Commit 043ef46c authored by Jan Engelhardt's avatar Jan Engelhardt Committed by Patrick McHardy

netfilter: move Ebtables to use Xtables

Signed-off-by: default avatarJan Engelhardt <jengelh@medozas.de>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 2d06d4a5
...@@ -124,7 +124,7 @@ struct ebt_entry_match ...@@ -124,7 +124,7 @@ struct ebt_entry_match
{ {
union { union {
char name[EBT_FUNCTION_MAXNAMELEN]; char name[EBT_FUNCTION_MAXNAMELEN];
struct ebt_match *match; struct xt_match *match;
} u; } u;
/* size of data */ /* size of data */
unsigned int match_size; unsigned int match_size;
...@@ -135,7 +135,7 @@ struct ebt_entry_watcher ...@@ -135,7 +135,7 @@ struct ebt_entry_watcher
{ {
union { union {
char name[EBT_FUNCTION_MAXNAMELEN]; char name[EBT_FUNCTION_MAXNAMELEN];
struct ebt_watcher *watcher; struct xt_target *watcher;
} u; } u;
/* size of data */ /* size of data */
unsigned int watcher_size; unsigned int watcher_size;
...@@ -146,7 +146,7 @@ struct ebt_entry_target ...@@ -146,7 +146,7 @@ struct ebt_entry_target
{ {
union { union {
char name[EBT_FUNCTION_MAXNAMELEN]; char name[EBT_FUNCTION_MAXNAMELEN];
struct ebt_target *target; struct xt_target *target;
} u; } u;
/* size of data */ /* size of data */
unsigned int target_size; unsigned int target_size;
......
...@@ -7,6 +7,7 @@ menu "Bridge: Netfilter Configuration" ...@@ -7,6 +7,7 @@ menu "Bridge: Netfilter Configuration"
config BRIDGE_NF_EBTABLES config BRIDGE_NF_EBTABLES
tristate "Ethernet Bridge tables (ebtables) support" tristate "Ethernet Bridge tables (ebtables) support"
select NETFILTER_XTABLES
help help
ebtables is a general, extensible frame/packet identification ebtables is a general, extensible frame/packet identification
framework. Say 'Y' or 'M' here if you want to do Ethernet framework. Say 'Y' or 'M' here if you want to do Ethernet
......
...@@ -51,8 +51,8 @@ ebt_802_3_mt_check(const char *table, const void *entry, ...@@ -51,8 +51,8 @@ ebt_802_3_mt_check(const char *table, const void *entry,
return true; return true;
} }
static struct ebt_match filter_802_3 __read_mostly = { static struct xt_match ebt_802_3_mt_reg __read_mostly = {
.name = EBT_802_3_MATCH, .name = "802_3",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.match = ebt_802_3_mt, .match = ebt_802_3_mt,
...@@ -63,12 +63,12 @@ static struct ebt_match filter_802_3 __read_mostly = { ...@@ -63,12 +63,12 @@ static struct ebt_match filter_802_3 __read_mostly = {
static int __init ebt_802_3_init(void) static int __init ebt_802_3_init(void)
{ {
return ebt_register_match(&filter_802_3); return xt_register_match(&ebt_802_3_mt_reg);
} }
static void __exit ebt_802_3_fini(void) static void __exit ebt_802_3_fini(void)
{ {
ebt_unregister_match(&filter_802_3); xt_unregister_match(&ebt_802_3_mt_reg);
} }
module_init(ebt_802_3_init); module_init(ebt_802_3_init);
......
...@@ -7,12 +7,12 @@ ...@@ -7,12 +7,12 @@
* August, 2003 * August, 2003
* *
*/ */
#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_among.h>
#include <linux/ip.h> #include <linux/ip.h>
#include <linux/if_arp.h> #include <linux/if_arp.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_among.h>
static bool ebt_mac_wormhash_contains(const struct ebt_mac_wormhash *wh, static bool ebt_mac_wormhash_contains(const struct ebt_mac_wormhash *wh,
const char *mac, __be32 ip) const char *mac, __be32 ip)
...@@ -211,8 +211,8 @@ ebt_among_mt_check(const char *table, const void *entry, ...@@ -211,8 +211,8 @@ ebt_among_mt_check(const char *table, const void *entry,
return true; return true;
} }
static struct ebt_match filter_among __read_mostly = { static struct xt_match ebt_among_mt_reg __read_mostly = {
.name = EBT_AMONG_MATCH, .name = "among",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.match = ebt_among_mt, .match = ebt_among_mt,
...@@ -223,12 +223,12 @@ static struct ebt_match filter_among __read_mostly = { ...@@ -223,12 +223,12 @@ static struct ebt_match filter_among __read_mostly = {
static int __init ebt_among_init(void) static int __init ebt_among_init(void)
{ {
return ebt_register_match(&filter_among); return xt_register_match(&ebt_among_mt_reg);
} }
static void __exit ebt_among_fini(void) static void __exit ebt_among_fini(void)
{ {
ebt_unregister_match(&filter_among); xt_unregister_match(&ebt_among_mt_reg);
} }
module_init(ebt_among_init); module_init(ebt_among_init);
......
