lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

netfilter: xtables: resolve indirect macros 3/3

Browse Source
This commit is contained in:
Jan Engelhardt
2010-10-13 16:28:00 +02:00
parent 87a2e70db6
commit 243bf6e29e
8 changed files with 94 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
include/linux/netfilter_arp/arp_tables.h
View File

@@ -26,6 +26,14 @@
#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN #define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
#define arpt_entry_target xt_entry_target #define arpt_entry_target xt_entry_target
#define arpt_standard_target xt_standard_target #define arpt_standard_target xt_standard_target
#define ARPT_CONTINUE XT_CONTINUE
#define ARPT_RETURN XT_RETURN
#define arpt_counters_info xt_counters_info
#define arpt_counters xt_counters
#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
#define ARPT_ERROR_TARGET XT_ERROR_TARGET
#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
#endif #endif
#define ARPT_DEV_ADDR_LEN_MAX 16 #define ARPT_DEV_ADDR_LEN_MAX 16
@@ -126,12 +134,6 @@ struct arpt_entry
#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3) #define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3)
#define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET) #define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET)
/* CONTINUE verdict for targets */
#define ARPT_CONTINUE XT_CONTINUE
/* For standard target */
#define ARPT_RETURN XT_RETURN
/* The argument to ARPT_SO_GET_INFO */ /* The argument to ARPT_SO_GET_INFO */
struct arpt_getinfo { struct arpt_getinfo {
/* Which table: caller fills this in. */ /* Which table: caller fills this in. */
@@ -185,10 +187,6 @@ struct arpt_replace {
struct arpt_entry entries[0]; struct arpt_entry entries[0];
}; };
/* The argument to ARPT_SO_ADD_COUNTERS. */
#define arpt_counters_info xt_counters_info
#define arpt_counters xt_counters
/* The argument to ARPT_SO_GET_ENTRIES. */ /* The argument to ARPT_SO_GET_ENTRIES. */
struct arpt_get_entries { struct arpt_get_entries {
/* Which table: user fills this in. */ /* Which table: user fills this in. */
@@ -201,23 +199,12 @@ struct arpt_get_entries {
struct arpt_entry entrytable[0]; struct arpt_entry entrytable[0];
}; };
/* Standard return verdict, or do jump. */
#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
/* Error verdict. */
#define ARPT_ERROR_TARGET XT_ERROR_TARGET
/* Helper functions */ /* Helper functions */
static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e) static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e)
{ {
return (void *)e + e->target_offset; return (void *)e + e->target_offset;
} }
#ifndef __KERNEL__
/* fn returns 0 to continue iteration */
#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
#endif
/* /*
* Main firewall chains definitions and global var's definitions. * Main firewall chains definitions and global var's definitions.
*/ */
@@ -248,7 +235,7 @@ struct arpt_error {
#define ARPT_STANDARD_INIT(__verdict) \ #define ARPT_STANDARD_INIT(__verdict) \
{ \ { \
.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \ .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \
.target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \ .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \
sizeof(struct xt_standard_target)), \ sizeof(struct xt_standard_target)), \
.target.verdict = -(__verdict) - 1, \ .target.verdict = -(__verdict) - 1, \
} }
@@ -256,7 +243,7 @@ struct arpt_error {
#define ARPT_ERROR_INIT \ #define ARPT_ERROR_INIT \
{ \ { \
.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_error)), \ .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_error)), \
.target = XT_TARGET_INIT(ARPT_ERROR_TARGET, \ .target = XT_TARGET_INIT(XT_ERROR_TARGET, \
sizeof(struct arpt_error_target)), \ sizeof(struct arpt_error_target)), \
.target.errorname = "ERROR", \ .target.errorname = "ERROR", \
} }

