netfilter: xtables: resolve indirect macros 2/3

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
This commit is contained in:
Jan Engelhardt 2010-10-13 16:11:22 +02:00
parent 12b00c2c02
commit 87a2e70db6
7 changed files with 103 additions and 108 deletions

View File

@ -24,6 +24,8 @@
#ifndef __KERNEL__ #ifndef __KERNEL__
#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN #define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN #define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
#define arpt_entry_target xt_entry_target
#define arpt_standard_target xt_standard_target
#endif #endif
#define ARPT_DEV_ADDR_LEN_MAX 16 #define ARPT_DEV_ADDR_LEN_MAX 16
@ -65,9 +67,6 @@ struct arpt_arp {
u_int16_t invflags; u_int16_t invflags;
}; };
#define arpt_entry_target xt_entry_target
#define arpt_standard_target xt_standard_target
/* Values for "flag" field in struct arpt_ip (general arp structure). /* Values for "flag" field in struct arpt_ip (general arp structure).
* No flags defined yet. * No flags defined yet.
*/ */
@ -208,7 +207,7 @@ struct arpt_get_entries {
#define ARPT_ERROR_TARGET XT_ERROR_TARGET #define ARPT_ERROR_TARGET XT_ERROR_TARGET
/* Helper functions */ /* Helper functions */
static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e) static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e)
{ {
return (void *)e + e->target_offset; return (void *)e + e->target_offset;
} }
@ -227,11 +226,11 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e
/* Standard entry. */ /* Standard entry. */
struct arpt_standard { struct arpt_standard {
struct arpt_entry entry; struct arpt_entry entry;
struct arpt_standard_target target; struct xt_standard_target target;
}; };
struct arpt_error_target { struct arpt_error_target {
struct arpt_entry_target target; struct xt_entry_target target;
char errorname[XT_FUNCTION_MAXNAMELEN]; char errorname[XT_FUNCTION_MAXNAMELEN];
}; };
@ -250,7 +249,7 @@ struct arpt_error {
{ \ { \
.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \ .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \
.target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \ .target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \
sizeof(struct arpt_standard_target)), \ sizeof(struct xt_standard_target)), \
.target.verdict = -(__verdict) - 1, \ .target.verdict = -(__verdict) - 1, \
} }
@ -287,7 +286,7 @@ struct compat_arpt_entry {
unsigned char elems[0]; unsigned char elems[0];
}; };
static inline struct arpt_entry_target * static inline struct xt_entry_target *
compat_arpt_get_target(struct compat_arpt_entry *e) compat_arpt_get_target(struct compat_arpt_entry *e)
{ {
return (void *)e + e->target_offset; return (void *)e + e->target_offset;

View File

@ -34,6 +34,10 @@
#define ipt_target xt_target #define ipt_target xt_target
#define ipt_table xt_table #define ipt_table xt_table
#define ipt_get_revision xt_get_revision #define ipt_get_revision xt_get_revision
#define ipt_entry_match xt_entry_match
#define ipt_entry_target xt_entry_target
#define ipt_standard_target xt_standard_target
#define ipt_counters xt_counters
#endif #endif
/* Yes, Virginia, you have to zero the padding. */ /* Yes, Virginia, you have to zero the padding. */
@ -54,12 +58,6 @@ struct ipt_ip {
u_int8_t invflags; u_int8_t invflags;
}; };
#define ipt_entry_match xt_entry_match
#define ipt_entry_target xt_entry_target
#define ipt_standard_target xt_standard_target
#define ipt_counters xt_counters
/* Values for "flag" field in struct ipt_ip (general ip structure). */ /* Values for "flag" field in struct ipt_ip (general ip structure). */
#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */
#define IPT_F_GOTO 0x02 /* Set if jump is a goto */ #define IPT_F_GOTO 0x02 /* Set if jump is a goto */
@ -219,7 +217,7 @@ struct ipt_get_entries {
#define IPT_ERROR_TARGET XT_ERROR_TARGET #define IPT_ERROR_TARGET XT_ERROR_TARGET
/* Helper functions */ /* Helper functions */
static __inline__ struct ipt_entry_target * static __inline__ struct xt_entry_target *
ipt_get_target(struct ipt_entry *e) ipt_get_target(struct ipt_entry *e)
{ {
return (void *)e + e->target_offset; return (void *)e + e->target_offset;
@ -251,11 +249,11 @@ extern void ipt_unregister_table(struct net *net, struct xt_table *table);
/* Standard entry. */ /* Standard entry. */
struct ipt_standard { struct ipt_standard {
struct ipt_entry entry; struct ipt_entry entry;
struct ipt_standard_target target; struct xt_standard_target target;
}; };
struct ipt_error_target { struct ipt_error_target {
struct ipt_entry_target target; struct xt_entry_target target;
char errorname[XT_FUNCTION_MAXNAMELEN]; char errorname[XT_FUNCTION_MAXNAMELEN];
}; };
@ -309,7 +307,7 @@ struct compat_ipt_entry {
}; };
/* Helper functions */ /* Helper functions */
static inline struct ipt_entry_target * static inline struct xt_entry_target *
compat_ipt_get_target(struct compat_ipt_entry *e) compat_ipt_get_target(struct compat_ipt_entry *e)
{ {
return (void *)e + e->target_offset; return (void *)e + e->target_offset;

