diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/bridge/netfilter/ebt_802_3.c | 18 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_among.c | 18 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_arp.c | 18 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_arpreply.c | 18 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_dnat.c | 17 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ip.c | 19 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ip6.c | 19 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_limit.c | 17 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_log.c | 17 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_mark.c | 17 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_mark_m.c | 17 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_nflog.c | 21 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_pkttype.c | 20 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_redirect.c | 18 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_snat.c | 17 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_stp.c | 18 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ulog.c | 17 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_vlan.c | 18 | ||||
-rw-r--r-- | net/bridge/netfilter/ebtables.c | 30 |
19 files changed, 198 insertions, 156 deletions
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c index f9876f227574..6f1a69c28ed9 100644 --- a/net/bridge/netfilter/ebt_802_3.c +++ b/net/bridge/netfilter/ebt_802_3.c | |||
@@ -12,9 +12,10 @@ | |||
12 | #include <linux/netfilter_bridge/ebtables.h> | 12 | #include <linux/netfilter_bridge/ebtables.h> |
13 | #include <linux/netfilter_bridge/ebt_802_3.h> | 13 | #include <linux/netfilter_bridge/ebt_802_3.h> |
14 | 14 | ||
15 | static bool ebt_filter_802_3(const struct sk_buff *skb, | 15 | static bool |
16 | const struct net_device *in, | 16 | ebt_802_3_mt(const struct sk_buff *skb, const struct net_device *in, |
17 | const struct net_device *out, const void *data, unsigned int datalen) | 17 | const struct net_device *out, const struct xt_match *match, |
18 | const void *data, int offset, unsigned int protoff, bool *hotdrop) | ||
18 | { | 19 | { |
19 | const struct ebt_802_3_info *info = data; | 20 | const struct ebt_802_3_info *info = data; |
20 | const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb); | 21 | const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb); |
@@ -37,9 +38,10 @@ static bool ebt_filter_802_3(const struct sk_buff *skb, | |||
37 | return true; | 38 | return true; |
38 | } | 39 | } |
39 | 40 | ||
40 | static struct ebt_match filter_802_3; | 41 | static bool |
41 | static bool ebt_802_3_check(const char *tablename, unsigned int hookmask, | 42 | ebt_802_3_mt_check(const char *table, const void *entry, |
42 | const struct ebt_entry *e, void *data, unsigned int datalen) | 43 | const struct xt_match *match, void *data, |
44 | unsigned int hook_mask) | ||
43 | { | 45 | { |
44 | const struct ebt_802_3_info *info = data; | 46 | const struct ebt_802_3_info *info = data; |
45 | 47 | ||
@@ -53,8 +55,8 @@ static struct ebt_match filter_802_3 __read_mostly = { | |||
53 | .name = EBT_802_3_MATCH, | 55 | .name = EBT_802_3_MATCH, |
54 | .revision = 0, | 56 | .revision = 0, |
55 | .family = NFPROTO_BRIDGE, | 57 | .family = NFPROTO_BRIDGE, |
56 | .match = ebt_filter_802_3, | 58 | .match = ebt_802_3_mt, |
57 | .check = ebt_802_3_check, | 59 | .checkentry = ebt_802_3_mt_check, |
58 | .matchsize = XT_ALIGN(sizeof(struct ebt_802_3_info)), | 60 | .matchsize = XT_ALIGN(sizeof(struct ebt_802_3_info)), |
59 | .me = THIS_MODULE, | 61 | .me = THIS_MODULE, |
60 | }; | 62 | }; |
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c index 88b5c9118a75..84a306f085b5 100644 --- a/net/bridge/netfilter/ebt_among.c +++ b/net/bridge/netfilter/ebt_among.c | |||
@@ -127,10 +127,10 @@ static int get_ip_src(const struct sk_buff *skb, __be32 *addr) | |||
127 | return 0; | 127 | return 0; |
128 | } | 128 | } |
129 | 129 | ||
130 | static bool ebt_filter_among(const struct sk_buff *skb, | 130 | static bool |
131 | const struct net_device *in, | 131 | ebt_among_mt(const struct sk_buff *skb, const struct net_device *in, |
132 | const struct net_device *out, const void *data, | 132 | const struct net_device *out, const struct xt_match *match, |
133 | unsigned int datalen) | 133 | const void *data, int offset, unsigned int protoff, bool *hotdrop) |
134 | { | 134 | { |
135 | const struct ebt_among_info *info = data; | 135 | const struct ebt_among_info *info = data; |
136 | const char *dmac, *smac; | 136 | const char *dmac, *smac; |
@@ -174,9 +174,9 @@ static bool ebt_filter_among(const struct sk_buff *skb, | |||
174 | } | 174 | } |
175 | 175 | ||
176 | static bool | 176 | static bool |
177 | ebt_among_check(const char *tablename, unsigned int hookmask, | 177 | ebt_among_mt_check(const char *table, const void *entry, |
178 | const struct ebt_entry *e, void *data, | 178 | const struct xt_match *match, void *data, |
179 | unsigned int datalen) | 179 | unsigned int hook_mask) |
180 | { | 180 | { |
181 | const struct ebt_entry_match *em = | 181 | const struct ebt_entry_match *em = |
182 | container_of(data, const struct ebt_entry_match, data); | 182 | container_of(data, const struct ebt_entry_match, data); |
@@ -215,8 +215,8 @@ static struct ebt_match filter_among __read_mostly = { | |||
215 | .name = EBT_AMONG_MATCH, | 215 | .name = EBT_AMONG_MATCH, |
216 | .revision = 0, | 216 | .revision = 0, |
217 | .family = NFPROTO_BRIDGE, | 217 | .family = NFPROTO_BRIDGE, |
218 | .match = ebt_filter_among, | 218 | .match = ebt_among_mt, |
219 | .check = ebt_among_check, | 219 | .checkentry = ebt_among_mt_check, |
220 | .matchsize = -1, /* special case */ | 220 | .matchsize = -1, /* special case */ |
221 | .me = THIS_MODULE, | 221 | .me = THIS_MODULE, |
222 | }; | 222 | }; |
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c index 4a5226cbab89..6e7cd2f5ad74 100644 --- a/net/bridge/netfilter/ebt_arp.c +++ b/net/bridge/netfilter/ebt_arp.c | |||
