diff options
| -rw-r--r-- | include/linux/netfilter/x_tables.h | 8 | ||||
| -rw-r--r-- | include/linux/netfilter_arp/arp_tables.h | 41 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv4/ip_tables.h | 22 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv6/ip6_tables.h | 22 | ||||
| -rw-r--r-- | net/ipv4/netfilter/arptable_filter.c | 140 | ||||
| -rw-r--r-- | net/ipv4/netfilter/iptable_filter.c | 70 | ||||
| -rw-r--r-- | net/ipv4/netfilter/iptable_mangle.c | 96 | ||||
| -rw-r--r-- | net/ipv4/netfilter/iptable_raw.c | 58 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_rule.c | 73 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_filter.c | 70 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_mangle.c | 96 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_raw.c | 52 |
12 files changed, 238 insertions, 510 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 022edfa97ed9..7e733a6ba4f6 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h | |||
| @@ -54,6 +54,14 @@ struct xt_entry_target | |||
| 54 | unsigned char data[0]; | 54 | unsigned char data[0]; |
| 55 | }; | 55 | }; |
| 56 | 56 | ||
| 57 | #define XT_TARGET_INIT(__name, __size) \ | ||
| 58 | { \ | ||
| 59 | .target.u.user = { \ | ||
| 60 | .target_size = XT_ALIGN(__size), \ | ||
| 61 | .name = __name, \ | ||
| 62 | }, \ | ||
| 63 | } | ||
| 64 | |||
| 57 | struct xt_standard_target | 65 | struct xt_standard_target |
| 58 | { | 66 | { |
| 59 | struct xt_entry_target target; | 67 | struct xt_entry_target target; |
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index 24c8786d12e9..584cd1b18f12 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h | |||
| @@ -238,6 +238,47 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e | |||
| 238 | */ | 238 | */ |
| 239 | #ifdef __KERNEL__ | 239 | #ifdef __KERNEL__ |
| 240 | 240 | ||
| 241 | /* Standard entry. */ | ||
| 242 | struct arpt_standard | ||
| 243 | { | ||
| 244 | struct arpt_entry entry; | ||
| 245 | struct arpt_standard_target target; | ||
| 246 | }; | ||
| 247 | |||
| 248 | struct arpt_error_target | ||
| 249 | { | ||
| 250 | struct arpt_entry_target target; | ||
| 251 | char errorname[ARPT_FUNCTION_MAXNAMELEN]; | ||
| 252 | }; | ||
| 253 | |||
| 254 | struct arpt_error | ||
| 255 | { | ||
| 256 | struct arpt_entry entry; | ||
| 257 | struct arpt_error_target target; | ||
| 258 | }; | ||
| 259 | |||
| 260 | #define ARPT_ENTRY_INIT(__size) \ | ||
| 261 | { \ | ||
| 262 | .target_offset = sizeof(struct arpt_entry), \ | ||
| 263 | .next_offset = (__size), \ | ||
| 264 | } | ||
| 265 | |||
| 266 | #define ARPT_STANDARD_INIT(__verdict) \ | ||
| 267 | { \ | ||
| 268 | .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \ | ||
| 269 | .target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \ | ||
| 270 | sizeof(struct arpt_standard_target)), \ | ||
| 271 | .target.verdict = -(__verdict) - 1, \ | ||
| 272 | } | ||
| 273 | |||
| 274 | #define ARPT_ERROR_INIT \ | ||
| 275 | { \ | ||
| 276 | .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_error)), \ | ||
| 277 | .target = XT_TARGET_INIT(ARPT_ERROR_TARGET, \ | ||
| 278 | sizeof(struct arpt_error_target)), \ | ||
| 279 | .target.errorname = "ERROR", \ | ||
| 280 | } | ||
| 281 | |||
| 241 | #define arpt_register_target(tgt) \ | 282 | #define arpt_register_target(tgt) \ |
| 242 | ({ (tgt)->family = NF_ARP; \ | 283 | ({ (tgt)->family = NF_ARP; \ |
| 243 | xt_register_target(tgt); }) | 284 | xt_register_target(tgt); }) |
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index 9527296595cd..2f46dd728ee1 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h | |||
| @@ -295,6 +295,28 @@ struct ipt_error | |||
| 295 | struct ipt_error_target target; | 295 | struct ipt_error_target target; |
| 296 | }; | 296 | }; |
| 297 | 297 | ||
| 298 | #define IPT_ENTRY_INIT(__size) \ | ||
| 299 | { \ | ||
| 300 | .target_offset = sizeof(struct ipt_entry), \ | ||
| 301 | .next_offset = (__size), \ | ||
| 302 | } | ||
| 303 | |||
| 304 | #define IPT_STANDARD_INIT(__verdict) \ | ||
| 305 | { \ | ||
| 306 | .entry = IPT_ENTRY_INIT(sizeof(struct ipt_standard)), \ | ||
| 307 | .target = XT_TARGET_INIT(IPT_STANDARD_TARGET, \ | ||
| 308 | sizeof(struct xt_standard_target)), \ | ||
| 309 | .target.verdict = -(__verdict) - 1, \ | ||
| 310 | } | ||
| 311 | |||
