Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit af5d6dc2 authored by Jan Engelhardt's avatar Jan Engelhardt Committed by Patrick McHardy
Browse files

netfilter: xtables: move extension arguments into compound structure (5/6) 



This patch does this for target extensions' checkentry functions.

Signed-off-by: default avatarJan Engelhardt <jengelh@medozas.de>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 7eb35586

include/linux/netfilter/x_tables.h

+20 −9
Original line number Diff line number Diff line
@@ -234,6 +234,23 @@ struct xt_target_param { 
	const void *targinfo;

};



/**

 * struct xt_tgchk_param - parameters for target extensions'

 * checkentry functions

 *

 * @entryinfo:	the family-specific rule data

 * 		(struct ipt_entry, ip6t_entry, arpt_entry, ebt_entry)

 *

 * Other fields see above.

 */

struct xt_tgchk_param {

	const char *table;

	void *entryinfo;

	const struct xt_target *target;

	void *targinfo;

	unsigned int hook_mask;

};



struct xt_match

{

	struct list_head list;
@@ -291,11 +308,7 @@ struct xt_target 
           hook_mask is a bitmask of hooks from which it can be

           called. */

	/* Should return true or false. */

	bool (*checkentry)(const char *tablename,

			   const void *entry,

			   const struct xt_target *target,

			   void *targinfo,

			   unsigned int hook_mask);

	bool (*checkentry)(const struct xt_tgchk_param *);



	/* Called when entry of this type deleted. */

	void (*destroy)(const struct xt_target *target, void *targinfo);
@@ -376,10 +389,8 @@ extern void xt_unregister_matches(struct xt_match *match, unsigned int n); 


extern int xt_check_match(struct xt_mtchk_param *, u_int8_t family,

			  unsigned int size, u_int8_t proto, bool inv_proto);

extern int xt_check_target(const struct xt_target *target, unsigned short family,

			   unsigned int size, const char *table, unsigned int hook,

			   unsigned short proto, int inv_proto,

			   const void *entry, void *targinfo);

extern int xt_check_target(struct xt_tgchk_param *, u_int8_t family,

			   unsigned int size, u_int8_t proto, bool inv_proto);



extern struct xt_table *xt_register_table(struct net *net,

					  struct xt_table *table,

include/linux/netfilter_bridge/ebtables.h

+2 −2
Original line number Diff line number Diff line
@@ -310,9 +310,9 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb, 
#define FWINV(bool,invflg) ((bool) ^ !!(info->invflags & invflg))

/* True if the hook mask denotes that the rule is in a base chain,

 * used in the check() functions */

#define BASE_CHAIN (hookmask & (1 << NF_BR_NUMHOOKS))

#define BASE_CHAIN (par->hook_mask & (1 << NF_BR_NUMHOOKS))

/* Clear the bit in the hook mask that tells if the rule is on a base chain */

#define CLEAR_BASE_CHAIN_BIT (hookmask &= ~(1 << NF_BR_NUMHOOKS))

#define CLEAR_BASE_CHAIN_BIT (par->hook_mask &= ~(1 << NF_BR_NUMHOOKS))

/* True if the target is not a standard target */

#define INVALID_TARGET (info->target < -NUM_STANDARD_TARGETS || info->target >= 0)

net/bridge/netfilter/ebt_arpreply.c

+3 −7
Original line number Diff line number Diff line
@@ -57,20 +57,16 @@ ebt_arpreply_tg(struct sk_buff *skb, const struct xt_target_param *par) 
	return info->target;

}



static bool

ebt_arpreply_tg_check(const char *tablename, const void *entry,

		      const struct xt_target *target, void *data,

		      unsigned int hookmask)

static bool ebt_arpreply_tg_check(const struct xt_tgchk_param *par)

{

	const struct ebt_arpreply_info *info = data;

	const struct ebt_entry *e = entry;

	const struct ebt_arpreply_info *info = par->targinfo;

	const struct ebt_entry *e = par->entryinfo;



	if (BASE_CHAIN && info->target == EBT_RETURN)

		return false;

	if (e->ethproto != htons(ETH_P_ARP) ||

	    e->invflags & EBT_IPROTO)

		return false;

	CLEAR_BASE_CHAIN_BIT;

	return true;

}

net/bridge/netfilter/ebt_dnat.c

+10 −9
Original line number Diff line number Diff line
@@ -26,19 +26,20 @@ ebt_dnat_tg(struct sk_buff *skb, const struct xt_target_param *par) 
	return info->target;

}



static bool

ebt_dnat_tg_check(const char *tablename, const void *entry,

		  const struct xt_target *target, void *data,

		  unsigned int hookmask)

static bool ebt_dnat_tg_check(const struct xt_tgchk_param *par)

{

	const struct ebt_nat_info *info = data;

	const struct ebt_nat_info *info = par->targinfo;

	unsigned int hook_mask;



	if (BASE_CHAIN && info->target == EBT_RETURN)

		return false;

	CLEAR_BASE_CHAIN_BIT;

	if ( (strcmp(tablename, "nat") ||

	   (hookmask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT)))) &&

	   (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) )



	hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS);

	if ((strcmp(par->table, "nat") != 0 ||

	    (hook_mask & ~((1 << NF_BR_PRE_ROUTING) |

	    (1 << NF_BR_LOCAL_OUT)))) &&

	    (strcmp(par->table, "broute") != 0 ||

	    hook_mask & ~(1 << NF_BR_BROUTING)))

		return false;

	if (INVALID_TARGET)

		return false;

net/bridge/netfilter/ebt_log.c

+2 −5
Original line number Diff line number Diff line
@@ -24,12 +24,9 @@ 


static DEFINE_SPINLOCK(ebt_log_lock);



static bool

ebt_log_tg_check(const char *table, const void *entry,

		 const struct xt_target *target, void *data,

		 unsigned int hook_mask)

static bool ebt_log_tg_check(const struct xt_tgchk_param *par)

{

	struct ebt_log_info *info = data;

	struct ebt_log_info *info = par->targinfo;



	if (info->bitmask & ~EBT_LOG_MASK)

		return false;