diff options
Diffstat (limited to 'net/bridge')
-rw-r--r-- | net/bridge/netfilter/ebt_arpreply.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_dnat.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_log.c | 14 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_mark.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_nflog.c | 9 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_redirect.c | 12 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_snat.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ulog.c | 9 | ||||
-rw-r--r-- | net/bridge/netfilter/ebtables.c | 27 |
9 files changed, 43 insertions, 54 deletions
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c index baf5510d044c..fc94699f719e 100644 --- a/net/bridge/netfilter/ebt_arpreply.c +++ b/net/bridge/netfilter/ebt_arpreply.c | |||
@@ -16,11 +16,9 @@ | |||
16 | #include <linux/netfilter_bridge/ebt_arpreply.h> | 16 | #include <linux/netfilter_bridge/ebt_arpreply.h> |
17 | 17 | ||
18 | static unsigned int | 18 | static unsigned int |
19 | ebt_arpreply_tg(struct sk_buff *skb, const struct net_device *in, | 19 | ebt_arpreply_tg(struct sk_buff *skb, const struct xt_target_param *par) |
20 | const struct net_device *out, unsigned int hook_nr, | ||
21 | const struct xt_target *target, const void *data) | ||
22 | { | 20 | { |
23 | const struct ebt_arpreply_info *info = data; | 21 | const struct ebt_arpreply_info *info = par->targinfo; |
24 | const __be32 *siptr, *diptr; | 22 | const __be32 *siptr, *diptr; |
25 | __be32 _sip, _dip; | 23 | __be32 _sip, _dip; |
26 | const struct arphdr *ap; | 24 | const struct arphdr *ap; |
@@ -53,7 +51,7 @@ ebt_arpreply_tg(struct sk_buff *skb, const struct net_device *in, | |||
53 | if (diptr == NULL) | 51 | if (diptr == NULL) |
54 | return EBT_DROP; | 52 | return EBT_DROP; |
55 | 53 | ||
56 | arp_send(ARPOP_REPLY, ETH_P_ARP, *siptr, (struct net_device *)in, | 54 | arp_send(ARPOP_REPLY, ETH_P_ARP, *siptr, (struct net_device *)par->in, |
57 | *diptr, shp, info->mac, shp); | 55 | *diptr, shp, info->mac, shp); |
58 | 56 | ||
59 | return info->target; | 57 | return info->target; |
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c index cb80101e412c..bb5d79e0beea 100644 --- a/net/bridge/netfilter/ebt_dnat.c +++ b/net/bridge/netfilter/ebt_dnat.c | |||
@@ -15,11 +15,9 @@ | |||
15 | #include <linux/netfilter_bridge/ebt_nat.h> | 15 | #include <linux/netfilter_bridge/ebt_nat.h> |
16 | 16 | ||
17 | static unsigned int | 17 | static unsigned int |
18 | ebt_dnat_tg(struct sk_buff *skb, const struct net_device *in, | 18 | ebt_dnat_tg(struct sk_buff *skb, const struct xt_target_param *par) |
19 | const struct net_device *out, unsigned int hook_nr, | ||
20 | const struct xt_target *target, const void *data) | ||
21 | { | 19 | { |
22 | const struct ebt_nat_info *info = data; | 20 | const struct ebt_nat_info *info = par->targinfo; |
23 | 21 | ||
24 | if (!skb_make_writable(skb, 0)) | 22 | if (!skb_make_writable(skb, 0)) |
25 | return EBT_DROP; | 23 | return EBT_DROP; |
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c index b40f9ed4c343..87de5fccb2f1 100644 --- a/net/bridge/netfilter/ebt_log.c +++ b/net/bridge/netfilter/ebt_log.c | |||
@@ -195,11 +195,9 @@ out: | |||
195 | } | 195 | } |
196 | 196 | ||
197 | static unsigned int | 197 | static unsigned int |
