* [PATCH 1/2][priv_data-condition][part 1/2][core]
2006-09-24 22:40 [PATCH 0/2][priv_data-condition] Massimiliano Hofer
2006-09-25 8:15 ` Massimiliano Hofer
@ 2006-09-25 8:16 ` Massimiliano Hofer
2006-09-30 16:54 ` Patrick McHardy
2006-09-25 8:17 ` [PATCH 1/2][priv_data-condition][part 2/2][matches_and_targets] Massimiliano Hofer
2 siblings, 1 reply; 7+ messages in thread
From: Massimiliano Hofer @ 2006-09-25 8:16 UTC (permalink / raw)
To: netfilter-devel
From 8fc22c9b95e4bfa7f56a303587bdcd6f01a6ce52 Mon Sep 17 00:00:00 2001
From: Massimiliano Hofer <max@nucleus.it>
Date: Mon, 25 Sep 2006 10:06:12 +0200
Subject: [PATCH] priv_data
This patch adds support for instance specific data in matches and
targets.
I seize the opportunity of this massive function parameter change
to rename checkentry as init.
This is the core implementation. It won't compile without the
corresponding updates in matches and targets (in the following
patch).
Signed-off-by: Massimiliano Hofer <max@nucleus.it>
---
include/linux/netfilter/x_tables.h | 58 +++++++++------
net/ipv4/netfilter/arp_tables.c | 49 ++++++-------
net/ipv4/netfilter/ip_tables.c | 141 +++++++++++++++++-------------------
net/ipv6/netfilter/ip6_tables.c | 109 +++++++++++++---------------
net/netfilter/x_tables.c | 95 ++++++++++++++++++++++--
5 files changed, 258 insertions(+), 194 deletions(-)
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 04319a7..e855fd2 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -20,6 +20,7 @@ struct xt_entry_match
/* Used inside the kernel */
struct xt_match *match;
+ void *priv_data;
} kernel;
/* Total length */
@@ -45,6 +46,7 @@ struct xt_entry_target
/* Used inside the kernel */
struct xt_target *target;
+ void *priv_data;
} kernel;
/* Total length */
@@ -156,18 +158,21 @@ struct xt_match
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop);
+ int *hotdrop,
+ void *priv_data);
/* Called when user tries to insert an entry of this type. */
/* Should return true or false. */
- int (*checkentry)(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask);
+ int (*init)(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data);
/* Called when entry of this type deleted. */
- void (*destroy)(const struct xt_match *match, void *matchinfo);
+ void (*destroy)(const struct xt_match *match, void *matchinfo,
+ void *priv_data);
/* Called when userspace align differs from kernel space one */
void (*compat_from_user)(void *dst, void *src);
@@ -182,6 +187,7 @@ struct xt_match
char *table;
unsigned int matchsize;
unsigned int compatsize;
+ size_t priv_size;
unsigned int hooks;
unsigned short proto;
@@ -204,20 +210,23 @@ struct xt_target
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo);
+ const void *targinfo,
+ void *priv_data);
/* Called when user tries to insert an entry of this type:
hook_mask is a bitmask of hooks from which it can be
called. */
/* Should return true or false. */
- int (*checkentry)(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask);
+ int (*init)(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data);
/* Called when entry of this type deleted. */
- void (*destroy)(const struct xt_target *target, void *targinfo);
+ void (*destroy)(const struct xt_target *target, void *targinfo,
+ void *priv_data);
/* Called when userspace align differs from kernel space one */
void (*compat_from_user)(void *dst, void *src);
@@ -229,6 +238,7 @@ struct xt_target
char *table;
unsigned int targetsize;
unsigned int compatsize;
+ size_t priv_size;
unsigned int hooks;
unsigned short proto;
@@ -290,12 +300,16 @@ extern void xt_unregister_match(struct x
extern int xt_register_matches(struct xt_match *match, unsigned int n);
extern void xt_unregister_matches(struct xt_match *match, unsigned int n);
-extern int xt_check_match(const struct xt_match *match, unsigned short family,
- unsigned int size, const char *table, unsigned int hook,
- unsigned short proto, int inv_proto);
-extern int xt_check_target(const struct xt_target *target, unsigned short family,
- unsigned int size, const char *table, unsigned int hook,
- unsigned short proto, int inv_proto);
+extern int xt_init_match(struct xt_entry_match *m, char *module_prefix,
+ unsigned short family, const char *table,
+ unsigned int hook_mask, unsigned short proto,
+ int inv_proto);
+extern void xt_destroy_match(struct xt_entry_match *m);
+extern int xt_init_target(struct xt_entry_target *t, char *module_prefix,
+ unsigned short family, const char *table,
+ unsigned int hook_mask, unsigned short proto,
+ int inv_proto);
+extern void xt_destroy_target(struct xt_entry_target *m);
extern int xt_register_table(struct xt_table *table,
struct xt_table_info *bootstrap,
@@ -390,13 +404,13 @@ extern int xt_compat_match_offset(struct
extern void xt_compat_match_from_user(struct xt_entry_match *m,
void **dstptr, int *size);
extern int xt_compat_match_to_user(struct xt_entry_match *m,
- void __user **dstptr, int *size);
+ void * __user *dstptr, int *size);
extern int xt_compat_target_offset(struct xt_target *target);
extern void xt_compat_target_from_user(struct xt_entry_target *t,
void **dstptr, int *size);
extern int xt_compat_target_to_user(struct xt_entry_target *t,
- void __user **dstptr, int *size);
+ void * __user *dstptr, int *size);
#endif /* CONFIG_COMPAT */
#endif /* __KERNEL__ */
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 85f0d73..e6fbe3a 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -206,7 +206,8 @@ static unsigned int arpt_error(struct sk
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
if (net_ratelimit())
printk("arp_tables: error: '%s'\n", (char *)targinfo);
@@ -294,11 +295,13 @@ unsigned int arpt_do_table(struct sk_buf
/* Targets which reenter must return
* abs. verdicts
*/
- verdict = t->u.kernel.target->target(pskb,
- in, out,
- hook,
- t->u.kernel.target,
- t->data);
+ verdict = t->u.kernel.target->target(
+ pskb,
+ in, out,
+ hook,
+ t->u.kernel.target,
+ t->data,
+ t->u.kernel.priv_data);
/* Target might have changed stuff. */
arp = (*pskb)->nh.arph;
@@ -454,11 +457,10 @@ static inline int standard_check(const s
static struct arpt_target arpt_standard_target;
-static inline int check_entry(struct arpt_entry *e, const char *name, unsigned int size,
+static inline int init_entry(struct arpt_entry *e, const char *name, unsigned int size,
unsigned int *i)
{
struct arpt_entry_target *t;
- struct arpt_target *target;
int ret;
if (!arp_checkentry(&e->arp)) {
@@ -467,18 +469,9 @@ static inline int check_entry(struct arp
}
t = arpt_get_target(e);
- target = try_then_request_module(xt_find_target(NF_ARP, t->u.user.name,
- t->u.user.revision),
- "arpt_%s", t->u.user.name);
- if (IS_ERR(target) || !target) {
- duprintf("check_entry: `%s' not found\n", t->u.user.name);
- ret = target ? PTR_ERR(target) : -ENOENT;
- goto out;
- }
- t->u.kernel.target = target;
+ ret = xt_init_target(t, "arpt", NF_ARP,
+ name, e->comefrom, 0, 0);
- ret = xt_check_target(target, NF_ARP, t->u.target_size - sizeof(*t),
- name, e->comefrom, 0, 0);
if (ret)
goto err;
@@ -487,9 +480,11 @@ static inline int check_entry(struct arp
ret = -EINVAL;
goto err;
}
- } else if (t->u.kernel.target->checkentry
- && !t->u.kernel.target->checkentry(name, e, target, t->data,
- e->comefrom)) {
+ } else if (t->u.kernel.target->init
+ && !t->u.kernel.target->init(name, e, t->u.kernel.target,
+ t->data,
+ e->comefrom,
+ t->u.kernel.priv_data)) {
duprintf("arp_tables: check failed for `%s'.\n",
t->u.kernel.target->name);
ret = -EINVAL;
@@ -499,8 +494,7 @@ static inline int check_entry(struct arp
(*i)++;
return 0;
err:
- module_put(t->u.kernel.target->me);
-out:
+ xt_destroy_target(t);
return ret;
}
@@ -555,8 +549,9 @@ static inline int cleanup_entry(struct a
t = arpt_get_target(e);
if (t->u.kernel.target->destroy)
- t->u.kernel.target->destroy(t->u.kernel.target, t->data);
- module_put(t->u.kernel.target->me);
+ t->u.kernel.target->destroy(t->u.kernel.target, t->data,
+ t->u.kernel.priv_data);
+ xt_destroy_target(t);
return 0;
}
@@ -629,7 +624,7 @@ static int translate_table(const char *n
/* Finally, each sanity check must pass */
i = 0;
ret = ARPT_ENTRY_ITERATE(entry0, newinfo->size,
- check_entry, name, size, &i);
+ init_entry, name, size, &i);
if (ret != 0) {
ARPT_ENTRY_ITERATE(entry0, newinfo->size,
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 78a44b0..d96f322 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -180,7 +180,8 @@ ipt_error(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
if (net_ratelimit())
printk("ip_tables: error: `%s'\n", (char *)targinfo);
@@ -198,7 +199,8 @@ int do_match(struct ipt_entry_match *m,
{
/* Stop iteration if it doesn't match */
if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
- offset, skb->nh.iph->ihl*4, hotdrop))
+ offset, skb->nh.iph->ihl*4, hotdrop,
+ m->u.kernel.priv_data))
return 1;
else
return 0;
@@ -306,7 +308,8 @@ #endif
in, out,
hook,
t->u.kernel.target,
- t->data);
+ t->data,
+ t->u.kernel.priv_data);
#ifdef CONFIG_NETFILTER_DEBUG
if (((struct ipt_entry *)table_base)->comefrom
@@ -464,8 +467,9 @@ cleanup_match(struct ipt_entry_match *m,
return 1;
if (m->u.kernel.match->destroy)
- m->u.kernel.match->destroy(m->u.kernel.match, m->data);
- module_put(m->u.kernel.match->me);
+ m->u.kernel.match->destroy(m->u.kernel.match, m->data,
+ m->u.kernel.priv_data);
+ xt_destroy_match(m);
return 0;
}
@@ -491,33 +495,24 @@ standard_check(const struct ipt_entry_ta
}
static inline int
-check_match(struct ipt_entry_match *m,
- const char *name,
- const struct ipt_ip *ip,
- unsigned int hookmask,
- unsigned int *i)
+init_match(struct ipt_entry_match *m,
+ const char *name,
+ const struct ipt_ip *ip,
+ unsigned int hookmask,
+ unsigned int *i)
{
- struct ipt_match *match;
int ret;
- match = try_then_request_module(xt_find_match(AF_INET, m->u.user.name,
- m->u.user.revision),
- "ipt_%s", m->u.user.name);
- if (IS_ERR(match) || !match) {
- duprintf("check_match: `%s' not found\n", m->u.user.name);
- return match ? PTR_ERR(match) : -ENOENT;
- }
- m->u.kernel.match = match;
-
- ret = xt_check_match(match, AF_INET, m->u.match_size - sizeof(*m),
- name, hookmask, ip->proto,
- ip->invflags & IPT_INV_PROTO);
+ ret = xt_init_match(m, "ipt", AF_INET,
