
213 .name = EBT_AMONG_MATCH, 213 .name = EBT_AMONG_MATCH,
214 .revision = 0,
215 .family = NFPROTO_BRIDGE,
214 .match = ebt_filter_among, 216 .match = ebt_filter_among,
215 .check = ebt_among_check, 217 .check = ebt_among_check,
216 .matchsize = -1, /* special case */ 218 .matchsize = -1, /* special case */
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c
index f1f0bcf5524a..4a5226cbab89 100644
--- a/net/bridge/netfilter/ebt_arp.c
+++ b/net/bridge/netfilter/ebt_arp.c
@@ -117,6 +117,8 @@ static bool ebt_arp_check(const char *tablename, unsigned int hookmask,
117 117
118static struct ebt_match filter_arp __read_mostly = { 118static struct ebt_match filter_arp __read_mostly = {
119 .name = EBT_ARP_MATCH, 119 .name = EBT_ARP_MATCH,
120 .revision = 0,
121 .family = NFPROTO_BRIDGE,
120 .match = ebt_filter_arp, 122 .match = ebt_filter_arp,
121 .check = ebt_arp_check, 123 .check = ebt_arp_check,
122 .matchsize = XT_ALIGN(sizeof(struct ebt_arp_info)), 124 .matchsize = XT_ALIGN(sizeof(struct ebt_arp_info)),
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c
index b444cf835f1e..7ab16556800e 100644
--- a/net/bridge/netfilter/ebt_arpreply.c
+++ b/net/bridge/netfilter/ebt_arpreply.c
@@ -76,6 +76,8 @@ static bool ebt_target_reply_check(const char *tablename, unsigned int hookmask,
76 76
77static struct ebt_target reply_target __read_mostly = { 77static struct ebt_target reply_target __read_mostly = {
78 .name = EBT_ARPREPLY_TARGET, 78 .name = EBT_ARPREPLY_TARGET,
79 .revision = 0,
80 .family = NFPROTO_BRIDGE,
79 .target = ebt_target_reply, 81 .target = ebt_target_reply,
80 .check = ebt_target_reply_check, 82 .check = ebt_target_reply_check,
81 .targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)), 83 .targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)),
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c
index d58b9e32338e..64838e2835a0 100644
--- a/net/bridge/netfilter/ebt_dnat.c
+++ b/net/bridge/netfilter/ebt_dnat.c
@@ -46,6 +46,8 @@ static bool ebt_target_dnat_check(const char *tablename, unsigned int hookmask,
46 46
47static struct ebt_target dnat __read_mostly = { 47static struct ebt_target dnat __read_mostly = {
48 .name = EBT_DNAT_TARGET, 48 .name = EBT_DNAT_TARGET,
49 .revision = 0,
50 .family = NFPROTO_BRIDGE,
49 .target = ebt_target_dnat, 51 .target = ebt_target_dnat,
50 .check = ebt_target_dnat_check, 52 .check = ebt_target_dnat_check,
51 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), 53 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c
index 018782f044c4..0bef6f7bc83f 100644
--- a/net/bridge/netfilter/ebt_ip.c
+++ b/net/bridge/netfilter/ebt_ip.c
@@ -108,6 +108,8 @@ static bool ebt_ip_check(const char *tablename, unsigned int hookmask,
108 108
109static struct ebt_match filter_ip __read_mostly = { 109static struct ebt_match filter_ip __read_mostly = {
110 .name = EBT_IP_MATCH, 110 .name = EBT_IP_MATCH,
111 .revision = 0,
112 .family = NFPROTO_BRIDGE,
111 .match = ebt_filter_ip, 113 .match = ebt_filter_ip,
112 .check = ebt_ip_check, 114 .check = ebt_ip_check,
113 .matchsize = XT_ALIGN(sizeof(struct ebt_ip_info)), 115 .matchsize = XT_ALIGN(sizeof(struct ebt_ip_info)),
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
index 7fc3928e3fb5..afcabe205b8f 100644