...@@ -119,8 +119,8 @@ ebt_arp_mt_check(const char *table, const void *entry, ...@@ -119,8 +119,8 @@ ebt_arp_mt_check(const char *table, const void *entry,
return true; return true;
} }
static struct ebt_match filter_arp __read_mostly = { static struct xt_match ebt_arp_mt_reg __read_mostly = {
.name = EBT_ARP_MATCH, .name = "arp",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.match = ebt_arp_mt, .match = ebt_arp_mt,
...@@ -131,12 +131,12 @@ static struct ebt_match filter_arp __read_mostly = { ...@@ -131,12 +131,12 @@ static struct ebt_match filter_arp __read_mostly = {
static int __init ebt_arp_init(void) static int __init ebt_arp_init(void)
{ {
return ebt_register_match(&filter_arp); return xt_register_match(&ebt_arp_mt_reg);
} }
static void __exit ebt_arp_fini(void) static void __exit ebt_arp_fini(void)
{ {
ebt_unregister_match(&filter_arp); xt_unregister_match(&ebt_arp_mt_reg);
} }
module_init(ebt_arp_init); module_init(ebt_arp_init);
......
...@@ -78,8 +78,8 @@ ebt_arpreply_tg_check(const char *tablename, const void *entry, ...@@ -78,8 +78,8 @@ ebt_arpreply_tg_check(const char *tablename, const void *entry,
return true; return true;
} }
static struct ebt_target reply_target __read_mostly = { static struct xt_target ebt_arpreply_tg_reg __read_mostly = {
.name = EBT_ARPREPLY_TARGET, .name = "arpreply",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.target = ebt_arpreply_tg, .target = ebt_arpreply_tg,
...@@ -90,12 +90,12 @@ static struct ebt_target reply_target __read_mostly = { ...@@ -90,12 +90,12 @@ static struct ebt_target reply_target __read_mostly = {
static int __init ebt_arpreply_init(void) static int __init ebt_arpreply_init(void)
{ {
return ebt_register_target(&reply_target); return xt_register_target(&ebt_arpreply_tg_reg);
} }
static void __exit ebt_arpreply_fini(void) static void __exit ebt_arpreply_fini(void)
{ {
ebt_unregister_target(&reply_target); xt_unregister_target(&ebt_arpreply_tg_reg);
} }
module_init(ebt_arpreply_init); module_init(ebt_arpreply_init);
......
...@@ -47,8 +47,8 @@ ebt_dnat_tg_check(const char *tablename, const void *entry, ...@@ -47,8 +47,8 @@ ebt_dnat_tg_check(const char *tablename, const void *entry,
return true; return true;
} }
static struct ebt_target dnat __read_mostly = { static struct xt_target ebt_dnat_tg_reg __read_mostly = {
.name = EBT_DNAT_TARGET, .name = "dnat",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.target = ebt_dnat_tg, .target = ebt_dnat_tg,
...@@ -59,12 +59,12 @@ static struct ebt_target dnat __read_mostly = { ...@@ -59,12 +59,12 @@ static struct ebt_target dnat __read_mostly = {
static int __init ebt_dnat_init(void) static int __init ebt_dnat_init(void)
{ {
return ebt_register_target(&dnat); return xt_register_target(&ebt_dnat_tg_reg);
} }
static void __exit ebt_dnat_fini(void) static void __exit ebt_dnat_fini(void)
{ {
ebt_unregister_target(&dnat); xt_unregister_target(&ebt_dnat_tg_reg);
} }
module_init(ebt_dnat_init); module_init(ebt_dnat_init);
......
...@@ -109,8 +109,8 @@ ebt_ip_mt_check(const char *table, const void *entry, ...@@ -109,8 +109,8 @@ ebt_ip_mt_check(const char *table, const void *entry,
return true; return true;
} }
static struct ebt_match filter_ip __read_mostly = { static struct xt_match ebt_ip_mt_reg __read_mostly = {
.name = EBT_IP_MATCH, .name = "ip",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.match = ebt_ip_mt, .match = ebt_ip_mt,
...@@ -121,12 +121,12 @@ static struct ebt_match filter_ip __read_mostly = { ...@@ -121,12 +121,12 @@ static struct ebt_match filter_ip __read_mostly = {
static int __init ebt_ip_init(void) static int __init ebt_ip_init(void)
{ {
return ebt_register_match(&filter_ip); return xt_register_match(&ebt_ip_mt_reg);
} }
static void __exit ebt_ip_fini(void) static void __exit ebt_ip_fini(void)
{ {
ebt_unregister_match(&filter_ip); xt_unregister_match(&ebt_ip_mt_reg);
} }
module_init(ebt_ip_init); module_init(ebt_ip_init);
......
