Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 55b69e91 authored by Jan Engelhardt's avatar Jan Engelhardt Committed by Patrick McHardy
Browse files

netfilter: implement NFPROTO_UNSPEC as a wildcard for extensions 



When a match or target is looked up using xt_find_{match,target},
Xtables will also search the NFPROTO_UNSPEC module list. This allows
for protocol-independent extensions (like xt_time) to be reused from
other components (e.g. arptables, ebtables).

Extensions that take different codepaths depending on match->family
or target->family of course cannot use NFPROTO_UNSPEC within the
registration structure (e.g. xt_pkttype).

Signed-off-by: default avatarJan Engelhardt <jengelh@medozas.de>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent ee999d8b

net/netfilter/x_tables.c

+10 −0
Original line number Diff line number Diff line
@@ -209,6 +209,11 @@ struct xt_match *xt_find_match(u8 af, const char *name, u8 revision) 
		}

	}

	mutex_unlock(&xt[af].mutex);



	if (af != NFPROTO_UNSPEC)

		/* Try searching again in the family-independent list */

		return xt_find_match(NFPROTO_UNSPEC, name, revision);



	return ERR_PTR(err);

}

EXPORT_SYMBOL(xt_find_match);
@@ -234,6 +239,11 @@ struct xt_target *xt_find_target(u8 af, const char *name, u8 revision) 
		}

	}

	mutex_unlock(&xt[af].mutex);



	if (af != NFPROTO_UNSPEC)

		/* Try searching again in the family-independent list */

		return xt_find_target(NFPROTO_UNSPEC, name, revision);



	return ERR_PTR(err);

}

EXPORT_SYMBOL(xt_find_target);

net/netfilter/xt_CLASSIFY.c

+12 −26
Original line number Diff line number Diff line
@@ -37,40 +37,26 @@ classify_tg(struct sk_buff *skb, const struct net_device *in, 
	return XT_CONTINUE;

}



static struct xt_target classify_tg_reg[] __read_mostly = {

	{

		.family		= NFPROTO_IPV4,

static struct xt_target classify_tg_reg __read_mostly = {

	.name       = "CLASSIFY",

		.target 	= classify_tg,

		.targetsize	= sizeof(struct xt_classify_target_info),

	.revision   = 0,

	.family     = NFPROTO_UNSPEC,

	.table      = "mangle",

		.hooks		= (1 << NF_INET_LOCAL_OUT) |

				  (1 << NF_INET_FORWARD) |

	.hooks      = (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_FORWARD) |

		      (1 << NF_INET_POST_ROUTING),

		.me 		= THIS_MODULE,

	},

	{

		.name 		= "CLASSIFY",

		.family		= NFPROTO_IPV6,

	.target     = classify_tg,

	.targetsize = sizeof(struct xt_classify_target_info),

		.table		= "mangle",

		.hooks		= (1 << NF_INET_LOCAL_OUT) |

				  (1 << NF_INET_FORWARD) |

				  (1 << NF_INET_POST_ROUTING),

	.me         = THIS_MODULE,

	},

};



static int __init classify_tg_init(void)

{

	return xt_register_targets(classify_tg_reg,

	       ARRAY_SIZE(classify_tg_reg));

	return xt_register_target(&classify_tg_reg);

}



static void __exit classify_tg_exit(void)

{

	xt_unregister_targets(classify_tg_reg, ARRAY_SIZE(classify_tg_reg));

	xt_unregister_target(&classify_tg_reg);

}



module_init(classify_tg_init);

net/netfilter/xt_MARK.c

+1 −9
Original line number Diff line number Diff line
@@ -222,15 +222,7 @@ static struct xt_target mark_tg_reg[] __read_mostly = { 
	{

		.name           = "MARK",

		.revision       = 2,

		.family         = NFPROTO_IPV4,

		.target         = mark_tg,

		.targetsize     = sizeof(struct xt_mark_tginfo2),

		.me             = THIS_MODULE,

	},

	{

		.name           = "MARK",

		.revision       = 2,

		.family         = NFPROTO_IPV6,

		.family         = NFPROTO_UNSPEC,

		.target         = mark_tg,

		.targetsize     = sizeof(struct xt_mark_tginfo2),

		.me             = THIS_MODULE,

net/netfilter/xt_RATEEST.c

+11 −22
Original line number Diff line number Diff line
@@ -157,25 +157,15 @@ static void xt_rateest_tg_destroy(const struct xt_target *target, 
	xt_rateest_put(info->est);

}



static struct xt_target xt_rateest_target[] __read_mostly = {

	{

		.family		= NFPROTO_IPV4,

		.name		= "RATEEST",

		.target		= xt_rateest_tg,

		.checkentry	= xt_rateest_tg_checkentry,

		.destroy	= xt_rateest_tg_destroy,

		.targetsize	= sizeof(struct xt_rateest_target_info),

		.me		= THIS_MODULE,

	},

	{

		.family		= NFPROTO_IPV6,

static struct xt_target xt_rateest_tg_reg __read_mostly = {

	.name       = "RATEEST",

	.revision   = 0,

	.family     = NFPROTO_UNSPEC,

	.target     = xt_rateest_tg,

	.checkentry = xt_rateest_tg_checkentry,

	.destroy    = xt_rateest_tg_destroy,

	.targetsize = sizeof(struct xt_rateest_target_info),

	.me         = THIS_MODULE,

	},

};



static int __init xt_rateest_tg_init(void)
@@ -186,13 +176,12 @@ static int __init xt_rateest_tg_init(void) 
		INIT_HLIST_HEAD(&rateest_hash[i]);



	get_random_bytes(&jhash_rnd, sizeof(jhash_rnd));

	return xt_register_targets(xt_rateest_target,

				   ARRAY_SIZE(xt_rateest_target));

	return xt_register_target(&xt_rateest_tg_reg);

}



static void __exit xt_rateest_tg_fini(void)

{

	xt_unregister_targets(xt_rateest_target, ARRAY_SIZE(xt_rateest_target));

	xt_unregister_target(&xt_rateest_tg_reg);

}

net/netfilter/xt_SECMARK.c

+11 −21
Original line number Diff line number Diff line
@@ -125,35 +125,25 @@ static void secmark_tg_destroy(const struct xt_target *target, void *targinfo) 
	}

}



static struct xt_target secmark_tg_reg[] __read_mostly = {

	{

		.name		= "SECMARK",

		.family		= NFPROTO_IPV4,

		.checkentry	= secmark_tg_check,

		.destroy	= secmark_tg_destroy,

		.target		= secmark_tg,

		.targetsize	= sizeof(struct xt_secmark_target_info),

		.me		= THIS_MODULE,

	},

	{

static struct xt_target secmark_tg_reg __read_mostly = {

	.name       = "SECMARK",

		.family		= NFPROTO_IPV6,

	.revision   = 0,

	.family     = NFPROTO_UNSPEC,

	.checkentry = secmark_tg_check,

	.destroy    = secmark_tg_destroy,

	.target     = secmark_tg,

	.targetsize = sizeof(struct xt_secmark_target_info),

	.me         = THIS_MODULE,

	},

};



static int __init secmark_tg_init(void)

{

	return xt_register_targets(secmark_tg_reg, ARRAY_SIZE(secmark_tg_reg));

	return xt_register_target(&secmark_tg_reg);

}



static void __exit secmark_tg_exit(void)

{

	xt_unregister_targets(secmark_tg_reg, ARRAY_SIZE(secmark_tg_reg));

	xt_unregister_target(&secmark_tg_reg);

}



module_init(secmark_tg_init);