View File

@ -34,6 +34,10 @@
#define ip6t_target xt_target #define ip6t_target xt_target
#define ip6t_table xt_table #define ip6t_table xt_table
#define ip6t_get_revision xt_get_revision #define ip6t_get_revision xt_get_revision
#define ip6t_entry_match xt_entry_match
#define ip6t_entry_target xt_entry_target
#define ip6t_standard_target xt_standard_target
#define ip6t_counters xt_counters
#endif #endif
/* Yes, Virginia, you have to zero the padding. */ /* Yes, Virginia, you have to zero the padding. */
@ -63,12 +67,6 @@ struct ip6t_ip6 {
u_int8_t invflags; u_int8_t invflags;
}; };
#define ip6t_entry_match xt_entry_match
#define ip6t_entry_target xt_entry_target
#define ip6t_standard_target xt_standard_target
#define ip6t_counters xt_counters
/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */ /* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper #define IP6T_F_PROTO 0x01 /* Set if rule cares about upper
protocols */ protocols */
@ -113,11 +111,11 @@ struct ip6t_entry {
/* Standard entry */ /* Standard entry */
struct ip6t_standard { struct ip6t_standard {
struct ip6t_entry entry; struct ip6t_entry entry;
struct ip6t_standard_target target; struct xt_standard_target target;
}; };
struct ip6t_error_target { struct ip6t_error_target {
struct ip6t_entry_target target; struct xt_entry_target target;
char errorname[XT_FUNCTION_MAXNAMELEN]; char errorname[XT_FUNCTION_MAXNAMELEN];
}; };
@ -136,7 +134,7 @@ struct ip6t_error {
{ \ { \
.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \ .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
.target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \ .target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \
sizeof(struct ip6t_standard_target)), \ sizeof(struct xt_standard_target)), \
.target.verdict = -(__verdict) - 1, \ .target.verdict = -(__verdict) - 1, \
} }
@ -275,7 +273,7 @@ struct ip6t_get_entries {
#define IP6T_ERROR_TARGET XT_ERROR_TARGET #define IP6T_ERROR_TARGET XT_ERROR_TARGET
/* Helper functions */ /* Helper functions */
static __inline__ struct ip6t_entry_target * static __inline__ struct xt_entry_target *
ip6t_get_target(struct ip6t_entry *e) ip6t_get_target(struct ip6t_entry *e)
{ {
return (void *)e + e->target_offset; return (void *)e + e->target_offset;
@ -332,7 +330,7 @@ struct compat_ip6t_entry {
unsigned char elems[0]; unsigned char elems[0];
}; };
static inline struct ip6t_entry_target * static inline struct xt_entry_target *
compat_ip6t_get_target(struct compat_ip6t_entry *e) compat_ip6t_get_target(struct compat_ip6t_entry *e)
{ {
return (void *)e + e->target_offset; return (void *)e + e->target_offset;

View File

@ -228,7 +228,7 @@ arpt_error(struct sk_buff *skb, const struct xt_action_param *par)
return NF_DROP; return NF_DROP;
} }
static inline const struct arpt_entry_target * static inline const struct xt_entry_target *
arpt_get_target_c(const struct arpt_entry *e) arpt_get_target_c(const struct arpt_entry *e)
{ {
return arpt_get_target((struct arpt_entry *)e); return arpt_get_target((struct arpt_entry *)e);
@ -282,7 +282,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
arp = arp_hdr(skb); arp = arp_hdr(skb);
do { do {
const struct arpt_entry_target *t; const struct xt_entry_target *t;
if (!arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) { if (!arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {
e = arpt_next_entry(e); e = arpt_next_entry(e);
@ -297,7 +297,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
if (!t->u.kernel.target->target) { if (!t->u.kernel.target->target) {
int v; int v;
v = ((struct arpt_standard_target *)t)->verdict; v = ((struct xt_standard_target *)t)->verdict;
if (v < 0) { if (v < 0) {
/* Pop from stack? */ /* Pop from stack? */
if (v != ARPT_RETURN) { if (v != ARPT_RETURN) {
@ -377,7 +377,7 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
e->counters.pcnt = pos; e->counters.pcnt = pos;
for (;;) { for (;;) {
const struct arpt_standard_target *t const struct xt_standard_target *t
= (void *)arpt_get_target_c(e); = (void *)arpt_get_target_c(e);
int visited = e->comefrom & (1 << hook); int visited = e->comefrom & (1 << hook);
@ -464,14 +464,14 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
static inline int check_entry(const struct arpt_entry *e, const char *name) static inline int check_entry(const struct arpt_entry *e, const char *name)
{ {
const struct arpt_entry_target *t; const struct xt_entry_target *t;
if (!arp_checkentry(&e->arp)) { if (!arp_checkentry(&e->arp)) {
duprintf("arp_tables: arp check failed %p %s.\n", e, name); duprintf("arp_tables: arp check failed %p %s.\n", e, name);
return -EINVAL; return -EINVAL;
} }
if (e->target_offset + sizeof(struct arpt_entry_target) > e->next_offset) if (e->target_offset + sizeof(struct xt_entry_target) > e->next_offset)
return -EINVAL; return -EINVAL;
t = arpt_get_target_c(e); t = arpt_get_target_c(e);
@ -483,7 +483,7 @@ static inline int check_entry(const struct arpt_entry *e, const char *name)
static inline int check_target(struct arpt_entry *e, const char *name) static inline int check_target(struct arpt_entry *e, const char *name)
{ {
struct arpt_entry_target *t = arpt_get_target(e); struct xt_entry_target *t = arpt_get_target(e);
int ret; int ret;
struct xt_tgchk_param par = { struct xt_tgchk_param par = {
.table = name, .table = name,
@ -506,7 +506,7 @@ static inline int check_target(struct arpt_entry *e, const char *name)
static inline int static inline int
find_check_entry(struct arpt_entry *e, const char *name, unsigned int size) find_check_entry(struct arpt_entry *e, const char *name, unsigned int size)
{ {
struct arpt_entry_target *t; struct xt_entry_target *t;
struct xt_target *target; struct xt_target *target;
int ret; int ret;
@ -536,7 +536,7 @@ out:
static bool check_underflow(const struct arpt_entry *e) static bool check_underflow(const struct arpt_entry *e)
{ {
const struct arpt_entry_target *t; const struct xt_entry_target *t;
unsigned int verdict; unsigned int verdict;
if (!unconditional(&e->arp)) if (!unconditional(&e->arp))
@ -544,7 +544,7 @@ static bool check_underflow(const struct arpt_entry *e)
t = arpt_get_target_c(e); t = arpt_get_target_c(e);
if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0) if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0)
return false; return false;
verdict = ((struct arpt_standard_target *)t)->verdict; verdict = ((struct xt_standard_target *)t)->verdict;
verdict = -verdict - 1; verdict = -verdict - 1;
return verdict == NF_DROP || verdict == NF_ACCEPT; return verdict == NF_DROP || verdict == NF_ACCEPT;
} }
@ -566,7 +566,7 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e,
} }
if (e->next_offset if (e->next_offset
< sizeof(struct arpt_entry) + sizeof(struct arpt_entry_target)) { < sizeof(struct arpt_entry) + sizeof(struct xt_entry_target)) {
duprintf("checking: element %p size %u\n", duprintf("checking: element %p size %u\n",
e, e->next_offset); e, e->next_offset);
return -EINVAL; return -EINVAL;
@ -598,7 +598,7 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e,
static inline void cleanup_entry(struct arpt_entry *e) static inline void cleanup_entry(struct arpt_entry *e)
{ {
struct xt_tgdtor_param par; struct xt_tgdtor_param par;
struct arpt_entry_target *t; struct xt_entry_target *t;
t = arpt_get_target(e); t = arpt_get_target(e);
par.target = t->u.kernel.target; par.target = t->u.kernel.target;
@ -794,7 +794,7 @@ static int copy_entries_to_user(unsigned int total_size,
/* FIXME: use iterator macros --RR */ /* FIXME: use iterator macros --RR */
/* ... then go back and fix counters and names */ /* ... then go back and fix counters and names */
for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){ for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){
const struct arpt_entry_target *t; const struct xt_entry_target *t;
e = (struct arpt_entry *)(loc_cpu_entry + off); e = (struct arpt_entry *)(loc_cpu_entry + off);
if (copy_to_user(userptr + off if (copy_to_user(userptr + off
@ -807,7 +807,7 @@ static int copy_entries_to_user(unsigned int total_size,
t = arpt_get_target_c(e); t = arpt_get_target_c(e);
if (copy_to_user(userptr + off + e->target_offset if (copy_to_user(userptr + off + e->target_offset
+ offsetof(struct arpt_entry_target, + offsetof(struct xt_entry_target,
u.user.name), u.user.name),
t->u.kernel.target->name, t->u.kernel.target->name,
strlen(t->u.kernel.target->name)+1) != 0) { strlen(t->u.kernel.target->name)+1) != 0) {
@ -844,7 +844,7 @@ static int compat_calc_entry(const struct arpt_entry *e,
const struct xt_table_info *info, const struct xt_table_info *info,
const void *base, struct xt_table_info *newinfo) const void *base, struct xt_table_info *newinfo)
{ {
const struct arpt_entry_target *t; const struct xt_entry_target *t;
unsigned int entry_offset; unsigned int entry_offset;
int off, i, ret; int off, i, ret;
@ -1204,7 +1204,7 @@ static int do_add_counters(struct net *net, const void __user *user,
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
static inline void compat_release_entry(struct compat_arpt_entry *e) static inline void compat_release_entry(struct compat_arpt_entry *e)
{ {
struct arpt_entry_target *t; struct xt_entry_target *t;
t = compat_arpt_get_target(e); t = compat_arpt_get_target(e);
module_put(t->u.kernel.target->me); module_put(t->u.kernel.target->me);
@ -1220,7 +1220,7 @@ check_compat_entry_size_and_hooks(struct compat_arpt_entry *e,
const unsigned int *underflows, const unsigned int *underflows,
const char *name) const char *name)
{ {
struct arpt_entry_target *t; struct xt_entry_target *t;
struct xt_target *target; struct xt_target *target;
unsigned int entry_offset; unsigned int entry_offset;
int ret, off, h; int ret, off, h;
@ -1288,7 +1288,7 @@ compat_copy_entry_from_user(struct compat_arpt_entry *e, void **dstptr,
unsigned int *size, const char *name, unsigned int *size, const char *name,
struct xt_table_info *newinfo, unsigned char *base) struct xt_table_info *newinfo, unsigned char *base)
{ {
struct arpt_entry_target *t; struct xt_entry_target *t;
struct xt_target *target; struct xt_target *target;
struct arpt_entry *de; struct arpt_entry *de;
unsigned int origsize; unsigned int origsize;
@ -1567,7 +1567,7 @@ static int compat_copy_entry_to_user(struct arpt_entry *e, void __user **dstptr,
struct xt_counters *counters, struct xt_counters *counters,
unsigned int i) unsigned int i)
{ {
struct arpt_entry_target *t; struct xt_entry_target *t;
struct compat_arpt_entry __user *ce; struct compat_arpt_entry __user *ce;
u_int16_t target_offset, next_offset; u_int16_t target_offset, next_offset;
compat_uint_t origsize; compat_uint_t origsize;

View File

@ -186,7 +186,7 @@ static inline bool unconditional(const struct ipt_ip *ip)
} }
/* for const-correctness */ /* for const-correctness */
static inline const struct ipt_entry_target * static inline const struct xt_entry_target *
ipt_get_target_c(const struct ipt_entry *e) ipt_get_target_c(const struct ipt_entry *e)
{ {
return ipt_get_target((struct ipt_entry *)e); return ipt_get_target((struct ipt_entry *)e);
@ -230,7 +230,7 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e,
const char *hookname, const char **chainname, const char *hookname, const char **chainname,
const char **comment, unsigned int *rulenum) const char **comment, unsigned int *rulenum)
{ {
const struct ipt_standard_target *t = (void *)ipt_get_target_c(s); const struct xt_standard_target *t = (void *)ipt_get_target_c(s);
if (strcmp(t->target.u.kernel.target->name, IPT_ERROR_TARGET) == 0) { if (strcmp(t->target.u.kernel.target->name, IPT_ERROR_TARGET) == 0) {
/* Head of user chain: ERROR target with chainname */ /* Head of user chain: ERROR target with chainname */
@ -346,7 +346,7 @@ ipt_do_table(struct sk_buff *skb,
get_entry(table_base, private->underflow[hook])); get_entry(table_base, private->underflow[hook]));
do { do {
const struct ipt_entry_target *t; const struct xt_entry_target *t;
const struct xt_entry_match *ematch; const struct xt_entry_match *ematch;
IP_NF_ASSERT(e); IP_NF_ASSERT(e);
@ -380,7 +380,7 @@ ipt_do_table(struct sk_buff *skb,
if (!t->u.kernel.target->target) { if (!t->u.kernel.target->target) {
int v; int v;
v = ((struct ipt_standard_target *)t)->verdict; v = ((struct xt_standard_target *)t)->verdict;
if (v < 0) { if (v < 0) {
/* Pop from stack? */ /* Pop from stack? */
if (v != IPT_RETURN) { if (v != IPT_RETURN) {
@ -461,7 +461,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
e->counters.pcnt = pos; e->counters.pcnt = pos;
for (;;) { for (;;) {
const struct ipt_standard_target *t const struct xt_standard_target *t
= (void *)ipt_get_target_c(e); = (void *)ipt_get_target_c(e);
int visited = e->comefrom & (1 << hook); int visited = e->comefrom & (1 << hook);
@ -552,7 +552,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
return 1; return 1;
} }
static void cleanup_match(struct ipt_entry_match *m, struct net *net) static void cleanup_match(struct xt_entry_match *m, struct net *net)
{ {
struct xt_mtdtor_param par; struct xt_mtdtor_param par;
@ -568,14 +568,14 @@ static void cleanup_match(struct ipt_entry_match *m, struct net *net)
static int static int
check_entry(const struct ipt_entry *e, const char *name) check_entry(const struct ipt_entry *e, const char *name)
{ {
const struct ipt_entry_target *t; const struct xt_entry_target *t;
if (!ip_checkentry(&e->ip)) { if (!ip_checkentry(&e->ip)) {
duprintf("ip check failed %p %s.\n", e, par->match->name); duprintf("ip check failed %p %s.\n", e, par->match->name);
return -EINVAL; return -EINVAL;
} }
if (e->target_offset + sizeof(struct ipt_entry_target) > if (e->target_offset + sizeof(struct xt_entry_target) >
e->next_offset) e->next_offset)
return -EINVAL; return -EINVAL;
@ -587,7 +587,7 @@ check_entry(const struct ipt_entry *e, const char *name)
} }
static int static int
check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par) check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
{ {
const struct ipt_ip *ip = par->entryinfo; const struct ipt_ip *ip = par->entryinfo;
int ret; int ret;
@ -605,7 +605,7 @@ check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par)
} }
static int static int
find_check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par) find_check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
{ {
struct xt_match *match; struct xt_match *match;
int ret; int ret;
@ -630,7 +630,7 @@ err:
static int check_target(struct ipt_entry *e, struct net *net, const char *name) static int check_target(struct ipt_entry *e, struct net *net, const char *name)
{ {
struct ipt_entry_target *t = ipt_get_target(e); struct xt_entry_target *t = ipt_get_target(e);
struct xt_tgchk_param par = { struct xt_tgchk_param par = {
.net = net, .net = net,
.table = name, .table = name,
@ -656,7 +656,7 @@ static int
find_check_entry(struct ipt_entry *e, struct net *net, const char *name, find_check_entry(struct ipt_entry *e, struct net *net, const char *name,
unsigned int size) unsigned int size)
{ {
struct ipt_entry_target *t; struct xt_entry_target *t;
struct xt_target *target; struct xt_target *target;
int ret; int ret;
unsigned int j; unsigned int j;
@ -707,7 +707,7 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name,
static bool check_underflow(const struct ipt_entry *e) static bool check_underflow(const struct ipt_entry *e)
{ {
const struct ipt_entry_target *t; const struct xt_entry_target *t;
unsigned int verdict; unsigned int verdict;
if (!unconditional(&e->ip)) if (!unconditional(&e->ip))
@ -715,7 +715,7 @@ static bool check_underflow(const struct ipt_entry *e)
t = ipt_get_target_c(e); t = ipt_get_target_c(e);
if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0) if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0)
return false; return false;
verdict = ((struct ipt_standard_target *)t)->verdict; verdict = ((struct xt_standard_target *)t)->verdict;
verdict = -verdict - 1; verdict = -verdict - 1;
return verdict == NF_DROP || verdict == NF_ACCEPT; return verdict == NF_DROP || verdict == NF_ACCEPT;
} }
@ -738,7 +738,7 @@ check_entry_size_and_hooks(struct ipt_entry *e,
} }
if (e->next_offset if (e->next_offset
< sizeof(struct ipt_entry) + sizeof(struct ipt_entry_target)) { < sizeof(struct ipt_entry) + sizeof(struct xt_entry_target)) {
duprintf("checking: element %p size %u\n", duprintf("checking: element %p size %u\n",
e, e->next_offset); e, e->next_offset);
return -EINVAL; return -EINVAL;
@ -771,7 +771,7 @@ static void
cleanup_entry(struct ipt_entry *e, struct net *net) cleanup_entry(struct ipt_entry *e, struct net *net)
{ {
struct xt_tgdtor_param par; struct xt_tgdtor_param par;
struct ipt_entry_target *t; struct xt_entry_target *t;
struct xt_entry_match *ematch; struct xt_entry_match *ematch;
/* Cleanup all matches */ /* Cleanup all matches */
@ -972,8 +972,8 @@ copy_entries_to_user(unsigned int total_size,
/* ... then go back and fix counters and names */ /* ... then go back and fix counters and names */
for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){ for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){
unsigned int i; unsigned int i;
const struct ipt_entry_match *m; const struct xt_entry_match *m;
const struct ipt_entry_target *t; const struct xt_entry_target *t;
e = (struct ipt_entry *)(loc_cpu_entry + off); e = (struct ipt_entry *)(loc_cpu_entry + off);
if (copy_to_user(userptr + off if (copy_to_user(userptr + off
@ -990,7 +990,7 @@ copy_entries_to_user(unsigned int total_size,
m = (void *)e + i; m = (void *)e + i;
if (copy_to_user(userptr + off + i if (copy_to_user(userptr + off + i
+ offsetof(struct ipt_entry_match, + offsetof(struct xt_entry_match,
u.user.name), u.user.name),
m->u.kernel.match->name, m->u.kernel.match->name,
strlen(m->u.kernel.match->name)+1) strlen(m->u.kernel.match->name)+1)
@ -1002,7 +1002,7 @@ copy_entries_to_user(unsigned int total_size,
t = ipt_get_target_c(e); t = ipt_get_target_c(e);
if (copy_to_user(userptr + off + e->target_offset if (copy_to_user(userptr + off + e->target_offset
+ offsetof(struct ipt_entry_target, + offsetof(struct xt_entry_target,
u.user.name), u.user.name),
t->u.kernel.target->name, t->u.kernel.target->name,
strlen(t->u.kernel.target->name)+1) != 0) { strlen(t->u.kernel.target->name)+1) != 0) {
@ -1040,7 +1040,7 @@ static int compat_calc_entry(const struct ipt_entry *e,
const void *base, struct xt_table_info *newinfo) const void *base, struct xt_table_info *newinfo)
{ {
const struct xt_entry_match *ematch; const struct xt_entry_match *ematch;
const struct ipt_entry_target *t; const struct xt_entry_target *t;
unsigned int entry_offset; unsigned int entry_offset;
int off, i, ret; int off, i, ret;
@ -1407,7 +1407,7 @@ struct compat_ipt_replace {
u32 hook_entry[NF_INET_NUMHOOKS]; u32 hook_entry[NF_INET_NUMHOOKS];
u32 underflow[NF_INET_NUMHOOKS]; u32 underflow[NF_INET_NUMHOOKS];
u32 num_counters; u32 num_counters;
compat_uptr_t counters; /* struct ipt_counters * */ compat_uptr_t counters; /* struct xt_counters * */
struct compat_ipt_entry entries[0]; struct compat_ipt_entry entries[0];
}; };
@ -1416,7 +1416,7 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr,
unsigned int *size, struct xt_counters *counters, unsigned int *size, struct xt_counters *counters,
unsigned int i) unsigned int i)
{ {
struct ipt_entry_target *t; struct xt_entry_target *t;
struct compat_ipt_entry __user *ce; struct compat_ipt_entry __user *ce;
u_int16_t target_offset, next_offset; u_int16_t target_offset, next_offset;
compat_uint_t origsize; compat_uint_t origsize;
@ -1451,7 +1451,7 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr,
} }
static int static int
compat_find_calc_match(struct ipt_entry_match *m, compat_find_calc_match(struct xt_entry_match *m,
const char *name, const char *name,
const struct ipt_ip *ip, const struct ipt_ip *ip,
unsigned int hookmask, unsigned int hookmask,
@ -1473,7 +1473,7 @@ compat_find_calc_match(struct ipt_entry_match *m,
static void compat_release_entry(struct compat_ipt_entry *e) static void compat_release_entry(struct compat_ipt_entry *e)
{ {
struct ipt_entry_target *t; struct xt_entry_target *t;
struct xt_entry_match *ematch; struct xt_entry_match *ematch;
/* Cleanup all matches */ /* Cleanup all matches */
@ -1494,7 +1494,7 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e,
const char *name) const char *name)
{ {
struct xt_entry_match *ematch; struct xt_entry_match *ematch;
struct ipt_entry_target *t; struct xt_entry_target *t;
struct xt_target *target; struct xt_target *target;
unsigned int entry_offset; unsigned int entry_offset;
unsigned int j; unsigned int j;
@ -1576,7 +1576,7 @@ compat_copy_entry_from_user(struct compat_ipt_entry *e, void **dstptr,
unsigned int *size, const char *name, unsigned int *size, const char *name,
struct xt_table_info *newinfo, unsigned char *base) struct xt_table_info *newinfo, unsigned char *base)
{ {
struct ipt_entry_target *t; struct xt_entry_target *t;
struct xt_target *target; struct xt_target *target;
struct ipt_entry *de; struct ipt_entry *de;
unsigned int origsize; unsigned int origsize;

View File

@ -215,7 +215,7 @@ static inline bool unconditional(const struct ip6t_ip6 *ipv6)
return memcmp(ipv6, &uncond, sizeof(uncond)) == 0; return memcmp(ipv6, &uncond, sizeof(uncond)) == 0;
} }
static inline const struct ip6t_entry_target * static inline const struct xt_entry_target *
ip6t_get_target_c(const struct ip6t_entry *e) ip6t_get_target_c(const struct ip6t_entry *e)
{ {
return ip6t_get_target((struct ip6t_entry *)e); return ip6t_get_target((struct ip6t_entry *)e);
@ -260,7 +260,7 @@ get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e,
const char *hookname, const char **chainname, const char *hookname, const char **chainname,
const char **comment, unsigned int *rulenum) const char **comment, unsigned int *rulenum)
{ {
const struct ip6t_standard_target *t = (void *)ip6t_get_target_c(s); const struct xt_standard_target *t = (void *)ip6t_get_target_c(s);
if (strcmp(t->target.u.kernel.target->name, IP6T_ERROR_TARGET) == 0) { if (strcmp(t->target.u.kernel.target->name, IP6T_ERROR_TARGET) == 0) {
/* Head of user chain: ERROR target with chainname */ /* Head of user chain: ERROR target with chainname */
@ -369,7 +369,7 @@ ip6t_do_table(struct sk_buff *skb,
e = get_entry(table_base, private->hook_entry[hook]); e = get_entry(table_base, private->hook_entry[hook]);
do { do {
const struct ip6t_entry_target *t; const struct xt_entry_target *t;
const struct xt_entry_match *ematch; const struct xt_entry_match *ematch;
IP_NF_ASSERT(e); IP_NF_ASSERT(e);
@ -403,7 +403,7 @@ ip6t_do_table(struct sk_buff *skb,
if (!t->u.kernel.target->target) { if (!t->u.kernel.target->target) {
int v; int v;
v = ((struct ip6t_standard_target *)t)->verdict; v = ((struct xt_standard_target *)t)->verdict;
if (v < 0) { if (v < 0) {
/* Pop from stack? */ /* Pop from stack? */
if (v != IP6T_RETURN) { if (v != IP6T_RETURN) {
@ -474,7 +474,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
e->counters.pcnt = pos; e->counters.pcnt = pos;
for (;;) { for (;;) {
const struct ip6t_standard_target *t const struct xt_standard_target *t
= (void *)ip6t_get_target_c(e); = (void *)ip6t_get_target_c(e);
int visited = e->comefrom & (1 << hook); int visited = e->comefrom & (1 << hook);
@ -565,7 +565,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
return 1; return 1;
} }
static void cleanup_match(struct ip6t_entry_match *m, struct net *net) static void cleanup_match(struct xt_entry_match *m, struct net *net)
{ {
struct xt_mtdtor_param par; struct xt_mtdtor_param par;
@ -581,14 +581,14 @@ static void cleanup_match(struct ip6t_entry_match *m, struct net *net)
static int static int
check_entry(const struct ip6t_entry *e, const char *name) check_entry(const struct ip6t_entry *e, const char *name)
{ {
const struct ip6t_entry_target *t; const struct xt_entry_target *t;
if (!ip6_checkentry(&e->ipv6)) { if (!ip6_checkentry(&e->ipv6)) {
duprintf("ip_tables: ip check failed %p %s.\n", e, name); duprintf("ip_tables: ip check failed %p %s.\n", e, name);
return -EINVAL; return -EINVAL;
} }
if (e->target_offset + sizeof(struct ip6t_entry_target) > if (e->target_offset + sizeof(struct xt_entry_target) >
e->next_offset) e->next_offset)
return -EINVAL; return -EINVAL;
@ -599,7 +599,7 @@ check_entry(const struct ip6t_entry *e, const char *name)
return 0; return 0;
} }
static int check_match(struct ip6t_entry_match *m, struct xt_mtchk_param *par) static int check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
{ {
const struct ip6t_ip6 *ipv6 = par->entryinfo; const struct ip6t_ip6 *ipv6 = par->entryinfo;
int ret; int ret;
@ -618,7 +618,7 @@ static int check_match(struct ip6t_entry_match *m, struct xt_mtchk_param *par)
} }
static int static int
find_check_match(struct ip6t_entry_match *m, struct xt_mtchk_param *par) find_check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
{ {
struct xt_match *match; struct xt_match *match;
int ret; int ret;
@ -643,7 +643,7 @@ err:
static int check_target(struct ip6t_entry *e, struct net *net, const char *name) static int check_target(struct ip6t_entry *e, struct net *net, const char *name)
{ {
struct ip6t_entry_target *t = ip6t_get_target(e); struct xt_entry_target *t = ip6t_get_target(e);
struct xt_tgchk_param par = { struct xt_tgchk_param par = {
.net = net, .net = net,
.table = name, .table = name,
@ -670,7 +670,7 @@ static int
find_check_entry(struct ip6t_entry *e, struct net *net, const char *name, find_check_entry(struct ip6t_entry *e, struct net *net, const char *name,
unsigned int size) unsigned int size)
{ {
struct ip6t_entry_target *t; struct xt_entry_target *t;
struct xt_target *target; struct xt_target *target;
int ret; int ret;
unsigned int j; unsigned int j;
@ -721,7 +721,7 @@ find_check_entry(struct ip6t_entry *e, struct net *net, const char *name,
static bool check_underflow(const struct ip6t_entry *e) static bool check_underflow(const struct ip6t_entry *e)
{ {
const struct ip6t_entry_target *t; const struct xt_entry_target *t;
unsigned int verdict; unsigned int verdict;
if (!unconditional(&e->ipv6)) if (!unconditional(&e->ipv6))
@ -729,7 +729,7 @@ static bool check_underflow(const struct ip6t_entry *e)
t = ip6t_get_target_c(e); t = ip6t_get_target_c(e);
if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0) if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0)
return false; return false;
verdict = ((struct ip6t_standard_target *)t)->verdict; verdict = ((struct xt_standard_target *)t)->verdict;
verdict = -verdict - 1; verdict = -verdict - 1;
return verdict == NF_DROP || verdict == NF_ACCEPT; return verdict == NF_DROP || verdict == NF_ACCEPT;
} }
@ -752,7 +752,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e,
} }
if (e->next_offset if (e->next_offset
< sizeof(struct ip6t_entry) + sizeof(struct ip6t_entry_target)) { < sizeof(struct ip6t_entry) + sizeof(struct xt_entry_target)) {
duprintf("checking: element %p size %u\n", duprintf("checking: element %p size %u\n",
e, e->next_offset); e, e->next_offset);
return -EINVAL; return -EINVAL;
@ -784,7 +784,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e,
static void cleanup_entry(struct ip6t_entry *e, struct net *net) static void cleanup_entry(struct ip6t_entry *e, struct net *net)
{ {
struct xt_tgdtor_param par; struct xt_tgdtor_param par;
struct ip6t_entry_target *t; struct xt_entry_target *t;
struct xt_entry_match *ematch; struct xt_entry_match *ematch;
/* Cleanup all matches */ /* Cleanup all matches */
@ -985,8 +985,8 @@ copy_entries_to_user(unsigned int total_size,
/* ... then go back and fix counters and names */ /* ... then go back and fix counters and names */
for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){ for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){
unsigned int i; unsigned int i;
const struct ip6t_entry_match *m; const struct xt_entry_match *m;
const struct ip6t_entry_target *t; const struct xt_entry_target *t;
e = (struct ip6t_entry *)(loc_cpu_entry + off); e = (struct ip6t_entry *)(loc_cpu_entry + off);
if (copy_to_user(userptr + off if (copy_to_user(userptr + off
@ -1003,7 +1003,7 @@ copy_entries_to_user(unsigned int total_size,
m = (void *)e + i; m = (void *)e + i;
if (copy_to_user(userptr + off + i if (copy_to_user(userptr + off + i
+ offsetof(struct ip6t_entry_match, + offsetof(struct xt_entry_match,
u.user.name), u.user.name),
m->u.kernel.match->name, m->u.kernel.match->name,
strlen(m->u.kernel.match->name)+1) strlen(m->u.kernel.match->name)+1)
@ -1015,7 +1015,7 @@ copy_entries_to_user(unsigned int total_size,
t = ip6t_get_target_c(e); t = ip6t_get_target_c(e);
if (copy_to_user(userptr + off + e->target_offset if (copy_to_user(userptr + off + e->target_offset
+ offsetof(struct ip6t_entry_target, + offsetof(struct xt_entry_target,
u.user.name), u.user.name),
t->u.kernel.target->name, t->u.kernel.target->name,
strlen(t->u.kernel.target->name)+1) != 0) { strlen(t->u.kernel.target->name)+1) != 0) {
@ -1053,7 +1053,7 @@ static int compat_calc_entry(const struct ip6t_entry *e,
const void *base, struct xt_table_info *newinfo) const void *base, struct xt_table_info *newinfo)
{ {
const struct xt_entry_match *ematch; const struct xt_entry_match *ematch;
const struct ip6t_entry_target *t; const struct xt_entry_target *t;
unsigned int entry_offset; unsigned int entry_offset;
int off, i, ret; int off, i, ret;
@ -1422,7 +1422,7 @@ struct compat_ip6t_replace {
u32 hook_entry[NF_INET_NUMHOOKS]; u32 hook_entry[NF_INET_NUMHOOKS];
u32 underflow[NF_INET_NUMHOOKS]; u32 underflow[NF_INET_NUMHOOKS];
u32 num_counters; u32 num_counters;
compat_uptr_t counters; /* struct ip6t_counters * */ compat_uptr_t counters; /* struct xt_counters * */
struct compat_ip6t_entry entries[0]; struct compat_ip6t_entry entries[0];
}; };
@ -1431,7 +1431,7 @@ compat_copy_entry_to_user(struct ip6t_entry *e, void __user **dstptr,
unsigned int *size, struct xt_counters *counters, unsigned int *size, struct xt_counters *counters,
unsigned int i) unsigned int i)
{ {
struct ip6t_entry_target *t; struct xt_entry_target *t;
struct compat_ip6t_entry __user *ce; struct compat_ip6t_entry __user *ce;
u_int16_t target_offset, next_offset; u_int16_t target_offset, next_offset;
compat_uint_t origsize; compat_uint_t origsize;
@ -1466,7 +1466,7 @@ compat_copy_entry_to_user(struct ip6t_entry *e, void __user **dstptr,
} }
static int static int
compat_find_calc_match(struct ip6t_entry_match *m, compat_find_calc_match(struct xt_entry_match *m,
const char *name, const char *name,
const struct ip6t_ip6 *ipv6, const struct ip6t_ip6 *ipv6,
unsigned int hookmask, unsigned int hookmask,
@ -1488,7 +1488,7 @@ compat_find_calc_match(struct ip6t_entry_match *m,
static void compat_release_entry(struct compat_ip6t_entry *e) static void compat_release_entry(struct compat_ip6t_entry *e)
{ {
struct ip6t_entry_target *t; struct xt_entry_target *t;
struct xt_entry_match *ematch; struct xt_entry_match *ematch;
/* Cleanup all matches */ /* Cleanup all matches */
@ -1509,7 +1509,7 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e,
const char *name) const char *name)
{ {
struct xt_entry_match *ematch; struct xt_entry_match *ematch;
struct ip6t_entry_target *t; struct xt_entry_target *t;
struct xt_target *target; struct xt_target *target;
unsigned int entry_offset; unsigned int entry_offset;
unsigned int j; unsigned int j;
@ -1591,7 +1591,7 @@ compat_copy_entry_from_user(struct compat_ip6t_entry *e, void **dstptr,
unsigned int *size, const char *name, unsigned int *size, const char *name,
struct xt_table_info *newinfo, unsigned char *base) struct xt_table_info *newinfo, unsigned char *base)
{ {
struct ip6t_entry_target *t; struct xt_entry_target *t;
struct xt_target *target; struct xt_target *target;
struct ip6t_entry *de; struct ip6t_entry *de;
unsigned int origsize; unsigned int origsize;

View File

@ -39,7 +39,7 @@ static struct tcf_hashinfo ipt_hash_info = {
.lock = &ipt_lock, .lock = &ipt_lock,
}; };
static int ipt_init_target(struct ipt_entry_target *t, char *table, unsigned int hook) static int ipt_init_target(struct xt_entry_target *t, char *table, unsigned int hook)
{ {
struct xt_tgchk_param par; struct xt_tgchk_param par;
struct xt_target *target; struct xt_target *target;
@ -66,7 +66,7 @@ static int ipt_init_target(struct ipt_entry_target *t, char *table, unsigned int
return 0; return 0;
} }
static void ipt_destroy_target(struct ipt_entry_target *t) static void ipt_destroy_target(struct xt_entry_target *t)
{ {
struct xt_tgdtor_param par = { struct xt_tgdtor_param par = {
.target = t->u.kernel.target, .target = t->u.kernel.target,
@ -99,7 +99,7 @@ static const struct nla_policy ipt_policy[TCA_IPT_MAX + 1] = {
[TCA_IPT_TABLE] = { .type = NLA_STRING, .len = IFNAMSIZ }, [TCA_IPT_TABLE] = { .type = NLA_STRING, .len = IFNAMSIZ },
[TCA_IPT_HOOK] = { .type = NLA_U32 }, [TCA_IPT_HOOK] = { .type = NLA_U32 },
[TCA_IPT_INDEX] = { .type = NLA_U32 }, [TCA_IPT_INDEX] = { .type = NLA_U32 },
[TCA_IPT_TARG] = { .len = sizeof(struct ipt_entry_target) }, [TCA_IPT_TARG] = { .len = sizeof(struct xt_entry_target) },
}; };
static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est, static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est,
@ -108,7 +108,7 @@ static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est,
struct nlattr *tb[TCA_IPT_MAX + 1]; struct nlattr *tb[TCA_IPT_MAX + 1];
struct tcf_ipt *ipt; struct tcf_ipt *ipt;
struct tcf_common *pc; struct tcf_common *pc;
struct ipt_entry_target *td, *t; struct xt_entry_target *td, *t;
char *tname; char *tname;
int ret = 0, err; int ret = 0, err;
u32 hook = 0; u32 hook = 0;
@ -126,7 +126,7 @@ static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est,
if (tb[TCA_IPT_TARG] == NULL) if (tb[TCA_IPT_TARG] == NULL)
return -EINVAL; return -EINVAL;
td = (struct ipt_entry_target *)nla_data(tb[TCA_IPT_TARG]); td = (struct xt_entry_target *)nla_data(tb[TCA_IPT_TARG]);
if (nla_len(tb[TCA_IPT_TARG]) < td->u.target_size) if (nla_len(tb[TCA_IPT_TARG]) < td->u.target_size)
return -EINVAL; return -EINVAL;
@ -249,7 +249,7 @@ static int tcf_ipt_dump(struct sk_buff *skb, struct tc_action *a, int bind, int
{ {
unsigned char *b = skb_tail_pointer(skb); unsigned char *b = skb_tail_pointer(skb);
struct tcf_ipt *ipt = a->priv; struct tcf_ipt *ipt = a->priv;
struct ipt_entry_target *t; struct xt_entry_target *t;
struct tcf_t tm; struct tcf_t tm;
struct tc_cnt c; struct tc_cnt c;