198 | ebt_log_tg(struct sk_buff *skb, const struct net_device *in, | 198 | ebt_log_tg(struct sk_buff *skb, const struct xt_target_param *par) |
199 | const struct net_device *out, unsigned int hooknr, | ||
200 | const struct xt_target *target, const void *data) | ||
201 | { | 199 | { |
202 | const struct ebt_log_info *info = data; | 200 | const struct ebt_log_info *info = par->targinfo; |
203 | struct nf_loginfo li; | 201 | struct nf_loginfo li; |
204 | 202 | ||
205 | li.type = NF_LOG_TYPE_LOG; | 203 | li.type = NF_LOG_TYPE_LOG; |
@@ -207,11 +205,11 @@ ebt_log_tg(struct sk_buff *skb, const struct net_device *in, | |||
207 | li.u.log.logflags = info->bitmask; | 205 | li.u.log.logflags = info->bitmask; |
208 | 206 | ||
209 | if (info->bitmask & EBT_LOG_NFLOG) | 207 | if (info->bitmask & EBT_LOG_NFLOG) |
210 | nf_log_packet(NFPROTO_BRIDGE, hooknr, skb, in, out, &li, | 208 | nf_log_packet(NFPROTO_BRIDGE, par->hooknum, skb, par->in, |
211 | "%s", info->prefix); | 209 | par->out, &li, "%s", info->prefix); |
212 | else | 210 | else |
213 | ebt_log_packet(NFPROTO_BRIDGE, hooknr, skb, in, out, &li, | 211 | ebt_log_packet(NFPROTO_BRIDGE, par->hooknum, skb, par->in, |
214 | info->prefix); | 212 | par->out, &li, info->prefix); |
215 | return EBT_CONTINUE; | 213 | return EBT_CONTINUE; |
216 | } | 214 | } |
217 | 215 | ||
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c index dff19fc91cf5..aafc456c3c3b 100644 --- a/net/bridge/netfilter/ebt_mark.c +++ b/net/bridge/netfilter/ebt_mark.c | |||
@@ -19,11 +19,9 @@ | |||
19 | #include <linux/netfilter_bridge/ebt_mark_t.h> | 19 | #include <linux/netfilter_bridge/ebt_mark_t.h> |
20 | 20 | ||
21 | static unsigned int | 21 | static unsigned int |
22 | ebt_mark_tg(struct sk_buff *skb, const struct net_device *in, | 22 | ebt_mark_tg(struct sk_buff *skb, const struct xt_target_param *par) |
23 | const struct net_device *out, unsigned int hook_nr, | ||
24 | const struct xt_target *target, const void *data) | ||
25 | { | 23 | { |
26 | const struct ebt_mark_t_info *info = data; | 24 | const struct ebt_mark_t_info *info = par->targinfo; |
27 | int action = info->target & -16; | 25 | int action = info->target & -16; |
28 | 26 | ||
29 | if (action == MARK_SET_VALUE) | 27 | if (action == MARK_SET_VALUE) |
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c index 74b4fa0aabc1..6a28d994cf7d 100644 --- a/net/bridge/netfilter/ebt_nflog.c +++ b/net/bridge/netfilter/ebt_nflog.c | |||
@@ -20,11 +20,9 @@ | |||
20 | #include <net/netfilter/nf_log.h> | 20 | #include <net/netfilter/nf_log.h> |
21 | 21 | ||
22 | static unsigned int | 22 | static unsigned int |
23 | ebt_nflog_tg(struct sk_buff *skb, const struct net_device *in, | 23 | ebt_nflog_tg(struct sk_buff *skb, const struct xt_target_param *par) |
24 | const struct net_device *out, unsigned int hooknr, | ||
25 | const struct xt_target *target, const void *data) | ||
26 | { | 24 | { |
27 | const struct ebt_nflog_info *info = data; | 25 | const struct ebt_nflog_info *info = par->targinfo; |
28 | struct nf_loginfo li; | 26 | struct nf_loginfo li; |
29 | 27 | ||
30 | li.type = NF_LOG_TYPE_ULOG; | 28 | li.type = NF_LOG_TYPE_ULOG; |
@@ -32,7 +30,8 @@ ebt_nflog_tg(struct sk_buff *skb, const struct net_device *in, | |||
32 | li.u.ulog.group = info->group; | 30 | li.u.ulog.group = info->group; |
33 | li.u.ulog.qthreshold = info->threshold; | 31 | li.u.ulog.qthreshold = info->threshold; |
34 | 32 | ||
35 | nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, "%s", info->prefix); | 33 | nf_log_packet(PF_BRIDGE, par->hooknum, skb, par->in, par->out, |
34 | &li, "%s", info->prefix); | ||
36 | return EBT_CONTINUE; | 35 | return EBT_CONTINUE; |
37 | } | 36 | } |
38 | 37 | ||
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c index a50ffbe0e4fb..0cfe2fad9404 100644 --- a/net/bridge/netfilter/ebt_redirect.c +++ b/net/bridge/netfilter/ebt_redirect.c | |||
@@ -16,20 +16,18 @@ | |||
16 | #include <linux/netfilter_bridge/ebt_redirect.h> | 16 | #include <linux/netfilter_bridge/ebt_redirect.h> |
17 | 17 | ||
18 | static unsigned int | 18 | static unsigned int |
19 | ebt_redirect_tg(struct sk_buff *skb, const struct net_device *in, | 19 | ebt_redirect_tg(struct sk_buff *skb, const struct xt_target_param *par) |
20 | const struct net_device *out, unsigned int hooknr, | ||
21 | const struct xt_target *target, const void *data) | ||
22 | { | 20 | { |
23 | const struct ebt_redirect_info *info = data; | 21 | const struct ebt_redirect_info *info = par->targinfo; |
24 | 22 | ||
25 | if (!skb_make_writable(skb, 0)) | 23 | if (!skb_make_writable(skb, 0)) |
26 | return EBT_DROP; | 24 | return EBT_DROP; |
27 | 25 | ||
28 | if (hooknr != NF_BR_BROUTING) | 26 | if (par->hooknum != NF_BR_BROUTING) |
29 | memcpy(eth_hdr(skb)->h_dest, | 27 | memcpy(eth_hdr(skb)->h_dest, |
30 | in->br_port->br->dev->dev_addr, ETH_ALEN); | 28 | par->in->br_port->br->dev->dev_addr, ETH_ALEN); |
31 | else | 29 | else |
32 | memcpy(eth_hdr(skb)->h_dest, in->dev_addr, ETH_ALEN); | 30 | memcpy(eth_hdr(skb)->h_dest, par->in->dev_addr, ETH_ALEN); |
33 | skb->pkt_type = PACKET_HOST; | 31 | skb->pkt_type = PACKET_HOST; |
34 | return info->target; | 32 | return info->target; |
35 | } | 33 | } |
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c index 8a55c7d49b55..f55960eee996 100644 --- a/net/bridge/netfilter/ebt_snat.c +++ b/net/bridge/netfilter/ebt_snat.c | |||
@@ -17,11 +17,9 @@ | |||
17 | #include <linux/netfilter_bridge/ebt_nat.h> | 17 | #include <linux/netfilter_bridge/ebt_nat.h> |
18 | 18 | ||
19 | static unsigned int | 19 | static unsigned int |
20 | ebt_snat_tg(struct sk_buff *skb, const struct net_device *in, | 20 | ebt_snat_tg(struct sk_buff *skb, const struct xt_target_param *par) |
21 | const struct net_device *out, unsigned int hook_nr, | ||
22 | const struct xt_target *target, const void *data) | ||
23 | { | 21 | { |
24 | const struct ebt_nat_info *info = data; | 22 | const struct ebt_nat_info *info = par->targinfo; |
25 | 23 | ||
26 | if (!skb_make_writable(skb, 0)) | 24 | if (!skb_make_writable(skb, 0)) |
27 | return EBT_DROP; | 25 | return EBT_DROP; |
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c index 25ca6467349e..bfedf12cbf41 100644 --- a/net/bridge/netfilter/ebt_ulog.c +++ b/net/bridge/netfilter/ebt_ulog.c | |||
@@ -247,13 +247,10 @@ static void ebt_log_packet(u_int8_t pf, unsigned int hooknum, | |||
247 | } | 247 | } |
248 | 248 | ||
249 | static unsigned int | 249 | static unsigned int |
250 | ebt_ulog_tg(struct sk_buff *skb, const struct net_device *in, | 250 | ebt_ulog_tg(struct sk_buff *skb, const struct xt_target_param *par) |
251 | const struct net_device *out, unsigned int hooknr, | ||
252 | const struct xt_target *target, const void *data) | ||
253 | { | 251 | { |
254 | const struct ebt_ulog_info *uloginfo = data; | 252 | ebt_ulog_packet(par->hooknum, skb, par->in, par->out, |
255 | 253 | par->targinfo, NULL); | |
256 | ebt_ulog_packet(hooknr, skb, in, out, uloginfo, NULL); | ||
257 | return EBT_CONTINUE; | 254 | return EBT_CONTINUE; |
258 | } | 255 | } |
259 | 256 | ||
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 0320b5203624..a1156bab4a03 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
@@ -64,11 +64,13 @@ static struct xt_target ebt_standard_target = { | |||
64 | .targetsize = sizeof(int), | 64 | .targetsize = sizeof(int), |
65 | }; | 65 | }; |
66 | 66 | ||
67 | static inline int ebt_do_watcher (struct ebt_entry_watcher *w, | 67 | static inline int |
68 | struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, | 68 | ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb, |
69 | const struct net_device *out) | 69 | struct xt_target_param *par) |
70 | { | 70 | { |
71 | w->u.watcher->target(skb, in, out, hooknr, w->u.watcher, w->data); | 71 | par->target = w->u.watcher; |
72 | par->targinfo = w->data; | ||
73 | w->u.watcher->target(skb, par); | ||
72 | /* watchers don't give a verdict */ | 74 | /* watchers don't give a verdict */ |
73 | return 0; | 75 | return 0; |
74 | } | 76 | } |
@@ -156,10 +158,12 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, | |||
156 | struct ebt_table_info *private; | 158 | struct ebt_table_info *private; |
157 | bool hotdrop = false; | 159 | bool hotdrop = false; |
158 | struct xt_match_param mtpar; | 160 | struct xt_match_param mtpar; |
161 | struct xt_target_param tgpar; | ||
159 | 162 | ||
160 | mtpar.in = in; | 163 | mtpar.in = tgpar.in = in; |
161 | mtpar.out = out; | 164 | mtpar.out = tgpar.out = out; |
162 | mtpar.hotdrop = &hotdrop; | 165 | mtpar.hotdrop = &hotdrop; |
166 | tgpar.hooknum = hook; | ||
163 | 167 | ||
164 | read_lock_bh(&table->lock); | 168 | read_lock_bh(&table->lock); |
165 | private = table->private; | 169 | private = table->private; |
@@ -193,17 +197,18 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, | |||
193 | 197 | ||
194 | /* these should only watch: not modify, nor tell us | 198 | /* these should only watch: not modify, nor tell us |
195 | what to do with the packet */ | 199 | what to do with the packet */ |
196 | EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, hook, in, | 200 | EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar); |
197 | out); | ||
198 | 201 | ||
199 | t = (struct ebt_entry_target *) | 202 | t = (struct ebt_entry_target *) |
200 | (((char *)point) + point->target_offset); | 203 | (((char *)point) + point->target_offset); |
201 | /* standard target */ | 204 | /* standard target */ |
202 | if (!t->u.target->target) | 205 | if (!t->u.target->target) |
203 | verdict = ((struct ebt_standard_target *)t)->verdict; | 206 | verdict = ((struct ebt_standard_target *)t)->verdict; |
204 | else | 207 | else { |
205 | verdict = t->u.target->target(skb, in, out, hook, | 208 | tgpar.target = t->u.target; |
206 | t->u.target, t->data); | 209 | tgpar.targinfo = t->data; |
210 | verdict = t->u.target->target(skb, &tgpar); | ||
211 | } | ||
207 | if (verdict == EBT_ACCEPT) { | 212 | if (verdict == EBT_ACCEPT) { |
208 | read_unlock_bh(&table->lock); | 213 | read_unlock_bh(&table->lock); |
209 | return NF_ACCEPT; | 214 | return NF_ACCEPT; |