aboutsummaryrefslogtreecommitdiffstats
path: root/net/bridge
diff options
context:
space:
mode:
Diffstat (limited to 'net/bridge')
-rw-r--r--net/bridge/netfilter/ebt_802_3.c7
-rw-r--r--net/bridge/netfilter/ebt_among.c9
-rw-r--r--net/bridge/netfilter/ebt_arp.c9
-rw-r--r--net/bridge/netfilter/ebt_ip.c9
-rw-r--r--net/bridge/netfilter/ebt_ip6.c9
-rw-r--r--net/bridge/netfilter/ebt_limit.c7
-rw-r--r--net/bridge/netfilter/ebt_mark_m.c7
-rw-r--r--net/bridge/netfilter/ebt_pkttype.c7
-rw-r--r--net/bridge/netfilter/ebt_stp.c9
-rw-r--r--net/bridge/netfilter/ebt_vlan.c9
-rw-r--r--net/bridge/netfilter/ebtables.c19
11 files changed, 39 insertions, 62 deletions
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c
index c9e1bc149513..bd91dc58d49b 100644
--- a/net/bridge/netfilter/ebt_802_3.c
+++ b/net/bridge/netfilter/ebt_802_3.c
@@ -36,12 +36,9 @@ ebt_802_3_mt(const struct sk_buff *skb, const struct xt_match_param *par)
36 return true; 36 return true;
37} 37}
38 38
39static bool 39static bool ebt_802_3_mt_check(const struct xt_mtchk_param *par)
40ebt_802_3_mt_check(const char *table, const void *entry,
41 const struct xt_match *match, void *data,
42 unsigned int hook_mask)
43{ 40{
44 const struct ebt_802_3_info *info = data; 41 const struct ebt_802_3_info *info = par->matchinfo;
45 42
46 if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK) 43 if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK)
47 return false; 44 return false;
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
index 0ad0db3e815d..b595f091f35b 100644
--- a/net/bridge/netfilter/ebt_among.c
+++ b/net/bridge/netfilter/ebt_among.c
@@ -171,14 +171,11 @@ ebt_among_mt(const struct sk_buff *skb, const struct xt_match_param *par)
171 return true; 171 return true;
172} 172}
173 173
174static bool 174static bool ebt_among_mt_check(const struct xt_mtchk_param *par)
175ebt_among_mt_check(const char *table, const void *entry,
176 const struct xt_match *match, void *data,
177 unsigned int hook_mask)
178{ 175{
176 const struct ebt_among_info *info = par->matchinfo;
179 const struct ebt_entry_match *em = 177 const struct ebt_entry_match *em =
180 container_of(data, const struct ebt_entry_match, data); 178 container_of(par->matchinfo, const struct ebt_entry_match, data);
181 const struct ebt_among_info *info = data;
182 int expected_length = sizeof(struct ebt_among_info); 179 int expected_length = sizeof(struct ebt_among_info);
183 const struct ebt_mac_wormhash *wh_dst, *wh_src; 180 const struct ebt_mac_wormhash *wh_dst, *wh_src;
184 int err; 181 int err;
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c
index 1ff8fa3a9e7b..b7ad60419f9a 100644
--- a/net/bridge/netfilter/ebt_arp.c
+++ b/net/bridge/netfilter/ebt_arp.c
@@ -100,13 +100,10 @@ ebt_arp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
100 return true; 100 return true;
101} 101}
102 102
103static bool 103static bool ebt_arp_mt_check(const struct xt_mtchk_param *par)
104ebt_arp_mt_check(const char *table, const void *entry,
105 const struct xt_match *match, void *data,
106 unsigned int hook_mask)
107{ 104{
108 const struct ebt_arp_info *info = data; 105 const struct ebt_arp_info *info = par->matchinfo;
109 const struct ebt_entry *e = entry; 106 const struct ebt_entry *e = par->entryinfo;
110 107
111 if ((e->ethproto != htons(ETH_P_ARP) && 108 if ((e->ethproto != htons(ETH_P_ARP) &&
112 e->ethproto != htons(ETH_P_RARP)) || 109 e->ethproto != htons(ETH_P_RARP)) ||
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c
index c70ea39840b7..d771bbfbcbe6 100644
--- a/net/bridge/netfilter/ebt_ip.c
+++ b/net/bridge/netfilter/ebt_ip.c
@@ -77,13 +77,10 @@ ebt_ip_mt(const struct sk_buff *skb, const struct xt_match_param *par)
77 return true; 77 return true;
78} 78}
79 79
80static bool 80static bool ebt_ip_mt_check(const struct xt_mtchk_param *par)
81ebt_ip_mt_check(const char *table, const void *entry,
82 const struct xt_match *match, void *data,
83 unsigned int hook_mask)
84{ 81{
