Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ec231890 authored by Willem de Bruijn's avatar Willem de Bruijn Committed by Pablo Neira Ayuso
Browse files

xtables: extend matches and targets with .usersize 



In matches and targets that define a kernel-only tail to their
xt_match and xt_target data structs, add a field .usersize that
specifies up to where data is to be shared with userspace.

Performed a search for comment "Used internally by the kernel" to find
relevant matches and targets. Manually inspected the structs to derive
a valid offsetof.

Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 4915f7bb

net/bridge/netfilter/ebt_limit.c

+1 −0
Original line number Diff line number Diff line
@@ -105,6 +105,7 @@ static struct xt_match ebt_limit_mt_reg __read_mostly = { 
	.match		= ebt_limit_mt,

	.checkentry	= ebt_limit_mt_check,

	.matchsize	= sizeof(struct ebt_limit_info),

	.usersize	= offsetof(struct ebt_limit_info, prev),

#ifdef CONFIG_COMPAT

	.compatsize	= sizeof(struct ebt_compat_limit_info),

#endif

net/ipv4/netfilter/ipt_CLUSTERIP.c

+1 −0
Original line number Diff line number Diff line
@@ -468,6 +468,7 @@ static struct xt_target clusterip_tg_reg __read_mostly = { 
	.checkentry	= clusterip_tg_check,

	.destroy	= clusterip_tg_destroy,

	.targetsize	= sizeof(struct ipt_clusterip_tgt_info),

	.usersize	= offsetof(struct ipt_clusterip_tgt_info, config),

#ifdef CONFIG_COMPAT

	.compatsize	= sizeof(struct compat_ipt_clusterip_tgt_info),

#endif /* CONFIG_COMPAT */

net/ipv6/netfilter/ip6t_NPT.c

+2 −0
Original line number Diff line number Diff line
@@ -112,6 +112,7 @@ static struct xt_target ip6t_npt_target_reg[] __read_mostly = { 
		.table		= "mangle",

		.target		= ip6t_snpt_tg,

		.targetsize	= sizeof(struct ip6t_npt_tginfo),

		.usersize	= offsetof(struct ip6t_npt_tginfo, adjustment),

		.checkentry	= ip6t_npt_checkentry,

		.family		= NFPROTO_IPV6,

		.hooks		= (1 << NF_INET_LOCAL_IN) |
@@ -123,6 +124,7 @@ static struct xt_target ip6t_npt_target_reg[] __read_mostly = { 
		.table		= "mangle",

		.target		= ip6t_dnpt_tg,

		.targetsize	= sizeof(struct ip6t_npt_tginfo),

		.usersize	= offsetof(struct ip6t_npt_tginfo, adjustment),

		.checkentry	= ip6t_npt_checkentry,

		.family		= NFPROTO_IPV6,

		.hooks		= (1 << NF_INET_PRE_ROUTING) |

net/netfilter/xt_CT.c

+3 −0
Original line number Diff line number Diff line
@@ -373,6 +373,7 @@ static struct xt_target xt_ct_tg_reg[] __read_mostly = { 
		.name		= "CT",

		.family		= NFPROTO_UNSPEC,

		.targetsize	= sizeof(struct xt_ct_target_info),

		.usersize	= offsetof(struct xt_ct_target_info, ct),

		.checkentry	= xt_ct_tg_check_v0,

		.destroy	= xt_ct_tg_destroy_v0,

		.target		= xt_ct_target_v0,
@@ -384,6 +385,7 @@ static struct xt_target xt_ct_tg_reg[] __read_mostly = { 
		.family		= NFPROTO_UNSPEC,

		.revision	= 1,

		.targetsize	= sizeof(struct xt_ct_target_info_v1),

		.usersize	= offsetof(struct xt_ct_target_info, ct),

		.checkentry	= xt_ct_tg_check_v1,

		.destroy	= xt_ct_tg_destroy_v1,

		.target		= xt_ct_target_v1,
@@ -395,6 +397,7 @@ static struct xt_target xt_ct_tg_reg[] __read_mostly = { 
		.family		= NFPROTO_UNSPEC,

		.revision	= 2,

		.targetsize	= sizeof(struct xt_ct_target_info_v1),

		.usersize	= offsetof(struct xt_ct_target_info, ct),

		.checkentry	= xt_ct_tg_check_v2,

		.destroy	= xt_ct_tg_destroy_v1,

		.target		= xt_ct_target_v1,

net/netfilter/xt_RATEEST.c

+1 −0
Original line number Diff line number Diff line
@@ -162,6 +162,7 @@ static struct xt_target xt_rateest_tg_reg __read_mostly = { 
	.checkentry = xt_rateest_tg_checkentry,

	.destroy    = xt_rateest_tg_destroy,

	.targetsize = sizeof(struct xt_rateest_target_info),

	.usersize   = offsetof(struct xt_rateest_target_info, est),

	.me         = THIS_MODULE,

};