69
include/linux/netfilter_ipv4/ip_tables.h
View File

@@ -38,6 +38,36 @@
#define ipt_entry_target xt_entry_target #define ipt_entry_target xt_entry_target
#define ipt_standard_target xt_standard_target #define ipt_standard_target xt_standard_target
#define ipt_counters xt_counters #define ipt_counters xt_counters
#define IPT_CONTINUE XT_CONTINUE
#define IPT_RETURN XT_RETURN
/* This group is older than old (iptables < v1.4.0-rc1~89) */
#include <linux/netfilter/xt_tcpudp.h>
#define ipt_udp xt_udp
#define ipt_tcp xt_tcp
#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
/* The argument to IPT_SO_ADD_COUNTERS. */
#define ipt_counters_info xt_counters_info
/* Standard return verdict, or do jump. */
#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
/* Error verdict. */
#define IPT_ERROR_TARGET XT_ERROR_TARGET
/* fn returns 0 to continue iteration */
#define IPT_MATCH_ITERATE(e, fn, args...) \
XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
/* fn returns 0 to continue iteration */
#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
#endif #endif
/* Yes, Virginia, you have to zero the padding. */ /* Yes, Virginia, you have to zero the padding. */
@@ -116,23 +146,6 @@ struct ipt_entry {
#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) #define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET #define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET
#define IPT_CONTINUE XT_CONTINUE
#define IPT_RETURN XT_RETURN
#include <linux/netfilter/xt_tcpudp.h>
#define ipt_udp xt_udp
#define ipt_tcp xt_tcp
#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
/* ICMP matching stuff */ /* ICMP matching stuff */
struct ipt_icmp { struct ipt_icmp {
u_int8_t type; /* type to match */ u_int8_t type; /* type to match */
@@ -196,9 +209,6 @@ struct ipt_replace {
struct ipt_entry entries[0]; struct ipt_entry entries[0];
}; };
/* The argument to IPT_SO_ADD_COUNTERS. */
#define ipt_counters_info xt_counters_info
/* The argument to IPT_SO_GET_ENTRIES. */ /* The argument to IPT_SO_GET_ENTRIES. */
struct ipt_get_entries { struct ipt_get_entries {
/* Which table: user fills this in. */ /* Which table: user fills this in. */
@@ -211,11 +221,6 @@ struct ipt_get_entries {
struct ipt_entry entrytable[0]; struct ipt_entry entrytable[0];
}; };
/* Standard return verdict, or do jump. */
#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
/* Error verdict. */
#define IPT_ERROR_TARGET XT_ERROR_TARGET
/* Helper functions */ /* Helper functions */
static __inline__ struct xt_entry_target * static __inline__ struct xt_entry_target *
ipt_get_target(struct ipt_entry *e) ipt_get_target(struct ipt_entry *e)
@@ -223,16 +228,6 @@ ipt_get_target(struct ipt_entry *e)
return (void *)e + e->target_offset; return (void *)e + e->target_offset;
} }
#ifndef __KERNEL__
/* fn returns 0 to continue iteration */
#define IPT_MATCH_ITERATE(e, fn, args...) \
XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
/* fn returns 0 to continue iteration */
#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
#endif
/* /*
* Main firewall chains definitions and global var's definitions. * Main firewall chains definitions and global var's definitions.
*/ */
@@ -271,7 +266,7 @@ struct ipt_error {
#define IPT_STANDARD_INIT(__verdict) \ #define IPT_STANDARD_INIT(__verdict) \
{ \ { \
.entry = IPT_ENTRY_INIT(sizeof(struct ipt_standard)), \ .entry = IPT_ENTRY_INIT(sizeof(struct ipt_standard)), \
.target = XT_TARGET_INIT(IPT_STANDARD_TARGET, \ .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \
sizeof(struct xt_standard_target)), \ sizeof(struct xt_standard_target)), \
.target.verdict = -(__verdict) - 1, \ .target.verdict = -(__verdict) - 1, \
} }
@@ -279,7 +274,7 @@ struct ipt_error {
#define IPT_ERROR_INIT \ #define IPT_ERROR_INIT \
{ \ { \
.entry = IPT_ENTRY_INIT(sizeof(struct ipt_error)), \ .entry = IPT_ENTRY_INIT(sizeof(struct ipt_error)), \
.target = XT_TARGET_INIT(IPT_ERROR_TARGET, \ .target = XT_TARGET_INIT(XT_ERROR_TARGET, \
sizeof(struct ipt_error_target)), \ sizeof(struct ipt_error_target)), \
.target.errorname = "ERROR", \ .target.errorname = "ERROR", \
} }

69
include/linux/netfilter_ipv6/ip6_tables.h
View File

@@ -38,6 +38,29 @@
#define ip6t_entry_target xt_entry_target #define ip6t_entry_target xt_entry_target
#define ip6t_standard_target xt_standard_target #define ip6t_standard_target xt_standard_target
#define ip6t_counters xt_counters #define ip6t_counters xt_counters
#define IP6T_CONTINUE XT_CONTINUE
#define IP6T_RETURN XT_RETURN
/* Pre-iptables-1.4.0 */
#include <linux/netfilter/xt_tcpudp.h>
#define ip6t_tcp xt_tcp
#define ip6t_udp xt_udp
#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
#define ip6t_counters_info xt_counters_info
#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
#define IP6T_ERROR_TARGET XT_ERROR_TARGET
#define IP6T_MATCH_ITERATE(e, fn, args...) \
XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
#endif #endif
/* Yes, Virginia, you have to zero the padding. */ /* Yes, Virginia, you have to zero the padding. */
@@ -133,7 +156,7 @@ struct ip6t_error {
#define IP6T_STANDARD_INIT(__verdict) \ #define IP6T_STANDARD_INIT(__verdict) \
{ \ { \
.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \ .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
.target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \ .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \
sizeof(struct xt_standard_target)), \ sizeof(struct xt_standard_target)), \
.target.verdict = -(__verdict) - 1, \ .target.verdict = -(__verdict) - 1, \
} }
@@ -141,7 +164,7 @@ struct ip6t_error {
#define IP6T_ERROR_INIT \ #define IP6T_ERROR_INIT \
{ \ { \
.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \ .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \
.target = XT_TARGET_INIT(IP6T_ERROR_TARGET, \ .target = XT_TARGET_INIT(XT_ERROR_TARGET, \
sizeof(struct ip6t_error_target)), \ sizeof(struct ip6t_error_target)), \
.target.errorname = "ERROR", \ .target.errorname = "ERROR", \
} }
@@ -165,30 +188,6 @@ struct ip6t_error {
#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5) #define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5)
#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET #define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET
/* CONTINUE verdict for targets */
#define IP6T_CONTINUE XT_CONTINUE
/* For standard target */
#define IP6T_RETURN XT_RETURN
/* TCP/UDP matching stuff */
#include <linux/netfilter/xt_tcpudp.h>
#define ip6t_tcp xt_tcp
#define ip6t_udp xt_udp
/* Values for "inv" field in struct ipt_tcp. */
#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
/* Values for "invflags" field in struct ipt_udp. */
#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
/* ICMP matching stuff */ /* ICMP matching stuff */
struct ip6t_icmp { struct ip6t_icmp {
u_int8_t type; /* type to match */ u_int8_t type; /* type to match */
@@ -252,9 +251,6 @@ struct ip6t_replace {
struct ip6t_entry entries[0]; struct ip6t_entry entries[0];
}; };
/* The argument to IP6T_SO_ADD_COUNTERS. */
#define ip6t_counters_info xt_counters_info
/* The argument to IP6T_SO_GET_ENTRIES. */ /* The argument to IP6T_SO_GET_ENTRIES. */
struct ip6t_get_entries { struct ip6t_get_entries {
/* Which table: user fills this in. */ /* Which table: user fills this in. */
@@ -267,11 +263,6 @@ struct ip6t_get_entries {
struct ip6t_entry entrytable[0]; struct ip6t_entry entrytable[0];
}; };
/* Standard return verdict, or do jump. */
#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
/* Error verdict. */
#define IP6T_ERROR_TARGET XT_ERROR_TARGET
/* Helper functions */ /* Helper functions */
static __inline__ struct xt_entry_target * static __inline__ struct xt_entry_target *
ip6t_get_target(struct ip6t_entry *e) ip6t_get_target(struct ip6t_entry *e)
@@ -279,16 +270,6 @@ ip6t_get_target(struct ip6t_entry *e)
return (void *)e + e->target_offset; return (void *)e + e->target_offset;
} }
#ifndef __KERNEL__
/* fn returns 0 to continue iteration */
#define IP6T_MATCH_ITERATE(e, fn, args...) \
XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
/* fn returns 0 to continue iteration */
#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
#endif
/* /*
* Main firewall chains definitions and global var's definitions. * Main firewall chains definitions and global var's definitions.
*/ */

14
net/ipv4/netfilter/arp_tables.c
View File

@@ -300,7 +300,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
v = ((struct xt_standard_target *)t)->verdict; v = ((struct xt_standard_target *)t)->verdict;
if (v < 0) { if (v < 0) {
/* Pop from stack? */ /* Pop from stack? */
if (v != ARPT_RETURN) { if (v != XT_RETURN) {
verdict = (unsigned)(-v) - 1; verdict = (unsigned)(-v) - 1;
break; break;
} }
@@ -332,7 +332,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
/* Target might have changed stuff. */ /* Target might have changed stuff. */
arp = arp_hdr(skb); arp = arp_hdr(skb);
if (verdict == ARPT_CONTINUE) if (verdict == XT_CONTINUE)
e = arpt_next_entry(e); e = arpt_next_entry(e);
else else
/* Verdict */ /* Verdict */
@@ -392,13 +392,13 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
/* Unconditional return/END. */ /* Unconditional return/END. */
if ((e->target_offset == sizeof(struct arpt_entry) && if ((e->target_offset == sizeof(struct arpt_entry) &&
(strcmp(t->target.u.user.name, (strcmp(t->target.u.user.name,
ARPT_STANDARD_TARGET) == 0) && XT_STANDARD_TARGET) == 0) &&
t->verdict < 0 && unconditional(&e->arp)) || t->verdict < 0 && unconditional(&e->arp)) ||
visited) { visited) {
unsigned int oldpos, size; unsigned int oldpos, size;
if ((strcmp(t->target.u.user.name, if ((strcmp(t->target.u.user.name,
ARPT_STANDARD_TARGET) == 0) && XT_STANDARD_TARGET) == 0) &&
t->verdict < -NF_MAX_VERDICT - 1) { t->verdict < -NF_MAX_VERDICT - 1) {
duprintf("mark_source_chains: bad " duprintf("mark_source_chains: bad "
"negative verdict (%i)\n", "negative verdict (%i)\n",
@@ -433,7 +433,7 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
int newpos = t->verdict; int newpos = t->verdict;
if (strcmp(t->target.u.user.name, if (strcmp(t->target.u.user.name,
ARPT_STANDARD_TARGET) == 0 && XT_STANDARD_TARGET) == 0 &&
newpos >= 0) { newpos >= 0) {
if (newpos > newinfo->size - if (newpos > newinfo->size -
sizeof(struct arpt_entry)) { sizeof(struct arpt_entry)) {
@@ -1828,7 +1828,7 @@ void arpt_unregister_table(struct xt_table *table)
/* The built-in targets: standard (NULL) and error. */ /* The built-in targets: standard (NULL) and error. */
static struct xt_target arpt_builtin_tg[] __read_mostly = { static struct xt_target arpt_builtin_tg[] __read_mostly = {
{ {
.name = ARPT_STANDARD_TARGET, .name = XT_STANDARD_TARGET,
.targetsize = sizeof(int), .targetsize = sizeof(int),
.family = NFPROTO_ARP, .family = NFPROTO_ARP,
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
@@ -1838,7 +1838,7 @@ static struct xt_target arpt_builtin_tg[] __read_mostly = {
#endif #endif
}, },
{ {
.name = ARPT_ERROR_TARGET, .name = XT_ERROR_TARGET,
.target = arpt_error, .target = arpt_error,
.targetsize = XT_FUNCTION_MAXNAMELEN, .targetsize = XT_FUNCTION_MAXNAMELEN,
.family = NFPROTO_ARP, .family = NFPROTO_ARP,