85 const struct ebt_ip_info *info = data; 82 const struct ebt_ip_info *info = par->matchinfo;
86 const struct ebt_entry *e = entry; 83 const struct ebt_entry *e = par->entryinfo;
87 84
88 if (e->ethproto != htons(ETH_P_IP) || 85 if (e->ethproto != htons(ETH_P_IP) ||
89 e->invflags & EBT_IPROTO) 86 e->invflags & EBT_IPROTO)
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
index 5acee02de723..784a6573876c 100644
--- a/net/bridge/netfilter/ebt_ip6.c
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -90,13 +90,10 @@ ebt_ip6_mt(const struct sk_buff *skb, const struct xt_match_param *par)
90 return true; 90 return true;
91} 91}
92 92
93static bool 93static bool ebt_ip6_mt_check(const struct xt_mtchk_param *par)
94ebt_ip6_mt_check(const char *table, const void *entry,
95 const struct xt_match *match, void *data,
96 unsigned int hook_mask)
97{ 94{
98 const struct ebt_entry *e = entry; 95 const struct ebt_entry *e = par->entryinfo;
99 struct ebt_ip6_info *info = data; 96 struct ebt_ip6_info *info = par->matchinfo;
100 97
101 if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO) 98 if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO)
102 return false; 99 return false;
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
index 9a3ec8cadaa4..f7bd9192ff0c 100644
--- a/net/bridge/netfilter/ebt_limit.c
+++ b/net/bridge/netfilter/ebt_limit.c
@@ -64,12 +64,9 @@ user2credits(u_int32_t user)
64 return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE; 64 return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE;
65} 65}
66 66
67static bool 67static bool ebt_limit_mt_check(const struct xt_mtchk_param *par)
68ebt_limit_mt_check(const char *table, const void *e,
69 const struct xt_match *match, void *data,
70 unsigned int hook_mask)
71{ 68{
72 struct ebt_limit_info *info = data; 69 struct ebt_limit_info *info = par->matchinfo;
73 70
74 /* Check for overflow. */ 71 /* Check for overflow. */
75 if (info->burst == 0 || 72 if (info->burst == 0 ||
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c
index 5b22ef96127c..ea570f214b1d 100644
--- a/net/bridge/netfilter/ebt_mark_m.c
+++ b/net/bridge/netfilter/ebt_mark_m.c
@@ -22,12 +22,9 @@ ebt_mark_mt(const struct sk_buff *skb, const struct xt_match_param *par)
22 return ((skb->mark & info->mask) == info->mark) ^ info->invert; 22 return ((skb->mark & info->mask) == info->mark) ^ info->invert;
23} 23}
24 24
25static bool 25static bool ebt_mark_mt_check(const struct xt_mtchk_param *par)
26ebt_mark_mt_check(const char *table, const void *e,
27 const struct xt_match *match, void *data,
28 unsigned int hook_mask)
29{ 26{
30 const struct ebt_mark_m_info *info = data; 27 const struct ebt_mark_m_info *info = par->matchinfo;
31 28
32 if (info->bitmask & ~EBT_MARK_MASK) 29 if (info->bitmask & ~EBT_MARK_MASK)
33 return false; 30 return false;
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c
index b756f88fb10f..883e96e2a542 100644
--- a/net/bridge/netfilter/ebt_pkttype.c
+++ b/net/bridge/netfilter/ebt_pkttype.c
@@ -20,12 +20,9 @@ ebt_pkttype_mt(const struct sk_buff *skb, const struct xt_match_param *par)
20 return (skb->pkt_type == info->pkt_type) ^ info->invert; 20 return (skb->pkt_type == info->pkt_type) ^ info->invert;
21} 21}
22 22
23static bool 23static bool ebt_pkttype_mt_check(const struct xt_mtchk_param *par)
24ebt_pkttype_mt_check(const char *table, const void *e,
25 const struct xt_match *match, void *data,
26 unsigned int hook_mask)
27{ 24{
28 const struct ebt_pkttype_info *info = data; 25 const struct ebt_pkttype_info *info = par->matchinfo;
29 26
30 if (info->invert != 0 && info->invert != 1) 27 if (info->invert != 0 && info->invert != 1)
31 return false; 28 return false;
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c
index 06d777c62c32..48527e621626 100644
--- a/net/bridge/netfilter/ebt_stp.c
+++ b/net/bridge/netfilter/ebt_stp.c
@@ -153,15 +153,12 @@ ebt_stp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
153 return true; 153 return true;
154} 154}
155 155