+ name, hookmask, ip->proto,
+ ip->invflags & IPT_INV_PROTO);
if (ret)
goto err;
- if (m->u.kernel.match->checkentry
- && !m->u.kernel.match->checkentry(name, ip, match, m->data,
- hookmask)) {
+ if (m->u.kernel.match->init
+ && !m->u.kernel.match->init(name, ip, m->u.kernel.match,
+ m->data,
+ hookmask, m->u.kernel.priv_data)) {
duprintf("ip_tables: check failed for `%s'.\n",
m->u.kernel.match->name);
ret = -EINVAL;
@@ -527,18 +522,17 @@ check_match(struct ipt_entry_match *m,
(*i)++;
return 0;
err:
- module_put(m->u.kernel.match->me);
+ xt_destroy_match(m);
return ret;
}
static struct ipt_target ipt_standard_target;
static inline int
-check_entry(struct ipt_entry *e, const char *name, unsigned int size,
+init_entry(struct ipt_entry *e, const char *name, unsigned int size,
unsigned int *i)
{
struct ipt_entry_target *t;
- struct ipt_target *target;
int ret;
unsigned int j;
@@ -548,25 +542,14 @@ check_entry(struct ipt_entry *e, const c
}
j = 0;
- ret = IPT_MATCH_ITERATE(e, check_match, name, &e->ip, e->comefrom, &j);
+ ret = IPT_MATCH_ITERATE(e, init_match, name, &e->ip, e->comefrom, &j);
if (ret != 0)
goto cleanup_matches;
t = ipt_get_target(e);
- target = try_then_request_module(xt_find_target(AF_INET,
- t->u.user.name,
- t->u.user.revision),
- "ipt_%s", t->u.user.name);
- if (IS_ERR(target) || !target) {
- duprintf("check_entry: `%s' not found\n", t->u.user.name);
- ret = target ? PTR_ERR(target) : -ENOENT;
- goto cleanup_matches;
- }
- t->u.kernel.target = target;
-
- ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t),
- name, e->comefrom, e->ip.proto,
- e->ip.invflags & IPT_INV_PROTO);
+ ret = xt_init_target(t, "ipt", AF_INET,
+ name, e->comefrom, e->ip.proto,
+ e->ip.invflags & IPT_INV_PROTO);
if (ret)
goto err;
@@ -575,9 +558,11 @@ check_entry(struct ipt_entry *e, const c
ret = -EINVAL;
goto err;
}
- } else if (t->u.kernel.target->checkentry
- && !t->u.kernel.target->checkentry(name, e, target, t->data,
- e->comefrom)) {
+ } else if (t->u.kernel.target->init
+ && !t->u.kernel.target->init(name, e, t->u.kernel.target,
+ t->data,
+ e->comefrom,
+ t->u.kernel.priv_data)) {
duprintf("ip_tables: check failed for `%s'.\n",
t->u.kernel.target->name);
ret = -EINVAL;
@@ -587,7 +572,7 @@ check_entry(struct ipt_entry *e, const c
(*i)++;
return 0;
err:
- module_put(t->u.kernel.target->me);
+ xt_destroy_target(t);
cleanup_matches:
IPT_MATCH_ITERATE(e, cleanup_match, &j);
return ret;
@@ -648,8 +633,9 @@ cleanup_entry(struct ipt_entry *e, unsig
IPT_MATCH_ITERATE(e, cleanup_match, NULL);
t = ipt_get_target(e);
if (t->u.kernel.target->destroy)
- t->u.kernel.target->destroy(t->u.kernel.target, t->data);
- module_put(t->u.kernel.target->me);
+ t->u.kernel.target->destroy(t->u.kernel.target, t->data,
+ t->u.kernel.priv_data);
+ xt_destroy_target(t);
return 0;
}
@@ -718,7 +704,7 @@ translate_table(const char *name,
/* Finally, each sanity check must pass */
i = 0;
ret = IPT_ENTRY_ITERATE(entry0, newinfo->size,
- check_entry, name, size, &i);
+ init_entry, name, size, &i);
if (ret != 0) {
IPT_ENTRY_ITERATE(entry0, newinfo->size,
@@ -1364,15 +1350,15 @@ struct compat_ipt_replace {
};
static inline int compat_copy_match_to_user(struct ipt_entry_match *m,
- void __user **dstptr, compat_uint_t *size)
+ void * __user *dstptr, compat_uint_t *size)
{
return xt_compat_match_to_user(m, dstptr, size);
}
static int compat_copy_entry_to_user(struct ipt_entry *e,
- void __user **dstptr, compat_uint_t *size)
+ void * __user *dstptr, compat_uint_t *size)
{
- struct ipt_entry_target *t;
+ struct ipt_entry_target __user *t;
struct compat_ipt_entry __user *ce;
u_int16_t target_offset, next_offset;
compat_uint_t origsize;
@@ -1477,7 +1463,7 @@ check_compat_entry_size_and_hooks(struct
t->u.user.revision),
"ipt_%s", t->u.user.name);
if (IS_ERR(target) || !target) {
- duprintf("check_entry: `%s' not found\n", t->u.user.name);
+ duprintf("init_entry: `%s' not found\n", t->u.user.name);
ret = target ? PTR_ERR(target) : -ENOENT;
goto cleanup_matches;
}
@@ -1523,15 +1509,15 @@ static inline int compat_copy_match_from
match = m->u.kernel.match;
xt_compat_match_from_user(m, dstptr, size);
- ret = xt_check_match(match, AF_INET, dm->u.match_size - sizeof(*dm),
- name, hookmask, ip->proto,
- ip->invflags & IPT_INV_PROTO);
+ ret = xt_init_match(m, "ipt", AF_INET,
+ name, hookmask, ip->proto,
+ ip->invflags & IPT_INV_PROTO);
if (ret)
goto err;
- if (m->u.kernel.match->checkentry
- && !m->u.kernel.match->checkentry(name, ip, match, dm->data,
- hookmask)) {
+ if (m->u.kernel.match->init
+ && !m->u.kernel.match->init(name, ip, match, dm->data,
+ hookmask, m->u.kernel.priv_data)) {
duprintf("ip_tables: check failed for `%s'.\n",
m->u.kernel.match->name);
ret = -EINVAL;
@@ -1541,7 +1527,7 @@ static inline int compat_copy_match_from
return 0;
err:
- module_put(m->u.kernel.match->me);
+ xt_destroy_match(m);
return ret;
}
@@ -1581,9 +1567,9 @@ static int compat_copy_entry_from_user(s
t = ipt_get_target(de);
target = t->u.kernel.target;
- ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t),
- name, e->comefrom, e->ip.proto,
- e->ip.invflags & IPT_INV_PROTO);
+ ret = xt_init_target(t, "ipt", AF_INET,
+ name, e->comefrom, e->ip.proto,
+ e->ip.invflags & IPT_INV_PROTO);
if (ret)
goto err;
@@ -1591,9 +1577,10 @@ static int compat_copy_entry_from_user(s
if (t->u.kernel.target == &ipt_standard_target) {
if (!standard_check(t, *size))
goto err;
- } else if (t->u.kernel.target->checkentry
- && !t->u.kernel.target->checkentry(name, de, target,
- t->data, de->comefrom)) {
+ } else if (t->u.kernel.target->init
+ && !t->u.kernel.target->init(name, de, target,
+ t->data, de->comefrom,
+ t->u.kernel.priv_data)) {
duprintf("ip_tables: compat: check failed for `%s'.\n",
t->u.kernel.target->name);
goto err;
@@ -1602,7 +1589,7 @@ static int compat_copy_entry_from_user(s
return ret;
err:
- module_put(t->u.kernel.target->me);
+ xt_destroy_target(t);
cleanup_matches:
IPT_MATCH_ITERATE(e, cleanup_match, &j);
return ret;
@@ -2090,7 +2077,8 @@ icmp_match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct icmphdr _icmph, *ic;
const struct ipt_icmp *icmpinfo = matchinfo;
@@ -2118,11 +2106,12 @@ icmp_match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
-icmp_checkentry(const char *tablename,
- const void *info,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+icmp_init(const char *tablename,
+ const void *info,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_icmp *icmpinfo = matchinfo;
@@ -2171,7 +2160,7 @@ static struct ipt_match icmp_matchstruct
.matchsize = sizeof(struct ipt_icmp),
.proto = IPPROTO_ICMP,
.family = AF_INET,
- .checkentry = icmp_checkentry,
+ .init = icmp_init,
};
static int __init ip_tables_init(void)
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 4ab368f..2c3ed69 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -217,7 +217,8 @@ ip6t_error(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
if (net_ratelimit())
printk("ip6_tables: error: `%s'\n", (char *)targinfo);
@@ -236,7 +237,8 @@ int do_match(struct ip6t_entry_match *m,
{
/* Stop iteration if it doesn't match */
if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
- offset, protoff, hotdrop))
+ offset, protoff, hotdrop,
+ m->u.kernel.priv_data))
return 1;
else
return 0;
@@ -340,11 +342,13 @@ #ifdef CONFIG_NETFILTER_DEBUG
((struct ip6t_entry *)table_base)->comefrom
= 0xeeeeeeec;
#endif
- verdict = t->u.kernel.target->target(pskb,
- in, out,
- hook,
- t->u.kernel.target,
- t->data);
+ verdict = t->u.kernel.target->target(
+ pskb,
+ in, out,
+ hook,
+ t->u.kernel.target,
+ t->data,
+ t->u.kernel.priv_data);
#ifdef CONFIG_NETFILTER_DEBUG
if (((struct ip6t_entry *)table_base)->comefrom
@@ -501,8 +505,9 @@ cleanup_match(struct ip6t_entry_match *m
return 1;
if (m->u.kernel.match->destroy)
- m->u.kernel.match->destroy(m->u.kernel.match, m->data);
- module_put(m->u.kernel.match->me);
+ m->u.kernel.match->destroy(m->u.kernel.match, m->data,
+ m->u.kernel.priv_data);
+ xt_destroy_match(m);
return 0;
}
@@ -528,33 +533,24 @@ standard_check(const struct ip6t_entry_t
}
static inline int
-check_match(struct ip6t_entry_match *m,
- const char *name,
- const struct ip6t_ip6 *ipv6,
- unsigned int hookmask,
- unsigned int *i)
+init_match(struct ip6t_entry_match *m,
+ const char *name,
+ const struct ip6t_ip6 *ipv6,
+ unsigned int hookmask,
+ unsigned int *i)
{
- struct ip6t_match *match;
int ret;
- match = try_then_request_module(xt_find_match(AF_INET6, m->u.user.name,
- m->u.user.revision),
- "ip6t_%s", m->u.user.name);
- if (IS_ERR(match) || !match) {
- duprintf("check_match: `%s' not found\n", m->u.user.name);
- return match ? PTR_ERR(match) : -ENOENT;
- }
- m->u.kernel.match = match;
-
- ret = xt_check_match(match, AF_INET6, m->u.match_size - sizeof(*m),
- name, hookmask, ipv6->proto,
- ipv6->invflags & IP6T_INV_PROTO);
+ ret = xt_init_match(m, "ip6t", AF_INET6,
+ name, hookmask, ipv6->proto,
+ ipv6->invflags & IP6T_INV_PROTO);
if (ret)
goto err;
- if (m->u.kernel.match->checkentry
- && !m->u.kernel.match->checkentry(name, ipv6, match, m->data,
- hookmask)) {
+ if (m->u.kernel.match->init
+ && !m->u.kernel.match->init(name, ipv6, m->u.kernel.match,
+ m->data, hookmask,
+ m->u.kernel.priv_data)) {
duprintf("ip_tables: check failed for `%s'.\n",
m->u.kernel.match->name);
ret = -EINVAL;
@@ -564,18 +560,17 @@ check_match(struct ip6t_entry_match *m,
(*i)++;
return 0;
err:
- module_put(m->u.kernel.match->me);
+ xt_destroy_match(m);
return ret;
}
static struct ip6t_target ip6t_standard_target;
static inline int
-check_entry(struct ip6t_entry *e, const char *name, unsigned int size,
- unsigned int *i)
+init_entry(struct ip6t_entry *e, const char *name, unsigned int size,
+ unsigned int *i)
{
struct ip6t_entry_target *t;
- struct ip6t_target *target;
int ret;
unsigned int j;
@@ -585,25 +580,14 @@ check_entry(struct ip6t_entry *e, const
}
j = 0;
- ret = IP6T_MATCH_ITERATE(e, check_match, name, &e->ipv6, e->comefrom, &j);
+ ret = IP6T_MATCH_ITERATE(e, init_match, name, &e->ipv6, e->comefrom, &j);
if (ret != 0)
goto cleanup_matches;
t = ip6t_get_target(e);
- target = try_then_request_module(xt_find_target(AF_INET6,
- t->u.user.name,
- t->u.user.revision),
- "ip6t_%s", t->u.user.name);
