From: Massimiliano Hofer <max@nucleus.it>
To: netfilter-devel@lists.netfilter.org
Subject: [PATCH 1/2][priv_data-condition][part 2/2][matches_and_targets]
Date: Mon, 25 Sep 2006 10:17:33 +0200 [thread overview]
Message-ID: <200609251017.34183.max@nucleus.it> (raw)
In-Reply-To: <200609250040.49298.max@nucleus.it>
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="utf-8", Size: 96566 bytes --]
From b24cd99b101357a5829ef22d45e5730bf0f1890d Mon Sep 17 00:00:00 2001
From: Massimiliano Hofer <max@nucleus.it>
Date: Mon, 25 Sep 2006 10:09:07 +0200
Subject: [PATCH] priv_data-matches_and_targets
This patch adds support for instance specific data in matches and
targets.
This patch complements the core update.
Signed-off-by: Massimiliano Hofer <max@nucleus.it>
---
include/linux/netfilter/x_tables.h | 4 +-
net/ipv4/netfilter/arpt_mangle.c | 8 ++---
net/ipv4/netfilter/ip_nat_rule.c | 32 +++++++++++--------
net/ipv4/netfilter/ip_tables.c | 6 ++--
net/ipv4/netfilter/ipt_CLUSTERIP.c | 19 ++++++-----
net/ipv4/netfilter/ipt_ECN.c | 16 +++++----
net/ipv4/netfilter/ipt_LOG.c | 24 ++++++++------
net/ipv4/netfilter/ipt_MASQUERADE.c | 16 +++++----
net/ipv4/netfilter/ipt_NETMAP.c | 16 +++++----
net/ipv4/netfilter/ipt_REDIRECT.c | 16 +++++----
net/ipv4/netfilter/ipt_REJECT.c | 16 +++++----
net/ipv4/netfilter/ipt_SAME.c | 18 ++++++-----
net/ipv4/netfilter/ipt_TCPMSS.c | 24 ++++++++------
net/ipv4/netfilter/ipt_TOS.c | 16 +++++----
net/ipv4/netfilter/ipt_TTL.c | 23 +++++++------
net/ipv4/netfilter/ipt_ULOG.c | 24 ++++++++------
net/ipv4/netfilter/ipt_addrtype.c | 3 +-
net/ipv4/netfilter/ipt_ah.c | 16 +++++----
net/ipv4/netfilter/ipt_ecn.c | 11 ++++--
net/ipv4/netfilter/ipt_hashlimit.c | 23 ++++++++-----
net/ipv4/netfilter/ipt_owner.c | 16 +++++----
net/ipv4/netfilter/ipt_recent.c | 22 +++++++------
net/ipv4/netfilter/ipt_tos.c | 3 +-
net/ipv4/netfilter/ipt_ttl.c | 3 +-
net/ipv6/netfilter/ip6t_HL.c | 24 ++++++++------
net/ipv6/netfilter/ip6t_LOG.c | 24 ++++++++------
net/ipv6/netfilter/ip6t_REJECT.c | 24 ++++++++------
net/ipv6/netfilter/ip6t_ah.c | 16 +++++----
net/ipv6/netfilter/ip6t_eui64.c | 3 +-
net/ipv6/netfilter/ip6t_frag.c | 16 +++++----
net/ipv6/netfilter/ip6t_hbh.c | 18 ++++++-----
| 24 ++++++++------
net/ipv6/netfilter/ip6t_owner.c | 16 +++++----
net/ipv6/netfilter/ip6t_rt.c | 16 +++++----
net/netfilter/xt_CLASSIFY.c | 3 +-
net/netfilter/xt_CONNMARK.c | 18 ++++++-----
net/netfilter/xt_DSCP.c | 21 +++++++-----
net/netfilter/xt_MARK.c | 34 +++++++++++---------
net/netfilter/xt_NFQUEUE.c | 3 +-
net/netfilter/xt_NOTRACK.c | 3 +-
net/netfilter/xt_SECMARK.c | 12 ++++---
| 3 +-
net/netfilter/xt_connbytes.c | 18 ++++++-----
net/netfilter/xt_connmark.c | 20 ++++++------
net/netfilter/xt_conntrack.c | 22 ++++++++-----
net/netfilter/xt_dccp.c | 18 ++++++-----
net/netfilter/xt_dscp.c | 21 +++++++-----
net/netfilter/xt_esp.c | 18 ++++++-----
net/netfilter/xt_helper.c | 23 ++++++++-----
net/netfilter/xt_length.c | 6 ++--
net/netfilter/xt_limit.c | 22 +++++++------
net/netfilter/xt_mac.c | 3 +-
net/netfilter/xt_mark.c | 18 ++++++-----
net/netfilter/xt_multiport.c | 58 +++++++++++++++++++---------------
net/netfilter/xt_physdev.c | 18 ++++++-----
net/netfilter/xt_pkttype.c | 3 +-
net/netfilter/xt_policy.c | 21 ++++++------
net/netfilter/xt_quota.c | 13 ++++----
net/netfilter/xt_realm.c | 3 +-
net/netfilter/xt_sctp.c | 18 ++++++-----
net/netfilter/xt_state.c | 20 ++++++------
net/netfilter/xt_statistic.c | 12 ++++---
net/netfilter/xt_string.c | 23 ++++++++-----
net/netfilter/xt_tcpmss.c | 3 +-
net/netfilter/xt_tcpudp.c | 44 ++++++++++++++------------
65 files changed, 600 insertions(+), 478 deletions(-)
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index e855fd2..6c3e689 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -404,13 +404,13 @@ extern int xt_compat_match_offset(struct
extern void xt_compat_match_from_user(struct xt_entry_match *m,
void **dstptr, int *size);
extern int xt_compat_match_to_user(struct xt_entry_match *m,
- void * __user *dstptr, int *size);
+ void __user **dstptr, int *size);
extern int xt_compat_target_offset(struct xt_target *target);
extern void xt_compat_target_from_user(struct xt_entry_target *t,
void **dstptr, int *size);
extern int xt_compat_target_to_user(struct xt_entry_target *t,
- void * __user *dstptr, int *size);
+ void __user **dstptr, int *size);
#endif /* CONFIG_COMPAT */
#endif /* __KERNEL__ */
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c
index d12b1df..ce77517 100644
--- a/net/ipv4/netfilter/arpt_mangle.c
+++ b/net/ipv4/netfilter/arpt_mangle.c
@@ -11,7 +11,7 @@ static unsigned int
target(struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
unsigned int hooknum, const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo, void *priv_data)
{
const struct arpt_mangle *mangle = targinfo;
struct arphdr *arp;
@@ -66,8 +66,8 @@ target(struct sk_buff **pskb,
}
static int
-checkentry(const char *tablename, const void *e, const struct xt_target *target,
- void *targinfo, unsigned int hook_mask)
+init(const char *tablename, const void *e, const struct xt_target *target,
+ void *targinfo, unsigned int hook_mask, void *priv_data)
{
const struct arpt_mangle *mangle = targinfo;
@@ -85,7 +85,7 @@ static struct arpt_target arpt_mangle_re
.name = "mangle",
.target = target,
.targetsize = sizeof(struct arpt_mangle),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ip_nat_rule.c b/net/ipv4/netfilter/ip_nat_rule.c
index 7b70383..4753724 100644
--- a/net/ipv4/netfilter/ip_nat_rule.c
+++ b/net/ipv4/netfilter/ip_nat_rule.c
@@ -100,7 +100,8 @@ static unsigned int ipt_snat_target(stru
const struct net_device *out,
unsigned int hooknum,
const struct ipt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -142,7 +143,8 @@ static unsigned int ipt_dnat_target(stru
const struct net_device *out,
unsigned int hooknum,
const struct ipt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -164,11 +166,12 @@ static unsigned int ipt_dnat_target(stru
return ip_nat_setup_info(ct, &mr->range[0], hooknum);
}
-static int ipt_snat_checkentry(const char *tablename,
- const void *entry,
- const struct ipt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ipt_snat_init(const char *tablename,
+ const void *entry,
+ const struct ipt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct ip_nat_multi_range_compat *mr = targinfo;
@@ -180,11 +183,12 @@ static int ipt_snat_checkentry(const cha
return 1;
}
-static int ipt_dnat_checkentry(const char *tablename,
- const void *entry,
- const struct ipt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ipt_dnat_init(const char *tablename,
+ const void *entry,
+ const struct ipt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct ip_nat_multi_range_compat *mr = targinfo;
@@ -263,7 +267,7 @@ static struct ipt_target ipt_snat_reg =
.targetsize = sizeof(struct ip_nat_multi_range_compat),
.table = "nat",
.hooks = 1 << NF_IP_POST_ROUTING,
