tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: xtables: resolve indirect macros 2/3
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
+103
-108
+7
-8
include/linux/netfilter_arp/arp_tables.h
+7
-8
include/linux/netfilter_arp/arp_tables.h
···
24
24
#ifndef __KERNEL__
25
25
#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
26
26
#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
27
+
#define arpt_entry_target xt_entry_target
28
+
#define arpt_standard_target xt_standard_target
27
29
#endif
28
30
29
31
#define ARPT_DEV_ADDR_LEN_MAX 16
···
66
64
/* Inverse flags */
67
65
u_int16_t invflags;
68
66
};
69
-
70
-
#define arpt_entry_target xt_entry_target
71
-
#define arpt_standard_target xt_standard_target
72
67
73
68
/* Values for "flag" field in struct arpt_ip (general arp structure).
74
69
* No flags defined yet.
···
207
208
#define ARPT_ERROR_TARGET XT_ERROR_TARGET
208
209
209
210
/* Helper functions */
210
-
static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e)
211
+
static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e)
211
212
{
212
213
return (void *)e + e->target_offset;
213
214
}
···
226
227
/* Standard entry. */
227
228
struct arpt_standard {
228
229
struct arpt_entry entry;
229
-
struct arpt_standard_target target;
230
+
struct xt_standard_target target;
230
231
};
231
232
232
233
struct arpt_error_target {
233
-
struct arpt_entry_target target;
234
+
struct xt_entry_target target;
234
235
char errorname[XT_FUNCTION_MAXNAMELEN];
235
236
};
236
237
···
249
250
{ \
250
251
.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \
251
252
.target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \
252
-
sizeof(struct arpt_standard_target)), \
253
+
sizeof(struct xt_standard_target)), \
253
254
.target.verdict = -(__verdict) - 1, \
254
255
}
255
256
···
286
287
unsigned char elems[0];
287
288
};
288
289
289
-
static inline struct arpt_entry_target *
290
+
static inline struct xt_entry_target *
290
291
compat_arpt_get_target(struct compat_arpt_entry *e)
291
292
{
292
293
return (void *)e + e->target_offset;
+8
-10
include/linux/netfilter_ipv4/ip_tables.h
+8
-10
include/linux/netfilter_ipv4/ip_tables.h
···
34
34
#define ipt_target xt_target
35
35
#define ipt_table xt_table
36
36
#define ipt_get_revision xt_get_revision
37
+
#define ipt_entry_match xt_entry_match
38
+
#define ipt_entry_target xt_entry_target
39
+
#define ipt_standard_target xt_standard_target
40
+
#define ipt_counters xt_counters
37
41
#endif
38
42
39
43
/* Yes, Virginia, you have to zero the padding. */
···
57
53
/* Inverse flags */
58
54
u_int8_t invflags;
59
55
};
60
-
61
-
#define ipt_entry_match xt_entry_match
62
-
#define ipt_entry_target xt_entry_target
63
-
#define ipt_standard_target xt_standard_target
64
-
65
-
#define ipt_counters xt_counters
66
56
67
57
/* Values for "flag" field in struct ipt_ip (general ip structure). */
68
58
#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */
···
217
219
#define IPT_ERROR_TARGET XT_ERROR_TARGET
218
220
219
221
/* Helper functions */
220
-
static __inline__ struct ipt_entry_target *
222
+
static __inline__ struct xt_entry_target *
221
223
ipt_get_target(struct ipt_entry *e)
222
224
{
223
225
return (void *)e + e->target_offset;
···
249
251
/* Standard entry. */
250
252
struct ipt_standard {
251
253
struct ipt_entry entry;
252
-
struct ipt_standard_target target;
254
+
struct xt_standard_target target;
253
255
};
254
256
255
257
struct ipt_error_target {
256
-
struct ipt_entry_target target;
258
+
struct xt_entry_target target;
257
259
char errorname[XT_FUNCTION_MAXNAMELEN];
258
260
};
259
261
···
307
309
};
308
310
309
311
/* Helper functions */
310
-
static inline struct ipt_entry_target *
312
+
static inline struct xt_entry_target *
311
313
compat_ipt_get_target(struct compat_ipt_entry *e)
312
314
{
313
315
return (void *)e + e->target_offset;
+9
-11
include/linux/netfilter_ipv6/ip6_tables.h
+9
-11
include/linux/netfilter_ipv6/ip6_tables.h
···
34
34
#define ip6t_target xt_target
35
35
#define ip6t_table xt_table
36
36
#define ip6t_get_revision xt_get_revision
37
+
#define ip6t_entry_match xt_entry_match
38
+
#define ip6t_entry_target xt_entry_target
39
+
#define ip6t_standard_target xt_standard_target
40
+
#define ip6t_counters xt_counters
37
41
#endif
38
42
39
43
/* Yes, Virginia, you have to zero the padding. */
···
66
62
/* Inverse flags */
67
63
u_int8_t invflags;
68
64
};
69
-
70
-
#define ip6t_entry_match xt_entry_match
71
-
#define ip6t_entry_target xt_entry_target
72
-
#define ip6t_standard_target xt_standard_target
73
-
74
-
#define ip6t_counters xt_counters
75
65
76
66
/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
77
67
#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper
···
111
113
/* Standard entry */
112
114
struct ip6t_standard {
113
115
struct ip6t_entry entry;
114
-
struct ip6t_standard_target target;
116
+
struct xt_standard_target target;
115
117
};
116
118
117
119
struct ip6t_error_target {
118
-
struct ip6t_entry_target target;
120
+
struct xt_entry_target target;
119
121
char errorname[XT_FUNCTION_MAXNAMELEN];
120
122
};
121
123
···
134
136
{ \
135
137
.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
136
138
.target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \
137
-
sizeof(struct ip6t_standard_target)), \
139
+
sizeof(struct xt_standard_target)), \
138
140
.target.verdict = -(__verdict) - 1, \
139
141
}
140
142
···
273
275
#define IP6T_ERROR_TARGET XT_ERROR_TARGET
274
276
275
277
/* Helper functions */
276
-
static __inline__ struct ip6t_entry_target *
278
+
static __inline__ struct xt_entry_target *
277
279
ip6t_get_target(struct ip6t_entry *e)
278
280
{
279
281
return (void *)e + e->target_offset;
···
330
332
unsigned char elems[0];
331
333
};
332
334
333
-
static inline struct ip6t_entry_target *
335
+
static inline struct xt_entry_target *
334
336
compat_ip6t_get_target(struct compat_ip6t_entry *e)
335
337
{
336
338
return (void *)e + e->target_offset;
+19
-19
net/ipv4/netfilter/arp_tables.c
+19
-19
net/ipv4/netfilter/arp_tables.c
···
228
228
return NF_DROP;
229
229
}
230
230
231
-
static inline const struct arpt_entry_target *
231
+
static inline const struct xt_entry_target *
232
232
arpt_get_target_c(const struct arpt_entry *e)
233
233
{
234
234
return arpt_get_target((struct arpt_entry *)e);
···
282
282
283
283
arp = arp_hdr(skb);
284
284
do {
285
-
const struct arpt_entry_target *t;
285
+
const struct xt_entry_target *t;
286
286
287
287
if (!arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {
288
288
e = arpt_next_entry(e);
···
297
297
if (!t->u.kernel.target->target) {
298
298
int v;
299
299
300
-
v = ((struct arpt_standard_target *)t)->verdict;
300
+
v = ((struct xt_standard_target *)t)->verdict;
301
301
if (v < 0) {
302
302
/* Pop from stack? */
303
303
if (v != ARPT_RETURN) {
···
377
377
e->counters.pcnt = pos;
378
378
379
379
for (;;) {
380
-
const struct arpt_standard_target *t
380
+
const struct xt_standard_target *t
381
381
= (void *)arpt_get_target_c(e);
382
382
int visited = e->comefrom & (1 << hook);
383
383
···
464
464
465
465
static inline int check_entry(const struct arpt_entry *e, const char *name)
466
466
{
467
-
const struct arpt_entry_target *t;
467
+
const struct xt_entry_target *t;
468
468
469
469
if (!arp_checkentry(&e->arp)) {
470
470
duprintf("arp_tables: arp check failed %p %s.\n", e, name);
471
471
return -EINVAL;
472
472
}
473
473
474
-
if (e->target_offset + sizeof(struct arpt_entry_target) > e->next_offset)
474
+
if (e->target_offset + sizeof(struct xt_entry_target) > e->next_offset)
475
475
return -EINVAL;
476
476
477
477
t = arpt_get_target_c(e);
···
483
483
484
484
static inline int check_target(struct arpt_entry *e, const char *name)
485
485
{
486
-
struct arpt_entry_target *t = arpt_get_target(e);
486
+
struct xt_entry_target *t = arpt_get_target(e);
487
487
int ret;
488
488
struct xt_tgchk_param par = {
489
489
.table = name,
···
506
506
static inline int
507
507
find_check_entry(struct arpt_entry *e, const char *name, unsigned int size)
508
508
{
509
-
struct arpt_entry_target *t;
509
+
struct xt_entry_target *t;
510
510
struct xt_target *target;
511
511
int ret;
512
512
···
536
536
537
537
static bool check_underflow(const struct arpt_entry *e)
538
538
{
539
-
const struct arpt_entry_target *t;
539
+
const struct xt_entry_target *t;
540
540
unsigned int verdict;
541
541
542
542
if (!unconditional(&e->arp))
···
544
544
t = arpt_get_target_c(e);
545
545
if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0)
546
546
return false;
547
-
verdict = ((struct arpt_standard_target *)t)->verdict;
547
+
verdict = ((struct xt_standard_target *)t)->verdict;
548
548
verdict = -verdict - 1;
549
549
return verdict == NF_DROP || verdict == NF_ACCEPT;
550
550
}
···
566
566
}
567
567
568
568
if (e->next_offset
569
-
< sizeof(struct arpt_entry) + sizeof(struct arpt_entry_target)) {
569
+
< sizeof(struct arpt_entry) + sizeof(struct xt_entry_target)) {
570
570
duprintf("checking: element %p size %u\n",
571
571
e, e->next_offset);
572
572
return -EINVAL;
···
598
598
static inline void cleanup_entry(struct arpt_entry *e)
599
599
{
600
600
struct xt_tgdtor_param par;
601
-
struct arpt_entry_target *t;
601
+
struct xt_entry_target *t;
602
602
603
603
t = arpt_get_target(e);
604
604
par.target = t->u.kernel.target;
···
794
794
/* FIXME: use iterator macros --RR */
795
795
/* ... then go back and fix counters and names */
796
796
for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){
797
-
const struct arpt_entry_target *t;
797
+
const struct xt_entry_target *t;
798
798
799
799
e = (struct arpt_entry *)(loc_cpu_entry + off);
800
800
if (copy_to_user(userptr + off
···
807
807
808
808
t = arpt_get_target_c(e);
809
809
if (copy_to_user(userptr + off + e->target_offset
810
-
+ offsetof(struct arpt_entry_target,
810
+
+ offsetof(struct xt_entry_target,
811
811
u.user.name),
812
812
t->u.kernel.target->name,
813
813
strlen(t->u.kernel.target->name)+1) != 0) {
···
844
844
const struct xt_table_info *info,
845
845
const void *base, struct xt_table_info *newinfo)
846
846
{
847
-
const struct arpt_entry_target *t;
847
+
const struct xt_entry_target *t;
848
848
unsigned int entry_offset;
849
849
int off, i, ret;
850
850
···
1204
1204
#ifdef CONFIG_COMPAT
1205
1205
static inline void compat_release_entry(struct compat_arpt_entry *e)
1206
1206
{
1207
-
struct arpt_entry_target *t;
1207
+
struct xt_entry_target *t;
1208
1208
1209
1209
t = compat_arpt_get_target(e);
1210
1210
module_put(t->u.kernel.target->me);
···
1220
1220
const unsigned int *underflows,
1221
1221
const char *name)
1222
1222
{
1223
-
struct arpt_entry_target *t;
1223
+
struct xt_entry_target *t;
1224
1224
struct xt_target *target;
1225
1225
unsigned int entry_offset;
1226
1226
int ret, off, h;
···
1288
1288
unsigned int *size, const char *name,
1289
1289
struct xt_table_info *newinfo, unsigned char *base)
1290
1290
{
1291
-
struct arpt_entry_target *t;
1291
+
struct xt_entry_target *t;
1292
1292
struct xt_target *target;
1293
1293
struct arpt_entry *de;
1294
1294
unsigned int origsize;
···
1567
1567
struct xt_counters *counters,
1568
1568
unsigned int i)
1569
1569
{
1570
-
struct arpt_entry_target *t;
1570
+
struct xt_entry_target *t;
1571
1571
struct compat_arpt_entry __user *ce;
1572
1572
u_int16_t target_offset, next_offset;
1573
1573
compat_uint_t origsize;
+27
-27
net/ipv4/netfilter/ip_tables.c
+27
-27
net/ipv4/netfilter/ip_tables.c
···
186
186
}
187
187
188
188
/* for const-correctness */
189
-
static inline const struct ipt_entry_target *
189
+
static inline const struct xt_entry_target *
190
190
ipt_get_target_c(const struct ipt_entry *e)
191
191
{
192
192
return ipt_get_target((struct ipt_entry *)e);
···
230
230
const char *hookname, const char **chainname,
231
231
const char **comment, unsigned int *rulenum)
232
232
{
233
-
const struct ipt_standard_target *t = (void *)ipt_get_target_c(s);
233
+
const struct xt_standard_target *t = (void *)ipt_get_target_c(s);
234
234
235
235
if (strcmp(t->target.u.kernel.target->name, IPT_ERROR_TARGET) == 0) {
236
236
/* Head of user chain: ERROR target with chainname */
···
346
346
get_entry(table_base, private->underflow[hook]));
347
347
348
348
do {
349
-
const struct ipt_entry_target *t;
349
+
const struct xt_entry_target *t;
350
350
const struct xt_entry_match *ematch;
351
351
352
352
IP_NF_ASSERT(e);
···
380
380
if (!t->u.kernel.target->target) {
381
381
int v;
382
382
383
-
v = ((struct ipt_standard_target *)t)->verdict;
383
+
v = ((struct xt_standard_target *)t)->verdict;
384
384
if (v < 0) {
385
385
/* Pop from stack? */
386
386
if (v != IPT_RETURN) {
···
461
461
e->counters.pcnt = pos;
462
462
463
463
for (;;) {
464
-
const struct ipt_standard_target *t
464
+
const struct xt_standard_target *t
465
465
= (void *)ipt_get_target_c(e);
466
466
int visited = e->comefrom & (1 << hook);
467
467
···
552
552
return 1;
553
553
}
554
554
555
-
static void cleanup_match(struct ipt_entry_match *m, struct net *net)
555
+
static void cleanup_match(struct xt_entry_match *m, struct net *net)
556
556
{
557
557
struct xt_mtdtor_param par;
558
558
···
568
568
static int
569
569
check_entry(const struct ipt_entry *e, const char *name)
570
570
{
571
-
const struct ipt_entry_target *t;
571
+
const struct xt_entry_target *t;
572
572
573
573
if (!ip_checkentry(&e->ip)) {
574
574
duprintf("ip check failed %p %s.\n", e, par->match->name);
575
575
return -EINVAL;
576
576
}
577
577
578
-
if (e->target_offset + sizeof(struct ipt_entry_target) >
578
+
if (e->target_offset + sizeof(struct xt_entry_target) >
579
579
e->next_offset)
580
580
return -EINVAL;
581
581
···
587
587
}
588
588
589
589
static int
590
-
check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par)
590
+
check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
591
591
{
592
592
const struct ipt_ip *ip = par->entryinfo;
593
593
int ret;
···
605
605
}
606
606
607
607
static int
608
-
find_check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par)
608
+
find_check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
609
609
{
610
610
struct xt_match *match;
611
611
int ret;
···
630
630
631
631
static int check_target(struct ipt_entry *e, struct net *net, const char *name)
632
632
{
633
-
struct ipt_entry_target *t = ipt_get_target(e);
633
+
struct xt_entry_target *t = ipt_get_target(e);
634
634
struct xt_tgchk_param par = {
635
635
.net = net,
636
636
.table = name,
···
656
656
find_check_entry(struct ipt_entry *e, struct net *net, const char *name,
657
657
unsigned int size)
658
658
{
659
-
struct ipt_entry_target *t;
659
+
struct xt_entry_target *t;
660
660
struct xt_target *target;
661
661
int ret;
662
662
unsigned int j;
···
707
707
708
708
static bool check_underflow(const struct ipt_entry *e)
709
709
{
710
-
const struct ipt_entry_target *t;
710
+
const struct xt_entry_target *t;
711
711
unsigned int verdict;
712
712
713
713
if (!unconditional(&e->ip))
···
715
715
t = ipt_get_target_c(e);
716
716
if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0)
717
717
return false;
718
-
verdict = ((struct ipt_standard_target *)t)->verdict;
718
+
verdict = ((struct xt_standard_target *)t)->verdict;
719
719
verdict = -verdict - 1;
720
720
return verdict == NF_DROP || verdict == NF_ACCEPT;
721
721
}
···
738
738
}
739
739
740
740
if (e->next_offset
741
-
< sizeof(struct ipt_entry) + sizeof(struct ipt_entry_target)) {
741
+
< sizeof(struct ipt_entry) + sizeof(struct xt_entry_target)) {
742
742
duprintf("checking: element %p size %u\n",
743
743
e, e->next_offset);
744
744
return -EINVAL;
···
771
771
cleanup_entry(struct ipt_entry *e, struct net *net)
772
772
{
773
773
struct xt_tgdtor_param par;
774
-
struct ipt_entry_target *t;
774
+
struct xt_entry_target *t;
775
775
struct xt_entry_match *ematch;
776
776
777
777
/* Cleanup all matches */
···
972
972
/* ... then go back and fix counters and names */
973
973
for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){
974
974
unsigned int i;
975
-
const struct ipt_entry_match *m;
976
-
const struct ipt_entry_target *t;
975
+
const struct xt_entry_match *m;
976
+
const struct xt_entry_target *t;
977
977
978
978
e = (struct ipt_entry *)(loc_cpu_entry + off);
979
979
if (copy_to_user(userptr + off
···
990
990
m = (void *)e + i;
991
991
992
992
if (copy_to_user(userptr + off + i
993
-
+ offsetof(struct ipt_entry_match,
993
+
+ offsetof(struct xt_entry_match,
994
994
u.user.name),
995
995
m->u.kernel.match->name,
996
996
strlen(m->u.kernel.match->name)+1)
···
1002
1002
1003
1003
t = ipt_get_target_c(e);
1004
1004
if (copy_to_user(userptr + off + e->target_offset
1005
-
+ offsetof(struct ipt_entry_target,
1005
+
+ offsetof(struct xt_entry_target,
1006
1006
u.user.name),
1007
1007
t->u.kernel.target->name,
1008
1008
strlen(t->u.kernel.target->name)+1) != 0) {
···
1040
1040
const void *base, struct xt_table_info *newinfo)
1041
1041
{
1042
1042
const struct xt_entry_match *ematch;
1043
-
const struct ipt_entry_target *t;
1043
+
const struct xt_entry_target *t;
1044
1044
unsigned int entry_offset;
1045
1045
int off, i, ret;
1046
1046
···
1407
1407
u32 hook_entry[NF_INET_NUMHOOKS];
1408
1408
u32 underflow[NF_INET_NUMHOOKS];
1409
1409
u32 num_counters;
1410
-
compat_uptr_t counters; /* struct ipt_counters * */
1410
+
compat_uptr_t counters; /* struct xt_counters * */
1411
1411
struct compat_ipt_entry entries[0];
1412
1412
};
1413
1413
···
1416
1416
unsigned int *size, struct xt_counters *counters,
1417
1417
unsigned int i)
1418
1418
{
1419
-
struct ipt_entry_target *t;
1419
+
struct xt_entry_target *t;
1420
1420
struct compat_ipt_entry __user *ce;
1421
1421
u_int16_t target_offset, next_offset;
1422
1422
compat_uint_t origsize;
···
1451
1451
}
1452
1452
1453
1453
static int
1454
-
compat_find_calc_match(struct ipt_entry_match *m,
1454
+
compat_find_calc_match(struct xt_entry_match *m,
1455
1455
const char *name,
1456
1456
const struct ipt_ip *ip,
1457
1457
unsigned int hookmask,
···
1473
1473
1474
1474
static void compat_release_entry(struct compat_ipt_entry *e)
1475
1475
{
1476
-
struct ipt_entry_target *t;
1476
+
struct xt_entry_target *t;
1477
1477
struct xt_entry_match *ematch;
1478
1478
1479
1479
/* Cleanup all matches */
···
1494
1494
const char *name)
1495
1495
{
1496
1496
struct xt_entry_match *ematch;
1497
-
struct ipt_entry_target *t;
1497
+
struct xt_entry_target *t;
1498
1498
struct xt_target *target;
1499
1499
unsigned int entry_offset;
1500
1500
unsigned int j;
···
1576
1576
unsigned int *size, const char *name,
1577
1577
struct xt_table_info *newinfo, unsigned char *base)
1578
1578
{
1579
-
struct ipt_entry_target *t;
1579
+
struct xt_entry_target *t;
1580
1580
struct xt_target *target;
1581
1581
struct ipt_entry *de;
1582
1582
unsigned int origsize;
+27
-27
net/ipv6/netfilter/ip6_tables.c
+27
-27
net/ipv6/netfilter/ip6_tables.c
···
215
215
return memcmp(ipv6, &uncond, sizeof(uncond)) == 0;
216
216
}
217
217
218
-
static inline const struct ip6t_entry_target *
218
+
static inline const struct xt_entry_target *
219
219
ip6t_get_target_c(const struct ip6t_entry *e)
220
220
{
221
221
return ip6t_get_target((struct ip6t_entry *)e);
···
260
260
const char *hookname, const char **chainname,
261
261
const char **comment, unsigned int *rulenum)
262
262
{
263
-
const struct ip6t_standard_target *t = (void *)ip6t_get_target_c(s);
263
+
const struct xt_standard_target *t = (void *)ip6t_get_target_c(s);
264
264
265
265
if (strcmp(t->target.u.kernel.target->name, IP6T_ERROR_TARGET) == 0) {
266
266
/* Head of user chain: ERROR target with chainname */
···
369
369
e = get_entry(table_base, private->hook_entry[hook]);
370
370
371
371
do {
372
-
const struct ip6t_entry_target *t;
372
+
const struct xt_entry_target *t;
373
373
const struct xt_entry_match *ematch;
374
374
375
375
IP_NF_ASSERT(e);
···
403
403
if (!t->u.kernel.target->target) {
404
404
int v;
405
405
406
-
v = ((struct ip6t_standard_target *)t)->verdict;
406
+
v = ((struct xt_standard_target *)t)->verdict;
407
407
if (v < 0) {
408
408
/* Pop from stack? */
409
409
if (v != IP6T_RETURN) {
···
474
474
e->counters.pcnt = pos;
475
475
476
476
for (;;) {
477
-
const struct ip6t_standard_target *t
477
+
const struct xt_standard_target *t
478
478
= (void *)ip6t_get_target_c(e);
479
479
int visited = e->comefrom & (1 << hook);
480
480
···
565
565
return 1;
566
566
}
567
567
568
-
static void cleanup_match(struct ip6t_entry_match *m, struct net *net)
568
+
static void cleanup_match(struct xt_entry_match *m, struct net *net)
569
569
{
570
570
struct xt_mtdtor_param par;
571
571
···
581
581
static int
582
582
check_entry(const struct ip6t_entry *e, const char *name)
583
583
{
584
-
const struct ip6t_entry_target *t;
584
+
const struct xt_entry_target *t;
585
585
586
586
if (!ip6_checkentry(&e->ipv6)) {
587
587
duprintf("ip_tables: ip check failed %p %s.\n", e, name);
588
588
return -EINVAL;
589
589
}
590
590
591
-
if (e->target_offset + sizeof(struct ip6t_entry_target) >
591
+
if (e->target_offset + sizeof(struct xt_entry_target) >
592
592
e->next_offset)
593
593
return -EINVAL;
594
594
···
599
599
return 0;
600
600
}
601
601
602
-
static int check_match(struct ip6t_entry_match *m, struct xt_mtchk_param *par)
602
+
static int check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
603
603
{
604
604
const struct ip6t_ip6 *ipv6 = par->entryinfo;
605
605
int ret;
···
618
618
}
619
619
620
620
static int
621
-
find_check_match(struct ip6t_entry_match *m, struct xt_mtchk_param *par)
621
+
find_check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
622
622
{
623
623
struct xt_match *match;
624
624
int ret;
···
643
643
644
644
static int check_target(struct ip6t_entry *e, struct net *net, const char *name)
645
645
{
646
-
struct ip6t_entry_target *t = ip6t_get_target(e);
646
+
struct xt_entry_target *t = ip6t_get_target(e);
647
647
struct xt_tgchk_param par = {
648
648
.net = net,
649
649
.table = name,
···
670
670
find_check_entry(struct ip6t_entry *e, struct net *net, const char *name,
671
671
unsigned int size)
672
672
{
673
-
struct ip6t_entry_target *t;
673
+
struct xt_entry_target *t;
674
674
struct xt_target *target;
675
675
int ret;
676
676
unsigned int j;
···
721
721
722
722
static bool check_underflow(const struct ip6t_entry *e)
723
723
{
724
-
const struct ip6t_entry_target *t;
724
+
const struct xt_entry_target *t;
725
725
unsigned int verdict;
726
726
727
727
if (!unconditional(&e->ipv6))
···
729
729
t = ip6t_get_target_c(e);
730
730
if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0)
731
731
return false;
732
-
verdict = ((struct ip6t_standard_target *)t)->verdict;
732
+
verdict = ((struct xt_standard_target *)t)->verdict;
733
733
verdict = -verdict - 1;
734
734
return verdict == NF_DROP || verdict == NF_ACCEPT;
735
735
}
···
752
752
}
753
753
754
754
if (e->next_offset
755
-
< sizeof(struct ip6t_entry) + sizeof(struct ip6t_entry_target)) {
755
+
< sizeof(struct ip6t_entry) + sizeof(struct xt_entry_target)) {
756
756
duprintf("checking: element %p size %u\n",
757
757
e, e->next_offset);
758
758
return -EINVAL;
···
784
784
static void cleanup_entry(struct ip6t_entry *e, struct net *net)
785
785
{
786
786
struct xt_tgdtor_param par;
787
-
struct ip6t_entry_target *t;
787
+
struct xt_entry_target *t;
788
788
struct xt_entry_match *ematch;
789
789
790
790
/* Cleanup all matches */
···
985
985
/* ... then go back and fix counters and names */
986
986
for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){
987
987
unsigned int i;
988
-
const struct ip6t_entry_match *m;
989
-
const struct ip6t_entry_target *t;
988
+
const struct xt_entry_match *m;
989
+
const struct xt_entry_target *t;
990
990
991
991
e = (struct ip6t_entry *)(loc_cpu_entry + off);
992
992
if (copy_to_user(userptr + off
···
1003
1003
m = (void *)e + i;
1004
1004
1005
1005
if (copy_to_user(userptr + off + i
1006
-
+ offsetof(struct ip6t_entry_match,
1006
+
+ offsetof(struct xt_entry_match,
1007
1007
u.user.name),
1008
1008
m->u.kernel.match->name,
1009
1009
strlen(m->u.kernel.match->name)+1)
···
1015
1015
1016
1016
t = ip6t_get_target_c(e);
1017
1017
if (copy_to_user(userptr + off + e->target_offset
1018
-
+ offsetof(struct ip6t_entry_target,
1018
+
+ offsetof(struct xt_entry_target,
1019
1019
u.user.name),
1020
1020
t->u.kernel.target->name,
1021
1021
strlen(t->u.kernel.target->name)+1) != 0) {
···
1053
1053
const void *base, struct xt_table_info *newinfo)
1054
1054
{
1055
1055
const struct xt_entry_match *ematch;
1056
-
const struct ip6t_entry_target *t;
1056
+
const struct xt_entry_target *t;
1057
1057
unsigned int entry_offset;
1058
1058
int off, i, ret;
1059
1059
···
1422
1422
u32 hook_entry[NF_INET_NUMHOOKS];
1423
1423
u32 underflow[NF_INET_NUMHOOKS];
1424
1424
u32 num_counters;
1425
-
compat_uptr_t counters; /* struct ip6t_counters * */
1425
+
compat_uptr_t counters; /* struct xt_counters * */
1426
1426
struct compat_ip6t_entry entries[0];
1427
1427
};
1428
1428
···
1431
1431
unsigned int *size, struct xt_counters *counters,
1432
1432
unsigned int i)
1433
1433
{
1434
-
struct ip6t_entry_target *t;
1434
+
struct xt_entry_target *t;
1435
1435
struct compat_ip6t_entry __user *ce;
1436
1436
u_int16_t target_offset, next_offset;
1437
1437
compat_uint_t origsize;
···
1466
1466
}
1467
1467
1468
1468
static int
1469
-
compat_find_calc_match(struct ip6t_entry_match *m,
1469
+
compat_find_calc_match(struct xt_entry_match *m,
1470
1470
const char *name,
1471
1471
const struct ip6t_ip6 *ipv6,
1472
1472
unsigned int hookmask,
···
1488
1488
1489
1489
static void compat_release_entry(struct compat_ip6t_entry *e)
1490
1490
{
1491
-
struct ip6t_entry_target *t;
1491
+
struct xt_entry_target *t;
1492
1492
struct xt_entry_match *ematch;
1493
1493
1494
1494
/* Cleanup all matches */
···
1509
1509
const char *name)
1510
1510
{
1511
1511
struct xt_entry_match *ematch;
1512
-
struct ip6t_entry_target *t;
1512
+
struct xt_entry_target *t;
1513
1513
struct xt_target *target;
1514
1514
unsigned int entry_offset;
1515
1515
unsigned int j;
···
1591
1591
unsigned int *size, const char *name,
1592
1592
struct xt_table_info *newinfo, unsigned char *base)
1593
1593
{
1594
-
struct ip6t_entry_target *t;
1594
+
struct xt_entry_target *t;
1595
1595
struct xt_target *target;
1596
1596
struct ip6t_entry *de;
1597
1597
unsigned int origsize;
+6
-6
net/sched/act_ipt.c
+6
-6
net/sched/act_ipt.c
···
39
39
.lock = &ipt_lock,
40
40
};
41
41
42
-
static int ipt_init_target(struct ipt_entry_target *t, char *table, unsigned int hook)
42
+
static int ipt_init_target(struct xt_entry_target *t, char *table, unsigned int hook)
43
43
{
44
44
struct xt_tgchk_param par;
45
45
struct xt_target *target;
···
66
66
return 0;
67
67
}
68
68
69
-
static void ipt_destroy_target(struct ipt_entry_target *t)
69
+
static void ipt_destroy_target(struct xt_entry_target *t)
70
70
{
71
71
struct xt_tgdtor_param par = {
72
72
.target = t->u.kernel.target,
···
99
99
[TCA_IPT_TABLE] = { .type = NLA_STRING, .len = IFNAMSIZ },
100
100
[TCA_IPT_HOOK] = { .type = NLA_U32 },
101
101
[TCA_IPT_INDEX] = { .type = NLA_U32 },
102
-
[TCA_IPT_TARG] = { .len = sizeof(struct ipt_entry_target) },
102
+
[TCA_IPT_TARG] = { .len = sizeof(struct xt_entry_target) },
103
103
};
104
104
105
105
static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est,
···
108
108
struct nlattr *tb[TCA_IPT_MAX + 1];
109
109
struct tcf_ipt *ipt;
110
110
struct tcf_common *pc;
111
-
struct ipt_entry_target *td, *t;
111
+
struct xt_entry_target *td, *t;
112
112
char *tname;
113
113
int ret = 0, err;
114
114
u32 hook = 0;
···
126
126
if (tb[TCA_IPT_TARG] == NULL)
127
127
return -EINVAL;
128
128
129
-
td = (struct ipt_entry_target *)nla_data(tb[TCA_IPT_TARG]);
129
+
td = (struct xt_entry_target *)nla_data(tb[TCA_IPT_TARG]);
130
130
if (nla_len(tb[TCA_IPT_TARG]) < td->u.target_size)
131
131
return -EINVAL;
132
132
···
249
249
{
250
250
unsigned char *b = skb_tail_pointer(skb);
251
251
struct tcf_ipt *ipt = a->priv;
252
-
struct ipt_entry_target *t;
252
+
struct xt_entry_target *t;
253
253
struct tcf_t tm;
254
254
struct tc_cnt c;
255
255