@@ -15,9 +15,10 @@ | |||
15 | #include <linux/netfilter_bridge/ebtables.h> | 15 | #include <linux/netfilter_bridge/ebtables.h> |
16 | #include <linux/netfilter_bridge/ebt_arp.h> | 16 | #include <linux/netfilter_bridge/ebt_arp.h> |
17 | 17 | ||
18 | static bool ebt_filter_arp(const struct sk_buff *skb, | 18 | static bool |
19 | const struct net_device *in, | 19 | ebt_arp_mt(const struct sk_buff *skb, const struct net_device *in, |
20 | const struct net_device *out, const void *data, unsigned int datalen) | 20 | const struct net_device *out, const struct xt_match *match, |
21 | const void *data, int offset, unsigned int protoff, bool *hotdrop) | ||
21 | { | 22 | { |
22 | const struct ebt_arp_info *info = data; | 23 | const struct ebt_arp_info *info = data; |
23 | const struct arphdr *ah; | 24 | const struct arphdr *ah; |
@@ -101,10 +102,13 @@ static bool ebt_filter_arp(const struct sk_buff *skb, | |||
101 | return true; | 102 | return true; |
102 | } | 103 | } |
103 | 104 | ||
104 | static bool ebt_arp_check(const char *tablename, unsigned int hookmask, | 105 | static bool |
105 | const struct ebt_entry *e, void *data, unsigned int datalen) | 106 | ebt_arp_mt_check(const char *table, const void *entry, |
107 | const struct xt_match *match, void *data, | ||
108 | unsigned int hook_mask) | ||
106 | { | 109 | { |
107 | const struct ebt_arp_info *info = data; | 110 | const struct ebt_arp_info *info = data; |
111 | const struct ebt_entry *e = entry; | ||
108 | 112 | ||
109 | if ((e->ethproto != htons(ETH_P_ARP) && | 113 | if ((e->ethproto != htons(ETH_P_ARP) && |
110 | e->ethproto != htons(ETH_P_RARP)) || | 114 | e->ethproto != htons(ETH_P_RARP)) || |
@@ -119,8 +123,8 @@ static struct ebt_match filter_arp __read_mostly = { | |||
119 | .name = EBT_ARP_MATCH, | 123 | .name = EBT_ARP_MATCH, |
120 | .revision = 0, | 124 | .revision = 0, |
121 | .family = NFPROTO_BRIDGE, | 125 | .family = NFPROTO_BRIDGE, |
122 | .match = ebt_filter_arp, | 126 | .match = ebt_arp_mt, |
123 | .check = ebt_arp_check, | 127 | .checkentry = ebt_arp_mt_check, |
124 | .matchsize = XT_ALIGN(sizeof(struct ebt_arp_info)), | 128 | .matchsize = XT_ALIGN(sizeof(struct ebt_arp_info)), |
125 | .me = THIS_MODULE, | 129 | .me = THIS_MODULE, |
126 | }; | 130 | }; |
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c index 7ab16556800e..6f2f65897770 100644 --- a/net/bridge/netfilter/ebt_arpreply.c +++ b/net/bridge/netfilter/ebt_arpreply.c | |||
@@ -15,9 +15,10 @@ | |||
15 | #include <linux/netfilter_bridge/ebtables.h> | 15 | #include <linux/netfilter_bridge/ebtables.h> |
16 | #include <linux/netfilter_bridge/ebt_arpreply.h> | 16 | #include <linux/netfilter_bridge/ebt_arpreply.h> |
17 | 17 | ||
18 | static unsigned int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr, | 18 | static unsigned int |
19 | const struct net_device *in, const struct net_device *out, | 19 | ebt_arpreply_tg(struct sk_buff *skb, const struct net_device *in, |
20 | const void *data, unsigned int datalen) | 20 | const struct net_device *out, unsigned int hook_nr, |
21 | const struct xt_target *target, const void *data) | ||
21 | { | 22 | { |
22 | struct ebt_arpreply_info *info = (void *)data; | 23 | struct ebt_arpreply_info *info = (void *)data; |
23 | const __be32 *siptr, *diptr; | 24 | const __be32 *siptr, *diptr; |
@@ -58,10 +59,13 @@ static unsigned int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr, | |||
58 | return info->target; | 59 | return info->target; |
59 | } | 60 | } |
60 | 61 | ||
61 | static bool ebt_target_reply_check(const char *tablename, unsigned int hookmask, | 62 | static bool |
62 | const struct ebt_entry *e, void *data, unsigned int datalen) | 63 | ebt_arpreply_tg_check(const char *tablename, const void *entry, |
64 | const struct xt_target *target, void *data, | ||
65 | unsigned int hookmask) | ||
63 | { | 66 | { |
64 | const struct ebt_arpreply_info *info = data; | 67 | const struct ebt_arpreply_info *info = data; |
68 | const struct ebt_entry *e = entry; | ||
65 | 69 | ||
66 | if (BASE_CHAIN && info->target == EBT_RETURN) | 70 | if (BASE_CHAIN && info->target == EBT_RETURN) |
67 | return false; | 71 | return false; |
@@ -78,8 +82,8 @@ static struct ebt_target reply_target __read_mostly = { | |||
78 | .name = EBT_ARPREPLY_TARGET, | 82 | .name = EBT_ARPREPLY_TARGET, |
79 | .revision = 0, | 83 | .revision = 0, |
80 | .family = NFPROTO_BRIDGE, | 84 | .family = NFPROTO_BRIDGE, |
81 | .target = ebt_target_reply, | 85 | .target = ebt_arpreply_tg, |
82 | .check = ebt_target_reply_check, | 86 | .checkentry = ebt_arpreply_tg_check, |
83 | .targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)), | 87 | .targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)), |
84 | .me = THIS_MODULE, | 88 | .me = THIS_MODULE, |
85 | }; | 89 | }; |
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c index 64838e2835a0..b7cc013bd377 100644 --- a/net/bridge/netfilter/ebt_dnat.c +++ b/net/bridge/netfilter/ebt_dnat.c | |||
@@ -14,9 +14,10 @@ | |||
14 | #include <linux/netfilter_bridge/ebtables.h> | 14 | #include <linux/netfilter_bridge/ebtables.h> |
15 | #include <linux/netfilter_bridge/ebt_nat.h> | 15 | #include <linux/netfilter_bridge/ebt_nat.h> |
16 | 16 | ||
17 | static unsigned int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr, | 17 | static unsigned int |
18 | const struct net_device *in, const struct net_device *out, | 18 | ebt_dnat_tg(struct sk_buff *skb, const struct net_device *in, |
19 | const void *data, unsigned int datalen) | 19 | const struct net_device *out, unsigned int hook_nr, |
20 | const struct xt_target *target, const void *data) | ||
20 | { | 21 | { |
21 | const struct ebt_nat_info *info = data; | 22 | const struct ebt_nat_info *info = data; |
22 | 23 | ||
@@ -27,8 +28,10 @@ static unsigned int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr, | |||
27 | return info->target; | 28 | return info->target; |
28 | } | 29 | } |
29 | 30 | ||
30 | static bool ebt_target_dnat_check(const char *tablename, unsigned int hookmask, | 31 | static bool |
