lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

netfilter: xtables: move extension arguments into compound structure (5/6)

Browse Source 
This patch does this for target extensions' checkentry functions.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
Jan Engelhardt
2008-10-08 11:35:19 +02:00
committed by Patrick McHardy
parent 7eb3558655
commit af5d6dc200
39 changed files with 206 additions and 281 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
net/netfilter/x_tables.c
View File

@@ -471,35 +471,35 @@ int xt_compat_match_to_user(struct xt_entry_match *m, void __user **dstptr,
EXPORT_SYMBOL_GPL(xt_compat_match_to_user);
#endif /* CONFIG_COMPAT */
int xt_check_target(const struct xt_target *target, unsigned short family,
unsigned int size, const char *table, unsigned int hook_mask,
unsigned short proto, int inv_proto, const void *entry,
void *targinfo)
int xt_check_target(struct xt_tgchk_param *par, u_int8_t family,
unsigned int size, u_int8_t proto, bool inv_proto)
{
if (XT_ALIGN(target->targetsize) != size) {
if (XT_ALIGN(par->target->targetsize) != size) {
printk("%s_tables: %s target: invalid size %Zu != %u\n",
xt_prefix[family], target->name,
XT_ALIGN(target->targetsize), size);
xt_prefix[family], par->target->name,
XT_ALIGN(par->target->targetsize), size);
return -EINVAL;
}
if (target->table && strcmp(target->table, table)) {
if (par->target->table != NULL &&
strcmp(par->target->table, par->table) != 0) {
printk("%s_tables: %s target: only valid in %s table, not %s\n",
xt_prefix[family], target->name, target->table, table);
xt_prefix[family], par->target->name,
par->target->table, par->table);
return -EINVAL;
}
if (target->hooks && (hook_mask & ~target->hooks) != 0) {
if (par->target->hooks && (par->hook_mask & ~par->target->hooks) != 0) {
printk("%s_tables: %s target: bad hook_mask %#x/%#x\n",
xt_prefix[family], target->name, hook_mask,
target->hooks);
xt_prefix[family], par->target->name, par->hook_mask,
par->target->hooks);
return -EINVAL;
}
if (target->proto && (target->proto != proto || inv_proto)) {
if (par->target->proto && (par->target->proto != proto || inv_proto)) {
printk("%s_tables: %s target: only valid for protocol %u\n",
xt_prefix[family], target->name, target->proto);
xt_prefix[family], par->target->name,
par->target->proto);
return -EINVAL;
}
if (target->checkentry != NULL &&
!target->checkentry(table, entry, target, targinfo, hook_mask))
if (par->target->checkentry != NULL && !par->target->checkentry(par))
return -EINVAL;
return 0;
}

24
net/netfilter/xt_CONNMARK.c
View File

@@ -112,18 +112,15 @@ connmark_tg(struct sk_buff *skb, const struct xt_target_param *par)
return XT_CONTINUE;
}
static bool
connmark_tg_check_v0(const char *tablename, const void *entry,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask)
static bool connmark_tg_check_v0(const struct xt_tgchk_param *par)
{
const struct xt_connmark_target_info *matchinfo = targinfo;
const struct xt_connmark_target_info *matchinfo = par->targinfo;
if (matchinfo->mode == XT_CONNMARK_RESTORE) {
if (strcmp(tablename, "mangle") != 0) {
if (strcmp(par->table, "mangle") != 0) {
printk(KERN_WARNING "CONNMARK: restore can only be "
"called from \"mangle\" table, not \"%s\"\n",
tablename);
par->table);
return false;
}
}
@@ -131,22 +128,19 @@ connmark_tg_check_v0(const char *tablename, const void *entry,
printk(KERN_WARNING "CONNMARK: Only supports 32bit mark\n");
return false;
}
if (nf_ct_l3proto_try_module_get(target->family) < 0) {
if (nf_ct_l3proto_try_module_get(par->target->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for "
"proto=%u\n", target->family);
"proto=%u\n", par->target->family);
return false;
}
return true;
}
static bool
connmark_tg_check(const char *tablename, const void *entry,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask)
static bool connmark_tg_check(const struct xt_tgchk_param *par)
{
if (nf_ct_l3proto_try_module_get(target->family) < 0) {
if (nf_ct_l3proto_try_module_get(par->target->family) < 0) {
printk(KERN_WARNING "cannot load conntrack support for "
"proto=%u\n", target->family);
"proto=%u\n", par->target->family);
return false;
}
return true;