2
net/ipv4/netfilter/arpt_mangle.c
View File

@@ -63,7 +63,7 @@ static int checkentry(const struct xt_tgchk_param *par)
return false; return false;
if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT && if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT &&
mangle->target != ARPT_CONTINUE) mangle->target != XT_CONTINUE)
return false; return false;
return true; return true;
} }

18
net/ipv4/netfilter/ip_tables.c
View File

@@ -232,7 +232,7 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e,
{ {
const struct xt_standard_target *t = (void *)ipt_get_target_c(s); const struct xt_standard_target *t = (void *)ipt_get_target_c(s);
if (strcmp(t->target.u.kernel.target->name, IPT_ERROR_TARGET) == 0) { if (strcmp(t->target.u.kernel.target->name, XT_ERROR_TARGET) == 0) {
/* Head of user chain: ERROR target with chainname */ /* Head of user chain: ERROR target with chainname */
*chainname = t->target.data; *chainname = t->target.data;
(*rulenum) = 0; (*rulenum) = 0;
@@ -241,7 +241,7 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e,
if (s->target_offset == sizeof(struct ipt_entry) && if (s->target_offset == sizeof(struct ipt_entry) &&
strcmp(t->target.u.kernel.target->name, strcmp(t->target.u.kernel.target->name,
IPT_STANDARD_TARGET) == 0 && XT_STANDARD_TARGET) == 0 &&
t->verdict < 0 && t->verdict < 0 &&
unconditional(&s->ip)) { unconditional(&s->ip)) {
/* Tail of chains: STANDARD target (return/policy) */ /* Tail of chains: STANDARD target (return/policy) */
@@ -383,7 +383,7 @@ ipt_do_table(struct sk_buff *skb,
v = ((struct xt_standard_target *)t)->verdict; v = ((struct xt_standard_target *)t)->verdict;
if (v < 0) { if (v < 0) {
/* Pop from stack? */ /* Pop from stack? */
if (v != IPT_RETURN) { if (v != XT_RETURN) {
verdict = (unsigned)(-v) - 1; verdict = (unsigned)(-v) - 1;
break; break;
} }
@@ -421,7 +421,7 @@ ipt_do_table(struct sk_buff *skb,
verdict = t->u.kernel.target->target(skb, &acpar); verdict = t->u.kernel.target->target(skb, &acpar);
/* Target might have changed stuff. */ /* Target might have changed stuff. */
ip = ip_hdr(skb); ip = ip_hdr(skb);
if (verdict == IPT_CONTINUE) if (verdict == XT_CONTINUE)
e = ipt_next_entry(e); e = ipt_next_entry(e);
else else
/* Verdict */ /* Verdict */
@@ -475,13 +475,13 @@ mark_source_chains(const struct xt_table_info *newinfo,
/* Unconditional return/END. */ /* Unconditional return/END. */
if ((e->target_offset == sizeof(struct ipt_entry) && if ((e->target_offset == sizeof(struct ipt_entry) &&
(strcmp(t->target.u.user.name, (strcmp(t->target.u.user.name,
IPT_STANDARD_TARGET) == 0) && XT_STANDARD_TARGET) == 0) &&
t->verdict < 0 && unconditional(&e->ip)) || t->verdict < 0 && unconditional(&e->ip)) ||
visited) { visited) {
unsigned int oldpos, size; unsigned int oldpos, size;
if ((strcmp(t->target.u.user.name, if ((strcmp(t->target.u.user.name,
IPT_STANDARD_TARGET) == 0) && XT_STANDARD_TARGET) == 0) &&
t->verdict < -NF_MAX_VERDICT - 1) { t->verdict < -NF_MAX_VERDICT - 1) {
duprintf("mark_source_chains: bad " duprintf("mark_source_chains: bad "
"negative verdict (%i)\n", "negative verdict (%i)\n",
@@ -524,7 +524,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
int newpos = t->verdict; int newpos = t->verdict;
if (strcmp(t->target.u.user.name, if (strcmp(t->target.u.user.name,
IPT_STANDARD_TARGET) == 0 && XT_STANDARD_TARGET) == 0 &&
newpos >= 0) { newpos >= 0) {
if (newpos > newinfo->size - if (newpos > newinfo->size -
sizeof(struct ipt_entry)) { sizeof(struct ipt_entry)) {
@@ -2176,7 +2176,7 @@ static int icmp_checkentry(const struct xt_mtchk_param *par)
static struct xt_target ipt_builtin_tg[] __read_mostly = { static struct xt_target ipt_builtin_tg[] __read_mostly = {
{ {
.name = IPT_STANDARD_TARGET, .name = XT_STANDARD_TARGET,
.targetsize = sizeof(int), .targetsize = sizeof(int),
.family = NFPROTO_IPV4, .family = NFPROTO_IPV4,
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
@@ -2186,7 +2186,7 @@ static struct xt_target ipt_builtin_tg[] __read_mostly = {
#endif #endif
}, },
{ {
.name = IPT_ERROR_TARGET, .name = XT_ERROR_TARGET,
.target = ipt_error, .target = ipt_error,
.targetsize = XT_FUNCTION_MAXNAMELEN, .targetsize = XT_FUNCTION_MAXNAMELEN,
.family = NFPROTO_IPV4, .family = NFPROTO_IPV4,