...@@ -121,9 +121,8 @@ ebt_ip6_mt_check(const char *table, const void *entry, ...@@ -121,9 +121,8 @@ ebt_ip6_mt_check(const char *table, const void *entry,
return true; return true;
} }
static struct ebt_match filter_ip6 = static struct xt_match ebt_ip6_mt_reg __read_mostly = {
{ .name = "ip6",
.name = EBT_IP6_MATCH,
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.match = ebt_ip6_mt, .match = ebt_ip6_mt,
...@@ -134,12 +133,12 @@ static struct ebt_match filter_ip6 = ...@@ -134,12 +133,12 @@ static struct ebt_match filter_ip6 =
static int __init ebt_ip6_init(void) static int __init ebt_ip6_init(void)
{ {
return ebt_register_match(&filter_ip6); return xt_register_match(&ebt_ip6_mt_reg);
} }
static void __exit ebt_ip6_fini(void) static void __exit ebt_ip6_fini(void)
{ {
ebt_unregister_match(&filter_ip6); xt_unregister_match(&ebt_ip6_mt_reg);
} }
module_init(ebt_ip6_init); module_init(ebt_ip6_init);
......
...@@ -89,8 +89,8 @@ ebt_limit_mt_check(const char *table, const void *e, ...@@ -89,8 +89,8 @@ ebt_limit_mt_check(const char *table, const void *e,
return true; return true;
} }
static struct ebt_match ebt_limit_reg __read_mostly = { static struct xt_match ebt_limit_mt_reg __read_mostly = {
.name = EBT_LIMIT_MATCH, .name = "limit",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.match = ebt_limit_mt, .match = ebt_limit_mt,
...@@ -101,12 +101,12 @@ static struct ebt_match ebt_limit_reg __read_mostly = { ...@@ -101,12 +101,12 @@ static struct ebt_match ebt_limit_reg __read_mostly = {
static int __init ebt_limit_init(void) static int __init ebt_limit_init(void)
{ {
return ebt_register_match(&ebt_limit_reg); return xt_register_match(&ebt_limit_mt_reg);
} }
static void __exit ebt_limit_fini(void) static void __exit ebt_limit_fini(void)
{ {
ebt_unregister_match(&ebt_limit_reg); xt_unregister_match(&ebt_limit_mt_reg);
} }
module_init(ebt_limit_init); module_init(ebt_limit_init);
......
...@@ -215,9 +215,8 @@ ebt_log_tg(struct sk_buff *skb, const struct net_device *in, ...@@ -215,9 +215,8 @@ ebt_log_tg(struct sk_buff *skb, const struct net_device *in,
return EBT_CONTINUE; return EBT_CONTINUE;
} }
static struct ebt_watcher log = static struct xt_target ebt_log_tg_reg __read_mostly = {
{ .name = "log",
.name = EBT_LOG_WATCHER,
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.target = ebt_log_tg, .target = ebt_log_tg,
...@@ -236,7 +235,7 @@ static int __init ebt_log_init(void) ...@@ -236,7 +235,7 @@ static int __init ebt_log_init(void)
{ {
int ret; int ret;
ret = ebt_register_watcher(&log); ret = xt_register_target(&ebt_log_tg_reg);
if (ret < 0) if (ret < 0)
return ret; return ret;
nf_log_register(NFPROTO_BRIDGE, &ebt_log_logger); nf_log_register(NFPROTO_BRIDGE, &ebt_log_logger);
...@@ -246,7 +245,7 @@ static int __init ebt_log_init(void) ...@@ -246,7 +245,7 @@ static int __init ebt_log_init(void)
static void __exit ebt_log_fini(void) static void __exit ebt_log_fini(void)
{ {
nf_log_unregister(&ebt_log_logger); nf_log_unregister(&ebt_log_logger);
ebt_unregister_watcher(&log); xt_unregister_target(&ebt_log_tg_reg);
} }
module_init(ebt_log_init); module_init(ebt_log_init);
......
...@@ -59,8 +59,8 @@ ebt_mark_tg_check(const char *table, const void *e, ...@@ -59,8 +59,8 @@ ebt_mark_tg_check(const char *table, const void *e,
return true; return true;
} }
static struct ebt_target mark_target __read_mostly = { static struct xt_target ebt_mark_tg_reg __read_mostly = {
.name = EBT_MARK_TARGET, .name = "mark",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.target = ebt_mark_tg, .target = ebt_mark_tg,
...@@ -71,12 +71,12 @@ static struct ebt_target mark_target __read_mostly = { ...@@ -71,12 +71,12 @@ static struct ebt_target mark_target __read_mostly = {
static int __init ebt_mark_init(void) static int __init ebt_mark_init(void)
{ {
return ebt_register_target(&mark_target); return xt_register_target(&ebt_mark_tg_reg);
} }
static void __exit ebt_mark_fini(void) static void __exit ebt_mark_fini(void)
{ {
ebt_unregister_target(&mark_target); xt_unregister_target(&ebt_mark_tg_reg);
} }
module_init(ebt_mark_init); module_init(ebt_mark_init);
......