--- a/net/bridge/netfilter/ebt_ip6.c
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -121,6 +121,8 @@ static bool ebt_ip6_check(const char *tablename, unsigned int hookmask,
121static struct ebt_match filter_ip6 = 121static struct ebt_match filter_ip6 =
122{ 122{
123 .name = EBT_IP6_MATCH, 123 .name = EBT_IP6_MATCH,
124 .revision = 0,
125 .family = NFPROTO_BRIDGE,
124 .match = ebt_filter_ip6, 126 .match = ebt_filter_ip6,
125 .check = ebt_ip6_check, 127 .check = ebt_ip6_check,
126 .matchsize = XT_ALIGN(sizeof(struct ebt_ip6_info)), 128 .matchsize = XT_ALIGN(sizeof(struct ebt_ip6_info)),
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
index 925065a22a65..9ca0a2564c8d 100644
--- a/net/bridge/netfilter/ebt_limit.c
+++ b/net/bridge/netfilter/ebt_limit.c
@@ -88,6 +88,8 @@ static bool ebt_limit_check(const char *tablename, unsigned int hookmask,
88 88
89static struct ebt_match ebt_limit_reg __read_mostly = { 89static struct ebt_match ebt_limit_reg __read_mostly = {
90 .name = EBT_LIMIT_MATCH, 90 .name = EBT_LIMIT_MATCH,
91 .revision = 0,
92 .family = NFPROTO_BRIDGE,
91 .match = ebt_limit_match, 93 .match = ebt_limit_match,
92 .check = ebt_limit_check, 94 .check = ebt_limit_check,
93 .matchsize = XT_ALIGN(sizeof(struct ebt_limit_info)), 95 .matchsize = XT_ALIGN(sizeof(struct ebt_limit_info)),
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index 2705d7a2a9b5..c2e1c357025e 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -215,6 +215,8 @@ static unsigned int ebt_log(const struct sk_buff *skb, unsigned int hooknr,
215static struct ebt_watcher log = 215static struct ebt_watcher log =
216{ 216{
217 .name = EBT_LOG_WATCHER, 217 .name = EBT_LOG_WATCHER,
218 .revision = 0,
219 .family = NFPROTO_BRIDGE,
218 .watcher = ebt_log, 220 .watcher = ebt_log,
219 .check = ebt_log_check, 221 .check = ebt_log_check,
220 .targetsize = XT_ALIGN(sizeof(struct ebt_log_info)), 222 .targetsize = XT_ALIGN(sizeof(struct ebt_log_info)),
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c
index e4b91d8e2c6c..910721a12673 100644
--- a/net/bridge/netfilter/ebt_mark.c
+++ b/net/bridge/netfilter/ebt_mark.c
@@ -58,6 +58,8 @@ static bool ebt_target_mark_check(const char *tablename, unsigned int hookmask,
58 58
59static struct ebt_target mark_target __read_mostly = { 59static struct ebt_target mark_target __read_mostly = {
60 .name = EBT_MARK_TARGET, 60 .name = EBT_MARK_TARGET,
61 .revision = 0,
62 .family = NFPROTO_BRIDGE,
61 .target = ebt_target_mark, 63 .target = ebt_target_mark,
62 .check = ebt_target_mark_check, 64 .check = ebt_target_mark_check,
63 .targetsize = XT_ALIGN(sizeof(struct ebt_mark_t_info)), 65 .targetsize = XT_ALIGN(sizeof(struct ebt_mark_t_info)),
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c
index ec16c0e2868a..6512ad9b4097 100644
--- a/net/bridge/netfilter/ebt_mark_m.c
+++ b/net/bridge/netfilter/ebt_mark_m.c
@@ -39,6 +39,8 @@ static bool ebt_mark_check(const char *tablename, unsigned int hookmask,
39 39
40static struct ebt_match filter_mark __read_mostly = { 40static struct ebt_match filter_mark __read_mostly = {
41 .name = EBT_MARK_MATCH, 41 .name = EBT_MARK_MATCH,
42 .revision = 0,
43 .family = NFPROTO_BRIDGE,
42 .match = ebt_filter_mark, 44 .match = ebt_filter_mark,
43 .check = ebt_mark_check, 45 .check = ebt_mark_check,
44 .matchsize = XT_ALIGN(sizeof(struct ebt_mark_m_info)), 46 .matchsize = XT_ALIGN(sizeof(struct ebt_mark_m_info)),
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c
index 2c75023b3260..aa0410c69a60 100644
--- a/net/bridge/netfilter/ebt_nflog.c
+++ b/net/bridge/netfilter/ebt_nflog.c
@@ -52,6 +52,8 @@ static bool ebt_nflog_check(const char *tablename,
52 52
53static struct ebt_watcher nflog __read_mostly = { 53static struct ebt_watcher nflog __read_mostly = {
54 .name = EBT_NFLOG_WATCHER, 54 .name = EBT_NFLOG_WATCHER,
55 .revision = 0,
56 .family = NFPROTO_BRIDGE,
55 .watcher = ebt_nflog, 57 .watcher = ebt_nflog,
56 .check = ebt_nflog_check, 58 .check = ebt_nflog_check,
57 .targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)), 59 .targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)),
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c
index 74b443284366..a9acecc88e9e 100644
--- a/net/bridge/netfilter/ebt_pkttype.c
+++ b/net/bridge/netfilter/ebt_pkttype.c
@@ -36,6 +36,8 @@ static bool ebt_pkttype_check(const char *tablename, unsigned int hookmask,
36 36
37static struct ebt_match filter_pkttype __read_mostly = { 37static struct ebt_match filter_pkttype __read_mostly = {
38 .name = EBT_PKTTYPE_MATCH, 38 .name = EBT_PKTTYPE_MATCH,
39 .revision = 0,
40 .family = NFPROTO_BRIDGE,
39 .match = ebt_filter_pkttype, 41 .match = ebt_filter_pkttype,
40 .check = ebt_pkttype_check, 42 .check = ebt_pkttype_check,
41 .matchsize = XT_ALIGN(sizeof(struct ebt_pkttype_info)), 43 .matchsize = XT_ALIGN(sizeof(struct ebt_pkttype_info)),
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c
index 7bf1390ad97b..4c628108bcda 100644
--- a/net/bridge/netfilter/ebt_redirect.c
+++ b/net/bridge/netfilter/ebt_redirect.c
@@ -52,6 +52,8 @@ static bool ebt_target_redirect_check(const char *tablename, unsigned int hookma
52 52
53static struct ebt_target redirect_target __read_mostly = { 53static struct ebt_target redirect_target __read_mostly = {
54 .name = EBT_REDIRECT_TARGET, 54 .name = EBT_REDIRECT_TARGET,
55 .revision = 0,
56 .family = NFPROTO_BRIDGE,
55 .target = ebt_target_redirect, 57 .target = ebt_target_redirect,
56 .check = ebt_target_redirect_check, 58 .check = ebt_target_redirect_check,
57 .targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)), 59 .targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)),
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c
index d13f05d2620e..0e83de781c0c 100644
--- a/net/bridge/netfilter/ebt_snat.c
+++ b/net/bridge/netfilter/ebt_snat.c
@@ -68,6 +68,8 @@ static bool ebt_target_snat_check(const char *tablename, unsigned int hookmask,
68 68
69static struct ebt_target snat __read_mostly = { 69static struct ebt_target snat __read_mostly = {
70 .name = EBT_SNAT_TARGET, 70 .name = EBT_SNAT_TARGET,
71 .revision = 0,
72 .family = NFPROTO_BRIDGE,
71 .target = ebt_target_snat, 73 .target = ebt_target_snat,
72 .check = ebt_target_snat_check, 74 .check = ebt_target_snat_check,
73 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), 75 .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c
index 7618206639ed..e6d8f0c140a4 100644
--- a/net/bridge/netfilter/ebt_stp.c
+++ b/net/bridge/netfilter/ebt_stp.c
@@ -174,6 +174,8 @@ static bool ebt_stp_check(const char *tablename, unsigned int hookmask,
174 174
175static struct ebt_match filter_stp __read_mostly = { 175static struct ebt_match filter_stp __read_mostly = {
176 .name = EBT_STP_MATCH, 176 .name = EBT_STP_MATCH,
177 .revision = 0,
178 .family = NFPROTO_BRIDGE,
177 .match = ebt_filter_stp, 179 .match = ebt_filter_stp,
178 .check = ebt_stp_check, 180 .check = ebt_stp_check,
179 .matchsize = XT_ALIGN(sizeof(struct ebt_stp_info)), 181 .matchsize = XT_ALIGN(sizeof(struct ebt_stp_info)),
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
index 5f86f555f6d1..076b44590f16 100644
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -274,6 +274,8 @@ static bool ebt_ulog_check(const char *tablename, unsigned int hookmask,
274 274
275static struct ebt_watcher ulog __read_mostly = { 275static struct ebt_watcher ulog __read_mostly = {
276 .name = EBT_ULOG_WATCHER, 276 .name = EBT_ULOG_WATCHER,
277 .revision = 0,
278 .family = NFPROTO_BRIDGE,
277 .watcher = ebt_ulog, 279 .watcher = ebt_ulog,
278 .check = ebt_ulog_check, 280 .check = ebt_ulog_check,
279 .targetsize = XT_ALIGN(sizeof(struct ebt_ulog_info)), 281 .targetsize = XT_ALIGN(sizeof(struct ebt_ulog_info)),
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c
index 8cc4257a1ade..9e3a39ae4660 100644
--- a/net/bridge/netfilter/ebt_vlan.c
+++ b/net/bridge/netfilter/ebt_vlan.c
@@ -164,6 +164,8 @@ ebt_check_vlan(const char *tablename,
164 164
165static struct ebt_match filter_vlan __read_mostly = { 165static struct ebt_match filter_vlan __read_mostly = {
166 .name = EBT_VLAN_MATCH, 166 .name = EBT_VLAN_MATCH,
167 .revision = 0,
168 .family = NFPROTO_BRIDGE,
167 .match = ebt_filter_vlan, 169 .match = ebt_filter_vlan,
168 .check = ebt_check_vlan, 170 .check = ebt_check_vlan,
169 .matchsize = XT_ALIGN(sizeof(struct ebt_vlan_info)), 171 .matchsize = XT_ALIGN(sizeof(struct ebt_vlan_info)),
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index fe4995277296..bc4b3f4f37c4 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -61,7 +61,9 @@ static LIST_HEAD(ebt_matches);
61static LIST_HEAD(ebt_watchers); 61static LIST_HEAD(ebt_watchers);
62 62
63static struct ebt_target ebt_standard_target = { 63static struct ebt_target ebt_standard_target = {
64 .name = "standard", 64 .name = "standard",
65 .revision = 0,
66 .family = NFPROTO_BRIDGE,
65}; 67};
66 68
67static inline int ebt_do_watcher (struct ebt_entry_watcher *w, 69static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
@@ -352,6 +354,17 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
352 return -ENOENT; 354 return -ENOENT;
353 } 355 }
354 mutex_unlock(&ebt_mutex); 356 mutex_unlock(&ebt_mutex);
357 if (match->family != NFPROTO_BRIDGE) {
358 printk(KERN_WARNING "ebtables: %s match: not for ebtables?\n",
359 match->name);
360 goto out;
361 }
362 if (match->revision != 0) {
363 printk(KERN_WARNING "ebtables: %s match: ebtables is not "
364 "supporting revisions at this time\n",
365 match->name);
366 goto out;
367 }
355 if (XT_ALIGN(match->matchsize) != m->match_size && 368 if (XT_ALIGN(match->matchsize) != m->match_size &&
356 match->matchsize != -1) { 369 match->matchsize != -1) {
357 /* 370 /*
@@ -361,17 +374,18 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
361 printk(KERN_WARNING "ebtables: %s match: " 374 printk(KERN_WARNING "ebtables: %s match: "
362 "invalid size %Zu != %u\n", 375 "invalid size %Zu != %u\n",
363 match->name, XT_ALIGN(match->matchsize), m->match_size); 376 match->name, XT_ALIGN(match->matchsize), m->match_size);
364 module_put(match->me); 377 goto out;
365 return -EINVAL;
366 } 378 }
367 if (match->check && 379 if (match->check &&
368 !match->check(name, hookmask, e, m->data, m->match_size)) { 380 !match->check(name, hookmask, e, m->data, m->match_size)) {
369 BUGPRINT("match->check failed\n"); 381 BUGPRINT("match->check failed\n");
370 module_put(match->me); 382 goto out;
371 return -EINVAL;
372 } 383 }
373 (*cnt)++; 384 (*cnt)++;
374 return 0; 385 return 0;
386 out:
387 module_put(match->me);
388 return -EINVAL;
375} 389}
376 390
377static inline int 391static inline int
@@ -394,22 +408,34 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
394 return -ENOENT; 408 return -ENOENT;
395 } 409 }
396 mutex_unlock(&ebt_mutex); 410 mutex_unlock(&ebt_mutex);
411 if (watcher->family != NFPROTO_BRIDGE) {
412 printk(KERN_WARNING "ebtables: %s watcher: not for ebtables?\n",
413 watcher->name);
414 goto out;
415 }
416 if (watcher->revision != 0) {
417 printk(KERN_WARNING "ebtables: %s watcher: ebtables is not "
418 "supporting revisions at this time\n",
419 watcher->name);
420 goto out;
421 }
397 if (XT_ALIGN(watcher->targetsize) != w->watcher_size) { 422 if (XT_ALIGN(watcher->targetsize) != w->watcher_size) {
398 printk(KERN_WARNING "ebtables: %s watcher: " 423 printk(KERN_WARNING "ebtables: %s watcher: "
399 "invalid size %Zu != %u\n", 424 "invalid size %Zu != %u\n",
400 watcher->name, XT_ALIGN(watcher->targetsize), 425 watcher->name, XT_ALIGN(watcher->targetsize),
401 w->watcher_size); 426 w->watcher_size);
402 module_put(watcher->me); 427 goto out;
403 return -EINVAL;
404 } 428 }
405 if (watcher->check && 429 if (watcher->check &&
406 !watcher->check(name, hookmask, e, w->data, w->watcher_size)) { 430 !watcher->check(name, hookmask, e, w->data, w->watcher_size)) {
407 BUGPRINT("watcher->check failed\n"); 431 BUGPRINT("watcher->check failed\n");
408 module_put(watcher->me); 432 goto out;
409 return -EINVAL;
410 } 433 }
411 (*cnt)++; 434 (*cnt)++;
412 return 0; 435 return 0;
436 out:
437 module_put(watcher->me);
438 return -EINVAL;
413} 439}
414 440
415static int ebt_verify_pointers(struct ebt_replace *repl, 441static int ebt_verify_pointers(struct ebt_replace *repl,
@@ -690,6 +716,20 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
690 } 716 }
691 mutex_unlock(&ebt_mutex); 717 mutex_unlock(&ebt_mutex);
692 718
719 if (target->family != NFPROTO_BRIDGE) {
720 printk(KERN_WARNING "ebtables: %s target: not for ebtables?\n",
721 target->name);
722 ret = -EINVAL;
723 goto cleanup_watchers;
724 }
725 if (target->revision != 0) {
726 printk(KERN_WARNING "ebtables: %s target: ebtables is not "
727 "supporting revisions at this time\n",
728 target->name);
729 ret = -EINVAL;
730 goto cleanup_watchers;
731 }
732
693 t->u.target = target; 733 t->u.target = target;
694 if (t->u.target == &ebt_standard_target) { 734 if (t->u.target == &ebt_standard_target) {
695 if (gap < sizeof(struct ebt_standard_target)) { 735 if (gap < sizeof(struct ebt_standard_target)) {