From b24cd99b101357a5829ef22d45e5730bf0f1890d Mon Sep 17 00:00:00 2001 From: Massimiliano Hofer Date: Mon, 25 Sep 2006 10:09:07 +0200 Subject: [PATCH] priv_data-matches_and_targets This patch adds support for instance specific data in matches and targets. This patch complements the core update. Signed-off-by: Massimiliano Hofer --- include/linux/netfilter/x_tables.h | 4 +- net/ipv4/netfilter/arpt_mangle.c | 8 ++--- net/ipv4/netfilter/ip_nat_rule.c | 32 +++++++++++-------- net/ipv4/netfilter/ip_tables.c | 6 ++-- net/ipv4/netfilter/ipt_CLUSTERIP.c | 19 ++++++----- net/ipv4/netfilter/ipt_ECN.c | 16 +++++---- net/ipv4/netfilter/ipt_LOG.c | 24 ++++++++------ net/ipv4/netfilter/ipt_MASQUERADE.c | 16 +++++---- net/ipv4/netfilter/ipt_NETMAP.c | 16 +++++---- net/ipv4/netfilter/ipt_REDIRECT.c | 16 +++++---- net/ipv4/netfilter/ipt_REJECT.c | 16 +++++---- net/ipv4/netfilter/ipt_SAME.c | 18 ++++++----- net/ipv4/netfilter/ipt_TCPMSS.c | 24 ++++++++------ net/ipv4/netfilter/ipt_TOS.c | 16 +++++---- net/ipv4/netfilter/ipt_TTL.c | 23 +++++++------ net/ipv4/netfilter/ipt_ULOG.c | 24 ++++++++------ net/ipv4/netfilter/ipt_addrtype.c | 3 +- net/ipv4/netfilter/ipt_ah.c | 16 +++++---- net/ipv4/netfilter/ipt_ecn.c | 11 ++++-- net/ipv4/netfilter/ipt_hashlimit.c | 23 ++++++++----- net/ipv4/netfilter/ipt_owner.c | 16 +++++---- net/ipv4/netfilter/ipt_recent.c | 22 +++++++------ net/ipv4/netfilter/ipt_tos.c | 3 +- net/ipv4/netfilter/ipt_ttl.c | 3 +- net/ipv6/netfilter/ip6t_HL.c | 24 ++++++++------ net/ipv6/netfilter/ip6t_LOG.c | 24 ++++++++------ net/ipv6/netfilter/ip6t_REJECT.c | 24 ++++++++------ net/ipv6/netfilter/ip6t_ah.c | 16 +++++---- net/ipv6/netfilter/ip6t_eui64.c | 3 +- net/ipv6/netfilter/ip6t_frag.c | 16 +++++---- net/ipv6/netfilter/ip6t_hbh.c | 18 ++++++----- net/ipv6/netfilter/ip6t_ipv6header.c | 24 ++++++++------ net/ipv6/netfilter/ip6t_owner.c | 16 +++++---- net/ipv6/netfilter/ip6t_rt.c | 16 +++++---- net/netfilter/xt_CLASSIFY.c | 3 +- net/netfilter/xt_CONNMARK.c | 18 ++++++----- net/netfilter/xt_DSCP.c | 21 +++++++----- net/netfilter/xt_MARK.c | 34 +++++++++++--------- net/netfilter/xt_NFQUEUE.c | 3 +- net/netfilter/xt_NOTRACK.c | 3 +- net/netfilter/xt_SECMARK.c | 12 ++++--- net/netfilter/xt_comment.c | 3 +- net/netfilter/xt_connbytes.c | 18 ++++++----- net/netfilter/xt_connmark.c | 20 ++++++------ net/netfilter/xt_conntrack.c | 22 ++++++++----- net/netfilter/xt_dccp.c | 18 ++++++----- net/netfilter/xt_dscp.c | 21 +++++++----- net/netfilter/xt_esp.c | 18 ++++++----- net/netfilter/xt_helper.c | 23 ++++++++----- net/netfilter/xt_length.c | 6 ++-- net/netfilter/xt_limit.c | 22 +++++++------ net/netfilter/xt_mac.c | 3 +- net/netfilter/xt_mark.c | 18 ++++++----- net/netfilter/xt_multiport.c | 58 +++++++++++++++++++--------------- net/netfilter/xt_physdev.c | 18 ++++++----- net/netfilter/xt_pkttype.c | 3 +- net/netfilter/xt_policy.c | 21 ++++++------ net/netfilter/xt_quota.c | 13 ++++---- net/netfilter/xt_realm.c | 3 +- net/netfilter/xt_sctp.c | 18 ++++++----- net/netfilter/xt_state.c | 20 ++++++------ net/netfilter/xt_statistic.c | 12 ++++--- net/netfilter/xt_string.c | 23 ++++++++----- net/netfilter/xt_tcpmss.c | 3 +- net/netfilter/xt_tcpudp.c | 44 ++++++++++++++------------ 65 files changed, 600 insertions(+), 478 deletions(-) diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index e855fd2..6c3e689 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h @@ -404,13 +404,13 @@ extern int xt_compat_match_offset(struct extern void xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr, int *size); extern int xt_compat_match_to_user(struct xt_entry_match *m, - void * __user *dstptr, int *size); + void __user **dstptr, int *size); extern int xt_compat_target_offset(struct xt_target *target); extern void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr, int *size); extern int xt_compat_target_to_user(struct xt_entry_target *t, - void * __user *dstptr, int *size); + void __user **dstptr, int *size); #endif /* CONFIG_COMPAT */ #endif /* __KERNEL__ */ diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c index d12b1df..ce77517 100644 --- a/net/ipv4/netfilter/arpt_mangle.c +++ b/net/ipv4/netfilter/arpt_mangle.c @@ -11,7 +11,7 @@ static unsigned int target(struct sk_buff **pskb, const struct net_device *in, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, void *priv_data) { const struct arpt_mangle *mangle = targinfo; struct arphdr *arp; @@ -66,8 +66,8 @@ target(struct sk_buff **pskb, } static int -checkentry(const char *tablename, const void *e, const struct xt_target *target, - void *targinfo, unsigned int hook_mask) +init(const char *tablename, const void *e, const struct xt_target *target, + void *targinfo, unsigned int hook_mask, void *priv_data) { const struct arpt_mangle *mangle = targinfo; @@ -85,7 +85,7 @@ static struct arpt_target arpt_mangle_re .name = "mangle", .target = target, .targetsize = sizeof(struct arpt_mangle), - .checkentry = checkentry, + .init = init, .me = THIS_MODULE, }; diff --git a/net/ipv4/netfilter/ip_nat_rule.c b/net/ipv4/netfilter/ip_nat_rule.c index 7b70383..4753724 100644 --- a/net/ipv4/netfilter/ip_nat_rule.c +++ b/net/ipv4/netfilter/ip_nat_rule.c @@ -100,7 +100,8 @@ static unsigned int ipt_snat_target(stru const struct net_device *out, unsigned int hooknum, const struct ipt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { struct ip_conntrack *ct; enum ip_conntrack_info ctinfo; @@ -142,7 +143,8 @@ static unsigned int ipt_dnat_target(stru const struct net_device *out, unsigned int hooknum, const struct ipt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { struct ip_conntrack *ct; enum ip_conntrack_info ctinfo; @@ -164,11 +166,12 @@ static unsigned int ipt_dnat_target(stru return ip_nat_setup_info(ct, &mr->range[0], hooknum); } -static int ipt_snat_checkentry(const char *tablename, - const void *entry, - const struct ipt_target *target, - void *targinfo, - unsigned int hook_mask) +static int ipt_snat_init(const char *tablename, + const void *entry, + const struct ipt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { struct ip_nat_multi_range_compat *mr = targinfo; @@ -180,11 +183,12 @@ static int ipt_snat_checkentry(const cha return 1; } -static int ipt_dnat_checkentry(const char *tablename, - const void *entry, - const struct ipt_target *target, - void *targinfo, - unsigned int hook_mask) +static int ipt_dnat_init(const char *tablename, + const void *entry, + const struct ipt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { struct ip_nat_multi_range_compat *mr = targinfo; @@ -263,7 +267,7 @@ static struct ipt_target ipt_snat_reg = .targetsize = sizeof(struct ip_nat_multi_range_compat), .table = "nat", .hooks = 1 << NF_IP_POST_ROUTING, - .checkentry = ipt_snat_checkentry, + .init = ipt_snat_init, }; static struct ipt_target ipt_dnat_reg = { @@ -272,7 +276,7 @@ static struct ipt_target ipt_dnat_reg = .targetsize = sizeof(struct ip_nat_multi_range_compat), .table = "nat", .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT), - .checkentry = ipt_dnat_checkentry, + .init = ipt_dnat_init, }; int __init ip_nat_rule_init(void) diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index d96f322..88feb21 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -1350,15 +1350,15 @@ struct compat_ipt_replace { }; static inline int compat_copy_match_to_user(struct ipt_entry_match *m, - void * __user *dstptr, compat_uint_t *size) + void __user **dstptr, compat_uint_t *size) { return xt_compat_match_to_user(m, dstptr, size); } static int compat_copy_entry_to_user(struct ipt_entry *e, - void * __user *dstptr, compat_uint_t *size) + void __user **dstptr, compat_uint_t *size) { - struct ipt_entry_target __user *t; + struct ipt_entry_target *t; struct compat_ipt_entry __user *ce; u_int16_t target_offset, next_offset; compat_uint_t origsize; diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c index 4158966..cf06bef 100644 --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c @@ -302,7 +302,8 @@ target(struct sk_buff **pskb, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { const struct ipt_clusterip_tgt_info *cipinfo = targinfo; enum ip_conntrack_info ctinfo; @@ -368,11 +369,12 @@ #endif } static int -checkentry(const char *tablename, - const void *e_void, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *e_void, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { struct ipt_clusterip_tgt_info *cipinfo = targinfo; const struct ipt_entry *e = e_void; @@ -448,7 +450,8 @@ checkentry(const char *tablename, } /* drop reference count of cluster config when rule is deleted */ -static void destroy(const struct xt_target *target, void *targinfo) +static void destroy(const struct xt_target *target, void *targinfo, + void *priv_data) { struct ipt_clusterip_tgt_info *cipinfo = targinfo; @@ -463,7 +466,7 @@ static struct ipt_target clusterip_tgt = .name = "CLUSTERIP", .target = target, .targetsize = sizeof(struct ipt_clusterip_tgt_info), - .checkentry = checkentry, + .init = init, .destroy = destroy, .me = THIS_MODULE }; diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index 23f9c7e..6a59955 