netfilter: xtables: resolve indirect macros 3/3

#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN

#define arpt_entry_target xt_entry_target

#define arpt_standard_target xt_standard_target

#define ARPT_CONTINUE XT_CONTINUE

#define ARPT_RETURN XT_RETURN

#define arpt_counters_info xt_counters_info

#define arpt_counters xt_counters

#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET

#define ARPT_ERROR_TARGET XT_ERROR_TARGET

#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \

	XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)

#endif

#define ARPT_DEV_ADDR_LEN_MAX 16

#define ARPT_SO_GET_REVISION_TARGET	(ARPT_BASE_CTL + 3)

#define ARPT_SO_GET_MAX			(ARPT_SO_GET_REVISION_TARGET)

/* CONTINUE verdict for targets */

#define ARPT_CONTINUE XT_CONTINUE

/* For standard target */

#define ARPT_RETURN XT_RETURN

/* The argument to ARPT_SO_GET_INFO */

struct arpt_getinfo {

	/* Which table: caller fills this in. */

	struct arpt_entry entries[0];

};

/* The argument to ARPT_SO_ADD_COUNTERS. */

#define arpt_counters_info xt_counters_info

#define arpt_counters xt_counters

/* The argument to ARPT_SO_GET_ENTRIES. */

struct arpt_get_entries {

	/* Which table: user fills this in. */

	struct arpt_entry entrytable[0];

};

/* Standard return verdict, or do jump. */

#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET

/* Error verdict. */

#define ARPT_ERROR_TARGET XT_ERROR_TARGET

/* Helper functions */

static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e)

{

	return (void *)e + e->target_offset;

}

#ifndef __KERNEL__

/* fn returns 0 to continue iteration */

#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \

	XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)

#endif

/*

 *	Main firewall chains definitions and global var's definitions.

 */

#define ARPT_STANDARD_INIT(__verdict)					       \

{									       \

	.entry		= ARPT_ENTRY_INIT(sizeof(struct arpt_standard)),       \

	.target		= XT_TARGET_INIT(ARPT_STANDARD_TARGET,		       \

	.target		= XT_TARGET_INIT(XT_STANDARD_TARGET,		       \

					 sizeof(struct xt_standard_target)), \

	.target.verdict	= -(__verdict) - 1,				       \

}

#define ARPT_ERROR_INIT							       \

{									       \

	.entry		= ARPT_ENTRY_INIT(sizeof(struct arpt_error)),	       \

	.target		= XT_TARGET_INIT(ARPT_ERROR_TARGET,		       \

	.target		= XT_TARGET_INIT(XT_ERROR_TARGET,		       \

					 sizeof(struct arpt_error_target)),    \

	.target.errorname = "ERROR",					       \

}

#define ipt_entry_target xt_entry_target

#define ipt_standard_target xt_standard_target

#define ipt_counters xt_counters

#define IPT_CONTINUE XT_CONTINUE

#define IPT_RETURN XT_RETURN

/* This group is older than old (iptables < v1.4.0-rc1~89) */

#include <linux/netfilter/xt_tcpudp.h>

#define ipt_udp xt_udp

#define ipt_tcp xt_tcp

#define IPT_TCP_INV_SRCPT	XT_TCP_INV_SRCPT

#define IPT_TCP_INV_DSTPT	XT_TCP_INV_DSTPT

#define IPT_TCP_INV_FLAGS	XT_TCP_INV_FLAGS

#define IPT_TCP_INV_OPTION	XT_TCP_INV_OPTION

#define IPT_TCP_INV_MASK	XT_TCP_INV_MASK

#define IPT_UDP_INV_SRCPT	XT_UDP_INV_SRCPT

#define IPT_UDP_INV_DSTPT	XT_UDP_INV_DSTPT

#define IPT_UDP_INV_MASK	XT_UDP_INV_MASK

/* The argument to IPT_SO_ADD_COUNTERS. */

#define ipt_counters_info xt_counters_info

/* Standard return verdict, or do jump. */

#define IPT_STANDARD_TARGET XT_STANDARD_TARGET

/* Error verdict. */

#define IPT_ERROR_TARGET XT_ERROR_TARGET

/* fn returns 0 to continue iteration */

#define IPT_MATCH_ITERATE(e, fn, args...) \

	XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)

/* fn returns 0 to continue iteration */

#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \

	XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)

#endif

/* Yes, Virginia, you have to zero the padding. */

#define IPT_SO_GET_REVISION_TARGET	(IPT_BASE_CTL + 3)

#define IPT_SO_GET_MAX			IPT_SO_GET_REVISION_TARGET

#define IPT_CONTINUE XT_CONTINUE

#define IPT_RETURN XT_RETURN

#include <linux/netfilter/xt_tcpudp.h>

#define ipt_udp xt_udp

#define ipt_tcp xt_tcp

#define IPT_TCP_INV_SRCPT	XT_TCP_INV_SRCPT

#define IPT_TCP_INV_DSTPT	XT_TCP_INV_DSTPT

#define IPT_TCP_INV_FLAGS	XT_TCP_INV_FLAGS

#define IPT_TCP_INV_OPTION	XT_TCP_INV_OPTION

#define IPT_TCP_INV_MASK	XT_TCP_INV_MASK

#define IPT_UDP_INV_SRCPT	XT_UDP_INV_SRCPT

#define IPT_UDP_INV_DSTPT	XT_UDP_INV_DSTPT

#define IPT_UDP_INV_MASK	XT_UDP_INV_MASK

/* ICMP matching stuff */

struct ipt_icmp {

	u_int8_t type;				/* type to match */

	struct ipt_entry entries[0];

};

/* The argument to IPT_SO_ADD_COUNTERS. */

#define ipt_counters_info xt_counters_info

/* The argument to IPT_SO_GET_ENTRIES. */

struct ipt_get_entries {

	/* Which table: user fills this in. */

	struct ipt_entry entrytable[0];

};

/* Standard return verdict, or do jump. */

#define IPT_STANDARD_TARGET XT_STANDARD_TARGET

/* Error verdict. */

#define IPT_ERROR_TARGET XT_ERROR_TARGET

/* Helper functions */

static __inline__ struct xt_entry_target *

ipt_get_target(struct ipt_entry *e)

	return (void *)e + e->target_offset;

}

#ifndef __KERNEL__

/* fn returns 0 to continue iteration */

#define IPT_MATCH_ITERATE(e, fn, args...) \

	XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)

/* fn returns 0 to continue iteration */

#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \

	XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)

#endif

/*

 *	Main firewall chains definitions and global var's definitions.

 */

#define IPT_STANDARD_INIT(__verdict)					       \

{									       \

	.entry		= IPT_ENTRY_INIT(sizeof(struct ipt_standard)),	       \

	.target		= XT_TARGET_INIT(IPT_STANDARD_TARGET,		       \

	.target		= XT_TARGET_INIT(XT_STANDARD_TARGET,		       \

					 sizeof(struct xt_standard_target)),   \

	.target.verdict	= -(__verdict) - 1,				       \

}

#define IPT_ERROR_INIT							       \

{									       \

	.entry		= IPT_ENTRY_INIT(sizeof(struct ipt_error)),	       \

	.target		= XT_TARGET_INIT(IPT_ERROR_TARGET,		       \

	.target		= XT_TARGET_INIT(XT_ERROR_TARGET,		       \

					 sizeof(struct ipt_error_target)),     \

	.target.errorname = "ERROR",					       \

}

#define ip6t_entry_target xt_entry_target

#define ip6t_standard_target xt_standard_target

#define ip6t_counters xt_counters

#define IP6T_CONTINUE XT_CONTINUE

#define IP6T_RETURN XT_RETURN

/* Pre-iptables-1.4.0 */

#include <linux/netfilter/xt_tcpudp.h>

#define ip6t_tcp xt_tcp

#define ip6t_udp xt_udp

#define IP6T_TCP_INV_SRCPT	XT_TCP_INV_SRCPT

#define IP6T_TCP_INV_DSTPT	XT_TCP_INV_DSTPT

#define IP6T_TCP_INV_FLAGS	XT_TCP_INV_FLAGS

#define IP6T_TCP_INV_OPTION	XT_TCP_INV_OPTION

#define IP6T_TCP_INV_MASK	XT_TCP_INV_MASK

#define IP6T_UDP_INV_SRCPT	XT_UDP_INV_SRCPT

#define IP6T_UDP_INV_DSTPT	XT_UDP_INV_DSTPT

#define IP6T_UDP_INV_MASK	XT_UDP_INV_MASK

#define ip6t_counters_info xt_counters_info

#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET

#define IP6T_ERROR_TARGET XT_ERROR_TARGET

#define IP6T_MATCH_ITERATE(e, fn, args...) \

	XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)

#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \

	XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)

#endif

/* Yes, Virginia, you have to zero the padding. */

#define IP6T_STANDARD_INIT(__verdict)					       \

{									       \

	.entry		= IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)),       \

	.target		= XT_TARGET_INIT(IP6T_STANDARD_TARGET,		       \

	.target		= XT_TARGET_INIT(XT_STANDARD_TARGET,		       \

					 sizeof(struct xt_standard_target)),   \

	.target.verdict	= -(__verdict) - 1,				       \

}

#define IP6T_ERROR_INIT							       \

{									       \

	.entry		= IP6T_ENTRY_INIT(sizeof(struct ip6t_error)),	       \

	.target		= XT_TARGET_INIT(IP6T_ERROR_TARGET,		       \

	.target		= XT_TARGET_INIT(XT_ERROR_TARGET,		       \

					 sizeof(struct ip6t_error_target)),    \

	.target.errorname = "ERROR",					       \

}

#define IP6T_SO_GET_REVISION_TARGET	(IP6T_BASE_CTL + 5)

#define IP6T_SO_GET_MAX			IP6T_SO_GET_REVISION_TARGET

/* CONTINUE verdict for targets */

#define IP6T_CONTINUE XT_CONTINUE

/* For standard target */

#define IP6T_RETURN XT_RETURN

/* TCP/UDP matching stuff */

#include <linux/netfilter/xt_tcpudp.h>

#define ip6t_tcp xt_tcp

#define ip6t_udp xt_udp

/* Values for "inv" field in struct ipt_tcp. */

#define IP6T_TCP_INV_SRCPT	XT_TCP_INV_SRCPT

#define IP6T_TCP_INV_DSTPT	XT_TCP_INV_DSTPT

#define IP6T_TCP_INV_FLAGS	XT_TCP_INV_FLAGS

#define IP6T_TCP_INV_OPTION	XT_TCP_INV_OPTION

#define IP6T_TCP_INV_MASK	XT_TCP_INV_MASK

/* Values for "invflags" field in struct ipt_udp. */

#define IP6T_UDP_INV_SRCPT	XT_UDP_INV_SRCPT

#define IP6T_UDP_INV_DSTPT	XT_UDP_INV_DSTPT

#define IP6T_UDP_INV_MASK	XT_UDP_INV_MASK

/* ICMP matching stuff */

struct ip6t_icmp {

	u_int8_t type;				/* type to match */

	struct ip6t_entry entries[0];

};

/* The argument to IP6T_SO_ADD_COUNTERS. */

#define ip6t_counters_info xt_counters_info

/* The argument to IP6T_SO_GET_ENTRIES. */

struct ip6t_get_entries {

	/* Which table: user fills this in. */

	struct ip6t_entry entrytable[0];

};

/* Standard return verdict, or do jump. */

#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET

/* Error verdict. */

#define IP6T_ERROR_TARGET XT_ERROR_TARGET

/* Helper functions */

static __inline__ struct xt_entry_target *

ip6t_get_target(struct ip6t_entry *e)

	return (void *)e + e->target_offset;

}

#ifndef __KERNEL__

/* fn returns 0 to continue iteration */

#define IP6T_MATCH_ITERATE(e, fn, args...) \

	XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)

/* fn returns 0 to continue iteration */

#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \

	XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)

#endif

/*

 *	Main firewall chains definitions and global var's definitions.

 */

			v = ((struct xt_standard_target *)t)->verdict;

			if (v < 0) {

				/* Pop from stack? */

				if (v != ARPT_RETURN) {

				if (v != XT_RETURN) {

					verdict = (unsigned)(-v) - 1;

					break;

				}

		/* Target might have changed stuff. */

		arp = arp_hdr(skb);

		if (verdict == ARPT_CONTINUE)

		if (verdict == XT_CONTINUE)

			e = arpt_next_entry(e);

		else

			/* Verdict */

			/* Unconditional return/END. */

			if ((e->target_offset == sizeof(struct arpt_entry) &&

			     (strcmp(t->target.u.user.name,

				     ARPT_STANDARD_TARGET) == 0) &&

				     XT_STANDARD_TARGET) == 0) &&

			     t->verdict < 0 && unconditional(&e->arp)) ||

			    visited) {

				unsigned int oldpos, size;

				if ((strcmp(t->target.u.user.name,

					    ARPT_STANDARD_TARGET) == 0) &&

					    XT_STANDARD_TARGET) == 0) &&

				    t->verdict < -NF_MAX_VERDICT - 1) {

					duprintf("mark_source_chains: bad "

						"negative verdict (%i)\n",

				int newpos = t->verdict;

				if (strcmp(t->target.u.user.name,

					   ARPT_STANDARD_TARGET) == 0 &&

					   XT_STANDARD_TARGET) == 0 &&

				    newpos >= 0) {

					if (newpos > newinfo->size -

						sizeof(struct arpt_entry)) {

/* The built-in targets: standard (NULL) and error. */

static struct xt_target arpt_builtin_tg[] __read_mostly = {

	{

		.name             = ARPT_STANDARD_TARGET,

		.name             = XT_STANDARD_TARGET,

		.targetsize       = sizeof(int),

		.family           = NFPROTO_ARP,

#ifdef CONFIG_COMPAT

#endif

	},

	{

		.name             = ARPT_ERROR_TARGET,

		.name             = XT_ERROR_TARGET,

		.target           = arpt_error,

		.targetsize       = XT_FUNCTION_MAXNAMELEN,

		.family           = NFPROTO_ARP,

		return false;

	if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT &&

	   mangle->target != ARPT_CONTINUE)

	   mangle->target != XT_CONTINUE)

		return false;

	return true;

}