| 312 | #define IPT_ERROR_INIT \ | ||
| 313 | { \ | ||
| 314 | .entry = IPT_ENTRY_INIT(sizeof(struct ipt_error)), \ | ||
| 315 | .target = XT_TARGET_INIT(IPT_ERROR_TARGET, \ | ||
| 316 | sizeof(struct ipt_error_target)), \ | ||
| 317 | .target.errorname = "ERROR", \ | ||
| 318 | } | ||
| 319 | |||
| 298 | extern unsigned int ipt_do_table(struct sk_buff **pskb, | 320 | extern unsigned int ipt_do_table(struct sk_buff **pskb, |
| 299 | unsigned int hook, | 321 | unsigned int hook, |
| 300 | const struct net_device *in, | 322 | const struct net_device *in, |
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index 61aa10412fc8..4686f8342cbd 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h | |||
| @@ -123,6 +123,28 @@ struct ip6t_error | |||
| 123 | struct ip6t_error_target target; | 123 | struct ip6t_error_target target; |
| 124 | }; | 124 | }; |
| 125 | 125 | ||
| 126 | #define IP6T_ENTRY_INIT(__size) \ | ||
| 127 | { \ | ||
| 128 | .target_offset = sizeof(struct ip6t_entry), \ | ||
| 129 | .next_offset = (__size), \ | ||
| 130 | } | ||
| 131 | |||
| 132 | #define IP6T_STANDARD_INIT(__verdict) \ | ||
| 133 | { \ | ||
| 134 | .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \ | ||
| 135 | .target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \ | ||
| 136 | sizeof(struct ip6t_standard_target)), \ | ||
| 137 | .target.verdict = -(__verdict) - 1, \ | ||
| 138 | } | ||
| 139 | |||
| 140 | #define IP6T_ERROR_INIT \ | ||
| 141 | { \ | ||
| 142 | .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \ | ||
| 143 | .target = XT_TARGET_INIT(IP6T_ERROR_TARGET, \ | ||
| 144 | sizeof(struct ip6t_error_target)), \ | ||
| 145 | .target.errorname = "ERROR", \ | ||
| 146 | } | ||
| 147 | |||
| 126 | /* | 148 | /* |
| 127 | * New IP firewall options for [gs]etsockopt at the RAW IP level. | 149 | * New IP firewall options for [gs]etsockopt at the RAW IP level. |
| 128 | * Unlike BSD Linux inherits IP options so you don't have to use | 150 | * Unlike BSD Linux inherits IP options so you don't have to use |
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c index 7edea2a1696c..75c023062533 100644 --- a/net/ipv4/netfilter/arptable_filter.c +++ b/net/ipv4/netfilter/arptable_filter.c | |||
| @@ -15,128 +15,34 @@ MODULE_DESCRIPTION("arptables filter table"); | |||
| 15 | #define FILTER_VALID_HOOKS ((1 << NF_ARP_IN) | (1 << NF_ARP_OUT) | \ | 15 | #define FILTER_VALID_HOOKS ((1 << NF_ARP_IN) | (1 << NF_ARP_OUT) | \ |
| 16 | (1 << NF_ARP_FORWARD)) | 16 | (1 << NF_ARP_FORWARD)) |
| 17 | 17 | ||
| 18 | /* Standard entry. */ | ||
| 19 | struct arpt_standard | ||
| 20 | { | ||
| 21 | struct arpt_entry entry; | ||
| 22 | struct arpt_standard_target target; | ||
| 23 | }; | ||
| 24 | |||
| 25 | struct arpt_error_target | ||
| 26 | { | ||
| 27 | struct arpt_entry_target target; | ||
| 28 | char errorname[ARPT_FUNCTION_MAXNAMELEN]; | ||
| 29 | }; | ||
| 30 | |||
| 31 | struct arpt_error | ||
| 32 | { | ||
| 33 | struct arpt_entry entry; | ||
| 34 | struct arpt_error_target target; | ||
| 35 | }; | ||
| 36 | |||
| 37 | static struct | 18 | static struct |
| 38 | { | 19 | { |
| 39 | struct arpt_replace repl; | 20 | struct arpt_replace repl; |
| 40 | struct arpt_standard entries[3]; | 21 | struct arpt_standard entries[3]; |
| 41 | struct arpt_error term; | 22 | struct arpt_error term; |
| 42 | } initial_table __initdata | 23 | } initial_table __initdata = { |
| 43 | = { { "filter", FILTER_VALID_HOOKS, 4, | 24 | .repl = { |
| 44 | sizeof(struct arpt_standard) * 3 + sizeof(struct arpt_error), | 25 | .name = "filter", |
| 45 | { [NF_ARP_IN] = 0, | 26 | .valid_hooks = FILTER_VALID_HOOKS, |
| 46 | [NF_ARP_OUT] = sizeof(struct arpt_standard), | 27 | .num_entries = 4, |
| 47 | [NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard), }, | 28 | .size = sizeof(struct arpt_standard) * 3 + sizeof(struct arpt_error), |
| 48 | { [NF_ARP_IN] = 0, | 29 | .hook_entry = { |
| 49 | [NF_ARP_OUT] = sizeof(struct arpt_standard), | 30 | [NF_ARP_IN] = 0, |
| 50 | [NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard), }, | 31 | [NF_ARP_OUT] = sizeof(struct arpt_standard), |
| 51 | 0, NULL, { } }, | 32 | [NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard), |
| 52 | { | 33 | }, |
| 53 | /* ARP_IN */ | 34 | .underflow = { |
| 54 | { | 35 | [NF_ARP_IN] = 0, |
