+10 -23

include/linux/netfilter_arp/arp_tables.h

reviewed

··· 26 26 #define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN 27 27 #define arpt_entry_target xt_entry_target 28 28 #define arpt_standard_target xt_standard_target 29 29 + #define ARPT_CONTINUE XT_CONTINUE 30 30 + #define ARPT_RETURN XT_RETURN 31 31 + #define arpt_counters_info xt_counters_info 32 32 + #define arpt_counters xt_counters 33 33 + #define ARPT_STANDARD_TARGET XT_STANDARD_TARGET 34 34 + #define ARPT_ERROR_TARGET XT_ERROR_TARGET 35 35 + #define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \ 36 36 + XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args) 29 37 #endif 30 38 31 39 #define ARPT_DEV_ADDR_LEN_MAX 16 ··· 134 126 #define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3) 135 127 #define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET) 136 128 137 137 - /* CONTINUE verdict for targets */ 138 138 - #define ARPT_CONTINUE XT_CONTINUE 139 139 - 140 140 - /* For standard target */ 141 141 - #define ARPT_RETURN XT_RETURN 142 142 - 143 129 /* The argument to ARPT_SO_GET_INFO */ 144 130 struct arpt_getinfo { 145 131 /* Which table: caller fills this in. */ ··· 187 185 struct arpt_entry entries[0]; 188 186 }; 189 187 190 190 - /* The argument to ARPT_SO_ADD_COUNTERS. */ 191 191 - #define arpt_counters_info xt_counters_info 192 192 - #define arpt_counters xt_counters 193 193 - 194 188 /* The argument to ARPT_SO_GET_ENTRIES. */ 195 189 struct arpt_get_entries { 196 190 /* Which table: user fills this in. */ ··· 199 201 struct arpt_entry entrytable[0]; 200 202 }; 201 203 202 202 - /* Standard return verdict, or do jump. */ 203 203 - #define ARPT_STANDARD_TARGET XT_STANDARD_TARGET 204 204 - /* Error verdict. */ 205 205 - #define ARPT_ERROR_TARGET XT_ERROR_TARGET 206 206 - 207 204 /* Helper functions */ 208 205 static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e) 209 206 { 210 207 return (void *)e + e->target_offset; 211 208 } 212 212 - 213 213 - #ifndef __KERNEL__ 214 214 - /* fn returns 0 to continue iteration */ 215 215 - #define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \ 216 216 - XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args) 217 217 - #endif 218 209 219 210 /* 220 211 * Main firewall chains definitions and global var's definitions. ··· 235 248 #define ARPT_STANDARD_INIT(__verdict) \ 236 249 { \ 237 250 .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \ 238 238 - .target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \ 251 251 + .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \ 239 252 sizeof(struct xt_standard_target)), \ 240 253 .target.verdict = -(__verdict) - 1, \ 241 254 } ··· 243 256 #define ARPT_ERROR_INIT \ 244 257 { \ 245 258 .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_error)), \ 246 246 - .target = XT_TARGET_INIT(ARPT_ERROR_TARGET, \ 259 259 + .target = XT_TARGET_INIT(XT_ERROR_TARGET, \ 247 260 sizeof(struct arpt_error_target)), \ 248 261 .target.errorname = "ERROR", \ 249 262 }

