netfilter: xtables: do centralized checkentry call (1/2)
It used to be that {ip,ip6,etc}_tables called extension->checkentry
themselves, but this can be moved into the xtables core.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
Jan Engelhardt
committed by
Patrick McHardy
Patrick McHardy
parent
147c3844ad
commit
367c679007
@@ -465,15 +465,13 @@ static inline int check_target(struct arpt_entry *e, const char *name)
|
||||
|
||||
ret = xt_check_target(target, NFPROTO_ARP,
|
||||
t->u.target_size - sizeof(*t),
|
||||
name, e->comefrom, 0, 0);
|
||||
if (!ret && t->u.kernel.target->checkentry
|
||||
&& !t->u.kernel.target->checkentry(name, e, target, t->data,
|
||||
e->comefrom)) {
|
||||
name, e->comefrom, 0, 0, e, t->data);
|
||||
if (ret < 0) {
|
||||
duprintf("arp_tables: check failed for `%s'.\n",
|
||||
t->u.kernel.target->name);
|
||||
ret = -EINVAL;
|
||||
return ret;
|
||||
}
|
||||
return ret;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int
|
||||
|
||||
@@ -616,17 +616,14 @@ check_match(struct ipt_entry_match *m, const char *name,
|
||||
match = m->u.kernel.match;
|
||||
ret = xt_check_match(match, AF_INET, m->u.match_size - sizeof(*m),
|
||||
name, hookmask, ip->proto,
|
||||
ip->invflags & IPT_INV_PROTO);
|
||||
if (!ret && m->u.kernel.match->checkentry
|
||||
&& !m->u.kernel.match->checkentry(name, ip, match, m->data,
|
||||
hookmask)) {
|
||||
ip->invflags & IPT_INV_PROTO, ip, m->data);
|
||||
if (ret < 0) {
|
||||
duprintf("ip_tables: check failed for `%s'.\n",
|
||||
m->u.kernel.match->name);
|
||||
ret = -EINVAL;
|
||||
return ret;
|
||||
}
|
||||
if (!ret)
|
||||
(*i)++;
|
||||
return ret;
|
||||
++*i;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
@@ -668,15 +665,13 @@ static int check_target(struct ipt_entry *e, const char *name)
|
||||
target = t->u.kernel.target;
|
||||
ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t),
|
||||
name, e->comefrom, e->ip.proto,
|
||||
e->ip.invflags & IPT_INV_PROTO);
|
||||
if (!ret && t->u.kernel.target->checkentry
|
||||
&& !t->u.kernel.target->checkentry(name, e, target, t->data,
|
||||
e->comefrom)) {
|
||||
e->ip.invflags & IPT_INV_PROTO, e, t->data);
|
||||
if (ret < 0) {
|
||||
duprintf("ip_tables: check failed for `%s'.\n",
|
||||
t->u.kernel.target->name);
|
||||
ret = -EINVAL;
|
||||
return ret;
|
||||
}
|
||||
return ret;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
|
||||
Reference in New Issue
Block a user