31 | const struct ebt_entry *e, void *data, unsigned int datalen) | 32 | ebt_dnat_tg_check(const char *tablename, const void *entry, |
33 | const struct xt_target *target, void *data, | ||
34 | unsigned int hookmask) | ||
32 | { | 35 | { |
33 | const struct ebt_nat_info *info = data; | 36 | const struct ebt_nat_info *info = data; |
34 | 37 | ||
@@ -48,8 +51,8 @@ static struct ebt_target dnat __read_mostly = { | |||
48 | .name = EBT_DNAT_TARGET, | 51 | .name = EBT_DNAT_TARGET, |
49 | .revision = 0, | 52 | .revision = 0, |
50 | .family = NFPROTO_BRIDGE, | 53 | .family = NFPROTO_BRIDGE, |
51 | .target = ebt_target_dnat, | 54 | .target = ebt_dnat_tg, |
52 | .check = ebt_target_dnat_check, | 55 | .checkentry = ebt_dnat_tg_check, |
53 | .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), | 56 | .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), |
54 | .me = THIS_MODULE, | 57 | .me = THIS_MODULE, |
55 | }; | 58 | }; |
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c index 0bef6f7bc83f..e7f3b1776b02 100644 --- a/net/bridge/netfilter/ebt_ip.c +++ b/net/bridge/netfilter/ebt_ip.c | |||
@@ -24,10 +24,10 @@ struct tcpudphdr { | |||
24 | __be16 dst; | 24 | __be16 dst; |
25 | }; | 25 | }; |
26 | 26 | ||
27 | static bool ebt_filter_ip(const struct sk_buff *skb, | 27 | static bool |
28 | const struct net_device *in, | 28 | ebt_ip_mt(const struct sk_buff *skb, const struct net_device *in, |
29 | const struct net_device *out, const void *data, | 29 | const struct net_device *out, const struct xt_match *match, |
30 | unsigned int datalen) | 30 | const void *data, int offset, unsigned int protoff, bool *hotdrop) |
31 | { | 31 | { |
32 | const struct ebt_ip_info *info = data; | 32 | const struct ebt_ip_info *info = data; |
33 | const struct iphdr *ih; | 33 | const struct iphdr *ih; |
@@ -79,10 +79,13 @@ static bool ebt_filter_ip(const struct sk_buff *skb, | |||
79 | return true; | 79 | return true; |
80 | } | 80 | } |
81 | 81 | ||
82 | static bool ebt_ip_check(const char *tablename, unsigned int hookmask, | 82 | static bool |
83 | const struct ebt_entry *e, void *data, unsigned int datalen) | 83 | ebt_ip_mt_check(const char *table, const void *entry, |
84 | const struct xt_match *match, void *data, | ||
85 | unsigned int hook_mask) | ||
84 | { | 86 | { |
85 | const struct ebt_ip_info *info = data; | 87 | const struct ebt_ip_info *info = data; |
88 | const struct ebt_entry *e = entry; | ||
86 | 89 | ||
87 | if (e->ethproto != htons(ETH_P_IP) || | 90 | if (e->ethproto != htons(ETH_P_IP) || |
88 | e->invflags & EBT_IPROTO) | 91 | e->invflags & EBT_IPROTO) |
@@ -110,8 +113,8 @@ static struct ebt_match filter_ip __read_mostly = { | |||
110 | .name = EBT_IP_MATCH, | 113 | .name = EBT_IP_MATCH, |
111 | .revision = 0, | 114 | .revision = 0, |
112 | .family = NFPROTO_BRIDGE, | 115 | .family = NFPROTO_BRIDGE, |
113 | .match = ebt_filter_ip, | 116 | .match = ebt_ip_mt, |
114 | .check = ebt_ip_check, | 117 | .checkentry = ebt_ip_mt_check, |
115 | .matchsize = XT_ALIGN(sizeof(struct ebt_ip_info)), | 118 | .matchsize = XT_ALIGN(sizeof(struct ebt_ip_info)), |
116 | .me = THIS_MODULE, | 119 | .me = THIS_MODULE, |
117 | }; | 120 | }; |
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c index afcabe205b8f..807685da2934 100644 --- a/net/bridge/netfilter/ebt_ip6.c +++ b/net/bridge/netfilter/ebt_ip6.c | |||
@@ -27,10 +27,10 @@ struct tcpudphdr { | |||
27 | __be16 dst; | 27 | __be16 dst; |
28 | }; | 28 | }; |
29 | 29 | ||
30 | static bool ebt_filter_ip6(const struct sk_buff *skb, | 30 | static bool |
31 | const struct net_device *in, | 31 | ebt_ip6_mt(const struct sk_buff *skb, const struct net_device *in, |
32 | const struct net_device *out, const void *data, | 32 | const struct net_device *out, const struct xt_match *match, |
33 | unsigned int datalen) | 33 | const void *data, int offset, unsigned int protoff, bool *hotdrop) |
34 | { | 34 | { |
35 | const struct ebt_ip6_info *info = (struct ebt_ip6_info *)data; | 35 | const struct ebt_ip6_info *info = (struct ebt_ip6_info *)data; |
36 | const struct ipv6hdr *ih6; | 36 | const struct ipv6hdr *ih6; |
@@ -92,9 +92,12 @@ static bool ebt_filter_ip6(const struct sk_buff *skb, | |||
92 | return true; | 92 | return true; |
93 | } | 93 | } |
94 | 94 | ||
95 | static bool ebt_ip6_check(const char *tablename, unsigned int hookmask, | 95 | static bool |
96 | const struct ebt_entry *e, void *data, unsigned int datalen) | 96 | ebt_ip6_mt_check(const char *table, const void *entry, |
97 | const struct xt_match *match, void *data, | ||
98 | unsigned int hook_mask) | ||
97 | { | 99 | { |
100 | const struct ebt_entry *e = entry; | ||
98 | struct ebt_ip6_info *info = (struct ebt_ip6_info *)data; | 101 | struct ebt_ip6_info *info = (struct ebt_ip6_info *)data; |
99 | 102 | ||
100 | if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO) | 103 | if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO) |
@@ -123,8 +126,8 @@ static struct ebt_match filter_ip6 = | |||
123 | .name = EBT_IP6_MATCH, | 126 | .name = EBT_IP6_MATCH, |
124 | .revision = 0, | 127 | .revision = 0, |
125 | .family = NFPROTO_BRIDGE, | 128 | .family = NFPROTO_BRIDGE, |
126 | .match = ebt_filter_ip6, | 129 | .match = ebt_ip6_mt, |
127 | .check = ebt_ip6_check, | 130 | .checkentry = ebt_ip6_mt_check, |
128 | .matchsize = XT_ALIGN(sizeof(struct ebt_ip6_info)), | 131 | .matchsize = XT_ALIGN(sizeof(struct ebt_ip6_info)), |
129 | .me = THIS_MODULE, | 132 | .me = THIS_MODULE, |
130 | }; | 133 | }; |
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c index 9ca0a2564c8d..d3372739227e 100644 --- a/net/bridge/netfilter/ebt_limit.c +++ b/net/bridge/netfilter/ebt_limit.c | |||
@@ -30,9 +30,10 @@ static DEFINE_SPINLOCK(limit_lock); | |||
30 | 30 | ||
31 | #define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ) | 31 | #define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ) |
32 | 32 | ||
33 | static bool ebt_limit_match(const struct sk_buff *skb, | 33 | static bool |