- .checkentry = ipt_snat_checkentry,
+ .init = ipt_snat_init,
};
static struct ipt_target ipt_dnat_reg = {
@@ -272,7 +276,7 @@ static struct ipt_target ipt_dnat_reg =
.targetsize = sizeof(struct ip_nat_multi_range_compat),
.table = "nat",
.hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT),
- .checkentry = ipt_dnat_checkentry,
+ .init = ipt_dnat_init,
};
int __init ip_nat_rule_init(void)
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index d96f322..88feb21 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1350,15 +1350,15 @@ struct compat_ipt_replace {
};
static inline int compat_copy_match_to_user(struct ipt_entry_match *m,
- void * __user *dstptr, compat_uint_t *size)
+ void __user **dstptr, compat_uint_t *size)
{
return xt_compat_match_to_user(m, dstptr, size);
}
static int compat_copy_entry_to_user(struct ipt_entry *e,
- void * __user *dstptr, compat_uint_t *size)
+ void __user **dstptr, compat_uint_t *size)
{
- struct ipt_entry_target __user *t;
+ struct ipt_entry_target *t;
struct compat_ipt_entry __user *ce;
u_int16_t target_offset, next_offset;
compat_uint_t origsize;
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 4158966..cf06bef 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -302,7 +302,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct ipt_clusterip_tgt_info *cipinfo = targinfo;
enum ip_conntrack_info ctinfo;
@@ -368,11 +369,12 @@ #endif
}
static int
-checkentry(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct ipt_clusterip_tgt_info *cipinfo = targinfo;
const struct ipt_entry *e = e_void;
@@ -448,7 +450,8 @@ checkentry(const char *tablename,
}
/* drop reference count of cluster config when rule is deleted */
-static void destroy(const struct xt_target *target, void *targinfo)
+static void destroy(const struct xt_target *target, void *targinfo,
+ void *priv_data)
{
struct ipt_clusterip_tgt_info *cipinfo = targinfo;
@@ -463,7 +466,7 @@ static struct ipt_target clusterip_tgt =
.name = "CLUSTERIP",
.target = target,
.targetsize = sizeof(struct ipt_clusterip_tgt_info),
- .checkentry = checkentry,
+ .init = init,
.destroy = destroy,
.me = THIS_MODULE
};
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index 23f9c7e..6a59955 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -85,7 +85,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct ipt_ECN_info *einfo = targinfo;
@@ -102,11 +103,12 @@ target(struct sk_buff **pskb,
}
static int
-checkentry(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo;
const struct ipt_entry *e = e_void;
@@ -135,7 +137,7 @@ static struct ipt_target ipt_ecn_reg = {
.target = target,
.targetsize = sizeof(struct ipt_ECN_info),
.table = "mangle",
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index 7dc820d..4e9c05e 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -416,7 +416,8 @@ ipt_log_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct ipt_log_info *loginfo = targinfo;
struct nf_loginfo li;
@@ -435,11 +436,12 @@ ipt_log_target(struct sk_buff **pskb,
return IPT_CONTINUE;
}
-static int ipt_log_checkentry(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ipt_log_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_log_info *loginfo = targinfo;
@@ -459,7 +461,7 @@ static struct ipt_target ipt_log_reg = {
.name = "LOG",
.target = ipt_log_target,
.targetsize = sizeof(struct ipt_log_info),
- .checkentry = ipt_log_checkentry,
+ .init = ipt_log_init,
.me = THIS_MODULE,
};
@@ -469,7 +471,7 @@ static struct nf_logger ipt_log_logger =
.me = THIS_MODULE,
};
-static int __init ipt_log_init(void)
+static int __init ipt_log_module_init(void)
{
if (ipt_register_target(&ipt_log_reg))
return -EINVAL;
@@ -483,11 +485,11 @@ static int __init ipt_log_init(void)
return 0;
}
-static void __exit ipt_log_fini(void)
+static void __exit ipt_log_module_fini(void)
{
nf_log_unregister_logger(&ipt_log_logger);
ipt_unregister_target(&ipt_log_reg);
}
-module_init(ipt_log_init);
-module_exit(ipt_log_fini);
+module_init(ipt_log_module_init);
+module_exit(ipt_log_module_fini);
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index bc65168..0926e92 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -38,11 +38,12 @@ static DEFINE_RWLOCK(masq_lock);
/* FIXME: Multiple targets. --RR */
static int
-masquerade_check(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+masquerade_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip_nat_multi_range_compat *mr = targinfo;
@@ -63,7 +64,8 @@ masquerade_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -168,7 +170,7 @@ static struct ipt_target masquerade = {
.targetsize = sizeof(struct ip_nat_multi_range_compat),
.table = "nat",
.hooks = 1 << NF_IP_POST_ROUTING,
- .checkentry = masquerade_check,
+ .init = masquerade_init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index beb2914..596be72 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -29,11 +29,12 @@ #define DEBUGP(format, args...)
#endif
static int
-check(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip_nat_multi_range_compat *mr = targinfo;
@@ -54,7 +55,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -91,7 +93,7 @@ static struct ipt_target target_module =
.table = "nat",
.hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING) |
(1 << NF_IP_LOCAL_OUT),
- .checkentry = check,
+ .init = init,
.me = THIS_MODULE
};
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index f03d436..c342d0d 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -32,11 +32,12 @@ #endif
/* FIXME: Take multiple ranges --RR */
static int
-redirect_check(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+redirect_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip_nat_multi_range_compat *mr = targinfo;
@@ -57,7 +58,8 @@ redirect_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -106,7 +108,7 @@ static struct ipt_target redirect_reg =
.targetsize = sizeof(struct ip_nat_multi_range_compat),
.table = "nat",
.hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT),
- .checkentry = redirect_check,
+ .init = redirect_init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index b81821e..c7c6973 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -228,7 +228,8 @@ static unsigned int reject(struct sk_buf
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct ipt_reject_info *reject = targinfo;
@@ -272,11 +273,12 @@ static unsigned int reject(struct sk_buf
return NF_DROP;
}
-static int check(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_reject_info *rejinfo = targinfo;
const struct ipt_entry *e = e_void;
@@ -302,7 +304,7 @@ static struct ipt_target ipt_reject_reg
.table = "filter",
.hooks = (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) |
(1 << NF_IP_LOCAL_OUT),
- .checkentry = check,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c
index efbcb11..819d1ac 100644
--- a/net/ipv4/netfilter/ipt_SAME.c
+++ b/net/ipv4/netfilter/ipt_SAME.c
@@ -48,11 +48,12 @@ #define DEBUGP(format, args...)