+32 -37

include/linux/netfilter_ipv4/ip_tables.h

reviewed

··· 38 38 #define ipt_entry_target xt_entry_target 39 39 #define ipt_standard_target xt_standard_target 40 40 #define ipt_counters xt_counters 41 41 + #define IPT_CONTINUE XT_CONTINUE 42 42 + #define IPT_RETURN XT_RETURN 43 43 + 44 44 + /* This group is older than old (iptables < v1.4.0-rc1~89) */ 45 45 + #include <linux/netfilter/xt_tcpudp.h> 46 46 + #define ipt_udp xt_udp 47 47 + #define ipt_tcp xt_tcp 48 48 + #define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT 49 49 + #define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT 50 50 + #define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS 51 51 + #define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION 52 52 + #define IPT_TCP_INV_MASK XT_TCP_INV_MASK 53 53 + #define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT 54 54 + #define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT 55 55 + #define IPT_UDP_INV_MASK XT_UDP_INV_MASK 56 56 + 57 57 + /* The argument to IPT_SO_ADD_COUNTERS. */ 58 58 + #define ipt_counters_info xt_counters_info 59 59 + /* Standard return verdict, or do jump. */ 60 60 + #define IPT_STANDARD_TARGET XT_STANDARD_TARGET 61 61 + /* Error verdict. */ 62 62 + #define IPT_ERROR_TARGET XT_ERROR_TARGET 63 63 + 64 64 + /* fn returns 0 to continue iteration */ 65 65 + #define IPT_MATCH_ITERATE(e, fn, args...) \ 66 66 + XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args) 67 67 + 68 68 + /* fn returns 0 to continue iteration */ 69 69 + #define IPT_ENTRY_ITERATE(entries, size, fn, args...) \ 70 70 + XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args) 41 71 #endif 42 72 43 73 /* Yes, Virginia, you have to zero the padding. */ ··· 146 116 #define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) 147 117 #define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET 148 118 149 149 - #define IPT_CONTINUE XT_CONTINUE 150 150 - #define IPT_RETURN XT_RETURN 151 151 - 152 152 - #include <linux/netfilter/xt_tcpudp.h> 153 153 - #define ipt_udp xt_udp 154 154 - #define ipt_tcp xt_tcp 155 155 - 156 156 - #define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT 157 157 - #define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT 158 158 - #define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS 159 159 - #define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION 160 160 - #define IPT_TCP_INV_MASK XT_TCP_INV_MASK 161 161 - 162 162 - #define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT 163 163 - #define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT 164 164 - #define IPT_UDP_INV_MASK XT_UDP_INV_MASK 165 165 - 166 119 /* ICMP matching stuff */ 167 120 struct ipt_icmp { 168 121 u_int8_t type; /* type to match */ ··· 209 196 struct ipt_entry entries[0]; 210 197 }; 211 198 212 212 - /* The argument to IPT_SO_ADD_COUNTERS. */ 213 213 - #define ipt_counters_info xt_counters_info 214 214 - 215 199 /* The argument to IPT_SO_GET_ENTRIES. */ 216 200 struct ipt_get_entries { 217 201 /* Which table: user fills this in. */ ··· 221 211 struct ipt_entry entrytable[0]; 222 212 }; 223 213 224 224 - /* Standard return verdict, or do jump. */ 225 225 - #define IPT_STANDARD_TARGET XT_STANDARD_TARGET 226 226 - /* Error verdict. */ 227 227 - #define IPT_ERROR_TARGET XT_ERROR_TARGET 228 228 - 229 214 /* Helper functions */ 230 215 static __inline__ struct xt_entry_target * 231 216 ipt_get_target(struct ipt_entry *e) 232 217 { 233 218 return (void *)e + e->target_offset; 234 219 } 235 235 - 236 236 - #ifndef __KERNEL__ 237 237 - /* fn returns 0 to continue iteration */ 238 238 - #define IPT_MATCH_ITERATE(e, fn, args...) \ 239 239 - XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args) 240 240 - 241 241 - /* fn returns 0 to continue iteration */ 242 242 - #define IPT_ENTRY_ITERATE(entries, size, fn, args...) \ 243 243 - XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args) 244 244 - #endif 245 220 246 221 /* 247 222 * Main firewall chains definitions and global var's definitions. ··· 266 271 #define IPT_STANDARD_INIT(__verdict) \ 267 272 { \ 268 273 .entry = IPT_ENTRY_INIT(sizeof(struct ipt_standard)), \ 269 269 - .target = XT_TARGET_INIT(IPT_STANDARD_TARGET, \ 274 274 + .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \ 270 275 sizeof(struct xt_standard_target)), \ 271 276 .target.verdict = -(__verdict) - 1, \ 272 277 } ··· 274 279 #define IPT_ERROR_INIT \ 275 280 { \ 276 281 .entry = IPT_ENTRY_INIT(sizeof(struct ipt_error)), \ 277 277 - .target = XT_TARGET_INIT(IPT_ERROR_TARGET, \ 282 282 + .target = XT_TARGET_INIT(XT_ERROR_TARGET, \ 278 283 sizeof(struct ipt_error_target)), \ 279 284 .target.errorname = "ERROR", \ 280 285 }