| 55 | { | 36 | [NF_ARP_OUT] = sizeof(struct arpt_standard), |
| 56 | { | 37 | [NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard), |
| 57 | { 0 }, { 0 }, { 0 }, { 0 }, | 38 | }, |
| 58 | 0, 0, | 39 | }, |
| 59 | { { 0, }, { 0, } }, | 40 | .entries = { |
| 60 | { { 0, }, { 0, } }, | 41 | ARPT_STANDARD_INIT(NF_ACCEPT), /* ARP_IN */ |
| 61 | 0, 0, | 42 | ARPT_STANDARD_INIT(NF_ACCEPT), /* ARP_OUT */ |
| 62 | 0, 0, | 43 | ARPT_STANDARD_INIT(NF_ACCEPT), /* ARP_FORWARD */ |
| 63 | 0, 0, | 44 | }, |
| 64 | "", "", { 0 }, { 0 }, | 45 | .term = ARPT_ERROR_INIT, |
| 65 | 0, 0 | ||
| 66 | }, | ||
| 67 | sizeof(struct arpt_entry), | ||
| 68 | sizeof(struct arpt_standard), | ||
| 69 | 0, | ||
| 70 | { 0, 0 }, { } }, | ||
| 71 | { { { { ARPT_ALIGN(sizeof(struct arpt_standard_target)), "" } }, { } }, | ||
| 72 | -NF_ACCEPT - 1 } | ||
| 73 | }, | ||
| 74 | /* ARP_OUT */ | ||
| 75 | { | ||
| 76 | { | ||
| 77 | { | ||
| 78 | { 0 }, { 0 }, { 0 }, { 0 }, | ||
| 79 | 0, 0, | ||
| 80 | { { 0, }, { 0, } }, | ||
| 81 | { { 0, }, { 0, } }, | ||
| 82 | 0, 0, | ||
| 83 | 0, 0, | ||
| 84 | 0, 0, | ||
| 85 | "", "", { 0 }, { 0 }, | ||
| 86 | 0, 0 | ||
| 87 | }, | ||
| 88 | sizeof(struct arpt_entry), | ||
| 89 | sizeof(struct arpt_standard), | ||
| 90 | 0, | ||
| 91 | { 0, 0 }, { } }, | ||
| 92 | { { { { ARPT_ALIGN(sizeof(struct arpt_standard_target)), "" } }, { } }, | ||
| 93 | -NF_ACCEPT - 1 } | ||
| 94 | }, | ||
| 95 | /* ARP_FORWARD */ | ||
| 96 | { | ||
| 97 | { | ||
| 98 | { | ||
| 99 | { 0 }, { 0 }, { 0 }, { 0 }, | ||
| 100 | 0, 0, | ||
| 101 | { { 0, }, { 0, } }, | ||
| 102 | { { 0, }, { 0, } }, | ||
| 103 | 0, 0, | ||
| 104 | 0, 0, | ||
| 105 | 0, 0, | ||
| 106 | "", "", { 0 }, { 0 }, | ||
| 107 | 0, 0 | ||
| 108 | }, | ||
| 109 | sizeof(struct arpt_entry), | ||
| 110 | sizeof(struct arpt_standard), | ||
| 111 | 0, | ||
| 112 | { 0, 0 }, { } }, | ||
| 113 | { { { { ARPT_ALIGN(sizeof(struct arpt_standard_target)), "" } }, { } }, | ||
| 114 | -NF_ACCEPT - 1 } | ||
| 115 | } | ||
| 116 | }, | ||
| 117 | /* ERROR */ | ||
| 118 | { | ||
| 119 | { | ||
| 120 | { | ||
| 121 | { 0 }, { 0 }, { 0 }, { 0 }, | ||
| 122 | 0, 0, | ||
| 123 | { { 0, }, { 0, } }, | ||
| 124 | { { 0, }, { 0, } }, | ||
| 125 | 0, 0, | ||
| 126 | 0, 0, | ||
| 127 | 0, 0, | ||
| 128 | "", "", { 0 }, { 0 }, | ||
| 129 | 0, 0 | ||
| 130 | }, | ||
| 131 | sizeof(struct arpt_entry), | ||
| 132 | sizeof(struct arpt_error), | ||
| 133 | 0, | ||
| 134 | { 0, 0 }, { } }, | ||
| 135 | { { { { ARPT_ALIGN(sizeof(struct arpt_error_target)), ARPT_ERROR_TARGET } }, | ||
| 136 | { } }, | ||
| 137 | "ERROR" | ||
| 138 | } | ||
| 139 | } | ||
| 140 | }; | 46 | }; |
| 141 | 47 | ||
| 142 | static struct arpt_table packet_filter = { | 48 | static struct arpt_table packet_filter = { |
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index 42728909eba0..ea14979d8a82 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c | |||
| @@ -26,53 +26,29 @@ static struct | |||
| 26 | struct ipt_replace repl; | 26 | struct ipt_replace repl; |
| 27 | struct ipt_standard entries[3]; | 27 | struct ipt_standard entries[3]; |
| 28 | struct ipt_error term; | 28 | struct ipt_error term; |
| 29 | } initial_table __initdata | 29 | } initial_table __initdata = { |
| 30 | = { { "filter", FILTER_VALID_HOOKS, 4, | 30 | .repl = { |
| 31 | sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), | 31 | .name = "filter", |
| 32 | { [NF_IP_LOCAL_IN] = 0, | 32 | .valid_hooks = FILTER_VALID_HOOKS, |
| 33 | [NF_IP_FORWARD] = sizeof(struct ipt_standard), | 33 | .num_entries = 4, |
| 34 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 }, | 34 | .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), |
| 35 | { [NF_IP_LOCAL_IN] = 0, | 35 | .hook_entry = { |
| 36 | [NF_IP_FORWARD] = sizeof(struct ipt_standard), | 36 | [NF_IP_LOCAL_IN] = 0, |
| 37 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 }, | 37 | [NF_IP_FORWARD] = sizeof(struct ipt_standard), |
| 38 | 0, NULL, { } }, | 38 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, |
| 39 | { | 39 | }, |
| 40 | /* LOCAL_IN */ | 40 | .underflow = { |
| 41 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | 41 | [NF_IP_LOCAL_IN] = 0, |
| 42 | 0, | 42 | [NF_IP_FORWARD] = sizeof(struct ipt_standard), |
| 43 | sizeof(struct ipt_entry), | 43 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, |