156static bool 156static bool ebt_stp_mt_check(const struct xt_mtchk_param *par)
157ebt_stp_mt_check(const char *table, const void *entry,
158 const struct xt_match *match, void *data,
159 unsigned int hook_mask)
160{ 157{
161 const struct ebt_stp_info *info = data; 158 const struct ebt_stp_info *info = par->matchinfo;
162 const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00}; 159 const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00};
163 const uint8_t msk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 160 const uint8_t msk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
164 const struct ebt_entry *e = entry; 161 const struct ebt_entry *e = par->entryinfo;
165 162
166 if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || 163 if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK ||
167 !(info->bitmask & EBT_STP_MASK)) 164 !(info->bitmask & EBT_STP_MASK))
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c
index b05b4a818341..3dddd489328e 100644
--- a/net/bridge/netfilter/ebt_vlan.c
+++ b/net/bridge/netfilter/ebt_vlan.c
@@ -84,13 +84,10 @@ ebt_vlan_mt(const struct sk_buff *skb, const struct xt_match_param *par)
84 return true; 84 return true;
85} 85}
86 86
87static bool 87static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par)
88ebt_vlan_mt_check(const char *table, const void *entry,
89 const struct xt_match *match, void *data,
90 unsigned int hook_mask)
91{ 88{
92 struct ebt_vlan_info *info = data; 89 struct ebt_vlan_info *info = par->matchinfo;
93 const struct ebt_entry *e = entry; 90 const struct ebt_entry *e = par->entryinfo;
94 91
95 /* Is it 802.1Q frame checked? */ 92 /* Is it 802.1Q frame checked? */
96 if (e->ethproto != htons(ETH_P_8021Q)) { 93 if (e->ethproto != htons(ETH_P_8021Q)) {
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index f8e1822f38d4..5ce37b2f5b84 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -324,9 +324,10 @@ find_table_lock(const char *name, int *error, struct mutex *mutex)
324} 324}
325 325
326static inline int 326static inline int
327ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, 327ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
328 const char *name, unsigned int hookmask, unsigned int *cnt) 328 unsigned int *cnt)
329{ 329{
330 const struct ebt_entry *e = par->entryinfo;
330 struct xt_match *match; 331 struct xt_match *match;
331 size_t left = ((char *)e + e->watchers_offset) - (char *)m; 332 size_t left = ((char *)e + e->watchers_offset) - (char *)m;
332 int ret; 333 int ret;
@@ -343,9 +344,10 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
343 return -ENOENT; 344 return -ENOENT;
344 m->u.match = match; 345 m->u.match = match;
345 346
346 ret = xt_check_match(match, NFPROTO_BRIDGE, m->match_size, 347 par->match = match;
347 name, hookmask, e->ethproto, e->invflags & EBT_IPROTO, 348 par->matchinfo = m->data;
348 e, m->data); 349 ret = xt_check_match(par, NFPROTO_BRIDGE, m->match_size,
350 e->ethproto, e->invflags & EBT_IPROTO);
349 if (ret < 0) { 351 if (ret < 0) {
350 module_put(match->me); 352 module_put(match->me);
351 return ret; 353 return ret;
@@ -607,6 +609,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
607 unsigned int i, j, hook = 0, hookmask = 0; 609 unsigned int i, j, hook = 0, hookmask = 0;
608 size_t gap; 610 size_t gap;
609 int ret; 611 int ret;
612 struct xt_mtchk_param par;
610 613
611 /* don't mess with the struct ebt_entries */ 614 /* don't mess with the struct ebt_entries */
612 if (e->bitmask == 0) 615 if (e->bitmask == 0)
@@ -647,7 +650,11 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
647 hookmask = cl_s[i - 1].hookmask; 650 hookmask = cl_s[i - 1].hookmask;
648 } 651 }
649 i = 0; 652 i = 0;
650 ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i); 653
654 par.table = name;
655 par.entryinfo = e;
656 par.hook_mask = hookmask;
657 ret = EBT_MATCH_ITERATE(e, ebt_check_match, &par, &i);
651 if (ret != 0) 658 if (ret != 0)
652 goto cleanup_matches; 659 goto cleanup_matches;
653 j = 0; 660 j = 0;