summaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2008-10-08 11:35:20 +0200
committerPatrick McHardy <kaber@trash.net>2008-10-08 11:35:20 +0200
commit916a917dfec18535ff9e2afdafba82e6279eb4f4 (patch)
treeebd2e944684f3f1a9c184e3e69d06d1465ed2f69 /net/ipv4
parenta2df1648ba615dd5908e9a1fa7b2f133fa302487 (diff)
downloadlinux-916a917dfec18535ff9e2afdafba82e6279eb4f4.tar.gz
linux-916a917dfec18535ff9e2afdafba82e6279eb4f4.tar.bz2
linux-916a917dfec18535ff9e2afdafba82e6279eb4f4.zip
netfilter: xtables: provide invoked family value to extensions
By passing in the family through which extensions were invoked, a bit of data space can be reclaimed. The "family" member will be added to the parameter structures and the check functions be adjusted. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/netfilter/arp_tables.c6
-rw-r--r--net/ipv4/netfilter/ip_tables.c10
2 files changed, 12 insertions, 4 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 3bab78330cf8..8d70d29f1ccf 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -246,6 +246,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
tgpar.in = in;
tgpar.out = out;
tgpar.hooknum = hook;
+ tgpar.family = NFPROTO_ARP;
arp = arp_hdr(skb);
do {
@@ -465,10 +466,10 @@ static inline int check_target(struct arpt_entry *e, const char *name)
.target = t->u.kernel.target,
.targinfo = t->data,
.hook_mask = e->comefrom,
+ .family = NFPROTO_ARP,
};
- ret = xt_check_target(&par, NFPROTO_ARP,
- t->u.target_size - sizeof(*t), 0, false);
+ ret = xt_check_target(&par, t->u.target_size - sizeof(*t), 0, false);
if (ret < 0) {
duprintf("arp_tables: check failed for `%s'.\n",
t->u.kernel.target->name);
@@ -566,6 +567,7 @@ static inline int cleanup_entry(struct arpt_entry *e, unsigned int *i)
t = arpt_get_target(e);
par.target = t->u.kernel.target;
par.targinfo = t->data;
+ par.family = NFPROTO_ARP;
if (par.target->destroy != NULL)
par.target->destroy(&par);
module_put(par.target->me);
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 50b9a6c34c38..213fb27debc1 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -348,6 +348,7 @@ ipt_do_table(struct sk_buff *skb,
mtpar.hotdrop = &hotdrop;
mtpar.in = tgpar.in = in;
mtpar.out = tgpar.out = out;
+ mtpar.family = tgpar.family = NFPROTO_IPV4;
tgpar.hooknum = hook;
read_lock_bh(&table->lock);
@@ -579,6 +580,7 @@ cleanup_match(struct ipt_entry_match *m, unsigned int *i)
par.match = m->u.kernel.match;
par.matchinfo = m->data;
+ par.family = NFPROTO_IPV4;
if (par.match->destroy != NULL)
par.match->destroy(&par);
module_put(par.match->me);
@@ -616,7 +618,7 @@ check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par,
par->match = m->u.kernel.match;
par->matchinfo = m->data;
- ret = xt_check_match(par, NFPROTO_IPV4, m->u.match_size - sizeof(*m),
+ ret = xt_check_match(par, m->u.match_size - sizeof(*m),
ip->proto, ip->invflags & IPT_INV_PROTO);
if (ret < 0) {
duprintf("ip_tables: check failed for `%s'.\n",
@@ -662,10 +664,11 @@ static int check_target(struct ipt_entry *e, const char *name)
.target = t->u.kernel.target,
.targinfo = t->data,
.hook_mask = e->comefrom,
+ .family = NFPROTO_IPV4,
};
int ret;
- ret = xt_check_target(&par, NFPROTO_IPV4, t->u.target_size - sizeof(*t),
+ ret = xt_check_target(&par, t->u.target_size - sizeof(*t),
e->ip.proto, e->ip.invflags & IPT_INV_PROTO);
if (ret < 0) {
duprintf("ip_tables: check failed for `%s'.\n",
@@ -693,6 +696,7 @@ find_check_entry(struct ipt_entry *e, const char *name, unsigned int size,
mtpar.table = name;
mtpar.entryinfo = &e->ip;
mtpar.hook_mask = e->comefrom;
+ mtpar.family = NFPROTO_IPV4;
ret = IPT_MATCH_ITERATE(e, find_check_match, &mtpar, &j);
if (ret != 0)
goto cleanup_matches;
@@ -780,6 +784,7 @@ cleanup_entry(struct ipt_entry *e, unsigned int *i)
par.target = t->u.kernel.target;
par.targinfo = t->data;
+ par.family = NFPROTO_IPV4;
if (par.target->destroy != NULL)
par.target->destroy(&par);
module_put(par.target->me);
@@ -1659,6 +1664,7 @@ compat_check_entry(struct ipt_entry *e, const char *name,
mtpar.table = name;
mtpar.entryinfo = &e->ip;
mtpar.hook_mask = e->comefrom;
+ mtpar.family = NFPROTO_IPV4;
ret = IPT_MATCH_ITERATE(e, check_match, &mtpar, &j);
if (ret)
goto cleanup_matches;