| 44 | sizeof(struct ipt_standard), | 44 | }, |
| 45 | 0, { 0, 0 }, { } }, | 45 | }, |
| 46 | { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, | 46 | .entries = { |
| 47 | -NF_ACCEPT - 1 } }, | 47 | IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_IN */ |
| 48 | /* FORWARD */ | 48 | IPT_STANDARD_INIT(NF_ACCEPT), /* FORWARD */ |
| 49 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | 49 | IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */ |
| 50 | 0, | 50 | }, |
| 51 | sizeof(struct ipt_entry), | 51 | .term = IPT_ERROR_INIT, /* ERROR */ |
| 52 | sizeof(struct ipt_standard), | ||
| 53 | 0, { 0, 0 }, { } }, | ||
| 54 | { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, | ||
| 55 | -NF_ACCEPT - 1 } }, | ||
| 56 | /* LOCAL_OUT */ | ||
| 57 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
| 58 | 0, | ||
| 59 | sizeof(struct ipt_entry), | ||
| 60 | sizeof(struct ipt_standard), | ||
| 61 | 0, { 0, 0 }, { } }, | ||
| 62 | { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, | ||
| 63 | -NF_ACCEPT - 1 } } | ||
| 64 | }, | ||
| 65 | /* ERROR */ | ||
| 66 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
| 67 | 0, | ||
| 68 | sizeof(struct ipt_entry), | ||
| 69 | sizeof(struct ipt_error), | ||
| 70 | 0, { 0, 0 }, { } }, | ||
| 71 | { { { { IPT_ALIGN(sizeof(struct ipt_error_target)), IPT_ERROR_TARGET } }, | ||
| 72 | { } }, | ||
| 73 | "ERROR" | ||
| 74 | } | ||
| 75 | } | ||
| 76 | }; | 52 | }; |
| 77 | 53 | ||
| 78 | static struct xt_table packet_filter = { | 54 | static struct xt_table packet_filter = { |
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index 9278802f2742..c3827bae3b66 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c | |||
| @@ -33,73 +33,35 @@ static struct | |||
| 33 | struct ipt_replace repl; | 33 | struct ipt_replace repl; |
| 34 | struct ipt_standard entries[5]; | 34 | struct ipt_standard entries[5]; |
| 35 | struct ipt_error term; | 35 | struct ipt_error term; |
| 36 | } initial_table __initdata | 36 | } initial_table __initdata = { |
| 37 | = { { "mangle", MANGLE_VALID_HOOKS, 6, | 37 | .repl = { |
| 38 | sizeof(struct ipt_standard) * 5 + sizeof(struct ipt_error), | 38 | .name = "mangle", |
| 39 | { [NF_IP_PRE_ROUTING] = 0, | 39 | .valid_hooks = MANGLE_VALID_HOOKS, |
| 40 | [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), | 40 | .num_entries = 6, |
| 41 | [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, | 41 | .size = sizeof(struct ipt_standard) * 5 + sizeof(struct ipt_error), |
| 42 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, | 42 | .hook_entry = { |
| 43 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4 }, | 43 | [NF_IP_PRE_ROUTING] = 0, |
| 44 | { [NF_IP_PRE_ROUTING] = 0, | 44 | [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), |
| 45 | [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), | 45 | [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, |
| 46 | [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, | 46 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, |
| 47 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, | 47 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4, |
| 48 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4 }, | 48 | }, |
| 49 | 0, NULL, { } }, | 49 | .underflow = { |
| 50 | { | 50 | [NF_IP_PRE_ROUTING] = 0, |
| 51 | /* PRE_ROUTING */ | 51 | [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), |
| 52 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | 52 | [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, |
| 53 | 0, | 53 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, |
| 54 | sizeof(struct ipt_entry), | 54 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4, |
| 55 | sizeof(struct ipt_standard), | 55 | }, |
| 56 | 0, { 0, 0 }, { } }, | 56 | }, |
| 57 | { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, | 57 | .entries = { |
| 58 | -NF_ACCEPT - 1 } }, | 58 | IPT_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */ |
| 59 | /* LOCAL_IN */ | 59 | IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_IN */ |
| 60 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | 60 | IPT_STANDARD_INIT(NF_ACCEPT), /* FORWARD */ |
| 61 | 0, | 61 | IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */ |
| 62 | sizeof(struct ipt_entry), | 62 | IPT_STANDARD_INIT(NF_ACCEPT), /* POST_ROUTING */ |
| 63 | sizeof(struct ipt_standard), | 63 | }, |
| 64 | 0, { 0, 0 }, { } }, | 64 | .term = IPT_ERROR_INIT, /* ERROR */ |
| 65 | { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, | ||
| 66 | -NF_ACCEPT - 1 } }, | ||
| 67 | /* FORWARD */ | ||
| 68 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
| 69 | 0, | ||
| 70 | sizeof(struct ipt_entry), | ||
| 71 | sizeof(struct ipt_standard), | ||
| 72 | 0, { 0, 0 }, { } }, | ||
| 73 | { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, | ||
| 74 | -NF_ACCEPT - 1 } }, | ||
| 75 | /* LOCAL_OUT */ | ||
| 76 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
| 77 | 0, | ||
| 78 | sizeof(struct ipt_entry), | ||
| 79 | sizeof(struct ipt_standard), | ||
| 80 | 0, { 0, 0 }, { } }, | ||
| 81 | { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, | ||
| 82 | -NF_ACCEPT - 1 } }, | ||
| 83 | /* POST_ROUTING */ | ||
| 84 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
| 85 | 0, | ||
| 86 | sizeof(struct ipt_entry), | ||
| 87 | sizeof(struct ipt_standard), | ||
| 88 | 0, { 0, 0 }, { } }, | ||
| 89 | { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, | ||
| 90 | -NF_ACCEPT - 1 } }, | ||
| 91 | }, | ||
| 92 | /* ERROR */ | ||
| 93 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
| 94 | 0, | ||
| 95 | sizeof(struct ipt_entry), | ||
| 96 | sizeof(struct ipt_error), | ||
| 97 | 0, { 0, 0 }, { } }, | ||
| 98 | { { { { IPT_ALIGN(sizeof(struct ipt_error_target)), IPT_ERROR_TARGET } }, | ||
| 99 | { } }, | ||
| 100 | "ERROR" | ||
| 101 | } | ||
| 102 | } | ||
| 103 | }; | 65 | }; |
| 104 | 66 | ||
| 105 | static struct xt_table packet_mangler = { | 67 | static struct xt_table packet_mangler = { |
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c index 18c3d4c9ff51..f7d28fd748e2 100644 --- a/net/ipv4/netfilter/iptable_raw.c +++ b/net/ipv4/netfilter/iptable_raw.c | |||
| @@ -21,62 +21,18 @@ static struct | |||
| 21 | .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error), | 21 | .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error), |
| 22 | .hook_entry = { | 22 | .hook_entry = { |
| 23 | [NF_IP_PRE_ROUTING] = 0, | 23 | [NF_IP_PRE_ROUTING] = 0, |
| 24 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) }, | 24 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) |
| 25 | }, | ||
| 25 | .underflow = { | 26 | .underflow = { |
| 26 | [NF_IP_PRE_ROUTING] = 0, | 27 | [NF_IP_PRE_ROUTING] = 0, |
| 27 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) }, | 28 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) |
| 29 | }, | ||
| 28 | }, | 30 | }, |
| 29 | .entries = { | 31 | .entries = { |
| 30 | /* PRE_ROUTING */ | 32 | IPT_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */ |
| 31 | { | 33 | IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */ |
| 32 | .entry = { | ||
| 33 | .target_offset = sizeof(struct ipt_entry), | ||
| 34 | .next_offset = sizeof(struct ipt_standard), | ||
| 35 | }, | ||
| 36 | .target = { | ||
| 37 | .target = { | ||
| 38 | .u = { | ||
| 39 | .target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)), | ||
| 40 | }, | ||
| 41 | }, | ||
| 42 | .verdict = -NF_ACCEPT - 1, | ||
| 43 | }, | ||
| 44 | }, | ||
| 45 | |||
| 46 | /* LOCAL_OUT */ | ||
| 47 | { | ||
| 48 | .entry = { | ||
| 49 | .target_offset = sizeof(struct ipt_entry), | ||
| 50 | .next_offset = sizeof(struct ipt_standard), | ||
| 51 | }, | ||
| 52 | .target = { | ||
| 53 | .target = { | ||
| 54 | .u = { | ||
| 55 | .target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)), | ||
| 56 | }, | ||
| 57 | }, | ||
| 58 | .verdict = -NF_ACCEPT - 1, | ||
| 59 | }, | ||
| 60 | }, | ||
| 61 | }, | 34 | }, |
| 62 | /* ERROR */ | 35 | .term = IPT_ERROR_INIT, /* ERROR */ |
| 63 | .term = { | ||
| 64 | .entry = { | ||
| 65 | .target_offset = sizeof(struct ipt_entry), | ||
| 66 | .next_offset = sizeof(struct ipt_error), | ||
| 67 | }, | ||
| 68 | .target = { | ||
| 69 | .target = { | ||
| 70 | .u = { | ||
| 71 | .user = { | ||
| 72 | .target_size = IPT_ALIGN(sizeof(struct ipt_error_target)), | ||
| 73 | .name = IPT_ERROR_TARGET, | ||
| 74 | }, | ||
| 75 | }, | ||
| 76 | }, | ||
| 77 | .errorname = "ERROR", | ||
| 78 | }, | ||
| 79 | } | ||
| 80 | }; | 36 | }; |
| 81 | 37 | ||
