Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6709dbbb authored by Jan Engelhardt's avatar Jan Engelhardt Committed by David S. Miller
Browse files

[NETFILTER]: {ip,ip6}_tables: remove x_tables wrapper functions 



Use the x_tables functions directly to make it better visible which
parts are shared between ip_tables and ip6_tables.

Signed-off-by: default avatarJan Engelhardt <jengelh@gmx.de>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent e1fd0586

include/linux/netfilter_ipv4/ip_tables.h

+1 −11
Original line number Diff line number Diff line
@@ -272,16 +272,6 @@ ipt_get_target(struct ipt_entry *e) 
#include <linux/init.h>

extern void ipt_init(void) __init;



#define ipt_register_target(tgt) 	\

({	(tgt)->family = AF_INET;	\

 	xt_register_target(tgt); })

#define ipt_unregister_target(tgt) xt_unregister_target(tgt)



#define ipt_register_match(mtch) 	\

({	(mtch)->family = AF_INET;	\

	xt_register_match(mtch); })

#define ipt_unregister_match(mtch) xt_unregister_match(mtch)



//#define ipt_register_table(tbl, repl) xt_register_table(AF_INET, tbl, repl)

//#define ipt_unregister_table(tbl) xt_unregister_table(AF_INET, tbl)
@@ -290,7 +280,7 @@ extern int ipt_register_table(struct ipt_table *table, 
extern void ipt_unregister_table(struct ipt_table *table);



/* net/sched/ipt.c: Gimme access to your targets!  Gets target->me. */

extern struct ipt_target *ipt_find_target(const char *name, u8 revision);

extern struct xt_target *ipt_find_target(const char *name, u8 revision);



/* Standard entry. */

struct ipt_standard

include/linux/netfilter_ipv6/ip6_tables.h

+0 −10
Original line number Diff line number Diff line
@@ -286,16 +286,6 @@ ip6t_get_target(struct ip6t_entry *e) 
#include <linux/init.h>

extern void ip6t_init(void) __init;



#define ip6t_register_target(tgt) 		\

({	(tgt)->family = AF_INET6;		\

 	xt_register_target(tgt); })

#define ip6t_unregister_target(tgt) xt_unregister_target(tgt)



#define ip6t_register_match(match)		\

({	(match)->family = AF_INET6;		\

	xt_register_match(match); })

#define ip6t_unregister_match(match) xt_unregister_match(match)



extern int ip6t_register_table(struct ip6t_table *table,

			       const struct ip6t_replace *repl);

extern void ip6t_unregister_table(struct ip6t_table *table);

net/ipv4/netfilter/ip_nat_rule.c

+14 −12
Original line number Diff line number Diff line
@@ -99,7 +99,7 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb, 
				    const struct net_device *in,

				    const struct net_device *out,

				    unsigned int hooknum,

				    const struct ipt_target *target,

				    const struct xt_target *target,

				    const void *targinfo)

{

	struct ip_conntrack *ct;
@@ -141,7 +141,7 @@ static unsigned int ipt_dnat_target(struct sk_buff **pskb, 
				    const struct net_device *in,

				    const struct net_device *out,

				    unsigned int hooknum,

				    const struct ipt_target *target,

				    const struct xt_target *target,

				    const void *targinfo)

{

	struct ip_conntrack *ct;
@@ -166,7 +166,7 @@ static unsigned int ipt_dnat_target(struct sk_buff **pskb, 


static int ipt_snat_checkentry(const char *tablename,

			       const void *entry,

			       const struct ipt_target *target,

			       const struct xt_target *target,

			       void *targinfo,

			       unsigned int hook_mask)

{
@@ -182,7 +182,7 @@ static int ipt_snat_checkentry(const char *tablename, 


static int ipt_dnat_checkentry(const char *tablename,

			       const void *entry,

			       const struct ipt_target *target,

			       const struct xt_target *target,

			       void *targinfo,

			       unsigned int hook_mask)

{
@@ -261,8 +261,9 @@ int ip_nat_rule_find(struct sk_buff **pskb, 
	return ret;

}



static struct ipt_target ipt_snat_reg = {

static struct xt_target ipt_snat_reg = {

	.name		= "SNAT",

	.family		= AF_INET,

	.target		= ipt_snat_target,

	.targetsize	= sizeof(struct ip_nat_multi_range_compat),

	.table		= "nat",
@@ -270,8 +271,9 @@ static struct ipt_target ipt_snat_reg = { 
	.checkentry	= ipt_snat_checkentry,

};



static struct ipt_target ipt_dnat_reg = {

static struct xt_target ipt_dnat_reg = {

	.name		= "DNAT",

	.family		= AF_INET,

	.target		= ipt_dnat_target,

	.targetsize	= sizeof(struct ip_nat_multi_range_compat),

	.table		= "nat",
@@ -286,27 +288,27 @@ int __init ip_nat_rule_init(void) 
	ret = ipt_register_table(&nat_table, &nat_initial_table.repl);

	if (ret != 0)

		return ret;

	ret = ipt_register_target(&ipt_snat_reg);

	ret = xt_register_target(&ipt_snat_reg);

	if (ret != 0)

		goto unregister_table;



	ret = ipt_register_target(&ipt_dnat_reg);

	ret = xt_register_target(&ipt_dnat_reg);

	if (ret != 0)

		goto unregister_snat;



	return ret;



 unregister_snat:

	ipt_unregister_target(&ipt_snat_reg);

	xt_unregister_target(&ipt_snat_reg);

 unregister_table:

	ipt_unregister_table(&nat_table);

	xt_unregister_table(&nat_table);



	return ret;

}



void ip_nat_rule_cleanup(void)

{

	ipt_unregister_target(&ipt_dnat_reg);

	ipt_unregister_target(&ipt_snat_reg);

	xt_unregister_target(&ipt_dnat_reg);

	xt_unregister_target(&ipt_snat_reg);

	ipt_unregister_table(&nat_table);

}

net/ipv4/netfilter/ip_tables.c

+10 −10
Original line number Diff line number Diff line
@@ -507,7 +507,7 @@ check_entry(struct ipt_entry *e, const char *name) 
static inline int check_match(struct ipt_entry_match *m, const char *name,

				const struct ipt_ip *ip, unsigned int hookmask)

{

	struct ipt_match *match;

	struct xt_match *match;

	int ret;



	match = m->u.kernel.match;
@@ -531,7 +531,7 @@ find_check_match(struct ipt_entry_match *m, 
	    unsigned int hookmask,

	    unsigned int *i)

{

	struct ipt_match *match;

	struct xt_match *match;

	int ret;



	match = try_then_request_module(xt_find_match(AF_INET, m->u.user.name,
@@ -557,7 +557,7 @@ find_check_match(struct ipt_entry_match *m, 
static inline int check_target(struct ipt_entry *e, const char *name)

{

 	struct ipt_entry_target *t;

 	struct ipt_target *target;

	struct xt_target *target;

 	int ret;



	t = ipt_get_target(e);
@@ -580,7 +580,7 @@ find_check_entry(struct ipt_entry *e, const char *name, unsigned int size, 
	    unsigned int *i)

{

	struct ipt_entry_target *t;

	struct ipt_target *target;

	struct xt_target *target;

	int ret;

	unsigned int j;
@@ -1437,7 +1437,7 @@ compat_check_calc_match(struct ipt_entry_match *m, 
	    unsigned int hookmask,

	    int *size, int *i)

{

	struct ipt_match *match;

	struct xt_match *match;



	match = try_then_request_module(xt_find_match(AF_INET, m->u.user.name,

						   m->u.user.revision),
@@ -1466,7 +1466,7 @@ check_compat_entry_size_and_hooks(struct ipt_entry *e, 
			   const char *name)