16
net/netfilter/xt_CONNSECMARK.c
View File

@@ -85,16 +85,14 @@ connsecmark_tg(struct sk_buff *skb, const struct xt_target_param *par)
return XT_CONTINUE;
}
static bool
connsecmark_tg_check(const char *tablename, const void *entry,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask)
static bool connsecmark_tg_check(const struct xt_tgchk_param *par)
{
const struct xt_connsecmark_target_info *info = targinfo;
const struct xt_connsecmark_target_info *info = par->targinfo;
if (strcmp(tablename, "mangle") && strcmp(tablename, "security")) {
if (strcmp(par->table, "mangle") != 0 &&
strcmp(par->table, "security") != 0) {
printk(KERN_INFO PFX "target only valid in the \'mangle\' "
"or \'security\' tables, not \'%s\'.\n", tablename);
"or \'security\' tables, not \'%s\'.\n", par->table);
return false;
}
@@ -108,9 +106,9 @@ connsecmark_tg_check(const char *tablename, const void *entry,
return false;
}
if (nf_ct_l3proto_try_module_get(target->family) < 0) {
if (nf_ct_l3proto_try_module_get(par->target->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for "
"proto=%u\n", target->family);
"proto=%u\n", par->target->family);
return false;
}
return true;

19
net/netfilter/xt_DSCP.c
View File

@@ -61,15 +61,12 @@ dscp_tg6(struct sk_buff *skb, const struct xt_target_param *par)
return XT_CONTINUE;
}
static bool
dscp_tg_check(const char *tablename, const void *e_void,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask)
static bool dscp_tg_check(const struct xt_tgchk_param *par)
{
const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp;
const struct xt_DSCP_info *info = par->targinfo;
if (dscp > XT_DSCP_MAX) {
printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp);
if (info->dscp > XT_DSCP_MAX) {
printk(KERN_WARNING "DSCP: dscp %x out of range\n", info->dscp);
return false;
}
return true;
@@ -95,12 +92,10 @@ tos_tg_v0(struct sk_buff *skb, const struct xt_target_param *par)
return XT_CONTINUE;
}
static bool
tos_tg_check_v0(const char *tablename, const void *e_void,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask)
static bool tos_tg_check_v0(const struct xt_tgchk_param *par)
{
const u_int8_t tos = ((struct ipt_tos_target_info *)targinfo)->tos;
const struct ipt_tos_target_info *info = par->targinfo;
const uint8_t tos = info->tos;
if (tos != IPTOS_LOWDELAY && tos != IPTOS_THROUGHPUT &&
tos != IPTOS_RELIABILITY && tos != IPTOS_MINCOST &&

14
net/netfilter/xt_MARK.c
View File

@@ -66,12 +66,9 @@ mark_tg(struct sk_buff *skb, const struct xt_target_param *par)
return XT_CONTINUE;
}
static bool
mark_tg_check_v0(const char *tablename, const void *entry,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask)
static bool mark_tg_check_v0(const struct xt_tgchk_param *par)
{
const struct xt_mark_target_info *markinfo = targinfo;
const struct xt_mark_target_info *markinfo = par->targinfo;
if (markinfo->mark > 0xffffffff) {
printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n");
@@ -80,12 +77,9 @@ mark_tg_check_v0(const char *tablename, const void *entry,
return true;
}
static bool
mark_tg_check_v1(const char *tablename, const void *entry,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask)
static bool mark_tg_check_v1(const struct xt_tgchk_param *par)
{
const struct xt_mark_target_info_v1 *markinfo = targinfo;
const struct xt_mark_target_info_v1 *markinfo = par->targinfo;
if (markinfo->mode != XT_MARK_SET
&& markinfo->mode != XT_MARK_AND

7
net/netfilter/xt_NFLOG.c
View File

@@ -36,12 +36,9 @@ nflog_tg(struct sk_buff *skb, const struct xt_target_param *par)
return XT_CONTINUE;
}
static bool
nflog_tg_check(const char *tablename, const void *entry,
const struct xt_target *target, void *targetinfo,
unsigned int hookmask)
static bool nflog_tg_check(const struct xt_tgchk_param *par)
{
const struct xt_nflog_info *info = targetinfo;
const struct xt_nflog_info *info = par->targinfo;
if (info->flags & ~XT_NFLOG_MASK)
return false;

9
net/netfilter/xt_RATEEST.c
View File

@@ -84,14 +84,9 @@ xt_rateest_tg(struct sk_buff *skb, const struct xt_target_param *par)
return XT_CONTINUE;
}
static bool
xt_rateest_tg_checkentry(const char *tablename,
const void *entry,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
static bool xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
{
struct xt_rateest_target_info *info = targinfo;
struct xt_rateest_target_info *info = par->targinfo;
struct xt_rateest *est;
struct {
struct nlattr opt;

12
net/netfilter/xt_SECMARK.c
View File

@@ -80,16 +80,14 @@ static bool checkentry_selinux(struct xt_secmark_target_info *info)
return true;
}
static bool
secmark_tg_check(const char *tablename, const void *entry,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask)
static bool secmark_tg_check(const struct xt_tgchk_param *par)
{
struct xt_secmark_target_info *info = targinfo;
struct xt_secmark_target_info *info = par->targinfo;
if (strcmp(tablename, "mangle") && strcmp(tablename, "security")) {
if (strcmp(par->table, "mangle") != 0 &&
strcmp(par->table, "security") != 0) {
printk(KERN_INFO PFX "target only valid in the \'mangle\' "
"or \'security\' tables, not \'%s\'.\n", tablename);
"or \'security\' tables, not \'%s\'.\n", par->table);
return false;
}

22
net/netfilter/xt_TCPMSS.c
View File

@@ -237,16 +237,13 @@ static inline bool find_syn_match(const struct xt_entry_match *m)
return false;
}
static bool
tcpmss_tg4_check(const char *tablename, const void *entry,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask)
static bool tcpmss_tg4_check(const struct xt_tgchk_param *par)
{
const struct xt_tcpmss_info *info = targinfo;
const struct ipt_entry *e = entry;
const struct xt_tcpmss_info *info = par->targinfo;
const struct ipt_entry *e = par->entryinfo;
if (info->mss == XT_TCPMSS_CLAMP_PMTU &&
(hook_mask & ~((1 << NF_INET_FORWARD) |
(par->hook_mask & ~((1 << NF_INET_FORWARD) |
(1 << NF_INET_LOCAL_OUT) |
(1 << NF_INET_POST_ROUTING))) != 0) {
printk("xt_TCPMSS: path-MTU clamping only supported in "
@@ -260,16 +257,13 @@ tcpmss_tg4_check(const char *tablename, const void *entry,
}
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
static bool
tcpmss_tg6_check(const char *tablename, const void *entry,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask)
static bool tcpmss_tg6_check(const struct xt_tgchk_param *par)
{
const struct xt_tcpmss_info *info = targinfo;
const struct ip6t_entry *e = entry;
const struct xt_tcpmss_info *info = par->targinfo;
const struct ip6t_entry *e = par->entryinfo;
if (info->mss == XT_TCPMSS_CLAMP_PMTU &&
(hook_mask & ~((1 << NF_INET_FORWARD) |
(par->hook_mask & ~((1 << NF_INET_FORWARD) |
(1 << NF_INET_LOCAL_OUT) |
(1 << NF_INET_POST_ROUTING))) != 0) {
printk("xt_TCPMSS: path-MTU clamping only supported in "

9
net/netfilter/xt_TPROXY.c
View File

@@ -59,14 +59,9 @@ tproxy_tg(struct sk_buff *skb, const struct xt_target_param *par)
return NF_DROP;
}
static bool
tproxy_tg_check(const char *tablename,
const void *entry,
const struct xt_target *target,
void *targetinfo,
unsigned int hook_mask)
static bool tproxy_tg_check(const struct xt_tgchk_param *par)
{
const struct ipt_ip *i = entry;
const struct ipt_ip *i = par->entryinfo;
if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP)
&& !(i->invflags & IPT_INV_PROTO))