| 82 | static struct xt_table packet_raw = { | 38 | static struct xt_table packet_raw = { |
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index 2534f718ab92..07e99e309402 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c | |||
| @@ -46,77 +46,20 @@ static struct | |||
| 46 | .hook_entry = { | 46 | .hook_entry = { |
| 47 | [NF_IP_PRE_ROUTING] = 0, | 47 | [NF_IP_PRE_ROUTING] = 0, |
| 48 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), | 48 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), |
| 49 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 }, | 49 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 |
| 50 | }, | ||
| 50 | .underflow = { | 51 | .underflow = { |
| 51 | [NF_IP_PRE_ROUTING] = 0, | 52 | [NF_IP_PRE_ROUTING] = 0, |
| 52 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), | 53 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), |
| 53 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 }, | 54 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 |
| 55 | }, | ||
| 54 | }, | 56 | }, |
| 55 | .entries = { | 57 | .entries = { |
| 56 | /* PRE_ROUTING */ | 58 | IPT_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */ |
| 57 | { | 59 | IPT_STANDARD_INIT(NF_ACCEPT), /* POST_ROUTING */ |
| 58 | .entry = { | 60 | IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */ |
| 59 | .target_offset = sizeof(struct ipt_entry), | ||
| 60 | .next_offset = sizeof(struct ipt_standard), | ||
| 61 | }, | ||
| 62 | .target = { | ||
| 63 | .target = { | ||
| 64 | .u = { | ||
| 65 | .target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)), | ||
| 66 | }, | ||
| 67 | }, | ||
| 68 | .verdict = -NF_ACCEPT - 1, | ||
| 69 | }, | ||
| 70 | }, | ||
| 71 | /* POST_ROUTING */ | ||
| 72 | { | ||
| 73 | .entry = { | ||
| 74 | .target_offset = sizeof(struct ipt_entry), | ||
| 75 | .next_offset = sizeof(struct ipt_standard), | ||
| 76 | }, | ||
| 77 | .target = { | ||
| 78 | .target = { | ||
| 79 | .u = { | ||
| 80 | .target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)), | ||
| 81 | }, | ||
| 82 | }, | ||
| 83 | .verdict = -NF_ACCEPT - 1, | ||
| 84 | }, | ||
| 85 | }, | ||
| 86 | /* LOCAL_OUT */ | ||
| 87 | { | ||
| 88 | .entry = { | ||
| 89 | .target_offset = sizeof(struct ipt_entry), | ||
| 90 | .next_offset = sizeof(struct ipt_standard), | ||
| 91 | }, | ||
| 92 | .target = { | ||
| 93 | .target = { | ||
| 94 | .u = { | ||
| 95 | .target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)), | ||
| 96 | }, | ||
| 97 | }, | ||
| 98 | .verdict = -NF_ACCEPT - 1, | ||
| 99 | }, | ||
| 100 | }, | ||
| 101 | }, | 61 | }, |
| 102 | /* ERROR */ | 62 | .term = IPT_ERROR_INIT, /* ERROR */ |
| 103 | .term = { | ||
| 104 | .entry = { | ||
| 105 | .target_offset = sizeof(struct ipt_entry), | ||
| 106 | .next_offset = sizeof(struct ipt_error), | ||
| 107 | }, | ||
| 108 | .target = { | ||
| 109 | .target = { | ||
| 110 | .u = { | ||
| 111 | .user = { | ||
| 112 | .target_size = IPT_ALIGN(sizeof(struct ipt_error_target)), | ||
| 113 | .name = IPT_ERROR_TARGET, | ||
| 114 | }, | ||
| 115 | }, | ||
| 116 | }, | ||
| 117 | .errorname = "ERROR", | ||
| 118 | }, | ||
| 119 | } | ||
| 120 | }; | 63 | }; |
| 121 | 64 | ||
| 122 | static struct xt_table nat_table = { | 65 | static struct xt_table nat_table = { |
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index 76f0cf66f95c..7e32e2aaf7f7 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c | |||
| @@ -24,53 +24,29 @@ static struct | |||
| 24 | struct ip6t_replace repl; | 24 | struct ip6t_replace repl; |
| 25 | struct ip6t_standard entries[3]; | 25 | struct ip6t_standard entries[3]; |
| 26 | struct ip6t_error term; | 26 | struct ip6t_error term; |
| 27 | } initial_table __initdata | 27 | } initial_table __initdata = { |
| 28 | = { { "filter", FILTER_VALID_HOOKS, 4, | 28 | .repl = { |
| 29 | sizeof(struct ip6t_standard) * 3 + sizeof(struct ip6t_error), | 29 | .name = "filter", |
| 30 | { [NF_IP6_LOCAL_IN] = 0, | 30 | .valid_hooks = FILTER_VALID_HOOKS, |
| 31 | [NF_IP6_FORWARD] = sizeof(struct ip6t_standard), | 31 | .num_entries = 4, |
| 32 | [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2 }, | 32 | .size = sizeof(struct ip6t_standard) * 3 + sizeof(struct ip6t_error), |
| 33 | { [NF_IP6_LOCAL_IN] = 0, | 33 | .hook_entry = { |
| 34 | [NF_IP6_FORWARD] = sizeof(struct ip6t_standard), | 34 | [NF_IP6_LOCAL_IN] = 0, |