- if (IS_ERR(target) || !target) {
- duprintf("check_entry: `%s' not found\n", t->u.user.name);
- ret = target ? PTR_ERR(target) : -ENOENT;
- goto cleanup_matches;
- }
- t->u.kernel.target = target;
-
- ret = xt_check_target(target, AF_INET6, t->u.target_size - sizeof(*t),
- name, e->comefrom, e->ipv6.proto,
- e->ipv6.invflags & IP6T_INV_PROTO);
+ ret = xt_init_target(t, "ip6t", AF_INET6,
+ name, e->comefrom, e->ipv6.proto,
+ e->ipv6.invflags & IP6T_INV_PROTO);
if (ret)
goto err;
@@ -612,9 +596,11 @@ check_entry(struct ip6t_entry *e, const
ret = -EINVAL;
goto err;
}
- } else if (t->u.kernel.target->checkentry
- && !t->u.kernel.target->checkentry(name, e, target, t->data,
- e->comefrom)) {
+ } else if (t->u.kernel.target->init
+ && !t->u.kernel.target->init(name, e, t->u.kernel.target,
+ t->data,
+ e->comefrom,
+ t->u.kernel.priv_data)) {
duprintf("ip_tables: check failed for `%s'.\n",
t->u.kernel.target->name);
ret = -EINVAL;
@@ -624,7 +610,7 @@ check_entry(struct ip6t_entry *e, const
(*i)++;
return 0;
err:
- module_put(t->u.kernel.target->me);
+ xt_destroy_target(t);
cleanup_matches:
IP6T_MATCH_ITERATE(e, cleanup_match, &j);
return ret;
@@ -685,8 +671,9 @@ cleanup_entry(struct ip6t_entry *e, unsi
IP6T_MATCH_ITERATE(e, cleanup_match, NULL);
t = ip6t_get_target(e);
if (t->u.kernel.target->destroy)
- t->u.kernel.target->destroy(t->u.kernel.target, t->data);
- module_put(t->u.kernel.target->me);
+ t->u.kernel.target->destroy(t->u.kernel.target, t->data,
+ t->u.kernel.priv_data);
+ xt_destroy_target(t);
return 0;
}
@@ -755,7 +742,7 @@ translate_table(const char *name,
/* Finally, each sanity check must pass */
i = 0;
ret = IP6T_ENTRY_ITERATE(entry0, newinfo->size,
- check_entry, name, size, &i);
+ init_entry, name, size, &i);
if (ret != 0) {
IP6T_ENTRY_ITERATE(entry0, newinfo->size,
@@ -1310,7 +1297,8 @@ icmp6_match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct icmp6hdr _icmp, *ic;
const struct ip6t_icmp *icmpinfo = matchinfo;
@@ -1337,11 +1325,12 @@ icmp6_match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
-icmp6_checkentry(const char *tablename,
+icmp6_init(const char *tablename,
const void *entry,
const struct xt_match *match,
void *matchinfo,
- unsigned int hook_mask)
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_icmp *icmpinfo = matchinfo;
@@ -1377,7 +1366,7 @@ static struct ip6t_match icmp6_matchstru
.name = "icmp6",
.match = &icmp6_match,
.matchsize = sizeof(struct ip6t_icmp),
- .checkentry = icmp6_checkentry,
+ .init = icmp6_init,
.proto = IPPROTO_ICMPV6,
.family = AF_INET6,
};
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 58522fc..5822202 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -303,10 +303,27 @@ int xt_find_revision(int af, const char
}
EXPORT_SYMBOL_GPL(xt_find_revision);
-int xt_check_match(const struct xt_match *match, unsigned short family,
- unsigned int size, const char *table, unsigned int hook_mask,
- unsigned short proto, int inv_proto)
-{
+int xt_init_match(struct xt_entry_match *m, char *module_prefix,
+ unsigned short family, const char *table,
+ unsigned int hook_mask,
+ unsigned short proto, int inv_proto)
+{
+ struct xt_match *match;
+ unsigned int size = (m->u.match_size - sizeof(*m));
+
+ match = try_then_request_module(xt_find_match(family, m->u.user.name,
+ m->u.user.revision),
+ "%s_%s",
+ module_prefix, m->u.user.name);
+ if (IS_ERR(match) || !match) {
+ duprintf("init_match: `%s' not found\n", m->u.user.name);
+ m->u.kernel.match = NULL;
+ m->u.kernel.priv_data = NULL;
+ return match ? PTR_ERR(match) : -ENOENT;
+ }
+ m->u.kernel.match = match;
+ m->u.kernel.priv_data = NULL;
+
if (XT_ALIGN(match->matchsize) != size) {
printk("%s_tables: %s match: invalid size %Zu != %u\n",
xt_prefix[family], match->name,
@@ -328,9 +345,30 @@ int xt_check_match(const struct xt_match
xt_prefix[family], match->name, match->proto);
return -EINVAL;
}
+
+ if (match->priv_size) {
+ m->u.kernel.priv_data = kzalloc(match->priv_size,
+ GFP_KERNEL);
+ if (!m->u.kernel.priv_data) {
+ printk("%s_tables: %s match: "
+ "unable to allocate memory\n",
+ xt_prefix[family], match->name);
+ return -ENOMEM;
+ }
+ }
+
return 0;
}
-EXPORT_SYMBOL_GPL(xt_check_match);
+EXPORT_SYMBOL_GPL(xt_init_match);
+
+void xt_destroy_match(struct xt_entry_match *m)
+{
+ BUG_ON(!m);
+ kfree(m->u.kernel.priv_data);
+ if (m->u.kernel.match)
+ module_put(m->u.kernel.match->me);
+}
+EXPORT_SYMBOL_GPL(xt_destroy_match);
#ifdef CONFIG_COMPAT
int xt_compat_match_offset(struct xt_match *match)
@@ -393,10 +431,28 @@ int xt_compat_match_to_user(struct xt_en
EXPORT_SYMBOL_GPL(xt_compat_match_to_user);
#endif /* CONFIG_COMPAT */
-int xt_check_target(const struct xt_target *target, unsigned short family,
- unsigned int size, const char *table, unsigned int hook_mask,
- unsigned short proto, int inv_proto)
+int xt_init_target(struct xt_entry_target *t, char *module_prefix,
+ unsigned short family, const char *table,
+ unsigned int hook_mask, unsigned short proto,
+ int inv_proto)
{
+ struct xt_target *target;
+ unsigned int size = t->u.target_size - sizeof(*t);
+
+ target = try_then_request_module(xt_find_target(family,
+ t->u.user.name,
+ t->u.user.revision),
+ "%s_%s",
+ module_prefix, t->u.user.name);
+ if (IS_ERR(target) || !target) {
+ duprintf("init_target: `%s' not found\n", t->u.user.name);
+ t->u.kernel.target = NULL;
+ t->u.kernel.priv_data = NULL;
+ return target ? PTR_ERR(target) : -ENOENT;
+ }
+ t->u.kernel.target = target;
+ t->u.kernel.priv_data = NULL;
+
if (XT_ALIGN(target->targetsize) != size) {
printk("%s_tables: %s target: invalid size %Zu != %u\n",
xt_prefix[family], target->name,
@@ -418,9 +474,30 @@ int xt_check_target(const struct xt_targ
xt_prefix[family], target->name, target->proto);
return -EINVAL;
}
+
+ if (target->priv_size) {
+ t->u.kernel.priv_data = kzalloc(target->priv_size,
+ GFP_KERNEL);
+ if (!t->u.kernel.priv_data) {
+ printk("%s_tables: %s target: "
+ "unable to allocate memory\n",
+ xt_prefix[family], target->name);
+ return -ENOMEM;
+ }
+ }
+
return 0;
}
-EXPORT_SYMBOL_GPL(xt_check_target);
+EXPORT_SYMBOL_GPL(xt_init_target);
+
+void xt_destroy_target(struct xt_entry_target *t)
+{
+ BUG_ON(!t);
+ kfree(t->u.kernel.priv_data);
+ if (t->u.kernel.target)
+ module_put(t->u.kernel.target->me);
+}
+EXPORT_SYMBOL_GPL(xt_destroy_target);
#ifdef CONFIG_COMPAT
int xt_compat_target_offset(struct xt_target *target)
--
1.4.2
^ permalink raw reply related [flat|nested] 7+ messages in thread* [PATCH 1/2][priv_data-condition][part 2/2][matches_and_targets]
2006-09-24 22:40 [PATCH 0/2][priv_data-condition] Massimiliano Hofer
2006-09-25 8:15 ` Massimiliano Hofer
2006-09-25 8:16 ` [PATCH 1/2][priv_data-condition][part 1/2][core] Massimiliano Hofer
@ 2006-09-25 8:17 ` Massimiliano Hofer
2006-09-30 16:55 ` Patrick McHardy
2 siblings, 1 reply; 7+ messages in thread
From: Massimiliano Hofer @ 2006-09-25 8:17 UTC (permalink / raw)
To: netfilter-devel
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="utf-8", Size: 96566 bytes --]
From b24cd99b101357a5829ef22d45e5730bf0f1890d Mon Sep 17 00:00:00 2001
From: Massimiliano Hofer <max@nucleus.it>
Date: Mon, 25 Sep 2006 10:09:07 +0200
Subject: [PATCH] priv_data-matches_and_targets
This patch adds support for instance specific data in matches and
targets.
This patch complements the core update.
Signed-off-by: Massimiliano Hofer <max@nucleus.it>
---
include/linux/netfilter/x_tables.h | 4 +-
net/ipv4/netfilter/arpt_mangle.c | 8 ++---
net/ipv4/netfilter/ip_nat_rule.c | 32 +++++++++++--------
net/ipv4/netfilter/ip_tables.c | 6 ++--
net/ipv4/netfilter/ipt_CLUSTERIP.c | 19 ++++++-----
net/ipv4/netfilter/ipt_ECN.c | 16 +++++----
net/ipv4/netfilter/ipt_LOG.c | 24 ++++++++------
net/ipv4/netfilter/ipt_MASQUERADE.c | 16 +++++----
net/ipv4/netfilter/ipt_NETMAP.c | 16 +++++----
net/ipv4/netfilter/ipt_REDIRECT.c | 16 +++++----
net/ipv4/netfilter/ipt_REJECT.c | 16 +++++----
net/ipv4/netfilter/ipt_SAME.c | 18 ++++++-----
net/ipv4/netfilter/ipt_TCPMSS.c | 24 ++++++++------
net/ipv4/netfilter/ipt_TOS.c | 16 +++++----
net/ipv4/netfilter/ipt_TTL.c | 23 +++++++------
net/ipv4/netfilter/ipt_ULOG.c | 24 ++++++++------
net/ipv4/netfilter/ipt_addrtype.c | 3 +-
net/ipv4/netfilter/ipt_ah.c | 16 +++++----
net/ipv4/netfilter/ipt_ecn.c | 11 ++++--
net/ipv4/netfilter/ipt_hashlimit.c | 23 ++++++++-----
net/ipv4/netfilter/ipt_owner.c | 16 +++++----
net/ipv4/netfilter/ipt_recent.c | 22 +++++++------
net/ipv4/netfilter/ipt_tos.c | 3 +-
net/ipv4/netfilter/ipt_ttl.c | 3 +-
net/ipv6/netfilter/ip6t_HL.c | 24 ++++++++------
net/ipv6/netfilter/ip6t_LOG.c | 24 ++++++++------
net/ipv6/netfilter/ip6t_REJECT.c | 24 ++++++++------
net/ipv6/netfilter/ip6t_ah.c | 16 +++++----
net/ipv6/netfilter/ip6t_eui64.c | 3 +-
net/ipv6/netfilter/ip6t_frag.c | 16 +++++----
net/ipv6/netfilter/ip6t_hbh.c | 18 ++++++-----
| 24 ++++++++------
net/ipv6/netfilter/ip6t_owner.c | 16 +++++----
net/ipv6/netfilter/ip6t_rt.c | 16 +++++----
net/netfilter/xt_CLASSIFY.c | 3 +-
net/netfilter/xt_CONNMARK.c | 18 ++++++-----
net/netfilter/xt_DSCP.c | 21 +++++++-----
net/netfilter/xt_MARK.c | 34 +++++++++++---------
net/netfilter/xt_NFQUEUE.c | 3 +-
net/netfilter/xt_NOTRACK.c | 3 +-
net/netfilter/xt_SECMARK.c | 12 ++++---
| 3 +-
net/netfilter/xt_connbytes.c | 18 ++++++-----
net/netfilter/xt_connmark.c | 20 ++++++------
net/netfilter/xt_conntrack.c | 22 ++++++++-----
net/netfilter/xt_dccp.c | 18 ++++++-----
net/netfilter/xt_dscp.c | 21 +++++++-----
net/netfilter/xt_esp.c | 18 ++++++-----
net/netfilter/xt_helper.c | 23 ++++++++-----
net/netfilter/xt_length.c | 6 ++--
net/netfilter/xt_limit.c | 22 +++++++------
net/netfilter/xt_mac.c | 3 +-
net/netfilter/xt_mark.c | 18 ++++++-----
net/netfilter/xt_multiport.c | 58 +++++++++++++++++++---------------
net/netfilter/xt_physdev.c | 18 ++++++-----
net/netfilter/xt_pkttype.c | 3 +-
net/netfilter/xt_policy.c | 21 ++++++------
net/netfilter/xt_quota.c | 13 ++++----
net/netfilter/xt_realm.c | 3 +-
net/netfilter/xt_sctp.c | 18 ++++++-----
net/netfilter/xt_state.c | 20 ++++++------
net/netfilter/xt_statistic.c | 12 ++++---
net/netfilter/xt_string.c | 23 ++++++++-----
net/netfilter/xt_tcpmss.c | 3 +-
net/netfilter/xt_tcpudp.c | 44 ++++++++++++++------------
65 files changed, 600 insertions(+), 478 deletions(-)