+25 -44

include/linux/netfilter_ipv6/ip6_tables.h

reviewed

··· 38 38 #define ip6t_entry_target xt_entry_target 39 39 #define ip6t_standard_target xt_standard_target 40 40 #define ip6t_counters xt_counters 41 41 + #define IP6T_CONTINUE XT_CONTINUE 42 42 + #define IP6T_RETURN XT_RETURN 43 43 + 44 44 + /* Pre-iptables-1.4.0 */ 45 45 + #include <linux/netfilter/xt_tcpudp.h> 46 46 + #define ip6t_tcp xt_tcp 47 47 + #define ip6t_udp xt_udp 48 48 + #define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT 49 49 + #define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT 50 50 + #define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS 51 51 + #define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION 52 52 + #define IP6T_TCP_INV_MASK XT_TCP_INV_MASK 53 53 + #define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT 54 54 + #define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT 55 55 + #define IP6T_UDP_INV_MASK XT_UDP_INV_MASK 56 56 + 57 57 + #define ip6t_counters_info xt_counters_info 58 58 + #define IP6T_STANDARD_TARGET XT_STANDARD_TARGET 59 59 + #define IP6T_ERROR_TARGET XT_ERROR_TARGET 60 60 + #define IP6T_MATCH_ITERATE(e, fn, args...) \ 61 61 + XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args) 62 62 + #define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \ 63 63 + XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args) 41 64 #endif 42 65 43 66 /* Yes, Virginia, you have to zero the padding. */ ··· 156 133 #define IP6T_STANDARD_INIT(__verdict) \ 157 134 { \ 158 135 .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \ 159 159 - .target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \ 136 136 + .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \ 160 137 sizeof(struct xt_standard_target)), \ 161 138 .target.verdict = -(__verdict) - 1, \ 162 139 } ··· 164 141 #define IP6T_ERROR_INIT \ 165 142 { \ 166 143 .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \ 167 167 - .target = XT_TARGET_INIT(IP6T_ERROR_TARGET, \ 144 144 + .target = XT_TARGET_INIT(XT_ERROR_TARGET, \ 168 145 sizeof(struct ip6t_error_target)), \ 169 146 .target.errorname = "ERROR", \ 170 147 } ··· 187 164 #define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 4) 188 165 #define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5) 189 166 #define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET 190 190 - 191 191 - /* CONTINUE verdict for targets */ 192 192 - #define IP6T_CONTINUE XT_CONTINUE 193 193 - 194 194 - /* For standard target */ 195 195 - #define IP6T_RETURN XT_RETURN 196 196 - 197 197 - /* TCP/UDP matching stuff */ 198 198 - #include <linux/netfilter/xt_tcpudp.h> 199 199 - 200 200 - #define ip6t_tcp xt_tcp 201 201 - #define ip6t_udp xt_udp 202 202 - 203 203 - /* Values for "inv" field in struct ipt_tcp. */ 204 204 - #define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT 205 205 - #define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT 206 206 - #define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS 207 207 - #define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION 208 208 - #define IP6T_TCP_INV_MASK XT_TCP_INV_MASK 209 209 - 210 210 - /* Values for "invflags" field in struct ipt_udp. */ 211 211 - #define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT 212 212 - #define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT 213 213 - #define IP6T_UDP_INV_MASK XT_UDP_INV_MASK 214 167 215 168 /* ICMP matching stuff */ 216 169 struct ip6t_icmp { ··· 251 252 struct ip6t_entry entries[0]; 252 253 }; 253 254 254 254 - /* The argument to IP6T_SO_ADD_COUNTERS. */ 255 255 - #define ip6t_counters_info xt_counters_info 256 256 - 257 255 /* The argument to IP6T_SO_GET_ENTRIES. */ 258 256 struct ip6t_get_entries { 259 257 /* Which table: user fills this in. */ ··· 263 267 struct ip6t_entry entrytable[0]; 264 268 }; 265 269 266 266 - /* Standard return verdict, or do jump. */ 267 267 - #define IP6T_STANDARD_TARGET XT_STANDARD_TARGET 268 268 - /* Error verdict. */ 269 269 - #define IP6T_ERROR_TARGET XT_ERROR_TARGET 270 270 - 271 270 /* Helper functions */ 272 271 static __inline__ struct xt_entry_target * 273 272 ip6t_get_target(struct ip6t_entry *e) 274 273 { 275 274 return (void *)e + e->target_offset; 276 275 } 277 277 - 278 278 - #ifndef __KERNEL__ 279 279 - /* fn returns 0 to continue iteration */ 280 280 - #define IP6T_MATCH_ITERATE(e, fn, args...) \ 281 281 - XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args) 282 282 - 283 283 - /* fn returns 0 to continue iteration */ 284 284 - #define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \ 285 285 - XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args) 286 286 - #endif 287 276 288 277 /* 289 278 * Main firewall chains definitions and global var's definitions.

