From: Massimiliano Hofer <max@nucleus.it>
To: netfilter-devel@lists.netfilter.org
Cc: Patrick McHardy <kaber@trash.net>
Subject: [PATCH 2/4][data-condition]: instance data support in targets' prototypes and structures
Date: Tue, 5 Dec 2006 23:16:12 +0100 [thread overview]
Message-ID: <200612052316.13419.max@nucleus.it> (raw)
In-Reply-To: <200612052312.28824.max@nucleus.it>
From cb9bace80424e5835778634778047806ac104710 Mon Sep 17 00:00:00 2001
From: Massimiliano Hofer <max@nucleus.it>
Date: Tue, 5 Dec 2006 22:51:12 +0100
Subject: [PATCH] [NETFILTER]: instance data support in targets' prototypes and structures
This patch adds support for instance specific data in targets.
Only prototype and structure changes are included here.
The real code will come in a separate patch.
Signed-off-by: Massimiliano Hofer <max@nucleus.it>
---
include/linux/netfilter/x_tables.h | 25 ++++++++++++++---------
net/ipv4/netfilter/arp_tables.c | 21 ++++++++++++-------
net/ipv4/netfilter/arpt_mangle.c | 8 +++---
net/ipv4/netfilter/ip_nat_rule.c | 32 +++++++++++++++++-------------
net/ipv4/netfilter/ip_tables.c | 37 ++++++++++++++++++++--------------
net/ipv4/netfilter/ipt_CLUSTERIP.c | 19 ++++++++++-------
net/ipv4/netfilter/ipt_ECN.c | 16 ++++++++------
net/ipv4/netfilter/ipt_LOG.c | 24 ++++++++++++----------
net/ipv4/netfilter/ipt_MASQUERADE.c | 16 ++++++++------
net/ipv4/netfilter/ipt_NETMAP.c | 16 ++++++++------
net/ipv4/netfilter/ipt_REDIRECT.c | 16 ++++++++------
net/ipv4/netfilter/ipt_REJECT.c | 16 ++++++++------
net/ipv4/netfilter/ipt_SAME.c | 18 +++++++++-------
net/ipv4/netfilter/ipt_TCPMSS.c | 24 ++++++++++++----------
net/ipv4/netfilter/ipt_TOS.c | 16 ++++++++------
net/ipv4/netfilter/ipt_TTL.c | 23 +++++++++++----------
net/ipv4/netfilter/ipt_ULOG.c | 24 ++++++++++++----------
net/ipv4/netfilter/nf_nat_rule.c | 32 +++++++++++++++++-------------
net/ipv6/netfilter/ip6_tables.c | 23 +++++++++++++--------
net/ipv6/netfilter/ip6t_HL.c | 24 ++++++++++++----------
net/ipv6/netfilter/ip6t_LOG.c | 24 ++++++++++++----------
net/ipv6/netfilter/ip6t_REJECT.c | 24 ++++++++++++----------
net/netfilter/x_tables.c | 8 +++---
net/netfilter/xt_CLASSIFY.c | 3 +-
net/netfilter/xt_CONNMARK.c | 18 +++++++++-------
net/netfilter/xt_CONNSECMARK.c | 12 +++++-----
net/netfilter/xt_DSCP.c | 21 +++++++++++--------
net/netfilter/xt_MARK.c | 34 ++++++++++++++++++--------------
net/netfilter/xt_NFLOG.c | 12 +++++-----
net/netfilter/xt_NFQUEUE.c | 3 +-
net/netfilter/xt_NOTRACK.c | 3 +-
net/netfilter/xt_SECMARK.c | 12 +++++-----
32 files changed, 338 insertions(+), 266 deletions(-)
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 73147b4..17aa03b 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -46,6 +46,7 @@ struct xt_entry_target
/* Used inside the kernel */
struct xt_target *target;
+ void *data;
} kernel;
/* Total length */
@@ -193,20 +194,23 @@ struct xt_target
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo);
+ const void *targinfo,
+ void *data);
/* Called when user tries to insert an entry of this type:
hook_mask is a bitmask of hooks from which it can be
called. */
/* Should return true or false. */
- int (*checkentry)(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask);
+ int (*init)(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask);
/* Called when entry of this type deleted. */
- void (*destroy)(const struct xt_target *target, void *targinfo);
+ void (*destroy)(const struct xt_target *target, void *targinfo,
+ void *data);
/* Called when userspace align differs from kernel space one */
void (*compat_from_user)(void *dst, void *src);
@@ -216,6 +220,7 @@ struct xt_target
struct module *me;
char *table;
+ unsigned int datasize;
unsigned int targetsize;
unsigned int compatsize;
unsigned int hooks;
@@ -282,9 +287,9 @@ extern void xt_unregister_matches(struct
extern int xt_init_match(const struct xt_match *match, unsigned short family,
unsigned int size, const char *table, unsigned int hook,
unsigned short proto, int inv_proto);
-extern int xt_check_target(const struct xt_target *target, unsigned short family,
- unsigned int size, const char *table, unsigned int hook,
- unsigned short proto, int inv_proto);
+extern int xt_init_target(const struct xt_target *target, unsigned short family,
+ unsigned int size, const char *table, unsigned int hook,
+ unsigned short proto, int inv_proto);
extern int xt_register_table(struct xt_table *table,
struct xt_table_info *bootstrap,
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 413c2d0..683179f 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -206,7 +206,8 @@ static unsigned int arpt_error(struct sk
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
if (net_ratelimit())
printk("arp_tables: error: '%s'\n", (char *)targinfo);
@@ -298,7 +299,8 @@ unsigned int arpt_do_table(struct sk_buf
in, out,
hook,
t->u.kernel.target,
- t->data);
+ t->data,
+ t->u.kernel.data);
/* Target might have changed stuff. */
arp = (*pskb)->nh.arph;
@@ -483,19 +485,21 @@ static inline int check_entry(struct arp
}
t->u.kernel.target = target;