...@@ -40,8 +40,8 @@ ebt_mark_mt_check(const char *table, const void *e, ...@@ -40,8 +40,8 @@ ebt_mark_mt_check(const char *table, const void *e,
return true; return true;
} }
static struct ebt_match filter_mark __read_mostly = { static struct xt_match ebt_mark_mt_reg __read_mostly = {
.name = EBT_MARK_MATCH, .name = "mark_m",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.match = ebt_mark_mt, .match = ebt_mark_mt,
...@@ -52,12 +52,12 @@ static struct ebt_match filter_mark __read_mostly = { ...@@ -52,12 +52,12 @@ static struct ebt_match filter_mark __read_mostly = {
static int __init ebt_mark_m_init(void) static int __init ebt_mark_m_init(void)
{ {
return ebt_register_match(&filter_mark); return xt_register_match(&ebt_mark_mt_reg);
} }
static void __exit ebt_mark_m_fini(void) static void __exit ebt_mark_m_fini(void)
{ {
ebt_unregister_match(&filter_mark); xt_unregister_match(&ebt_mark_mt_reg);
} }
module_init(ebt_mark_m_init); module_init(ebt_mark_m_init);
......
...@@ -49,8 +49,8 @@ ebt_nflog_tg_check(const char *table, const void *e, ...@@ -49,8 +49,8 @@ ebt_nflog_tg_check(const char *table, const void *e,
return true; return true;
} }
static struct ebt_watcher nflog __read_mostly = { static struct xt_target ebt_nflog_tg_reg __read_mostly = {
.name = EBT_NFLOG_WATCHER, .name = "nflog",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.target = ebt_nflog_tg, .target = ebt_nflog_tg,
...@@ -61,12 +61,12 @@ static struct ebt_watcher nflog __read_mostly = { ...@@ -61,12 +61,12 @@ static struct ebt_watcher nflog __read_mostly = {
static int __init ebt_nflog_init(void) static int __init ebt_nflog_init(void)
{ {
return ebt_register_watcher(&nflog); return xt_register_target(&ebt_nflog_tg_reg);
} }
static void __exit ebt_nflog_fini(void) static void __exit ebt_nflog_fini(void)
{ {
ebt_unregister_watcher(&nflog); xt_unregister_target(&ebt_nflog_tg_reg);
} }
module_init(ebt_nflog_init); module_init(ebt_nflog_init);
......
...@@ -36,8 +36,8 @@ ebt_pkttype_mt_check(const char *table, const void *e, ...@@ -36,8 +36,8 @@ ebt_pkttype_mt_check(const char *table, const void *e,
return true; return true;
} }
static struct ebt_match filter_pkttype __read_mostly = { static struct xt_match ebt_pkttype_mt_reg __read_mostly = {
.name = EBT_PKTTYPE_MATCH, .name = "pkttype",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.match = ebt_pkttype_mt, .match = ebt_pkttype_mt,
...@@ -48,12 +48,12 @@ static struct ebt_match filter_pkttype __read_mostly = { ...@@ -48,12 +48,12 @@ static struct ebt_match filter_pkttype __read_mostly = {
static int __init ebt_pkttype_init(void) static int __init ebt_pkttype_init(void)
{ {
return ebt_register_match(&filter_pkttype); return xt_register_match(&ebt_pkttype_mt_reg);
} }
static void __exit ebt_pkttype_fini(void) static void __exit ebt_pkttype_fini(void)
{ {
ebt_unregister_match(&filter_pkttype); xt_unregister_match(&ebt_pkttype_mt_reg);
} }
module_init(ebt_pkttype_init); module_init(ebt_pkttype_init);
......
...@@ -52,8 +52,8 @@ ebt_redirect_tg_check(const char *tablename, const void *e, ...@@ -52,8 +52,8 @@ ebt_redirect_tg_check(const char *tablename, const void *e,
return true; return true;
} }
static struct ebt_target redirect_target __read_mostly = { static struct xt_target ebt_redirect_tg_reg __read_mostly = {
.name = EBT_REDIRECT_TARGET, .name = "redirect",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.target = ebt_redirect_tg, .target = ebt_redirect_tg,
...@@ -64,12 +64,12 @@ static struct ebt_target redirect_target __read_mostly = { ...@@ -64,12 +64,12 @@ static struct ebt_target redirect_target __read_mostly = {
static int __init ebt_redirect_init(void) static int __init ebt_redirect_init(void)
{ {
return ebt_register_target(&redirect_target); return xt_register_target(&ebt_redirect_tg_reg);
} }
static void __exit ebt_redirect_fini(void) static void __exit ebt_redirect_fini(void)
{ {
ebt_unregister_target(&redirect_target); xt_unregister_target(&ebt_redirect_tg_reg);
} }
module_init(ebt_redirect_init); module_init(ebt_redirect_init);
......
...@@ -69,8 +69,8 @@ ebt_snat_tg_check(const char *tablename, const void *e, ...@@ -69,8 +69,8 @@ ebt_snat_tg_check(const char *tablename, const void *e,
return true; return true;
} }
static struct ebt_target snat __read_mostly = { static struct xt_target ebt_snat_tg_reg __read_mostly = {
.name = EBT_SNAT_TARGET, .name = "snat",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.target = ebt_snat_tg, .target = ebt_snat_tg,
...@@ -81,12 +81,12 @@ static struct ebt_target snat __read_mostly = { ...@@ -81,12 +81,12 @@ static struct ebt_target snat __read_mostly = {
static int __init ebt_snat_init(void) static int __init ebt_snat_init(void)
{ {
return ebt_register_target(&snat); return xt_register_target(&ebt_snat_tg_reg);
} }
static void __exit ebt_snat_fini(void) static void __exit ebt_snat_fini(void)
{ {
ebt_unregister_target(&snat); xt_unregister_target(&ebt_snat_tg_reg);
} }
module_init(ebt_snat_init); module_init(ebt_snat_init);
......
...@@ -176,8 +176,8 @@ ebt_stp_mt_check(const char *table, const void *entry, ...@@ -176,8 +176,8 @@ ebt_stp_mt_check(const char *table, const void *entry,
return true; return true;
} }
static struct ebt_match filter_stp __read_mostly = { static struct xt_match ebt_stp_mt_reg __read_mostly = {
.name = EBT_STP_MATCH, .name = "stp",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.match = ebt_stp_mt, .match = ebt_stp_mt,
...@@ -188,12 +188,12 @@ static struct ebt_match filter_stp __read_mostly = { ...@@ -188,12 +188,12 @@ static struct ebt_match filter_stp __read_mostly = {
static int __init ebt_stp_init(void) static int __init ebt_stp_init(void)
{ {
return ebt_register_match(&filter_stp); return xt_register_match(&ebt_stp_mt_reg);
} }
static void __exit ebt_stp_fini(void) static void __exit ebt_stp_fini(void)
{ {
ebt_unregister_match(&filter_stp); xt_unregister_match(&ebt_stp_mt_reg);
} }
module_init(ebt_stp_init); module_init(ebt_stp_init);
......
...@@ -275,8 +275,8 @@ ebt_ulog_tg_check(const char *table, const void *entry, ...@@ -275,8 +275,8 @@ ebt_ulog_tg_check(const char *table, const void *entry,
return 0; return 0;
} }
static struct ebt_watcher ulog __read_mostly = { static struct xt_target ebt_ulog_tg_reg __read_mostly = {
.name = EBT_ULOG_WATCHER, .name = "ulog",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.target = ebt_ulog_tg, .target = ebt_ulog_tg,
...@@ -286,7 +286,7 @@ static struct ebt_watcher ulog __read_mostly = { ...@@ -286,7 +286,7 @@ static struct ebt_watcher ulog __read_mostly = {
}; };
static const struct nf_logger ebt_ulog_logger = { static const struct nf_logger ebt_ulog_logger = {
.name = EBT_ULOG_WATCHER, .name = "ulog",
.logfn = &ebt_log_packet, .logfn = &ebt_log_packet,
.me = THIS_MODULE, .me = THIS_MODULE,
}; };
...@@ -315,7 +315,7 @@ static int __init ebt_ulog_init(void) ...@@ -315,7 +315,7 @@ static int __init ebt_ulog_init(void)
printk(KERN_WARNING KBUILD_MODNAME ": out of memory trying to " printk(KERN_WARNING KBUILD_MODNAME ": out of memory trying to "
"call netlink_kernel_create\n"); "call netlink_kernel_create\n");
ret = false; ret = false;
} else if (ebt_register_watcher(&ulog) != 0) { } else if (xt_register_target(&ebt_ulog_tg_reg) != 0) {
netlink_kernel_release(ebtulognl); netlink_kernel_release(ebtulognl);
} }
...@@ -331,7 +331,7 @@ static void __exit ebt_ulog_fini(void) ...@@ -331,7 +331,7 @@ static void __exit ebt_ulog_fini(void)
int i; int i;
nf_log_unregister(&ebt_ulog_logger); nf_log_unregister(&ebt_ulog_logger);
ebt_unregister_watcher(&ulog); xt_unregister_target(&ebt_ulog_tg_reg);
for (i = 0; i < EBT_ULOG_MAXNLGROUPS; i++) { for (i = 0; i < EBT_ULOG_MAXNLGROUPS; i++) {
ub = &ulog_buffers[i]; ub = &ulog_buffers[i];
if (timer_pending(&ub->timer)) if (timer_pending(&ub->timer))
......
...@@ -162,8 +162,8 @@ ebt_vlan_mt_check(const char *table, const void *entry, ...@@ -162,8 +162,8 @@ ebt_vlan_mt_check(const char *table, const void *entry,
return true; return true;
} }
static struct ebt_match filter_vlan __read_mostly = { static struct xt_match ebt_vlan_mt_reg __read_mostly = {
.name = EBT_VLAN_MATCH, .name = "vlan",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.match = ebt_vlan_mt, .match = ebt_vlan_mt,
...@@ -177,12 +177,12 @@ static int __init ebt_vlan_init(void) ...@@ -177,12 +177,12 @@ static int __init ebt_vlan_init(void)
DEBUG_MSG("ebtables 802.1Q extension module v" DEBUG_MSG("ebtables 802.1Q extension module v"
MODULE_VERS "\n"); MODULE_VERS "\n");
DEBUG_MSG("module debug=%d\n", !!debug); DEBUG_MSG("module debug=%d\n", !!debug);
return ebt_register_match(&filter_vlan); return xt_register_match(&ebt_vlan_mt_reg);
} }
static void __exit ebt_vlan_fini(void) static void __exit ebt_vlan_fini(void)
{ {
ebt_unregister_match(&filter_vlan); xt_unregister_match(&ebt_vlan_mt_reg);
} }
module_init(ebt_vlan_init); module_init(ebt_vlan_init);
......
...@@ -60,17 +60,18 @@ static LIST_HEAD(ebt_targets); ...@@ -60,17 +60,18 @@ static LIST_HEAD(ebt_targets);
static LIST_HEAD(ebt_matches); static LIST_HEAD(ebt_matches);
static LIST_HEAD(ebt_watchers); static LIST_HEAD(ebt_watchers);
static struct ebt_target ebt_standard_target = { static struct xt_target ebt_standard_target = {
.name = "standard", .name = "standard",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.targetsize = sizeof(int),
}; };
static inline int ebt_do_watcher (struct ebt_entry_watcher *w, static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
const struct net_device *out) const struct net_device *out)
{ {
w->u.watcher->target(skb, in, out, hooknr, NULL, w->data); w->u.watcher->target(skb, in, out, hooknr, w->u.watcher, w->data);
/* watchers don't give a verdict */ /* watchers don't give a verdict */
return 0; return 0;
} }
...@@ -79,7 +80,7 @@ static inline int ebt_do_match (struct ebt_entry_match *m, ...@@ -79,7 +80,7 @@ static inline int ebt_do_match (struct ebt_entry_match *m,
const struct sk_buff *skb, const struct net_device *in, const struct sk_buff *skb, const struct net_device *in,
const struct net_device *out) const struct net_device *out)
{ {
return m->u.match->match(skb, in, out, NULL, m->data, 0, 0, NULL); return m->u.match->match(skb, in, out, m->u.match, m->data, 0, 0, NULL);
} }
static inline int ebt_dev_check(char *entry, const struct net_device *device) static inline int ebt_dev_check(char *entry, const struct net_device *device)
...@@ -194,7 +195,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, ...@@ -194,7 +195,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
verdict = ((struct ebt_standard_target *)t)->verdict; verdict = ((struct ebt_standard_target *)t)->verdict;
else else
verdict = t->u.target->target(skb, in, out, hook, verdict = t->u.target->target(skb, in, out, hook,
NULL, t->data); t->u.target, t->data);
if (verdict == EBT_ACCEPT) { if (verdict == EBT_ACCEPT) {
read_unlock_bh(&table->lock); read_unlock_bh(&table->lock);
return NF_ACCEPT; return NF_ACCEPT;
...@@ -336,104 +337,73 @@ static inline int ...@@ -336,104 +337,73 @@ static inline int
ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
const char *name, unsigned int hookmask, unsigned int *cnt) const char *name, unsigned int hookmask, unsigned int *cnt)
{ {
struct ebt_match *match; struct xt_match *match;
size_t left = ((char *)e + e->watchers_offset) - (char *)m; size_t left = ((char *)e + e->watchers_offset) - (char *)m;
int ret; int ret;
if (left < sizeof(struct ebt_entry_match) || if (left < sizeof(struct ebt_entry_match) ||
left - sizeof(struct ebt_entry_match) < m->match_size) left - sizeof(struct ebt_entry_match) < m->match_size)
return -EINVAL; return -EINVAL;
match = find_match_lock(m->u.name, &ret, &ebt_mutex);
if (!match) match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
return ret; m->u.name, 0), "ebt_%s", m->u.name);
m->u.match = match; if (IS_ERR(match))
if (!try_module_get(match->me)) { return PTR_ERR(match);
mutex_unlock(&ebt_mutex); if (match == NULL)
return -ENOENT; return -ENOENT;
} m->u.match = match;
mutex_unlock(&ebt_mutex);
if (match->family != NFPROTO_BRIDGE) { ret = xt_check_match(match, NFPROTO_BRIDGE, m->match_size,
printk(KERN_WARNING "ebtables: %s match: not for ebtables?\n", name, hookmask, e->ethproto, e->invflags & EBT_IPROTO);
match->name); if (ret < 0) {
goto out; module_put(match->me);
} return ret;
if (match->revision != 0) { } else if (match->checkentry != NULL &&
printk(KERN_WARNING "ebtables: %s match: ebtables is not "
"supporting revisions at this time\n",
match->name);
goto out;
}
if (XT_ALIGN(match->matchsize) != m->match_size &&
match->matchsize != -1) {
/*
* ebt_among is exempt from centralized matchsize checking
* because it uses a dynamic-size data set.
*/
printk(KERN_WARNING "ebtables: %s match: "
"invalid size %Zu != %u\n",
match->name, XT_ALIGN(match->matchsize), m->match_size);
goto out;
}
if (match->checkentry &&
!match->checkentry(name, e, NULL, m->data, hookmask)) { !match->checkentry(name, e, NULL, m->data, hookmask)) {
module_put(match->me);
BUGPRINT("match->check failed\n"); BUGPRINT("match->check failed\n");
goto out; return -EINVAL;
} }
(*cnt)++; (*cnt)++;
return 0; return 0;
out:
module_put(match->me);
return -EINVAL;
} }
static inline int static inline int
ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
const char *name, unsigned int hookmask, unsigned int *cnt) const char *name, unsigned int hookmask, unsigned int *cnt)
{ {
struct ebt_watcher *watcher; struct xt_target *watcher;
size_t left = ((char *)e + e->target_offset) - (char *)w; size_t left = ((char *)e + e->target_offset) - (char *)w;
int ret; int ret;
if (left < sizeof(struct ebt_entry_watcher) || if (left < sizeof(struct ebt_entry_watcher) ||
left - sizeof(struct ebt_entry_watcher) < w->watcher_size) left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
return -EINVAL; return -EINVAL;
watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex);
if (!watcher) watcher = try_then_request_module(
return ret; xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
w->u.watcher = watcher; "ebt_%s", w->u.name);
if (!try_module_get(watcher->me)) { if (IS_ERR(watcher))
mutex_unlock(&ebt_mutex); return PTR_ERR(watcher);
if (watcher == NULL)
return -ENOENT; return -ENOENT;
} w->u.watcher = watcher;
mutex_unlock(&ebt_mutex);
if (watcher->family != NFPROTO_BRIDGE) { ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size,
printk(KERN_WARNING "ebtables: %s watcher: not for ebtables?\n", name, hookmask, e->ethproto, e->invflags & EBT_IPROTO);
watcher->name); if (ret < 0) {
goto out; module_put(watcher->me);
} return ret;
if (watcher->revision != 0) { } else if (watcher->checkentry != NULL &&
printk(KERN_WARNING "ebtables: %s watcher: ebtables is not "
"supporting revisions at this time\n",
watcher->name);
goto out;
}
if (XT_ALIGN(watcher->targetsize) != w->watcher_size) {
printk(KERN_WARNING "ebtables: %s watcher: "
"invalid size %Zu != %u\n",
watcher->name, XT_ALIGN(watcher->targetsize),
w->watcher_size);
goto out;
}
if (watcher->checkentry &&
!watcher->checkentry(name, e, NULL, w->data, hookmask)) { !watcher->checkentry(name, e, NULL, w->data, hookmask)) {
module_put(watcher->me);
BUGPRINT("watcher->check failed\n"); BUGPRINT("watcher->check failed\n");
goto out; return -EINVAL;
} }
(*cnt)++; (*cnt)++;
return 0; return 0;
out:
module_put(watcher->me);
return -EINVAL;
} }
static int ebt_verify_pointers(struct ebt_replace *repl, static int ebt_verify_pointers(struct ebt_replace *repl,
...@@ -607,7 +577,7 @@ ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) ...@@ -607,7 +577,7 @@ ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
if (i && (*i)-- == 0) if (i && (*i)-- == 0)
return 1; return 1;
if (m->u.match->destroy) if (m->u.match->destroy)
m->u.match->destroy(NULL, m->data); m->u.match->destroy(m->u.match, m->data);
module_put(m->u.match->me); module_put(m->u.match->me);
return 0; return 0;
...@@ -619,7 +589,7 @@ ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i) ...@@ -619,7 +589,7 @@ ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
if (i && (*i)-- == 0) if (i && (*i)-- == 0)
return 1; return 1;
if (w->u.watcher->destroy) if (w->u.watcher->destroy)
w->u.watcher->destroy(NULL, w->data); w->u.watcher->destroy(w->u.watcher, w->data);
module_put(w->u.watcher->me); module_put(w->u.watcher->me);
return 0; return 0;
...@@ -639,7 +609,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) ...@@ -639,7 +609,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
if (t->u.target->destroy) if (t->u.target->destroy)
t->u.target->destroy(NULL, t->data); t->u.target->destroy(t->u.target, t->data);
module_put(t->u.target->me); module_put(t->u.target->me);
return 0; return 0;
...@@ -651,7 +621,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, ...@@ -651,7 +621,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
struct ebt_cl_stack *cl_s, unsigned int udc_cnt) struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
{ {
struct ebt_entry_target *t; struct ebt_entry_target *t;
struct ebt_target *target; struct xt_target *target;
unsigned int i, j, hook = 0, hookmask = 0; unsigned int i, j, hook = 0, hookmask = 0;
size_t gap; size_t gap;
int ret; int ret;
...@@ -704,27 +674,15 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, ...@@ -704,27 +674,15 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
goto cleanup_watchers; goto cleanup_watchers;
t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
gap = e->next_offset - e->target_offset; gap = e->next_offset - e->target_offset;
target = find_target_lock(t->u.name, &ret, &ebt_mutex);
if (!target)
goto cleanup_watchers;
if (!try_module_get(target->me)) {
mutex_unlock(&ebt_mutex);
ret = -ENOENT;
goto cleanup_watchers;
}
mutex_unlock(&ebt_mutex);
if (target->family != NFPROTO_BRIDGE) { target = try_then_request_module(
printk(KERN_WARNING "ebtables: %s target: not for ebtables?\n", xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
target->name); "ebt_%s", t->u.name);
ret = -EINVAL; if (IS_ERR(target)) {
ret = PTR_ERR(target);
goto cleanup_watchers; goto cleanup_watchers;
} } else if (target == NULL) {
if (target->revision != 0) { ret = -ENOENT;
printk(KERN_WARNING "ebtables: %s target: ebtables is not "
"supporting revisions at this time\n",
target->name);
ret = -EINVAL;
goto cleanup_watchers; goto cleanup_watchers;
} }
...@@ -745,13 +703,12 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, ...@@ -745,13 +703,12 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
module_put(t->u.target->me); module_put(t->u.target->me);
ret = -EFAULT; ret = -EFAULT;
goto cleanup_watchers; goto cleanup_watchers;
} else if (XT_ALIGN(target->targetsize) != t->target_size) { }
printk(KERN_WARNING "ebtables: %s target: "
"invalid size %Zu != %u\n", ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size,
target->name, XT_ALIGN(target->targetsize), name, hookmask, e->ethproto, e->invflags & EBT_IPROTO);
t->target_size); if (ret < 0) {
module_put(t->u.target->me); module_put(target->me);
ret = -EINVAL;
goto cleanup_watchers; goto cleanup_watchers;
} else if (t->u.target->checkentry && } else if (t->u.target->checkentry &&
!t->u.target->checkentry(name, e, NULL, t->data, hookmask)) { !t->u.target->checkentry(name, e, NULL, t->data, hookmask)) {
...@@ -1589,11 +1546,14 @@ static int __init ebtables_init(void) ...@@ -1589,11 +1546,14 @@ static int __init ebtables_init(void)
{ {
int ret; int ret;
mutex_lock(&ebt_mutex); ret = xt_register_target(&ebt_standard_target);
list_add(&ebt_standard_target.list, &ebt_targets); if (ret < 0)
mutex_unlock(&ebt_mutex); return ret;
if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0) ret = nf_register_sockopt(&ebt_sockopts);
if (ret < 0) {
xt_unregister_target(&ebt_standard_target);
return ret; return ret;
}
printk(KERN_INFO "Ebtables v2.0 registered\n"); printk(KERN_INFO "Ebtables v2.0 registered\n");
return 0; return 0;
...@@ -1602,6 +1562,7 @@ static int __init ebtables_init(void) ...@@ -1602,6 +1562,7 @@ static int __init ebtables_init(void)
static void __exit ebtables_fini(void) static void __exit ebtables_fini(void)
{ {
nf_unregister_sockopt(&ebt_sockopts); nf_unregister_sockopt(&ebt_sockopts);
xt_unregister_target(&ebt_standard_target);
printk(KERN_INFO "Ebtables v2.0 unregistered\n"); printk(KERN_INFO "Ebtables v2.0 unregistered\n");
} }
......
...@@ -30,7 +30,7 @@ ...@@ -30,7 +30,7 @@
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
MODULE_DESCRIPTION("[ip,ip6,arp]_tables backend module"); MODULE_DESCRIPTION("{ip,ip6,arp,eb}_tables backend module");
#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
...@@ -325,7 +325,12 @@ int xt_check_match(const struct xt_match *match, unsigned short family, ...@@ -325,7 +325,12 @@ int xt_check_match(const struct xt_match *match, unsigned short family,
unsigned int size, const char *table, unsigned int hook_mask, unsigned int size, const char *table, unsigned int hook_mask,
unsigned short proto, int inv_proto) unsigned short proto, int inv_proto)
{ {
if (XT_ALIGN(match->matchsize) != size) { if (XT_ALIGN(match->matchsize) != size &&
match->matchsize != -1) {
/*
* ebt_among is exempt from centralized matchsize checking
* because it uses a dynamic-size data set.
*/
printk("%s_tables: %s match: invalid size %Zu != %u\n", printk("%s_tables: %s match: invalid size %Zu != %u\n",
xt_prefix[family], match->name, xt_prefix[family], match->name,
XT_ALIGN(match->matchsize), size); XT_ALIGN(match->matchsize), size);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment