[NETFILTER]: Clean up table initialization (3c2ad469) · Commits · e / devices / android_kernel_xiaomi_markw

include/linux/netfilter/x_tables.h

+8 −0

Original line number	Diff line number	Diff line
		@@ -54,6 +54,14 @@ struct xt_entry_target
		unsigned char data[0];
		};

		#define XT_TARGET_INIT(__name, __size) \
		{ \
		.target.u.user = { \
		.target_size = XT_ALIGN(__size), \
		.name = __name, \
		}, \
		}

		struct xt_standard_target
		{
		struct xt_entry_target target;

include/linux/netfilter_arp/arp_tables.h

+41 −0

Original line number	Diff line number	Diff line
		@@ -238,6 +238,47 @@ static __inline__ struct arpt_entry_target arpt_get_target(struct arpt_entry e
		*/
		#ifdef __KERNEL__

		/* Standard entry. */
		struct arpt_standard
		{
		struct arpt_entry entry;
		struct arpt_standard_target target;
		};

		struct arpt_error_target
		{
		struct arpt_entry_target target;
		char errorname[ARPT_FUNCTION_MAXNAMELEN];
		};

		struct arpt_error
		{
		struct arpt_entry entry;
		struct arpt_error_target target;
		};

		#define ARPT_ENTRY_INIT(__size) \
		{ \
		.target_offset = sizeof(struct arpt_entry), \
		.next_offset = (__size), \
		}

		#define ARPT_STANDARD_INIT(__verdict) \
		{ \
		.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \
		.target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \
		sizeof(struct arpt_standard_target)), \
		.target.verdict = -(__verdict) - 1, \
		}

		#define ARPT_ERROR_INIT \
		{ \
		.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_error)), \
		.target = XT_TARGET_INIT(ARPT_ERROR_TARGET, \
		sizeof(struct arpt_error_target)), \
		.target.errorname = "ERROR", \
		}

		#define arpt_register_target(tgt) \
		({ (tgt)->family = NF_ARP; \
		xt_register_target(tgt); })

include/linux/netfilter_ipv4/ip_tables.h

+22 −0

Original line number	Diff line number	Diff line
		@@ -295,6 +295,28 @@ struct ipt_error
		struct ipt_error_target target;
		};

		#define IPT_ENTRY_INIT(__size) \
		{ \
		.target_offset = sizeof(struct ipt_entry), \
		.next_offset = (__size), \
		}

		#define IPT_STANDARD_INIT(__verdict) \
		{ \
		.entry = IPT_ENTRY_INIT(sizeof(struct ipt_standard)), \
		.target = XT_TARGET_INIT(IPT_STANDARD_TARGET, \
		sizeof(struct xt_standard_target)), \
		.target.verdict = -(__verdict) - 1, \
		}

		#define IPT_ERROR_INIT \
		{ \
		.entry = IPT_ENTRY_INIT(sizeof(struct ipt_error)), \
		.target = XT_TARGET_INIT(IPT_ERROR_TARGET, \
		sizeof(struct ipt_error_target)), \
		.target.errorname = "ERROR", \
		}

		extern unsigned int ipt_do_table(struct sk_buff **pskb,
		unsigned int hook,
		const struct net_device *in,

include/linux/netfilter_ipv6/ip6_tables.h

+22 −0

Original line number	Diff line number	Diff line
		@@ -123,6 +123,28 @@ struct ip6t_error
		struct ip6t_error_target target;
		};

		#define IP6T_ENTRY_INIT(__size) \
		{ \
		.target_offset = sizeof(struct ip6t_entry), \
		.next_offset = (__size), \
		}

		#define IP6T_STANDARD_INIT(__verdict) \
		{ \
		.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
		.target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \
		sizeof(struct ip6t_standard_target)), \
		.target.verdict = -(__verdict) - 1, \
		}

		#define IP6T_ERROR_INIT \
		{ \
		.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \
		.target = XT_TARGET_INIT(IP6T_ERROR_TARGET, \
		sizeof(struct ip6t_error_target)), \
		.target.errorname = "ERROR", \
		}

		/*
		* New IP firewall options for [gs]etsockopt at the RAW IP level.
		* Unlike BSD Linux inherits IP options so you don't have to use

net/ipv4/netfilter/arptable_filter.c

+23 −117

Original line number	Diff line number	Diff line
		@@ -15,128 +15,34 @@ MODULE_DESCRIPTION("arptables filter table");
		#define FILTER_VALID_HOOKS ((1 << NF_ARP_IN) \| (1 << NF_ARP_OUT) \| \
		(1 << NF_ARP_FORWARD))

		/* Standard entry. */
		struct arpt_standard
		{
		struct arpt_entry entry;
		struct arpt_standard_target target;
		};

		struct arpt_error_target
		{
		struct arpt_entry_target target;
		char errorname[ARPT_FUNCTION_MAXNAMELEN];
		};

		struct arpt_error
		{
		struct arpt_entry entry;
		struct arpt_error_target target;
		};

		static struct
		{
		struct arpt_replace repl;
		struct arpt_standard entries[3];
		struct arpt_error term;
		} initial_table __initdata
		= { { "filter", FILTER_VALID_HOOKS, 4,
		sizeof(struct arpt_standard) * 3 + sizeof(struct arpt_error),
		{ [NF_ARP_IN] = 0,
		[NF_ARP_OUT] = sizeof(struct arpt_standard),
		[NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard), },
		{ [NF_ARP_IN] = 0,
		} initial_table __initdata = {
		.repl = {
		.name = "filter",
		.valid_hooks = FILTER_VALID_HOOKS,
		.num_entries = 4,
		.size = sizeof(struct arpt_standard) * 3 + sizeof(struct arpt_error),
		.hook_entry = {
		[NF_ARP_IN] = 0,
		[NF_ARP_OUT] = sizeof(struct arpt_standard),
		[NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard), },
		0, NULL, { } },
		{
		/* ARP_IN */
		{
		{
		{
		{ 0 }, { 0 }, { 0 }, { 0 },
		0, 0,
		{ { 0, }, { 0, } },
		{ { 0, }, { 0, } },
		0, 0,
		0, 0,
		0, 0,
		"", "", { 0 }, { 0 },
		0, 0
		[NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard),
		},
		sizeof(struct arpt_entry),
		sizeof(struct arpt_standard),
		0,
		{ 0, 0 }, { } },
		{ { { { ARPT_ALIGN(sizeof(struct arpt_standard_target)), "" } }, { } },
		-NF_ACCEPT - 1 }
		},
		/* ARP_OUT */
		{
		{
		{
		{ 0 }, { 0 }, { 0 }, { 0 },
		0, 0,
		{ { 0, }, { 0, } },
		{ { 0, }, { 0, } },
		0, 0,
		0, 0,
		0, 0,
		"", "", { 0 }, { 0 },
		0, 0
		},
		sizeof(struct arpt_entry),
		sizeof(struct arpt_standard),
		0,
		{ 0, 0 }, { } },
		{ { { { ARPT_ALIGN(sizeof(struct arpt_standard_target)), "" } }, { } },
		-NF_ACCEPT - 1 }
		},
		/* ARP_FORWARD */
		{
		{
		{
		{ 0 }, { 0 }, { 0 }, { 0 },
		0, 0,
		{ { 0, }, { 0, } },
		{ { 0, }, { 0, } },
		0, 0,
		0, 0,
		0, 0,
		"", "", { 0 }, { 0 },
		0, 0
		.underflow = {
		[NF_ARP_IN] = 0,
		[NF_ARP_OUT] = sizeof(struct arpt_standard),
		[NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard),
		},
		sizeof(struct arpt_entry),
		sizeof(struct arpt_standard),
		0,
		{ 0, 0 }, { } },
		{ { { { ARPT_ALIGN(sizeof(struct arpt_standard_target)), "" } }, { } },
		-NF_ACCEPT - 1 }
		}
		},
		/* ERROR */
		{
		{
		{
		{ 0 }, { 0 }, { 0 }, { 0 },
		0, 0,
		{ { 0, }, { 0, } },
		{ { 0, }, { 0, } },
		0, 0,
		0, 0,
		0, 0,
		"", "", { 0 }, { 0 },
		0, 0
		.entries = {
		ARPT_STANDARD_INIT(NF_ACCEPT), /* ARP_IN */
		ARPT_STANDARD_INIT(NF_ACCEPT), /* ARP_OUT */
		ARPT_STANDARD_INIT(NF_ACCEPT), /* ARP_FORWARD */
		},
		sizeof(struct arpt_entry),
		sizeof(struct arpt_error),
		0,
		{ 0, 0 }, { } },
		{ { { { ARPT_ALIGN(sizeof(struct arpt_error_target)), ARPT_ERROR_TARGET } },
		{ } },
		"ERROR"
		}
		}
		.term = ARPT_ERROR_INIT,
		};

		static struct arpt_table packet_filter = {