- ret = xt_check_target(target, NF_ARP, t->u.target_size - sizeof(*t),
- name, e->comefrom, 0, 0);
+ ret = xt_init_target(target, NF_ARP, t->u.target_size - sizeof(*t),
+ name, e->comefrom, 0, 0);
if (ret)
goto err;
+ t->u.kernel.data=NULL;
if (t->u.kernel.target == &arpt_standard_target) {
if (!standard_check(t, size)) {
ret = -EINVAL;
goto err;
}
- } else if (t->u.kernel.target->checkentry
- && !t->u.kernel.target->checkentry(name, e, target, t->data,
- e->comefrom)) {
+ } else if (t->u.kernel.target->init
+ && !t->u.kernel.target->init(name, e, target, t->data,
+ t->u.kernel.data,
+ e->comefrom)) {
duprintf("arp_tables: check failed for `%s'.\n",
t->u.kernel.target->name);
ret = -EINVAL;
@@ -561,7 +565,8 @@ static inline int cleanup_entry(struct a
t = arpt_get_target(e);
if (t->u.kernel.target->destroy)
- t->u.kernel.target->destroy(t->u.kernel.target, t->data);
+ t->u.kernel.target->destroy(t->u.kernel.target, t->data,
+ t->u.kernel.data);
module_put(t->u.kernel.target->me);
return 0;
}
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c
index d12b1df..49ae77a 100644
--- a/net/ipv4/netfilter/arpt_mangle.c
+++ b/net/ipv4/netfilter/arpt_mangle.c
@@ -11,7 +11,7 @@ static unsigned int
target(struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
unsigned int hooknum, const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo, void *data)
{
const struct arpt_mangle *mangle = targinfo;
struct arphdr *arp;
@@ -66,8 +66,8 @@ target(struct sk_buff **pskb,
}
static int
-checkentry(const char *tablename, const void *e, const struct xt_target *target,
- void *targinfo, unsigned int hook_mask)
+init(const char *tablename, const void *e, const struct xt_target *target,
+ void *targinfo, void *data, unsigned int hook_mask)
{
const struct arpt_mangle *mangle = targinfo;
@@ -85,7 +85,7 @@ static struct arpt_target arpt_mangle_re
.name = "mangle",
.target = target,
.targetsize = sizeof(struct arpt_mangle),
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ip_nat_rule.c b/net/ipv4/netfilter/ip_nat_rule.c
index a176aa3..8c24c1d 100644
--- a/net/ipv4/netfilter/ip_nat_rule.c
+++ b/net/ipv4/netfilter/ip_nat_rule.c
@@ -100,7 +100,8 @@ static unsigned int ipt_snat_target(stru
const struct net_device *out,
unsigned int hooknum,
const struct ipt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -142,7 +143,8 @@ static unsigned int ipt_dnat_target(stru
const struct net_device *out,
unsigned int hooknum,
const struct ipt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -164,11 +166,12 @@ static unsigned int ipt_dnat_target(stru
return ip_nat_setup_info(ct, &mr->range[0], hooknum);
}
-static int ipt_snat_checkentry(const char *tablename,
- const void *entry,
- const struct ipt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ipt_snat_init(const char *tablename,
+ const void *entry,
+ const struct ipt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
struct ip_nat_multi_range_compat *mr = targinfo;
@@ -180,11 +183,12 @@ static int ipt_snat_checkentry(const cha
return 1;
}
-static int ipt_dnat_checkentry(const char *tablename,
- const void *entry,
- const struct ipt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ipt_dnat_init(const char *tablename,
+ const void *entry,
+ const struct ipt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
struct ip_nat_multi_range_compat *mr = targinfo;
@@ -263,7 +267,7 @@ static struct ipt_target ipt_snat_reg =
.targetsize = sizeof(struct ip_nat_multi_range_compat),
.table = "nat",
.hooks = 1 << NF_IP_POST_ROUTING,
- .checkentry = ipt_snat_checkentry,
+ .init = ipt_snat_init,
};
static struct ipt_target ipt_dnat_reg = {
@@ -272,7 +276,7 @@ static struct ipt_target ipt_dnat_reg =
.targetsize = sizeof(struct ip_nat_multi_range_compat),
.table = "nat",
.hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT),
- .checkentry = ipt_dnat_checkentry,
+ .init = ipt_dnat_init,
};
int __init ip_nat_rule_init(void)
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 75fae96..4077577 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -180,7 +180,8 @@ ipt_error(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
if (net_ratelimit())
printk("ip_tables: error: `%s'\n", (char *)targinfo);
@@ -307,7 +308,8 @@ ipt_do_table(struct sk_buff **pskb,
in, out,
hook,
t->u.kernel.target,
- t->data);
+ t->data,
+ t->u.kernel.data);
#ifdef CONFIG_NETFILTER_DEBUG
if (((struct ipt_entry *)table_base)->comefrom
@@ -573,20 +575,22 @@ check_entry(struct ipt_entry *e, const c
}
t->u.kernel.target = target;
- ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t),
- name, e->comefrom, e->ip.proto,
- e->ip.invflags & IPT_INV_PROTO);
+ ret = xt_init_target(target, AF_INET, t->u.target_size - sizeof(*t),
+ name, e->comefrom, e->ip.proto,
+ e->ip.invflags & IPT_INV_PROTO);
if (ret)
goto err;
+ t->u.kernel.data = NULL;
if (t->u.kernel.target == &ipt_standard_target) {
if (!standard_check(t, size)) {
ret = -EINVAL;
goto err;
}
- } else if (t->u.kernel.target->checkentry
- && !t->u.kernel.target->checkentry(name, e, target, t->data,
- e->comefrom)) {
+ } else if (t->u.kernel.target->init
+ && !t->u.kernel.target->init(name, e, target, t->data,
+ t->u.kernel.data,
+ e->comefrom)) {
duprintf("ip_tables: check failed for `%s'.\n",
t->u.kernel.target->name);
ret = -EINVAL;
@@ -657,7 +661,8 @@ cleanup_entry(struct ipt_entry *e, unsig
IPT_MATCH_ITERATE(e, cleanup_match, NULL);
t = ipt_get_target(e);
if (t->u.kernel.target->destroy)
- t->u.kernel.target->destroy(t->u.kernel.target, t->data);
+ t->u.kernel.target->destroy(t->u.kernel.target, t->data,
+ t->u.kernel.data);
module_put(t->u.kernel.target->me);
return 0;
}
@@ -1589,19 +1594,21 @@ static int compat_copy_entry_from_user(s
t = ipt_get_target(de);
target = t->u.kernel.target;
- ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t),
- name, e->comefrom, e->ip.proto,
- e->ip.invflags & IPT_INV_PROTO);
+ ret = xt_init_target(target, AF_INET, t->u.target_size - sizeof(*t),
+ name, e->comefrom, e->ip.proto,
+ e->ip.invflags & IPT_INV_PROTO);
if (ret)
goto err;
ret = -EINVAL;
+ t->u.kernel.data = NULL;
if (t->u.kernel.target == &ipt_standard_target) {
if (!standard_check(t, *size))
goto err;
- } else if (t->u.kernel.target->checkentry
- && !t->u.kernel.target->checkentry(name, de, target,
- t->data, de->comefrom)) {
+ } else if (t->u.kernel.target->init
+ && !t->u.kernel.target->init(name, de, target,
+ t->data, t->u.kernel.data,
+ de->comefrom)) {
duprintf("ip_tables: compat: check failed for `%s'.\n",
t->u.kernel.target->name);
goto err;
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 0983650..4e9817d 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -305,7 +305,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
const struct ipt_clusterip_tgt_info *cipinfo = targinfo;
enum ip_conntrack_info ctinfo;
@@ -371,11 +372,12 @@ target(struct sk_buff **pskb,
}
static int
-checkentry(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
struct ipt_clusterip_tgt_info *cipinfo = targinfo;
const struct ipt_entry *e = e_void;
@@ -451,7 +453,8 @@ checkentry(const char *tablename,
}
/* drop reference count of cluster config when rule is deleted */
-static void destroy(const struct xt_target *target, void *targinfo)
+static void destroy(const struct xt_target *target, void *targinfo,
+ void *data)
{
struct ipt_clusterip_tgt_info *cipinfo = targinfo;
@@ -466,7 +469,7 @@ static struct ipt_target clusterip_tgt =
.name = "CLUSTERIP",
.target = target,
.targetsize = sizeof(struct ipt_clusterip_tgt_info),
- .checkentry = checkentry,
+ .init = init,
.destroy = destroy,
.me = THIS_MODULE
};
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index b55d670..7cd17f9 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -82,7 +82,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
const struct ipt_ECN_info *einfo = targinfo;
@@ -99,11 +100,12 @@ target(struct sk_buff **pskb,
}
static int
-checkentry(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo;
const struct ipt_entry *e = e_void;
@@ -132,7 +134,7 @@ static struct ipt_target ipt_ecn_reg = {
.target = target,
.targetsize = sizeof(struct ipt_ECN_info),
.table = "mangle",
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index c96de16..14e7801 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -421,7 +421,8 @@ ipt_log_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
const struct ipt_log_info *loginfo = targinfo;
struct nf_loginfo li;
@@ -435,11 +436,12 @@ ipt_log_target(struct sk_buff **pskb,
return IPT_CONTINUE;
}
-static int ipt_log_checkentry(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ipt_log_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
const struct ipt_log_info *loginfo = targinfo;
@@ -459,7 +461,7 @@ static struct ipt_target ipt_log_reg = {
.name = "LOG",
.target = ipt_log_target,
.targetsize = sizeof(struct ipt_log_info),
- .checkentry = ipt_log_checkentry,
+ .init = ipt_log_init,
.me = THIS_MODULE,
};
@@ -469,7 +471,7 @@ static struct nf_logger ipt_log_logger =
.me = THIS_MODULE,
};
-static int __init ipt_log_init(void)
+static int __init ipt_log_module_init(void)
{
if (ipt_register_target(&ipt_log_reg))
return -EINVAL;
@@ -483,11 +485,11 @@ static int __init ipt_log_init(void)
return 0;
}
-static void __exit ipt_log_fini(void)
+static void __exit ipt_log_module_fini(void)
{
nf_log_unregister_logger(&ipt_log_logger);
ipt_unregister_target(&ipt_log_reg);
}
-module_init(ipt_log_init);
-module_exit(ipt_log_fini);
+module_init(ipt_log_module_init);
+module_exit(ipt_log_module_fini);
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 28b9233..51fed4c 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -42,11 +42,12 @@ static DEFINE_RWLOCK(masq_lock);
/* FIXME: Multiple targets. --RR */
static int
-masquerade_check(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+masquerade_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
const struct ip_nat_multi_range_compat *mr = targinfo;
@@ -67,7 +68,8 @@ masquerade_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
#ifdef CONFIG_NF_NAT_NEEDED
struct nf_conn_nat *nat;
@@ -193,7 +195,7 @@ static struct ipt_target masquerade = {
.targetsize = sizeof(struct ip_nat_multi_range_compat),
.table = "nat",
.hooks = 1 << NF_IP_POST_ROUTING,