34 | const struct net_device *in, const struct net_device *out, | 34 | ebt_limit_mt(const struct sk_buff *skb, const struct net_device *in, |
35 | const void *data, unsigned int datalen) | 35 | const struct net_device *out, const struct xt_match *match, |
36 | const void *data, int offset, unsigned int protoff, bool *hotdrop) | ||
36 | { | 37 | { |
37 | struct ebt_limit_info *info = (struct ebt_limit_info *)data; | 38 | struct ebt_limit_info *info = (struct ebt_limit_info *)data; |
38 | unsigned long now = jiffies; | 39 | unsigned long now = jiffies; |
@@ -65,8 +66,10 @@ user2credits(u_int32_t user) | |||
65 | return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE; | 66 | return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE; |
66 | } | 67 | } |
67 | 68 | ||
68 | static bool ebt_limit_check(const char *tablename, unsigned int hookmask, | 69 | static bool |
69 | const struct ebt_entry *e, void *data, unsigned int datalen) | 70 | ebt_limit_mt_check(const char *table, const void *e, |
71 | const struct xt_match *match, void *data, | ||
72 | unsigned int hook_mask) | ||
70 | { | 73 | { |
71 | struct ebt_limit_info *info = data; | 74 | struct ebt_limit_info *info = data; |
72 | 75 | ||
@@ -90,8 +93,8 @@ static struct ebt_match ebt_limit_reg __read_mostly = { | |||
90 | .name = EBT_LIMIT_MATCH, | 93 | .name = EBT_LIMIT_MATCH, |
91 | .revision = 0, | 94 | .revision = 0, |
92 | .family = NFPROTO_BRIDGE, | 95 | .family = NFPROTO_BRIDGE, |
93 | .match = ebt_limit_match, | 96 | .match = ebt_limit_mt, |
94 | .check = ebt_limit_check, | 97 | .checkentry = ebt_limit_mt_check, |
95 | .matchsize = XT_ALIGN(sizeof(struct ebt_limit_info)), | 98 | .matchsize = XT_ALIGN(sizeof(struct ebt_limit_info)), |
96 | .me = THIS_MODULE, | 99 | .me = THIS_MODULE, |
97 | }; | 100 | }; |
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c index c2e1c357025e..424dfdf7f27e 100644 --- a/net/bridge/netfilter/ebt_log.c +++ b/net/bridge/netfilter/ebt_log.c | |||
@@ -24,8 +24,10 @@ | |||
24 | 24 | ||
25 | static DEFINE_SPINLOCK(ebt_log_lock); | 25 | static DEFINE_SPINLOCK(ebt_log_lock); |
26 | 26 | ||
27 | static bool ebt_log_check(const char *tablename, unsigned int hookmask, | 27 | static bool |
28 | const struct ebt_entry *e, void *data, unsigned int datalen) | 28 | ebt_log_tg_check(const char *table, const void *entry, |
29 | const struct xt_target *target, void *data, | ||
30 | unsigned int hook_mask) | ||
29 | { | 31 | { |
30 | struct ebt_log_info *info = data; | 32 | struct ebt_log_info *info = data; |
31 | 33 | ||
@@ -192,9 +194,10 @@ out: | |||
192 | 194 | ||
193 | } | 195 | } |
194 | 196 | ||
195 | static unsigned int ebt_log(const struct sk_buff *skb, unsigned int hooknr, | 197 | static unsigned int |
196 | const struct net_device *in, const struct net_device *out, | 198 | ebt_log_tg(struct sk_buff *skb, const struct net_device *in, |
197 | const void *data, unsigned int datalen) | 199 | const struct net_device *out, unsigned int hooknr, |
200 | const struct xt_target *target, const void *data) | ||
198 | { | 201 | { |
199 | const struct ebt_log_info *info = data; | 202 | const struct ebt_log_info *info = data; |
200 | struct nf_loginfo li; | 203 | struct nf_loginfo li; |
@@ -217,8 +220,8 @@ static struct ebt_watcher log = | |||
217 | .name = EBT_LOG_WATCHER, | 220 | .name = EBT_LOG_WATCHER, |
218 | .revision = 0, | 221 | .revision = 0, |
219 | .family = NFPROTO_BRIDGE, | 222 | .family = NFPROTO_BRIDGE, |
220 | .watcher = ebt_log, | 223 | .target = ebt_log_tg, |
221 | .check = ebt_log_check, | 224 | .checkentry = ebt_log_tg_check, |
222 | .targetsize = XT_ALIGN(sizeof(struct ebt_log_info)), | 225 | .targetsize = XT_ALIGN(sizeof(struct ebt_log_info)), |
223 | .me = THIS_MODULE, | 226 | .me = THIS_MODULE, |
224 | }; | 227 | }; |
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c index 910721a12673..92c67271bd8d 100644 --- a/net/bridge/netfilter/ebt_mark.c +++ b/net/bridge/netfilter/ebt_mark.c | |||
@@ -18,9 +18,10 @@ | |||
18 | #include <linux/netfilter_bridge/ebtables.h> | 18 | #include <linux/netfilter_bridge/ebtables.h> |
19 | #include <linux/netfilter_bridge/ebt_mark_t.h> | 19 | #include <linux/netfilter_bridge/ebt_mark_t.h> |
20 | 20 | ||
21 | static unsigned int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr, | 21 | static unsigned int |
22 | const struct net_device *in, const struct net_device *out, | 22 | ebt_mark_tg(struct sk_buff *skb, const struct net_device *in, |
23 | const void *data, unsigned int datalen) | 23 | const struct net_device *out, unsigned int hook_nr, |
24 | const struct xt_target *target, const void *data) | ||
24 | { | 25 | { |
25 | const struct ebt_mark_t_info *info = data; | 26 | const struct ebt_mark_t_info *info = data; |
26 | int action = info->target & -16; | 27 | int action = info->target & -16; |
@@ -37,8 +38,10 @@ static unsigned int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr, | |||
37 | return info->target | ~EBT_VERDICT_BITS; | 38 | return info->target | ~EBT_VERDICT_BITS; |
38 | } | 39 | } |
39 | 40 | ||
40 | static bool ebt_target_mark_check(const char *tablename, unsigned int hookmask, | 41 | static bool |
41 | const struct ebt_entry *e, void *data, unsigned int datalen) | 42 | ebt_mark_tg_check(const char *table, const void *e, |
43 | const struct xt_target *target, void *data, | ||
44 | unsigned int hookmask) | ||
42 | { | 45 | { |
43 | const struct ebt_mark_t_info *info = data; | 46 | const struct ebt_mark_t_info *info = data; |
44 | int tmp; | 47 | int tmp; |
@@ -60,8 +63,8 @@ static struct ebt_target mark_target __read_mostly = { | |||
60 | .name = EBT_MARK_TARGET, | 63 | .name = EBT_MARK_TARGET, |
61 | .revision = 0, | 64 | .revision = 0, |
62 | .family = NFPROTO_BRIDGE, | 65 | .family = NFPROTO_BRIDGE, |
63 | .target = ebt_target_mark, | 66 | .target = ebt_mark_tg, |
64 | .check = ebt_target_mark_check, | 67 | .checkentry = ebt_mark_tg_check, |
65 | .targetsize = XT_ALIGN(sizeof(struct ebt_mark_t_info)), | 68 | .targetsize = XT_ALIGN(sizeof(struct ebt_mark_t_info)), |
66 | .me = THIS_MODULE, | 69 | .me = THIS_MODULE, |
67 | }; | 70 | }; |