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c @@ -85,7 +85,8 @@ target(struct sk_buff **pskb, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { const struct ipt_ECN_info *einfo = targinfo; @@ -102,11 +103,12 @@ target(struct sk_buff **pskb, } static int -checkentry(const char *tablename, - const void *e_void, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *e_void, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo; const struct ipt_entry *e = e_void; @@ -135,7 +137,7 @@ static struct ipt_target ipt_ecn_reg = { .target = target, .targetsize = sizeof(struct ipt_ECN_info), .table = "mangle", - .checkentry = checkentry, + .init = init, .me = THIS_MODULE, }; diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c index 7dc820d..4e9c05e 100644 --- a/net/ipv4/netfilter/ipt_LOG.c +++ b/net/ipv4/netfilter/ipt_LOG.c @@ -416,7 +416,8 @@ ipt_log_target(struct sk_buff **pskb, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { const struct ipt_log_info *loginfo = targinfo; struct nf_loginfo li; @@ -435,11 +436,12 @@ ipt_log_target(struct sk_buff **pskb, return IPT_CONTINUE; } -static int ipt_log_checkentry(const char *tablename, - const void *e, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +static int ipt_log_init(const char *tablename, + const void *e, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { const struct ipt_log_info *loginfo = targinfo; @@ -459,7 +461,7 @@ static struct ipt_target ipt_log_reg = { .name = "LOG", .target = ipt_log_target, .targetsize = sizeof(struct ipt_log_info), - .checkentry = ipt_log_checkentry, + .init = ipt_log_init, .me = THIS_MODULE, }; @@ -469,7 +471,7 @@ static struct nf_logger ipt_log_logger = .me = THIS_MODULE, }; -static int __init ipt_log_init(void) +static int __init ipt_log_module_init(void) { if (ipt_register_target(&ipt_log_reg)) return -EINVAL; @@ -483,11 +485,11 @@ static int __init ipt_log_init(void) return 0; } -static void __exit ipt_log_fini(void) +static void __exit ipt_log_module_fini(void) { nf_log_unregister_logger(&ipt_log_logger); ipt_unregister_target(&ipt_log_reg); } -module_init(ipt_log_init); -module_exit(ipt_log_fini); +module_init(ipt_log_module_init); +module_exit(ipt_log_module_fini); diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c index bc65168..0926e92 100644 --- a/net/ipv4/netfilter/ipt_MASQUERADE.c +++ b/net/ipv4/netfilter/ipt_MASQUERADE.c @@ -38,11 +38,12 @@ static DEFINE_RWLOCK(masq_lock); /* FIXME: Multiple targets. --RR */ static int -masquerade_check(const char *tablename, - const void *e, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +masquerade_init(const char *tablename, + const void *e, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { const struct ip_nat_multi_range_compat *mr = targinfo; @@ -63,7 +64,8 @@ masquerade_target(struct sk_buff **pskb, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { struct ip_conntrack *ct; enum ip_conntrack_info ctinfo; @@ -168,7 +170,7 @@ static struct ipt_target masquerade = { .targetsize = sizeof(struct ip_nat_multi_range_compat), .table = "nat", .hooks = 1 << NF_IP_POST_ROUTING, - .checkentry = masquerade_check, + .init = masquerade_init, .me = THIS_MODULE, }; diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c index beb2914..596be72 100644 --- a/net/ipv4/netfilter/ipt_NETMAP.c +++ b/net/ipv4/netfilter/ipt_NETMAP.c @@ -29,11 +29,12 @@ #define DEBUGP(format, args...) #endif static int -check(const char *tablename, - const void *e, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *e, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { const struct ip_nat_multi_range_compat *mr = targinfo; @@ -54,7 +55,8 @@ target(struct sk_buff **pskb, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { struct ip_conntrack *ct; enum ip_conntrack_info ctinfo; @@ -91,7 +93,7 @@ static struct ipt_target target_module = .table = "nat", .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING) | (1 << NF_IP_LOCAL_OUT), - .checkentry = check, + .init = init, .me = THIS_MODULE }; diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c index f03d436..c342d0d 100644 --- a/net/ipv4/netfilter/ipt_REDIRECT.c +++ b/net/ipv4/netfilter/ipt_REDIRECT.c @@ -32,11 +32,12 @@ #endif /* FIXME: Take multiple ranges --RR */ static int -redirect_check(const char *tablename, - const void *e, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +redirect_init(const char *tablename, + const void *e, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { const struct ip_nat_multi_range_compat *mr = targinfo; @@ -57,7 +58,8 @@ redirect_target(struct sk_buff **pskb, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { struct ip_conntrack *ct; enum ip_conntrack_info ctinfo; @@ -106,7 +108,7 @@ static struct ipt_target redirect_reg = .targetsize = sizeof(struct ip_nat_multi_range_compat), .table = "nat", .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT), - .checkentry = redirect_check, + .init = redirect_init, .me = THIS_MODULE, }; diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index b81821e..c7c6973 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c @@ -228,7 +228,8 @@ static unsigned int reject(struct sk_buf const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { const struct ipt_reject_info *reject = targinfo; @@ -272,11 +273,12 @@ static unsigned int reject(struct sk_buf return NF_DROP; } -static int check(const char *tablename, - const void *e_void, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +static int init(const char *tablename, + const void *e_void, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { const struct ipt_reject_info *rejinfo = targinfo; const struct ipt_entry *e = e_void; @@ -302,7 +304,7 @@ static struct ipt_target ipt_reject_reg .table = "filter", .hooks = (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT), - .checkentry = check, + .init = init, .me = THIS_MODULE, }; diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c index efbcb11..819d1ac 100644 --- a/net/ipv4/netfilter/ipt_SAME.c +++ b/net/ipv4/netfilter/ipt_SAME.c @@ -48,11 +48,12 @@ #define DEBUGP(format, args...) #endif static int -same_check(const char *tablename, - const void *e, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +same_init(const char *tablename, + const void *e, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { unsigned int count, countess, rangeip, index = 0; struct ipt_same_info *mr = targinfo; @@ -115,7 +116,7 @@ same_check(const char *tablename, } static void -same_destroy(const struct xt_target *target, void *targinfo) +same_destroy(const struct xt_target *target, void *targinfo, void *priv_data) { struct ipt_same_info *mr = targinfo; @@ -131,7 +132,8 @@ same_target(struct sk_buff **pskb, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { struct ip_conntrack *ct; enum ip_conntrack_info ctinfo; @@ -181,7 +183,7 @@ static struct ipt_target same_reg = { .targetsize = sizeof(struct ipt_same_info), .table = "nat", .hooks = (1 << NF_IP_PRE_ROUTING | 1 << NF_IP_POST_ROUTING), - .checkentry = same_check, + .init = same_init, .destroy = same_destroy, .me = THIS_MODULE, }; diff --git a/net/ipv4/netfilter/ipt_TCPMSS.c b/net/ipv4/netfilter/ipt_TCPMSS.c index 4246c43..f726a8b 100644 --- a/net/ipv4/netfilter/ipt_TCPMSS.c +++ b/net/ipv4/netfilter/ipt_TCPMSS.c @@ -37,7 +37,8 @@ ipt_tcpmss_target(struct sk_buff **pskb, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { const struct ipt_tcpmss_info *tcpmssinfo = targinfo; struct tcphdr *tcph; @@ -167,11 +168,12 @@ static inline int find_syn_match(const s /* Must specify -p tcp --syn/--tcp-flags SYN */ static int -ipt_tcpmss_checkentry(const char *tablename, - const void *e_void, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +ipt_tcpmss_init(const char *tablename, + const void *e_void, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { const struct ipt_tcpmss_info *tcpmssinfo = targinfo; const struct ipt_entry *e = e_void; @@ -196,19 +198,19 @@ static struct ipt_target ipt_tcpmss_reg .target = ipt_tcpmss_target, .targetsize = sizeof(struct ipt_tcpmss_info), .proto = IPPROTO_TCP, - .checkentry = ipt_tcpmss_checkentry, + .init = ipt_tcpmss_init, .me = THIS_MODULE, }; -static int __init ipt_tcpmss_init(void) +static int __init ipt_tcpmss_module_init(void) { return ipt_register_target(&ipt_tcpmss_reg); } -static void __exit ipt_tcpmss_fini(void) +static void __exit ipt_tcpmss_module_fini(void) { ipt_unregister_target(&ipt_tcpmss_reg); } -module_init(ipt_tcpmss_init); -module_exit(ipt_tcpmss_fini); +module_init(ipt_tcpmss_module_init); +module_exit(ipt_tcpmss_module_fini); diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c index 471a4c4..0fe2aae 100644 --- a/net/ipv4/netfilter/ipt_TOS.c +++ b/net/ipv4/netfilter/ipt_TOS.c @@ -26,7 +26,8 @@ target(struct sk_buff **pskb, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { const struct ipt_tos_target_info *tosinfo = targinfo; struct iphdr *iph = (*pskb)->nh.iph; @@ -45,11 +46,12 @@ target(struct sk_buff **pskb, } static int -checkentry(const char *tablename, - const void *e_void, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *e_void, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { const u_int8_t tos = ((struct ipt_tos_target_info *)targinfo)->tos; @@ -69,7 +71,7 @@ static struct ipt_target ipt_tos_reg = { .target = target, .targetsize = sizeof(struct ipt_tos_target_info), .table = "mangle", - .checkentry = checkentry, + .init = init, .me = THIS_MODULE, }; diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c index 96e79cc..d5200c2 100644 --- a/net/ipv4/netfilter/ipt_TTL.c +++ b/net/ipv4/netfilter/ipt_TTL.c @@ -23,7 +23,7 @@ static unsigned int ipt_ttl_target(struct sk_buff **pskb, const struct net_device *in, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, void *priv_data) { struct iphdr *iph; const struct ipt_TTL_info *info = targinfo; @@ -63,11 +63,12 @@ ipt_ttl_target(struct sk_buff **pskb, return IPT_CONTINUE; } -static int ipt_ttl_checkentry(const char *tablename, - const void *e, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +static int ipt_ttl_init(const char *tablename, + const void *e, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { struct ipt_TTL_info *info = targinfo; @@ -86,19 +87,19 @@ static struct ipt_target ipt_TTL = { .target = ipt_ttl_target, .targetsize = sizeof(struct ipt_TTL_info), .table = "mangle", - .checkentry = ipt_ttl_checkentry, + .init = ipt_ttl_init, .me = THIS_MODULE, }; -static int __init ipt_ttl_init(void) +static int __init ipt_ttl_module_init(void) { return ipt_register_target(&ipt_TTL); } -static void __exit ipt_ttl_fini(void) +static void __exit ipt_ttl_module_fini(void) { ipt_unregister_target(&ipt_TTL); } -module_init(ipt_ttl_init); -module_exit(ipt_ttl_fini); +module_init(ipt_ttl_module_init); +module_exit(ipt_ttl_module_fini); diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index 2b104ea..0bff5aa 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c @@ -308,7 +308,8 @@ static unsigned int ipt_ulog_target(stru const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; @@ -342,11 +343,12 @@ static void ipt_logfn(unsigned int pf, ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix); } -static int ipt_ulog_checkentry(const char *tablename, - const void *e, - const struct xt_target *target, - void *targinfo, - unsigned int hookmask) +static int ipt_ulog_init(const char *tablename, + const void *e, + const struct xt_target *target, + void *targinfo, + unsigned int hookmask, + void *priv_data) { struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; @@ -367,7 +369,7 @@ static struct ipt_target ipt_ulog_reg = .name = "ULOG", .target = ipt_ulog_target, .targetsize = sizeof(struct ipt_ulog_info), - .checkentry = ipt_ulog_checkentry, + .init = ipt_ulog_init, .me = THIS_MODULE, }; @@ -377,7 +379,7 @@ static struct nf_logger ipt_ulog_logger .me = THIS_MODULE, }; -static int __init ipt_ulog_init(void) +static int __init ipt_ulog_module_init(void) { int i; @@ -410,7 +412,7 @@ static int __init ipt_ulog_init(void) return 0; } -static void __exit ipt_ulog_fini(void) +static void __exit ipt_ulog_module_fini(void) { ulog_buff_t *ub; int i; @@ -438,5 +440,5 @@ static void __exit ipt_ulog_fini(void) } -module_init(ipt_ulog_init); -module_exit(ipt_ulog_fini); +module_init(ipt_ulog_module_init); +module_exit(ipt_ulog_module_fini); diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c index 893dae2..ec2b279 100644 --- a/net/ipv4/netfilter/ipt_addrtype.c +++ b/net/ipv4/netfilter/ipt_addrtype.c @@ -30,7 +30,8 @@ static inline int match_type(u_int32_t a static int match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const struct xt_match *match, const void *matchinfo, - int offset, unsigned int protoff, int *hotdrop) + int offset, unsigned int protoff, int *hotdrop, + void *priv_data) { const struct ipt_addrtype_info *info = matchinfo; const struct iphdr *iph = skb->nh.iph; diff --git a/net/ipv4/netfilter/ipt_ah.c b/net/ipv4/netfilter/ipt_ah.c index 1798f86..8d446d6 100644 --- a/net/ipv4/netfilter/ipt_ah.c +++ b/net/ipv4/netfilter/ipt_ah.c @@ -43,7 +43,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { struct ip_auth_hdr _ahdr, *ah; const struct ipt_ah *ahinfo = matchinfo; @@ -70,11 +71,12 @@ match(const struct sk_buff *skb, /* Called when user tries to insert an entry of this type. */ static int -checkentry(const char *tablename, - const void *ip_void, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *ip_void, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct ipt_ah *ahinfo = matchinfo; @@ -91,7 +93,7 @@ static struct ipt_match ah_match = { .match = match, .matchsize = sizeof(struct ipt_ah), .proto = IPPROTO_AH, - .checkentry = checkentry, + .init = init, .me = THIS_MODULE, }; diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c index dafbdec..d6ec37a 100644 --- a/net/ipv4/netfilter/ipt_ecn.c +++ b/net/ipv4/netfilter/ipt_ecn.c @@ -68,7 +68,8 @@ static inline int match_tcp(const struct static int match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const struct xt_match *match, const void *matchinfo, - int offset, unsigned int protoff, int *hotdrop) + int offset, unsigned int protoff, int *hotdrop, + void *priv_data) { const struct ipt_ecn_info *info = matchinfo; @@ -86,9 +87,9 @@ static int match(const struct sk_buff *s return 1; } -static int checkentry(const char *tablename, const void *ip_void, - const struct xt_match *match, - void *matchinfo, unsigned int hook_mask) +static int init(const char *tablename, const void *ip_void, + const struct xt_match *match, + void *matchinfo, unsigned int hook_mask, void *priv_data) { const struct ipt_ecn_info *info = matchinfo; const struct ipt_ip *ip = ip_void; @@ -113,7 +114,7 @@ static struct ipt_match ecn_match = { .name = "ecn", .match = match, .matchsize = sizeof(struct ipt_ecn_info), - .checkentry = checkentry, + .init = init, .me = THIS_MODULE, }; diff --git a/net/ipv4/netfilter/ipt_hashlimit.c b/net/ipv4/netfilter/ipt_hashlimit.c index 4f73a61..12acead 100644 --- a/net/ipv4/netfilter/ipt_hashlimit.c +++ b/net/ipv4/netfilter/ipt_hashlimit.c @@ -8,8 +8,8 @@ * Development of this code was funded by Astaro AG, http://www.astaro.com/ * * based on ipt_limit.c by: - * Jérôme de Vivie - * Hervé Eychenne + * J��e de Vivie + * Herv�Eychenne * Rusty Russell * * The general idea is to create a hash table for every dstip and have a @@ -389,7 +389,8 @@ hashlimit_match(const struct sk_buff *sk const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { struct ipt_hashlimit_info *r = ((struct ipt_hashlimit_info *)matchinfo)->u.master; @@ -474,11 +475,12 @@ hashlimit_match(const struct sk_buff *sk } static int -hashlimit_checkentry(const char *tablename, - const void *inf, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +hashlimit_init(const char *tablename, + const void *inf, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { struct ipt_hashlimit_info *r = matchinfo; @@ -528,7 +530,8 @@ hashlimit_checkentry(const char *tablena } static void -hashlimit_destroy(const struct xt_match *match, void *matchinfo) +hashlimit_destroy(const struct xt_match *match, void *matchinfo, + void *priv_data) { struct ipt_hashlimit_info *r = matchinfo; @@ -568,7 +571,7 @@ #ifdef CONFIG_COMPAT .compat_from_user = compat_from_user, .compat_to_user = compat_to_user, #endif - .checkentry = hashlimit_checkentry, + .init = hashlimit_init, .destroy = hashlimit_destroy, .me = THIS_MODULE }; diff --git a/net/ipv4/netfilter/ipt_owner.c b/net/ipv4/netfilter/ipt_owner.c index 78c336f..478451e 100644 --- a/net/ipv4/netfilter/ipt_owner.c +++ b/net/ipv4/netfilter/ipt_owner.c @@ -29,7 +29,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct ipt_owner_info *info = matchinfo; @@ -52,11 +53,12 @@ match(const struct sk_buff *skb, } static int -checkentry(const char *tablename, - const void *ip, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *ip, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct ipt_owner_info *info = matchinfo; @@ -73,7 +75,7 @@ static struct ipt_match owner_match = { .match = match, .matchsize = sizeof(struct ipt_owner_info), .hooks = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING), - .checkentry = checkentry, + .init = init, .me = THIS_MODULE, }; diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c index 32ae8d7..a54e0fe 100644 --- a/net/ipv4/netfilter/ipt_recent.c +++ b/net/ipv4/netfilter/ipt_recent.c @@ -173,7 +173,8 @@ static int ipt_recent_match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const struct xt_match *match, const void *matchinfo, - int offset, unsigned int protoff, int *hotdrop) + int offset, unsigned int protoff, int *hotdrop, + void *priv_data) { const struct ipt_recent_info *info = matchinfo; struct recent_table *t; @@ -236,9 +237,9 @@ out: } static int -ipt_recent_checkentry(const char *tablename, const void *ip, - const struct xt_match *match, void *matchinfo, - unsigned int hook_mask) +ipt_recent_init(const char *tablename, const void *ip, + const struct xt_match *match, void *matchinfo, + unsigned int hook_mask, void *priv_data) { const struct ipt_recent_info *info = matchinfo; struct recent_table *t; @@ -294,7 +295,8 @@ out: } static void -ipt_recent_destroy(const struct xt_match *match, void *matchinfo) +ipt_recent_destroy(const struct xt_match *match, void *matchinfo, + void *priv_data) { const struct ipt_recent_info *info = matchinfo; struct recent_table *t; @@ -467,12 +469,12 @@ static struct ipt_match recent_match = { .name = "recent", .match = ipt_recent_match, .matchsize = sizeof(struct ipt_recent_info), - .checkentry = ipt_recent_checkentry, + .init = ipt_recent_init, .destroy = ipt_recent_destroy, .me = THIS_MODULE, }; -static int __init ipt_recent_init(void) +static int __init ipt_recent_module_init(void) { int err; @@ -493,7 +495,7 @@ #endif return err; } -static void __exit ipt_recent_exit(void) +static void __exit ipt_recent_module_exit(void) { BUG_ON(!list_empty(&tables)); ipt_unregister_match(&recent_match); @@ -502,5 +504,5 @@ #ifdef CONFIG_PROC_FS #endif } -module_init(ipt_recent_init); -module_exit(ipt_recent_exit); +module_init(ipt_recent_module_init); +module_exit(ipt_recent_module_exit); diff --git a/net/ipv4/netfilter/ipt_tos.c b/net/ipv4/netfilter/ipt_tos.c index 5549c39..c47e50f 100644 --- a/net/ipv4/netfilter/ipt_tos.c +++ b/net/ipv4/netfilter/ipt_tos.c @@ -25,7 +25,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct ipt_tos_info *info = matchinfo; diff --git a/net/ipv4/netfilter/ipt_ttl.c b/net/ipv4/netfilter/ipt_ttl.c index a5243bd..d02a87b 100644 --- a/net/ipv4/netfilter/ipt_ttl.c +++ b/net/ipv4/netfilter/ipt_ttl.c @@ -22,7 +22,8 @@ MODULE_LICENSE("GPL"); static int match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const struct xt_match *match, const void *matchinfo, - int offset, unsigned int protoff, int *hotdrop) + int offset, unsigned int protoff, int *hotdrop, + void *priv_data) { const struct ipt_ttl_info *info = matchinfo; diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c index 435750f..878ac35 100644 --- a/net/ipv6/netfilter/ip6t_HL.c +++ b/net/ipv6/netfilter/ip6t_HL.c @@ -22,7 +22,8 @@ static unsigned int ip6t_hl_target(struc const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { struct ipv6hdr *ip6h; const struct ip6t_HL_info *info = targinfo; @@ -58,11 +59,12 @@ static unsigned int ip6t_hl_target(struc return IP6T_CONTINUE; } -static int ip6t_hl_checkentry(const char *tablename, - const void *entry, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +static int ip6t_hl_init(const char *tablename, + const void *entry, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { struct ip6t_HL_info *info = targinfo; @@ -84,19 +86,19 @@ static struct ip6t_target ip6t_HL = { .target = ip6t_hl_target, .targetsize = sizeof(struct ip6t_HL_info), .table = "mangle", - .checkentry = ip6t_hl_checkentry, + .init = ip6t_hl_init, .me = THIS_MODULE }; -static int __init ip6t_hl_init(void) +static int __init ip6t_hl_module_init(void) { return ip6t_register_target(&ip6t_HL); } -static void __exit ip6t_hl_fini(void) +static void __exit ip6t_hl_module_fini(void) { ip6t_unregister_target(&ip6t_HL); } -module_init(ip6t_hl_init); -module_exit(ip6t_hl_fini); +module_init(ip6t_hl_module_init); +module_exit(ip6t_hl_module_fini); diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c index 0cf537d..7f42293 100644 --- a/net/ipv6/netfilter/ip6t_LOG.c +++ b/net/ipv6/netfilter/ip6t_LOG.c @@ -427,7 +427,8 @@ ip6t_log_target(struct sk_buff **pskb, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { const struct ip6t_log_info *loginfo = targinfo; struct nf_loginfo li; @@ -447,11 +448,12 @@ ip6t_log_target(struct sk_buff **pskb, } -static int ip6t_log_checkentry(const char *tablename, - const void *entry, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +static int ip6t_log_init(const char *tablename, + const void *entry, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { const struct ip6t_log_info *loginfo = targinfo; @@ -471,7 +473,7 @@ static struct ip6t_target ip6t_log_reg = .name = "LOG", .target = ip6t_log_target, .targetsize = sizeof(struct ip6t_log_info), - .checkentry = ip6t_log_checkentry, + .init = ip6t_log_init, .me = THIS_MODULE, }; @@ -481,7 +483,7 @@ static struct nf_logger ip6t_logger = { .me = THIS_MODULE, }; -static int __init ip6t_log_init(void) +static int __init ip6t_log_module_init(void) { if (ip6t_register_target(&ip6t_log_reg)) return -EINVAL; @@ -495,11 +497,11 @@ static int __init ip6t_log_init(void) return 0; } -static void __exit ip6t_log_fini(void) +static void __exit ip6t_log_module_fini(void) { nf_log_unregister_logger(&ip6t_logger); ip6t_unregister_target(&ip6t_log_reg); } -module_init(ip6t_log_init); -module_exit(ip6t_log_fini); +module_init(ip6t_log_module_init); +module_exit(ip6t_log_module_fini); diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index 311eae8..4ea5a3d 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c @@ -176,11 +176,12 @@ send_unreach(struct sk_buff *skb_in, uns } static unsigned int reject6_target(struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - unsigned int hooknum, - const struct xt_target *target, - const void *targinfo) + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const struct xt_target *target, + const void *targinfo, + void *priv_data) { const struct ip6t_reject_info *reject = targinfo; @@ -219,11 +220,12 @@ static unsigned int reject6_target(struc return NF_DROP; } -static int check(const char *tablename, - const void *entry, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +static int init(const char *tablename, + const void *entry, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { const struct ip6t_reject_info *rejinfo = targinfo; const struct ip6t_entry *e = entry; @@ -249,7 +251,7 @@ static struct ip6t_target ip6t_reject_re .table = "filter", .hooks = (1 << NF_IP6_LOCAL_IN) | (1 << NF_IP6_FORWARD) | (1 << NF_IP6_LOCAL_OUT), - .checkentry = check, + .init = init, .me = THIS_MODULE }; diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c index ec1b160..9f10fc4 100644 --- a/net/ipv6/netfilter/ip6t_ah.c +++ b/net/ipv6/netfilter/ip6t_ah.c @@ -48,7 +48,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { struct ip_auth_hdr *ah, _ah; const struct ip6t_ah *ahinfo = matchinfo; @@ -98,11 +99,12 @@ match(const struct sk_buff *skb, /* Called when user tries to insert an entry of this type. */ static int -checkentry(const char *tablename, - const void *entry, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *entry, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct ip6t_ah *ahinfo = matchinfo; @@ -117,7 +119,7 @@ static struct ip6t_match ah_match = { .name = "ah", .match = match, .matchsize = sizeof(struct ip6t_ah), - .checkentry = checkentry, + .init = init, .me = THIS_MODULE, }; diff --git a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c index 4f6b84c..3d72a98 100644 --- a/net/ipv6/netfilter/ip6t_eui64.c +++ b/net/ipv6/netfilter/ip6t_eui64.c @@ -26,7 +26,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { unsigned char eui64[8]; int i = 0; diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c index 78d9c8b..be9aa65 100644 --- a/net/ipv6/netfilter/ip6t_frag.c +++ b/net/ipv6/netfilter/ip6t_frag.c @@ -47,7 +47,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { struct frag_hdr _frag, *fh; const struct ip6t_frag *fraginfo = matchinfo; @@ -115,11 +116,12 @@ match(const struct sk_buff *skb, /* Called when user tries to insert an entry of this type. */ static int -checkentry(const char *tablename, - const void *ip, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *ip, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct ip6t_frag *fraginfo = matchinfo; @@ -134,7 +136,7 @@ static struct ip6t_match frag_match = { .name = "frag", .match = match, .matchsize = sizeof(struct ip6t_frag), - .checkentry = checkentry, + .init = init, .me = THIS_MODULE, }; diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c index d32a205..59fa6e2 100644 --- a/net/ipv6/netfilter/ip6t_hbh.c +++ b/net/ipv6/netfilter/ip6t_hbh.c @@ -54,7 +54,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { struct ipv6_opt_hdr _optsh, *oh; const struct ip6t_opts *optinfo = matchinfo; @@ -169,11 +170,12 @@ match(const struct sk_buff *skb, /* Called when user tries to insert an entry of this type. */ static int -checkentry(const char *tablename, - const void *entry, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *entry, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct ip6t_opts *optsinfo = matchinfo; @@ -190,7 +192,7 @@ static struct xt_match opts_match[] = { .family = AF_INET6, .match = match, .matchsize = sizeof(struct ip6t_opts), - .checkentry = checkentry, + .init = init, .me = THIS_MODULE, .data = NEXTHDR_HOP, }, @@ -199,7 +201,7 @@ static struct xt_match opts_match[] = { .family = AF_INET6, .match = match, .matchsize = sizeof(struct ip6t_opts), - .checkentry = checkentry, + .init = init, .me = THIS_MODULE, .data = NEXTHDR_DEST, }, diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c index 3093c39..0e224ac 100644 --- a/net/ipv6/netfilter/ip6t_ipv6header.c +++ b/net/ipv6/netfilter/ip6t_ipv6header.c @@ -33,7 +33,8 @@ ipv6header_match(const struct sk_buff *s const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct ip6t_ipv6header_info *info = matchinfo; unsigned int temp; @@ -124,11 +125,12 @@ ipv6header_match(const struct sk_buff *s } static int -ipv6header_checkentry(const char *tablename, - const void *ip, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +ipv6header_init(const char *tablename, + const void *ip, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct ip6t_ipv6header_info *info = matchinfo; @@ -144,20 +146,20 @@ static struct ip6t_match ip6t_ipv6header .name = "ipv6header", .match = &ipv6header_match, .matchsize = sizeof(struct ip6t_ipv6header_info), - .checkentry = &ipv6header_checkentry, + .init = &ipv6header_init, .destroy = NULL, .me = THIS_MODULE, }; -static int __init ipv6header_init(void) +static int __init ipv6header_module_init(void) { return ip6t_register_match(&ip6t_ipv6header_match); } -static void __exit ipv6header_exit(void) +static void __exit ipv6header_module_exit(void) { ip6t_unregister_match(&ip6t_ipv6header_match); } -module_init(ipv6header_init); -module_exit(ipv6header_exit); +module_init(ipv6header_module_init); +module_exit(ipv6header_module_exit); diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c index 4eb9bbc..97ad7e7 100644 --- a/net/ipv6/netfilter/ip6t_owner.c +++ b/net/ipv6/netfilter/ip6t_owner.c @@ -30,7 +30,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct ip6t_owner_info *info = matchinfo; @@ -53,11 +54,12 @@ match(const struct sk_buff *skb, } static int -checkentry(const char *tablename, - const void *ip, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *ip, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct ip6t_owner_info *info = matchinfo; @@ -74,7 +76,7 @@ static struct ip6t_match owner_match = { .match = match, .matchsize = sizeof(struct ip6t_owner_info), .hooks = (1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING), - .checkentry = checkentry, + .init = init, .me = THIS_MODULE, }; diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c index bcb2e16..572ac50 100644 --- a/net/ipv6/netfilter/ip6t_rt.c +++ b/net/ipv6/netfilter/ip6t_rt.c @@ -49,7 +49,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { struct ipv6_rt_hdr _route, *rh; const struct ip6t_rt *rtinfo = matchinfo; @@ -193,11 +194,12 @@ match(const struct sk_buff *skb, /* Called when user tries to insert an entry of this type. */ static int -checkentry(const char *tablename, - const void *entry, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *entry, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct ip6t_rt *rtinfo = matchinfo; @@ -220,7 +222,7 @@ static struct ip6t_match rt_match = { .name = "rt", .match = match, .matchsize = sizeof(struct ip6t_rt), - .checkentry = checkentry, + .init = init, .me = THIS_MODULE, }; diff --git a/net/netfilter/xt_CLASSIFY.c b/net/netfilter/xt_CLASSIFY.c index 50de965..501a5a8 100644 --- a/net/netfilter/xt_CLASSIFY.c +++ b/net/netfilter/xt_CLASSIFY.c @@ -29,7 +29,8 @@ target(struct sk_buff **pskb, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { const struct xt_classify_target_info *clinfo = targinfo; diff --git a/net/netfilter/xt_CONNMARK.c b/net/netfilter/xt_CONNMARK.c index c01524f..7a73bd0 100644 --- a/net/netfilter/xt_CONNMARK.c +++ b/net/netfilter/xt_CONNMARK.c @@ -38,7 +38,8 @@ target(struct sk_buff **pskb, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { const struct xt_connmark_target_info *markinfo = targinfo; u_int32_t diff; @@ -85,11 +86,12 @@ #endif } static int -checkentry(const char *tablename, - const void *entry, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *entry, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { struct xt_connmark_target_info *matchinfo = targinfo; @@ -143,7 +145,7 @@ static struct xt_target xt_connmark_targ { .name = "CONNMARK", .family = AF_INET, - .checkentry = checkentry, + .init = init, .target = target, .targetsize = sizeof(struct xt_connmark_target_info), #ifdef CONFIG_COMPAT @@ -156,7 +158,7 @@ #endif { .name = "CONNMARK", .family = AF_INET6, - .checkentry = checkentry, + .init = init, .target = target, .targetsize = sizeof(struct xt_connmark_target_info), .me = THIS_MODULE diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c index a7cc75a..c15ef6f 100644 --- a/net/netfilter/xt_DSCP.c +++ b/net/netfilter/xt_DSCP.c @@ -32,7 +32,8 @@ static unsigned int target(struct sk_buf const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { const struct xt_DSCP_info *dinfo = targinfo; u_int8_t dscp = ipv4_get_dsfield((*pskb)->nh.iph) >> XT_DSCP_SHIFT; @@ -53,7 +54,8 @@ static unsigned int target6(struct sk_bu const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { const struct xt_DSCP_info *dinfo = targinfo; u_int8_t dscp = ipv6_get_dsfield((*pskb)->nh.ipv6h) >> XT_DSCP_SHIFT; @@ -68,11 +70,12 @@ static unsigned int target6(struct sk_bu return XT_CONTINUE; } -static int checkentry(const char *tablename, - const void *e_void, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +static int init(const char *tablename, + const void *e_void, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp; @@ -87,7 +90,7 @@ static struct xt_target xt_dscp_target[] { .name = "DSCP", .family = AF_INET, - .checkentry = checkentry, + .init = init, .target = target, .targetsize = sizeof(struct xt_DSCP_info), .table = "mangle", @@ -96,7 +99,7 @@ static struct xt_target xt_dscp_target[] { .name = "DSCP", .family = AF_INET6, - .checkentry = checkentry, + .init = init, .target = target6, .targetsize = sizeof(struct xt_DSCP_info), .table = "mangle", diff --git a/net/netfilter/xt_MARK.c b/net/netfilter/xt_MARK.c index c6e860a..962814a 100644 --- a/net/netfilter/xt_MARK.c +++ b/net/netfilter/xt_MARK.c @@ -27,7 +27,8 @@ target_v0(struct sk_buff **pskb, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { const struct xt_mark_target_info *markinfo = targinfo; @@ -43,7 +44,8 @@ target_v1(struct sk_buff **pskb, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { const struct xt_mark_target_info_v1 *markinfo = targinfo; int mark = 0; @@ -70,11 +72,12 @@ target_v1(struct sk_buff **pskb, static int -checkentry_v0(const char *tablename, - const void *entry, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +init_v0(const char *tablename, + const void *entry, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { struct xt_mark_target_info *markinfo = targinfo; @@ -86,11 +89,12 @@ checkentry_v0(const char *tablename, } static int -checkentry_v1(const char *tablename, - const void *entry, - const struct xt_target *target, - void *targinfo, - unsigned int hook_mask) +init_v1(const char *tablename, + const void *entry, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask, + void *priv_data) { struct xt_mark_target_info_v1 *markinfo = targinfo; @@ -142,7 +146,7 @@ static struct xt_target xt_mark_target[] .name = "MARK", .family = AF_INET, .revision = 0, - .checkentry = checkentry_v0, + .init = init_v0, .target = target_v0, .targetsize = sizeof(struct xt_mark_target_info), .table = "mangle", @@ -152,7 +156,7 @@ static struct xt_target xt_mark_target[] .name = "MARK", .family = AF_INET, .revision = 1, - .checkentry = checkentry_v1, + .init = init_v1, .target = target_v1, .targetsize = sizeof(struct xt_mark_target_info_v1), #ifdef CONFIG_COMPAT @@ -167,7 +171,7 @@ #endif .name = "MARK", .family = AF_INET6, .revision = 0, - .checkentry = checkentry_v0, + .init = init_v0, .target = target_v0, .targetsize = sizeof(struct xt_mark_target_info), .table = "mangle", diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c index db9b896..e797fac 100644 --- a/net/netfilter/xt_NFQUEUE.c +++ b/net/netfilter/xt_NFQUEUE.c @@ -29,7 +29,8 @@ target(struct sk_buff **pskb, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { const struct xt_NFQ_info *tinfo = targinfo; diff --git a/net/netfilter/xt_NOTRACK.c b/net/netfilter/xt_NOTRACK.c index 6d00dca..deaf86c 100644 --- a/net/netfilter/xt_NOTRACK.c +++ b/net/netfilter/xt_NOTRACK.c @@ -16,7 +16,8 @@ target(struct sk_buff **pskb, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, + void *priv_data) { /* Previously seen (loopback)? Ignore. */ if ((*pskb)->nfct != NULL) diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c index add7521..b6cf8e6 100644 --- a/net/netfilter/xt_SECMARK.c +++ b/net/netfilter/xt_SECMARK.c @@ -31,7 +31,7 @@ static u8 mode; static unsigned int target(struct sk_buff **pskb, const struct net_device *in, const struct net_device *out, unsigned int hooknum, const struct xt_target *target, - const void *targinfo) + const void *targinfo, void *priv_data) { u32 secmark = 0; const struct xt_secmark_target_info *info = targinfo; @@ -83,9 +83,9 @@ static int checkentry_selinux(struct xt_ return 1; } -static int checkentry(const char *tablename, const void *entry, - const struct xt_target *target, void *targinfo, - unsigned int hook_mask) +static int init(const char *tablename, const void *entry, + const struct xt_target *target, void *targinfo, + unsigned int hook_mask, void *priv_data) { struct xt_secmark_target_info *info = targinfo; @@ -115,7 +115,7 @@ static struct xt_target xt_secmark_targe { .name = "SECMARK", .family = AF_INET, - .checkentry = checkentry, + .init = init, .target = target, .targetsize = sizeof(struct xt_secmark_target_info), .table = "mangle", @@ -124,7 +124,7 @@ static struct xt_target xt_secmark_targe { .name = "SECMARK", .family = AF_INET6, - .checkentry = checkentry, + .init = init, .target = target, .targetsize = sizeof(struct xt_secmark_target_info), .table = "mangle", diff --git a/net/netfilter/xt_comment.c b/net/netfilter/xt_comment.c index 7db492d..67e7023 100644 --- a/net/netfilter/xt_comment.c +++ b/net/netfilter/xt_comment.c @@ -23,7 +23,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protooff, - int *hotdrop) + int *hotdrop, + void *priv_data) { /* We always match */ return 1; diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c index dcc497e..db4f236 100644 --- a/net/netfilter/xt_connbytes.c +++ b/net/netfilter/xt_connbytes.c @@ -48,7 +48,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_connbytes_info *sinfo = matchinfo; u_int64_t what = 0; /* initialize to make gcc happy */ @@ -121,11 +122,12 @@ match(const struct sk_buff *skb, return (what >= sinfo->count.from); } -static int check(const char *tablename, - const void *ip, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +static int init(const char *tablename, + const void *ip, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct xt_connbytes_info *sinfo = matchinfo; @@ -146,7 +148,7 @@ static struct xt_match xt_connbytes_matc { .name = "connbytes", .family = AF_INET, - .checkentry = check, + .init = init, .match = match, .matchsize = sizeof(struct xt_connbytes_info), .me = THIS_MODULE @@ -154,7 +156,7 @@ static struct xt_match xt_connbytes_matc { .name = "connbytes", .family = AF_INET6, - .checkentry = check, + .init = init, .match = match, .matchsize = sizeof(struct xt_connbytes_info), .me = THIS_MODULE diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c index 92a5726..b4cce05 100644 --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c @@ -39,7 +39,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_connmark_info *info = matchinfo; u_int32_t ctinfo; @@ -51,11 +52,12 @@ match(const struct sk_buff *skb, } static int -checkentry(const char *tablename, - const void *ip, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *ip, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { struct xt_connmark_info *cm = matchinfo; @@ -74,7 +76,7 @@ #endif } static void -destroy(const struct xt_match *match, void *matchinfo) +destroy(const struct xt_match *match, void *matchinfo, void *priv_data) { #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) nf_ct_l3proto_module_put(match->family); @@ -116,7 +118,7 @@ static struct xt_match xt_connmark_match { .name = "connmark", .family = AF_INET, - .checkentry = checkentry, + .init = init, .match = match, .destroy = destroy, .matchsize = sizeof(struct xt_connmark_info), @@ -130,7 +132,7 @@ #endif { .name = "connmark", .family = AF_INET6, - .checkentry = checkentry, + .init = init, .match = match, .destroy = destroy, .matchsize = sizeof(struct xt_connmark_info), diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index 0ea501a..72941f9 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c @@ -36,7 +36,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_conntrack_info *sinfo = matchinfo; struct ip_conntrack *ct; @@ -132,7 +133,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_conntrack_info *sinfo = matchinfo; struct nf_conn *ct; @@ -222,11 +224,12 @@ #define FWINV(bool,invflg) ((bool) ^ !!( #endif /* CONFIG_NF_IP_CONNTRACK */ static int -checkentry(const char *tablename, - const void *ip, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *ip, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) if (nf_ct_l3proto_try_module_get(match->family) < 0) { @@ -238,7 +241,8 @@ #endif return 1; } -static void destroy(const struct xt_match *match, void *matchinfo) +static void destroy(const struct xt_match *match, void *matchinfo, + void *priv_data) { #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) nf_ct_l3proto_module_put(match->family); @@ -248,7 +252,7 @@ #endif static struct xt_match conntrack_match = { .name = "conntrack", .match = match, - .checkentry = checkentry, + .init = init, .destroy = destroy, .matchsize = sizeof(struct xt_conntrack_info), .family = AF_INET, diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c index 3e6cf43..c77fd93 100644 --- a/net/netfilter/xt_dccp.c +++ b/net/netfilter/xt_dccp.c @@ -99,7 +99,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_dccp_info *info = matchinfo; struct dccp_hdr _dh, *dh; @@ -127,11 +128,12 @@ match(const struct sk_buff *skb, } static int -checkentry(const char *tablename, - const void *inf, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *inf, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct xt_dccp_info *info = matchinfo; @@ -144,7 +146,7 @@ static struct xt_match xt_dccp_match[] = { .name = "dccp", .family = AF_INET, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_dccp_info), .proto = IPPROTO_DCCP, @@ -153,7 +155,7 @@ static struct xt_match xt_dccp_match[] = { .name = "dccp", .family = AF_INET6, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_dccp_info), .proto = IPPROTO_DCCP, diff --git a/net/netfilter/xt_dscp.c b/net/netfilter/xt_dscp.c index 26c7f4a..b7935bf 100644 --- a/net/netfilter/xt_dscp.c +++ b/net/netfilter/xt_dscp.c @@ -31,7 +31,8 @@ static int match(const struct sk_buff *s const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_dscp_info *info = matchinfo; u_int8_t dscp = ipv4_get_dsfield(skb->nh.iph) >> XT_DSCP_SHIFT; @@ -46,7 +47,8 @@ static int match6(const struct sk_buff * const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_dscp_info *info = matchinfo; u_int8_t dscp = ipv6_get_dsfield(skb->nh.ipv6h) >> XT_DSCP_SHIFT; @@ -54,11 +56,12 @@ static int match6(const struct sk_buff * return (dscp == info->dscp) ^ !!info->invert; } -static int checkentry(const char *tablename, - const void *info, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +static int init(const char *tablename, + const void *info, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const u_int8_t dscp = ((struct xt_dscp_info *)matchinfo)->dscp; @@ -74,7 +77,7 @@ static struct xt_match xt_dscp_match[] = { .name = "dscp", .family = AF_INET, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_dscp_info), .me = THIS_MODULE, @@ -82,7 +85,7 @@ static struct xt_match xt_dscp_match[] = { .name = "dscp", .family = AF_INET6, - .checkentry = checkentry, + .init = init, .match = match6, .matchsize = sizeof(struct xt_dscp_info), .me = THIS_MODULE, diff --git a/net/netfilter/xt_esp.c b/net/netfilter/xt_esp.c index 7c95f14..43f7771 100644 --- a/net/netfilter/xt_esp.c +++ b/net/netfilter/xt_esp.c @@ -50,7 +50,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { struct ip_esp_hdr _esp, *eh; const struct xt_esp *espinfo = matchinfo; @@ -75,11 +76,12 @@ match(const struct sk_buff *skb, /* Called when user tries to insert an entry of this type. */ static int -checkentry(const char *tablename, - const void *ip_void, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *ip_void, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct xt_esp *espinfo = matchinfo; @@ -95,7 +97,7 @@ static struct xt_match xt_esp_match[] = { .name = "esp", .family = AF_INET, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_esp), .proto = IPPROTO_ESP, @@ -104,7 +106,7 @@ static struct xt_match xt_esp_match[] = { .name = "esp", .family = AF_INET6, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_esp), .proto = IPPROTO_ESP, diff --git a/net/netfilter/xt_helper.c b/net/netfilter/xt_helper.c index 5d7818b..f4f5af3 100644 --- a/net/netfilter/xt_helper.c +++ b/net/netfilter/xt_helper.c @@ -46,7 +46,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_helper_info *info = matchinfo; struct ip_conntrack *ct; @@ -94,7 +95,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_helper_info *info = matchinfo; struct nf_conn *ct; @@ -135,11 +137,12 @@ out_unlock: } #endif -static int check(const char *tablename, - const void *inf, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +static int init(const char *tablename, + const void *inf, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { struct xt_helper_info *info = matchinfo; @@ -155,7 +158,7 @@ #endif } static void -destroy(const struct xt_match *match, void *matchinfo) +destroy(const struct xt_match *match, void *matchinfo, void *priv_data) { #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) nf_ct_l3proto_module_put(match->family); @@ -166,7 +169,7 @@ static struct xt_match xt_helper_match[] { .name = "helper", .family = AF_INET, - .checkentry = check, + .init = init, .match = match, .destroy = destroy, .matchsize = sizeof(struct xt_helper_info), @@ -175,7 +178,7 @@ static struct xt_match xt_helper_match[] { .name = "helper", .family = AF_INET6, - .checkentry = check, + .init = init, .match = match, .destroy = destroy, .matchsize = sizeof(struct xt_helper_info), diff --git a/net/netfilter/xt_length.c b/net/netfilter/xt_length.c index 67fd30d..3f41f45 100644 --- a/net/netfilter/xt_length.c +++ b/net/netfilter/xt_length.c @@ -28,7 +28,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_length_info *info = matchinfo; u_int16_t