| 35 | [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2 }, | 35 | [NF_IP6_FORWARD] = sizeof(struct ip6t_standard), |
| 36 | 0, NULL, { } }, | 36 | [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2 |
| 37 | { | 37 | }, |
| 38 | /* LOCAL_IN */ | 38 | .underflow = { |
| 39 | { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | 39 | [NF_IP6_LOCAL_IN] = 0, |
| 40 | 0, | 40 | [NF_IP6_FORWARD] = sizeof(struct ip6t_standard), |
| 41 | sizeof(struct ip6t_entry), | 41 | [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2 |
| 42 | sizeof(struct ip6t_standard), | 42 | }, |
| 43 | 0, { 0, 0 }, { } }, | 43 | }, |
| 44 | { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } }, | 44 | .entries = { |
| 45 | -NF_ACCEPT - 1 } }, | 45 | IP6T_STANDARD_INIT(NF_ACCEPT), /* LOCAL_IN */ |
| 46 | /* FORWARD */ | 46 | IP6T_STANDARD_INIT(NF_ACCEPT), /* FORWARD */ |
| 47 | { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | 47 | IP6T_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */ |
| 48 | 0, | 48 | }, |
| 49 | sizeof(struct ip6t_entry), | 49 | .term = IP6T_ERROR_INIT, /* ERROR */ |
| 50 | sizeof(struct ip6t_standard), | ||
| 51 | 0, { 0, 0 }, { } }, | ||
| 52 | { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } }, | ||
| 53 | -NF_ACCEPT - 1 } }, | ||
| 54 | /* LOCAL_OUT */ | ||
| 55 | { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
| 56 | 0, | ||
| 57 | sizeof(struct ip6t_entry), | ||
| 58 | sizeof(struct ip6t_standard), | ||
| 59 | 0, { 0, 0 }, { } }, | ||
| 60 | { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } }, | ||
| 61 | -NF_ACCEPT - 1 } } | ||
| 62 | }, | ||
| 63 | /* ERROR */ | ||
| 64 | { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
| 65 | 0, | ||
| 66 | sizeof(struct ip6t_entry), | ||
| 67 | sizeof(struct ip6t_error), | ||
| 68 | 0, { 0, 0 }, { } }, | ||
| 69 | { { { { IP6T_ALIGN(sizeof(struct ip6t_error_target)), IP6T_ERROR_TARGET } }, | ||
| 70 | { } }, | ||
| 71 | "ERROR" | ||
| 72 | } | ||
| 73 | } | ||
| 74 | }; | 50 | }; |
| 75 | 51 | ||
| 76 | static struct xt_table packet_filter = { | 52 | static struct xt_table packet_filter = { |
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index a9f10e32c163..f2d26495f413 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
| @@ -32,73 +32,35 @@ static struct | |||
| 32 | struct ip6t_replace repl; | 32 | struct ip6t_replace repl; |
| 33 | struct ip6t_standard entries[5]; | 33 | struct ip6t_standard entries[5]; |
| 34 | struct ip6t_error term; | 34 | struct ip6t_error term; |
| 35 | } initial_table __initdata | 35 | } initial_table __initdata = { |
| 36 | = { { "mangle", MANGLE_VALID_HOOKS, 6, | 36 | .repl = { |
| 37 | sizeof(struct ip6t_standard) * 5 + sizeof(struct ip6t_error), | 37 | .name = "mangle", |
| 38 | { [NF_IP6_PRE_ROUTING] = 0, | 38 | .valid_hooks = MANGLE_VALID_HOOKS, |
| 39 | [NF_IP6_LOCAL_IN] = sizeof(struct ip6t_standard), | 39 | .num_entries = 6, |
| 40 | [NF_IP6_FORWARD] = sizeof(struct ip6t_standard) * 2, | 40 | .size = sizeof(struct ip6t_standard) * 5 + sizeof(struct ip6t_error), |
| 41 | [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3, | 41 | .hook_entry = { |
| 42 | [NF_IP6_POST_ROUTING] = sizeof(struct ip6t_standard) * 4}, | 42 | [NF_IP6_PRE_ROUTING] = 0, |
| 43 | { [NF_IP6_PRE_ROUTING] = 0, | 43 | [NF_IP6_LOCAL_IN] = sizeof(struct ip6t_standard), |
| 44 | [NF_IP6_LOCAL_IN] = sizeof(struct ip6t_standard), | 44 | [NF_IP6_FORWARD] = sizeof(struct ip6t_standard) * 2, |
| 45 | [NF_IP6_FORWARD] = sizeof(struct ip6t_standard) * 2, | 45 | [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3, |
| 46 | [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3, | 46 | [NF_IP6_POST_ROUTING] = sizeof(struct ip6t_standard) * 4, |
| 47 | [NF_IP6_POST_ROUTING] = sizeof(struct ip6t_standard) * 4}, | 47 | }, |
| 48 | 0, NULL, { } }, | 48 | .underflow = { |
| 49 | { | 49 | [NF_IP6_PRE_ROUTING] = 0, |
| 50 | /* PRE_ROUTING */ | 50 | [NF_IP6_LOCAL_IN] = sizeof(struct ip6t_standard), |
| 51 | { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | 51 | [NF_IP6_FORWARD] = sizeof(struct ip6t_standard) * 2, |
| 52 | 0, | 52 | [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3, |
| 53 | sizeof(struct ip6t_entry), | 53 | [NF_IP6_POST_ROUTING] = sizeof(struct ip6t_standard) * 4, |
| 54 | sizeof(struct ip6t_standard), | 54 | }, |
| 55 | 0, { 0, 0 }, { } }, | 55 | }, |
| 56 | { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } }, | 56 | .entries = { |
| 57 | -NF_ACCEPT - 1 } }, | 57 | IP6T_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */ |
| 58 | /* LOCAL_IN */ | 58 | IP6T_STANDARD_INIT(NF_ACCEPT), /* LOCAL_IN */ |
| 59 | { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | 59 | IP6T_STANDARD_INIT(NF_ACCEPT), /* FORWARD */ |
| 60 | 0, | 60 | IP6T_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */ |
| 61 | sizeof(struct ip6t_entry), | 61 | IP6T_STANDARD_INIT(NF_ACCEPT), /* POST_ROUTING */ |
| 62 | sizeof(struct ip6t_standard), | 62 | }, |
| 63 | 0, { 0, 0 }, { } }, | 63 | .term = IP6T_ERROR_INIT, /* ERROR */ |
| 64 | { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } }, | ||
| 65 | -NF_ACCEPT - 1 } }, | ||
| 66 | /* FORWARD */ | ||
| 67 | { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
| 68 | 0, | ||
| 69 | sizeof(struct ip6t_entry), | ||
| 70 | sizeof(struct ip6t_standard), | ||
| 71 | 0, { 0, 0 }, { } }, | ||
| 72 | { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } }, | ||
| 73 | -NF_ACCEPT - 1 } }, | ||
| 74 | /* LOCAL_OUT */ | ||
| 75 | { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
| 76 | 0, | ||
| 77 | sizeof(struct ip6t_entry), | ||
| 78 | sizeof(struct ip6t_standard), | ||
| 79 | 0, { 0, 0 }, { } }, | ||
| 80 | { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } }, | ||
| 81 | -NF_ACCEPT - 1 } }, | ||
| 82 | /* POST_ROUTING */ | ||
| 83 | { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
| 84 | 0, | ||
| 85 | sizeof(struct ip6t_entry), | ||
| 86 | sizeof(struct ip6t_standard), | ||
| 87 | 0, { 0, 0 }, { } }, | ||
| 88 | { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } }, | ||
| 89 | -NF_ACCEPT - 1 } } | ||
| 90 | }, | ||
| 91 | /* ERROR */ | ||
| 92 | { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
| 93 | 0, | ||
| 94 | sizeof(struct ip6t_entry), | ||
| 95 | sizeof(struct ip6t_error), | ||
| 96 | 0, { 0, 0 }, { } }, | ||
| 97 | { { { { IP6T_ALIGN(sizeof(struct ip6t_error_target)), IP6T_ERROR_TARGET } }, | ||
| 98 | { } }, | ||
| 99 | "ERROR" | ||
| 100 | } | ||
| 101 | } | ||
| 102 | }; | 64 | }; |
| 103 | 65 | ||
| 104 | static struct xt_table packet_mangler = { | 66 | static struct xt_table packet_mangler = { |
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index a3eb5b8ce18d..0acda45d455d 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c | |||
| @@ -35,56 +35,10 @@ static struct | |||
| 35 | }, | 35 | }, |
| 36 | }, | 36 | }, |
| 37 | .entries = { | 37 | .entries = { |
| 38 | /* PRE_ROUTING */ | 38 | IP6T_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */ |
| 39 | { | 39 | IP6T_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */ |
| 40 | .entry = { | ||
| 41 | .target_offset = sizeof(struct ip6t_entry), | ||
| 42 | .next_offset = sizeof(struct ip6t_standard), | ||
| 43 | }, | ||
| 44 | .target = { | ||
| 45 | .target = { | ||
| 46 | .u = { | ||
| 47 | .target_size = IP6T_ALIGN(sizeof(struct ip6t_standard_target)), | ||
| 48 | }, | ||
| 49 | }, | ||
| 50 | .verdict = -NF_ACCEPT - 1, | ||
| 51 | }, | ||
| 52 | }, | ||
| 53 | |||
| 54 | /* LOCAL_OUT */ | ||
| 55 | { | ||
| 56 | .entry = { | ||
| 57 | .target_offset = sizeof(struct ip6t_entry), | ||
| 58 | .next_offset = sizeof(struct ip6t_standard), | ||
| 59 | }, | ||
| 60 | .target = { | ||
| 61 | .target = { | ||
| 62 | .u = { | ||
| 63 | .target_size = IP6T_ALIGN(sizeof(struct ip6t_standard_target)), | ||
| 64 | }, | ||
| 65 | }, | ||
| 66 | .verdict = -NF_ACCEPT - 1, | ||
| 67 | }, | ||
| 68 | }, | ||
| 69 | }, | 40 | }, |
| 70 | /* ERROR */ | 41 | .term = IP6T_ERROR_INIT, /* ERROR */ |
| 71 | .term = { | ||
| 72 | .entry = { | ||
| 73 | .target_offset = sizeof(struct ip6t_entry), | ||
| 74 | .next_offset = sizeof(struct ip6t_error), | ||
| 75 | }, | ||
| 76 | .target = { | ||
| 77 | .target = { | ||
| 78 | .u = { | ||
| 79 | .user = { | ||
| 80 | .target_size = IP6T_ALIGN(sizeof(struct ip6t_error_target)), | ||
| 81 | .name = IP6T_ERROR_TARGET, | ||
| 82 | }, | ||
| 83 | }, | ||
| 84 | }, | ||
| 85 | .errorname = "ERROR", | ||
| 86 | }, | ||
| 87 | } | ||
| 88 | }; | 42 | }; |
| 89 | 43 | ||
| 90 | static struct xt_table packet_raw = { | 44 | static struct xt_table packet_raw = { |