#endif
static int
-same_check(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+same_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
unsigned int count, countess, rangeip, index = 0;
struct ipt_same_info *mr = targinfo;
@@ -115,7 +116,7 @@ same_check(const char *tablename,
}
static void
-same_destroy(const struct xt_target *target, void *targinfo)
+same_destroy(const struct xt_target *target, void *targinfo, void *priv_data)
{
struct ipt_same_info *mr = targinfo;
@@ -131,7 +132,8 @@ same_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -181,7 +183,7 @@ static struct ipt_target same_reg = {
.targetsize = sizeof(struct ipt_same_info),
.table = "nat",
.hooks = (1 << NF_IP_PRE_ROUTING | 1 << NF_IP_POST_ROUTING),
- .checkentry = same_check,
+ .init = same_init,
.destroy = same_destroy,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_TCPMSS.c b/net/ipv4/netfilter/ipt_TCPMSS.c
index 4246c43..f726a8b 100644
--- a/net/ipv4/netfilter/ipt_TCPMSS.c
+++ b/net/ipv4/netfilter/ipt_TCPMSS.c
@@ -37,7 +37,8 @@ ipt_tcpmss_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct ipt_tcpmss_info *tcpmssinfo = targinfo;
struct tcphdr *tcph;
@@ -167,11 +168,12 @@ static inline int find_syn_match(const s
/* Must specify -p tcp --syn/--tcp-flags SYN */
static int
-ipt_tcpmss_checkentry(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+ipt_tcpmss_init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_tcpmss_info *tcpmssinfo = targinfo;
const struct ipt_entry *e = e_void;
@@ -196,19 +198,19 @@ static struct ipt_target ipt_tcpmss_reg
.target = ipt_tcpmss_target,
.targetsize = sizeof(struct ipt_tcpmss_info),
.proto = IPPROTO_TCP,
- .checkentry = ipt_tcpmss_checkentry,
+ .init = ipt_tcpmss_init,
.me = THIS_MODULE,
};
-static int __init ipt_tcpmss_init(void)
+static int __init ipt_tcpmss_module_init(void)
{
return ipt_register_target(&ipt_tcpmss_reg);
}
-static void __exit ipt_tcpmss_fini(void)
+static void __exit ipt_tcpmss_module_fini(void)
{
ipt_unregister_target(&ipt_tcpmss_reg);
}
-module_init(ipt_tcpmss_init);
-module_exit(ipt_tcpmss_fini);
+module_init(ipt_tcpmss_module_init);
+module_exit(ipt_tcpmss_module_fini);
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c
index 471a4c4..0fe2aae 100644
--- a/net/ipv4/netfilter/ipt_TOS.c
+++ b/net/ipv4/netfilter/ipt_TOS.c
@@ -26,7 +26,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct ipt_tos_target_info *tosinfo = targinfo;
struct iphdr *iph = (*pskb)->nh.iph;
@@ -45,11 +46,12 @@ target(struct sk_buff **pskb,
}
static int
-checkentry(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const u_int8_t tos = ((struct ipt_tos_target_info *)targinfo)->tos;
@@ -69,7 +71,7 @@ static struct ipt_target ipt_tos_reg = {
.target = target,
.targetsize = sizeof(struct ipt_tos_target_info),
.table = "mangle",
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c
index 96e79cc..d5200c2 100644
--- a/net/ipv4/netfilter/ipt_TTL.c
+++ b/net/ipv4/netfilter/ipt_TTL.c
@@ -23,7 +23,7 @@ static unsigned int
ipt_ttl_target(struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
unsigned int hooknum, const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo, void *priv_data)
{
struct iphdr *iph;
const struct ipt_TTL_info *info = targinfo;
@@ -63,11 +63,12 @@ ipt_ttl_target(struct sk_buff **pskb,
return IPT_CONTINUE;
}
-static int ipt_ttl_checkentry(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ipt_ttl_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct ipt_TTL_info *info = targinfo;
@@ -86,19 +87,19 @@ static struct ipt_target ipt_TTL = {
.target = ipt_ttl_target,
.targetsize = sizeof(struct ipt_TTL_info),
.table = "mangle",
- .checkentry = ipt_ttl_checkentry,
+ .init = ipt_ttl_init,
.me = THIS_MODULE,
};
-static int __init ipt_ttl_init(void)
+static int __init ipt_ttl_module_init(void)
{
return ipt_register_target(&ipt_TTL);
}
-static void __exit ipt_ttl_fini(void)
+static void __exit ipt_ttl_module_fini(void)
{
ipt_unregister_target(&ipt_TTL);
}
-module_init(ipt_ttl_init);
-module_exit(ipt_ttl_fini);
+module_init(ipt_ttl_module_init);
+module_exit(ipt_ttl_module_fini);
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index 2b104ea..0bff5aa 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -308,7 +308,8 @@ static unsigned int ipt_ulog_target(stru
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
@@ -342,11 +343,12 @@ static void ipt_logfn(unsigned int pf,
ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
}
-static int ipt_ulog_checkentry(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hookmask)
+static int ipt_ulog_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hookmask,
+ void *priv_data)
{
struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
@@ -367,7 +369,7 @@ static struct ipt_target ipt_ulog_reg =
.name = "ULOG",
.target = ipt_ulog_target,
.targetsize = sizeof(struct ipt_ulog_info),
- .checkentry = ipt_ulog_checkentry,
+ .init = ipt_ulog_init,
.me = THIS_MODULE,
};
@@ -377,7 +379,7 @@ static struct nf_logger ipt_ulog_logger
.me = THIS_MODULE,
};
-static int __init ipt_ulog_init(void)
+static int __init ipt_ulog_module_init(void)
{
int i;
@@ -410,7 +412,7 @@ static int __init ipt_ulog_init(void)
return 0;
}
-static void __exit ipt_ulog_fini(void)
+static void __exit ipt_ulog_module_fini(void)
{
ulog_buff_t *ub;
int i;
@@ -438,5 +440,5 @@ static void __exit ipt_ulog_fini(void)
}
-module_init(ipt_ulog_init);
-module_exit(ipt_ulog_fini);
+module_init(ipt_ulog_module_init);
+module_exit(ipt_ulog_module_fini);
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c
index 893dae2..ec2b279 100644
--- a/net/ipv4/netfilter/ipt_addrtype.c
+++ b/net/ipv4/netfilter/ipt_addrtype.c
@@ -30,7 +30,8 @@ static inline int match_type(u_int32_t a
static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, int *hotdrop,
+ void *priv_data)
{
const struct ipt_addrtype_info *info = matchinfo;
const struct iphdr *iph = skb->nh.iph;
diff --git a/net/ipv4/netfilter/ipt_ah.c b/net/ipv4/netfilter/ipt_ah.c
index 1798f86..8d446d6 100644
--- a/net/ipv4/netfilter/ipt_ah.c
+++ b/net/ipv4/netfilter/ipt_ah.c
@@ -43,7 +43,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct ip_auth_hdr _ahdr, *ah;
const struct ipt_ah *ahinfo = matchinfo;
@@ -70,11 +71,12 @@ match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
-checkentry(const char *tablename,
- const void *ip_void,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *ip_void,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_ah *ahinfo = matchinfo;
@@ -91,7 +93,7 @@ static struct ipt_match ah_match = {
.match = match,
.matchsize = sizeof(struct ipt_ah),
.proto = IPPROTO_AH,
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c
index dafbdec..d6ec37a 100644
--- a/net/ipv4/netfilter/ipt_ecn.c
+++ b/net/ipv4/netfilter/ipt_ecn.c
@@ -68,7 +68,8 @@ static inline int match_tcp(const struct
static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, int *hotdrop,
+ void *priv_data)
{
const struct ipt_ecn_info *info = matchinfo;
@@ -86,9 +87,9 @@ static int match(const struct sk_buff *s
return 1;
}
-static int checkentry(const char *tablename, const void *ip_void,
- const struct xt_match *match,
- void *matchinfo, unsigned int hook_mask)
+static int init(const char *tablename, const void *ip_void,
+ const struct xt_match *match,
+ void *matchinfo, unsigned int hook_mask, void *priv_data)
{
const struct ipt_ecn_info *info = matchinfo;
const struct ipt_ip *ip = ip_void;
@@ -113,7 +114,7 @@ static struct ipt_match ecn_match = {
.name = "ecn",
.match = match,
.matchsize = sizeof(struct ipt_ecn_info),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_hashlimit.c b/net/ipv4/netfilter/ipt_hashlimit.c
index 4f73a61..12acead 100644
--- a/net/ipv4/netfilter/ipt_hashlimit.c
+++ b/net/ipv4/netfilter/ipt_hashlimit.c
@@ -8,8 +8,8 @@
* Development of this code was funded by Astaro AG, http://www.astaro.com/
*
* based on ipt_limit.c by:
- * Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr>
- * Hervé Eychenne <eychenne@info.enserb.u-bordeaux.fr>
+ * J��e de Vivie <devivie@info.enserb.u-bordeaux.fr>
+ * Herv�Eychenne <eychenne@info.enserb.u-bordeaux.fr>
* Rusty Russell <rusty@rustcorp.com.au>
*
* The general idea is to create a hash table for every dstip and have a
@@ -389,7 +389,8 @@ hashlimit_match(const struct sk_buff *sk
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct ipt_hashlimit_info *r =
((struct ipt_hashlimit_info *)matchinfo)->u.master;
@@ -474,11 +475,12 @@ hashlimit_match(const struct sk_buff *sk
}
static int
-hashlimit_checkentry(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+hashlimit_init(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct ipt_hashlimit_info *r = matchinfo;
@@ -528,7 +530,8 @@ hashlimit_checkentry(const char *tablena