- .checkentry = masquerade_check,
+ .init = masquerade_init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index 9390e90..9cb56ea 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -33,11 +33,12 @@ MODULE_DESCRIPTION("iptables 1:1 NAT map
#endif
static int
-check(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
const struct ip_nat_multi_range_compat *mr = targinfo;
@@ -58,7 +59,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -95,7 +97,7 @@ static struct ipt_target target_module =
.table = "nat",
.hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING) |
(1 << NF_IP_LOCAL_OUT),
- .checkentry = check,
+ .init = init,
.me = THIS_MODULE
};
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index 462eceb..74b6116 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -36,11 +36,12 @@ MODULE_DESCRIPTION("iptables REDIRECT ta
/* FIXME: Take multiple ranges --RR */
static int
-redirect_check(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+redirect_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
const struct ip_nat_multi_range_compat *mr = targinfo;
@@ -61,7 +62,8 @@ redirect_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -110,7 +112,7 @@ static struct ipt_target redirect_reg =
.targetsize = sizeof(struct ip_nat_multi_range_compat),
.table = "nat",
.hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT),
- .checkentry = redirect_check,
+ .init = redirect_init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index f0319e5..64d6198 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -171,7 +171,8 @@ static unsigned int reject(struct sk_buf
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
const struct ipt_reject_info *reject = targinfo;
@@ -215,11 +216,12 @@ static unsigned int reject(struct sk_buf
return NF_DROP;
}
-static int check(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
const struct ipt_reject_info *rejinfo = targinfo;
const struct ipt_entry *e = e_void;
@@ -245,7 +247,7 @@ static struct ipt_target ipt_reject_reg
.table = "filter",
.hooks = (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) |
(1 << NF_IP_LOCAL_OUT),
- .checkentry = check,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c
index 3dcf294..938e954 100644
--- a/net/ipv4/netfilter/ipt_SAME.c
+++ b/net/ipv4/netfilter/ipt_SAME.c
@@ -52,11 +52,12 @@ MODULE_DESCRIPTION("iptables special SNA
#endif
static int
-same_check(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+same_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
unsigned int count, countess, rangeip, index = 0;
struct ipt_same_info *mr = targinfo;
@@ -119,7 +120,7 @@ same_check(const char *tablename,
}
static void
-same_destroy(const struct xt_target *target, void *targinfo)
+same_destroy(const struct xt_target *target, void *targinfo, void *data)
{
struct ipt_same_info *mr = targinfo;
@@ -135,7 +136,8 @@ same_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
@@ -192,7 +194,7 @@ static struct ipt_target same_reg = {
.targetsize = sizeof(struct ipt_same_info),
.table = "nat",
.hooks = (1 << NF_IP_PRE_ROUTING | 1 << NF_IP_POST_ROUTING),
- .checkentry = same_check,
+ .init = same_init,
.destroy = same_destroy,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_TCPMSS.c b/net/ipv4/netfilter/ipt_TCPMSS.c
index 93eb5c3..70f70ac 100644
--- a/net/ipv4/netfilter/ipt_TCPMSS.c
+++ b/net/ipv4/netfilter/ipt_TCPMSS.c
@@ -37,7 +37,8 @@ ipt_tcpmss_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
const struct ipt_tcpmss_info *tcpmssinfo = targinfo;
struct tcphdr *tcph;
@@ -160,11 +161,12 @@ static inline int find_syn_match(const s
/* Must specify -p tcp --syn/--tcp-flags SYN */
static int
-ipt_tcpmss_checkentry(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+ipt_tcpmss_init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
const struct ipt_tcpmss_info *tcpmssinfo = targinfo;
const struct ipt_entry *e = e_void;
@@ -189,19 +191,19 @@ static struct ipt_target ipt_tcpmss_reg
.target = ipt_tcpmss_target,
.targetsize = sizeof(struct ipt_tcpmss_info),
.proto = IPPROTO_TCP,
- .checkentry = ipt_tcpmss_checkentry,
+ .init = ipt_tcpmss_init,
.me = THIS_MODULE,
};
-static int __init ipt_tcpmss_init(void)
+static int __init ipt_tcpmss_module_init(void)
{
return ipt_register_target(&ipt_tcpmss_reg);
}
-static void __exit ipt_tcpmss_fini(void)
+static void __exit ipt_tcpmss_module_fini(void)
{
ipt_unregister_target(&ipt_tcpmss_reg);
}
-module_init(ipt_tcpmss_init);
-module_exit(ipt_tcpmss_fini);
+module_init(ipt_tcpmss_module_init);
+module_exit(ipt_tcpmss_module_fini);
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c
index 18e74ac..cb54627 100644
--- a/net/ipv4/netfilter/ipt_TOS.c
+++ b/net/ipv4/netfilter/ipt_TOS.c
@@ -26,7 +26,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
const struct ipt_tos_target_info *tosinfo = targinfo;
struct iphdr *iph = (*pskb)->nh.iph;
@@ -44,11 +45,12 @@ target(struct sk_buff **pskb,
}
static int
-checkentry(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
const u_int8_t tos = ((struct ipt_tos_target_info *)targinfo)->tos;
@@ -68,7 +70,7 @@ static struct ipt_target ipt_tos_reg = {
