diff options
| author | Steven Whitehouse <swhiteho@redhat.com> | 2006-03-31 15:34:58 -0500 |
|---|---|---|
| committer | Steven Whitehouse <swhiteho@redhat.com> | 2006-03-31 15:34:58 -0500 |
| commit | 86579dd06deecfa6ac88d5e84e4d63c397cd6f6d (patch) | |
| tree | b4475d3ccde53015ad84a06e4e55e64591171b75 /net/netfilter/xt_connmark.c | |
| parent | 7ea9ea832212c4a755650f7c7cc1ff0b63292a41 (diff) | |
| parent | a0f067802576d4eb4c65d40b8ee7d6ea3c81dd61 (diff) | |
| download | linux-stable-86579dd06deecfa6ac88d5e84e4d63c397cd6f6d.tar.gz linux-stable-86579dd06deecfa6ac88d5e84e4d63c397cd6f6d.tar.bz2 linux-stable-86579dd06deecfa6ac88d5e84e4d63c397cd6f6d.zip | |
Merge branch 'master'
Diffstat (limited to 'net/netfilter/xt_connmark.c')
| -rw-r--r-- | net/netfilter/xt_connmark.c | 65 |
1 files changed, 42 insertions, 23 deletions
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c index d06e925032da..dc26a27cbcaf 100644 --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c @@ -35,6 +35,7 @@ static int match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, + const struct xt_match *match, const void *matchinfo, int offset, unsigned int protoff, @@ -52,58 +53,76 @@ match(const struct sk_buff *skb, static int checkentry(const char *tablename, const void *ip, + const struct xt_match *match, void *matchinfo, unsigned int matchsize, unsigned int hook_mask) { - struct xt_connmark_info *cm = - (struct xt_connmark_info *)matchinfo; - if (matchsize != XT_ALIGN(sizeof(struct xt_connmark_info))) - return 0; + struct xt_connmark_info *cm = (struct xt_connmark_info *)matchinfo; if (cm->mark > 0xffffffff || cm->mask > 0xffffffff) { printk(KERN_WARNING "connmark: only support 32bit mark\n"); return 0; } - +#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) + if (nf_ct_l3proto_try_module_get(match->family) < 0) { + printk(KERN_WARNING "can't load nf_conntrack support for " + "proto=%d\n", match->family); + return 0; + } +#endif return 1; } +static void +destroy(const struct xt_match *match, void *matchinfo, unsigned int matchsize) +{ +#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) + nf_ct_l3proto_module_put(match->family); +#endif +} + static struct xt_match connmark_match = { - .name = "connmark", - .match = &match, - .checkentry = &checkentry, - .me = THIS_MODULE + .name = "connmark", + .match = match, + .matchsize = sizeof(struct xt_connmark_info), + .checkentry = checkentry, + .destroy = destroy, + .family = AF_INET, + .me = THIS_MODULE }; + static struct xt_match connmark6_match = { - .name = "connmark", - .match = &match, - .checkentry = &checkentry, - .me = THIS_MODULE + .name = "connmark", + .match = match, + .matchsize = sizeof(struct xt_connmark_info), + .checkentry = checkentry, + .destroy = destroy, + .family = AF_INET6, + .me = THIS_MODULE }; - -static int __init init(void) +static int __init xt_connmark_init(void) { int ret; need_conntrack(); - ret = xt_register_match(AF_INET, &connmark_match); + ret = xt_register_match(&connmark_match); if (ret) return ret; - ret = xt_register_match(AF_INET6, &connmark6_match); + ret = xt_register_match(&connmark6_match); if (ret) - xt_unregister_match(AF_INET, &connmark_match); + xt_unregister_match(&connmark_match); return ret; } -static void __exit fini(void) +static void __exit xt_connmark_fini(void) { - xt_unregister_match(AF_INET6, &connmark6_match); - xt_unregister_match(AF_INET, &connmark_match); + xt_unregister_match(&connmark6_match); + xt_unregister_match(&connmark_match); } -module_init(init); -module_exit(fini); +module_init(xt_connmark_init); +module_exit(xt_connmark_fini); |