pktlen = ntohs(skb->nh.iph->tot_len); @@ -44,7 +45,8 @@ match6(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_length_info *info = matchinfo; u_int16_t pktlen = ntohs(skb->nh.ipv6h->payload_len) + sizeof(struct ipv6hdr); diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c index fda7b7d..3b544c9 100644 --- a/net/netfilter/xt_limit.c +++ b/net/netfilter/xt_limit.c @@ -5,8 +5,8 @@ * Alexey is a fucking genius? * Rusty Russell (rusty@rustcorp.com.au). */ -/* (C) 1999 Jérôme de Vivie - * (C) 1999 Hervé Eychenne +/* (C) 1999 J��e de Vivie + * (C) 1999 Herv�Eychenne * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -72,7 +72,8 @@ ipt_limit_match(const struct sk_buff *sk const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { struct xt_rateinfo *r = ((struct xt_rateinfo *)matchinfo)->master; unsigned long now = jiffies; @@ -106,11 +107,12 @@ user2credits(u_int32_t user) } static int -ipt_limit_checkentry(const char *tablename, - const void *inf, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +ipt_limit_init(const char *tablename, + const void *inf, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { struct xt_rateinfo *r = matchinfo; @@ -183,7 +185,7 @@ static struct xt_match xt_limit_match[] { .name = "limit", .family = AF_INET, - .checkentry = ipt_limit_checkentry, + .init = ipt_limit_init, .match = ipt_limit_match, .matchsize = sizeof(struct xt_rateinfo), #ifdef CONFIG_COMPAT @@ -196,7 +198,7 @@ #endif { .name = "limit", .family = AF_INET6, - .checkentry = ipt_limit_checkentry, + .init = ipt_limit_init, .match = ipt_limit_match, .matchsize = sizeof(struct xt_rateinfo), .me = THIS_MODULE, diff --git a/net/netfilter/xt_mac.c b/net/netfilter/xt_mac.c index 425fc21..fadff66 100644 --- a/net/netfilter/xt_mac.c +++ b/net/netfilter/xt_mac.c @@ -31,7 +31,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_mac_info *info = matchinfo; diff --git a/net/netfilter/xt_mark.c b/net/netfilter/xt_mark.c index 934dddf..a70c12c 100644 --- a/net/netfilter/xt_mark.c +++ b/net/netfilter/xt_mark.c @@ -27,7 +27,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_mark_info *info = matchinfo; @@ -35,11 +36,12 @@ match(const struct sk_buff *skb, } static int -checkentry(const char *tablename, - const void *entry, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *entry, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct xt_mark_info *minfo = matchinfo; @@ -85,7 +87,7 @@ static struct xt_match xt_mark_match[] = { .name = "mark", .family = AF_INET, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_mark_info), #ifdef CONFIG_COMPAT @@ -98,7 +100,7 @@ #endif { .name = "mark", .family = AF_INET6, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_mark_info), .me = THIS_MODULE, diff --git a/net/netfilter/xt_multiport.c b/net/netfilter/xt_multiport.c index d3aefd3..aedd1e0 100644 --- a/net/netfilter/xt_multiport.c +++ b/net/netfilter/xt_multiport.c @@ -102,7 +102,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { u16 _ports[2], *pptr; const struct xt_multiport *multiinfo = matchinfo; @@ -133,7 +134,8 @@ match_v1(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { u16 _ports[2], *pptr; const struct xt_multiport_v1 *multiinfo = matchinfo; @@ -172,11 +174,12 @@ check(u_int16_t proto, /* Called when user tries to insert an entry of this type. */ static int -checkentry(const char *tablename, - const void *info, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *info, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct ipt_ip *ip = info; const struct xt_multiport *multiinfo = matchinfo; @@ -186,11 +189,12 @@ checkentry(const char *tablename, } static int -checkentry_v1(const char *tablename, - const void *info, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init_v1(const char *tablename, + const void *info, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct ipt_ip *ip = info; const struct xt_multiport_v1 *multiinfo = matchinfo; @@ -200,11 +204,12 @@ checkentry_v1(const char *tablename, } static int -checkentry6(const char *tablename, - const void *info, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init6(const char *tablename, + const void *info, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct ip6t_ip6 *ip = info; const struct xt_multiport *multiinfo = matchinfo; @@ -214,11 +219,12 @@ checkentry6(const char *tablename, } static int -checkentry6_v1(const char *tablename, - const void *info, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init6_v1(const char *tablename, + const void *info, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct ip6t_ip6 *ip = info; const struct xt_multiport_v1 *multiinfo = matchinfo; @@ -232,7 +238,7 @@ static struct xt_match xt_multiport_matc .name = "multiport", .family = AF_INET, .revision = 0, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_multiport), .me = THIS_MODULE, @@ -241,7 +247,7 @@ static struct xt_match xt_multiport_matc .name = "multiport", .family = AF_INET, .revision = 1, - .checkentry = checkentry_v1, + .init = init_v1, .match = match_v1, .matchsize = sizeof(struct xt_multiport_v1), .me = THIS_MODULE, @@ -250,7 +256,7 @@ static struct xt_match xt_multiport_matc .name = "multiport", .family = AF_INET6, .revision = 0, - .checkentry = checkentry6, + .init = init6, .match = match, .matchsize = sizeof(struct xt_multiport), .me = THIS_MODULE, @@ -259,7 +265,7 @@ static struct xt_match xt_multiport_matc .name = "multiport", .family = AF_INET6, .revision = 1, - .checkentry = checkentry6_v1, + .init = init6_v1, .match = match_v1, .matchsize = sizeof(struct xt_multiport_v1), .me = THIS_MODULE, diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c index fd8f954..7893938 100644 --- a/net/netfilter/xt_physdev.c +++ b/net/netfilter/xt_physdev.c @@ -31,7 +31,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { int i; static const char nulldevname[IFNAMSIZ]; @@ -102,11 +103,12 @@ match_outdev: } static int -checkentry(const char *tablename, - const void *ip, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *ip, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct xt_physdev_info *info = matchinfo; @@ -135,7 +137,7 @@ static struct xt_match xt_physdev_match[ { .name = "physdev", .family = AF_INET, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_physdev_info), .me = THIS_MODULE, @@ -143,7 +145,7 @@ static struct xt_match xt_physdev_match[ { .name = "physdev", .family = AF_INET6, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_physdev_info), .me = THIS_MODULE, diff --git a/net/netfilter/xt_pkttype.c b/net/netfilter/xt_pkttype.c index 16e7b08..efe454c 100644 --- a/net/netfilter/xt_pkttype.c +++ b/net/netfilter/xt_pkttype.c @@ -28,7 +28,8 @@ static int match(const struct sk_buff *s const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { u_int8_t type; const struct xt_pkttype_info *info = matchinfo; diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c index 46bde2b..1540879 100644 --- a/net/netfilter/xt_policy.c +++ b/net/netfilter/xt_policy.c @@ -115,7 +115,8 @@ static int match(const struct sk_buff *s const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_policy_info *info = matchinfo; int ret; @@ -133,9 +134,9 @@ static int match(const struct sk_buff *s return ret; } -static int checkentry(const char *tablename, const void *ip_void, - const struct xt_match *match, - void *matchinfo, unsigned int hook_mask) +static int init(const char *tablename, const void *ip_void, + const struct xt_match *match, + void *matchinfo, unsigned int hook_mask, void *priv_data) { struct xt_policy_info *info = matchinfo; @@ -168,7 +169,7 @@ static struct xt_match xt_policy_match[] { .name = "policy", .family = AF_INET, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_policy_info), .me = THIS_MODULE, @@ -176,25 +177,25 @@ static struct xt_match xt_policy_match[] { .name = "policy", .family = AF_INET6, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_policy_info), .me = THIS_MODULE, }, }; -static int __init init(void) +static int __init xt_policy_init(void) { return xt_register_matches(xt_policy_match, ARRAY_SIZE(xt_policy_match)); } -static void __exit fini(void) +static void __exit xt_policy_fini(void) { xt_unregister_matches(xt_policy_match, ARRAY_SIZE(xt_policy_match)); } -module_init(init); -module_exit(fini); +module_init(xt_policy_init); +module_exit(xt_policy_fini); MODULE_ALIAS("ipt_policy"); MODULE_ALIAS("ip6t_policy"); diff --git a/net/netfilter/xt_quota.c b/net/netfilter/xt_quota.c index b75fa2c..32702d2 100644 --- a/net/netfilter/xt_quota.c +++ b/net/netfilter/xt_quota.c @@ -20,7 +20,8 @@ static int match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const struct xt_match *match, const void *matchinfo, - int offset, unsigned int protoff, int *hotdrop) + int offset, unsigned int protoff, int *hotdrop, + void *priv_data) { struct xt_quota_info *q = ((struct xt_quota_info *)matchinfo)->master; int ret = q->flags & XT_QUOTA_INVERT ? 1 : 0; @@ -39,9 +40,9 @@ match(const struct sk_buff *skb, } static int -checkentry(const char *tablename, const void *entry, - const struct xt_match *match, void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, const void *entry, + const struct xt_match *match, void *matchinfo, + unsigned int hook_mask, void *priv_data) { struct xt_quota_info *q = (struct xt_quota_info *)matchinfo; @@ -56,7 +57,7 @@ static struct xt_match xt_quota_match[] { .name = "quota", .family = AF_INET, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_quota_info), .me = THIS_MODULE @@ -64,7 +65,7 @@ static struct xt_match xt_quota_match[] { .name = "quota", .family = AF_INET6, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_quota_info), .me = THIS_MODULE diff --git a/net/netfilter/xt_realm.c b/net/netfilter/xt_realm.c index a80b7d1..53d8b17 100644 --- a/net/netfilter/xt_realm.c +++ b/net/netfilter/xt_realm.c @@ -31,7 +31,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_realm_info *info = matchinfo; struct dst_entry *dst = skb->dst; diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c index 7956aca..5b599d8 100644 --- a/net/netfilter/xt_sctp.c +++ b/net/netfilter/xt_sctp.c @@ -127,7 +127,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_sctp_info *info = matchinfo; sctp_sctphdr_t _sh, *sh; @@ -159,11 +160,12 @@ match(const struct sk_buff *skb, } static int -checkentry(const char *tablename, - const void *inf, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, + const void *inf, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct xt_sctp_info *info = matchinfo; @@ -181,7 +183,7 @@ static struct xt_match xt_sctp_match[] = { .name = "sctp", .family = AF_INET, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_sctp_info), .proto = IPPROTO_SCTP, @@ -190,7 +192,7 @@ static struct xt_match xt_sctp_match[] = { .name = "sctp", .family = AF_INET6, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_sctp_info), .proto = IPPROTO_SCTP, diff --git a/net/netfilter/xt_state.c b/net/netfilter/xt_state.c index d9010b1..1532d33 100644 --- a/net/netfilter/xt_state.c +++ b/net/netfilter/xt_state.c @@ -28,7 +28,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_state_info *sinfo = matchinfo; enum ip_conntrack_info ctinfo; @@ -44,11 +45,12 @@ match(const struct sk_buff *skb, return (sinfo->statemask & statebit); } -static int check(const char *tablename, - const void *inf, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +static int init(const char *tablename, + const void *inf, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) if (nf_ct_l3proto_try_module_get(match->family) < 0) { @@ -61,7 +63,7 @@ #endif } static void -destroy(const struct xt_match *match, void *matchinfo) +destroy(const struct xt_match *match, void *matchinfo, void *priv_data) { #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) nf_ct_l3proto_module_put(match->family); @@ -72,7 +74,7 @@ static struct xt_match xt_state_match[] { .name = "state", .family = AF_INET, - .checkentry = check, + .init = init, .match = match, .destroy = destroy, .matchsize = sizeof(struct xt_state_info), @@ -81,7 +83,7 @@ static struct xt_match xt_state_match[] { .name = "state", .family = AF_INET6, - .checkentry = check, + .init = init, .match = match, .destroy = destroy, .matchsize = sizeof(struct xt_state_info), diff --git a/net/netfilter/xt_statistic.c b/net/netfilter/xt_statistic.c index 091a9f8..6fbc1dd 100644 --- a/net/netfilter/xt_statistic.c +++ b/net/netfilter/xt_statistic.c @@ -28,7 +28,7 @@ static int match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const struct xt_match *match, const void *matchinfo, - int offset, unsigned int protoff, int *hotdrop) + int offset, unsigned int protoff, int *hotdrop, void *priv_data) { struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo; int ret = info->flags & XT_STATISTIC_INVERT ? 1 : 0; @@ -53,9 +53,9 @@ match(const struct sk_buff *skb, } static int -checkentry(const char *tablename, const void *entry, - const struct xt_match *match, void *matchinfo, - unsigned int hook_mask) +init(const char *tablename, const void *entry, + const struct xt_match *match, void *matchinfo, + unsigned int hook_mask, void *priv_data) { struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo; @@ -70,7 +70,7 @@ static struct xt_match xt_statistic_matc { .name = "statistic", .family = AF_INET, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_statistic_info), .me = THIS_MODULE, @@ -78,7 +78,7 @@ static struct xt_match xt_statistic_matc { .name = "statistic", .family = AF_INET6, - .checkentry = checkentry, + .init = init, .match = match, .matchsize = sizeof(struct xt_statistic_info), .me = THIS_MODULE, diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c index 4453252..be01c47 100644 --- a/net/netfilter/xt_string.c +++ b/net/netfilter/xt_string.c @@ -28,7 +28,8 @@ static int match(const struct sk_buff *s const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_string_info *conf = matchinfo; struct ts_state state; @@ -42,11 +43,12 @@ static int match(const struct sk_buff *s #define STRING_TEXT_PRIV(m) ((struct xt_string_info *) m) -static int checkentry(const char *tablename, - const void *ip, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +static int init(const char *tablename, + const void *ip, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { struct xt_string_info *conf = matchinfo; struct ts_config *ts_conf; @@ -68,7 +70,8 @@ static int checkentry(const char *tablen return 1; } -static void destroy(const struct xt_match *match, void *matchinfo) +static void destroy(const struct xt_match *match, void *matchinfo, + void *priv_data) { textsearch_destroy(STRING_TEXT_PRIV(matchinfo)->config); } @@ -77,7 +80,7 @@ static struct xt_match xt_string_match[] { .name = "string", .family = AF_INET, - .checkentry = checkentry, + .init = init, .match = match, .destroy = destroy, .matchsize = sizeof(struct xt_string_info), @@ -86,8 +89,8 @@ static struct xt_match xt_string_match[] { .name = "string", .family = AF_INET6, - .checkentry = checkentry, - .match = match, + .init = init, + .match = match, .destroy = destroy, .matchsize = sizeof(struct xt_string_info), .me = THIS_MODULE diff --git a/net/netfilter/xt_tcpmss.c b/net/netfilter/xt_tcpmss.c index a3682fe..e512f70 100644 --- a/net/netfilter/xt_tcpmss.c +++ b/net/netfilter/xt_tcpmss.c @@ -31,7 +31,8 @@ match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { const struct xt_tcpmss_match_info *info = matchinfo; struct tcphdr _tcph, *th; diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c index e76a68e..516d0d6 100644 --- a/net/netfilter/xt_tcpudp.c +++ b/net/netfilter/xt_tcpudp.c @@ -78,7 +78,8 @@ tcp_match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { struct tcphdr _tcph, *th; const struct xt_tcp *tcpinfo = matchinfo; @@ -137,11 +138,12 @@ #define FWINVTCP(bool,invflg) ((bool) ^ /* Called when user tries to insert an entry of this type. */ static int -tcp_checkentry(const char *tablename, - const void *info, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +xt_tcp_init(const char *tablename, + const void *info, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct xt_tcp *tcpinfo = matchinfo; @@ -157,7 +159,8 @@ udp_match(const struct sk_buff *skb, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + int *hotdrop, + void *priv_data) { struct udphdr _udph, *uh; const struct xt_udp *udpinfo = matchinfo; @@ -185,11 +188,12 @@ udp_match(const struct sk_buff *skb, /* Called when user tries to insert an entry of this type. */ static int -udp_checkentry(const char *tablename, - const void *info, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +xt_udp_init(const char *tablename, + const void *info, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask, + void *priv_data) { const struct xt_tcp *udpinfo = matchinfo; @@ -201,7 +205,7 @@ static struct xt_match xt_tcpudp_match[] { .name = "tcp", .family = AF_INET, - .checkentry = tcp_checkentry, + .init = xt_tcp_init, .match = tcp_match, .matchsize = sizeof(struct xt_tcp), .proto = IPPROTO_TCP, @@ -210,7 +214,7 @@ static struct xt_match xt_tcpudp_match[] { .name = "tcp", .family = AF_INET6, - .checkentry = tcp_checkentry, + .init = xt_tcp_init, .match = tcp_match, .matchsize = sizeof(struct xt_tcp), .proto = IPPROTO_TCP, @@ -219,7 +223,7 @@ static struct xt_match xt_tcpudp_match[] { .name = "udp", .family = AF_INET, - .checkentry = udp_checkentry, + .init = xt_udp_init, .match = udp_match, .matchsize = sizeof(struct xt_udp), .proto = IPPROTO_UDP, @@ -228,7 +232,7 @@ static struct xt_match xt_tcpudp_match[] { .name = "udp", .family = AF_INET6, - .checkentry = udp_checkentry, + .init = xt_udp_init, .match = udp_match, .matchsize = sizeof(struct xt_udp), .proto = IPPROTO_UDP, @@ -236,16 +240,16 @@ static struct xt_match xt_tcpudp_match[] }, }; -static int __init xt_tcpudp_init(void) +static int __init xt_tcpudp_module_init(void) { return xt_register_matches(xt_tcpudp_match, ARRAY_SIZE(xt_tcpudp_match)); } -static void __exit xt_tcpudp_fini(void) +static void __exit xt_tcpudp_module_fini(void) { xt_unregister_matches(xt_tcpudp_match, ARRAY_SIZE(xt_tcpudp_match)); } -module_init(xt_tcpudp_init); -module_exit(xt_tcpudp_fini); +module_init(xt_tcpudp_module_init); +module_exit(xt_tcpudp_module_fini); -- 1.4.2