.target = target,
.targetsize = sizeof(struct ipt_tos_target_info),
.table = "mangle",
- .checkentry = checkentry,
+ .init = init,
.me = THIS_MODULE,
};
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c
index fffe5ca..ff8dd4b 100644
--- a/net/ipv4/netfilter/ipt_TTL.c
+++ b/net/ipv4/netfilter/ipt_TTL.c
@@ -23,7 +23,7 @@ static unsigned int
ipt_ttl_target(struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
unsigned int hooknum, const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo, void *data)
{
struct iphdr *iph;
const struct ipt_TTL_info *info = targinfo;
@@ -62,11 +62,12 @@ ipt_ttl_target(struct sk_buff **pskb,
return IPT_CONTINUE;
}
-static int ipt_ttl_checkentry(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ipt_ttl_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
struct ipt_TTL_info *info = targinfo;
@@ -85,19 +86,19 @@ static struct ipt_target ipt_TTL = {
.target = ipt_ttl_target,
.targetsize = sizeof(struct ipt_TTL_info),
.table = "mangle",
- .checkentry = ipt_ttl_checkentry,
+ .init = ipt_ttl_init,
.me = THIS_MODULE,
};
-static int __init ipt_ttl_init(void)
+static int __init ipt_ttl_module_init(void)
{
return ipt_register_target(&ipt_TTL);
}
-static void __exit ipt_ttl_fini(void)
+static void __exit ipt_ttl_module_fini(void)
{
ipt_unregister_target(&ipt_TTL);
}
-module_init(ipt_ttl_init);
-module_exit(ipt_ttl_fini);
+module_init(ipt_ttl_module_init);
+module_exit(ipt_ttl_module_fini);
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index dbd3478..fc9bae1 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -308,7 +308,8 @@ static unsigned int ipt_ulog_target(stru
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
@@ -342,11 +343,12 @@ static void ipt_logfn(unsigned int pf,
ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
}
-static int ipt_ulog_checkentry(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hookmask)
+static int ipt_ulog_init(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hookmask)
{
struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
@@ -367,7 +369,7 @@ static struct ipt_target ipt_ulog_reg =
.name = "ULOG",
.target = ipt_ulog_target,
.targetsize = sizeof(struct ipt_ulog_info),
- .checkentry = ipt_ulog_checkentry,
+ .init = ipt_ulog_init,
.me = THIS_MODULE,
};
@@ -377,7 +379,7 @@ static struct nf_logger ipt_ulog_logger
.me = THIS_MODULE,
};
-static int __init ipt_ulog_init(void)
+static int __init ipt_ulog_module_init(void)
{
int i;
@@ -410,7 +412,7 @@ static int __init ipt_ulog_init(void)
return 0;
}
-static void __exit ipt_ulog_fini(void)
+static void __exit ipt_ulog_module_fini(void)
{
ulog_buff_t *ub;
int i;
@@ -438,5 +440,5 @@ static void __exit ipt_ulog_fini(void)
}
-module_init(ipt_ulog_init);
-module_exit(ipt_ulog_fini);
+module_init(ipt_ulog_module_init);
+module_exit(ipt_ulog_module_fini);
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index b868ee0..08c5006 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -133,7 +133,8 @@ static unsigned int ipt_snat_target(stru
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
struct nf_conn *ct;
enum ip_conntrack_info ctinfo;
@@ -175,7 +176,8 @@ static unsigned int ipt_dnat_target(stru
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
struct nf_conn *ct;
enum ip_conntrack_info ctinfo;
@@ -197,11 +199,12 @@ static unsigned int ipt_dnat_target(stru
return nf_nat_setup_info(ct, &mr->range[0], hooknum);
}
-static int ipt_snat_checkentry(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ipt_snat_init(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
struct nf_nat_multi_range_compat *mr = targinfo;
@@ -213,11 +216,12 @@ static int ipt_snat_checkentry(const cha
return 1;
}
-static int ipt_dnat_checkentry(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ipt_dnat_init(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
struct nf_nat_multi_range_compat *mr = targinfo;
@@ -296,7 +300,7 @@ static struct ipt_target ipt_snat_reg =
.targetsize = sizeof(struct nf_nat_multi_range_compat),
.table = "nat",
.hooks = 1 << NF_IP_POST_ROUTING,
- .checkentry = ipt_snat_checkentry,
+ .init = ipt_snat_init,
.family = AF_INET,
};
@@ -306,7 +310,7 @@ static struct xt_target ipt_dnat_reg = {
.targetsize = sizeof(struct nf_nat_multi_range_compat),
.table = "nat",
.hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT),
- .checkentry = ipt_dnat_checkentry,
+ .init = ipt_dnat_init,
.family = AF_INET,
};
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index dc5e1ad..f14fe12 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -219,7 +219,8 @@ ip6t_error(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
if (net_ratelimit())
printk("ip6_tables: error: `%s'\n", (char *)targinfo);
@@ -347,7 +348,8 @@ ip6t_do_table(struct sk_buff **pskb,
in, out,
hook,
t->u.kernel.target,
- t->data);
+ t->data,
+ t->u.kernel.data);
#ifdef CONFIG_NETFILTER_DEBUG
if (((struct ip6t_entry *)table_base)->comefrom
@@ -613,20 +615,22 @@ check_entry(struct ip6t_entry *e, const
}
t->u.kernel.target = target;
- ret = xt_check_target(target, AF_INET6, t->u.target_size - sizeof(*t),
- name, e->comefrom, e->ipv6.proto,
- e->ipv6.invflags & IP6T_INV_PROTO);
+ ret = xt_init_target(target, AF_INET6, t->u.target_size - sizeof(*t),
+ name, e->comefrom, e->ipv6.proto,
+ e->ipv6.invflags & IP6T_INV_PROTO);
if (ret)
goto err;
+ t->u.kernel.data=NULL;
if (t->u.kernel.target == &ip6t_standard_target) {
if (!standard_check(t, size)) {
ret = -EINVAL;
goto err;
}
- } else if (t->u.kernel.target->checkentry
- && !t->u.kernel.target->checkentry(name, e, target, t->data,
- e->comefrom)) {
+ } else if (t->u.kernel.target->init
+ && !t->u.kernel.target->init(name, e, target, t->data,
+ t->u.kernel.data,
+ e->comefrom)) {
duprintf("ip_tables: check failed for `%s'.\n",
t->u.kernel.target->name);
ret = -EINVAL;
@@ -697,7 +701,8 @@ cleanup_entry(struct ip6t_entry *e, unsi
IP6T_MATCH_ITERATE(e, cleanup_match, NULL);
t = ip6t_get_target(e);
if (t->u.kernel.target->destroy)
- t->u.kernel.target->destroy(t->u.kernel.target, t->data);
+ t->u.kernel.target->destroy(t->u.kernel.target, t->data,
+ t->u.kernel.data);
module_put(t->u.kernel.target->me);
return 0;
}
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c
index 435750f..796c0d1 100644
--- a/net/ipv6/netfilter/ip6t_HL.c
+++ b/net/ipv6/netfilter/ip6t_HL.c
@@ -22,7 +22,8 @@ static unsigned int ip6t_hl_target(struc
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
struct ipv6hdr *ip6h;
const struct ip6t_HL_info *info = targinfo;
@@ -58,11 +59,12 @@ static unsigned int ip6t_hl_target(struc
return IP6T_CONTINUE;
}
-static int ip6t_hl_checkentry(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ip6t_hl_init(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
struct ip6t_HL_info *info = targinfo;
@@ -84,19 +86,19 @@ static struct ip6t_target ip6t_HL = {
.target = ip6t_hl_target,
.targetsize = sizeof(struct ip6t_HL_info),
.table = "mangle",
- .checkentry = ip6t_hl_checkentry,
+ .init = ip6t_hl_init,
.me = THIS_MODULE
};
-static int __init ip6t_hl_init(void)
+static int __init ip6t_hl_module_init(void)
{
return ip6t_register_target(&ip6t_HL);
}
-static void __exit ip6t_hl_fini(void)
+static void __exit ip6t_hl_module_fini(void)
{
ip6t_unregister_target(&ip6t_HL);
}
-module_init(ip6t_hl_init);
-module_exit(ip6t_hl_fini);
+module_init(ip6t_hl_module_init);
+module_exit(ip6t_hl_module_fini);
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
index 33b1faa..d50f666 100644
--- a/net/ipv6/netfilter/ip6t_LOG.c
+++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -431,7 +431,8 @@ ip6t_log_target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
const struct ip6t_log_info *loginfo = targinfo;
struct nf_loginfo li;
@@ -446,11 +447,12 @@ ip6t_log_target(struct sk_buff **pskb,
}
-static int ip6t_log_checkentry(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int ip6t_log_init(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
const struct ip6t_log_info *loginfo = targinfo;
@@ -470,7 +472,7 @@ static struct ip6t_target ip6t_log_reg =
.name = "LOG",
.target = ip6t_log_target,
.targetsize = sizeof(struct ip6t_log_info),
- .checkentry = ip6t_log_checkentry,
+ .init = ip6t_log_init,
.me = THIS_MODULE,
};
@@ -480,7 +482,7 @@ static struct nf_logger ip6t_logger = {
.me = THIS_MODULE,
};
-static int __init ip6t_log_init(void)
+static int __init ip6t_log_module_init(void)
{
if (ip6t_register_target(&ip6t_log_reg))
return -EINVAL;
@@ -494,11 +496,11 @@ static int __init ip6t_log_init(void)
return 0;
}
-static void __exit ip6t_log_fini(void)
+static void __exit ip6t_log_module_fini(void)
{
nf_log_unregister_logger(&ip6t_logger);
ip6t_unregister_target(&ip6t_log_reg);
}
-module_init(ip6t_log_init);
-module_exit(ip6t_log_fini);
+module_init(ip6t_log_module_init);
+module_exit(ip6t_log_module_fini);
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index 311eae8..9c3b209 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -176,11 +176,12 @@ send_unreach(struct sk_buff *skb_in, uns
}
static unsigned int reject6_target(struct sk_buff **pskb,
- const struct net_device *in,
- const struct net_device *out,
- unsigned int hooknum,
- const struct xt_target *target,
- const void *targinfo)
+ const struct net_device *in,
+ const struct net_device *out,
+ unsigned int hooknum,
+ const struct xt_target *target,
+ const void *targinfo,
+ void *data)
{
const struct ip6t_reject_info *reject = targinfo;
@@ -219,11 +220,12 @@ static unsigned int reject6_target(struc
return NF_DROP;
}
-static int check(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
const struct ip6t_reject_info *rejinfo = targinfo;
const struct ip6t_entry *e = entry;
@@ -249,7 +251,7 @@ static struct ip6t_target ip6t_reject_re
.table = "filter",
.hooks = (1 << NF_IP6_LOCAL_IN) | (1 << NF_IP6_FORWARD) |
(1 << NF_IP6_LOCAL_OUT),
- .checkentry = check,
+ .init = init,
.me = THIS_MODULE
};
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index d2ffe98..679c430 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -394,9 +394,9 @@ int xt_compat_match_to_user(struct xt_en
EXPORT_SYMBOL_GPL(xt_compat_match_to_user);
#endif /* CONFIG_COMPAT */
-int xt_check_target(const struct xt_target *target, unsigned short family,
- unsigned int size, const char *table, unsigned int hook_mask,
- unsigned short proto, int inv_proto)
+int xt_init_target(const struct xt_target *target, unsigned short family,
+ unsigned int size, const char *table, unsigned int hook_mask,
+ unsigned short proto, int inv_proto)
{
if (XT_ALIGN(target->targetsize) != size) {
printk("%s_tables: %s target: invalid size %Zu != %u\n",
@@ -421,7 +421,7 @@ int xt_check_target(const struct xt_targ
}
return 0;
}
-EXPORT_SYMBOL_GPL(xt_check_target);
+EXPORT_SYMBOL_GPL(xt_init_target);
#ifdef CONFIG_COMPAT
int xt_compat_target_offset(struct xt_target *target)
diff --git a/net/netfilter/xt_CLASSIFY.c b/net/netfilter/xt_CLASSIFY.c
index 50de965..62fac2e 100644
--- a/net/netfilter/xt_CLASSIFY.c
+++ b/net/netfilter/xt_CLASSIFY.c
@@ -29,7 +29,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
const struct xt_classify_target_info *clinfo = targinfo;
diff --git a/net/netfilter/xt_CONNMARK.c b/net/netfilter/xt_CONNMARK.c
index b554823..d869fd8 100644
--- a/net/netfilter/xt_CONNMARK.c
+++ b/net/netfilter/xt_CONNMARK.c
@@ -41,7 +41,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
const struct xt_connmark_target_info *markinfo = targinfo;
u_int32_t diff;
@@ -88,11 +89,12 @@ target(struct sk_buff **pskb,
}
static int
-checkentry(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
struct xt_connmark_target_info *matchinfo = targinfo;
@@ -146,7 +148,7 @@ static struct xt_target xt_connmark_targ
{
.name = "CONNMARK",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_connmark_target_info),
#ifdef CONFIG_COMPAT
@@ -159,7 +161,7 @@ static struct xt_target xt_connmark_targ
{
.name = "CONNMARK",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_connmark_target_info),
.me = THIS_MODULE
diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c
index 4673862..f598fdc 100644
--- a/net/netfilter/xt_CONNSECMARK.c
+++ b/net/netfilter/xt_CONNSECMARK.c
@@ -66,7 +66,7 @@ static void secmark_restore(struct sk_bu
static unsigned int target(struct sk_buff **pskb, const struct net_device *in,
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo, void *data)
{
struct sk_buff *skb = *pskb;
const struct xt_connsecmark_target_info *info = targinfo;
@@ -87,9 +87,9 @@ static unsigned int target(struct sk_buf
return XT_CONTINUE;
}
-static int checkentry(const char *tablename, const void *entry,
- const struct xt_target *target, void *targinfo,
- unsigned int hook_mask)
+static int init(const char *tablename, const void *entry,
+ const struct xt_target *target, void *targinfo,
+ void *data, unsigned int hook_mask)
{
struct xt_connsecmark_target_info *info = targinfo;
@@ -110,7 +110,7 @@ static struct xt_target xt_connsecmark_t
{
.name = "CONNSECMARK",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_connsecmark_target_info),
.table = "mangle",
@@ -119,7 +119,7 @@ static struct xt_target xt_connsecmark_t
{
.name = "CONNSECMARK",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_connsecmark_target_info),
.table = "mangle",
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c
index a7cc75a..8525c9e 100644
--- a/net/netfilter/xt_DSCP.c
+++ b/net/netfilter/xt_DSCP.c
@@ -32,7 +32,8 @@ static unsigned int target(struct sk_buf
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
const struct xt_DSCP_info *dinfo = targinfo;
u_int8_t dscp = ipv4_get_dsfield((*pskb)->nh.iph) >> XT_DSCP_SHIFT;
@@ -53,7 +54,8 @@ static unsigned int target6(struct sk_bu
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
const struct xt_DSCP_info *dinfo = targinfo;
u_int8_t dscp = ipv6_get_dsfield((*pskb)->nh.ipv6h) >> XT_DSCP_SHIFT;
@@ -68,11 +70,12 @@ static unsigned int target6(struct sk_bu
return XT_CONTINUE;
}
-static int checkentry(const char *tablename,
- const void *e_void,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+static int init(const char *tablename,
+ const void *e_void,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp;
@@ -87,7 +90,7 @@ static struct xt_target xt_dscp_target[]
{
.name = "DSCP",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_DSCP_info),
.table = "mangle",
@@ -96,7 +99,7 @@ static struct xt_target xt_dscp_target[]
{
.name = "DSCP",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.target = target6,
.targetsize = sizeof(struct xt_DSCP_info),
.table = "mangle",
diff --git a/net/netfilter/xt_MARK.c b/net/netfilter/xt_MARK.c
index 0b48547..c2a7775 100644
--- a/net/netfilter/xt_MARK.c
+++ b/net/netfilter/xt_MARK.c
@@ -27,7 +27,8 @@ target_v0(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
const struct xt_mark_target_info *markinfo = targinfo;
@@ -43,7 +44,8 @@ target_v1(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
const struct xt_mark_target_info_v1 *markinfo = targinfo;
int mark = 0;
@@ -70,11 +72,12 @@ target_v1(struct sk_buff **pskb,
static int
-checkentry_v0(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init_v0(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
struct xt_mark_target_info *markinfo = targinfo;
@@ -86,11 +89,12 @@ checkentry_v0(const char *tablename,
}
static int
-checkentry_v1(const char *tablename,
- const void *entry,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
+init_v1(const char *tablename,
+ const void *entry,
+ const struct xt_target *target,
+ void *targinfo,
+ void *data,
+ unsigned int hook_mask)
{
struct xt_mark_target_info_v1 *markinfo = targinfo;
@@ -142,7 +146,7 @@ static struct xt_target xt_mark_target[]
.name = "MARK",
.family = AF_INET,
.revision = 0,
- .checkentry = checkentry_v0,
+ .init = init_v0,
.target = target_v0,
.targetsize = sizeof(struct xt_mark_target_info),
.table = "mangle",
@@ -152,7 +156,7 @@ static struct xt_target xt_mark_target[]
.name = "MARK",
.family = AF_INET,
.revision = 1,
- .checkentry = checkentry_v1,
+ .init = init_v1,
.target = target_v1,
.targetsize = sizeof(struct xt_mark_target_info_v1),
#ifdef CONFIG_COMPAT
@@ -167,7 +171,7 @@ static struct xt_target xt_mark_target[]
.name = "MARK",
.family = AF_INET6,
.revision = 0,
- .checkentry = checkentry_v0,
+ .init = init_v0,
.target = target_v0,
.targetsize = sizeof(struct xt_mark_target_info),
.table = "mangle",
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
index 901ed7a..9aafb39 100644
--- a/net/netfilter/xt_NFLOG.c
+++ b/net/netfilter/xt_NFLOG.c
@@ -23,7 +23,7 @@ static unsigned int
nflog_target(struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
unsigned int hooknum, const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo, void *data)
{
const struct xt_nflog_info *info = targinfo;
struct nf_loginfo li;
@@ -39,9 +39,9 @@ nflog_target(struct sk_buff **pskb,
}
static int
-nflog_checkentry(const char *tablename, const void *entry,
- const struct xt_target *target, void *targetinfo,
- unsigned int hookmask)
+nflog_init(const char *tablename, const void *entry,
+ const struct xt_target *target, void *targetinfo,
+ void *data, unsigned int hookmask)
{
struct xt_nflog_info *info = targetinfo;
@@ -56,7 +56,7 @@ static struct xt_target xt_nflog_target[
{
.name = "NFLOG",
.family = AF_INET,
- .checkentry = nflog_checkentry,
+ .init = nflog_init,
.target = nflog_target,
.targetsize = sizeof(struct xt_nflog_info),
.me = THIS_MODULE,
@@ -64,7 +64,7 @@ static struct xt_target xt_nflog_target[
{
.name = "NFLOG",
.family = AF_INET6,
- .checkentry = nflog_checkentry,
+ .init = nflog_init,
.target = nflog_target,
.targetsize = sizeof(struct xt_nflog_info),
.me = THIS_MODULE,
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c
index 39e1175..efd7d95 100644
--- a/net/netfilter/xt_NFQUEUE.c
+++ b/net/netfilter/xt_NFQUEUE.c
@@ -29,7 +29,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
const struct xt_NFQ_info *tinfo = targinfo;
diff --git a/net/netfilter/xt_NOTRACK.c b/net/netfilter/xt_NOTRACK.c
index 6d00dca..c6274d7 100644
--- a/net/netfilter/xt_NOTRACK.c
+++ b/net/netfilter/xt_NOTRACK.c
@@ -16,7 +16,8 @@ target(struct sk_buff **pskb,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo,
+ void *data)
{
/* Previously seen (loopback)? Ignore. */
if ((*pskb)->nfct != NULL)
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
index add7521..f7f698b 100644
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -31,7 +31,7 @@ static u8 mode;
static unsigned int target(struct sk_buff **pskb, const struct net_device *in,
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target,
- const void *targinfo)
+ const void *targinfo, void *data)
{
u32 secmark = 0;
const struct xt_secmark_target_info *info = targinfo;
@@ -83,9 +83,9 @@ static int checkentry_selinux(struct xt_
return 1;
}
-static int checkentry(const char *tablename, const void *entry,
- const struct xt_target *target, void *targinfo,
- unsigned int hook_mask)
+static int init(const char *tablename, const void *entry,
+ const struct xt_target *target, void *targinfo,
+ void *data, unsigned int hook_mask)
{
struct xt_secmark_target_info *info = targinfo;
@@ -115,7 +115,7 @@ static struct xt_target xt_secmark_targe
{
.name = "SECMARK",
.family = AF_INET,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_secmark_target_info),
.table = "mangle",
@@ -124,7 +124,7 @@ static struct xt_target xt_secmark_targe
{
.name = "SECMARK",
.family = AF_INET6,
- .checkentry = checkentry,
+ .init = init,
.target = target,
.targetsize = sizeof(struct xt_secmark_target_info),
.table = "mangle",
--
1.4.3.3
next prev parent reply other threads:[~2006-12-05 22:16 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-05 22:12 [PATCH 0/4][data-condition] Massimiliano Hofer
2006-12-05 22:15 ` [PATCH 1/4][data-condition]: instance data support in matches' prototypes and structures Massimiliano Hofer
2006-12-05 22:16 ` Massimiliano Hofer [this message]
2006-12-05 22:17 ` [PATCH 3/4][data-condition]: instance data support in netfilter core code Massimiliano Hofer
2006-12-05 22:18 ` [PATCH 4/4][data-condition]: condition match Massimiliano Hofer
2006-12-05 22:22 ` [PATCH -/4][data-condition]: userspace code Massimiliano Hofer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200612052316.13419.max@nucleus.it \
--to=max@nucleus.it \
--cc=kaber@trash.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.