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index e855fd2..6c3e689 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -404,13 +404,13 @@ extern int xt_compat_match_offset(struct
extern void xt_compat_match_from_user(struct xt_entry_match *m,
void **dstptr, int *size);
extern int xt_compat_match_to_user(struct xt_entry_match *m,
- void * __user *dstptr, int *size);
+ void __user **dstptr, int *size);
extern int xt_compat_target_offset(struct xt_target *target);
extern void xt_compat_target_from_user(struct xt_entry_target *t,
void **dstptr, int *size);
extern int xt_compat_target_to_user(struct xt_entry_target *t,
- void * __user *dstptr, int *size);
+ void __user **dstptr, int *size);
#endif /* CONFIG_COMPAT */
#endif /* __KERNEL__ */
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c
index d12b1df..ce77517 100644
--- a/net/ipv4/netfilter/arpt_mangle.c
+++ b/net/ipv4/netfilter/arpt_mangle.c
@@ -11,7 +11,7 @@ static unsigned int
target(struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
unsigned int hooknum, const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo, void *priv_data)
{
const struct arpt_mangle *mangle = targinfo;
struct arphdr *arp;
@@ -66,8 +66,8 @@ target(struct sk_buff **pskb,
}
static int
-checkentry(const char *tablename, const void *e, const struct xt_target *target,
- void *targinfo, unsigned int hook_mask)
+init(const char *tablename, const void *e, const struct xt_target *target,
+ void *targinfo, unsigned int hook_mask, void *priv_data)
{
const struct arpt_mangle *mangle = targinfo;
@@ -85,7 +85,7 @@ static struct arpt_target arpt_mangle_re
.name = "mangle",
.target = target,
.targetsize = sizeof(struct arpt_mangle),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ip_nat_rule.c b/net/ipv4/netfilter/ip_nat_rule.c
index 7b70383..4753724 100644
--- a/net/ipv4/netfilter/ip_nat_rule.c
+++ b/net/ipv4/netfilter/ip_nat_rule.c
@@ -100,7 +100,8 @@ static unsigned int ipt_snat_target(stru
const struct net_device *out,
unsigned int hooknum,
const struct ipt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -142,7 +143,8 @@ static unsigned int ipt_dnat_target(stru
const struct net_device *out,
unsigned int hooknum,
const struct ipt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -164,11 +166,12 @@ static unsigned int ipt_dnat_target(stru
return ip_nat_setup_info(ct, &mr->range[0], hooknum);
}
-static int ipt_snat_checkentry(const char *tablename,
- const void *entry,
- const struct ipt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ipt_snat_init(const char *tablename,
+ const void *entry,
+ const struct ipt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct ip_nat_multi_range_compat *mr = targinfo;
@@ -180,11 +183,12 @@ static int ipt_snat_checkentry(const cha
return 1;
}
-static int ipt_dnat_checkentry(const char *tablename,
- const void *entry,
- const struct ipt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ipt_dnat_init(const char *tablename,
+ const void *entry,
+ const struct ipt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct ip_nat_multi_range_compat *mr = targinfo;
@@ -263,7 +267,7 @@ static struct ipt_target ipt_snat_reg =
.targetsize = sizeof(struct ip_nat_multi_range_compat),
.table = "nat",
.hooks = 1 << NF_IP_POST_ROUTING,
- .checkentry = ipt_snat_checkentry,
+ .init = ipt_snat_init,
};
static struct ipt_target ipt_dnat_reg = {
@@ -272,7 +276,7 @@ static struct ipt_target ipt_dnat_reg =
.targetsize = sizeof(struct ip_nat_multi_range_compat),
.table = "nat",
.hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT),
- .checkentry = ipt_dnat_checkentry,
+ .init = ipt_dnat_init,
};
int __init ip_nat_rule_init(void)
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index d96f322..88feb21 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1350,15 +1350,15 @@ struct compat_ipt_replace {
};
static inline int compat_copy_match_to_user(struct ipt_entry_match *m,
- void * __user *dstptr, compat_uint_t *size)
+ void __user **dstptr, compat_uint_t *size)
{
return xt_compat_match_to_user(m, dstptr, size);
}
static int compat_copy_entry_to_user(struct ipt_entry *e,
- void * __user *dstptr, compat_uint_t *size)
+ void __user **dstptr, compat_uint_t *size)
{
- struct ipt_entry_target __user *t;
+ struct ipt_entry_target *t;
struct compat_ipt_entry __user *ce;
u_int16_t target_offset, next_offset;
compat_uint_t origsize;
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 4158966..cf06bef 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -302,7 +302,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct ipt_clusterip_tgt_info *cipinfo = targinfo;
enum ip_conntrack_info ctinfo;
@@ -368,11 +369,12 @@ #endif
}
static int
-checkentry(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct ipt_clusterip_tgt_info *cipinfo = targinfo;
const struct ipt_entry *e = e_void;
@@ -448,7 +450,8 @@ checkentry(const char *tablename,
}
/* drop reference count of cluster config when rule is deleted */
-static void destroy(const struct xt_target *target, void *targinfo)
+static void destroy(const struct xt_target *target, void *targinfo,
+ void *priv_data)
{
struct ipt_clusterip_tgt_info *cipinfo = targinfo;
@@ -463,7 +466,7 @@ static struct ipt_target clusterip_tgt =
.name = "CLUSTERIP",
.target = target,
.targetsize = sizeof(struct ipt_clusterip_tgt_info),
- .checkentry = checkentry,
+ .init = init,
.destroy = destroy,
.me = THIS_MODULE
};
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index 23f9c7e..6a59955 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -85,7 +85,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct ipt_ECN_info *einfo = targinfo;
@@ -102,11 +103,12 @@ target(struct sk_buff **pskb,
}
static int
-checkentry(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo;
const struct ipt_entry *e = e_void;
@@ -135,7 +137,7 @@ static struct ipt_target ipt_ecn_reg = {
.target = target,
.targetsize = sizeof(struct ipt_ECN_info),
.table = "mangle",
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index 7dc820d..4e9c05e 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -416,7 +416,8 @@ ipt_log_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct ipt_log_info *loginfo = targinfo;
struct nf_loginfo li;
@@ -435,11 +436,12 @@ ipt_log_target(struct sk_buff **pskb,
return IPT_CONTINUE;
}
-static int ipt_log_checkentry(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ipt_log_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_log_info *loginfo = targinfo;
@@ -459,7 +461,7 @@ static struct ipt_target ipt_log_reg = {
.name = "LOG",
.target = ipt_log_target,
.targetsize = sizeof(struct ipt_log_info),
- .checkentry = ipt_log_checkentry,
+ .init = ipt_log_init,
.me = THIS_MODULE,
};
@@ -469,7 +471,7 @@ static struct nf_logger ipt_log_logger =
.me = THIS_MODULE,
};
-static int __init ipt_log_init(void)
+static int __init ipt_log_module_init(void)
{
if (ipt_register_target(&ipt_log_reg))
return -EINVAL;
@@ -483,11 +485,11 @@ static int __init ipt_log_init(void)
return 0;
}
-static void __exit ipt_log_fini(void)
+static void __exit ipt_log_module_fini(void)
{
nf_log_unregister_logger(&ipt_log_logger);
ipt_unregister_target(&ipt_log_reg);
}
-module_init(ipt_log_init);
-module_exit(ipt_log_fini);
+module_init(ipt_log_module_init);
+module_exit(ipt_log_module_fini);
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index bc65168..0926e92 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -38,11 +38,12 @@ static DEFINE_RWLOCK(masq_lock);
/* FIXME: Multiple targets. --RR */
static int
-masquerade_check(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+masquerade_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip_nat_multi_range_compat *mr = targinfo;
@@ -63,7 +64,8 @@ masquerade_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -168,7 +170,7 @@ static struct ipt_target masquerade = {
.targetsize = sizeof(struct ip_nat_multi_range_compat),
.table = "nat",
.hooks = 1 << NF_IP_POST_ROUTING,
- .checkentry = masquerade_check,
+ .init = masquerade_init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index beb2914..596be72 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -29,11 +29,12 @@ #define DEBUGP(format, args...)
#endif
static int
-check(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip_nat_multi_range_compat *mr = targinfo;
@@ -54,7 +55,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -91,7 +93,7 @@ static struct ipt_target target_module =
.table = "nat",
.hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING) |
(1 << NF_IP_LOCAL_OUT),
- .checkentry = check,
+ .init = init,
.me = THIS_MODULE
};
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index f03d436..c342d0d 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -32,11 +32,12 @@ #endif
/* FIXME: Take multiple ranges --RR */
static int
-redirect_check(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+redirect_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip_nat_multi_range_compat *mr = targinfo;
@@ -57,7 +58,8 @@ redirect_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -106,7 +108,7 @@ static struct ipt_target redirect_reg =
.targetsize = sizeof(struct ip_nat_multi_range_compat),
.table = "nat",
.hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT),
- .checkentry = redirect_check,
+ .init = redirect_init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index b81821e..c7c6973 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -228,7 +228,8 @@ static unsigned int reject(struct sk_buf
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct ipt_reject_info *reject = targinfo;
@@ -272,11 +273,12 @@ static unsigned int reject(struct sk_buf
return NF_DROP;
}
-static int check(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_reject_info *rejinfo = targinfo;
const struct ipt_entry *e = e_void;
@@ -302,7 +304,7 @@ static struct ipt_target ipt_reject_reg
.table = "filter",
.hooks = (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) |
(1 << NF_IP_LOCAL_OUT),
- .checkentry = check,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c
index efbcb11..819d1ac 100644
--- a/net/ipv4/netfilter/ipt_SAME.c
+++ b/net/ipv4/netfilter/ipt_SAME.c
@@ -48,11 +48,12 @@ #define DEBUGP(format, args...)