+7 -7

net/ipv4/netfilter/arp_tables.c

reviewed

··· 300 300 v = ((struct xt_standard_target *)t)->verdict; 301 301 if (v < 0) { 302 302 /* Pop from stack? */ 303 303 - if (v != ARPT_RETURN) { 303 303 + if (v != XT_RETURN) { 304 304 verdict = (unsigned)(-v) - 1; 305 305 break; 306 306 } ··· 332 332 /* Target might have changed stuff. */ 333 333 arp = arp_hdr(skb); 334 334 335 335 - if (verdict == ARPT_CONTINUE) 335 335 + if (verdict == XT_CONTINUE) 336 336 e = arpt_next_entry(e); 337 337 else 338 338 /* Verdict */ ··· 392 392 /* Unconditional return/END. */ 393 393 if ((e->target_offset == sizeof(struct arpt_entry) && 394 394 (strcmp(t->target.u.user.name, 395 395 - ARPT_STANDARD_TARGET) == 0) && 395 395 + XT_STANDARD_TARGET) == 0) && 396 396 t->verdict < 0 && unconditional(&e->arp)) || 397 397 visited) { 398 398 unsigned int oldpos, size; 399 399 400 400 if ((strcmp(t->target.u.user.name, 401 401 - ARPT_STANDARD_TARGET) == 0) && 401 401 + XT_STANDARD_TARGET) == 0) && 402 402 t->verdict < -NF_MAX_VERDICT - 1) { 403 403 duprintf("mark_source_chains: bad " 404 404 "negative verdict (%i)\n", ··· 433 433 int newpos = t->verdict; 434 434 435 435 if (strcmp(t->target.u.user.name, 436 436 - ARPT_STANDARD_TARGET) == 0 && 436 436 + XT_STANDARD_TARGET) == 0 && 437 437 newpos >= 0) { 438 438 if (newpos > newinfo->size - 439 439 sizeof(struct arpt_entry)) { ··· 1828 1828 /* The built-in targets: standard (NULL) and error. */ 1829 1829 static struct xt_target arpt_builtin_tg[] __read_mostly = { 1830 1830 { 1831 1831 - .name = ARPT_STANDARD_TARGET, 1831 1831 + .name = XT_STANDARD_TARGET, 1832 1832 .targetsize = sizeof(int), 1833 1833 .family = NFPROTO_ARP, 1834 1834 #ifdef CONFIG_COMPAT ··· 1838 1838 #endif 1839 1839 }, 1840 1840 { 1841 1841 - .name = ARPT_ERROR_TARGET, 1841 1841 + .name = XT_ERROR_TARGET, 1842 1842 .target = arpt_error, 1843 1843 .targetsize = XT_FUNCTION_MAXNAMELEN, 1844 1844 .family = NFPROTO_ARP,

+1 -1

net/ipv4/netfilter/arpt_mangle.c

reviewed

··· 63 63 return false; 64 64 65 65 if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT && 66 66 - mangle->target != ARPT_CONTINUE) 66 66 + mangle->target != XT_CONTINUE) 67 67 return false; 68 68 return true; 69 69 }

+9 -9

net/ipv4/netfilter/ip_tables.c

reviewed

··· 232 232 { 233 233 const struct xt_standard_target *t = (void *)ipt_get_target_c(s); 234 234 235 235 - if (strcmp(t->target.u.kernel.target->name, IPT_ERROR_TARGET) == 0) { 235 235 + if (strcmp(t->target.u.kernel.target->name, XT_ERROR_TARGET) == 0) { 236 236 /* Head of user chain: ERROR target with chainname */ 237 237 *chainname = t->target.data; 238 238 (*rulenum) = 0; ··· 241 241 242 242 if (s->target_offset == sizeof(struct ipt_entry) && 243 243 strcmp(t->target.u.kernel.target->name, 244 244 - IPT_STANDARD_TARGET) == 0 && 244 244 + XT_STANDARD_TARGET) == 0 && 245 245 t->verdict < 0 && 246 246 unconditional(&s->ip)) { 247 247 /* Tail of chains: STANDARD target (return/policy) */ ··· 383 383 v = ((struct xt_standard_target *)t)->verdict; 384 384 if (v < 0) { 385 385 /* Pop from stack? */ 386 386 - if (v != IPT_RETURN) { 386 386 + if (v != XT_RETURN) { 387 387 verdict = (unsigned)(-v) - 1; 388 388 break; 389 389 } ··· 421 421 verdict = t->u.kernel.target->target(skb, &acpar); 422 422 /* Target might have changed stuff. */ 423 423 ip = ip_hdr(skb); 424 424 - if (verdict == IPT_CONTINUE) 424 424 + if (verdict == XT_CONTINUE) 425 425 e = ipt_next_entry(e); 426 426 else 427 427 /* Verdict */ ··· 475 475 /* Unconditional return/END. */ 476 476 if ((e->target_offset == sizeof(struct ipt_entry) && 477 477 (strcmp(t->target.u.user.name, 478 478 - IPT_STANDARD_TARGET) == 0) && 478 478 + XT_STANDARD_TARGET) == 0) && 479 479 t->verdict < 0 && unconditional(&e->ip)) || 480 480 visited) { 481 481 unsigned int oldpos, size; 482 482 483 483 if ((strcmp(t->target.u.user.name, 484 484 - IPT_STANDARD_TARGET) == 0) && 484 484 + XT_STANDARD_TARGET) == 0) && 485 485 t->verdict < -NF_MAX_VERDICT - 1) { 486 486 duprintf("mark_source_chains: bad " 487 487 "negative verdict (%i)\n", ··· 524 524 int newpos = t->verdict; 525 525 526 526 if (strcmp(t->target.u.user.name, 527 527 - IPT_STANDARD_TARGET) == 0 && 527 527 + XT_STANDARD_TARGET) == 0 && 528 528 newpos >= 0) { 529 529 if (newpos > newinfo->size - 530 530 sizeof(struct ipt_entry)) { ··· 2176 2176 2177 2177 static struct xt_target ipt_builtin_tg[] __read_mostly = { 2178 2178 { 2179 2179 - .name = IPT_STANDARD_TARGET, 2179 2179 + .name = XT_STANDARD_TARGET, 2180 2180 .targetsize = sizeof(int), 2181 2181 .family = NFPROTO_IPV4, 2182 2182 #ifdef CONFIG_COMPAT ··· 2186 2186 #endif 2187 2187 }, 2188 2188 { 2189 2189 - .name = IPT_ERROR_TARGET, 2189 2189 + .name = XT_ERROR_TARGET, 2190 2190 .target = ipt_error, 2191 2191 .targetsize = XT_FUNCTION_MAXNAMELEN, 2192 2192 .family = NFPROTO_IPV4,

+9 -9

net/ipv6/netfilter/ip6_tables.c

reviewed

··· 262 262 { 263 263 const struct xt_standard_target *t = (void *)ip6t_get_target_c(s); 264 264 265 265 - if (strcmp(t->target.u.kernel.target->name, IP6T_ERROR_TARGET) == 0) { 265 265 + if (strcmp(t->target.u.kernel.target->name, XT_ERROR_TARGET) == 0) { 266 266 /* Head of user chain: ERROR target with chainname */ 267 267 *chainname = t->target.data; 268 268 (*rulenum) = 0; ··· 271 271 272 272 if (s->target_offset == sizeof(struct ip6t_entry) && 273 273 strcmp(t->target.u.kernel.target->name, 274 274 - IP6T_STANDARD_TARGET) == 0 && 274 274 + XT_STANDARD_TARGET) == 0 && 275 275 t->verdict < 0 && 276 276 unconditional(&s->ipv6)) { 277 277 /* Tail of chains: STANDARD target (return/policy) */ ··· 406 406 v = ((struct xt_standard_target *)t)->verdict; 407 407 if (v < 0) { 408 408 /* Pop from stack? */ 409 409 - if (v != IP6T_RETURN) { 409 409 + if (v != XT_RETURN) { 410 410 verdict = (unsigned)(-v) - 1; 411 411 break; 412 412 } ··· 434 434 acpar.targinfo = t->data; 435 435 436 436 verdict = t->u.kernel.target->target(skb, &acpar); 437 437 - if (verdict == IP6T_CONTINUE) 437 437 + if (verdict == XT_CONTINUE) 438 438 e = ip6t_next_entry(e); 439 439 else 440 440 /* Verdict */ ··· 488 488 /* Unconditional return/END. */ 489 489 if ((e->target_offset == sizeof(struct ip6t_entry) && 490 490 (strcmp(t->target.u.user.name, 491 491 - IP6T_STANDARD_TARGET) == 0) && 491 491 + XT_STANDARD_TARGET) == 0) && 492 492 t->verdict < 0 && 493 493 unconditional(&e->ipv6)) || visited) { 494 494 unsigned int oldpos, size; 495 495 496 496 if ((strcmp(t->target.u.user.name, 497 497 - IP6T_STANDARD_TARGET) == 0) && 497 497 + XT_STANDARD_TARGET) == 0) && 498 498 t->verdict < -NF_MAX_VERDICT - 1) { 499 499 duprintf("mark_source_chains: bad " 500 500 "negative verdict (%i)\n", ··· 537 537 int newpos = t->verdict; 538 538 539 539 if (strcmp(t->target.u.user.name, 540 540 - IP6T_STANDARD_TARGET) == 0 && 540 540 + XT_STANDARD_TARGET) == 0 && 541 541 newpos >= 0) { 542 542 if (newpos > newinfo->size - 543 543 sizeof(struct ip6t_entry)) { ··· 2191 2191 /* The built-in targets: standard (NULL) and error. */ 2192 2192 static struct xt_target ip6t_builtin_tg[] __read_mostly = { 2193 2193 { 2194 2194 - .name = IP6T_STANDARD_TARGET, 2194 2194 + .name = XT_STANDARD_TARGET, 2195 2195 .targetsize = sizeof(int), 2196 2196 .family = NFPROTO_IPV6, 2197 2197 #ifdef CONFIG_COMPAT ··· 2201 2201 #endif 2202 2202 }, 2203 2203 { 2204 2204 - .name = IP6T_ERROR_TARGET, 2204 2204 + .name = XT_ERROR_TARGET, 2205 2205 .target = ip6t_error, 2206 2206 .targetsize = XT_FUNCTION_MAXNAMELEN, 2207 2207 .family = NFPROTO_IPV6,

+1 -1

net/sched/act_ipt.c

reviewed

··· 230 230 result = TC_ACT_SHOT; 231 231 ipt->tcf_qstats.drops++; 232 232 break; 233 233 - case IPT_CONTINUE: 233 233 + case XT_CONTINUE: 234 234 result = TC_ACT_PIPE; 235 235 break; 236 236 default: