Loading include/linux/netfilter_arp/arp_tables.h +7 −8 Original line number Diff line number Diff line Loading @@ -24,6 +24,8 @@ #ifndef __KERNEL__ #define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN #define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN #define arpt_entry_target xt_entry_target #define arpt_standard_target xt_standard_target #endif #define ARPT_DEV_ADDR_LEN_MAX 16 Loading Loading @@ -65,9 +67,6 @@ struct arpt_arp { u_int16_t invflags; }; #define arpt_entry_target xt_entry_target #define arpt_standard_target xt_standard_target /* Values for "flag" field in struct arpt_ip (general arp structure). * No flags defined yet. */ Loading Loading @@ -208,7 +207,7 @@ struct arpt_get_entries { #define ARPT_ERROR_TARGET XT_ERROR_TARGET /* Helper functions */ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e) static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e) { return (void *)e + e->target_offset; } Loading @@ -227,11 +226,11 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e /* Standard entry. */ struct arpt_standard { struct arpt_entry entry; struct arpt_standard_target target; struct xt_standard_target target; }; struct arpt_error_target { struct arpt_entry_target target; struct xt_entry_target target; char errorname[XT_FUNCTION_MAXNAMELEN]; }; Loading @@ -250,7 +249,7 @@ struct arpt_error { { \ .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \ .target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \ sizeof(struct arpt_standard_target)), \ sizeof(struct xt_standard_target)), \ .target.verdict = -(__verdict) - 1, \ } Loading Loading @@ -287,7 +286,7 @@ struct compat_arpt_entry { unsigned char elems[0]; }; static inline struct arpt_entry_target * static inline struct xt_entry_target * compat_arpt_get_target(struct compat_arpt_entry *e) { return (void *)e + e->target_offset; Loading include/linux/netfilter_ipv4/ip_tables.h +8 −10 Original line number Diff line number Diff line Loading @@ -34,6 +34,10 @@ #define ipt_target xt_target #define ipt_table xt_table #define ipt_get_revision xt_get_revision #define ipt_entry_match xt_entry_match #define ipt_entry_target xt_entry_target #define ipt_standard_target xt_standard_target #define ipt_counters xt_counters #endif /* Yes, Virginia, you have to zero the padding. */ Loading @@ -54,12 +58,6 @@ struct ipt_ip { u_int8_t invflags; }; #define ipt_entry_match xt_entry_match #define ipt_entry_target xt_entry_target #define ipt_standard_target xt_standard_target #define ipt_counters xt_counters /* Values for "flag" field in struct ipt_ip (general ip structure). */ #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ #define IPT_F_GOTO 0x02 /* Set if jump is a goto */ Loading Loading @@ -219,7 +217,7 @@ struct ipt_get_entries { #define IPT_ERROR_TARGET XT_ERROR_TARGET /* Helper functions */ static __inline__ struct ipt_entry_target * static __inline__ struct xt_entry_target * ipt_get_target(struct ipt_entry *e) { return (void *)e + e->target_offset; Loading Loading @@ -251,11 +249,11 @@ extern void ipt_unregister_table(struct net *net, struct xt_table *table); /* Standard entry. */ struct ipt_standard { struct ipt_entry entry; struct ipt_standard_target target; struct xt_standard_target target; }; struct ipt_error_target { struct ipt_entry_target target; struct xt_entry_target target; char errorname[XT_FUNCTION_MAXNAMELEN]; }; Loading Loading @@ -309,7 +307,7 @@ struct compat_ipt_entry { }; /* Helper functions */ static inline struct ipt_entry_target * static inline struct xt_entry_target * compat_ipt_get_target(struct compat_ipt_entry *e) { return (void *)e + e->target_offset; Loading include/linux/netfilter_ipv6/ip6_tables.h +9 −11 Original line number Diff line number Diff line Loading @@ -34,6 +34,10 @@ #define ip6t_target xt_target #define ip6t_table xt_table #define ip6t_get_revision xt_get_revision #define ip6t_entry_match xt_entry_match #define ip6t_entry_target xt_entry_target #define ip6t_standard_target xt_standard_target #define ip6t_counters xt_counters #endif /* Yes, Virginia, you have to zero the padding. */ Loading Loading @@ -63,12 +67,6 @@ struct ip6t_ip6 { u_int8_t invflags; }; #define ip6t_entry_match xt_entry_match #define ip6t_entry_target xt_entry_target #define ip6t_standard_target xt_standard_target #define ip6t_counters xt_counters /* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */ #define IP6T_F_PROTO 0x01 /* Set if rule cares about upper protocols */ Loading Loading @@ -113,11 +111,11 @@ struct ip6t_entry { /* Standard entry */ struct ip6t_standard { struct ip6t_entry entry; struct ip6t_standard_target target; struct xt_standard_target target; }; struct ip6t_error_target { struct ip6t_entry_target target; struct xt_entry_target target; char errorname[XT_FUNCTION_MAXNAMELEN]; }; Loading @@ -136,7 +134,7 @@ struct ip6t_error { { \ .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \ .target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \ sizeof(struct ip6t_standard_target)), \ sizeof(struct xt_standard_target)), \ .target.verdict = -(__verdict) - 1, \ } Loading Loading @@ -275,7 +273,7 @@ struct ip6t_get_entries { #define IP6T_ERROR_TARGET XT_ERROR_TARGET /* Helper functions */ static __inline__ struct ip6t_entry_target * static __inline__ struct xt_entry_target * ip6t_get_target(struct ip6t_entry *e) { return (void *)e + e->target_offset; Loading Loading @@ -332,7 +330,7 @@ struct compat_ip6t_entry { unsigned char elems[0]; }; static inline struct ip6t_entry_target * static inline struct xt_entry_target * compat_ip6t_get_target(struct compat_ip6t_entry *e) { return (void *)e + e->target_offset; Loading net/ipv4/netfilter/arp_tables.c +19 −19 Original line number Diff line number Diff line Loading @@ -228,7 +228,7 @@ arpt_error(struct sk_buff *skb, const struct xt_action_param *par) return NF_DROP; } static inline const struct arpt_entry_target * static inline const struct xt_entry_target * arpt_get_target_c(const struct arpt_entry *e) { return arpt_get_target((struct arpt_entry *)e); Loading Loading @@ -282,7 +282,7 @@ unsigned int arpt_do_table(struct sk_buff *skb, arp = arp_hdr(skb); do { const struct arpt_entry_target *t; const struct xt_entry_target *t; if (!arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) { e = arpt_next_entry(e); Loading @@ -297,7 +297,7 @@ unsigned int arpt_do_table(struct sk_buff *skb, if (!t->u.kernel.target->target) { int v; v = ((struct arpt_standard_target *)t)->verdict; v = ((struct xt_standard_target *)t)->verdict; if (v < 0) { /* Pop from stack? */ if (v != ARPT_RETURN) { Loading Loading @@ -377,7 +377,7 @@ static int mark_source_chains(const struct xt_table_info *newinfo, e->counters.pcnt = pos; for (;;) { const struct arpt_standard_target *t const struct xt_standard_target *t = (void *)arpt_get_target_c(e); int visited = e->comefrom & (1 << hook); Loading Loading @@ -464,14 +464,14 @@ static int mark_source_chains(const struct xt_table_info *newinfo, static inline int check_entry(const struct arpt_entry *e, const char *name) { const struct arpt_entry_target *t; const struct xt_entry_target *t; if (!arp_checkentry(&e->arp)) { duprintf("arp_tables: arp check failed %p %s.\n", e, name); return -EINVAL; } if (e->target_offset + sizeof(struct arpt_entry_target) > e->next_offset) if (e->target_offset + sizeof(struct xt_entry_target) > e->next_offset) return -EINVAL; t = arpt_get_target_c(e); Loading @@ -483,7 +483,7 @@ static inline int check_entry(const struct arpt_entry *e, const char *name) static inline int check_target(struct arpt_entry *e, const char *name) { struct arpt_entry_target *t = arpt_get_target(e); struct xt_entry_target *t = arpt_get_target(e); int ret; struct xt_tgchk_param par = { .table = name, Loading @@ -506,7 +506,7 @@ static inline int check_target(struct arpt_entry *e, const char *name) static inline int find_check_entry(struct arpt_entry *e, const char *name, unsigned int size) { struct arpt_entry_target *t; struct xt_entry_target *t; struct xt_target *target; int ret; Loading Loading @@ -536,7 +536,7 @@ find_check_entry(struct arpt_entry *e, const char *name, unsigned int size) static bool check_underflow(const struct arpt_entry *e) { const struct arpt_entry_target *t; const struct xt_entry_target *t; unsigned int verdict; if (!unconditional(&e->arp)) Loading @@ -544,7 +544,7 @@ static bool check_underflow(const struct arpt_entry *e) t = arpt_get_target_c(e); if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0) return false; verdict = ((struct arpt_standard_target *)t)->verdict; verdict = ((struct xt_standard_target *)t)->verdict; verdict = -verdict - 1; return verdict == NF_DROP || verdict == NF_ACCEPT; } Loading @@ -566,7 +566,7 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e, } if (e->next_offset < sizeof(struct arpt_entry) + sizeof(struct arpt_entry_target)) { < sizeof(struct arpt_entry) + sizeof(struct xt_entry_target)) { duprintf("checking: element %p size %u\n", e, e->next_offset); return -EINVAL; Loading Loading @@ -598,7 +598,7 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e, static inline void cleanup_entry(struct arpt_entry *e) { struct xt_tgdtor_param par; struct arpt_entry_target *t; struct xt_entry_target *t; t = arpt_get_target(e); par.target = t->u.kernel.target; Loading Loading @@ -794,7 +794,7 @@ static int copy_entries_to_user(unsigned int total_size, /* FIXME: use iterator macros --RR */ /* ... then go back and fix counters and names */ for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){ const struct arpt_entry_target *t; const struct xt_entry_target *t; e = (struct arpt_entry *)(loc_cpu_entry + off); if (copy_to_user(userptr + off Loading @@ -807,7 +807,7 @@ static int copy_entries_to_user(unsigned int total_size, t = arpt_get_target_c(e); if (copy_to_user(userptr + off + e->target_offset + offsetof(struct arpt_entry_target, + offsetof(struct xt_entry_target, u.user.name), t->u.kernel.target->name, strlen(t->u.kernel.target->name)+1) != 0) { Loading Loading @@ -844,7 +844,7 @@ static int compat_calc_entry(const struct arpt_entry *e, const struct xt_table_info *info, const void *base, struct xt_table_info *newinfo) { const struct arpt_entry_target *t; const struct xt_entry_target *t; unsigned int entry_offset; int off, i, ret; Loading Loading @@ -1204,7 +1204,7 @@ static int do_add_counters(struct net *net, const void __user *user, #ifdef CONFIG_COMPAT static inline void compat_release_entry(struct compat_arpt_entry *e) { struct arpt_entry_target *t; struct xt_entry_target *t; t = compat_arpt_get_target(e); module_put(t->u.kernel.target->me); Loading @@ -1220,7 +1220,7 @@ check_compat_entry_size_and_hooks(struct compat_arpt_entry *e, const unsigned int *underflows, const char *name) { struct arpt_entry_target *t; struct xt_entry_target *t; struct xt_target *target; unsigned int entry_offset; int ret, off, h; Loading Loading @@ -1288,7 +1288,7 @@ compat_copy_entry_from_user(struct compat_arpt_entry *e, void **dstptr, unsigned int *size, const char *name, struct xt_table_info *newinfo, unsigned char *base) { struct arpt_entry_target *t; struct xt_entry_target *t; struct xt_target *target; struct arpt_entry *de; unsigned int origsize; Loading Loading @@ -1567,7 +1567,7 @@ static int compat_copy_entry_to_user(struct arpt_entry *e, void __user **dstptr, struct xt_counters *counters, unsigned int i) { struct arpt_entry_target *t; struct xt_entry_target *t; struct compat_arpt_entry __user *ce; u_int16_t target_offset, next_offset; compat_uint_t origsize; Loading net/ipv4/netfilter/ip_tables.c +27 −27 Original line number Diff line number Diff line Loading @@ -186,7 +186,7 @@ static inline bool unconditional(const struct ipt_ip *ip) } /* for const-correctness */ static inline const struct ipt_entry_target * static inline const struct xt_entry_target * ipt_get_target_c(const struct ipt_entry *e) { return ipt_get_target((struct ipt_entry *)e); Loading Loading @@ -230,7 +230,7 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e, const char *hookname, const char **chainname, const char **comment, unsigned int *rulenum) { const struct ipt_standard_target *t = (void *)ipt_get_target_c(s); const struct xt_standard_target *t = (void *)ipt_get_target_c(s); if (strcmp(t->target.u.kernel.target->name, IPT_ERROR_TARGET) == 0) { /* Head of user chain: ERROR target with chainname */ Loading Loading @@ -346,7 +346,7 @@ ipt_do_table(struct sk_buff *skb, get_entry(table_base, private->underflow[hook])); do { const struct ipt_entry_target *t; const struct xt_entry_target *t; const struct xt_entry_match *ematch; IP_NF_ASSERT(e); Loading Loading @@ -380,7 +380,7 @@ ipt_do_table(struct sk_buff *skb, if (!t->u.kernel.target->target) { int v; v = ((struct ipt_standard_target *)t)->verdict; v = ((struct xt_standard_target *)t)->verdict; if (v < 0) { /* Pop from stack? */ if (v != IPT_RETURN) { Loading Loading @@ -461,7 +461,7 @@ mark_source_chains(const struct xt_table_info *newinfo, e->counters.pcnt = pos; for (;;) { const struct ipt_standard_target *t const struct xt_standard_target *t = (void *)ipt_get_target_c(e); int visited = e->comefrom & (1 << hook); Loading Loading @@ -552,7 +552,7 @@ mark_source_chains(const struct xt_table_info *newinfo, return 1; } static void cleanup_match(struct ipt_entry_match *m, struct net *net) static void cleanup_match(struct xt_entry_match *m, struct net *net) { struct xt_mtdtor_param par; Loading @@ -568,14 +568,14 @@ static void cleanup_match(struct ipt_entry_match *m, struct net *net) static int check_entry(const struct ipt_entry *e, const char *name) { const struct ipt_entry_target *t; const struct xt_entry_target *t; if (!ip_checkentry(&e->ip)) { duprintf("ip check failed %p %s.\n", e, par->match->name); return -EINVAL; } if (e->target_offset + sizeof(struct ipt_entry_target) > if (e->target_offset + sizeof(struct xt_entry_target) > e->next_offset) return -EINVAL; Loading @@ -587,7 +587,7 @@ check_entry(const struct ipt_entry *e, const char *name) } static int check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par) check_match(struct xt_entry_match *m, struct xt_mtchk_param *par) { const struct ipt_ip *ip = par->entryinfo; int ret; Loading @@ -605,7 +605,7 @@ check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par) } static int find_check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par) find_check_match(struct xt_entry_match *m, struct xt_mtchk_param *par) { struct xt_match *match; int ret; Loading @@ -630,7 +630,7 @@ find_check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par) static int check_target(struct ipt_entry *e, struct net *net, const char *name) { struct ipt_entry_target *t = ipt_get_target(e); struct xt_entry_target *t = ipt_get_target(e); struct xt_tgchk_param par = { .net = net, .table = name, Loading @@ -656,7 +656,7 @@ static int find_check_entry(struct ipt_entry *e, struct net *net, const char *name, unsigned int size) { struct ipt_entry_target *t; struct xt_entry_target *t; struct xt_target *target; int ret; unsigned int j; Loading Loading @@ -707,7 +707,7 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name, static bool check_underflow(const struct ipt_entry *e) { const struct ipt_entry_target *t; const struct xt_entry_target *t; unsigned int verdict; if (!unconditional(&e->ip)) Loading @@ -715,7 +715,7 @@ static bool check_underflow(const struct ipt_entry *e) t = ipt_get_target_c(e); if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0) return false; verdict = ((struct ipt_standard_target *)t)->verdict; verdict = ((struct xt_standard_target *)t)->verdict; verdict = -verdict - 1; return verdict == NF_DROP || verdict == NF_ACCEPT; } Loading @@ -738,7 +738,7 @@ check_entry_size_and_hooks(struct ipt_entry *e, } if (e->next_offset < sizeof(struct ipt_entry) + sizeof(struct ipt_entry_target)) { < sizeof(struct ipt_entry) + sizeof(struct xt_entry_target)) { duprintf("checking: element %p size %u\n", e, e->next_offset); return -EINVAL; Loading Loading @@ -771,7 +771,7 @@ static void cleanup_entry(struct ipt_entry *e, struct net *net) { struct xt_tgdtor_param par; struct ipt_entry_target *t; struct xt_entry_target *t; struct xt_entry_match *ematch; /* Cleanup all matches */ Loading Loading @@ -972,8 +972,8 @@ copy_entries_to_user(unsigned int total_size, /* ... then go back and fix counters and names */ for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){ unsigned int i; const struct ipt_entry_match *m; const struct ipt_entry_target *t; const struct xt_entry_match *m; const struct xt_entry_target *t; e = (struct ipt_entry *)(loc_cpu_entry + off); if (copy_to_user(userptr + off Loading @@ -990,7 +990,7 @@ copy_entries_to_user(unsigned int total_size, m = (void *)e + i; if (copy_to_user(userptr + off + i + offsetof(struct ipt_entry_match, + offsetof(struct xt_entry_match, u.user.name), m->u.kernel.match->name, strlen(m->u.kernel.match->name)+1) Loading @@ -1002,7 +1002,7 @@ copy_entries_to_user(unsigned int total_size, t = ipt_get_target_c(e); if (copy_to_user(userptr + off + e->target_offset + offsetof(struct ipt_entry_target, + offsetof(struct xt_entry_target, u.user.name), t->u.kernel.target->name, strlen(t->u.kernel.target->name)+1) != 0) { Loading Loading @@ -1040,7 +1040,7 @@ static int compat_calc_entry(const struct ipt_entry *e, const void *base, struct xt_table_info *newinfo) { const struct xt_entry_match *ematch; const struct ipt_entry_target *t; const struct xt_entry_target *t; unsigned int entry_offset; int off, i, ret; Loading Loading @@ -1407,7 +1407,7 @@ struct compat_ipt_replace { u32 hook_entry[NF_INET_NUMHOOKS]; u32 underflow[NF_INET_NUMHOOKS]; u32 num_counters; compat_uptr_t counters; /* struct ipt_counters * */ compat_uptr_t counters; /* struct xt_counters * */ struct compat_ipt_entry entries[0]; }; Loading @@ -1416,7 +1416,7 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr, unsigned int *size, struct xt_counters *counters, unsigned int i) { struct ipt_entry_target *t; struct xt_entry_target *t; struct compat_ipt_entry __user *ce; u_int16_t target_offset, next_offset; compat_uint_t origsize; Loading Loading @@ -1451,7 +1451,7 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr, } static int compat_find_calc_match(struct ipt_entry_match *m, compat_find_calc_match(struct xt_entry_match *m, const char *name, const struct ipt_ip *ip, unsigned int hookmask, Loading @@ -1473,7 +1473,7 @@ compat_find_calc_match(struct ipt_entry_match *m, static void compat_release_entry(struct compat_ipt_entry *e) { struct ipt_entry_target *t; struct xt_entry_target *t; struct xt_entry_match *ematch; /* Cleanup all matches */ Loading @@ -1494,7 +1494,7 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e, const char *name) { struct xt_entry_match *ematch; struct ipt_entry_target *t; struct xt_entry_target *t; struct xt_target *target; unsigned int entry_offset; unsigned int j; Loading Loading @@ -1576,7 +1576,7 @@ compat_copy_entry_from_user(struct compat_ipt_entry *e, void **dstptr, unsigned int *size, const char *name, struct xt_table_info *newinfo, unsigned char *base) { struct ipt_entry_target *t; struct xt_entry_target *t; struct xt_target *target; struct ipt_entry *de; unsigned int origsize; Loading Loading
include/linux/netfilter_arp/arp_tables.h +7 −8 Original line number Diff line number Diff line Loading @@ -24,6 +24,8 @@ #ifndef __KERNEL__ #define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN #define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN #define arpt_entry_target xt_entry_target #define arpt_standard_target xt_standard_target #endif #define ARPT_DEV_ADDR_LEN_MAX 16 Loading Loading @@ -65,9 +67,6 @@ struct arpt_arp { u_int16_t invflags; }; #define arpt_entry_target xt_entry_target #define arpt_standard_target xt_standard_target /* Values for "flag" field in struct arpt_ip (general arp structure). * No flags defined yet. */ Loading Loading @@ -208,7 +207,7 @@ struct arpt_get_entries { #define ARPT_ERROR_TARGET XT_ERROR_TARGET /* Helper functions */ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e) static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e) { return (void *)e + e->target_offset; } Loading @@ -227,11 +226,11 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e /* Standard entry. */ struct arpt_standard { struct arpt_entry entry; struct arpt_standard_target target; struct xt_standard_target target; }; struct arpt_error_target { struct arpt_entry_target target; struct xt_entry_target target; char errorname[XT_FUNCTION_MAXNAMELEN]; }; Loading @@ -250,7 +249,7 @@ struct arpt_error { { \ .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \ .target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \ sizeof(struct arpt_standard_target)), \ sizeof(struct xt_standard_target)), \ .target.verdict = -(__verdict) - 1, \ } Loading Loading @@ -287,7 +286,7 @@ struct compat_arpt_entry { unsigned char elems[0]; }; static inline struct arpt_entry_target * static inline struct xt_entry_target * compat_arpt_get_target(struct compat_arpt_entry *e) { return (void *)e + e->target_offset; Loading
include/linux/netfilter_ipv4/ip_tables.h +8 −10 Original line number Diff line number Diff line Loading @@ -34,6 +34,10 @@ #define ipt_target xt_target #define ipt_table xt_table #define ipt_get_revision xt_get_revision #define ipt_entry_match xt_entry_match #define ipt_entry_target xt_entry_target #define ipt_standard_target xt_standard_target #define ipt_counters xt_counters #endif /* Yes, Virginia, you have to zero the padding. */ Loading @@ -54,12 +58,6 @@ struct ipt_ip { u_int8_t invflags; }; #define ipt_entry_match xt_entry_match #define ipt_entry_target xt_entry_target #define ipt_standard_target xt_standard_target #define ipt_counters xt_counters /* Values for "flag" field in struct ipt_ip (general ip structure). */ #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ #define IPT_F_GOTO 0x02 /* Set if jump is a goto */ Loading Loading @@ -219,7 +217,7 @@ struct ipt_get_entries { #define IPT_ERROR_TARGET XT_ERROR_TARGET /* Helper functions */ static __inline__ struct ipt_entry_target * static __inline__ struct xt_entry_target * ipt_get_target(struct ipt_entry *e) { return (void *)e + e->target_offset; Loading Loading @@ -251,11 +249,11 @@ extern void ipt_unregister_table(struct net *net, struct xt_table *table); /* Standard entry. */ struct ipt_standard { struct ipt_entry entry; struct ipt_standard_target target; struct xt_standard_target target; }; struct ipt_error_target { struct ipt_entry_target target; struct xt_entry_target target; char errorname[XT_FUNCTION_MAXNAMELEN]; }; Loading Loading @@ -309,7 +307,7 @@ struct compat_ipt_entry { }; /* Helper functions */ static inline struct ipt_entry_target * static inline struct xt_entry_target * compat_ipt_get_target(struct compat_ipt_entry *e) { return (void *)e + e->target_offset; Loading
include/linux/netfilter_ipv6/ip6_tables.h +9 −11 Original line number Diff line number Diff line Loading @@ -34,6 +34,10 @@ #define ip6t_target xt_target #define ip6t_table xt_table #define ip6t_get_revision xt_get_revision #define ip6t_entry_match xt_entry_match #define ip6t_entry_target xt_entry_target #define ip6t_standard_target xt_standard_target #define ip6t_counters xt_counters #endif /* Yes, Virginia, you have to zero the padding. */ Loading Loading @@ -63,12 +67,6 @@ struct ip6t_ip6 { u_int8_t invflags; }; #define ip6t_entry_match xt_entry_match #define ip6t_entry_target xt_entry_target #define ip6t_standard_target xt_standard_target #define ip6t_counters xt_counters /* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */ #define IP6T_F_PROTO 0x01 /* Set if rule cares about upper protocols */ Loading Loading @@ -113,11 +111,11 @@ struct ip6t_entry { /* Standard entry */ struct ip6t_standard { struct ip6t_entry entry; struct ip6t_standard_target target; struct xt_standard_target target; }; struct ip6t_error_target { struct ip6t_entry_target target; struct xt_entry_target target; char errorname[XT_FUNCTION_MAXNAMELEN]; }; Loading @@ -136,7 +134,7 @@ struct ip6t_error { { \ .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \ .target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \ sizeof(struct ip6t_standard_target)), \ sizeof(struct xt_standard_target)), \ .target.verdict = -(__verdict) - 1, \ } Loading Loading @@ -275,7 +273,7 @@ struct ip6t_get_entries { #define IP6T_ERROR_TARGET XT_ERROR_TARGET /* Helper functions */ static __inline__ struct ip6t_entry_target * static __inline__ struct xt_entry_target * ip6t_get_target(struct ip6t_entry *e) { return (void *)e + e->target_offset; Loading Loading @@ -332,7 +330,7 @@ struct compat_ip6t_entry { unsigned char elems[0]; }; static inline struct ip6t_entry_target * static inline struct xt_entry_target * compat_ip6t_get_target(struct compat_ip6t_entry *e) { return (void *)e + e->target_offset; Loading
net/ipv4/netfilter/arp_tables.c +19 −19 Original line number Diff line number Diff line Loading @@ -228,7 +228,7 @@ arpt_error(struct sk_buff *skb, const struct xt_action_param *par) return NF_DROP; } static inline const struct arpt_entry_target * static inline const struct xt_entry_target * arpt_get_target_c(const struct arpt_entry *e) { return arpt_get_target((struct arpt_entry *)e); Loading Loading @@ -282,7 +282,7 @@ unsigned int arpt_do_table(struct sk_buff *skb, arp = arp_hdr(skb); do { const struct arpt_entry_target *t; const struct xt_entry_target *t; if (!arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) { e = arpt_next_entry(e); Loading @@ -297,7 +297,7 @@ unsigned int arpt_do_table(struct sk_buff *skb, if (!t->u.kernel.target->target) { int v; v = ((struct arpt_standard_target *)t)->verdict; v = ((struct xt_standard_target *)t)->verdict; if (v < 0) { /* Pop from stack? */ if (v != ARPT_RETURN) { Loading Loading @@ -377,7 +377,7 @@ static int mark_source_chains(const struct xt_table_info *newinfo, e->counters.pcnt = pos; for (;;) { const struct arpt_standard_target *t const struct xt_standard_target *t = (void *)arpt_get_target_c(e); int visited = e->comefrom & (1 << hook); Loading Loading @@ -464,14 +464,14 @@ static int mark_source_chains(const struct xt_table_info *newinfo, static inline int check_entry(const struct arpt_entry *e, const char *name) { const struct arpt_entry_target *t; const struct xt_entry_target *t; if (!arp_checkentry(&e->arp)) { duprintf("arp_tables: arp check failed %p %s.\n", e, name); return -EINVAL; } if (e->target_offset + sizeof(struct arpt_entry_target) > e->next_offset) if (e->target_offset + sizeof(struct xt_entry_target) > e->next_offset) return -EINVAL; t = arpt_get_target_c(e); Loading @@ -483,7 +483,7 @@ static inline int check_entry(const struct arpt_entry *e, const char *name) static inline int check_target(struct arpt_entry *e, const char *name) { struct arpt_entry_target *t = arpt_get_target(e); struct xt_entry_target *t = arpt_get_target(e); int ret; struct xt_tgchk_param par = { .table = name, Loading @@ -506,7 +506,7 @@ static inline int check_target(struct arpt_entry *e, const char *name) static inline int find_check_entry(struct arpt_entry *e, const char *name, unsigned int size) { struct arpt_entry_target *t; struct xt_entry_target *t; struct xt_target *target; int ret; Loading Loading @@ -536,7 +536,7 @@ find_check_entry(struct arpt_entry *e, const char *name, unsigned int size) static bool check_underflow(const struct arpt_entry *e) { const struct arpt_entry_target *t; const struct xt_entry_target *t; unsigned int verdict; if (!unconditional(&e->arp)) Loading @@ -544,7 +544,7 @@ static bool check_underflow(const struct arpt_entry *e) t = arpt_get_target_c(e); if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0) return false; verdict = ((struct arpt_standard_target *)t)->verdict; verdict = ((struct xt_standard_target *)t)->verdict; verdict = -verdict - 1; return verdict == NF_DROP || verdict == NF_ACCEPT; } Loading @@ -566,7 +566,7 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e, } if (e->next_offset < sizeof(struct arpt_entry) + sizeof(struct arpt_entry_target)) { < sizeof(struct arpt_entry) + sizeof(struct xt_entry_target)) { duprintf("checking: element %p size %u\n", e, e->next_offset); return -EINVAL; Loading Loading @@ -598,7 +598,7 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e, static inline void cleanup_entry(struct arpt_entry *e) { struct xt_tgdtor_param par; struct arpt_entry_target *t; struct xt_entry_target *t; t = arpt_get_target(e); par.target = t->u.kernel.target; Loading Loading @@ -794,7 +794,7 @@ static int copy_entries_to_user(unsigned int total_size, /* FIXME: use iterator macros --RR */ /* ... then go back and fix counters and names */ for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){ const struct arpt_entry_target *t; const struct xt_entry_target *t; e = (struct arpt_entry *)(loc_cpu_entry + off); if (copy_to_user(userptr + off Loading @@ -807,7 +807,7 @@ static int copy_entries_to_user(unsigned int total_size, t = arpt_get_target_c(e); if (copy_to_user(userptr + off + e->target_offset + offsetof(struct arpt_entry_target, + offsetof(struct xt_entry_target, u.user.name), t->u.kernel.target->name, strlen(t->u.kernel.target->name)+1) != 0) { Loading Loading @@ -844,7 +844,7 @@ static int compat_calc_entry(const struct arpt_entry *e, const struct xt_table_info *info, const void *base, struct xt_table_info *newinfo) { const struct arpt_entry_target *t; const struct xt_entry_target *t; unsigned int entry_offset; int off, i, ret; Loading Loading @@ -1204,7 +1204,7 @@ static int do_add_counters(struct net *net, const void __user *user, #ifdef CONFIG_COMPAT static inline void compat_release_entry(struct compat_arpt_entry *e) { struct arpt_entry_target *t; struct xt_entry_target *t; t = compat_arpt_get_target(e); module_put(t->u.kernel.target->me); Loading @@ -1220,7 +1220,7 @@ check_compat_entry_size_and_hooks(struct compat_arpt_entry *e, const unsigned int *underflows, const char *name) { struct arpt_entry_target *t; struct xt_entry_target *t; struct xt_target *target; unsigned int entry_offset; int ret, off, h; Loading Loading @@ -1288,7 +1288,7 @@ compat_copy_entry_from_user(struct compat_arpt_entry *e, void **dstptr, unsigned int *size, const char *name, struct xt_table_info *newinfo, unsigned char *base) { struct arpt_entry_target *t; struct xt_entry_target *t; struct xt_target *target; struct arpt_entry *de; unsigned int origsize; Loading Loading @@ -1567,7 +1567,7 @@ static int compat_copy_entry_to_user(struct arpt_entry *e, void __user **dstptr, struct xt_counters *counters, unsigned int i) { struct arpt_entry_target *t; struct xt_entry_target *t; struct compat_arpt_entry __user *ce; u_int16_t target_offset, next_offset; compat_uint_t origsize; Loading
net/ipv4/netfilter/ip_tables.c +27 −27 Original line number Diff line number Diff line Loading @@ -186,7 +186,7 @@ static inline bool unconditional(const struct ipt_ip *ip) } /* for const-correctness */ static inline const struct ipt_entry_target * static inline const struct xt_entry_target * ipt_get_target_c(const struct ipt_entry *e) { return ipt_get_target((struct ipt_entry *)e); Loading Loading @@ -230,7 +230,7 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e, const char *hookname, const char **chainname, const char **comment, unsigned int *rulenum) { const struct ipt_standard_target *t = (void *)ipt_get_target_c(s); const struct xt_standard_target *t = (void *)ipt_get_target_c(s); if (strcmp(t->target.u.kernel.target->name, IPT_ERROR_TARGET) == 0) { /* Head of user chain: ERROR target with chainname */ Loading Loading @@ -346,7 +346,7 @@ ipt_do_table(struct sk_buff *skb, get_entry(table_base, private->underflow[hook])); do { const struct ipt_entry_target *t; const struct xt_entry_target *t; const struct xt_entry_match *ematch; IP_NF_ASSERT(e); Loading Loading @@ -380,7 +380,7 @@ ipt_do_table(struct sk_buff *skb, if (!t->u.kernel.target->target) { int v; v = ((struct ipt_standard_target *)t)->verdict; v = ((struct xt_standard_target *)t)->verdict; if (v < 0) { /* Pop from stack? */ if (v != IPT_RETURN) { Loading Loading @@ -461,7 +461,7 @@ mark_source_chains(const struct xt_table_info *newinfo, e->counters.pcnt = pos; for (;;) { const struct ipt_standard_target *t const struct xt_standard_target *t = (void *)ipt_get_target_c(e); int visited = e->comefrom & (1 << hook); Loading Loading @@ -552,7 +552,7 @@ mark_source_chains(const struct xt_table_info *newinfo, return 1; } static void cleanup_match(struct ipt_entry_match *m, struct net *net) static void cleanup_match(struct xt_entry_match *m, struct net *net) { struct xt_mtdtor_param par; Loading @@ -568,14 +568,14 @@ static void cleanup_match(struct ipt_entry_match *m, struct net *net) static int check_entry(const struct ipt_entry *e, const char *name) { const struct ipt_entry_target *t; const struct xt_entry_target *t; if (!ip_checkentry(&e->ip)) { duprintf("ip check failed %p %s.\n", e, par->match->name); return -EINVAL; } if (e->target_offset + sizeof(struct ipt_entry_target) > if (e->target_offset + sizeof(struct xt_entry_target) > e->next_offset) return -EINVAL; Loading @@ -587,7 +587,7 @@ check_entry(const struct ipt_entry *e, const char *name) } static int check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par) check_match(struct xt_entry_match *m, struct xt_mtchk_param *par) { const struct ipt_ip *ip = par->entryinfo; int ret; Loading @@ -605,7 +605,7 @@ check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par) } static int find_check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par) find_check_match(struct xt_entry_match *m, struct xt_mtchk_param *par) { struct xt_match *match; int ret; Loading @@ -630,7 +630,7 @@ find_check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par) static int check_target(struct ipt_entry *e, struct net *net, const char *name) { struct ipt_entry_target *t = ipt_get_target(e); struct xt_entry_target *t = ipt_get_target(e); struct xt_tgchk_param par = { .net = net, .table = name, Loading @@ -656,7 +656,7 @@ static int find_check_entry(struct ipt_entry *e, struct net *net, const char *name, unsigned int size) { struct ipt_entry_target *t; struct xt_entry_target *t; struct xt_target *target; int ret; unsigned int j; Loading Loading @@ -707,7 +707,7 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name, static bool check_underflow(const struct ipt_entry *e) { const struct ipt_entry_target *t; const struct xt_entry_target *t; unsigned int verdict; if (!unconditional(&e->ip)) Loading @@ -715,7 +715,7 @@ static bool check_underflow(const struct ipt_entry *e) t = ipt_get_target_c(e); if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0) return false; verdict = ((struct ipt_standard_target *)t)->verdict; verdict = ((struct xt_standard_target *)t)->verdict; verdict = -verdict - 1; return verdict == NF_DROP || verdict == NF_ACCEPT; } Loading @@ -738,7 +738,7 @@ check_entry_size_and_hooks(struct ipt_entry *e, } if (e->next_offset < sizeof(struct ipt_entry) + sizeof(struct ipt_entry_target)) { < sizeof(struct ipt_entry) + sizeof(struct xt_entry_target)) { duprintf("checking: element %p size %u\n", e, e->next_offset); return -EINVAL; Loading Loading @@ -771,7 +771,7 @@ static void cleanup_entry(struct ipt_entry *e, struct net *net) { struct xt_tgdtor_param par; struct ipt_entry_target *t; struct xt_entry_target *t; struct xt_entry_match *ematch; /* Cleanup all matches */ Loading Loading @@ -972,8 +972,8 @@ copy_entries_to_user(unsigned int total_size, /* ... then go back and fix counters and names */ for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){ unsigned int i; const struct ipt_entry_match *m; const struct ipt_entry_target *t; const struct xt_entry_match *m; const struct xt_entry_target *t; e = (struct ipt_entry *)(loc_cpu_entry + off); if (copy_to_user(userptr + off Loading @@ -990,7 +990,7 @@ copy_entries_to_user(unsigned int total_size, m = (void *)e + i; if (copy_to_user(userptr + off + i + offsetof(struct ipt_entry_match, + offsetof(struct xt_entry_match, u.user.name), m->u.kernel.match->name, strlen(m->u.kernel.match->name)+1) Loading @@ -1002,7 +1002,7 @@ copy_entries_to_user(unsigned int total_size, t = ipt_get_target_c(e); if (copy_to_user(userptr + off + e->target_offset + offsetof(struct ipt_entry_target, + offsetof(struct xt_entry_target, u.user.name), t->u.kernel.target->name, strlen(t->u.kernel.target->name)+1) != 0) { Loading Loading @@ -1040,7 +1040,7 @@ static int compat_calc_entry(const struct ipt_entry *e, const void *base, struct xt_table_info *newinfo) { const struct xt_entry_match *ematch; const struct ipt_entry_target *t; const struct xt_entry_target *t; unsigned int entry_offset; int off, i, ret; Loading Loading @@ -1407,7 +1407,7 @@ struct compat_ipt_replace { u32 hook_entry[NF_INET_NUMHOOKS]; u32 underflow[NF_INET_NUMHOOKS]; u32 num_counters; compat_uptr_t counters; /* struct ipt_counters * */ compat_uptr_t counters; /* struct xt_counters * */ struct compat_ipt_entry entries[0]; }; Loading @@ -1416,7 +1416,7 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr, unsigned int *size, struct xt_counters *counters, unsigned int i) { struct ipt_entry_target *t; struct xt_entry_target *t; struct compat_ipt_entry __user *ce; u_int16_t target_offset, next_offset; compat_uint_t origsize; Loading Loading @@ -1451,7 +1451,7 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr, } static int compat_find_calc_match(struct ipt_entry_match *m, compat_find_calc_match(struct xt_entry_match *m, const char *name, const struct ipt_ip *ip, unsigned int hookmask, Loading @@ -1473,7 +1473,7 @@ compat_find_calc_match(struct ipt_entry_match *m, static void compat_release_entry(struct compat_ipt_entry *e) { struct ipt_entry_target *t; struct xt_entry_target *t; struct xt_entry_match *ematch; /* Cleanup all matches */ Loading @@ -1494,7 +1494,7 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e, const char *name) { struct xt_entry_match *ematch; struct ipt_entry_target *t; struct xt_entry_target *t; struct xt_target *target; unsigned int entry_offset; unsigned int j; Loading Loading @@ -1576,7 +1576,7 @@ compat_copy_entry_from_user(struct compat_ipt_entry *e, void **dstptr, unsigned int *size, const char *name, struct xt_table_info *newinfo, unsigned char *base) { struct ipt_entry_target *t; struct xt_entry_target *t; struct xt_target *target; struct ipt_entry *de; unsigned int origsize; Loading
Jan Engelhardt <jengelh@medozas.de>Jan Engelhardt <jengelh@medozas.de>