#endif
static int
-same_check(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+same_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
unsigned int count, countess, rangeip, index = 0;
struct ipt_same_info *mr = targinfo;
@@ -115,7 +116,7 @@ same_check(const char *tablename,
}
static void
-same_destroy(const struct xt_target *target, void *targinfo)
+same_destroy(const struct xt_target *target, void *targinfo, void *priv_data)
{
struct ipt_same_info *mr = targinfo;
@@ -131,7 +132,8 @@ same_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -181,7 +183,7 @@ static struct ipt_target same_reg = {
.targetsize = sizeof(struct ipt_same_info),
.table = "nat",
.hooks = (1 << NF_IP_PRE_ROUTING | 1 << NF_IP_POST_ROUTING),
- .checkentry = same_check,
+ .init = same_init,
.destroy = same_destroy,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_TCPMSS.c b/net/ipv4/netfilter/ipt_TCPMSS.c
index 4246c43..f726a8b 100644
--- a/net/ipv4/netfilter/ipt_TCPMSS.c
+++ b/net/ipv4/netfilter/ipt_TCPMSS.c
@@ -37,7 +37,8 @@ ipt_tcpmss_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct ipt_tcpmss_info *tcpmssinfo = targinfo;
struct tcphdr *tcph;
@@ -167,11 +168,12 @@ static inline int find_syn_match(const s
/* Must specify -p tcp --syn/--tcp-flags SYN */
static int
-ipt_tcpmss_checkentry(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+ipt_tcpmss_init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_tcpmss_info *tcpmssinfo = targinfo;
const struct ipt_entry *e = e_void;
@@ -196,19 +198,19 @@ static struct ipt_target ipt_tcpmss_reg
.target = ipt_tcpmss_target,
.targetsize = sizeof(struct ipt_tcpmss_info),
.proto = IPPROTO_TCP,
- .checkentry = ipt_tcpmss_checkentry,
+ .init = ipt_tcpmss_init,
.me = THIS_MODULE,
};
-static int __init ipt_tcpmss_init(void)
+static int __init ipt_tcpmss_module_init(void)
{
return ipt_register_target(&ipt_tcpmss_reg);
}
-static void __exit ipt_tcpmss_fini(void)
+static void __exit ipt_tcpmss_module_fini(void)
{
ipt_unregister_target(&ipt_tcpmss_reg);
}
-module_init(ipt_tcpmss_init);
-module_exit(ipt_tcpmss_fini);
+module_init(ipt_tcpmss_module_init);
+module_exit(ipt_tcpmss_module_fini);
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c
index 471a4c4..0fe2aae 100644
--- a/net/ipv4/netfilter/ipt_TOS.c
+++ b/net/ipv4/netfilter/ipt_TOS.c
@@ -26,7 +26,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct ipt_tos_target_info *tosinfo = targinfo;
struct iphdr *iph = (*pskb)->nh.iph;
@@ -45,11 +46,12 @@ target(struct sk_buff **pskb,
}
static int
-checkentry(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const u_int8_t tos = ((struct ipt_tos_target_info *)targinfo)->tos;
@@ -69,7 +71,7 @@ static struct ipt_target ipt_tos_reg = {
.target = target,
.targetsize = sizeof(struct ipt_tos_target_info),
.table = "mangle",
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c
index 96e79cc..d5200c2 100644
--- a/net/ipv4/netfilter/ipt_TTL.c
+++ b/net/ipv4/netfilter/ipt_TTL.c
@@ -23,7 +23,7 @@ static unsigned int
ipt_ttl_target(struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
unsigned int hooknum, const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo, void *priv_data)
{
struct iphdr *iph;
const struct ipt_TTL_info *info = targinfo;
@@ -63,11 +63,12 @@ ipt_ttl_target(struct sk_buff **pskb,
return IPT_CONTINUE;
}
-static int ipt_ttl_checkentry(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ipt_ttl_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct ipt_TTL_info *info = targinfo;
@@ -86,19 +87,19 @@ static struct ipt_target ipt_TTL = {
.target = ipt_ttl_target,
.targetsize = sizeof(struct ipt_TTL_info),
.table = "mangle",
- .checkentry = ipt_ttl_checkentry,
+ .init = ipt_ttl_init,
.me = THIS_MODULE,
};
-static int __init ipt_ttl_init(void)
+static int __init ipt_ttl_module_init(void)
{
return ipt_register_target(&ipt_TTL);
}
-static void __exit ipt_ttl_fini(void)
+static void __exit ipt_ttl_module_fini(void)
{
ipt_unregister_target(&ipt_TTL);
}
-module_init(ipt_ttl_init);
-module_exit(ipt_ttl_fini);
+module_init(ipt_ttl_module_init);
+module_exit(ipt_ttl_module_fini);
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index 2b104ea..0bff5aa 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -308,7 +308,8 @@ static unsigned int ipt_ulog_target(stru
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
@@ -342,11 +343,12 @@ static void ipt_logfn(unsigned int pf,
ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
}
-static int ipt_ulog_checkentry(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hookmask)
+static int ipt_ulog_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hookmask,
+ void *priv_data)
{
struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
@@ -367,7 +369,7 @@ static struct ipt_target ipt_ulog_reg =
.name = "ULOG",
.target = ipt_ulog_target,
.targetsize = sizeof(struct ipt_ulog_info),
- .checkentry = ipt_ulog_checkentry,
+ .init = ipt_ulog_init,
.me = THIS_MODULE,
};
@@ -377,7 +379,7 @@ static struct nf_logger ipt_ulog_logger
.me = THIS_MODULE,
};
-static int __init ipt_ulog_init(void)
+static int __init ipt_ulog_module_init(void)
{
int i;
@@ -410,7 +412,7 @@ static int __init ipt_ulog_init(void)
return 0;
}
-static void __exit ipt_ulog_fini(void)
+static void __exit ipt_ulog_module_fini(void)
{
ulog_buff_t *ub;
int i;
@@ -438,5 +440,5 @@ static void __exit ipt_ulog_fini(void)
}
-module_init(ipt_ulog_init);
-module_exit(ipt_ulog_fini);
+module_init(ipt_ulog_module_init);
+module_exit(ipt_ulog_module_fini);
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c
index 893dae2..ec2b279 100644
--- a/net/ipv4/netfilter/ipt_addrtype.c
+++ b/net/ipv4/netfilter/ipt_addrtype.c
@@ -30,7 +30,8 @@ static inline int match_type(u_int32_t a
static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, int *hotdrop,
+ void *priv_data)
{
const struct ipt_addrtype_info *info = matchinfo;
const struct iphdr *iph = skb->nh.iph;
diff --git a/net/ipv4/netfilter/ipt_ah.c b/net/ipv4/netfilter/ipt_ah.c
index 1798f86..8d446d6 100644
--- a/net/ipv4/netfilter/ipt_ah.c
+++ b/net/ipv4/netfilter/ipt_ah.c
@@ -43,7 +43,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct ip_auth_hdr _ahdr, *ah;
const struct ipt_ah *ahinfo = matchinfo;
@@ -70,11 +71,12 @@ match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
-checkentry(const char *tablename,
- const void *ip_void,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *ip_void,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_ah *ahinfo = matchinfo;
@@ -91,7 +93,7 @@ static struct ipt_match ah_match = {
.match = match,
.matchsize = sizeof(struct ipt_ah),
.proto = IPPROTO_AH,
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c
index dafbdec..d6ec37a 100644
--- a/net/ipv4/netfilter/ipt_ecn.c
+++ b/net/ipv4/netfilter/ipt_ecn.c
@@ -68,7 +68,8 @@ static inline int match_tcp(const struct
static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, int *hotdrop,
+ void *priv_data)
{
const struct ipt_ecn_info *info = matchinfo;
@@ -86,9 +87,9 @@ static int match(const struct sk_buff *s
return 1;
}
-static int checkentry(const char *tablename, const void *ip_void,
- const struct xt_match *match,
- void *matchinfo, unsigned int hook_mask)
+static int init(const char *tablename, const void *ip_void,
+ const struct xt_match *match,
+ void *matchinfo, unsigned int hook_mask, void *priv_data)
{
const struct ipt_ecn_info *info = matchinfo;
const struct ipt_ip *ip = ip_void;
@@ -113,7 +114,7 @@ static struct ipt_match ecn_match = {
.name = "ecn",
.match = match,
.matchsize = sizeof(struct ipt_ecn_info),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_hashlimit.c b/net/ipv4/netfilter/ipt_hashlimit.c
index 4f73a61..12acead 100644
--- a/net/ipv4/netfilter/ipt_hashlimit.c
+++ b/net/ipv4/netfilter/ipt_hashlimit.c
@@ -8,8 +8,8 @@
* Development of this code was funded by Astaro AG, http://www.astaro.com/
*
* based on ipt_limit.c by:
- * Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr>
- * Hervé Eychenne <eychenne@info.enserb.u-bordeaux.fr>
+ * J��e de Vivie <devivie@info.enserb.u-bordeaux.fr>
+ * Herv�Eychenne <eychenne@info.enserb.u-bordeaux.fr>
* Rusty Russell <rusty@rustcorp.com.au>
*
* The general idea is to create a hash table for every dstip and have a
@@ -389,7 +389,8 @@ hashlimit_match(const struct sk_buff *sk
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct ipt_hashlimit_info *r =
((struct ipt_hashlimit_info *)matchinfo)->u.master;
@@ -474,11 +475,12 @@ hashlimit_match(const struct sk_buff *sk
}
static int
-hashlimit_checkentry(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+hashlimit_init(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct ipt_hashlimit_info *r = matchinfo;
@@ -528,7 +530,8 @@ hashlimit_checkentry(const char *tablena
}
static void
-hashlimit_destroy(const struct xt_match *match, void *matchinfo)
+hashlimit_destroy(const struct xt_match *match, void *matchinfo,
+ void *priv_data)
{
struct ipt_hashlimit_info *r = matchinfo;
@@ -568,7 +571,7 @@ #ifdef CONFIG_COMPAT
.compat_from_user = compat_from_user,
.compat_to_user = compat_to_user,
#endif
- .checkentry = hashlimit_checkentry,
+ .init = hashlimit_init,
.destroy = hashlimit_destroy,
.me = THIS_MODULE
};
diff --git a/net/ipv4/netfilter/ipt_owner.c b/net/ipv4/netfilter/ipt_owner.c
index 78c336f..478451e 100644
--- a/net/ipv4/netfilter/ipt_owner.c
+++ b/net/ipv4/netfilter/ipt_owner.c
@@ -29,7 +29,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct ipt_owner_info *info = matchinfo;
@@ -52,11 +53,12 @@ match(const struct sk_buff *skb,
}
static int
-checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_owner_info *info = matchinfo;
@@ -73,7 +75,7 @@ static struct ipt_match owner_match = {
.match = match,
.matchsize = sizeof(struct ipt_owner_info),
.hooks = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index 32ae8d7..a54e0fe 100644
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -173,7 +173,8 @@ static int
ipt_recent_match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, int *hotdrop,
+ void *priv_data)
{
const struct ipt_recent_info *info = matchinfo;
struct recent_table *t;
@@ -236,9 +237,9 @@ out:
}
static int
-ipt_recent_checkentry(const char *tablename, const void *ip,
- const struct xt_match *match, void *matchinfo,
- unsigned int hook_mask)
+ipt_recent_init(const char *tablename, const void *ip,
+ const struct xt_match *match, void *matchinfo,
+ unsigned int hook_mask, void *priv_data)
{
const struct ipt_recent_info *info = matchinfo;
struct recent_table *t;
@@ -294,7 +295,8 @@ out:
}
static void
-ipt_recent_destroy(const struct xt_match *match, void *matchinfo)
+ipt_recent_destroy(const struct xt_match *match, void *matchinfo,
+ void *priv_data)
{
const struct ipt_recent_info *info = matchinfo;
struct recent_table *t;
@@ -467,12 +469,12 @@ static struct ipt_match recent_match = {
.name = "recent",
.match = ipt_recent_match,
.matchsize = sizeof(struct ipt_recent_info),
- .checkentry = ipt_recent_checkentry,
+ .init = ipt_recent_init,
.destroy = ipt_recent_destroy,
.me = THIS_MODULE,
};
-static int __init ipt_recent_init(void)
+static int __init ipt_recent_module_init(void)
{
int err;
@@ -493,7 +495,7 @@ #endif
return err;
}
-static void __exit ipt_recent_exit(void)
+static void __exit ipt_recent_module_exit(void)
{
BUG_ON(!list_empty(&tables));
ipt_unregister_match(&recent_match);
@@ -502,5 +504,5 @@ #ifdef CONFIG_PROC_FS
#endif
}
-module_init(ipt_recent_init);
-module_exit(ipt_recent_exit);
+module_init(ipt_recent_module_init);
+module_exit(ipt_recent_module_exit);
diff --git a/net/ipv4/netfilter/ipt_tos.c b/net/ipv4/netfilter/ipt_tos.c
index 5549c39..c47e50f 100644
--- a/net/ipv4/netfilter/ipt_tos.c
+++ b/net/ipv4/netfilter/ipt_tos.c
@@ -25,7 +25,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct ipt_tos_info *info = matchinfo;
diff --git a/net/ipv4/netfilter/ipt_ttl.c b/net/ipv4/netfilter/ipt_ttl.c
index a5243bd..d02a87b 100644
--- a/net/ipv4/netfilter/ipt_ttl.c
+++ b/net/ipv4/netfilter/ipt_ttl.c
@@ -22,7 +22,8 @@ MODULE_LICENSE("GPL");
static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, int *hotdrop,
+ void *priv_data)
{
const struct ipt_ttl_info *info = matchinfo;
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c
index 435750f..878ac35 100644
--- a/net/ipv6/netfilter/ip6t_HL.c
+++ b/net/ipv6/netfilter/ip6t_HL.c
@@ -22,7 +22,8 @@ static unsigned int ip6t_hl_target(struc
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
struct ipv6hdr *ip6h;
const struct ip6t_HL_info *info = targinfo;
@@ -58,11 +59,12 @@ static unsigned int ip6t_hl_target(struc
return IP6T_CONTINUE;
}
-static int ip6t_hl_checkentry(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ip6t_hl_init(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct ip6t_HL_info *info = targinfo;
@@ -84,19 +86,19 @@ static struct ip6t_target ip6t_HL = {
.target = ip6t_hl_target,
.targetsize = sizeof(struct ip6t_HL_info),
.table = "mangle",
- .checkentry = ip6t_hl_checkentry,
+ .init = ip6t_hl_init,
.me = THIS_MODULE
};
-static int __init ip6t_hl_init(void)
+static int __init ip6t_hl_module_init(void)
{
return ip6t_register_target(&ip6t_HL);
}
-static void __exit ip6t_hl_fini(void)
+static void __exit ip6t_hl_module_fini(void)
{
ip6t_unregister_target(&ip6t_HL);
}
-module_init(ip6t_hl_init);
-module_exit(ip6t_hl_fini);
+module_init(ip6t_hl_module_init);
+module_exit(ip6t_hl_module_fini);
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
index 0cf537d..7f42293 100644
--- a/net/ipv6/netfilter/ip6t_LOG.c
+++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -427,7 +427,8 @@ ip6t_log_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct ip6t_log_info *loginfo = targinfo;
struct nf_loginfo li;
@@ -447,11 +448,12 @@ ip6t_log_target(struct sk_buff **pskb,
}
-static int ip6t_log_checkentry(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ip6t_log_init(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_log_info *loginfo = targinfo;
@@ -471,7 +473,7 @@ static struct ip6t_target ip6t_log_reg =
.name = "LOG",
.target = ip6t_log_target,
.targetsize = sizeof(struct ip6t_log_info),
- .checkentry = ip6t_log_checkentry,
+ .init = ip6t_log_init,
.me = THIS_MODULE,
};
@@ -481,7 +483,7 @@ static struct nf_logger ip6t_logger = {
.me = THIS_MODULE,
};
-static int __init ip6t_log_init(void)
+static int __init ip6t_log_module_init(void)
{
if (ip6t_register_target(&ip6t_log_reg))
return -EINVAL;
@@ -495,11 +497,11 @@ static int __init ip6t_log_init(void)
return 0;
}
-static void __exit ip6t_log_fini(void)
+static void __exit ip6t_log_module_fini(void)
{
nf_log_unregister_logger(&ip6t_logger);
ip6t_unregister_target(&ip6t_log_reg);
}
-module_init(ip6t_log_init);
-module_exit(ip6t_log_fini);
+module_init(ip6t_log_module_init);
+module_exit(ip6t_log_module_fini);
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index 311eae8..4ea5a3d 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -176,11 +176,12 @@ send_unreach(struct sk_buff *skb_in, uns
}
static unsigned int reject6_target(struct sk_buff **pskb,
- const struct net_device *in,
- const struct net_device *out,
- unsigned int hooknum,
- const struct xt_target *target,
- const void *targinfo)
+ const struct net_device *in,
+ const struct net_device *out,
+ unsigned int hooknum,
+ const struct xt_target *target,
+ const void *targinfo,
+ void *priv_data)
{
const struct ip6t_reject_info *reject = targinfo;
@@ -219,11 +220,12 @@ static unsigned int reject6_target(struc
return NF_DROP;
}
-static int check(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_reject_info *rejinfo = targinfo;
const struct ip6t_entry *e = entry;
@@ -249,7 +251,7 @@ static struct ip6t_target ip6t_reject_re
.table = "filter",
.hooks = (1 << NF_IP6_LOCAL_IN) | (1 << NF_IP6_FORWARD) |
(1 << NF_IP6_LOCAL_OUT),
- .checkentry = check,
+ .init = init,
.me = THIS_MODULE
};
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c
index ec1b160..9f10fc4 100644
--- a/net/ipv6/netfilter/ip6t_ah.c
+++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -48,7 +48,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct ip_auth_hdr *ah, _ah;
const struct ip6t_ah *ahinfo = matchinfo;
@@ -98,11 +99,12 @@ match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
-checkentry(const char *tablename,
- const void *entry,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *entry,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_ah *ahinfo = matchinfo;
@@ -117,7 +119,7 @@ static struct ip6t_match ah_match = {
.name = "ah",
.match = match,
.matchsize = sizeof(struct ip6t_ah),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c
index 4f6b84c..3d72a98 100644
--- a/net/ipv6/netfilter/ip6t_eui64.c
+++ b/net/ipv6/netfilter/ip6t_eui64.c
@@ -26,7 +26,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
unsigned char eui64[8];
int i = 0;
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c
index 78d9c8b..be9aa65 100644
--- a/net/ipv6/netfilter/ip6t_frag.c
+++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -47,7 +47,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct frag_hdr _frag, *fh;
const struct ip6t_frag *fraginfo = matchinfo;
@@ -115,11 +116,12 @@ match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
-checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_frag *fraginfo = matchinfo;
@@ -134,7 +136,7 @@ static struct ip6t_match frag_match = {
.name = "frag",
.match = match,
.matchsize = sizeof(struct ip6t_frag),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c
index d32a205..59fa6e2 100644
--- a/net/ipv6/netfilter/ip6t_hbh.c
+++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -54,7 +54,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct ipv6_opt_hdr _optsh, *oh;
const struct ip6t_opts *optinfo = matchinfo;
@@ -169,11 +170,12 @@ match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
-checkentry(const char *tablename,
- const void *entry,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *entry,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_opts *optsinfo = matchinfo;
@@ -190,7 +192,7 @@ static struct xt_match opts_match[] = {
.family = AF_INET6,
.match = match,
.matchsize = sizeof(struct ip6t_opts),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
.data = NEXTHDR_HOP,
},
@@ -199,7 +201,7 @@ static struct xt_match opts_match[] = {
.family = AF_INET6,
.match = match,
.matchsize = sizeof(struct ip6t_opts),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
.data = NEXTHDR_DEST,
},
--git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c
index 3093c39..0e224ac 100644
--- a/net/ipv6/netfilter/ip6t_ipv6header.c
+++ b/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -33,7 +33,8 @@ ipv6header_match(const struct sk_buff *s
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct ip6t_ipv6header_info *info = matchinfo;
unsigned int temp;
@@ -124,11 +125,12 @@ ipv6header_match(const struct sk_buff *s
}
static int
-ipv6header_checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+ipv6header_init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_ipv6header_info *info = matchinfo;
@@ -144,20 +146,20 @@ static struct ip6t_match ip6t_ipv6header
.name = "ipv6header",
.match = &ipv6header_match,
.matchsize = sizeof(struct ip6t_ipv6header_info),
- .checkentry = &ipv6header_checkentry,
+ .init = &ipv6header_init,
.destroy = NULL,
.me = THIS_MODULE,
};
-static int __init ipv6header_init(void)
+static int __init ipv6header_module_init(void)
{
return ip6t_register_match(&ip6t_ipv6header_match);
}
-static void __exit ipv6header_exit(void)
+static void __exit ipv6header_module_exit(void)
{
ip6t_unregister_match(&ip6t_ipv6header_match);
}
-module_init(ipv6header_init);
-module_exit(ipv6header_exit);
+module_init(ipv6header_module_init);
+module_exit(ipv6header_module_exit);
diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c
index 4eb9bbc..97ad7e7 100644
--- a/net/ipv6/netfilter/ip6t_owner.c
+++ b/net/ipv6/netfilter/ip6t_owner.c
@@ -30,7 +30,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct ip6t_owner_info *info = matchinfo;
@@ -53,11 +54,12 @@ match(const struct sk_buff *skb,
}
static int
-checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_owner_info *info = matchinfo;
@@ -74,7 +76,7 @@ static struct ip6t_match owner_match = {
.match = match,
.matchsize = sizeof(struct ip6t_owner_info),
.hooks = (1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index bcb2e16..572ac50 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -49,7 +49,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct ipv6_rt_hdr _route, *rh;
const struct ip6t_rt *rtinfo = matchinfo;
@@ -193,11 +194,12 @@ match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
-checkentry(const char *tablename,
- const void *entry,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *entry,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_rt *rtinfo = matchinfo;
@@ -220,7 +222,7 @@ static struct ip6t_match rt_match = {
.name = "rt",
.match = match,
.matchsize = sizeof(struct ip6t_rt),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/netfilter/xt_CLASSIFY.c b/net/netfilter/xt_CLASSIFY.c
index 50de965..501a5a8 100644
--- a/net/netfilter/xt_CLASSIFY.c
+++ b/net/netfilter/xt_CLASSIFY.c
@@ -29,7 +29,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct xt_classify_target_info *clinfo = targinfo;
diff --git a/net/netfilter/xt_CONNMARK.c b/net/netfilter/xt_CONNMARK.c
index c01524f..7a73bd0 100644
--- a/net/netfilter/xt_CONNMARK.c
+++ b/net/netfilter/xt_CONNMARK.c
@@ -38,7 +38,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct xt_connmark_target_info *markinfo = targinfo;
u_int32_t diff;
@@ -85,11 +86,12 @@ #endif
}
static int
-checkentry(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct xt_connmark_target_info *matchinfo = targinfo;
@@ -143,7 +145,7 @@ static struct xt_target xt_connmark_targ
{
.name = "CONNMARK",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_connmark_target_info),
#ifdef CONFIG_COMPAT
@@ -156,7 +158,7 @@ #endif
{
.name = "CONNMARK",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_connmark_target_info),
.me = THIS_MODULE
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c
index a7cc75a..c15ef6f 100644
--- a/net/netfilter/xt_DSCP.c
+++ b/net/netfilter/xt_DSCP.c
@@ -32,7 +32,8 @@ static unsigned int target(struct sk_buf
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct xt_DSCP_info *dinfo = targinfo;
u_int8_t dscp = ipv4_get_dsfield((*pskb)->nh.iph) >> XT_DSCP_SHIFT;
@@ -53,7 +54,8 @@ static unsigned int target6(struct sk_bu
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct xt_DSCP_info *dinfo = targinfo;
u_int8_t dscp = ipv6_get_dsfield((*pskb)->nh.ipv6h) >> XT_DSCP_SHIFT;
@@ -68,11 +70,12 @@ static unsigned int target6(struct sk_bu
return XT_CONTINUE;
}
-static int checkentry(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp;
@@ -87,7 +90,7 @@ static struct xt_target xt_dscp_target[]
{
.name = "DSCP",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_DSCP_info),
.table = "mangle",
@@ -96,7 +99,7 @@ static struct xt_target xt_dscp_target[]
{
.name = "DSCP",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.target = target6,
.targetsize = sizeof(struct xt_DSCP_info),
.table = "mangle",
diff --git a/net/netfilter/xt_MARK.c b/net/netfilter/xt_MARK.c
index c6e860a..962814a 100644
--- a/net/netfilter/xt_MARK.c
+++ b/net/netfilter/xt_MARK.c
@@ -27,7 +27,8 @@ target_v0(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct xt_mark_target_info *markinfo = targinfo;
@@ -43,7 +44,8 @@ target_v1(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct xt_mark_target_info_v1 *markinfo = targinfo;
int mark = 0;
@@ -70,11 +72,12 @@ target_v1(struct sk_buff **pskb,
static int
-checkentry_v0(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init_v0(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct xt_mark_target_info *markinfo = targinfo;
@@ -86,11 +89,12 @@ checkentry_v0(const char *tablename,
}
static int
-checkentry_v1(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init_v1(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct xt_mark_target_info_v1 *markinfo = targinfo;
@@ -142,7 +146,7 @@ static struct xt_target xt_mark_target[]
.name = "MARK",
.family = AF_INET,
.revision = 0,
- .checkentry = checkentry_v0,
+ .init = init_v0,
.target = target_v0,
.targetsize = sizeof(struct xt_mark_target_info),
.table = "mangle",
@@ -152,7 +156,7 @@ static struct xt_target xt_mark_target[]
.name = "MARK",
.family = AF_INET,
.revision = 1,
- .checkentry = checkentry_v1,
+ .init = init_v1,
.target = target_v1,
.targetsize = sizeof(struct xt_mark_target_info_v1),
#ifdef CONFIG_COMPAT
@@ -167,7 +171,7 @@ #endif
.name = "MARK",
.family = AF_INET6,
.revision = 0,
- .checkentry = checkentry_v0,
+ .init = init_v0,
.target = target_v0,
.targetsize = sizeof(struct xt_mark_target_info),
.table = "mangle",
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c
index db9b896..e797fac 100644
--- a/net/netfilter/xt_NFQUEUE.c
+++ b/net/netfilter/xt_NFQUEUE.c
@@ -29,7 +29,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
const struct xt_NFQ_info *tinfo = targinfo;
diff --git a/net/netfilter/xt_NOTRACK.c b/net/netfilter/xt_NOTRACK.c
index 6d00dca..deaf86c 100644
--- a/net/netfilter/xt_NOTRACK.c
+++ b/net/netfilter/xt_NOTRACK.c
@@ -16,7 +16,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *priv_data)
{
/* Previously seen (loopback)? Ignore. */
if ((*pskb)->nfct != NULL)
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
index add7521..b6cf8e6 100644
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -31,7 +31,7 @@ static u8 mode;
static unsigned int target(struct sk_buff **pskb, const struct net_device *in,
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo, void *priv_data)
{
u32 secmark = 0;
const struct xt_secmark_target_info *info = targinfo;
@@ -83,9 +83,9 @@ static int checkentry_selinux(struct xt_
return 1;
}
-static int checkentry(const char *tablename, const void *entry,
- const struct xt_target *target, void *targinfo,
- unsigned int hook_mask)
+static int init(const char *tablename, const void *entry,
+ const struct xt_target *target, void *targinfo,
+ unsigned int hook_mask, void *priv_data)
{
struct xt_secmark_target_info *info = targinfo;
@@ -115,7 +115,7 @@ static struct xt_target xt_secmark_targe
{
.name = "SECMARK",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_secmark_target_info),
.table = "mangle",
@@ -124,7 +124,7 @@ static struct xt_target xt_secmark_targe
{
.name = "SECMARK",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_secmark_target_info),
.table = "mangle",
--git a/net/netfilter/xt_comment.c b/net/netfilter/xt_comment.c
index 7db492d..67e7023 100644
--- a/net/netfilter/xt_comment.c
+++ b/net/netfilter/xt_comment.c
@@ -23,7 +23,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protooff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
/* We always match */
return 1;
diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c
index dcc497e..db4f236 100644
--- a/net/netfilter/xt_connbytes.c
+++ b/net/netfilter/xt_connbytes.c
@@ -48,7 +48,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_connbytes_info *sinfo = matchinfo;
u_int64_t what = 0; /* initialize to make gcc happy */
@@ -121,11 +122,12 @@ match(const struct sk_buff *skb,
return (what >= sinfo->count.from);
}
-static int check(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct xt_connbytes_info *sinfo = matchinfo;
@@ -146,7 +148,7 @@ static struct xt_match xt_connbytes_matc
{
.name = "connbytes",
.family = AF_INET,
- .checkentry = check,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_connbytes_info),
.me = THIS_MODULE
@@ -154,7 +156,7 @@ static struct xt_match xt_connbytes_matc
{
.name = "connbytes",
.family = AF_INET6,
- .checkentry = check,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_connbytes_info),
.me = THIS_MODULE
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c
index 92a5726..b4cce05 100644
--- a/net/netfilter/xt_connmark.c
+++ b/net/netfilter/xt_connmark.c
@@ -39,7 +39,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_connmark_info *info = matchinfo;
u_int32_t ctinfo;
@@ -51,11 +52,12 @@ match(const struct sk_buff *skb,
}
static int
-checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct xt_connmark_info *cm = matchinfo;
@@ -74,7 +76,7 @@ #endif
}
static void
-destroy(const struct xt_match *match, void *matchinfo)
+destroy(const struct xt_match *match, void *matchinfo, void *priv_data)
{
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
nf_ct_l3proto_module_put(match->family);
@@ -116,7 +118,7 @@ static struct xt_match xt_connmark_match
{
.name = "connmark",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.destroy = destroy,
.matchsize = sizeof(struct xt_connmark_info),
@@ -130,7 +132,7 @@ #endif
{
.name = "connmark",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.destroy = destroy,
.matchsize = sizeof(struct xt_connmark_info),
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index 0ea501a..72941f9 100644
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c
@@ -36,7 +36,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_conntrack_info *sinfo = matchinfo;
struct ip_conntrack *ct;
@@ -132,7 +133,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_conntrack_info *sinfo = matchinfo;
struct nf_conn *ct;
@@ -222,11 +224,12 @@ #define FWINV(bool,invflg) ((bool) ^ !!(
#endif /* CONFIG_NF_IP_CONNTRACK */
static int
-checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
if (nf_ct_l3proto_try_module_get(match->family) < 0) {
@@ -238,7 +241,8 @@ #endif
return 1;
}
-static void destroy(const struct xt_match *match, void *matchinfo)
+static void destroy(const struct xt_match *match, void *matchinfo,
+ void *priv_data)
{
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
nf_ct_l3proto_module_put(match->family);
@@ -248,7 +252,7 @@ #endif
static struct xt_match conntrack_match = {
.name = "conntrack",
.match = match,
- .checkentry = checkentry,
+ .init = init,
.destroy = destroy,
.matchsize = sizeof(struct xt_conntrack_info),
.family = AF_INET,
diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c
index 3e6cf43..c77fd93 100644
--- a/net/netfilter/xt_dccp.c
+++ b/net/netfilter/xt_dccp.c
@@ -99,7 +99,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_dccp_info *info = matchinfo;
struct dccp_hdr _dh, *dh;
@@ -127,11 +128,12 @@ match(const struct sk_buff *skb,
}
static int
-checkentry(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct xt_dccp_info *info = matchinfo;
@@ -144,7 +146,7 @@ static struct xt_match xt_dccp_match[] =
{
.name = "dccp",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_dccp_info),
.proto = IPPROTO_DCCP,
@@ -153,7 +155,7 @@ static struct xt_match xt_dccp_match[] =
{
.name = "dccp",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_dccp_info),
.proto = IPPROTO_DCCP,
diff --git a/net/netfilter/xt_dscp.c b/net/netfilter/xt_dscp.c
index 26c7f4a..b7935bf 100644
--- a/net/netfilter/xt_dscp.c
+++ b/net/netfilter/xt_dscp.c
@@ -31,7 +31,8 @@ static int match(const struct sk_buff *s
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_dscp_info *info = matchinfo;
u_int8_t dscp = ipv4_get_dsfield(skb->nh.iph) >> XT_DSCP_SHIFT;
@@ -46,7 +47,8 @@ static int match6(const struct sk_buff *
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_dscp_info *info = matchinfo;
u_int8_t dscp = ipv6_get_dsfield(skb->nh.ipv6h) >> XT_DSCP_SHIFT;
@@ -54,11 +56,12 @@ static int match6(const struct sk_buff *
return (dscp == info->dscp) ^ !!info->invert;
}
-static int checkentry(const char *tablename,
- const void *info,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *info,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const u_int8_t dscp = ((struct xt_dscp_info *)matchinfo)->dscp;
@@ -74,7 +77,7 @@ static struct xt_match xt_dscp_match[] =
{
.name = "dscp",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_dscp_info),
.me = THIS_MODULE,
@@ -82,7 +85,7 @@ static struct xt_match xt_dscp_match[] =
{
.name = "dscp",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match6,
.matchsize = sizeof(struct xt_dscp_info),
.me = THIS_MODULE,
diff --git a/net/netfilter/xt_esp.c b/net/netfilter/xt_esp.c
index 7c95f14..43f7771 100644
--- a/net/netfilter/xt_esp.c
+++ b/net/netfilter/xt_esp.c
@@ -50,7 +50,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct ip_esp_hdr _esp, *eh;
const struct xt_esp *espinfo = matchinfo;
@@ -75,11 +76,12 @@ match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
-checkentry(const char *tablename,
- const void *ip_void,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *ip_void,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct xt_esp *espinfo = matchinfo;
@@ -95,7 +97,7 @@ static struct xt_match xt_esp_match[] =
{
.name = "esp",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_esp),
.proto = IPPROTO_ESP,
@@ -104,7 +106,7 @@ static struct xt_match xt_esp_match[] =
{
.name = "esp",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_esp),
.proto = IPPROTO_ESP,
diff --git a/net/netfilter/xt_helper.c b/net/netfilter/xt_helper.c
index 5d7818b..f4f5af3 100644
--- a/net/netfilter/xt_helper.c
+++ b/net/netfilter/xt_helper.c
@@ -46,7 +46,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_helper_info *info = matchinfo;
struct ip_conntrack *ct;
@@ -94,7 +95,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_helper_info *info = matchinfo;
struct nf_conn *ct;
@@ -135,11 +137,12 @@ out_unlock:
}
#endif
-static int check(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct xt_helper_info *info = matchinfo;
@@ -155,7 +158,7 @@ #endif
}
static void
-destroy(const struct xt_match *match, void *matchinfo)
+destroy(const struct xt_match *match, void *matchinfo, void *priv_data)
{
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
nf_ct_l3proto_module_put(match->family);
@@ -166,7 +169,7 @@ static struct xt_match xt_helper_match[]
{
.name = "helper",
.family = AF_INET,
- .checkentry = check,
+ .init = init,
.match = match,
.destroy = destroy,
.matchsize = sizeof(struct xt_helper_info),
@@ -175,7 +178,7 @@ static struct xt_match xt_helper_match[]
{
.name = "helper",
.family = AF_INET6,
- .checkentry = check,
+ .init = init,
.match = match,
.destroy = destroy,
.matchsize = sizeof(struct xt_helper_info),
diff --git a/net/netfilter/xt_length.c b/net/netfilter/xt_length.c
index 67fd30d..3f41f45 100644
--- a/net/netfilter/xt_length.c
+++ b/net/netfilter/xt_length.c
@@ -28,7 +28,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_length_info *info = matchinfo;
u_int16_t pktlen = ntohs(skb->nh.iph->tot_len);
@@ -44,7 +45,8 @@ match6(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_length_info *info = matchinfo;
u_int16_t pktlen = ntohs(skb->nh.ipv6h->payload_len) + sizeof(struct ipv6hdr);
diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c
index fda7b7d..3b544c9 100644
--- a/net/netfilter/xt_limit.c
+++ b/net/netfilter/xt_limit.c
@@ -5,8 +5,8 @@
* Alexey is a fucking genius?
* Rusty Russell (rusty@rustcorp.com.au). */
-/* (C) 1999 Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr>
- * (C) 1999 Hervé Eychenne <eychenne@info.enserb.u-bordeaux.fr>
+/* (C) 1999 J��e de Vivie <devivie@info.enserb.u-bordeaux.fr>
+ * (C) 1999 Herv�Eychenne <eychenne@info.enserb.u-bordeaux.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -72,7 +72,8 @@ ipt_limit_match(const struct sk_buff *sk
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct xt_rateinfo *r = ((struct xt_rateinfo *)matchinfo)->master;
unsigned long now = jiffies;
@@ -106,11 +107,12 @@ user2credits(u_int32_t user)
}
static int
-ipt_limit_checkentry(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+ipt_limit_init(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct xt_rateinfo *r = matchinfo;
@@ -183,7 +185,7 @@ static struct xt_match xt_limit_match[]
{
.name = "limit",
.family = AF_INET,
- .checkentry = ipt_limit_checkentry,
+ .init = ipt_limit_init,
.match = ipt_limit_match,
.matchsize = sizeof(struct xt_rateinfo),
#ifdef CONFIG_COMPAT
@@ -196,7 +198,7 @@ #endif
{
.name = "limit",
.family = AF_INET6,
- .checkentry = ipt_limit_checkentry,
+ .init = ipt_limit_init,
.match = ipt_limit_match,
.matchsize = sizeof(struct xt_rateinfo),
.me = THIS_MODULE,
diff --git a/net/netfilter/xt_mac.c b/net/netfilter/xt_mac.c
index 425fc21..fadff66 100644
--- a/net/netfilter/xt_mac.c
+++ b/net/netfilter/xt_mac.c
@@ -31,7 +31,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_mac_info *info = matchinfo;
diff --git a/net/netfilter/xt_mark.c b/net/netfilter/xt_mark.c
index 934dddf..a70c12c 100644
--- a/net/netfilter/xt_mark.c
+++ b/net/netfilter/xt_mark.c
@@ -27,7 +27,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_mark_info *info = matchinfo;
@@ -35,11 +36,12 @@ match(const struct sk_buff *skb,
}
static int
-checkentry(const char *tablename,
- const void *entry,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *entry,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct xt_mark_info *minfo = matchinfo;
@@ -85,7 +87,7 @@ static struct xt_match xt_mark_match[] =
{
.name = "mark",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_mark_info),
#ifdef CONFIG_COMPAT
@@ -98,7 +100,7 @@ #endif
{
.name = "mark",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_mark_info),
.me = THIS_MODULE,
diff --git a/net/netfilter/xt_multiport.c b/net/netfilter/xt_multiport.c
index d3aefd3..aedd1e0 100644
--- a/net/netfilter/xt_multiport.c
+++ b/net/netfilter/xt_multiport.c
@@ -102,7 +102,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
u16 _ports[2], *pptr;
const struct xt_multiport *multiinfo = matchinfo;
@@ -133,7 +134,8 @@ match_v1(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
u16 _ports[2], *pptr;
const struct xt_multiport_v1 *multiinfo = matchinfo;
@@ -172,11 +174,12 @@ check(u_int16_t proto,
/* Called when user tries to insert an entry of this type. */
static int
-checkentry(const char *tablename,
- const void *info,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *info,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_ip *ip = info;
const struct xt_multiport *multiinfo = matchinfo;
@@ -186,11 +189,12 @@ checkentry(const char *tablename,
}
static int
-checkentry_v1(const char *tablename,
- const void *info,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init_v1(const char *tablename,
+ const void *info,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ipt_ip *ip = info;
const struct xt_multiport_v1 *multiinfo = matchinfo;
@@ -200,11 +204,12 @@ checkentry_v1(const char *tablename,
}
static int
-checkentry6(const char *tablename,
- const void *info,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init6(const char *tablename,
+ const void *info,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_ip6 *ip = info;
const struct xt_multiport *multiinfo = matchinfo;
@@ -214,11 +219,12 @@ checkentry6(const char *tablename,
}
static int
-checkentry6_v1(const char *tablename,