{

	struct ipt_entry_target *t;

	struct ipt_target *target;

	struct xt_target *target;

	unsigned int entry_offset;

	int ret, off, h, j;
@@ -1550,7 +1550,7 @@ static int compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr, 
	struct xt_table_info *newinfo, unsigned char *base)

{

	struct ipt_entry_target *t;

	struct ipt_target *target;

	struct xt_target *target;

	struct ipt_entry *de;

	unsigned int origsize;

	int ret, h;
@@ -2124,7 +2124,7 @@ icmp_checkentry(const char *tablename, 
}



/* The built-in targets: standard (NULL) and error. */

static struct ipt_target ipt_standard_target = {

static struct xt_target ipt_standard_target = {

	.name		= IPT_STANDARD_TARGET,

	.targetsize	= sizeof(int),

	.family		= AF_INET,
@@ -2135,7 +2135,7 @@ static struct ipt_target ipt_standard_target = { 
#endif

};



static struct ipt_target ipt_error_target = {

static struct xt_target ipt_error_target = {

	.name		= IPT_ERROR_TARGET,

	.target		= ipt_error,

	.targetsize	= IPT_FUNCTION_MAXNAMELEN,
@@ -2158,7 +2158,7 @@ static struct nf_sockopt_ops ipt_sockopts = { 
#endif

};



static struct ipt_match icmp_matchstruct = {

static struct xt_match icmp_matchstruct = {

	.name		= "icmp",

	.match		= icmp_match,

	.matchsize	= sizeof(struct ipt_icmp),

net/ipv4/netfilter/ipt_CLUSTERIP.c

+8 −6
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ 


#include <linux/netfilter_arp.h>



#include <linux/netfilter/x_tables.h>

#include <linux/netfilter_ipv4/ip_tables.h>

#include <linux/netfilter_ipv4/ipt_CLUSTERIP.h>

#include <net/netfilter/nf_conntrack_compat.h>
@@ -330,7 +331,7 @@ target(struct sk_buff **pskb, 
	if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP

	    && (ctinfo == IP_CT_RELATED 

		|| ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY))

		return IPT_CONTINUE;

		return XT_CONTINUE;



	/* ip_conntrack_icmp guarantees us that we only have ICMP_ECHO, 

	 * TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here
@@ -368,7 +369,7 @@ target(struct sk_buff **pskb, 
	 * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */

	(*pskb)->pkt_type = PACKET_HOST;



	return IPT_CONTINUE;

	return XT_CONTINUE;

}



static int
@@ -471,8 +472,9 @@ static void destroy(const struct xt_target *target, void *targinfo) 
	nf_ct_l3proto_module_put(target->family);

}



static struct ipt_target clusterip_tgt = {

static struct xt_target clusterip_tgt = {

	.name		= "CLUSTERIP",

	.family		= AF_INET,

	.target		= target,

	.targetsize	= sizeof(struct ipt_clusterip_tgt_info),

	.checkentry	= checkentry,
@@ -728,7 +730,7 @@ static int __init ipt_clusterip_init(void) 
{

	int ret;



	ret = ipt_register_target(&clusterip_tgt);

	ret = xt_register_target(&clusterip_tgt);

	if (ret < 0)

		return ret;
@@ -754,7 +756,7 @@ static int __init ipt_clusterip_init(void) 
	nf_unregister_hook(&cip_arp_ops);

#endif /* CONFIG_PROC_FS */

cleanup_target:

	ipt_unregister_target(&clusterip_tgt);

	xt_unregister_target(&clusterip_tgt);

	return ret;

}
@@ -766,7 +768,7 @@ static void __exit ipt_clusterip_fini(void) 
	remove_proc_entry(clusterip_procdir->name, clusterip_procdir->parent);

#endif

	nf_unregister_hook(&cip_arp_ops);

	ipt_unregister_target(&clusterip_tgt);

	xt_unregister_target(&clusterip_tgt);

}



module_init(ipt_clusterip_init);