}
static void
-hashlimit_destroy(const struct xt_match *match, void *matchinfo)
+hashlimit_destroy(const struct xt_match *match, void *matchinfo,
+ void *priv_data)
{
struct ipt_hashlimit_info *r = matchinfo;
@@ -568,7 +571,7 @@ #ifdef CONFIG_COMPAT
.compat_from_user = compat_from_user,
.compat_to_user = compat_to_user,
#endif
- .checkentry = hashlimit_checkentry,
+ .init = hashlimit_init,
.destroy = hashlimit_destroy,
.me = THIS_MODULE
};
diff --git a/net/ipv4/netfilter/ipt_owner.c b/net/ipv4/netfilter/ipt_owner.c
index 78c336f..478451e 100644
--- a/net/ipv4/netfilter/ipt_owner.c
+++ b/net/ipv4/netfilter/ipt_owner.c
@@ -29,7 +29,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct ipt_owner_info *info = matchinfo;
@@ -52,11 +53,12 @@ match(const struct sk_buff *skb,
}
static int
-checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_owner_info *info = matchinfo;
@@ -73,7 +75,7 @@ static struct ipt_match owner_match = {
.match = match,
.matchsize = sizeof(struct ipt_owner_info),
.hooks = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index 32ae8d7..a54e0fe 100644
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -173,7 +173,8 @@ static int
ipt_recent_match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, int *hotdrop,
+ void *priv_data)
{
const struct ipt_recent_info *info = matchinfo;
struct recent_table *t;
@@ -236,9 +237,9 @@ out:
}
static int
-ipt_recent_checkentry(const char *tablename, const void *ip,
- const struct xt_match *match, void *matchinfo,
- unsigned int hook_mask)
+ipt_recent_init(const char *tablename, const void *ip,
+ const struct xt_match *match, void *matchinfo,
+ unsigned int hook_mask, void *priv_data)
{
const struct ipt_recent_info *info = matchinfo;
struct recent_table *t;
@@ -294,7 +295,8 @@ out:
}
static void
-ipt_recent_destroy(const struct xt_match *match, void *matchinfo)
+ipt_recent_destroy(const struct xt_match *match, void *matchinfo,
+ void *priv_data)
{
const struct ipt_recent_info *info = matchinfo;
struct recent_table *t;
@@ -467,12 +469,12 @@ static struct ipt_match recent_match = {
.name = "recent",
.match = ipt_recent_match,
.matchsize = sizeof(struct ipt_recent_info),
- .checkentry = ipt_recent_checkentry,
+ .init = ipt_recent_init,
.destroy = ipt_recent_destroy,
.me = THIS_MODULE,
};
-static int __init ipt_recent_init(void)
+static int __init ipt_recent_module_init(void)
{
int err;
@@ -493,7 +495,7 @@ #endif
return err;
}
-static void __exit ipt_recent_exit(void)
+static void __exit ipt_recent_module_exit(void)
{
BUG_ON(!list_empty(&tables));
ipt_unregister_match(&recent_match);
@@ -502,5 +504,5 @@ #ifdef CONFIG_PROC_FS
#endif
}
-module_init(ipt_recent_init);
-module_exit(ipt_recent_exit);
+module_init(ipt_recent_module_init);
+module_exit(ipt_recent_module_exit);
diff --git a/net/ipv4/netfilter/ipt_tos.c b/net/ipv4/netfilter/ipt_tos.c
index 5549c39..c47e50f 100644
--- a/net/ipv4/netfilter/ipt_tos.c
+++ b/net/ipv4/netfilter/ipt_tos.c
@@ -25,7 +25,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct ipt_tos_info *info = matchinfo;
diff --git a/net/ipv4/netfilter/ipt_ttl.c b/net/ipv4/netfilter/ipt_ttl.c
index a5243bd..d02a87b 100644
--- a/net/ipv4/netfilter/ipt_ttl.c
+++ b/net/ipv4/netfilter/ipt_ttl.c
@@ -22,7 +22,8 @@ MODULE_LICENSE("GPL");
static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, int *hotdrop,
+ void *priv_data)
{
const struct ipt_ttl_info *info = matchinfo;
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c
index 435750f..878ac35 100644
--- a/net/ipv6/netfilter/ip6t_HL.c
+++ b/net/ipv6/netfilter/ip6t_HL.c
@@ -22,7 +22,8 @@ static unsigned int ip6t_hl_target(struc
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
struct ipv6hdr *ip6h;
const struct ip6t_HL_info *info = targinfo;
@@ -58,11 +59,12 @@ static unsigned int ip6t_hl_target(struc
return IP6T_CONTINUE;
}
-static int ip6t_hl_checkentry(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ip6t_hl_init(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct ip6t_HL_info *info = targinfo;
@@ -84,19 +86,19 @@ static struct ip6t_target ip6t_HL = {
.target = ip6t_hl_target,
.targetsize = sizeof(struct ip6t_HL_info),
.table = "mangle",
- .checkentry = ip6t_hl_checkentry,
+ .init = ip6t_hl_init,
.me = THIS_MODULE
};
-static int __init ip6t_hl_init(void)
+static int __init ip6t_hl_module_init(void)
{
return ip6t_register_target(&ip6t_HL);
}
-static void __exit ip6t_hl_fini(void)
+static void __exit ip6t_hl_module_fini(void)
{
ip6t_unregister_target(&ip6t_HL);
}
-module_init(ip6t_hl_init);
-module_exit(ip6t_hl_fini);
+module_init(ip6t_hl_module_init);
+module_exit(ip6t_hl_module_fini);
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
index 0cf537d..7f42293 100644
--- a/net/ipv6/netfilter/ip6t_LOG.c
+++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -427,7 +427,8 @@ ip6t_log_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct ip6t_log_info *loginfo = targinfo;
struct nf_loginfo li;
@@ -447,11 +448,12 @@ ip6t_log_target(struct sk_buff **pskb,
}
-static int ip6t_log_checkentry(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ip6t_log_init(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_log_info *loginfo = targinfo;
@@ -471,7 +473,7 @@ static struct ip6t_target ip6t_log_reg =
.name = "LOG",
.target = ip6t_log_target,
.targetsize = sizeof(struct ip6t_log_info),
- .checkentry = ip6t_log_checkentry,
+ .init = ip6t_log_init,
.me = THIS_MODULE,
};
@@ -481,7 +483,7 @@ static struct nf_logger ip6t_logger = {
.me = THIS_MODULE,
};
-static int __init ip6t_log_init(void)
+static int __init ip6t_log_module_init(void)
{
if (ip6t_register_target(&ip6t_log_reg))
return -EINVAL;
@@ -495,11 +497,11 @@ static int __init ip6t_log_init(void)
return 0;
}
-static void __exit ip6t_log_fini(void)
+static void __exit ip6t_log_module_fini(void)
{
nf_log_unregister_logger(&ip6t_logger);
ip6t_unregister_target(&ip6t_log_reg);
}
-module_init(ip6t_log_init);
-module_exit(ip6t_log_fini);
+module_init(ip6t_log_module_init);
+module_exit(ip6t_log_module_fini);
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index 311eae8..4ea5a3d 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -176,11 +176,12 @@ send_unreach(struct sk_buff *skb_in, uns
}
static unsigned int reject6_target(struct sk_buff **pskb,
- const struct net_device *in,
- const struct net_device *out,
- unsigned int hooknum,
- const struct xt_target *target,
- const void *targinfo)
+ const struct net_device *in,
+ const struct net_device *out,
+ unsigned int hooknum,
+ const struct xt_target *target,
+ const void *targinfo,
+ void *priv_data)
{
const struct ip6t_reject_info *reject = targinfo;
@@ -219,11 +220,12 @@ static unsigned int reject6_target(struc
return NF_DROP;
}
-static int check(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_reject_info *rejinfo = targinfo;
const struct ip6t_entry *e = entry;
@@ -249,7 +251,7 @@ static struct ip6t_target ip6t_reject_re
.table = "filter",
.hooks = (1 << NF_IP6_LOCAL_IN) | (1 << NF_IP6_FORWARD) |
(1 << NF_IP6_LOCAL_OUT),
- .checkentry = check,
+ .init = init,
.me = THIS_MODULE
};
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c
index ec1b160..9f10fc4 100644
--- a/net/ipv6/netfilter/ip6t_ah.c
+++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -48,7 +48,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct ip_auth_hdr *ah, _ah;
const struct ip6t_ah *ahinfo = matchinfo;
@@ -98,11 +99,12 @@ match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
-checkentry(const char *tablename,
- const void *entry,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *entry,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_ah *ahinfo = matchinfo;
@@ -117,7 +119,7 @@ static struct ip6t_match ah_match = {
.name = "ah",
.match = match,
.matchsize = sizeof(struct ip6t_ah),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c
index 4f6b84c..3d72a98 100644
--- a/net/ipv6/netfilter/ip6t_eui64.c
+++ b/net/ipv6/netfilter/ip6t_eui64.c
@@ -26,7 +26,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
unsigned char eui64[8];
int i = 0;
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c
index 78d9c8b..be9aa65 100644
--- a/net/ipv6/netfilter/ip6t_frag.c
+++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -47,7 +47,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct frag_hdr _frag, *fh;
const struct ip6t_frag *fraginfo = matchinfo;
@@ -115,11 +116,12 @@ match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
-checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_frag *fraginfo = matchinfo;
@@ -134,7 +136,7 @@ static struct ip6t_match frag_match = {
.name = "frag",
.match = match,
.matchsize = sizeof(struct ip6t_frag),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c
index d32a205..59fa6e2 100644
--- a/net/ipv6/netfilter/ip6t_hbh.c
+++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -54,7 +54,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct ipv6_opt_hdr _optsh, *oh;
const struct ip6t_opts *optinfo = matchinfo;
@@ -169,11 +170,12 @@ match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
-checkentry(const char *tablename,
- const void *entry,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *entry,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_opts *optsinfo = matchinfo;
@@ -190,7 +192,7 @@ static struct xt_match opts_match[] = {
.family = AF_INET6,
.match = match,
.matchsize = sizeof(struct ip6t_opts),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
.data = NEXTHDR_HOP,
},
@@ -199,7 +201,7 @@ static struct xt_match opts_match[] = {
.family = AF_INET6,
.match = match,
.matchsize = sizeof(struct ip6t_opts),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
.data = NEXTHDR_DEST,
},
--git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c
index 3093c39..0e224ac 100644
--- a/net/ipv6/netfilter/ip6t_ipv6header.c
+++ b/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -33,7 +33,8 @@ ipv6header_match(const struct sk_buff *s
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct ip6t_ipv6header_info *info = matchinfo;
unsigned int temp;
@@ -124,11 +125,12 @@ ipv6header_match(const struct sk_buff *s
}
static int
-ipv6header_checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+ipv6header_init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_ipv6header_info *info = matchinfo;
@@ -144,20 +146,20 @@ static struct ip6t_match ip6t_ipv6header
.name = "ipv6header",
.match = &ipv6header_match,
.matchsize = sizeof(struct ip6t_ipv6header_info),
- .checkentry = &ipv6header_checkentry,
+ .init = &ipv6header_init,
.destroy = NULL,
.me = THIS_MODULE,
};
-static int __init ipv6header_init(void)
+static int __init ipv6header_module_init(void)
{
return ip6t_register_match(&ip6t_ipv6header_match);
}
-static void __exit ipv6header_exit(void)
+static void __exit ipv6header_module_exit(void)
{
ip6t_unregister_match(&ip6t_ipv6header_match);
}
-module_init(ipv6header_init);
-module_exit(ipv6header_exit);
+module_init(ipv6header_module_init);
+module_exit(ipv6header_module_exit);
diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c
index 4eb9bbc..97ad7e7 100644
--- a/net/ipv6/netfilter/ip6t_owner.c
+++ b/net/ipv6/netfilter/ip6t_owner.c
@@ -30,7 +30,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct ip6t_owner_info *info = matchinfo;
@@ -53,11 +54,12 @@ match(const struct sk_buff *skb,
}
static int
-checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_owner_info *info = matchinfo;
@@ -74,7 +76,7 @@ static struct ip6t_match owner_match = {
.match = match,
.matchsize = sizeof(struct ip6t_owner_info),
.hooks = (1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index bcb2e16..572ac50 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -49,7 +49,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct ipv6_rt_hdr _route, *rh;
const struct ip6t_rt *rtinfo = matchinfo;
@@ -193,11 +194,12 @@ match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
-checkentry(const char *tablename,
- const void *entry,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *entry,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_rt *rtinfo = matchinfo;
@@ -220,7 +222,7 @@ static struct ip6t_match rt_match = {
.name = "rt",
.match = match,
.matchsize = sizeof(struct ip6t_rt),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/netfilter/xt_CLASSIFY.c b/net/netfilter/xt_CLASSIFY.c
index 50de965..501a5a8 100644
--- a/net/netfilter/xt_CLASSIFY.c
+++ b/net/netfilter/xt_CLASSIFY.c
@@ -29,7 +29,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct xt_classify_target_info *clinfo = targinfo;
diff --git a/net/netfilter/xt_CONNMARK.c b/net/netfilter/xt_CONNMARK.c
index c01524f..7a73bd0 100644
--- a/net/netfilter/xt_CONNMARK.c
+++ b/net/netfilter/xt_CONNMARK.c
@@ -38,7 +38,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct xt_connmark_target_info *markinfo = targinfo;
u_int32_t diff;
@@ -85,11 +86,12 @@ #endif
}
static int
-checkentry(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct xt_connmark_target_info *matchinfo = targinfo;
@@ -143,7 +145,7 @@ static struct xt_target xt_connmark_targ
{
.name = "CONNMARK",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_connmark_target_info),
#ifdef CONFIG_COMPAT
@@ -156,7 +158,7 @@ #endif
{
.name = "CONNMARK",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_connmark_target_info),
.me = THIS_MODULE
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c
index a7cc75a..c15ef6f 100644
--- a/net/netfilter/xt_DSCP.c
+++ b/net/netfilter/xt_DSCP.c
@@ -32,7 +32,8 @@ static unsigned int target(struct sk_buf
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct xt_DSCP_info *dinfo = targinfo;
u_int8_t dscp = ipv4_get_dsfield((*pskb)->nh.iph) >> XT_DSCP_SHIFT;
@@ -53,7 +54,8 @@ static unsigned int target6(struct sk_bu
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct xt_DSCP_info *dinfo = targinfo;
u_int8_t dscp = ipv6_get_dsfield((*pskb)->nh.ipv6h) >> XT_DSCP_SHIFT;
@@ -68,11 +70,12 @@ static unsigned int target6(struct sk_bu
return XT_CONTINUE;
}
-static int checkentry(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp;
@@ -87,7 +90,7 @@ static struct xt_target xt_dscp_target[]
{
.name = "DSCP",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_DSCP_info),
.table = "mangle",
@@ -96,7 +99,7 @@ static struct xt_target xt_dscp_target[]
{
.name = "DSCP",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.target = target6,
.targetsize = sizeof(struct xt_DSCP_info),
.table = "mangle",
diff --git a/net/netfilter/xt_MARK.c b/net/netfilter/xt_MARK.c
index c6e860a..962814a 100644
--- a/net/netfilter/xt_MARK.c
+++ b/net/netfilter/xt_MARK.c
@@ -27,7 +27,8 @@ target_v0(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct xt_mark_target_info *markinfo = targinfo;
@@ -43,7 +44,8 @@ target_v1(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct xt_mark_target_info_v1 *markinfo = targinfo;
int mark = 0;
@@ -70,11 +72,12 @@ target_v1(struct sk_buff **pskb,
static int
-checkentry_v0(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init_v0(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct xt_mark_target_info *markinfo = targinfo;
@@ -86,11 +89,12 @@ checkentry_v0(const char *tablename,
}
static int
-checkentry_v1(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init_v1(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct xt_mark_target_info_v1 *markinfo = targinfo;
@@ -142,7 +146,7 @@ static struct xt_target xt_mark_target[]
.name = "MARK",
.family = AF_INET,
.revision = 0,
- .checkentry = checkentry_v0,
+ .init = init_v0,
.target = target_v0,
.targetsize = sizeof(struct xt_mark_target_info),
.table = "mangle",
@@ -152,7 +156,7 @@ static struct xt_target xt_mark_target[]
.name = "MARK",
.family = AF_INET,
.revision = 1,
- .checkentry = checkentry_v1,
+ .init = init_v1,
.target = target_v1,
.targetsize = sizeof(struct xt_mark_target_info_v1),
#ifdef CONFIG_COMPAT
@@ -167,7 +171,7 @@ #endif
.name = "MARK",
.family = AF_INET6,
.revision = 0,
- .checkentry = checkentry_v0,
+ .init = init_v0,
.target = target_v0,
.targetsize = sizeof(struct xt_mark_target_info),
.table = "mangle",
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c
index db9b896..e797fac 100644
--- a/net/netfilter/xt_NFQUEUE.c
+++ b/net/netfilter/xt_NFQUEUE.c
@@ -29,7 +29,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct xt_NFQ_info *tinfo = targinfo;
diff --git a/net/netfilter/xt_NOTRACK.c b/net/netfilter/xt_NOTRACK.c
index 6d00dca..deaf86c 100644
--- a/net/netfilter/xt_NOTRACK.c
+++ b/net/netfilter/xt_NOTRACK.c
@@ -16,7 +16,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
/* Previously seen (loopback)? Ignore. */
if ((*pskb)->nfct != NULL)
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
index add7521..b6cf8e6 100644
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -31,7 +31,7 @@ static u8 mode;
static unsigned int target(struct sk_buff **pskb, const struct net_device *in,
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo, void *priv_data)
{
u32 secmark = 0;
const struct xt_secmark_target_info *info = targinfo;
@@ -83,9 +83,9 @@ static int checkentry_selinux(struct xt_
return 1;
}
-static int checkentry(const char *tablename, const void *entry,
- const struct xt_target *target, void *targinfo,
- unsigned int hook_mask)
+static int init(const char *tablename, const void *entry,
+ const struct xt_target *target, void *targinfo,
+ unsigned int hook_mask, void *priv_data)
{
struct xt_secmark_target_info *info = targinfo;
@@ -115,7 +115,7 @@ static struct xt_target xt_secmark_targe
{
.name = "SECMARK",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_secmark_target_info),
.table = "mangle",
@@ -124,7 +124,7 @@ static struct xt_target xt_secmark_targe
{
.name = "SECMARK",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_secmark_target_info),
.table = "mangle",
--git a/net/netfilter/xt_comment.c b/net/netfilter/xt_comment.c
index 7db492d..67e7023 100644
--- a/net/netfilter/xt_comment.c
+++ b/net/netfilter/xt_comment.c
@@ -23,7 +23,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protooff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
/* We always match */
return 1;
diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c
index dcc497e..db4f236 100644
--- a/net/netfilter/xt_connbytes.c
+++ b/net/netfilter/xt_connbytes.c
@@ -48,7 +48,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_connbytes_info *sinfo = matchinfo;
u_int64_t what = 0; /* initialize to make gcc happy */
@@ -121,11 +122,12 @@ match(const struct sk_buff *skb,
return (what >= sinfo->count.from);
}
-static int check(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct xt_connbytes_info *sinfo = matchinfo;
@@ -146,7 +148,7 @@ static struct xt_match xt_connbytes_matc
{
.name = "connbytes",
.family = AF_INET,
- .checkentry = check,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_connbytes_info),
.me = THIS_MODULE
@@ -154,7 +156,7 @@ static struct xt_match xt_connbytes_matc
{
.name = "connbytes",
.family = AF_INET6,
- .checkentry = check,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_connbytes_info),
.me = THIS_MODULE
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c
index 92a5726..b4cce05 100644
--- a/net/netfilter/xt_connmark.c
+++ b/net/netfilter/xt_connmark.c
@@ -39,7 +39,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_connmark_info *info = matchinfo;
u_int32_t ctinfo;
@@ -51,11 +52,12 @@ match(const struct sk_buff *skb,
}
static int
-checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct xt_connmark_info *cm = matchinfo;
@@ -74,7 +76,7 @@ #endif
}
static void
-destroy(const struct xt_match *match, void *matchinfo)
+destroy(const struct xt_match *match, void *matchinfo, void *priv_data)
{
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
nf_ct_l3proto_module_put(match->family);
@@ -116,7 +118,7 @@ static struct xt_match xt_connmark_match
{
.name = "connmark",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.destroy = destroy,
.matchsize = sizeof(struct xt_connmark_info),
@@ -130,7 +132,7 @@ #endif
{
.name = "connmark",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.destroy = destroy,
.matchsize = sizeof(struct xt_connmark_info),
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index 0ea501a..72941f9 100644
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c
@@ -36,7 +36,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_conntrack_info *sinfo = matchinfo;
struct ip_conntrack *ct;
@@ -132,7 +133,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_conntrack_info *sinfo = matchinfo;
struct nf_conn *ct;
@@ -222,11 +224,12 @@ #define FWINV(bool,invflg) ((bool) ^ !!(
#endif /* CONFIG_NF_IP_CONNTRACK */
static int
-checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
if (nf_ct_l3proto_try_module_get(match->family) < 0) {
@@ -238,7 +241,8 @@ #endif
return 1;
}
-static void destroy(const struct xt_match *match, void *matchinfo)
+static void destroy(const struct xt_match *match, void *matchinfo,
+ void *priv_data)
{
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
nf_ct_l3proto_module_put(match->family);
@@ -248,7 +252,7 @@ #endif
static struct xt_match conntrack_match = {
.name = "conntrack",
.match = match,
- .checkentry = checkentry,
+ .init = init,
.destroy = destroy,
.matchsize = sizeof(struct xt_conntrack_info),
.family = AF_INET,
diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c
index 3e6cf43..c77fd93 100644
--- a/net/netfilter/xt_dccp.c
+++ b/net/netfilter/xt_dccp.c
@@ -99,7 +99,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_dccp_info *info = matchinfo;
struct dccp_hdr _dh, *dh;
@@ -127,11 +128,12 @@ match(const struct sk_buff *skb,
}
static int
-checkentry(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct xt_dccp_info *info = matchinfo;
@@ -144,7 +146,7 @@ static struct xt_match xt_dccp_match[] =
{
.name = "dccp",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_dccp_info),
.proto = IPPROTO_DCCP,
@@ -153,7 +155,7 @@ static struct xt_match xt_dccp_match[] =
{
.name = "dccp",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_dccp_info),
.proto = IPPROTO_DCCP,
diff --git a/net/netfilter/xt_dscp.c b/net/netfilter/xt_dscp.c
index 26c7f4a..b7935bf 100644
--- a/net/netfilter/xt_dscp.c
+++ b/net/netfilter/xt_dscp.c
@@ -31,7 +31,8 @@ static int match(const struct sk_buff *s
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_dscp_info *info = matchinfo;
u_int8_t dscp = ipv4_get_dsfield(skb->nh.iph) >> XT_DSCP_SHIFT;
@@ -46,7 +47,8 @@ static int match6(const struct sk_buff *
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_dscp_info *info = matchinfo;
u_int8_t dscp = ipv6_get_dsfield(skb->nh.ipv6h) >> XT_DSCP_SHIFT;
@@ -54,11 +56,12 @@ static int match6(const struct sk_buff *
return (dscp == info->dscp) ^ !!info->invert;
}
-static int checkentry(const char *tablename,
- const void *info,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *info,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const u_int8_t dscp = ((struct xt_dscp_info *)matchinfo)->dscp;
@@ -74,7 +77,7 @@ static struct xt_match xt_dscp_match[] =
{
.name = "dscp",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_dscp_info),
.me = THIS_MODULE,
@@ -82,7 +85,7 @@ static struct xt_match xt_dscp_match[] =
{
.name = "dscp",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match6,
.matchsize = sizeof(struct xt_dscp_info),
.me = THIS_MODULE,
diff --git a/net/netfilter/xt_esp.c b/net/netfilter/xt_esp.c
index 7c95f14..43f7771 100644
--- a/net/netfilter/xt_esp.c
+++ b/net/netfilter/xt_esp.c
@@ -50,7 +50,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct ip_esp_hdr _esp, *eh;
const struct xt_esp *espinfo = matchinfo;
@@ -75,11 +76,12 @@ match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
-checkentry(const char *tablename,
- const void *ip_void,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *ip_void,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct xt_esp *espinfo = matchinfo;
@@ -95,7 +97,7 @@ static struct xt_match xt_esp_match[] =
{
.name = "esp",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_esp),
.proto = IPPROTO_ESP,
@@ -104,7 +106,7 @@ static struct xt_match xt_esp_match[] =
{
.name = "esp",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_esp),
.proto = IPPROTO_ESP,
diff --git a/net/netfilter/xt_helper.c b/net/netfilter/xt_helper.c
index 5d7818b..f4f5af3 100644
--- a/net/netfilter/xt_helper.c
+++ b/net/netfilter/xt_helper.c
@@ -46,7 +46,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_helper_info *info = matchinfo;
struct ip_conntrack *ct;
@@ -94,7 +95,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_helper_info *info = matchinfo;
struct nf_conn *ct;
@@ -135,11 +137,12 @@ out_unlock:
}
#endif
-static int check(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct xt_helper_info *info = matchinfo;
@@ -155,7 +158,7 @@ #endif
}
static void
-destroy(const struct xt_match *match, void *matchinfo)
+destroy(const struct xt_match *match, void *matchinfo, void *priv_data)
{
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
nf_ct_l3proto_module_put(match->family);
@@ -166,7 +169,7 @@ static struct xt_match xt_helper_match[]
{
.name = "helper",
.family = AF_INET,
- .checkentry = check,
+ .init = init,
.match = match,
.destroy = destroy,
.matchsize = sizeof(struct xt_helper_info),
@@ -175,7 +178,7 @@ static struct xt_match xt_helper_match[]
{
.name = "helper",
.family = AF_INET6,
- .checkentry = check,
+ .init = init,
.match = match,
.destroy = destroy,
.matchsize = sizeof(struct xt_helper_info),
diff --git a/net/netfilter/xt_length.c b/net/netfilter/xt_length.c
index 67fd30d..3f41f45 100644
--- a/net/netfilter/xt_length.c
+++ b/net/netfilter/xt_length.c
@@ -28,7 +28,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_length_info *info = matchinfo;
u_int16_t pktlen = ntohs(skb->nh.iph->tot_len);
@@ -44,7 +45,8 @@ match6(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_length_info *info = matchinfo;
u_int16_t pktlen = ntohs(skb->nh.ipv6h->payload_len) + sizeof(struct ipv6hdr);
diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c
index fda7b7d..3b544c9 100644
--- a/net/netfilter/xt_limit.c
+++ b/net/netfilter/xt_limit.c
@@ -5,8 +5,8 @@
* Alexey is a fucking genius?
* Rusty Russell (rusty@rustcorp.com.au). */
-/* (C) 1999 Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr>
- * (C) 1999 Hervé Eychenne <eychenne@info.enserb.u-bordeaux.fr>
+/* (C) 1999 J��e de Vivie <devivie@info.enserb.u-bordeaux.fr>
+ * (C) 1999 Herv�Eychenne <eychenne@info.enserb.u-bordeaux.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -72,7 +72,8 @@ ipt_limit_match(const struct sk_buff *sk
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct xt_rateinfo *r = ((struct xt_rateinfo *)matchinfo)->master;
unsigned long now = jiffies;
@@ -106,11 +107,12 @@ user2credits(u_int32_t user)
}
static int
-ipt_limit_checkentry(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+ipt_limit_init(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct xt_rateinfo *r = matchinfo;
@@ -183,7 +185,7 @@ static struct xt_match xt_limit_match[]
{
.name = "limit",
.family = AF_INET,
- .checkentry = ipt_limit_checkentry,
+ .init = ipt_limit_init,
.match = ipt_limit_match,
.matchsize = sizeof(struct xt_rateinfo),
#ifdef CONFIG_COMPAT
@@ -196,7 +198,7 @@ #endif
{
.name = "limit",
.family = AF_INET6,
- .checkentry = ipt_limit_checkentry,
+ .init = ipt_limit_init,
.match = ipt_limit_match,
.matchsize = sizeof(struct xt_rateinfo),
.me = THIS_MODULE,
diff --git a/net/netfilter/xt_mac.c b/net/netfilter/xt_mac.c
index 425fc21..fadff66 100644
--- a/net/netfilter/xt_mac.c
+++ b/net/netfilter/xt_mac.c
@@ -31,7 +31,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_mac_info *info = matchinfo;
diff --git a/net/netfilter/xt_mark.c b/net/netfilter/xt_mark.c
index 934dddf..a70c12c 100644
--- a/net/netfilter/xt_mark.c
+++ b/net/netfilter/xt_mark.c
@@ -27,7 +27,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_mark_info *info = matchinfo;
@@ -35,11 +36,12 @@ match(const struct sk_buff *skb,
}
static int
-checkentry(const char *tablename,
- const void *entry,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *entry,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct xt_mark_info *minfo = matchinfo;
@@ -85,7 +87,7 @@ static struct xt_match xt_mark_match[] =
{
.name = "mark",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_mark_info),
#ifdef CONFIG_COMPAT
@@ -98,7 +100,7 @@ #endif
{
.name = "mark",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_mark_info),
.me = THIS_MODULE,
diff --git a/net/netfilter/xt_multiport.c b/net/netfilter/xt_multiport.c
index d3aefd3..aedd1e0 100644
--- a/net/netfilter/xt_multiport.c
+++ b/net/netfilter/xt_multiport.c
@@ -102,7 +102,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
u16 _ports[2], *pptr;
const struct xt_multiport *multiinfo = matchinfo;
@@ -133,7 +134,8 @@ match_v1(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
u16 _ports[2], *pptr;
const struct xt_multiport_v1 *multiinfo = matchinfo;
@@ -172,11 +174,12 @@ check(u_int16_t proto,
/* Called when user tries to insert an entry of this type. */
static int
-checkentry(const char *tablename,
- const void *info,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *info,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_ip *ip = info;
const struct xt_multiport *multiinfo = matchinfo;
@@ -186,11 +189,12 @@ checkentry(const char *tablename,
}
static int
-checkentry_v1(const char *tablename,
- const void *info,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init_v1(const char *tablename,
+ const void *info,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_ip *ip = info;
const struct xt_multiport_v1 *multiinfo = matchinfo;
@@ -200,11 +204,12 @@ checkentry_v1(const char *tablename,
}
static int
-checkentry6(const char *tablename,
- const void *info,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init6(const char *tablename,
+ const void *info,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_ip6 *ip = info;
const struct xt_multiport *multiinfo = matchinfo;
@@ -214,11 +219,12 @@ checkentry6(const char *tablename,
}
static int
-checkentry6_v1(const char *tablename,
- const void *info,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init6_v1(const char *tablename,
+ const void *info,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_ip6 *ip = info;
const struct xt_multiport_v1 *multiinfo = matchinfo;
@@ -232,7 +238,7 @@ static struct xt_match xt_multiport_matc
.name = "multiport",
.family = AF_INET,
.revision = 0,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_multiport),
.me = THIS_MODULE,
@@ -241,7 +247,7 @@ static struct xt_match xt_multiport_matc
.name = "multiport",
.family = AF_INET,
.revision = 1,
- .checkentry = checkentry_v1,
+ .init = init_v1,
.match = match_v1,
.matchsize = sizeof(struct xt_multiport_v1),
.me = THIS_MODULE,
@@ -250,7 +256,7 @@ static struct xt_match xt_multiport_matc
.name = "multiport",
.family = AF_INET6,
.revision = 0,
- .checkentry = checkentry6,
+ .init = init6,
.match = match,
.matchsize = sizeof(struct xt_multiport),
.me = THIS_MODULE,
@@ -259,7 +265,7 @@ static struct xt_match xt_multiport_matc
.name = "multiport",
.family = AF_INET6,
.revision = 1,
- .checkentry = checkentry6_v1,
+ .init = init6_v1,
.match = match_v1,
.matchsize = sizeof(struct xt_multiport_v1),
.me = THIS_MODULE,
diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c
index fd8f954..7893938 100644
--- a/net/netfilter/xt_physdev.c
+++ b/net/netfilter/xt_physdev.c
@@ -31,7 +31,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
int i;
static const char nulldevname[IFNAMSIZ];
@@ -102,11 +103,12 @@ match_outdev:
}
static int
-checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct xt_physdev_info *info = matchinfo;
@@ -135,7 +137,7 @@ static struct xt_match xt_physdev_match[
{
.name = "physdev",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_physdev_info),
.me = THIS_MODULE,
@@ -143,7 +145,7 @@ static struct xt_match xt_physdev_match[
{
.name = "physdev",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_physdev_info),
.me = THIS_MODULE,
diff --git a/net/netfilter/xt_pkttype.c b/net/netfilter/xt_pkttype.c
index 16e7b08..efe454c 100644
--- a/net/netfilter/xt_pkttype.c
+++ b/net/netfilter/xt_pkttype.c
@@ -28,7 +28,8 @@ static int match(const struct sk_buff *s
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
u_int8_t type;
const struct xt_pkttype_info *info = matchinfo;
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c
index 46bde2b..1540879 100644
--- a/net/netfilter/xt_policy.c
+++ b/net/netfilter/xt_policy.c
@@ -115,7 +115,8 @@ static int match(const struct sk_buff *s
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_policy_info *info = matchinfo;
int ret;
@@ -133,9 +134,9 @@ static int match(const struct sk_buff *s
return ret;
}
-static int checkentry(const char *tablename, const void *ip_void,
- const struct xt_match *match,
- void *matchinfo, unsigned int hook_mask)
+static int init(const char *tablename, const void *ip_void,
+ const struct xt_match *match,
+ void *matchinfo, unsigned int hook_mask, void *priv_data)
{
struct xt_policy_info *info = matchinfo;
@@ -168,7 +169,7 @@ static struct xt_match xt_policy_match[]
{
.name = "policy",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_policy_info),
.me = THIS_MODULE,
@@ -176,25 +177,25 @@ static struct xt_match xt_policy_match[]
{
.name = "policy",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_policy_info),
.me = THIS_MODULE,
},
};
-static int __init init(void)
+static int __init xt_policy_init(void)
{
return xt_register_matches(xt_policy_match,
ARRAY_SIZE(xt_policy_match));
}
-static void __exit fini(void)
+static void __exit xt_policy_fini(void)
{
xt_unregister_matches(xt_policy_match, ARRAY_SIZE(xt_policy_match));
}
-module_init(init);
-module_exit(fini);
+module_init(xt_policy_init);
+module_exit(xt_policy_fini);
MODULE_ALIAS("ipt_policy");
MODULE_ALIAS("ip6t_policy");
diff --git a/net/netfilter/xt_quota.c b/net/netfilter/xt_quota.c
index b75fa2c..32702d2 100644
--- a/net/netfilter/xt_quota.c
+++ b/net/netfilter/xt_quota.c
@@ -20,7 +20,8 @@ static int
match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, int *hotdrop,
+ void *priv_data)
{
struct xt_quota_info *q = ((struct xt_quota_info *)matchinfo)->master;
int ret = q->flags & XT_QUOTA_INVERT ? 1 : 0;
@@ -39,9 +40,9 @@ match(const struct sk_buff *skb,
}
static int
-checkentry(const char *tablename, const void *entry,
- const struct xt_match *match, void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename, const void *entry,
+ const struct xt_match *match, void *matchinfo,
+ unsigned int hook_mask, void *priv_data)
{
struct xt_quota_info *q = (struct xt_quota_info *)matchinfo;
@@ -56,7 +57,7 @@ static struct xt_match xt_quota_match[]
{
.name = "quota",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_quota_info),
.me = THIS_MODULE
@@ -64,7 +65,7 @@ static struct xt_match xt_quota_match[]
{
.name = "quota",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_quota_info),
.me = THIS_MODULE
diff --git a/net/netfilter/xt_realm.c b/net/netfilter/xt_realm.c
index a80b7d1..53d8b17 100644
--- a/net/netfilter/xt_realm.c
+++ b/net/netfilter/xt_realm.c
@@ -31,7 +31,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_realm_info *info = matchinfo;
struct dst_entry *dst = skb->dst;
diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c
index 7956aca..5b599d8 100644
--- a/net/netfilter/xt_sctp.c
+++ b/net/netfilter/xt_sctp.c
@@ -127,7 +127,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_sctp_info *info = matchinfo;
sctp_sctphdr_t _sh, *sh;
@@ -159,11 +160,12 @@ match(const struct sk_buff *skb,
}
static int
-checkentry(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct xt_sctp_info *info = matchinfo;
@@ -181,7 +183,7 @@ static struct xt_match xt_sctp_match[] =
{
.name = "sctp",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_sctp_info),
.proto = IPPROTO_SCTP,
@@ -190,7 +192,7 @@ static struct xt_match xt_sctp_match[] =
{
.name = "sctp",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_sctp_info),
.proto = IPPROTO_SCTP,
diff --git a/net/netfilter/xt_state.c b/net/netfilter/xt_state.c
index d9010b1..1532d33 100644
--- a/net/netfilter/xt_state.c
+++ b/net/netfilter/xt_state.c
@@ -28,7 +28,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_state_info *sinfo = matchinfo;
enum ip_conntrack_info ctinfo;
@@ -44,11 +45,12 @@ match(const struct sk_buff *skb,
return (sinfo->statemask & statebit);
}
-static int check(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
if (nf_ct_l3proto_try_module_get(match->family) < 0) {
@@ -61,7 +63,7 @@ #endif
}
static void
-destroy(const struct xt_match *match, void *matchinfo)
+destroy(const struct xt_match *match, void *matchinfo, void *priv_data)
{
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
nf_ct_l3proto_module_put(match->family);
@@ -72,7 +74,7 @@ static struct xt_match xt_state_match[]
{
.name = "state",
.family = AF_INET,
- .checkentry = check,
+ .init = init,
.match = match,
.destroy = destroy,
.matchsize = sizeof(struct xt_state_info),
@@ -81,7 +83,7 @@ static struct xt_match xt_state_match[]
{
.name = "state",
.family = AF_INET6,
- .checkentry = check,
+ .init = init,
.match = match,
.destroy = destroy,
.matchsize = sizeof(struct xt_state_info),
diff --git a/net/netfilter/xt_statistic.c b/net/netfilter/xt_statistic.c
index 091a9f8..6fbc1dd 100644
--- a/net/netfilter/xt_statistic.c
+++ b/net/netfilter/xt_statistic.c
@@ -28,7 +28,7 @@ static int
match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, int *hotdrop, void *priv_data)
{
struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo;
int ret = info->flags & XT_STATISTIC_INVERT ? 1 : 0;
@@ -53,9 +53,9 @@ match(const struct sk_buff *skb,
}
static int
-checkentry(const char *tablename, const void *entry,
- const struct xt_match *match, void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename, const void *entry,
+ const struct xt_match *match, void *matchinfo,
+ unsigned int hook_mask, void *priv_data)
{
struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo;
@@ -70,7 +70,7 @@ static struct xt_match xt_statistic_matc
{
.name = "statistic",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_statistic_info),
.me = THIS_MODULE,
@@ -78,7 +78,7 @@ static struct xt_match xt_statistic_matc
{
.name = "statistic",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_statistic_info),
.me = THIS_MODULE,
diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c
index 4453252..be01c47 100644
--- a/net/netfilter/xt_string.c
+++ b/net/netfilter/xt_string.c
@@ -28,7 +28,8 @@ static int match(const struct sk_buff *s
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_string_info *conf = matchinfo;
struct ts_state state;
@@ -42,11 +43,12 @@ static int match(const struct sk_buff *s
#define STRING_TEXT_PRIV(m) ((struct xt_string_info *) m)
-static int checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct xt_string_info *conf = matchinfo;
struct ts_config *ts_conf;
@@ -68,7 +70,8 @@ static int checkentry(const char *tablen
return 1;
}
-static void destroy(const struct xt_match *match, void *matchinfo)
+static void destroy(const struct xt_match *match, void *matchinfo,
+ void *priv_data)
{
textsearch_destroy(STRING_TEXT_PRIV(matchinfo)->config);
}
@@ -77,7 +80,7 @@ static struct xt_match xt_string_match[]
{
.name = "string",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.destroy = destroy,
.matchsize = sizeof(struct xt_string_info),
@@ -86,8 +89,8 @@ static struct xt_match xt_string_match[]
{
.name = "string",
.family = AF_INET6,
- .checkentry = checkentry,
- .match = match,
+ .init = init,
+ .match = match,
.destroy = destroy,
.matchsize = sizeof(struct xt_string_info),
.me = THIS_MODULE
diff --git a/net/netfilter/xt_tcpmss.c b/net/netfilter/xt_tcpmss.c
index a3682fe..e512f70 100644
--- a/net/netfilter/xt_tcpmss.c
+++ b/net/netfilter/xt_tcpmss.c
@@ -31,7 +31,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_tcpmss_match_info *info = matchinfo;
struct tcphdr _tcph, *th;
diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c
index e76a68e..516d0d6 100644
--- a/net/netfilter/xt_tcpudp.c
+++ b/net/netfilter/xt_tcpudp.c
@@ -78,7 +78,8 @@ tcp_match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct tcphdr _tcph, *th;
const struct xt_tcp *tcpinfo = matchinfo;
@@ -137,11 +138,12 @@ #define FWINVTCP(bool,invflg) ((bool) ^
/* Called when user tries to insert an entry of this type. */
static int
-tcp_checkentry(const char *tablename,
- const void *info,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+xt_tcp_init(const char *tablename,
+ const void *info,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct xt_tcp *tcpinfo = matchinfo;
@@ -157,7 +159,8 @@ udp_match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct udphdr _udph, *uh;
const struct xt_udp *udpinfo = matchinfo;
@@ -185,11 +188,12 @@ udp_match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
-udp_checkentry(const char *tablename,
- const void *info,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+xt_udp_init(const char *tablename,
+ const void *info,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct xt_tcp *udpinfo = matchinfo;
@@ -201,7 +205,7 @@ static struct xt_match xt_tcpudp_match[]
{
.name = "tcp",
.family = AF_INET,
- .checkentry = tcp_checkentry,
+ .init = xt_tcp_init,
.match = tcp_match,
.matchsize = sizeof(struct xt_tcp),
.proto = IPPROTO_TCP,
@@ -210,7 +214,7 @@ static struct xt_match xt_tcpudp_match[]
{
.name = "tcp",
.family = AF_INET6,
- .checkentry = tcp_checkentry,
+ .init = xt_tcp_init,
.match = tcp_match,
.matchsize = sizeof(struct xt_tcp),
.proto = IPPROTO_TCP,
@@ -219,7 +223,7 @@ static struct xt_match xt_tcpudp_match[]
{
.name = "udp",
.family = AF_INET,
- .checkentry = udp_checkentry,
+ .init = xt_udp_init,
.match = udp_match,
.matchsize = sizeof(struct xt_udp),
.proto = IPPROTO_UDP,
@@ -228,7 +232,7 @@ static struct xt_match xt_tcpudp_match[]
{
.name = "udp",
.family = AF_INET6,
- .checkentry = udp_checkentry,
+ .init = xt_udp_init,
.match = udp_match,
.matchsize = sizeof(struct xt_udp),
.proto = IPPROTO_UDP,
@@ -236,16 +240,16 @@ static struct xt_match xt_tcpudp_match[]
},
};
-static int __init xt_tcpudp_init(void)
+static int __init xt_tcpudp_module_init(void)
{
return xt_register_matches(xt_tcpudp_match,
ARRAY_SIZE(xt_tcpudp_match));
}
-static void __exit xt_tcpudp_fini(void)
+static void __exit xt_tcpudp_module_fini(void)
{
xt_unregister_matches(xt_tcpudp_match, ARRAY_SIZE(xt_tcpudp_match));
}
-module_init(xt_tcpudp_init);
-module_exit(xt_tcpudp_fini);
+module_init(xt_tcpudp_module_init);
+module_exit(xt_tcpudp_module_fini);
--
1.4.2
next prev parent reply other threads:[~2006-09-25 8:17 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-24 22:40 [PATCH 0/2][priv_data-condition] Massimiliano Hofer
2006-09-25 8:15 ` Massimiliano Hofer
2006-09-25 8:16 ` [PATCH 1/2][priv_data-condition][part 1/2][core] Massimiliano Hofer
2006-09-30 16:54 ` Patrick McHardy
2006-12-05 22:06 ` Massimiliano Hofer
2006-09-25 8:17 ` Massimiliano Hofer [this message]
2006-09-30 16:55 ` [PATCH 1/2][priv_data-condition][part 2/2][matches_and_targets] Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200609251017.34183.max@nucleus.it \
--to=max@nucleus.it \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.