- const void *info,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init6_v1(const char *tablename,
+ const void *info,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct ip6t_ip6 *ip = info;
const struct xt_multiport_v1 *multiinfo = matchinfo;
@@ -232,7 +238,7 @@ static struct xt_match xt_multiport_matc
.name = "multiport",
.family = AF_INET,
.revision = 0,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_multiport),
.me = THIS_MODULE,
@@ -241,7 +247,7 @@ static struct xt_match xt_multiport_matc
.name = "multiport",
.family = AF_INET,
.revision = 1,
- .checkentry = checkentry_v1,
+ .init = init_v1,
.match = match_v1,
.matchsize = sizeof(struct xt_multiport_v1),
.me = THIS_MODULE,
@@ -250,7 +256,7 @@ static struct xt_match xt_multiport_matc
.name = "multiport",
.family = AF_INET6,
.revision = 0,
- .checkentry = checkentry6,
+ .init = init6,
.match = match,
.matchsize = sizeof(struct xt_multiport),
.me = THIS_MODULE,
@@ -259,7 +265,7 @@ static struct xt_match xt_multiport_matc
.name = "multiport",
.family = AF_INET6,
.revision = 1,
- .checkentry = checkentry6_v1,
+ .init = init6_v1,
.match = match_v1,
.matchsize = sizeof(struct xt_multiport_v1),
.me = THIS_MODULE,
diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c
index fd8f954..7893938 100644
--- a/net/netfilter/xt_physdev.c
+++ b/net/netfilter/xt_physdev.c
@@ -31,7 +31,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
int i;
static const char nulldevname[IFNAMSIZ];
@@ -102,11 +103,12 @@ match_outdev:
}
static int
-checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct xt_physdev_info *info = matchinfo;
@@ -135,7 +137,7 @@ static struct xt_match xt_physdev_match[
{
.name = "physdev",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_physdev_info),
.me = THIS_MODULE,
@@ -143,7 +145,7 @@ static struct xt_match xt_physdev_match[
{
.name = "physdev",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_physdev_info),
.me = THIS_MODULE,
diff --git a/net/netfilter/xt_pkttype.c b/net/netfilter/xt_pkttype.c
index 16e7b08..efe454c 100644
--- a/net/netfilter/xt_pkttype.c
+++ b/net/netfilter/xt_pkttype.c
@@ -28,7 +28,8 @@ static int match(const struct sk_buff *s
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
u_int8_t type;
const struct xt_pkttype_info *info = matchinfo;
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c
index 46bde2b..1540879 100644
--- a/net/netfilter/xt_policy.c
+++ b/net/netfilter/xt_policy.c
@@ -115,7 +115,8 @@ static int match(const struct sk_buff *s
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_policy_info *info = matchinfo;
int ret;
@@ -133,9 +134,9 @@ static int match(const struct sk_buff *s
return ret;
}
-static int checkentry(const char *tablename, const void *ip_void,
- const struct xt_match *match,
- void *matchinfo, unsigned int hook_mask)
+static int init(const char *tablename, const void *ip_void,
+ const struct xt_match *match,
+ void *matchinfo, unsigned int hook_mask, void *priv_data)
{
struct xt_policy_info *info = matchinfo;
@@ -168,7 +169,7 @@ static struct xt_match xt_policy_match[]
{
.name = "policy",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_policy_info),
.me = THIS_MODULE,
@@ -176,25 +177,25 @@ static struct xt_match xt_policy_match[]
{
.name = "policy",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_policy_info),
.me = THIS_MODULE,
},
};
-static int __init init(void)
+static int __init xt_policy_init(void)
{
return xt_register_matches(xt_policy_match,
ARRAY_SIZE(xt_policy_match));
}
-static void __exit fini(void)
+static void __exit xt_policy_fini(void)
{
xt_unregister_matches(xt_policy_match, ARRAY_SIZE(xt_policy_match));
}
-module_init(init);
-module_exit(fini);
+module_init(xt_policy_init);
+module_exit(xt_policy_fini);
MODULE_ALIAS("ipt_policy");
MODULE_ALIAS("ip6t_policy");
diff --git a/net/netfilter/xt_quota.c b/net/netfilter/xt_quota.c
index b75fa2c..32702d2 100644
--- a/net/netfilter/xt_quota.c
+++ b/net/netfilter/xt_quota.c
@@ -20,7 +20,8 @@ static int
match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, int *hotdrop,
+ void *priv_data)
{
struct xt_quota_info *q = ((struct xt_quota_info *)matchinfo)->master;
int ret = q->flags & XT_QUOTA_INVERT ? 1 : 0;
@@ -39,9 +40,9 @@ match(const struct sk_buff *skb,
}
static int
-checkentry(const char *tablename, const void *entry,
- const struct xt_match *match, void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename, const void *entry,
+ const struct xt_match *match, void *matchinfo,
+ unsigned int hook_mask, void *priv_data)
{
struct xt_quota_info *q = (struct xt_quota_info *)matchinfo;
@@ -56,7 +57,7 @@ static struct xt_match xt_quota_match[]
{
.name = "quota",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_quota_info),
.me = THIS_MODULE
@@ -64,7 +65,7 @@ static struct xt_match xt_quota_match[]
{
.name = "quota",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_quota_info),
.me = THIS_MODULE
diff --git a/net/netfilter/xt_realm.c b/net/netfilter/xt_realm.c
index a80b7d1..53d8b17 100644
--- a/net/netfilter/xt_realm.c
+++ b/net/netfilter/xt_realm.c
@@ -31,7 +31,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_realm_info *info = matchinfo;
struct dst_entry *dst = skb->dst;
diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c
index 7956aca..5b599d8 100644
--- a/net/netfilter/xt_sctp.c
+++ b/net/netfilter/xt_sctp.c
@@ -127,7 +127,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_sctp_info *info = matchinfo;
sctp_sctphdr_t _sh, *sh;
@@ -159,11 +160,12 @@ match(const struct sk_buff *skb,
}
static int
-checkentry(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct xt_sctp_info *info = matchinfo;
@@ -181,7 +183,7 @@ static struct xt_match xt_sctp_match[] =
{
.name = "sctp",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_sctp_info),
.proto = IPPROTO_SCTP,
@@ -190,7 +192,7 @@ static struct xt_match xt_sctp_match[] =
{
.name = "sctp",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_sctp_info),
.proto = IPPROTO_SCTP,
diff --git a/net/netfilter/xt_state.c b/net/netfilter/xt_state.c
index d9010b1..1532d33 100644
--- a/net/netfilter/xt_state.c
+++ b/net/netfilter/xt_state.c
@@ -28,7 +28,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_state_info *sinfo = matchinfo;
enum ip_conntrack_info ctinfo;
@@ -44,11 +45,12 @@ match(const struct sk_buff *skb,
return (sinfo->statemask & statebit);
}
-static int check(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
if (nf_ct_l3proto_try_module_get(match->family) < 0) {
@@ -61,7 +63,7 @@ #endif
}
static void
-destroy(const struct xt_match *match, void *matchinfo)
+destroy(const struct xt_match *match, void *matchinfo, void *priv_data)
{
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
nf_ct_l3proto_module_put(match->family);
@@ -72,7 +74,7 @@ static struct xt_match xt_state_match[]
{
.name = "state",
.family = AF_INET,
- .checkentry = check,
+ .init = init,
.match = match,
.destroy = destroy,
.matchsize = sizeof(struct xt_state_info),
@@ -81,7 +83,7 @@ static struct xt_match xt_state_match[]
{
.name = "state",
.family = AF_INET6,
- .checkentry = check,
+ .init = init,
.match = match,
.destroy = destroy,
.matchsize = sizeof(struct xt_state_info),
diff --git a/net/netfilter/xt_statistic.c b/net/netfilter/xt_statistic.c
index 091a9f8..6fbc1dd 100644
--- a/net/netfilter/xt_statistic.c
+++ b/net/netfilter/xt_statistic.c
@@ -28,7 +28,7 @@ static int
match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, int *hotdrop)
+ int offset, unsigned int protoff, int *hotdrop, void *priv_data)
{
struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo;
int ret = info->flags & XT_STATISTIC_INVERT ? 1 : 0;
@@ -53,9 +53,9 @@ match(const struct sk_buff *skb,
}
static int
-checkentry(const char *tablename, const void *entry,
- const struct xt_match *match, void *matchinfo,
- unsigned int hook_mask)
+init(const char *tablename, const void *entry,
+ const struct xt_match *match, void *matchinfo,
+ unsigned int hook_mask, void *priv_data)
{
struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo;
@@ -70,7 +70,7 @@ static struct xt_match xt_statistic_matc
{
.name = "statistic",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_statistic_info),
.me = THIS_MODULE,
@@ -78,7 +78,7 @@ static struct xt_match xt_statistic_matc
{
.name = "statistic",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.matchsize = sizeof(struct xt_statistic_info),
.me = THIS_MODULE,
diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c
index 4453252..be01c47 100644
--- a/net/netfilter/xt_string.c
+++ b/net/netfilter/xt_string.c
@@ -28,7 +28,8 @@ static int match(const struct sk_buff *s
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_string_info *conf = matchinfo;
struct ts_state state;
@@ -42,11 +43,12 @@ static int match(const struct sk_buff *s
#define STRING_TEXT_PRIV(m) ((struct xt_string_info *) m)
-static int checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *ip,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
struct xt_string_info *conf = matchinfo;
struct ts_config *ts_conf;
@@ -68,7 +70,8 @@ static int checkentry(const char *tablen
return 1;
}
-static void destroy(const struct xt_match *match, void *matchinfo)
+static void destroy(const struct xt_match *match, void *matchinfo,
+ void *priv_data)
{
textsearch_destroy(STRING_TEXT_PRIV(matchinfo)->config);
}
@@ -77,7 +80,7 @@ static struct xt_match xt_string_match[]
{
.name = "string",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.match = match,
.destroy = destroy,
.matchsize = sizeof(struct xt_string_info),
@@ -86,8 +89,8 @@ static struct xt_match xt_string_match[]
{
.name = "string",
.family = AF_INET6,
- .checkentry = checkentry,
- .match = match,
+ .init = init,
+ .match = match,
.destroy = destroy,
.matchsize = sizeof(struct xt_string_info),
.me = THIS_MODULE
diff --git a/net/netfilter/xt_tcpmss.c b/net/netfilter/xt_tcpmss.c
index a3682fe..e512f70 100644
--- a/net/netfilter/xt_tcpmss.c
+++ b/net/netfilter/xt_tcpmss.c
@@ -31,7 +31,8 @@ match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
const struct xt_tcpmss_match_info *info = matchinfo;
struct tcphdr _tcph, *th;
diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c
index e76a68e..516d0d6 100644
--- a/net/netfilter/xt_tcpudp.c
+++ b/net/netfilter/xt_tcpudp.c
@@ -78,7 +78,8 @@ tcp_match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct tcphdr _tcph, *th;
const struct xt_tcp *tcpinfo = matchinfo;
@@ -137,11 +138,12 @@ #define FWINVTCP(bool,invflg) ((bool) ^
/* Called when user tries to insert an entry of this type. */
static int
-tcp_checkentry(const char *tablename,
- const void *info,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+xt_tcp_init(const char *tablename,
+ const void *info,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct xt_tcp *tcpinfo = matchinfo;
@@ -157,7 +159,8 @@ udp_match(const struct sk_buff *skb,
const void *matchinfo,
int offset,
unsigned int protoff,
- int *hotdrop)
+ int *hotdrop,
+ void *priv_data)
{
struct udphdr _udph, *uh;
const struct xt_udp *udpinfo = matchinfo;
@@ -185,11 +188,12 @@ udp_match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
-udp_checkentry(const char *tablename,
- const void *info,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
+xt_udp_init(const char *tablename,
+ const void *info,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask,
+ void *priv_data)
{
const struct xt_tcp *udpinfo = matchinfo;
@@ -201,7 +205,7 @@ static struct xt_match xt_tcpudp_match[]
{
.name = "tcp",
.family = AF_INET,
- .checkentry = tcp_checkentry,
+ .init = xt_tcp_init,
.match = tcp_match,
.matchsize = sizeof(struct xt_tcp),
.proto = IPPROTO_TCP,
@@ -210,7 +214,7 @@ static struct xt_match xt_tcpudp_match[]
{
.name = "tcp",
.family = AF_INET6,
- .checkentry = tcp_checkentry,
+ .init = xt_tcp_init,
.match = tcp_match,
.matchsize = sizeof(struct xt_tcp),
.proto = IPPROTO_TCP,
@@ -219,7 +223,7 @@ static struct xt_match xt_tcpudp_match[]
{
.name = "udp",
.family = AF_INET,
- .checkentry = udp_checkentry,
+ .init = xt_udp_init,
.match = udp_match,
.matchsize = sizeof(struct xt_udp),
.proto = IPPROTO_UDP,
@@ -228,7 +232,7 @@ static struct xt_match xt_tcpudp_match[]
{
.name = "udp",
.family = AF_INET6,
- .checkentry = udp_checkentry,
+ .init = xt_udp_init,
.match = udp_match,
.matchsize = sizeof(struct xt_udp),
.proto = IPPROTO_UDP,
@@ -236,16 +240,16 @@ static struct xt_match xt_tcpudp_match[]
},
};
-static int __init xt_tcpudp_init(void)
+static int __init xt_tcpudp_module_init(void)
{
return xt_register_matches(xt_tcpudp_match,
ARRAY_SIZE(xt_tcpudp_match));
}
-static void __exit xt_tcpudp_fini(void)
+static void __exit xt_tcpudp_module_fini(void)
{
xt_unregister_matches(xt_tcpudp_match, ARRAY_SIZE(xt_tcpudp_match));
}
-module_init(xt_tcpudp_init);
-module_exit(xt_tcpudp_fini);
+module_init(xt_tcpudp_module_init);
+module_exit(xt_tcpudp_module_fini);
--
1.4.2
^ permalink raw reply related [flat|nested] 7+ messages in thread