netfilter: xtables: resolve indirect macros 2/3
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
This commit is contained in:
parent
12b00c2c02
commit
87a2e70db6
|
@ -24,6 +24,8 @@
|
||||||
#ifndef __KERNEL__
|
#ifndef __KERNEL__
|
||||||
#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
|
#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
|
||||||
#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
|
#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
|
||||||
|
#define arpt_entry_target xt_entry_target
|
||||||
|
#define arpt_standard_target xt_standard_target
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define ARPT_DEV_ADDR_LEN_MAX 16
|
#define ARPT_DEV_ADDR_LEN_MAX 16
|
||||||
|
@ -65,9 +67,6 @@ struct arpt_arp {
|
||||||
u_int16_t invflags;
|
u_int16_t invflags;
|
||||||
};
|
};
|
||||||
|
|
||||||
#define arpt_entry_target xt_entry_target
|
|
||||||
#define arpt_standard_target xt_standard_target
|
|
||||||
|
|
||||||
/* Values for "flag" field in struct arpt_ip (general arp structure).
|
/* Values for "flag" field in struct arpt_ip (general arp structure).
|
||||||
* No flags defined yet.
|
* No flags defined yet.
|
||||||
*/
|
*/
|
||||||
|
@ -208,7 +207,7 @@ struct arpt_get_entries {
|
||||||
#define ARPT_ERROR_TARGET XT_ERROR_TARGET
|
#define ARPT_ERROR_TARGET XT_ERROR_TARGET
|
||||||
|
|
||||||
/* Helper functions */
|
/* Helper functions */
|
||||||
static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e)
|
static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e)
|
||||||
{
|
{
|
||||||
return (void *)e + e->target_offset;
|
return (void *)e + e->target_offset;
|
||||||
}
|
}
|
||||||
|
@ -227,11 +226,11 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e
|
||||||
/* Standard entry. */
|
/* Standard entry. */
|
||||||
struct arpt_standard {
|
struct arpt_standard {
|
||||||
struct arpt_entry entry;
|
struct arpt_entry entry;
|
||||||
struct arpt_standard_target target;
|
struct xt_standard_target target;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct arpt_error_target {
|
struct arpt_error_target {
|
||||||
struct arpt_entry_target target;
|
struct xt_entry_target target;
|
||||||
char errorname[XT_FUNCTION_MAXNAMELEN];
|
char errorname[XT_FUNCTION_MAXNAMELEN];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -250,7 +249,7 @@ struct arpt_error {
|
||||||
{ \
|
{ \
|
||||||
.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \
|
.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \
|
||||||
.target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \
|
.target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \
|
||||||
sizeof(struct arpt_standard_target)), \
|
sizeof(struct xt_standard_target)), \
|
||||||
.target.verdict = -(__verdict) - 1, \
|
.target.verdict = -(__verdict) - 1, \
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -287,7 +286,7 @@ struct compat_arpt_entry {
|
||||||
unsigned char elems[0];
|
unsigned char elems[0];
|
||||||
};
|
};
|
||||||
|
|
||||||
static inline struct arpt_entry_target *
|
static inline struct xt_entry_target *
|
||||||
compat_arpt_get_target(struct compat_arpt_entry *e)
|
compat_arpt_get_target(struct compat_arpt_entry *e)
|
||||||
{
|
{
|
||||||
return (void *)e + e->target_offset;
|
return (void *)e + e->target_offset;
|
||||||
|
|
|
@ -34,6 +34,10 @@
|
||||||
#define ipt_target xt_target
|
#define ipt_target xt_target
|
||||||
#define ipt_table xt_table
|
#define ipt_table xt_table
|
||||||
#define ipt_get_revision xt_get_revision
|
#define ipt_get_revision xt_get_revision
|
||||||
|
#define ipt_entry_match xt_entry_match
|
||||||
|
#define ipt_entry_target xt_entry_target
|
||||||
|
#define ipt_standard_target xt_standard_target
|
||||||
|
#define ipt_counters xt_counters
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Yes, Virginia, you have to zero the padding. */
|
/* Yes, Virginia, you have to zero the padding. */
|
||||||
|
@ -54,12 +58,6 @@ struct ipt_ip {
|
||||||
u_int8_t invflags;
|
u_int8_t invflags;
|
||||||
};
|
};
|
||||||
|
|
||||||
#define ipt_entry_match xt_entry_match
|
|
||||||
#define ipt_entry_target xt_entry_target
|
|
||||||
#define ipt_standard_target xt_standard_target
|
|
||||||
|
|
||||||
#define ipt_counters xt_counters
|
|
||||||
|
|
||||||
/* Values for "flag" field in struct ipt_ip (general ip structure). */
|
/* Values for "flag" field in struct ipt_ip (general ip structure). */
|
||||||
#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */
|
#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */
|
||||||
#define IPT_F_GOTO 0x02 /* Set if jump is a goto */
|
#define IPT_F_GOTO 0x02 /* Set if jump is a goto */
|
||||||
|
@ -219,7 +217,7 @@ struct ipt_get_entries {
|
||||||
#define IPT_ERROR_TARGET XT_ERROR_TARGET
|
#define IPT_ERROR_TARGET XT_ERROR_TARGET
|
||||||
|
|
||||||
/* Helper functions */
|
/* Helper functions */
|
||||||
static __inline__ struct ipt_entry_target *
|
static __inline__ struct xt_entry_target *
|
||||||
ipt_get_target(struct ipt_entry *e)
|
ipt_get_target(struct ipt_entry *e)
|
||||||
{
|
{
|
||||||
return (void *)e + e->target_offset;
|
return (void *)e + e->target_offset;
|
||||||
|
@ -251,11 +249,11 @@ extern void ipt_unregister_table(struct net *net, struct xt_table *table);
|
||||||
/* Standard entry. */
|
/* Standard entry. */
|
||||||
struct ipt_standard {
|
struct ipt_standard {
|
||||||
struct ipt_entry entry;
|
struct ipt_entry entry;
|
||||||
struct ipt_standard_target target;
|
struct xt_standard_target target;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct ipt_error_target {
|
struct ipt_error_target {
|
||||||
struct ipt_entry_target target;
|
struct xt_entry_target target;
|
||||||
char errorname[XT_FUNCTION_MAXNAMELEN];
|
char errorname[XT_FUNCTION_MAXNAMELEN];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -309,7 +307,7 @@ struct compat_ipt_entry {
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Helper functions */
|
/* Helper functions */
|
||||||
static inline struct ipt_entry_target *
|
static inline struct xt_entry_target *
|
||||||
compat_ipt_get_target(struct compat_ipt_entry *e)
|
compat_ipt_get_target(struct compat_ipt_entry *e)
|
||||||
{
|
{
|
||||||
return (void *)e + e->target_offset;
|
return (void *)e + e->target_offset;
|
||||||
|
|
|
@ -34,6 +34,10 @@
|
||||||
#define ip6t_target xt_target
|
#define ip6t_target xt_target
|
||||||
#define ip6t_table xt_table
|
#define ip6t_table xt_table
|
||||||
#define ip6t_get_revision xt_get_revision
|
#define ip6t_get_revision xt_get_revision
|
||||||
|
#define ip6t_entry_match xt_entry_match
|
||||||
|
#define ip6t_entry_target xt_entry_target
|
||||||
|
#define ip6t_standard_target xt_standard_target
|
||||||
|
#define ip6t_counters xt_counters
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Yes, Virginia, you have to zero the padding. */
|
/* Yes, Virginia, you have to zero the padding. */
|
||||||
|
@ -63,12 +67,6 @@ struct ip6t_ip6 {
|
||||||
u_int8_t invflags;
|
u_int8_t invflags;
|
||||||
};
|
};
|
||||||
|
|
||||||
#define ip6t_entry_match xt_entry_match
|
|
||||||
#define ip6t_entry_target xt_entry_target
|
|
||||||
#define ip6t_standard_target xt_standard_target
|
|
||||||
|
|
||||||
#define ip6t_counters xt_counters
|
|
||||||
|
|
||||||
/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
|
/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
|
||||||
#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper
|
#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper
|
||||||
protocols */
|
protocols */
|
||||||
|
@ -113,11 +111,11 @@ struct ip6t_entry {
|
||||||
/* Standard entry */
|
/* Standard entry */
|
||||||
struct ip6t_standard {
|
struct ip6t_standard {
|
||||||
struct ip6t_entry entry;
|
struct ip6t_entry entry;
|
||||||
struct ip6t_standard_target target;
|
struct xt_standard_target target;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct ip6t_error_target {
|
struct ip6t_error_target {
|
||||||
struct ip6t_entry_target target;
|
struct xt_entry_target target;
|
||||||
char errorname[XT_FUNCTION_MAXNAMELEN];
|
char errorname[XT_FUNCTION_MAXNAMELEN];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -136,7 +134,7 @@ struct ip6t_error {
|
||||||
{ \
|
{ \
|
||||||
.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
|
.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
|
||||||
.target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \
|
.target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \
|
||||||
sizeof(struct ip6t_standard_target)), \
|
sizeof(struct xt_standard_target)), \
|
||||||
.target.verdict = -(__verdict) - 1, \
|
.target.verdict = -(__verdict) - 1, \
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -275,7 +273,7 @@ struct ip6t_get_entries {
|
||||||
#define IP6T_ERROR_TARGET XT_ERROR_TARGET
|
#define IP6T_ERROR_TARGET XT_ERROR_TARGET
|
||||||
|
|
||||||
/* Helper functions */
|
/* Helper functions */
|
||||||
static __inline__ struct ip6t_entry_target *
|
static __inline__ struct xt_entry_target *
|
||||||
ip6t_get_target(struct ip6t_entry *e)
|
ip6t_get_target(struct ip6t_entry *e)
|
||||||
{
|
{
|
||||||
return (void *)e + e->target_offset;
|
return (void *)e + e->target_offset;
|
||||||
|
@ -332,7 +330,7 @@ struct compat_ip6t_entry {
|
||||||
unsigned char elems[0];
|
unsigned char elems[0];
|
||||||
};
|
};
|
||||||
|
|
||||||
static inline struct ip6t_entry_target *
|
static inline struct xt_entry_target *
|
||||||
compat_ip6t_get_target(struct compat_ip6t_entry *e)
|
compat_ip6t_get_target(struct compat_ip6t_entry *e)
|
||||||
{
|
{
|
||||||
return (void *)e + e->target_offset;
|
return (void *)e + e->target_offset;
|
||||||
|
|
|
@ -228,7 +228,7 @@ arpt_error(struct sk_buff *skb, const struct xt_action_param *par)
|
||||||
return NF_DROP;
|
return NF_DROP;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline const struct arpt_entry_target *
|
static inline const struct xt_entry_target *
|
||||||
arpt_get_target_c(const struct arpt_entry *e)
|
arpt_get_target_c(const struct arpt_entry *e)
|
||||||
{
|
{
|
||||||
return arpt_get_target((struct arpt_entry *)e);
|
return arpt_get_target((struct arpt_entry *)e);
|
||||||
|
@ -282,7 +282,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
|
||||||
|
|
||||||
arp = arp_hdr(skb);
|
arp = arp_hdr(skb);
|
||||||
do {
|
do {
|
||||||
const struct arpt_entry_target *t;
|
const struct xt_entry_target *t;
|
||||||
|
|
||||||
if (!arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {
|
if (!arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {
|
||||||
e = arpt_next_entry(e);
|
e = arpt_next_entry(e);
|
||||||
|
@ -297,7 +297,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
|
||||||
if (!t->u.kernel.target->target) {
|
if (!t->u.kernel.target->target) {
|
||||||
int v;
|
int v;
|
||||||
|
|
||||||
v = ((struct arpt_standard_target *)t)->verdict;
|
v = ((struct xt_standard_target *)t)->verdict;
|
||||||
if (v < 0) {
|
if (v < 0) {
|
||||||
/* Pop from stack? */
|
/* Pop from stack? */
|
||||||
if (v != ARPT_RETURN) {
|
if (v != ARPT_RETURN) {
|
||||||
|
@ -377,7 +377,7 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
|
||||||
e->counters.pcnt = pos;
|
e->counters.pcnt = pos;
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
const struct arpt_standard_target *t
|
const struct xt_standard_target *t
|
||||||
= (void *)arpt_get_target_c(e);
|
= (void *)arpt_get_target_c(e);
|
||||||
int visited = e->comefrom & (1 << hook);
|
int visited = e->comefrom & (1 << hook);
|
||||||
|
|
||||||
|
@ -464,14 +464,14 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
|
||||||
|
|
||||||
static inline int check_entry(const struct arpt_entry *e, const char *name)
|
static inline int check_entry(const struct arpt_entry *e, const char *name)
|
||||||
{
|
{
|
||||||
const struct arpt_entry_target *t;
|
const struct xt_entry_target *t;
|
||||||
|
|
||||||
if (!arp_checkentry(&e->arp)) {
|
if (!arp_checkentry(&e->arp)) {
|
||||||
duprintf("arp_tables: arp check failed %p %s.\n", e, name);
|
duprintf("arp_tables: arp check failed %p %s.\n", e, name);
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (e->target_offset + sizeof(struct arpt_entry_target) > e->next_offset)
|
if (e->target_offset + sizeof(struct xt_entry_target) > e->next_offset)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
t = arpt_get_target_c(e);
|
t = arpt_get_target_c(e);
|
||||||
|
@ -483,7 +483,7 @@ static inline int check_entry(const struct arpt_entry *e, const char *name)
|
||||||
|
|
||||||
static inline int check_target(struct arpt_entry *e, const char *name)
|
static inline int check_target(struct arpt_entry *e, const char *name)
|
||||||
{
|
{
|
||||||
struct arpt_entry_target *t = arpt_get_target(e);
|
struct xt_entry_target *t = arpt_get_target(e);
|
||||||
int ret;
|
int ret;
|
||||||
struct xt_tgchk_param par = {
|
struct xt_tgchk_param par = {
|
||||||
.table = name,
|
.table = name,
|
||||||
|
@ -506,7 +506,7 @@ static inline int check_target(struct arpt_entry *e, const char *name)
|
||||||
static inline int
|
static inline int
|
||||||
find_check_entry(struct arpt_entry *e, const char *name, unsigned int size)
|
find_check_entry(struct arpt_entry *e, const char *name, unsigned int size)
|
||||||
{
|
{
|
||||||
struct arpt_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct xt_target *target;
|
struct xt_target *target;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
|
@ -536,7 +536,7 @@ out:
|
||||||
|
|
||||||
static bool check_underflow(const struct arpt_entry *e)
|
static bool check_underflow(const struct arpt_entry *e)
|
||||||
{
|
{
|
||||||
const struct arpt_entry_target *t;
|
const struct xt_entry_target *t;
|
||||||
unsigned int verdict;
|
unsigned int verdict;
|
||||||
|
|
||||||
if (!unconditional(&e->arp))
|
if (!unconditional(&e->arp))
|
||||||
|
@ -544,7 +544,7 @@ static bool check_underflow(const struct arpt_entry *e)
|
||||||
t = arpt_get_target_c(e);
|
t = arpt_get_target_c(e);
|
||||||
if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0)
|
if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0)
|
||||||
return false;
|
return false;
|
||||||
verdict = ((struct arpt_standard_target *)t)->verdict;
|
verdict = ((struct xt_standard_target *)t)->verdict;
|
||||||
verdict = -verdict - 1;
|
verdict = -verdict - 1;
|
||||||
return verdict == NF_DROP || verdict == NF_ACCEPT;
|
return verdict == NF_DROP || verdict == NF_ACCEPT;
|
||||||
}
|
}
|
||||||
|
@ -566,7 +566,7 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (e->next_offset
|
if (e->next_offset
|
||||||
< sizeof(struct arpt_entry) + sizeof(struct arpt_entry_target)) {
|
< sizeof(struct arpt_entry) + sizeof(struct xt_entry_target)) {
|
||||||
duprintf("checking: element %p size %u\n",
|
duprintf("checking: element %p size %u\n",
|
||||||
e, e->next_offset);
|
e, e->next_offset);
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
@ -598,7 +598,7 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e,
|
||||||
static inline void cleanup_entry(struct arpt_entry *e)
|
static inline void cleanup_entry(struct arpt_entry *e)
|
||||||
{
|
{
|
||||||
struct xt_tgdtor_param par;
|
struct xt_tgdtor_param par;
|
||||||
struct arpt_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
|
|
||||||
t = arpt_get_target(e);
|
t = arpt_get_target(e);
|
||||||
par.target = t->u.kernel.target;
|
par.target = t->u.kernel.target;
|
||||||
|
@ -794,7 +794,7 @@ static int copy_entries_to_user(unsigned int total_size,
|
||||||
/* FIXME: use iterator macros --RR */
|
/* FIXME: use iterator macros --RR */
|
||||||
/* ... then go back and fix counters and names */
|
/* ... then go back and fix counters and names */
|
||||||
for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){
|
for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){
|
||||||
const struct arpt_entry_target *t;
|
const struct xt_entry_target *t;
|
||||||
|
|
||||||
e = (struct arpt_entry *)(loc_cpu_entry + off);
|
e = (struct arpt_entry *)(loc_cpu_entry + off);
|
||||||
if (copy_to_user(userptr + off
|
if (copy_to_user(userptr + off
|
||||||
|
@ -807,7 +807,7 @@ static int copy_entries_to_user(unsigned int total_size,
|
||||||
|
|
||||||
t = arpt_get_target_c(e);
|
t = arpt_get_target_c(e);
|
||||||
if (copy_to_user(userptr + off + e->target_offset
|
if (copy_to_user(userptr + off + e->target_offset
|
||||||
+ offsetof(struct arpt_entry_target,
|
+ offsetof(struct xt_entry_target,
|
||||||
u.user.name),
|
u.user.name),
|
||||||
t->u.kernel.target->name,
|
t->u.kernel.target->name,
|
||||||
strlen(t->u.kernel.target->name)+1) != 0) {
|
strlen(t->u.kernel.target->name)+1) != 0) {
|
||||||
|
@ -844,7 +844,7 @@ static int compat_calc_entry(const struct arpt_entry *e,
|
||||||
const struct xt_table_info *info,
|
const struct xt_table_info *info,
|
||||||
const void *base, struct xt_table_info *newinfo)
|
const void *base, struct xt_table_info *newinfo)
|
||||||
{
|
{
|
||||||
const struct arpt_entry_target *t;
|
const struct xt_entry_target *t;
|
||||||
unsigned int entry_offset;
|
unsigned int entry_offset;
|
||||||
int off, i, ret;
|
int off, i, ret;
|
||||||
|
|
||||||
|
@ -1204,7 +1204,7 @@ static int do_add_counters(struct net *net, const void __user *user,
|
||||||
#ifdef CONFIG_COMPAT
|
#ifdef CONFIG_COMPAT
|
||||||
static inline void compat_release_entry(struct compat_arpt_entry *e)
|
static inline void compat_release_entry(struct compat_arpt_entry *e)
|
||||||
{
|
{
|
||||||
struct arpt_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
|
|
||||||
t = compat_arpt_get_target(e);
|
t = compat_arpt_get_target(e);
|
||||||
module_put(t->u.kernel.target->me);
|
module_put(t->u.kernel.target->me);
|
||||||
|
@ -1220,7 +1220,7 @@ check_compat_entry_size_and_hooks(struct compat_arpt_entry *e,
|
||||||
const unsigned int *underflows,
|
const unsigned int *underflows,
|
||||||
const char *name)
|
const char *name)
|
||||||
{
|
{
|
||||||
struct arpt_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct xt_target *target;
|
struct xt_target *target;
|
||||||
unsigned int entry_offset;
|
unsigned int entry_offset;
|
||||||
int ret, off, h;
|
int ret, off, h;
|
||||||
|
@ -1288,7 +1288,7 @@ compat_copy_entry_from_user(struct compat_arpt_entry *e, void **dstptr,
|
||||||
unsigned int *size, const char *name,
|
unsigned int *size, const char *name,
|
||||||
struct xt_table_info *newinfo, unsigned char *base)
|
struct xt_table_info *newinfo, unsigned char *base)
|
||||||
{
|
{
|
||||||
struct arpt_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct xt_target *target;
|
struct xt_target *target;
|
||||||
struct arpt_entry *de;
|
struct arpt_entry *de;
|
||||||
unsigned int origsize;
|
unsigned int origsize;
|
||||||
|
@ -1567,7 +1567,7 @@ static int compat_copy_entry_to_user(struct arpt_entry *e, void __user **dstptr,
|
||||||
struct xt_counters *counters,
|
struct xt_counters *counters,
|
||||||
unsigned int i)
|
unsigned int i)
|
||||||
{
|
{
|
||||||
struct arpt_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct compat_arpt_entry __user *ce;
|
struct compat_arpt_entry __user *ce;
|
||||||
u_int16_t target_offset, next_offset;
|
u_int16_t target_offset, next_offset;
|
||||||
compat_uint_t origsize;
|
compat_uint_t origsize;
|
||||||
|
|
|
@ -186,7 +186,7 @@ static inline bool unconditional(const struct ipt_ip *ip)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* for const-correctness */
|
/* for const-correctness */
|
||||||
static inline const struct ipt_entry_target *
|
static inline const struct xt_entry_target *
|
||||||
ipt_get_target_c(const struct ipt_entry *e)
|
ipt_get_target_c(const struct ipt_entry *e)
|
||||||
{
|
{
|
||||||
return ipt_get_target((struct ipt_entry *)e);
|
return ipt_get_target((struct ipt_entry *)e);
|
||||||
|
@ -230,7 +230,7 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e,
|
||||||
const char *hookname, const char **chainname,
|
const char *hookname, const char **chainname,
|
||||||
const char **comment, unsigned int *rulenum)
|
const char **comment, unsigned int *rulenum)
|
||||||
{
|
{
|
||||||
const struct ipt_standard_target *t = (void *)ipt_get_target_c(s);
|
const struct xt_standard_target *t = (void *)ipt_get_target_c(s);
|
||||||
|
|
||||||
if (strcmp(t->target.u.kernel.target->name, IPT_ERROR_TARGET) == 0) {
|
if (strcmp(t->target.u.kernel.target->name, IPT_ERROR_TARGET) == 0) {
|
||||||
/* Head of user chain: ERROR target with chainname */
|
/* Head of user chain: ERROR target with chainname */
|
||||||
|
@ -346,7 +346,7 @@ ipt_do_table(struct sk_buff *skb,
|
||||||
get_entry(table_base, private->underflow[hook]));
|
get_entry(table_base, private->underflow[hook]));
|
||||||
|
|
||||||
do {
|
do {
|
||||||
const struct ipt_entry_target *t;
|
const struct xt_entry_target *t;
|
||||||
const struct xt_entry_match *ematch;
|
const struct xt_entry_match *ematch;
|
||||||
|
|
||||||
IP_NF_ASSERT(e);
|
IP_NF_ASSERT(e);
|
||||||
|
@ -380,7 +380,7 @@ ipt_do_table(struct sk_buff *skb,
|
||||||
if (!t->u.kernel.target->target) {
|
if (!t->u.kernel.target->target) {
|
||||||
int v;
|
int v;
|
||||||
|
|
||||||
v = ((struct ipt_standard_target *)t)->verdict;
|
v = ((struct xt_standard_target *)t)->verdict;
|
||||||
if (v < 0) {
|
if (v < 0) {
|
||||||
/* Pop from stack? */
|
/* Pop from stack? */
|
||||||
if (v != IPT_RETURN) {
|
if (v != IPT_RETURN) {
|
||||||
|
@ -461,7 +461,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
|
||||||
e->counters.pcnt = pos;
|
e->counters.pcnt = pos;
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
const struct ipt_standard_target *t
|
const struct xt_standard_target *t
|
||||||
= (void *)ipt_get_target_c(e);
|
= (void *)ipt_get_target_c(e);
|
||||||
int visited = e->comefrom & (1 << hook);
|
int visited = e->comefrom & (1 << hook);
|
||||||
|
|
||||||
|
@ -552,7 +552,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void cleanup_match(struct ipt_entry_match *m, struct net *net)
|
static void cleanup_match(struct xt_entry_match *m, struct net *net)
|
||||||
{
|
{
|
||||||
struct xt_mtdtor_param par;
|
struct xt_mtdtor_param par;
|
||||||
|
|
||||||
|
@ -568,14 +568,14 @@ static void cleanup_match(struct ipt_entry_match *m, struct net *net)
|
||||||
static int
|
static int
|
||||||
check_entry(const struct ipt_entry *e, const char *name)
|
check_entry(const struct ipt_entry *e, const char *name)
|
||||||
{
|
{
|
||||||
const struct ipt_entry_target *t;
|
const struct xt_entry_target *t;
|
||||||
|
|
||||||
if (!ip_checkentry(&e->ip)) {
|
if (!ip_checkentry(&e->ip)) {
|
||||||
duprintf("ip check failed %p %s.\n", e, par->match->name);
|
duprintf("ip check failed %p %s.\n", e, par->match->name);
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (e->target_offset + sizeof(struct ipt_entry_target) >
|
if (e->target_offset + sizeof(struct xt_entry_target) >
|
||||||
e->next_offset)
|
e->next_offset)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
@ -587,7 +587,7 @@ check_entry(const struct ipt_entry *e, const char *name)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par)
|
check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
|
||||||
{
|
{
|
||||||
const struct ipt_ip *ip = par->entryinfo;
|
const struct ipt_ip *ip = par->entryinfo;
|
||||||
int ret;
|
int ret;
|
||||||
|
@ -605,7 +605,7 @@ check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
find_check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par)
|
find_check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
|
||||||
{
|
{
|
||||||
struct xt_match *match;
|
struct xt_match *match;
|
||||||
int ret;
|
int ret;
|
||||||
|
@ -630,7 +630,7 @@ err:
|
||||||
|
|
||||||
static int check_target(struct ipt_entry *e, struct net *net, const char *name)
|
static int check_target(struct ipt_entry *e, struct net *net, const char *name)
|
||||||
{
|
{
|
||||||
struct ipt_entry_target *t = ipt_get_target(e);
|
struct xt_entry_target *t = ipt_get_target(e);
|
||||||
struct xt_tgchk_param par = {
|
struct xt_tgchk_param par = {
|
||||||
.net = net,
|
.net = net,
|
||||||
.table = name,
|
.table = name,
|
||||||
|
@ -656,7 +656,7 @@ static int
|
||||||
find_check_entry(struct ipt_entry *e, struct net *net, const char *name,
|
find_check_entry(struct ipt_entry *e, struct net *net, const char *name,
|
||||||
unsigned int size)
|
unsigned int size)
|
||||||
{
|
{
|
||||||
struct ipt_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct xt_target *target;
|
struct xt_target *target;
|
||||||
int ret;
|
int ret;
|
||||||
unsigned int j;
|
unsigned int j;
|
||||||
|
@ -707,7 +707,7 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name,
|
||||||
|
|
||||||
static bool check_underflow(const struct ipt_entry *e)
|
static bool check_underflow(const struct ipt_entry *e)
|
||||||
{
|
{
|
||||||
const struct ipt_entry_target *t;
|
const struct xt_entry_target *t;
|
||||||
unsigned int verdict;
|
unsigned int verdict;
|
||||||
|
|
||||||
if (!unconditional(&e->ip))
|
if (!unconditional(&e->ip))
|
||||||
|
@ -715,7 +715,7 @@ static bool check_underflow(const struct ipt_entry *e)
|
||||||
t = ipt_get_target_c(e);
|
t = ipt_get_target_c(e);
|
||||||
if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0)
|
if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0)
|
||||||
return false;
|
return false;
|
||||||
verdict = ((struct ipt_standard_target *)t)->verdict;
|
verdict = ((struct xt_standard_target *)t)->verdict;
|
||||||
verdict = -verdict - 1;
|
verdict = -verdict - 1;
|
||||||
return verdict == NF_DROP || verdict == NF_ACCEPT;
|
return verdict == NF_DROP || verdict == NF_ACCEPT;
|
||||||
}
|
}
|
||||||
|
@ -738,7 +738,7 @@ check_entry_size_and_hooks(struct ipt_entry *e,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (e->next_offset
|
if (e->next_offset
|
||||||
< sizeof(struct ipt_entry) + sizeof(struct ipt_entry_target)) {
|
< sizeof(struct ipt_entry) + sizeof(struct xt_entry_target)) {
|
||||||
duprintf("checking: element %p size %u\n",
|
duprintf("checking: element %p size %u\n",
|
||||||
e, e->next_offset);
|
e, e->next_offset);
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
@ -771,7 +771,7 @@ static void
|
||||||
cleanup_entry(struct ipt_entry *e, struct net *net)
|
cleanup_entry(struct ipt_entry *e, struct net *net)
|
||||||
{
|
{
|
||||||
struct xt_tgdtor_param par;
|
struct xt_tgdtor_param par;
|
||||||
struct ipt_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct xt_entry_match *ematch;
|
struct xt_entry_match *ematch;
|
||||||
|
|
||||||
/* Cleanup all matches */
|
/* Cleanup all matches */
|
||||||
|
@ -972,8 +972,8 @@ copy_entries_to_user(unsigned int total_size,
|
||||||
/* ... then go back and fix counters and names */
|
/* ... then go back and fix counters and names */
|
||||||
for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){
|
for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
const struct ipt_entry_match *m;
|
const struct xt_entry_match *m;
|
||||||
const struct ipt_entry_target *t;
|
const struct xt_entry_target *t;
|
||||||
|
|
||||||
e = (struct ipt_entry *)(loc_cpu_entry + off);
|
e = (struct ipt_entry *)(loc_cpu_entry + off);
|
||||||
if (copy_to_user(userptr + off
|
if (copy_to_user(userptr + off
|
||||||
|
@ -990,7 +990,7 @@ copy_entries_to_user(unsigned int total_size,
|
||||||
m = (void *)e + i;
|
m = (void *)e + i;
|
||||||
|
|
||||||
if (copy_to_user(userptr + off + i
|
if (copy_to_user(userptr + off + i
|
||||||
+ offsetof(struct ipt_entry_match,
|
+ offsetof(struct xt_entry_match,
|
||||||
u.user.name),
|
u.user.name),
|
||||||
m->u.kernel.match->name,
|
m->u.kernel.match->name,
|
||||||
strlen(m->u.kernel.match->name)+1)
|
strlen(m->u.kernel.match->name)+1)
|
||||||
|
@ -1002,7 +1002,7 @@ copy_entries_to_user(unsigned int total_size,
|
||||||
|
|
||||||
t = ipt_get_target_c(e);
|
t = ipt_get_target_c(e);
|
||||||
if (copy_to_user(userptr + off + e->target_offset
|
if (copy_to_user(userptr + off + e->target_offset
|
||||||
+ offsetof(struct ipt_entry_target,
|
+ offsetof(struct xt_entry_target,
|
||||||
u.user.name),
|
u.user.name),
|
||||||
t->u.kernel.target->name,
|
t->u.kernel.target->name,
|
||||||
strlen(t->u.kernel.target->name)+1) != 0) {
|
strlen(t->u.kernel.target->name)+1) != 0) {
|
||||||
|
@ -1040,7 +1040,7 @@ static int compat_calc_entry(const struct ipt_entry *e,
|
||||||
const void *base, struct xt_table_info *newinfo)
|
const void *base, struct xt_table_info *newinfo)
|
||||||
{
|
{
|
||||||
const struct xt_entry_match *ematch;
|
const struct xt_entry_match *ematch;
|
||||||
const struct ipt_entry_target *t;
|
const struct xt_entry_target *t;
|
||||||
unsigned int entry_offset;
|
unsigned int entry_offset;
|
||||||
int off, i, ret;
|
int off, i, ret;
|
||||||
|
|
||||||
|
@ -1407,7 +1407,7 @@ struct compat_ipt_replace {
|
||||||
u32 hook_entry[NF_INET_NUMHOOKS];
|
u32 hook_entry[NF_INET_NUMHOOKS];
|
||||||
u32 underflow[NF_INET_NUMHOOKS];
|
u32 underflow[NF_INET_NUMHOOKS];
|
||||||
u32 num_counters;
|
u32 num_counters;
|
||||||
compat_uptr_t counters; /* struct ipt_counters * */
|
compat_uptr_t counters; /* struct xt_counters * */
|
||||||
struct compat_ipt_entry entries[0];
|
struct compat_ipt_entry entries[0];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -1416,7 +1416,7 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr,
|
||||||
unsigned int *size, struct xt_counters *counters,
|
unsigned int *size, struct xt_counters *counters,
|
||||||
unsigned int i)
|
unsigned int i)
|
||||||
{
|
{
|
||||||
struct ipt_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct compat_ipt_entry __user *ce;
|
struct compat_ipt_entry __user *ce;
|
||||||
u_int16_t target_offset, next_offset;
|
u_int16_t target_offset, next_offset;
|
||||||
compat_uint_t origsize;
|
compat_uint_t origsize;
|
||||||
|
@ -1451,7 +1451,7 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr,
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
compat_find_calc_match(struct ipt_entry_match *m,
|
compat_find_calc_match(struct xt_entry_match *m,
|
||||||
const char *name,
|
const char *name,
|
||||||
const struct ipt_ip *ip,
|
const struct ipt_ip *ip,
|
||||||
unsigned int hookmask,
|
unsigned int hookmask,
|
||||||
|
@ -1473,7 +1473,7 @@ compat_find_calc_match(struct ipt_entry_match *m,
|
||||||
|
|
||||||
static void compat_release_entry(struct compat_ipt_entry *e)
|
static void compat_release_entry(struct compat_ipt_entry *e)
|
||||||
{
|
{
|
||||||
struct ipt_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct xt_entry_match *ematch;
|
struct xt_entry_match *ematch;
|
||||||
|
|
||||||
/* Cleanup all matches */
|
/* Cleanup all matches */
|
||||||
|
@ -1494,7 +1494,7 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e,
|
||||||
const char *name)
|
const char *name)
|
||||||
{
|
{
|
||||||
struct xt_entry_match *ematch;
|
struct xt_entry_match *ematch;
|
||||||
struct ipt_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct xt_target *target;
|
struct xt_target *target;
|
||||||
unsigned int entry_offset;
|
unsigned int entry_offset;
|
||||||
unsigned int j;
|
unsigned int j;
|
||||||
|
@ -1576,7 +1576,7 @@ compat_copy_entry_from_user(struct compat_ipt_entry *e, void **dstptr,
|
||||||
unsigned int *size, const char *name,
|
unsigned int *size, const char *name,
|
||||||
struct xt_table_info *newinfo, unsigned char *base)
|
struct xt_table_info *newinfo, unsigned char *base)
|
||||||
{
|
{
|
||||||
struct ipt_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct xt_target *target;
|
struct xt_target *target;
|
||||||
struct ipt_entry *de;
|
struct ipt_entry *de;
|
||||||
unsigned int origsize;
|
unsigned int origsize;
|
||||||
|
|
|
@ -215,7 +215,7 @@ static inline bool unconditional(const struct ip6t_ip6 *ipv6)
|
||||||
return memcmp(ipv6, &uncond, sizeof(uncond)) == 0;
|
return memcmp(ipv6, &uncond, sizeof(uncond)) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline const struct ip6t_entry_target *
|
static inline const struct xt_entry_target *
|
||||||
ip6t_get_target_c(const struct ip6t_entry *e)
|
ip6t_get_target_c(const struct ip6t_entry *e)
|
||||||
{
|
{
|
||||||
return ip6t_get_target((struct ip6t_entry *)e);
|
return ip6t_get_target((struct ip6t_entry *)e);
|
||||||
|
@ -260,7 +260,7 @@ get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e,
|
||||||
const char *hookname, const char **chainname,
|
const char *hookname, const char **chainname,
|
||||||
const char **comment, unsigned int *rulenum)
|
const char **comment, unsigned int *rulenum)
|
||||||
{
|
{
|
||||||
const struct ip6t_standard_target *t = (void *)ip6t_get_target_c(s);
|
const struct xt_standard_target *t = (void *)ip6t_get_target_c(s);
|
||||||
|
|
||||||
if (strcmp(t->target.u.kernel.target->name, IP6T_ERROR_TARGET) == 0) {
|
if (strcmp(t->target.u.kernel.target->name, IP6T_ERROR_TARGET) == 0) {
|
||||||
/* Head of user chain: ERROR target with chainname */
|
/* Head of user chain: ERROR target with chainname */
|
||||||
|
@ -369,7 +369,7 @@ ip6t_do_table(struct sk_buff *skb,
|
||||||
e = get_entry(table_base, private->hook_entry[hook]);
|
e = get_entry(table_base, private->hook_entry[hook]);
|
||||||
|
|
||||||
do {
|
do {
|
||||||
const struct ip6t_entry_target *t;
|
const struct xt_entry_target *t;
|
||||||
const struct xt_entry_match *ematch;
|
const struct xt_entry_match *ematch;
|
||||||
|
|
||||||
IP_NF_ASSERT(e);
|
IP_NF_ASSERT(e);
|
||||||
|
@ -403,7 +403,7 @@ ip6t_do_table(struct sk_buff *skb,
|
||||||
if (!t->u.kernel.target->target) {
|
if (!t->u.kernel.target->target) {
|
||||||
int v;
|
int v;
|
||||||
|
|
||||||
v = ((struct ip6t_standard_target *)t)->verdict;
|
v = ((struct xt_standard_target *)t)->verdict;
|
||||||
if (v < 0) {
|
if (v < 0) {
|
||||||
/* Pop from stack? */
|
/* Pop from stack? */
|
||||||
if (v != IP6T_RETURN) {
|
if (v != IP6T_RETURN) {
|
||||||
|
@ -474,7 +474,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
|
||||||
e->counters.pcnt = pos;
|
e->counters.pcnt = pos;
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
const struct ip6t_standard_target *t
|
const struct xt_standard_target *t
|
||||||
= (void *)ip6t_get_target_c(e);
|
= (void *)ip6t_get_target_c(e);
|
||||||
int visited = e->comefrom & (1 << hook);
|
int visited = e->comefrom & (1 << hook);
|
||||||
|
|
||||||
|
@ -565,7 +565,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void cleanup_match(struct ip6t_entry_match *m, struct net *net)
|
static void cleanup_match(struct xt_entry_match *m, struct net *net)
|
||||||
{
|
{
|
||||||
struct xt_mtdtor_param par;
|
struct xt_mtdtor_param par;
|
||||||
|
|
||||||
|
@ -581,14 +581,14 @@ static void cleanup_match(struct ip6t_entry_match *m, struct net *net)
|
||||||
static int
|
static int
|
||||||
check_entry(const struct ip6t_entry *e, const char *name)
|
check_entry(const struct ip6t_entry *e, const char *name)
|
||||||
{
|
{
|
||||||
const struct ip6t_entry_target *t;
|
const struct xt_entry_target *t;
|
||||||
|
|
||||||
if (!ip6_checkentry(&e->ipv6)) {
|
if (!ip6_checkentry(&e->ipv6)) {
|
||||||
duprintf("ip_tables: ip check failed %p %s.\n", e, name);
|
duprintf("ip_tables: ip check failed %p %s.\n", e, name);
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (e->target_offset + sizeof(struct ip6t_entry_target) >
|
if (e->target_offset + sizeof(struct xt_entry_target) >
|
||||||
e->next_offset)
|
e->next_offset)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
@ -599,7 +599,7 @@ check_entry(const struct ip6t_entry *e, const char *name)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int check_match(struct ip6t_entry_match *m, struct xt_mtchk_param *par)
|
static int check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
|
||||||
{
|
{
|
||||||
const struct ip6t_ip6 *ipv6 = par->entryinfo;
|
const struct ip6t_ip6 *ipv6 = par->entryinfo;
|
||||||
int ret;
|
int ret;
|
||||||
|
@ -618,7 +618,7 @@ static int check_match(struct ip6t_entry_match *m, struct xt_mtchk_param *par)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
find_check_match(struct ip6t_entry_match *m, struct xt_mtchk_param *par)
|
find_check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
|
||||||
{
|
{
|
||||||
struct xt_match *match;
|
struct xt_match *match;
|
||||||
int ret;
|
int ret;
|
||||||
|
@ -643,7 +643,7 @@ err:
|
||||||
|
|
||||||
static int check_target(struct ip6t_entry *e, struct net *net, const char *name)
|
static int check_target(struct ip6t_entry *e, struct net *net, const char *name)
|
||||||
{
|
{
|
||||||
struct ip6t_entry_target *t = ip6t_get_target(e);
|
struct xt_entry_target *t = ip6t_get_target(e);
|
||||||
struct xt_tgchk_param par = {
|
struct xt_tgchk_param par = {
|
||||||
.net = net,
|
.net = net,
|
||||||
.table = name,
|
.table = name,
|
||||||
|
@ -670,7 +670,7 @@ static int
|
||||||
find_check_entry(struct ip6t_entry *e, struct net *net, const char *name,
|
find_check_entry(struct ip6t_entry *e, struct net *net, const char *name,
|
||||||
unsigned int size)
|
unsigned int size)
|
||||||
{
|
{
|
||||||
struct ip6t_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct xt_target *target;
|
struct xt_target *target;
|
||||||
int ret;
|
int ret;
|
||||||
unsigned int j;
|
unsigned int j;
|
||||||
|
@ -721,7 +721,7 @@ find_check_entry(struct ip6t_entry *e, struct net *net, const char *name,
|
||||||
|
|
||||||
static bool check_underflow(const struct ip6t_entry *e)
|
static bool check_underflow(const struct ip6t_entry *e)
|
||||||
{
|
{
|
||||||
const struct ip6t_entry_target *t;
|
const struct xt_entry_target *t;
|
||||||
unsigned int verdict;
|
unsigned int verdict;
|
||||||
|
|
||||||
if (!unconditional(&e->ipv6))
|
if (!unconditional(&e->ipv6))
|
||||||
|
@ -729,7 +729,7 @@ static bool check_underflow(const struct ip6t_entry *e)
|
||||||
t = ip6t_get_target_c(e);
|
t = ip6t_get_target_c(e);
|
||||||
if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0)
|
if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0)
|
||||||
return false;
|
return false;
|
||||||
verdict = ((struct ip6t_standard_target *)t)->verdict;
|
verdict = ((struct xt_standard_target *)t)->verdict;
|
||||||
verdict = -verdict - 1;
|
verdict = -verdict - 1;
|
||||||
return verdict == NF_DROP || verdict == NF_ACCEPT;
|
return verdict == NF_DROP || verdict == NF_ACCEPT;
|
||||||
}
|
}
|
||||||
|
@ -752,7 +752,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (e->next_offset
|
if (e->next_offset
|
||||||
< sizeof(struct ip6t_entry) + sizeof(struct ip6t_entry_target)) {
|
< sizeof(struct ip6t_entry) + sizeof(struct xt_entry_target)) {
|
||||||
duprintf("checking: element %p size %u\n",
|
duprintf("checking: element %p size %u\n",
|
||||||
e, e->next_offset);
|
e, e->next_offset);
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
@ -784,7 +784,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e,
|
||||||
static void cleanup_entry(struct ip6t_entry *e, struct net *net)
|
static void cleanup_entry(struct ip6t_entry *e, struct net *net)
|
||||||
{
|
{
|
||||||
struct xt_tgdtor_param par;
|
struct xt_tgdtor_param par;
|
||||||
struct ip6t_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct xt_entry_match *ematch;
|
struct xt_entry_match *ematch;
|
||||||
|
|
||||||
/* Cleanup all matches */
|
/* Cleanup all matches */
|
||||||
|
@ -985,8 +985,8 @@ copy_entries_to_user(unsigned int total_size,
|
||||||
/* ... then go back and fix counters and names */
|
/* ... then go back and fix counters and names */
|
||||||
for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){
|
for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
const struct ip6t_entry_match *m;
|
const struct xt_entry_match *m;
|
||||||
const struct ip6t_entry_target *t;
|
const struct xt_entry_target *t;
|
||||||
|
|
||||||
e = (struct ip6t_entry *)(loc_cpu_entry + off);
|
e = (struct ip6t_entry *)(loc_cpu_entry + off);
|
||||||
if (copy_to_user(userptr + off
|
if (copy_to_user(userptr + off
|
||||||
|
@ -1003,7 +1003,7 @@ copy_entries_to_user(unsigned int total_size,
|
||||||
m = (void *)e + i;
|
m = (void *)e + i;
|
||||||
|
|
||||||
if (copy_to_user(userptr + off + i
|
if (copy_to_user(userptr + off + i
|
||||||
+ offsetof(struct ip6t_entry_match,
|
+ offsetof(struct xt_entry_match,
|
||||||
u.user.name),
|
u.user.name),
|
||||||
m->u.kernel.match->name,
|
m->u.kernel.match->name,
|
||||||
strlen(m->u.kernel.match->name)+1)
|
strlen(m->u.kernel.match->name)+1)
|
||||||
|
@ -1015,7 +1015,7 @@ copy_entries_to_user(unsigned int total_size,
|
||||||
|
|
||||||
t = ip6t_get_target_c(e);
|
t = ip6t_get_target_c(e);
|
||||||
if (copy_to_user(userptr + off + e->target_offset
|
if (copy_to_user(userptr + off + e->target_offset
|
||||||
+ offsetof(struct ip6t_entry_target,
|
+ offsetof(struct xt_entry_target,
|
||||||
u.user.name),
|
u.user.name),
|
||||||
t->u.kernel.target->name,
|
t->u.kernel.target->name,
|
||||||
strlen(t->u.kernel.target->name)+1) != 0) {
|
strlen(t->u.kernel.target->name)+1) != 0) {
|
||||||
|
@ -1053,7 +1053,7 @@ static int compat_calc_entry(const struct ip6t_entry *e,
|
||||||
const void *base, struct xt_table_info *newinfo)
|
const void *base, struct xt_table_info *newinfo)
|
||||||
{
|
{
|
||||||
const struct xt_entry_match *ematch;
|
const struct xt_entry_match *ematch;
|
||||||
const struct ip6t_entry_target *t;
|
const struct xt_entry_target *t;
|
||||||
unsigned int entry_offset;
|
unsigned int entry_offset;
|
||||||
int off, i, ret;
|
int off, i, ret;
|
||||||
|
|
||||||
|
@ -1422,7 +1422,7 @@ struct compat_ip6t_replace {
|
||||||
u32 hook_entry[NF_INET_NUMHOOKS];
|
u32 hook_entry[NF_INET_NUMHOOKS];
|
||||||
u32 underflow[NF_INET_NUMHOOKS];
|
u32 underflow[NF_INET_NUMHOOKS];
|
||||||
u32 num_counters;
|
u32 num_counters;
|
||||||
compat_uptr_t counters; /* struct ip6t_counters * */
|
compat_uptr_t counters; /* struct xt_counters * */
|
||||||
struct compat_ip6t_entry entries[0];
|
struct compat_ip6t_entry entries[0];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -1431,7 +1431,7 @@ compat_copy_entry_to_user(struct ip6t_entry *e, void __user **dstptr,
|
||||||
unsigned int *size, struct xt_counters *counters,
|
unsigned int *size, struct xt_counters *counters,
|
||||||
unsigned int i)
|
unsigned int i)
|
||||||
{
|
{
|
||||||
struct ip6t_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct compat_ip6t_entry __user *ce;
|
struct compat_ip6t_entry __user *ce;
|
||||||
u_int16_t target_offset, next_offset;
|
u_int16_t target_offset, next_offset;
|
||||||
compat_uint_t origsize;
|
compat_uint_t origsize;
|
||||||
|
@ -1466,7 +1466,7 @@ compat_copy_entry_to_user(struct ip6t_entry *e, void __user **dstptr,
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
compat_find_calc_match(struct ip6t_entry_match *m,
|
compat_find_calc_match(struct xt_entry_match *m,
|
||||||
const char *name,
|
const char *name,
|
||||||
const struct ip6t_ip6 *ipv6,
|
const struct ip6t_ip6 *ipv6,
|
||||||
unsigned int hookmask,
|
unsigned int hookmask,
|
||||||
|
@ -1488,7 +1488,7 @@ compat_find_calc_match(struct ip6t_entry_match *m,
|
||||||
|
|
||||||
static void compat_release_entry(struct compat_ip6t_entry *e)
|
static void compat_release_entry(struct compat_ip6t_entry *e)
|
||||||
{
|
{
|
||||||
struct ip6t_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct xt_entry_match *ematch;
|
struct xt_entry_match *ematch;
|
||||||
|
|
||||||
/* Cleanup all matches */
|
/* Cleanup all matches */
|
||||||
|
@ -1509,7 +1509,7 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e,
|
||||||
const char *name)
|
const char *name)
|
||||||
{
|
{
|
||||||
struct xt_entry_match *ematch;
|
struct xt_entry_match *ematch;
|
||||||
struct ip6t_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct xt_target *target;
|
struct xt_target *target;
|
||||||
unsigned int entry_offset;
|
unsigned int entry_offset;
|
||||||
unsigned int j;
|
unsigned int j;
|
||||||
|
@ -1591,7 +1591,7 @@ compat_copy_entry_from_user(struct compat_ip6t_entry *e, void **dstptr,
|
||||||
unsigned int *size, const char *name,
|
unsigned int *size, const char *name,
|
||||||
struct xt_table_info *newinfo, unsigned char *base)
|
struct xt_table_info *newinfo, unsigned char *base)
|
||||||
{
|
{
|
||||||
struct ip6t_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct xt_target *target;
|
struct xt_target *target;
|
||||||
struct ip6t_entry *de;
|
struct ip6t_entry *de;
|
||||||
unsigned int origsize;
|
unsigned int origsize;
|
||||||
|
|
|
@ -39,7 +39,7 @@ static struct tcf_hashinfo ipt_hash_info = {
|
||||||
.lock = &ipt_lock,
|
.lock = &ipt_lock,
|
||||||
};
|
};
|
||||||
|
|
||||||
static int ipt_init_target(struct ipt_entry_target *t, char *table, unsigned int hook)
|
static int ipt_init_target(struct xt_entry_target *t, char *table, unsigned int hook)
|
||||||
{
|
{
|
||||||
struct xt_tgchk_param par;
|
struct xt_tgchk_param par;
|
||||||
struct xt_target *target;
|
struct xt_target *target;
|
||||||
|
@ -66,7 +66,7 @@ static int ipt_init_target(struct ipt_entry_target *t, char *table, unsigned int
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void ipt_destroy_target(struct ipt_entry_target *t)
|
static void ipt_destroy_target(struct xt_entry_target *t)
|
||||||
{
|
{
|
||||||
struct xt_tgdtor_param par = {
|
struct xt_tgdtor_param par = {
|
||||||
.target = t->u.kernel.target,
|
.target = t->u.kernel.target,
|
||||||
|
@ -99,7 +99,7 @@ static const struct nla_policy ipt_policy[TCA_IPT_MAX + 1] = {
|
||||||
[TCA_IPT_TABLE] = { .type = NLA_STRING, .len = IFNAMSIZ },
|
[TCA_IPT_TABLE] = { .type = NLA_STRING, .len = IFNAMSIZ },
|
||||||
[TCA_IPT_HOOK] = { .type = NLA_U32 },
|
[TCA_IPT_HOOK] = { .type = NLA_U32 },
|
||||||
[TCA_IPT_INDEX] = { .type = NLA_U32 },
|
[TCA_IPT_INDEX] = { .type = NLA_U32 },
|
||||||
[TCA_IPT_TARG] = { .len = sizeof(struct ipt_entry_target) },
|
[TCA_IPT_TARG] = { .len = sizeof(struct xt_entry_target) },
|
||||||
};
|
};
|
||||||
|
|
||||||
static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est,
|
static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est,
|
||||||
|
@ -108,7 +108,7 @@ static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est,
|
||||||
struct nlattr *tb[TCA_IPT_MAX + 1];
|
struct nlattr *tb[TCA_IPT_MAX + 1];
|
||||||
struct tcf_ipt *ipt;
|
struct tcf_ipt *ipt;
|
||||||
struct tcf_common *pc;
|
struct tcf_common *pc;
|
||||||
struct ipt_entry_target *td, *t;
|
struct xt_entry_target *td, *t;
|
||||||
char *tname;
|
char *tname;
|
||||||
int ret = 0, err;
|
int ret = 0, err;
|
||||||
u32 hook = 0;
|
u32 hook = 0;
|
||||||
|
@ -126,7 +126,7 @@ static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est,
|
||||||
if (tb[TCA_IPT_TARG] == NULL)
|
if (tb[TCA_IPT_TARG] == NULL)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
td = (struct ipt_entry_target *)nla_data(tb[TCA_IPT_TARG]);
|
td = (struct xt_entry_target *)nla_data(tb[TCA_IPT_TARG]);
|
||||||
if (nla_len(tb[TCA_IPT_TARG]) < td->u.target_size)
|
if (nla_len(tb[TCA_IPT_TARG]) < td->u.target_size)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
@ -249,7 +249,7 @@ static int tcf_ipt_dump(struct sk_buff *skb, struct tc_action *a, int bind, int
|
||||||
{
|
{
|
||||||
unsigned char *b = skb_tail_pointer(skb);
|
unsigned char *b = skb_tail_pointer(skb);
|
||||||
struct tcf_ipt *ipt = a->priv;
|
struct tcf_ipt *ipt = a->priv;
|
||||||
struct ipt_entry_target *t;
|
struct xt_entry_target *t;
|
||||||
struct tcf_t tm;
|
struct tcf_t tm;
|
||||||
struct tc_cnt c;
|
struct tc_cnt c;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue