diff options
-rw-r--r-- | Documentation/feature-removal-schedule.txt | 3 | ||||
-rw-r--r-- | include/linux/netfilter/xt_connmark.h | 5 | ||||
-rw-r--r-- | net/netfilter/xt_connmark.c | 101 |
3 files changed, 11 insertions, 98 deletions
diff --git a/Documentation/feature-removal-schedule.txt b/Documentation/feature-removal-schedule.txt index 121e19c9eee6..54f935794922 100644 --- a/Documentation/feature-removal-schedule.txt +++ b/Documentation/feature-removal-schedule.txt | |||
@@ -238,9 +238,6 @@ What (Why): | |||
238 | - "forwarding" header files like ipt_mac.h in | 238 | - "forwarding" header files like ipt_mac.h in |
239 | include/linux/netfilter_ipv4/ and include/linux/netfilter_ipv6/ | 239 | include/linux/netfilter_ipv4/ and include/linux/netfilter_ipv6/ |
240 | 240 | ||
241 | - xt_connmark match revision 0 | ||
242 | (superseded by xt_connmark match revision 1) | ||
243 | |||
244 | - xt_conntrack match revision 0 | 241 | - xt_conntrack match revision 0 |
245 | (superseded by xt_conntrack match revision 1) | 242 | (superseded by xt_conntrack match revision 1) |
246 | 243 | ||
diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h index 571e266d004c..619e47cde01a 100644 --- a/include/linux/netfilter/xt_connmark.h +++ b/include/linux/netfilter/xt_connmark.h | |||
@@ -12,11 +12,6 @@ | |||
12 | * (at your option) any later version. | 12 | * (at your option) any later version. |
13 | */ | 13 | */ |
14 | 14 | ||
15 | struct xt_connmark_info { | ||
16 | unsigned long mark, mask; | ||
17 | __u8 invert; | ||
18 | }; | ||
19 | |||
20 | struct xt_connmark_mtinfo1 { | 15 | struct xt_connmark_mtinfo1 { |
21 | __u32 mark, mask; | 16 | __u32 mark, mask; |
22 | __u8 invert; | 17 | __u8 invert; |
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c index 86cacab7a4a3..122aa8b0147b 100644 --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c | |||
@@ -47,36 +47,6 @@ connmark_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
47 | return ((ct->mark & info->mask) == info->mark) ^ info->invert; | 47 | return ((ct->mark & info->mask) == info->mark) ^ info->invert; |
48 | } | 48 | } |
49 | 49 | ||
50 | static bool | ||
51 | connmark_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par) | ||
52 | { | ||
53 | const struct xt_connmark_info *info = par->matchinfo; | ||
54 | const struct nf_conn *ct; | ||
55 | enum ip_conntrack_info ctinfo; | ||
56 | |||
57 | ct = nf_ct_get(skb, &ctinfo); | ||
58 | if (!ct) | ||
59 | return false; | ||
60 | |||
61 | return ((ct->mark & info->mask) == info->mark) ^ info->invert; | ||
62 | } | ||
63 | |||
64 | static bool connmark_mt_check_v0(const struct xt_mtchk_param *par) | ||
65 | { | ||
66 | const struct xt_connmark_info *cm = par->matchinfo; | ||
67 | |||
68 | if (cm->mark > 0xffffffff || cm->mask > 0xffffffff) { | ||
69 | printk(KERN_WARNING "connmark: only support 32bit mark\n"); | ||
70 | return false; | ||
71 | } | ||
72 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { | ||
73 | printk(KERN_WARNING "can't load conntrack support for " | ||
74 | "proto=%u\n", par->family); | ||
75 | return false; | ||
76 | } | ||
77 | return true; | ||
78 | } | ||
79 | |||
80 | static bool connmark_mt_check(const struct xt_mtchk_param *par) | 50 | static bool connmark_mt_check(const struct xt_mtchk_param *par) |
81 | { | 51 | { |
82 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { | 52 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
@@ -92,74 +62,25 @@ static void connmark_mt_destroy(const struct xt_mtdtor_param *par) | |||
92 | nf_ct_l3proto_module_put(par->family); | 62 | nf_ct_l3proto_module_put(par->family); |
93 | } | 63 | } |
94 | 64 | ||
95 | #ifdef CONFIG_COMPAT | 65 | static struct xt_match connmark_mt_reg __read_mostly = { |
96 | struct compat_xt_connmark_info { | 66 | .name = "connmark", |
97 | compat_ulong_t mark, mask; | 67 | .revision = 1, |
98 | u_int8_t invert; | 68 | .family = NFPROTO_UNSPEC, |
99 | u_int8_t __pad1; | 69 | .checkentry = connmark_mt_check, |
100 | u_int16_t __pad2; | 70 | .match = connmark_mt, |
101 | }; | 71 | .matchsize = sizeof(struct xt_connmark_mtinfo1), |
102 | 72 | .destroy = connmark_mt_destroy, | |
103 | static void connmark_mt_compat_from_user_v0(void *dst, void *src) | 73 | .me = THIS_MODULE, |
104 | { | ||
105 | const struct compat_xt_connmark_info *cm = src; | ||
106 | struct xt_connmark_info m = { | ||
107 | .mark = cm->mark, | ||
108 | .mask = cm->mask, | ||
109 | .invert = cm->invert, | ||
110 | }; | ||
111 | memcpy(dst, &m, sizeof(m)); | ||
112 | } | ||
113 | |||
114 | static int connmark_mt_compat_to_user_v0(void __user *dst, void *src) | ||
115 | { | ||
116 | const struct xt_connmark_info *m = src; | ||
117 | struct compat_xt_connmark_info cm = { | ||
118 | .mark = m->mark, | ||
119 | .mask = m->mask, | ||
120 | .invert = m->invert, | ||
121 | }; | ||
122 | return copy_to_user(dst, &cm, sizeof(cm)) ? -EFAULT : 0; | ||
123 | } | ||
124 | #endif /* CONFIG_COMPAT */ | ||
125 | |||
126 | static struct xt_match connmark_mt_reg[] __read_mostly = { | ||
127 | { | ||
128 | .name = "connmark", | ||
129 | .revision = 0, | ||
130 | .family = NFPROTO_UNSPEC, | ||
131 | .checkentry = connmark_mt_check_v0, | ||
132 | .match = connmark_mt_v0, | ||
133 | .destroy = connmark_mt_destroy, | ||
134 | .matchsize = sizeof(struct xt_connmark_info), | ||
135 | #ifdef CONFIG_COMPAT | ||
136 | .compatsize = sizeof(struct compat_xt_connmark_info), | ||
137 | .compat_from_user = connmark_mt_compat_from_user_v0, | ||
138 | .compat_to_user = connmark_mt_compat_to_user_v0, | ||
139 | #endif | ||
140 | .me = THIS_MODULE | ||
141 | }, | ||
142 | { | ||
143 | .name = "connmark", | ||
144 | .revision = 1, | ||
145 | .family = NFPROTO_UNSPEC, | ||
146 | .checkentry = connmark_mt_check, | ||
147 | .match = connmark_mt, | ||
148 | .matchsize = sizeof(struct xt_connmark_mtinfo1), | ||
149 | .destroy = connmark_mt_destroy, | ||
150 | .me = THIS_MODULE, | ||
151 | }, | ||
152 | }; | 74 | }; |
153 | 75 | ||
154 | static int __init connmark_mt_init(void) | 76 | static int __init connmark_mt_init(void) |
155 | { | 77 | { |
156 | return xt_register_matches(connmark_mt_reg, | 78 | return xt_register_match(&connmark_mt_reg); |
157 | ARRAY_SIZE(connmark_mt_reg)); | ||
158 | } | 79 | } |
159 | 80 | ||
160 | static void __exit connmark_mt_exit(void) | 81 | static void __exit connmark_mt_exit(void) |
161 | { | 82 | { |
162 | xt_unregister_matches(connmark_mt_reg, ARRAY_SIZE(connmark_mt_reg)); | 83 | xt_unregister_match(&connmark_mt_reg); |
163 | } | 84 | } |
164 | 85 | ||
165 | module_init(connmark_mt_init); | 86 | module_init(connmark_mt_init); |