diff options
Diffstat (limited to 'net/bridge')
-rw-r--r-- | net/bridge/netfilter/ebt_802_3.c | 7 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_among.c | 9 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_arp.c | 9 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ip.c | 9 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ip6.c | 9 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_limit.c | 7 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_mark_m.c | 7 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_pkttype.c | 7 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_stp.c | 9 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_vlan.c | 9 | ||||
-rw-r--r-- | net/bridge/netfilter/ebtables.c | 19 |
11 files changed, 39 insertions, 62 deletions
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c index c9e1bc149513..bd91dc58d49b 100644 --- a/net/bridge/netfilter/ebt_802_3.c +++ b/net/bridge/netfilter/ebt_802_3.c | |||
@@ -36,12 +36,9 @@ ebt_802_3_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
36 | return true; | 36 | return true; |
37 | } | 37 | } |
38 | 38 | ||
39 | static bool | 39 | static bool ebt_802_3_mt_check(const struct xt_mtchk_param *par) |
40 | ebt_802_3_mt_check(const char *table, const void *entry, | ||
41 | const struct xt_match *match, void *data, | ||
42 | unsigned int hook_mask) | ||
43 | { | 40 | { |
44 | const struct ebt_802_3_info *info = data; | 41 | const struct ebt_802_3_info *info = par->matchinfo; |
45 | 42 | ||
46 | if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK) | 43 | if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK) |
47 | return false; | 44 | return false; |
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c index 0ad0db3e815d..b595f091f35b 100644 --- a/net/bridge/netfilter/ebt_among.c +++ b/net/bridge/netfilter/ebt_among.c | |||
@@ -171,14 +171,11 @@ ebt_among_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
171 | return true; | 171 | return true; |
172 | } | 172 | } |
173 | 173 | ||
174 | static bool | 174 | static bool ebt_among_mt_check(const struct xt_mtchk_param *par) |
175 | ebt_among_mt_check(const char *table, const void *entry, | ||
176 | const struct xt_match *match, void *data, | ||
177 | unsigned int hook_mask) | ||
178 | { | 175 | { |
176 | const struct ebt_among_info *info = par->matchinfo; | ||
179 | const struct ebt_entry_match *em = | 177 | const struct ebt_entry_match *em = |
180 | container_of(data, const struct ebt_entry_match, data); | 178 | container_of(par->matchinfo, const struct ebt_entry_match, data); |
181 | const struct ebt_among_info *info = data; | ||
182 | int expected_length = sizeof(struct ebt_among_info); | 179 | int expected_length = sizeof(struct ebt_among_info); |
183 | const struct ebt_mac_wormhash *wh_dst, *wh_src; | 180 | const struct ebt_mac_wormhash *wh_dst, *wh_src; |
184 | int err; | 181 | int err; |
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c index 1ff8fa3a9e7b..b7ad60419f9a 100644 --- a/net/bridge/netfilter/ebt_arp.c +++ b/net/bridge/netfilter/ebt_arp.c | |||
@@ -100,13 +100,10 @@ ebt_arp_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
100 | return true; | 100 | return true; |
101 | } | 101 | } |
102 | 102 | ||
103 | static bool | 103 | static bool ebt_arp_mt_check(const struct xt_mtchk_param *par) |
104 | ebt_arp_mt_check(const char *table, const void *entry, | ||
105 | const struct xt_match *match, void *data, | ||
106 | unsigned int hook_mask) | ||
107 | { | 104 | { |
108 | const struct ebt_arp_info *info = data; | 105 | const struct ebt_arp_info *info = par->matchinfo; |
109 | const struct ebt_entry *e = entry; | 106 | const struct ebt_entry *e = par->entryinfo; |
110 | 107 | ||
111 | if ((e->ethproto != htons(ETH_P_ARP) && | 108 | if ((e->ethproto != htons(ETH_P_ARP) && |
112 | e->ethproto != htons(ETH_P_RARP)) || | 109 | e->ethproto != htons(ETH_P_RARP)) || |
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c index c70ea39840b7..d771bbfbcbe6 100644 --- a/net/bridge/netfilter/ebt_ip.c +++ b/net/bridge/netfilter/ebt_ip.c | |||
@@ -77,13 +77,10 @@ ebt_ip_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
77 | return true; | 77 | return true; |
78 | } | 78 | } |
79 | 79 | ||
80 | static bool | 80 | static bool ebt_ip_mt_check(const struct xt_mtchk_param *par) |
81 | ebt_ip_mt_check(const char *table, const void *entry, | ||
82 | const struct xt_match *match, void *data, | ||
83 | unsigned int hook_mask) | ||
84 | { | 81 | { |
85 | const struct ebt_ip_info *info = data; | 82 | const struct ebt_ip_info *info = par->matchinfo; |
86 | const struct ebt_entry *e = entry; | 83 | const struct ebt_entry *e = par->entryinfo; |
87 | 84 | ||
88 | if (e->ethproto != htons(ETH_P_IP) || | 85 | if (e->ethproto != htons(ETH_P_IP) || |
89 | e->invflags & EBT_IPROTO) | 86 | e->invflags & EBT_IPROTO) |
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c index 5acee02de723..784a6573876c 100644 --- a/net/bridge/netfilter/ebt_ip6.c +++ b/net/bridge/netfilter/ebt_ip6.c | |||
@@ -90,13 +90,10 @@ ebt_ip6_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
90 | return true; | 90 | return true; |
91 | } | 91 | } |
92 | 92 | ||
93 | static bool | 93 | static bool ebt_ip6_mt_check(const struct xt_mtchk_param *par) |
94 | ebt_ip6_mt_check(const char *table, const void *entry, | ||
95 | const struct xt_match *match, void *data, | ||
96 | unsigned int hook_mask) | ||
97 | { | 94 | { |
98 | const struct ebt_entry *e = entry; | 95 | const struct ebt_entry *e = par->entryinfo; |
99 | struct ebt_ip6_info *info = data; | 96 | struct ebt_ip6_info *info = par->matchinfo; |
100 | 97 | ||
101 | if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO) | 98 | if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO) |
102 | return false; | 99 | return false; |
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c index 9a3ec8cadaa4..f7bd9192ff0c 100644 --- a/net/bridge/netfilter/ebt_limit.c +++ b/net/bridge/netfilter/ebt_limit.c | |||
@@ -64,12 +64,9 @@ user2credits(u_int32_t user) | |||
64 | return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE; | 64 | return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE; |
65 | } | 65 | } |
66 | 66 | ||
67 | static bool | 67 | static bool ebt_limit_mt_check(const struct xt_mtchk_param *par) |
68 | ebt_limit_mt_check(const char *table, const void *e, | ||
69 | const struct xt_match *match, void *data, | ||
70 | unsigned int hook_mask) | ||
71 | { | 68 | { |
72 | struct ebt_limit_info *info = data; | 69 | struct ebt_limit_info *info = par->matchinfo; |
73 | 70 | ||
74 | /* Check for overflow. */ | 71 | /* Check for overflow. */ |
75 | if (info->burst == 0 || | 72 | if (info->burst == 0 || |
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c index 5b22ef96127c..ea570f214b1d 100644 --- a/net/bridge/netfilter/ebt_mark_m.c +++ b/net/bridge/netfilter/ebt_mark_m.c | |||
@@ -22,12 +22,9 @@ ebt_mark_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
22 | return ((skb->mark & info->mask) == info->mark) ^ info->invert; | 22 | return ((skb->mark & info->mask) == info->mark) ^ info->invert; |
23 | } | 23 | } |
24 | 24 | ||
25 | static bool | 25 | static bool ebt_mark_mt_check(const struct xt_mtchk_param *par) |
26 | ebt_mark_mt_check(const char *table, const void *e, | ||
27 | const struct xt_match *match, void *data, | ||
28 | unsigned int hook_mask) | ||
29 | { | 26 | { |
30 | const struct ebt_mark_m_info *info = data; | 27 | const struct ebt_mark_m_info *info = par->matchinfo; |
31 | 28 | ||
32 | if (info->bitmask & ~EBT_MARK_MASK) | 29 | if (info->bitmask & ~EBT_MARK_MASK) |
33 | return false; | 30 | return false; |
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c index b756f88fb10f..883e96e2a542 100644 --- a/net/bridge/netfilter/ebt_pkttype.c +++ b/net/bridge/netfilter/ebt_pkttype.c | |||
@@ -20,12 +20,9 @@ ebt_pkttype_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
20 | return (skb->pkt_type == info->pkt_type) ^ info->invert; | 20 | return (skb->pkt_type == info->pkt_type) ^ info->invert; |
21 | } | 21 | } |
22 | 22 | ||
23 | static bool | 23 | static bool ebt_pkttype_mt_check(const struct xt_mtchk_param *par) |
24 | ebt_pkttype_mt_check(const char *table, const void *e, | ||
25 | const struct xt_match *match, void *data, | ||
26 | unsigned int hook_mask) | ||
27 | { | 24 | { |
28 | const struct ebt_pkttype_info *info = data; | 25 | const struct ebt_pkttype_info *info = par->matchinfo; |
29 | 26 | ||
30 | if (info->invert != 0 && info->invert != 1) | 27 | if (info->invert != 0 && info->invert != 1) |
31 | return false; | 28 | return false; |
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c index 06d777c62c32..48527e621626 100644 --- a/net/bridge/netfilter/ebt_stp.c +++ b/net/bridge/netfilter/ebt_stp.c | |||
@@ -153,15 +153,12 @@ ebt_stp_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
153 | return true; | 153 | return true; |
154 | } | 154 | } |
155 | 155 | ||
156 | static bool | 156 | static bool ebt_stp_mt_check(const struct xt_mtchk_param *par) |
157 | ebt_stp_mt_check(const char *table, const void *entry, | ||
158 | const struct xt_match *match, void *data, | ||
159 | unsigned int hook_mask) | ||
160 | { | 157 | { |
161 | const struct ebt_stp_info *info = data; | 158 | const struct ebt_stp_info *info = par->matchinfo; |
162 | const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00}; | 159 | const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00}; |
163 | const uint8_t msk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; | 160 | const uint8_t msk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; |
164 | const struct ebt_entry *e = entry; | 161 | const struct ebt_entry *e = par->entryinfo; |
165 | 162 | ||
166 | if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || | 163 | if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || |
167 | !(info->bitmask & EBT_STP_MASK)) | 164 | !(info->bitmask & EBT_STP_MASK)) |
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c index b05b4a818341..3dddd489328e 100644 --- a/net/bridge/netfilter/ebt_vlan.c +++ b/net/bridge/netfilter/ebt_vlan.c | |||
@@ -84,13 +84,10 @@ ebt_vlan_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
84 | return true; | 84 | return true; |
85 | } | 85 | } |
86 | 86 | ||
87 | static bool | 87 | static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par) |
88 | ebt_vlan_mt_check(const char *table, const void *entry, | ||
89 | const struct xt_match *match, void *data, | ||
90 | unsigned int hook_mask) | ||
91 | { | 88 | { |
92 | struct ebt_vlan_info *info = data; | 89 | struct ebt_vlan_info *info = par->matchinfo; |
93 | const struct ebt_entry *e = entry; | 90 | const struct ebt_entry *e = par->entryinfo; |
94 | 91 | ||
95 | /* Is it 802.1Q frame checked? */ | 92 | /* Is it 802.1Q frame checked? */ |
96 | if (e->ethproto != htons(ETH_P_8021Q)) { | 93 | if (e->ethproto != htons(ETH_P_8021Q)) { |
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index f8e1822f38d4..5ce37b2f5b84 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
@@ -324,9 +324,10 @@ find_table_lock(const char *name, int *error, struct mutex *mutex) | |||
324 | } | 324 | } |
325 | 325 | ||
326 | static inline int | 326 | static inline int |
327 | ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, | 327 | ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par, |
328 | const char *name, unsigned int hookmask, unsigned int *cnt) | 328 | unsigned int *cnt) |
329 | { | 329 | { |
330 | const struct ebt_entry *e = par->entryinfo; | ||
330 | struct xt_match *match; | 331 | struct xt_match *match; |
331 | size_t left = ((char *)e + e->watchers_offset) - (char *)m; | 332 | size_t left = ((char *)e + e->watchers_offset) - (char *)m; |
332 | int ret; | 333 | int ret; |
@@ -343,9 +344,10 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, | |||
343 | return -ENOENT; | 344 | return -ENOENT; |
344 | m->u.match = match; | 345 | m->u.match = match; |
345 | 346 | ||
346 | ret = xt_check_match(match, NFPROTO_BRIDGE, m->match_size, | 347 | par->match = match; |
347 | name, hookmask, e->ethproto, e->invflags & EBT_IPROTO, | 348 | par->matchinfo = m->data; |
348 | e, m->data); | 349 | ret = xt_check_match(par, NFPROTO_BRIDGE, m->match_size, |
350 | e->ethproto, e->invflags & EBT_IPROTO); | ||
349 | if (ret < 0) { | 351 | if (ret < 0) { |
350 | module_put(match->me); | 352 | module_put(match->me); |
351 | return ret; | 353 | return ret; |
@@ -607,6 +609,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, | |||
607 | unsigned int i, j, hook = 0, hookmask = 0; | 609 | unsigned int i, j, hook = 0, hookmask = 0; |
608 | size_t gap; | 610 | size_t gap; |
609 | int ret; | 611 | int ret; |
612 | struct xt_mtchk_param par; | ||
610 | 613 | ||
611 | /* don't mess with the struct ebt_entries */ | 614 | /* don't mess with the struct ebt_entries */ |
612 | if (e->bitmask == 0) | 615 | if (e->bitmask == 0) |
@@ -647,7 +650,11 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, | |||
647 | hookmask = cl_s[i - 1].hookmask; | 650 | hookmask = cl_s[i - 1].hookmask; |
648 | } | 651 | } |
649 | i = 0; | 652 | i = 0; |
650 | ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i); | 653 | |
654 | par.table = name; | ||
655 | par.entryinfo = e; | ||
656 | par.hook_mask = hookmask; | ||
657 | ret = EBT_MATCH_ITERATE(e, ebt_check_match, &par, &i); | ||
651 | if (ret != 0) | 658 | if (ret != 0) |
652 | goto cleanup_matches; | 659 | goto cleanup_matches; |
653 | j = 0; | 660 | j = 0; |