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c index 6512ad9b4097..db64a0de4f74 100644 --- a/net/bridge/netfilter/ebt_mark_m.c +++ b/net/bridge/netfilter/ebt_mark_m.c | |||
@@ -12,9 +12,10 @@ | |||
12 | #include <linux/netfilter_bridge/ebtables.h> | 12 | #include <linux/netfilter_bridge/ebtables.h> |
13 | #include <linux/netfilter_bridge/ebt_mark_m.h> | 13 | #include <linux/netfilter_bridge/ebt_mark_m.h> |
14 | 14 | ||
15 | static bool ebt_filter_mark(const struct sk_buff *skb, | 15 | static bool |
16 | const struct net_device *in, const struct net_device *out, const void *data, | 16 | ebt_mark_mt(const struct sk_buff *skb, const struct net_device *in, |
17 | unsigned int datalen) | 17 | const struct net_device *out, const struct xt_match *match, |
18 | const void *data, int offset, unsigned int protoff, bool *hotdrop) | ||
18 | { | 19 | { |
19 | const struct ebt_mark_m_info *info = data; | 20 | const struct ebt_mark_m_info *info = data; |
20 | 21 | ||
@@ -23,8 +24,10 @@ static bool ebt_filter_mark(const struct sk_buff *skb, | |||
23 | return ((skb->mark & info->mask) == info->mark) ^ info->invert; | 24 | return ((skb->mark & info->mask) == info->mark) ^ info->invert; |
24 | } | 25 | } |
25 | 26 | ||
26 | static bool ebt_mark_check(const char *tablename, unsigned int hookmask, | 27 | static bool |
27 | const struct ebt_entry *e, void *data, unsigned int datalen) | 28 | ebt_mark_mt_check(const char *table, const void *e, |
29 | const struct xt_match *match, void *data, | ||
30 | unsigned int hook_mask) | ||
28 | { | 31 | { |
29 | const struct ebt_mark_m_info *info = data; | 32 | const struct ebt_mark_m_info *info = data; |
30 | 33 | ||
@@ -41,8 +44,8 @@ static struct ebt_match filter_mark __read_mostly = { | |||
41 | .name = EBT_MARK_MATCH, | 44 | .name = EBT_MARK_MATCH, |
42 | .revision = 0, | 45 | .revision = 0, |
43 | .family = NFPROTO_BRIDGE, | 46 | .family = NFPROTO_BRIDGE, |
44 | .match = ebt_filter_mark, | 47 | .match = ebt_mark_mt, |
45 | .check = ebt_mark_check, | 48 | .checkentry = ebt_mark_mt_check, |
46 | .matchsize = XT_ALIGN(sizeof(struct ebt_mark_m_info)), | 49 | .matchsize = XT_ALIGN(sizeof(struct ebt_mark_m_info)), |
47 | .me = THIS_MODULE, | 50 | .me = THIS_MODULE, |
48 | }; | 51 | }; |
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c index aa0410c69a60..b415f8871883 100644 --- a/net/bridge/netfilter/ebt_nflog.c +++ b/net/bridge/netfilter/ebt_nflog.c | |||
@@ -19,11 +19,10 @@ | |||
19 | #include <linux/netfilter_bridge/ebt_nflog.h> | 19 | #include <linux/netfilter_bridge/ebt_nflog.h> |
20 | #include <net/netfilter/nf_log.h> | 20 | #include <net/netfilter/nf_log.h> |
21 | 21 | ||
22 | static unsigned int ebt_nflog(const struct sk_buff *skb, | 22 | static unsigned int |
23 | unsigned int hooknr, | 23 | ebt_nflog_tg(struct sk_buff *skb, const struct net_device *in, |
24 | const struct net_device *in, | 24 | const struct net_device *out, unsigned int hooknr, |
25 | const struct net_device *out, | 25 | const struct xt_target *target, const void *data) |
26 | const void *data, unsigned int datalen) | ||
27 | { | 26 | { |
28 | struct ebt_nflog_info *info = (struct ebt_nflog_info *)data; | 27 | struct ebt_nflog_info *info = (struct ebt_nflog_info *)data; |
29 | struct nf_loginfo li; | 28 | struct nf_loginfo li; |
@@ -37,10 +36,10 @@ static unsigned int ebt_nflog(const struct sk_buff *skb, | |||
37 | return EBT_CONTINUE; | 36 | return EBT_CONTINUE; |
38 | } | 37 | } |
39 | 38 | ||
40 | static bool ebt_nflog_check(const char *tablename, | 39 | static bool |
41 | unsigned int hookmask, | 40 | ebt_nflog_tg_check(const char *table, const void *e, |
42 | const struct ebt_entry *e, | 41 | const struct xt_target *target, void *data, |
43 | void *data, unsigned int datalen) | 42 | unsigned int hookmask) |
44 | { | 43 | { |
45 | struct ebt_nflog_info *info = (struct ebt_nflog_info *)data; | 44 | struct ebt_nflog_info *info = (struct ebt_nflog_info *)data; |
46 | 45 | ||
@@ -54,8 +53,8 @@ static struct ebt_watcher nflog __read_mostly = { | |||
54 | .name = EBT_NFLOG_WATCHER, | 53 | .name = EBT_NFLOG_WATCHER, |
55 | .revision = 0, | 54 | .revision = 0, |
56 | .family = NFPROTO_BRIDGE, | 55 | .family = NFPROTO_BRIDGE, |
57 | .watcher = ebt_nflog, | 56 | .target = ebt_nflog_tg, |
58 | .check = ebt_nflog_check, | 57 | .checkentry = ebt_nflog_tg_check, |
59 | .targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)), | 58 | .targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)), |
60 | .me = THIS_MODULE, | 59 | .me = THIS_MODULE, |
61 | }; | 60 | }; |
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c index a9acecc88e9e..06393452ef91 100644 --- a/net/bridge/netfilter/ebt_pkttype.c +++ b/net/bridge/netfilter/ebt_pkttype.c | |||
@@ -12,19 +12,21 @@ | |||
12 | #include <linux/netfilter_bridge/ebtables.h> | 12 | #include <linux/netfilter_bridge/ebtables.h> |
13 | #include <linux/netfilter_bridge/ebt_pkttype.h> | 13 | #include <linux/netfilter_bridge/ebt_pkttype.h> |
14 | 14 | ||
15 | static bool ebt_filter_pkttype(const struct sk_buff *skb, | 15 | static bool |
16 | const struct net_device *in, | 16 | ebt_pkttype_mt(const struct sk_buff *skb, const struct net_device *in, |
17 | const struct net_device *out, | 17 | const struct net_device *out, const struct xt_match *match, |
18 | const void *data, | 18 | const void *data, int offset, unsigned int protoff, |
19 | unsigned int datalen) | 19 | bool *hotdrop) |
20 | { | 20 | { |
21 | const struct ebt_pkttype_info *info = data; | 21 | const struct ebt_pkttype_info *info = data; |
22 | 22 | ||
23 | return (skb->pkt_type == info->pkt_type) ^ info->invert; | 23 | return (skb->pkt_type == info->pkt_type) ^ info->invert; |
24 | } | 24 | } |
25 | 25 | ||
26 | static bool ebt_pkttype_check(const char *tablename, unsigned int hookmask, | 26 | static bool |
27 | const struct ebt_entry *e, void *data, unsigned int datalen) | 27 | ebt_pkttype_mt_check(const char *table, const void *e, |
28 | const struct xt_match *match, void *data, | ||
29 | unsigned int hook_mask) | ||
28 | { | 30 | { |
29 | const struct ebt_pkttype_info *info = data; | 31 | const struct ebt_pkttype_info *info = data; |
30 | 32 | ||
@@ -38,8 +40,8 @@ static struct ebt_match filter_pkttype __read_mostly = { | |||
38 | .name = EBT_PKTTYPE_MATCH, | 40 | .name = EBT_PKTTYPE_MATCH, |
39 | .revision = 0, | 41 | .revision = 0, |
40 | .family = NFPROTO_BRIDGE, | 42 | .family = NFPROTO_BRIDGE, |
41 | .match = ebt_filter_pkttype, | 43 | .match = ebt_pkttype_mt, |
42 | .check = ebt_pkttype_check, | 44 | .checkentry = ebt_pkttype_mt_check, |
43 | .matchsize = XT_ALIGN(sizeof(struct ebt_pkttype_info)), | 45 | .matchsize = XT_ALIGN(sizeof(struct ebt_pkttype_info)), |
44 | .me = THIS_MODULE, | 46 | .me = THIS_MODULE, |
45 | }; | 47 | }; |
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c index 4c628108bcda..e9540cf4f6d6 100644 --- a/net/bridge/netfilter/ebt_redirect.c +++ b/net/bridge/netfilter/ebt_redirect.c | |||
@@ -15,10 +15,10 @@ | |||
15 | #include <linux/netfilter_bridge/ebtables.h> | 15 | #include <linux/netfilter_bridge/ebtables.h> |
16 | #include <linux/netfilter_bridge/ebt_redirect.h> | 16 | #include <linux/netfilter_bridge/ebt_redirect.h> |
17 | 17 | ||
18 | static unsigned int ebt_target_redirect(struct sk_buff *skb, | 18 | static unsigned int |
19 | unsigned int hooknr, | 19 | ebt_redirect_tg(struct sk_buff *skb, const struct net_device *in, |
20 | const struct net_device *in, const struct net_device *out, | 20 | const struct net_device *out, unsigned int hooknr, |
21 | const void *data, unsigned int datalen) | 21 | const struct xt_target *target, const void *data) |
22 | { | 22 | { |
23 | const struct ebt_redirect_info *info = data; | 23 | const struct ebt_redirect_info *info = data; |
24 | 24 | ||
@@ -34,8 +34,10 @@ static unsigned int ebt_target_redirect(struct sk_buff *skb, | |||
34 | return info->target; | 34 | return info->target; |
35 | } | 35 | } |
36 | 36 | ||
37 | static bool ebt_target_redirect_check(const char *tablename, unsigned int hookmask, | 37 | static bool |
38 | const struct ebt_entry *e, void *data, unsigned int datalen) | 38 | ebt_redirect_tg_check(const char *tablename, const void *e, |
39 | const struct xt_target *target, void *data, | ||
40 | unsigned int hookmask) | ||
39 | { | 41 | { |
40 | const struct ebt_redirect_info *info = data; | 42 | const struct ebt_redirect_info *info = data; |
41 | 43 | ||
@@ -54,8 +56,8 @@ static struct ebt_target redirect_target __read_mostly = { | |||
54 | .name = EBT_REDIRECT_TARGET, | 56 | .name = EBT_REDIRECT_TARGET, |
55 | .revision = 0, | 57 | .revision = 0, |
56 | .family = NFPROTO_BRIDGE, | 58 | .family = NFPROTO_BRIDGE, |
57 | .target = ebt_target_redirect, | 59 | .target = ebt_redirect_tg, |
58 | .check = ebt_target_redirect_check, | 60 | .checkentry = ebt_redirect_tg_check, |
59 | .targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)), | 61 | .targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)), |
60 | .me = THIS_MODULE, | 62 | .me = THIS_MODULE, |
61 | }; | 63 | }; |
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c index 0e83de781c0c..363d0051e04b 100644 --- a/net/bridge/netfilter/ebt_snat.c +++ b/net/bridge/netfilter/ebt_snat.c | |||
@@ -16,9 +16,10 @@ | |||
16 | #include <linux/netfilter_bridge/ebtables.h> | 16 | #include <linux/netfilter_bridge/ebtables.h> |
17 | #include <linux/netfilter_bridge/ebt_nat.h> | 17 | #include <linux/netfilter_bridge/ebt_nat.h> |
18 | 18 | ||
19 | static unsigned int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr, | 19 | static unsigned int |
20 | const struct net_device *in, const struct net_device *out, | 20 | ebt_snat_tg(struct sk_buff *skb, const struct net_device *in, |
21 | const void *data, unsigned int datalen) | 21 | const struct net_device *out, unsigned int hook_nr, |
22 | const struct xt_target *target, const void *data) | ||
22 | { | 23 | { |
23 | const struct ebt_nat_info *info = data; | 24 | const struct ebt_nat_info *info = data; |
24 | 25 | ||
@@ -43,8 +44,10 @@ out: | |||
43 | return info->target | ~EBT_VERDICT_BITS; | 44 | return info->target | ~EBT_VERDICT_BITS; |
44 | } | 45 | } |
45 | 46 | ||
46 | static bool ebt_target_snat_check(const char *tablename, unsigned int hookmask, | 47 | static bool |
47 | const struct ebt_entry *e, void *data, unsigned int datalen) | 48 | ebt_snat_tg_check(const char *tablename, const void *e, |
49 | const struct xt_target *target, void *data, | ||
50 | unsigned int hookmask) | ||
48 | { | 51 | { |
49 | const struct ebt_nat_info *info = data; | 52 | const struct ebt_nat_info *info = data; |
50 | int tmp; | 53 | int tmp; |
@@ -70,8 +73,8 @@ static struct ebt_target snat __read_mostly = { | |||
70 | .name = EBT_SNAT_TARGET, | 73 | .name = EBT_SNAT_TARGET, |
71 | .revision = 0, | 74 | .revision = 0, |
72 | .family = NFPROTO_BRIDGE, | 75 | .family = NFPROTO_BRIDGE, |
73 | .target = ebt_target_snat, | 76 | .target = ebt_snat_tg, |
74 | .check = ebt_target_snat_check, | 77 | .checkentry = ebt_snat_tg_check, |
75 | .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), | 78 | .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), |
76 | .me = THIS_MODULE, | 79 | .me = THIS_MODULE, |
77 | }; | 80 | }; |
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c index e6d8f0c140a4..7576d1d62a49 100644 --- a/net/bridge/netfilter/ebt_stp.c +++ b/net/bridge/netfilter/ebt_stp.c | |||
@@ -119,9 +119,10 @@ static bool ebt_filter_config(const struct ebt_stp_info *info, | |||
119 | return true; | 119 | return true; |
120 | } | 120 | } |
121 | 121 | ||
122 | static bool ebt_filter_stp(const struct sk_buff *skb, | 122 | static bool |
123 | const struct net_device *in, | 123 | ebt_stp_mt(const struct sk_buff *skb, const struct net_device *in, |
124 | const struct net_device *out, const void *data, unsigned int datalen) | 124 | const struct net_device *out, const struct xt_match *match, |
125 | const void *data, int offset, unsigned int protoff, bool *hotdrop) | ||
125 | { | 126 | { |
126 | const struct ebt_stp_info *info = data; | 127 | const struct ebt_stp_info *info = data; |
127 | const struct stp_header *sp; | 128 | const struct stp_header *sp; |
@@ -154,12 +155,15 @@ static bool ebt_filter_stp(const struct sk_buff *skb, | |||
154 | return true; | 155 | return true; |
155 | } | 156 | } |
156 | 157 | ||
157 | static bool ebt_stp_check(const char *tablename, unsigned int hookmask, | 158 | static bool |
158 | const struct ebt_entry *e, void *data, unsigned int datalen) | 159 | ebt_stp_mt_check(const char *table, const void *entry, |
160 | const struct xt_match *match, void *data, | ||
161 | unsigned int hook_mask) | ||
159 | { | 162 | { |
160 | const struct ebt_stp_info *info = data; | 163 | const struct ebt_stp_info *info = data; |
161 | const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00}; | 164 | const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00}; |
162 | const uint8_t msk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; | 165 | const uint8_t msk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; |
166 | const struct ebt_entry *e = entry; | ||
163 | 167 | ||
164 | if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || | 168 | if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || |
165 | !(info->bitmask & EBT_STP_MASK)) | 169 | !(info->bitmask & EBT_STP_MASK)) |
@@ -176,8 +180,8 @@ static struct ebt_match filter_stp __read_mostly = { | |||
176 | .name = EBT_STP_MATCH, | 180 | .name = EBT_STP_MATCH, |
177 | .revision = 0, | 181 | .revision = 0, |
178 | .family = NFPROTO_BRIDGE, | 182 | .family = NFPROTO_BRIDGE, |
179 | .match = ebt_filter_stp, | 183 | .match = ebt_stp_mt, |
180 | .check = ebt_stp_check, | 184 | .checkentry = ebt_stp_mt_check, |
181 | .matchsize = XT_ALIGN(sizeof(struct ebt_stp_info)), | 185 | .matchsize = XT_ALIGN(sizeof(struct ebt_stp_info)), |
182 | .me = THIS_MODULE, | 186 | .me = THIS_MODULE, |
183 | }; | 187 | }; |
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c index 076b44590f16..77ff9c46b268 100644 --- a/net/bridge/netfilter/ebt_ulog.c +++ b/net/bridge/netfilter/ebt_ulog.c | |||
@@ -246,9 +246,10 @@ static void ebt_log_packet(u_int8_t pf, unsigned int hooknum, | |||
246 | ebt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix); | 246 | ebt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix); |
247 | } | 247 | } |
248 | 248 | ||
249 | static unsigned int ebt_ulog(const struct sk_buff *skb, unsigned int hooknr, | 249 | static unsigned int |
250 | const struct net_device *in, const struct net_device *out, | 250 | ebt_ulog_tg(struct sk_buff *skb, const struct net_device *in, |
251 | const void *data, unsigned int datalen) | 251 | const struct net_device *out, unsigned int hooknr, |
252 | const struct xt_target *target, const void *data) | ||
252 | { | 253 | { |
253 | const struct ebt_ulog_info *uloginfo = data; | 254 | const struct ebt_ulog_info *uloginfo = data; |
254 | 255 | ||
@@ -256,8 +257,10 @@ static unsigned int ebt_ulog(const struct sk_buff *skb, unsigned int hooknr, | |||
256 | return EBT_CONTINUE; | 257 | return EBT_CONTINUE; |
257 | } | 258 | } |
258 | 259 | ||
259 | static bool ebt_ulog_check(const char *tablename, unsigned int hookmask, | 260 | static bool |
260 | const struct ebt_entry *e, void *data, unsigned int datalen) | 261 | ebt_ulog_tg_check(const char *table, const void *entry, |
262 | const struct xt_target *target, void *data, | ||
263 | unsigned int hookmask) | ||
261 | { | 264 | { |
262 | struct ebt_ulog_info *uloginfo = data; | 265 | struct ebt_ulog_info *uloginfo = data; |
263 | 266 | ||
@@ -276,8 +279,8 @@ static struct ebt_watcher ulog __read_mostly = { | |||
276 | .name = EBT_ULOG_WATCHER, | 279 | .name = EBT_ULOG_WATCHER, |
277 | .revision = 0, | 280 | .revision = 0, |
278 | .family = NFPROTO_BRIDGE, | 281 | .family = NFPROTO_BRIDGE, |
279 | .watcher = ebt_ulog, | 282 | .target = ebt_ulog_tg, |
280 | .check = ebt_ulog_check, | 283 | .checkentry = ebt_ulog_tg_check, |
281 | .targetsize = XT_ALIGN(sizeof(struct ebt_ulog_info)), | 284 | .targetsize = XT_ALIGN(sizeof(struct ebt_ulog_info)), |
282 | .me = THIS_MODULE, | 285 | .me = THIS_MODULE, |
283 | }; | 286 | }; |
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c index 9e3a39ae4660..3af688b0fc37 100644 --- a/net/bridge/netfilter/ebt_vlan.c +++ b/net/bridge/netfilter/ebt_vlan.c | |||
@@ -41,10 +41,9 @@ MODULE_LICENSE("GPL"); | |||
41 | #define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; } | 41 | #define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; } |
42 | 42 | ||
43 | static bool | 43 | static bool |
44 | ebt_filter_vlan(const struct sk_buff *skb, | 44 | ebt_vlan_mt(const struct sk_buff *skb, const struct net_device *in, |
45 | const struct net_device *in, | 45 | const struct net_device *out, const struct xt_match *match, |
46 | const struct net_device *out, | 46 | const void *data, int offset, unsigned int protoff, bool *hotdrop) |
47 | const void *data, unsigned int datalen) | ||
48 | { | 47 | { |
49 | const struct ebt_vlan_info *info = data; | 48 | const struct ebt_vlan_info *info = data; |
50 | const struct vlan_hdr *fp; | 49 | const struct vlan_hdr *fp; |
@@ -88,11 +87,12 @@ ebt_filter_vlan(const struct sk_buff *skb, | |||
88 | } | 87 | } |
89 | 88 | ||
90 | static bool | 89 | static bool |
91 | ebt_check_vlan(const char *tablename, | 90 | ebt_vlan_mt_check(const char *table, const void *entry, |
92 | unsigned int hooknr, | 91 | const struct xt_match *match, void *data, |
93 | const struct ebt_entry *e, void *data, unsigned int datalen) | 92 | unsigned int hook_mask) |
94 | { | 93 | { |
95 | struct ebt_vlan_info *info = data; | 94 | struct ebt_vlan_info *info = data; |
95 | const struct ebt_entry *e = entry; | ||
96 | 96 | ||
97 | /* Is it 802.1Q frame checked? */ | 97 | /* Is it 802.1Q frame checked? */ |
98 | if (e->ethproto != htons(ETH_P_8021Q)) { | 98 | if (e->ethproto != htons(ETH_P_8021Q)) { |
@@ -166,8 +166,8 @@ static struct ebt_match filter_vlan __read_mostly = { | |||
166 | .name = EBT_VLAN_MATCH, | 166 | .name = EBT_VLAN_MATCH, |
167 | .revision = 0, | 167 | .revision = 0, |
168 | .family = NFPROTO_BRIDGE, | 168 | .family = NFPROTO_BRIDGE, |
169 | .match = ebt_filter_vlan, | 169 | .match = ebt_vlan_mt, |
170 | .check = ebt_check_vlan, | 170 | .checkentry = ebt_vlan_mt_check, |
171 | .matchsize = XT_ALIGN(sizeof(struct ebt_vlan_info)), | 171 | .matchsize = XT_ALIGN(sizeof(struct ebt_vlan_info)), |
172 | .me = THIS_MODULE, | 172 | .me = THIS_MODULE, |
173 | }; | 173 | }; |
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index bc4b3f4f37c4..340e1c6bdcb1 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
@@ -67,11 +67,10 @@ static struct ebt_target ebt_standard_target = { | |||
67 | }; | 67 | }; |
68 | 68 | ||
69 | static inline int ebt_do_watcher (struct ebt_entry_watcher *w, | 69 | static inline int ebt_do_watcher (struct ebt_entry_watcher *w, |
70 | const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, | 70 | struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, |
71 | const struct net_device *out) | 71 | const struct net_device *out) |
72 | { | 72 | { |
73 | w->u.watcher->watcher(skb, hooknr, in, out, w->data, | 73 | w->u.watcher->target(skb, in, out, hooknr, NULL, w->data); |
74 | w->watcher_size); | ||
75 | /* watchers don't give a verdict */ | 74 | /* watchers don't give a verdict */ |
76 | return 0; | 75 | return 0; |
77 | } | 76 | } |
@@ -80,8 +79,7 @@ static inline int ebt_do_match (struct ebt_entry_match *m, | |||
80 | const struct sk_buff *skb, const struct net_device *in, | 79 | const struct sk_buff *skb, const struct net_device *in, |
81 | const struct net_device *out) | 80 | const struct net_device *out) |
82 | { | 81 | { |
83 | return m->u.match->match(skb, in, out, m->data, | 82 | return m->u.match->match(skb, in, out, NULL, m->data, 0, 0, NULL); |
84 | m->match_size); | ||
85 | } | 83 | } |
86 | 84 | ||
87 | static inline int ebt_dev_check(char *entry, const struct net_device *device) | 85 | static inline int ebt_dev_check(char *entry, const struct net_device *device) |
@@ -195,8 +193,8 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, | |||
195 | if (!t->u.target->target) | 193 | if (!t->u.target->target) |
196 | verdict = ((struct ebt_standard_target *)t)->verdict; | 194 | verdict = ((struct ebt_standard_target *)t)->verdict; |
197 | else | 195 | else |
198 | verdict = t->u.target->target(skb, hook, | 196 | verdict = t->u.target->target(skb, in, out, hook, |
199 | in, out, t->data, t->target_size); | 197 | NULL, t->data); |
200 | if (verdict == EBT_ACCEPT) { | 198 | if (verdict == EBT_ACCEPT) { |
201 | read_unlock_bh(&table->lock); | 199 | read_unlock_bh(&table->lock); |
202 | return NF_ACCEPT; | 200 | return NF_ACCEPT; |
@@ -376,8 +374,8 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, | |||
376 | match->name, XT_ALIGN(match->matchsize), m->match_size); | 374 | match->name, XT_ALIGN(match->matchsize), m->match_size); |
377 | goto out; | 375 | goto out; |
378 | } | 376 | } |
379 | if (match->check && | 377 | if (match->checkentry && |
380 | !match->check(name, hookmask, e, m->data, m->match_size)) { | 378 | !match->checkentry(name, e, NULL, m->data, hookmask)) { |
381 | BUGPRINT("match->check failed\n"); | 379 | BUGPRINT("match->check failed\n"); |
382 | goto out; | 380 | goto out; |
383 | } | 381 | } |
@@ -426,8 +424,8 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, | |||
426 | w->watcher_size); | 424 | w->watcher_size); |
427 | goto out; | 425 | goto out; |
428 | } | 426 | } |
429 | if (watcher->check && | 427 | if (watcher->checkentry && |
430 | !watcher->check(name, hookmask, e, w->data, w->watcher_size)) { | 428 | !watcher->checkentry(name, e, NULL, w->data, hookmask)) { |
431 | BUGPRINT("watcher->check failed\n"); | 429 | BUGPRINT("watcher->check failed\n"); |
432 | goto out; | 430 | goto out; |
433 | } | 431 | } |
@@ -609,7 +607,7 @@ ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) | |||
609 | if (i && (*i)-- == 0) | 607 | if (i && (*i)-- == 0) |
610 | return 1; | 608 | return 1; |
611 | if (m->u.match->destroy) | 609 | if (m->u.match->destroy) |
612 | m->u.match->destroy(m->data, m->match_size); | 610 | m->u.match->destroy(NULL, m->data); |
613 | module_put(m->u.match->me); | 611 | module_put(m->u.match->me); |
614 | 612 | ||
615 | return 0; | 613 | return 0; |
@@ -621,7 +619,7 @@ ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i) | |||
621 | if (i && (*i)-- == 0) | 619 | if (i && (*i)-- == 0) |
622 | return 1; | 620 | return 1; |
623 | if (w->u.watcher->destroy) | 621 | if (w->u.watcher->destroy) |
624 | w->u.watcher->destroy(w->data, w->watcher_size); | 622 | w->u.watcher->destroy(NULL, w->data); |
625 | module_put(w->u.watcher->me); | 623 | module_put(w->u.watcher->me); |
626 | 624 | ||
627 | return 0; | 625 | return 0; |
@@ -641,7 +639,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) | |||
641 | EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); | 639 | EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); |
642 | t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); | 640 | t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); |
643 | if (t->u.target->destroy) | 641 | if (t->u.target->destroy) |
644 | t->u.target->destroy(t->data, t->target_size); | 642 | t->u.target->destroy(NULL, t->data); |
645 | module_put(t->u.target->me); | 643 | module_put(t->u.target->me); |
646 | 644 | ||
647 | return 0; | 645 | return 0; |
@@ -755,8 +753,8 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, | |||
755 | module_put(t->u.target->me); | 753 | module_put(t->u.target->me); |
756 | ret = -EINVAL; | 754 | ret = -EINVAL; |
757 | goto cleanup_watchers; | 755 | goto cleanup_watchers; |
758 | } else if (t->u.target->check && | 756 | } else if (t->u.target->checkentry && |
759 | !t->u.target->check(name, hookmask, e, t->data, t->target_size)) { | 757 | !t->u.target->checkentry(name, e, NULL, t->data, hookmask)) { |
760 | module_put(t->u.target->me); | 758 | module_put(t->u.target->me); |
761 | ret = -EFAULT; | 759 | ret = -EFAULT; |
762 | goto cleanup_watchers; | 760 | goto cleanup_watchers; |