netfilter: xtables: move extension arguments into compound structure (5/6)
This patch does this for target extensions' checkentry functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
Jan Engelhardt
committed by
Patrick McHardy
Patrick McHardy
parent
7eb3558655
commit
af5d6dc200
@ -57,20 +57,16 @@ ebt_arpreply_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
return info->target;
|
||||
}
|
||||
|
||||
static bool
|
||||
ebt_arpreply_tg_check(const char *tablename, const void *entry,
|
||||
const struct xt_target *target, void *data,
|
||||
unsigned int hookmask)
|
||||
static bool ebt_arpreply_tg_check(const struct xt_tgchk_param *par)
|
||||
{
|
||||
const struct ebt_arpreply_info *info = data;
|
||||
const struct ebt_entry *e = entry;
|
||||
const struct ebt_arpreply_info *info = par->targinfo;
|
||||
const struct ebt_entry *e = par->entryinfo;
|
||||
|
||||
if (BASE_CHAIN && info->target == EBT_RETURN)
|
||||
return false;
|
||||
if (e->ethproto != htons(ETH_P_ARP) ||
|
||||
e->invflags & EBT_IPROTO)
|
||||
return false;
|
||||
CLEAR_BASE_CHAIN_BIT;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@ -26,19 +26,20 @@ ebt_dnat_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
return info->target;
|
||||
}
|
||||
|
||||
static bool
|
||||
ebt_dnat_tg_check(const char *tablename, const void *entry,
|
||||
const struct xt_target *target, void *data,
|
||||
unsigned int hookmask)
|
||||
static bool ebt_dnat_tg_check(const struct xt_tgchk_param *par)
|
||||
{
|
||||
const struct ebt_nat_info *info = data;
|
||||
const struct ebt_nat_info *info = par->targinfo;
|
||||
unsigned int hook_mask;
|
||||
|
||||
if (BASE_CHAIN && info->target == EBT_RETURN)
|
||||
return false;
|
||||
CLEAR_BASE_CHAIN_BIT;
|
||||
if ( (strcmp(tablename, "nat") ||
|
||||
(hookmask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT)))) &&
|
||||
(strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) )
|
||||
|
||||
hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS);
|
||||
if ((strcmp(par->table, "nat") != 0 ||
|
||||
(hook_mask & ~((1 << NF_BR_PRE_ROUTING) |
|
||||
(1 << NF_BR_LOCAL_OUT)))) &&
|
||||
(strcmp(par->table, "broute") != 0 ||
|
||||
hook_mask & ~(1 << NF_BR_BROUTING)))
|
||||
return false;
|
||||
if (INVALID_TARGET)
|
||||
return false;
|
||||
|
||||
@ -24,12 +24,9 @@
|
||||
|
||||
static DEFINE_SPINLOCK(ebt_log_lock);
|
||||
|
||||
static bool
|
||||
ebt_log_tg_check(const char *table, const void *entry,
|
||||
const struct xt_target *target, void *data,
|
||||
unsigned int hook_mask)
|
||||
static bool ebt_log_tg_check(const struct xt_tgchk_param *par)
|
||||
{
|
||||
struct ebt_log_info *info = data;
|
||||
struct ebt_log_info *info = par->targinfo;
|
||||
|
||||
if (info->bitmask & ~EBT_LOG_MASK)
|
||||
return false;
|
||||
|
||||
@ -36,18 +36,14 @@ ebt_mark_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
return info->target | ~EBT_VERDICT_BITS;
|
||||
}
|
||||
|
||||
static bool
|
||||
ebt_mark_tg_check(const char *table, const void *e,
|
||||
const struct xt_target *target, void *data,
|
||||
unsigned int hookmask)
|
||||
static bool ebt_mark_tg_check(const struct xt_tgchk_param *par)
|
||||
{
|
||||
const struct ebt_mark_t_info *info = data;
|
||||
const struct ebt_mark_t_info *info = par->targinfo;
|
||||
int tmp;
|
||||
|
||||
tmp = info->target | ~EBT_VERDICT_BITS;
|
||||
if (BASE_CHAIN && tmp == EBT_RETURN)
|
||||
return false;
|
||||
CLEAR_BASE_CHAIN_BIT;
|
||||
if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0)
|
||||
return false;
|
||||
tmp = info->target & ~EBT_VERDICT_BITS;
|
||||
|
||||
@ -35,12 +35,9 @@ ebt_nflog_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
return EBT_CONTINUE;
|
||||
}
|
||||
|
||||
static bool
|
||||
ebt_nflog_tg_check(const char *table, const void *e,
|
||||
const struct xt_target *target, void *data,
|
||||
unsigned int hookmask)
|
||||
static bool ebt_nflog_tg_check(const struct xt_tgchk_param *par)
|
||||
{
|
||||
struct ebt_nflog_info *info = data;
|
||||
struct ebt_nflog_info *info = par->targinfo;
|
||||
|
||||
if (info->flags & ~EBT_NFLOG_MASK)
|
||||
return false;
|
||||
|
||||
@ -32,18 +32,19 @@ ebt_redirect_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
return info->target;
|
||||
}
|
||||
|
||||
static bool
|
||||
ebt_redirect_tg_check(const char *tablename, const void *e,
|
||||
const struct xt_target *target, void *data,
|
||||
unsigned int hookmask)
|
||||
static bool ebt_redirect_tg_check(const struct xt_tgchk_param *par)
|
||||
{
|
||||
const struct ebt_redirect_info *info = data;
|
||||
const struct ebt_redirect_info *info = par->targinfo;
|
||||
unsigned int hook_mask;
|
||||
|
||||
if (BASE_CHAIN && info->target == EBT_RETURN)
|
||||
return false;
|
||||
CLEAR_BASE_CHAIN_BIT;
|
||||
if ( (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING)) &&
|
||||
(strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) )
|
||||
|
||||
hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS);
|
||||
if ((strcmp(par->table, "nat") != 0 ||
|
||||
hook_mask & ~(1 << NF_BR_PRE_ROUTING)) &&
|
||||
(strcmp(par->table, "broute") != 0 ||
|
||||
hook_mask & ~(1 << NF_BR_BROUTING)))
|
||||
return false;
|
||||
if (INVALID_TARGET)
|
||||
return false;
|
||||
|
||||
@ -42,18 +42,14 @@ out:
|
||||
return info->target | ~EBT_VERDICT_BITS;
|
||||
}
|
||||
|
||||
static bool
|
||||
ebt_snat_tg_check(const char *tablename, const void *e,
|
||||
const struct xt_target *target, void *data,
|
||||
unsigned int hookmask)
|
||||
static bool ebt_snat_tg_check(const struct xt_tgchk_param *par)
|
||||
{
|
||||
const struct ebt_nat_info *info = data;
|
||||
const struct ebt_nat_info *info = par->targinfo;
|
||||
int tmp;
|
||||
|
||||
tmp = info->target | ~EBT_VERDICT_BITS;
|
||||
if (BASE_CHAIN && tmp == EBT_RETURN)
|
||||
return false;
|
||||
CLEAR_BASE_CHAIN_BIT;
|
||||
|
||||
if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0)
|
||||
return false;
|
||||
|
||||
@ -254,12 +254,9 @@ ebt_ulog_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
return EBT_CONTINUE;
|
||||
}
|
||||
|
||||
static bool
|
||||
ebt_ulog_tg_check(const char *table, const void *entry,
|
||||
const struct xt_target *target, void *data,
|
||||
unsigned int hookmask)
|
||||
static bool ebt_ulog_tg_check(const struct xt_tgchk_param *par)
|
||||
{
|
||||
struct ebt_ulog_info *uloginfo = data;
|
||||
struct ebt_ulog_info *uloginfo = par->targinfo;
|
||||
|
||||
if (uloginfo->nlgroup > 31)
|
||||
return false;
|
||||
|
||||
@ -363,9 +363,10 @@ ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
|
||||
}
|
||||
|
||||
static inline int
|
||||
ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
|
||||
const char *name, unsigned int hookmask, unsigned int *cnt)
|
||||
ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par,
|
||||
unsigned int *cnt)
|
||||
{
|
||||
const struct ebt_entry *e = par->entryinfo;
|
||||
struct xt_target *watcher;
|
||||
size_t left = ((char *)e + e->target_offset) - (char *)w;
|
||||
int ret;
|
||||
@ -383,9 +384,10 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
|
||||
return -ENOENT;
|
||||
w->u.watcher = watcher;
|
||||
|
||||
ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size,
|
||||
name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
|
||||
e, w->data);
|
||||
par->target = watcher;
|
||||
par->targinfo = w->data;
|
||||
ret = xt_check_target(par, NFPROTO_BRIDGE, w->watcher_size,
|
||||
e->ethproto, e->invflags & EBT_IPROTO);
|
||||
if (ret < 0) {
|
||||
module_put(watcher->me);
|
||||
return ret;
|
||||
@ -619,6 +621,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
|
||||
size_t gap;
|
||||
int ret;
|
||||
struct xt_mtchk_param mtpar;
|
||||
struct xt_tgchk_param tgpar;
|
||||
|
||||
/* don't mess with the struct ebt_entries */
|
||||
if (e->bitmask == 0)
|
||||
@ -660,14 +663,14 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
|
||||
}
|
||||
i = 0;
|
||||
|
||||
mtpar.table = name;
|
||||
mtpar.entryinfo = e;
|
||||
mtpar.hook_mask = hookmask;
|
||||
mtpar.table = tgpar.table = name;
|
||||
mtpar.entryinfo = tgpar.entryinfo = e;
|
||||
mtpar.hook_mask = tgpar.hook_mask = hookmask;
|
||||
ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
|
||||
if (ret != 0)
|
||||
goto cleanup_matches;
|
||||
j = 0;
|
||||
ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j);
|
||||
ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
|
||||
if (ret != 0)
|
||||
goto cleanup_watchers;
|
||||
t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
|
||||
@ -703,9 +706,10 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
|
||||
goto cleanup_watchers;
|
||||
}
|
||||
|
||||
ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size,
|
||||
name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
|
||||
e, t->data);
|
||||
tgpar.target = target;
|
||||
tgpar.targinfo = t->data;
|
||||
ret = xt_check_target(&tgpar, NFPROTO_BRIDGE, t->target_size,
|
||||
e->ethproto, e->invflags & EBT_IPROTO);
|
||||
if (ret < 0) {
|
||||
module_put(target->me);
|
||||
goto cleanup_watchers;
|
||||
|
||||
Reference in New Issue
Block a user