18
net/ipv6/netfilter/ip6_tables.c
View File

@@ -262,7 +262,7 @@ get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e,
{ {
const struct xt_standard_target *t = (void *)ip6t_get_target_c(s); const struct xt_standard_target *t = (void *)ip6t_get_target_c(s);
if (strcmp(t->target.u.kernel.target->name, IP6T_ERROR_TARGET) == 0) { if (strcmp(t->target.u.kernel.target->name, XT_ERROR_TARGET) == 0) {
/* Head of user chain: ERROR target with chainname */ /* Head of user chain: ERROR target with chainname */
*chainname = t->target.data; *chainname = t->target.data;
(*rulenum) = 0; (*rulenum) = 0;
@@ -271,7 +271,7 @@ get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e,
if (s->target_offset == sizeof(struct ip6t_entry) && if (s->target_offset == sizeof(struct ip6t_entry) &&
strcmp(t->target.u.kernel.target->name, strcmp(t->target.u.kernel.target->name,
IP6T_STANDARD_TARGET) == 0 && XT_STANDARD_TARGET) == 0 &&
t->verdict < 0 && t->verdict < 0 &&
unconditional(&s->ipv6)) { unconditional(&s->ipv6)) {
/* Tail of chains: STANDARD target (return/policy) */ /* Tail of chains: STANDARD target (return/policy) */
@@ -406,7 +406,7 @@ ip6t_do_table(struct sk_buff *skb,
v = ((struct xt_standard_target *)t)->verdict; v = ((struct xt_standard_target *)t)->verdict;
if (v < 0) { if (v < 0) {
/* Pop from stack? */ /* Pop from stack? */
if (v != IP6T_RETURN) { if (v != XT_RETURN) {
verdict = (unsigned)(-v) - 1; verdict = (unsigned)(-v) - 1;
break; break;
} }
@@ -434,7 +434,7 @@ ip6t_do_table(struct sk_buff *skb,
acpar.targinfo = t->data; acpar.targinfo = t->data;
verdict = t->u.kernel.target->target(skb, &acpar); verdict = t->u.kernel.target->target(skb, &acpar);
if (verdict == IP6T_CONTINUE) if (verdict == XT_CONTINUE)
e = ip6t_next_entry(e); e = ip6t_next_entry(e);
else else
/* Verdict */ /* Verdict */
@@ -488,13 +488,13 @@ mark_source_chains(const struct xt_table_info *newinfo,
/* Unconditional return/END. */ /* Unconditional return/END. */
if ((e->target_offset == sizeof(struct ip6t_entry) && if ((e->target_offset == sizeof(struct ip6t_entry) &&
(strcmp(t->target.u.user.name, (strcmp(t->target.u.user.name,
IP6T_STANDARD_TARGET) == 0) && XT_STANDARD_TARGET) == 0) &&
t->verdict < 0 && t->verdict < 0 &&
unconditional(&e->ipv6)) || visited) { unconditional(&e->ipv6)) || visited) {
unsigned int oldpos, size; unsigned int oldpos, size;
if ((strcmp(t->target.u.user.name, if ((strcmp(t->target.u.user.name,
IP6T_STANDARD_TARGET) == 0) && XT_STANDARD_TARGET) == 0) &&
t->verdict < -NF_MAX_VERDICT - 1) { t->verdict < -NF_MAX_VERDICT - 1) {
duprintf("mark_source_chains: bad " duprintf("mark_source_chains: bad "
"negative verdict (%i)\n", "negative verdict (%i)\n",
@@ -537,7 +537,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
int newpos = t->verdict; int newpos = t->verdict;
if (strcmp(t->target.u.user.name, if (strcmp(t->target.u.user.name,
IP6T_STANDARD_TARGET) == 0 && XT_STANDARD_TARGET) == 0 &&
newpos >= 0) { newpos >= 0) {
if (newpos > newinfo->size - if (newpos > newinfo->size -
sizeof(struct ip6t_entry)) { sizeof(struct ip6t_entry)) {
@@ -2191,7 +2191,7 @@ static int icmp6_checkentry(const struct xt_mtchk_param *par)
/* The built-in targets: standard (NULL) and error. */ /* The built-in targets: standard (NULL) and error. */
static struct xt_target ip6t_builtin_tg[] __read_mostly = { static struct xt_target ip6t_builtin_tg[] __read_mostly = {
{ {
.name = IP6T_STANDARD_TARGET, .name = XT_STANDARD_TARGET,
.targetsize = sizeof(int), .targetsize = sizeof(int),
.family = NFPROTO_IPV6, .family = NFPROTO_IPV6,
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
@@ -2201,7 +2201,7 @@ static struct xt_target ip6t_builtin_tg[] __read_mostly = {
#endif #endif
}, },
{ {
.name = IP6T_ERROR_TARGET, .name = XT_ERROR_TARGET,
.target = ip6t_error, .target = ip6t_error,
.targetsize = XT_FUNCTION_MAXNAMELEN, .targetsize = XT_FUNCTION_MAXNAMELEN,
.family = NFPROTO_IPV6, .family = NFPROTO_IPV6,

2
net/sched/act_ipt.c
View File

@@ -230,7 +230,7 @@ static int tcf_ipt(struct sk_buff *skb, struct tc_action *a,
result = TC_ACT_SHOT; result = TC_ACT_SHOT;
ipt->tcf_qstats.drops++; ipt->tcf_qstats.drops++;
break; break;
case IPT_CONTINUE: case XT_CONTINUE:
result = TC_ACT_PIPE; result = TC_ACT_PIPE;
break; break;
default: default: