netfilter: xtables: move extension arguments into compound structure (4/6)
This patch does this for target extensions' target functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
parent
6be3d8598e
commit
7eb3558655
@ -218,6 +218,22 @@ struct xt_mtdtor_param {
|
||||
void *matchinfo;
|
||||
};
|
||||
|
||||
/**
|
||||
* struct xt_target_param - parameters for target extensions' target functions
|
||||
*
|
||||
* @hooknum: hook through which this target was invoked
|
||||
* @target: struct xt_target through which this function was invoked
|
||||
* @targinfo: per-target data
|
||||
*
|
||||
* Other fields see above.
|
||||
*/
|
||||
struct xt_target_param {
|
||||
const struct net_device *in, *out;
|
||||
unsigned int hooknum;
|
||||
const struct xt_target *target;
|
||||
const void *targinfo;
|
||||
};
|
||||
|
||||
struct xt_match
|
||||
{
|
||||
struct list_head list;
|
||||
@ -269,11 +285,7 @@ struct xt_target
|
||||
must now handle non-linear skbs, using skb_copy_bits and
|
||||
skb_ip_make_writable. */
|
||||
unsigned int (*target)(struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
unsigned int hooknum,
|
||||
const struct xt_target *target,
|
||||
const void *targinfo);
|
||||
const struct xt_target_param *);
|
||||
|
||||
/* Called when user tries to insert an entry of this type:
|
||||
hook_mask is a bitmask of hooks from which it can be
|
||||
|
@ -16,11 +16,9 @@
|
||||
#include <linux/netfilter_bridge/ebt_arpreply.h>
|
||||
|
||||
static unsigned int
|
||||
ebt_arpreply_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hook_nr,
|
||||
const struct xt_target *target, const void *data)
|
||||
ebt_arpreply_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct ebt_arpreply_info *info = data;
|
||||
const struct ebt_arpreply_info *info = par->targinfo;
|
||||
const __be32 *siptr, *diptr;
|
||||
__be32 _sip, _dip;
|
||||
const struct arphdr *ap;
|
||||
@ -53,7 +51,7 @@ ebt_arpreply_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
if (diptr == NULL)
|
||||
return EBT_DROP;
|
||||
|
||||
arp_send(ARPOP_REPLY, ETH_P_ARP, *siptr, (struct net_device *)in,
|
||||
arp_send(ARPOP_REPLY, ETH_P_ARP, *siptr, (struct net_device *)par->in,
|
||||
*diptr, shp, info->mac, shp);
|
||||
|
||||
return info->target;
|
||||
|
@ -15,11 +15,9 @@
|
||||
#include <linux/netfilter_bridge/ebt_nat.h>
|
||||
|
||||
static unsigned int
|
||||
ebt_dnat_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hook_nr,
|
||||
const struct xt_target *target, const void *data)
|
||||
ebt_dnat_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct ebt_nat_info *info = data;
|
||||
const struct ebt_nat_info *info = par->targinfo;
|
||||
|
||||
if (!skb_make_writable(skb, 0))
|
||||
return EBT_DROP;
|
||||
|
@ -195,11 +195,9 @@ out:
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
ebt_log_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknr,
|
||||
const struct xt_target *target, const void *data)
|
||||
ebt_log_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct ebt_log_info *info = data;
|
||||
const struct ebt_log_info *info = par->targinfo;
|
||||
struct nf_loginfo li;
|
||||
|
||||
li.type = NF_LOG_TYPE_LOG;
|
||||
@ -207,11 +205,11 @@ ebt_log_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
li.u.log.logflags = info->bitmask;
|
||||
|
||||
if (info->bitmask & EBT_LOG_NFLOG)
|
||||
nf_log_packet(NFPROTO_BRIDGE, hooknr, skb, in, out, &li,
|
||||
"%s", info->prefix);
|
||||
nf_log_packet(NFPROTO_BRIDGE, par->hooknum, skb, par->in,
|
||||
par->out, &li, "%s", info->prefix);
|
||||
else
|
||||
ebt_log_packet(NFPROTO_BRIDGE, hooknr, skb, in, out, &li,
|
||||
info->prefix);
|
||||
ebt_log_packet(NFPROTO_BRIDGE, par->hooknum, skb, par->in,
|
||||
par->out, &li, info->prefix);
|
||||
return EBT_CONTINUE;
|
||||
}
|
||||
|
||||
|
@ -19,11 +19,9 @@
|
||||
#include <linux/netfilter_bridge/ebt_mark_t.h>
|
||||
|
||||
static unsigned int
|
||||
ebt_mark_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hook_nr,
|
||||
const struct xt_target *target, const void *data)
|
||||
ebt_mark_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct ebt_mark_t_info *info = data;
|
||||
const struct ebt_mark_t_info *info = par->targinfo;
|
||||
int action = info->target & -16;
|
||||
|
||||
if (action == MARK_SET_VALUE)
|
||||
|
@ -20,11 +20,9 @@
|
||||
#include <net/netfilter/nf_log.h>
|
||||
|
||||
static unsigned int
|
||||
ebt_nflog_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknr,
|
||||
const struct xt_target *target, const void *data)
|
||||
ebt_nflog_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct ebt_nflog_info *info = data;
|
||||
const struct ebt_nflog_info *info = par->targinfo;
|
||||
struct nf_loginfo li;
|
||||
|
||||
li.type = NF_LOG_TYPE_ULOG;
|
||||
@ -32,7 +30,8 @@ ebt_nflog_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
li.u.ulog.group = info->group;
|
||||
li.u.ulog.qthreshold = info->threshold;
|
||||
|
||||
nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, "%s", info->prefix);
|
||||
nf_log_packet(PF_BRIDGE, par->hooknum, skb, par->in, par->out,
|
||||
&li, "%s", info->prefix);
|
||||
return EBT_CONTINUE;
|
||||
}
|
||||
|
||||
|
@ -16,20 +16,18 @@
|
||||
#include <linux/netfilter_bridge/ebt_redirect.h>
|
||||
|
||||
static unsigned int
|
||||
ebt_redirect_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknr,
|
||||
const struct xt_target *target, const void *data)
|
||||
ebt_redirect_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct ebt_redirect_info *info = data;
|
||||
const struct ebt_redirect_info *info = par->targinfo;
|
||||
|
||||
if (!skb_make_writable(skb, 0))
|
||||
return EBT_DROP;
|
||||
|
||||
if (hooknr != NF_BR_BROUTING)
|
||||
if (par->hooknum != NF_BR_BROUTING)
|
||||
memcpy(eth_hdr(skb)->h_dest,
|
||||
in->br_port->br->dev->dev_addr, ETH_ALEN);
|
||||
par->in->br_port->br->dev->dev_addr, ETH_ALEN);
|
||||
else
|
||||
memcpy(eth_hdr(skb)->h_dest, in->dev_addr, ETH_ALEN);
|
||||
memcpy(eth_hdr(skb)->h_dest, par->in->dev_addr, ETH_ALEN);
|
||||
skb->pkt_type = PACKET_HOST;
|
||||
return info->target;
|
||||
}
|
||||
|
@ -17,11 +17,9 @@
|
||||
#include <linux/netfilter_bridge/ebt_nat.h>
|
||||
|
||||
static unsigned int
|
||||
ebt_snat_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hook_nr,
|
||||
const struct xt_target *target, const void *data)
|
||||
ebt_snat_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct ebt_nat_info *info = data;
|
||||
const struct ebt_nat_info *info = par->targinfo;
|
||||
|
||||
if (!skb_make_writable(skb, 0))
|
||||
return EBT_DROP;
|
||||
|
@ -247,13 +247,10 @@ static void ebt_log_packet(u_int8_t pf, unsigned int hooknum,
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
ebt_ulog_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknr,
|
||||
const struct xt_target *target, const void *data)
|
||||
ebt_ulog_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct ebt_ulog_info *uloginfo = data;
|
||||
|
||||
ebt_ulog_packet(hooknr, skb, in, out, uloginfo, NULL);
|
||||
ebt_ulog_packet(par->hooknum, skb, par->in, par->out,
|
||||
par->targinfo, NULL);
|
||||
return EBT_CONTINUE;
|
||||
}
|
||||
|
||||
|
@ -64,11 +64,13 @@ static struct xt_target ebt_standard_target = {
|
||||
.targetsize = sizeof(int),
|
||||
};
|
||||
|
||||
static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
|
||||
struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
|
||||
const struct net_device *out)
|
||||
static inline int
|
||||
ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
|
||||
struct xt_target_param *par)
|
||||
{
|
||||
w->u.watcher->target(skb, in, out, hooknr, w->u.watcher, w->data);
|
||||
par->target = w->u.watcher;
|
||||
par->targinfo = w->data;
|
||||
w->u.watcher->target(skb, par);
|
||||
/* watchers don't give a verdict */
|
||||
return 0;
|
||||
}
|
||||
@ -156,10 +158,12 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
|
||||
struct ebt_table_info *private;
|
||||
bool hotdrop = false;
|
||||
struct xt_match_param mtpar;
|
||||
struct xt_target_param tgpar;
|
||||
|
||||
mtpar.in = in;
|
||||
mtpar.out = out;
|
||||
mtpar.in = tgpar.in = in;
|
||||
mtpar.out = tgpar.out = out;
|
||||
mtpar.hotdrop = &hotdrop;
|
||||
tgpar.hooknum = hook;
|
||||
|
||||
read_lock_bh(&table->lock);
|
||||
private = table->private;
|
||||
@ -193,17 +197,18 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
|
||||
|
||||
/* these should only watch: not modify, nor tell us
|
||||
what to do with the packet */
|
||||
EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, hook, in,
|
||||
out);
|
||||
EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
|
||||
|
||||
t = (struct ebt_entry_target *)
|
||||
(((char *)point) + point->target_offset);
|
||||
/* standard target */
|
||||
if (!t->u.target->target)
|
||||
verdict = ((struct ebt_standard_target *)t)->verdict;
|
||||
else
|
||||
verdict = t->u.target->target(skb, in, out, hook,
|
||||
t->u.target, t->data);
|
||||
else {
|
||||
tgpar.target = t->u.target;
|
||||
tgpar.targinfo = t->data;
|
||||
verdict = t->u.target->target(skb, &tgpar);
|
||||
}
|
||||
if (verdict == EBT_ACCEPT) {
|
||||
read_unlock_bh(&table->lock);
|
||||
return NF_ACCEPT;
|
||||
|
@ -200,15 +200,12 @@ static inline int arp_checkentry(const struct arpt_arp *arp)
|
||||
return 1;
|
||||
}
|
||||
|
||||
static unsigned int arpt_error(struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
unsigned int hooknum,
|
||||
const struct xt_target *target,
|
||||
const void *targinfo)
|
||||
static unsigned int
|
||||
arpt_error(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
if (net_ratelimit())
|
||||
printk("arp_tables: error: '%s'\n", (char *)targinfo);
|
||||
printk("arp_tables: error: '%s'\n",
|
||||
(const char *)par->targinfo);
|
||||
|
||||
return NF_DROP;
|
||||
}
|
||||
@ -232,6 +229,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
|
||||
const char *indev, *outdev;
|
||||
void *table_base;
|
||||
const struct xt_table_info *private;
|
||||
struct xt_target_param tgpar;
|
||||
|
||||
if (!pskb_may_pull(skb, arp_hdr_len(skb->dev)))
|
||||
return NF_DROP;
|
||||
@ -245,6 +243,10 @@ unsigned int arpt_do_table(struct sk_buff *skb,
|
||||
e = get_entry(table_base, private->hook_entry[hook]);
|
||||
back = get_entry(table_base, private->underflow[hook]);
|
||||
|
||||
tgpar.in = in;
|
||||
tgpar.out = out;
|
||||
tgpar.hooknum = hook;
|
||||
|
||||
arp = arp_hdr(skb);
|
||||
do {
|
||||
if (arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {
|
||||
@ -290,11 +292,10 @@ unsigned int arpt_do_table(struct sk_buff *skb,
|
||||
/* Targets which reenter must return
|
||||
* abs. verdicts
|
||||
*/
|
||||
tgpar.target = t->u.kernel.target;
|
||||
tgpar.targinfo = t->data;
|
||||
verdict = t->u.kernel.target->target(skb,
|
||||
in, out,
|
||||
hook,
|
||||
t->u.kernel.target,
|
||||
t->data);
|
||||
&tgpar);
|
||||
|
||||
/* Target might have changed stuff. */
|
||||
arp = arp_hdr(skb);
|
||||
|
@ -9,12 +9,9 @@ MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>");
|
||||
MODULE_DESCRIPTION("arptables arp payload mangle target");
|
||||
|
||||
static unsigned int
|
||||
target(struct sk_buff *skb,
|
||||
const struct net_device *in, const struct net_device *out,
|
||||
unsigned int hooknum, const struct xt_target *target,
|
||||
const void *targinfo)
|
||||
target(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct arpt_mangle *mangle = targinfo;
|
||||
const struct arpt_mangle *mangle = par->targinfo;
|
||||
const struct arphdr *arp;
|
||||
unsigned char *arpptr;
|
||||
int pln, hln;
|
||||
|
@ -171,15 +171,11 @@ ip_checkentry(const struct ipt_ip *ip)
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
ipt_error(struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
unsigned int hooknum,
|
||||
const struct xt_target *target,
|
||||
const void *targinfo)
|
||||
ipt_error(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
if (net_ratelimit())
|
||||
printk("ip_tables: error: `%s'\n", (char *)targinfo);
|
||||
printk("ip_tables: error: `%s'\n",
|
||||
(const char *)par->targinfo);
|
||||
|
||||
return NF_DROP;
|
||||
}
|
||||
@ -334,6 +330,7 @@ ipt_do_table(struct sk_buff *skb,
|
||||
struct ipt_entry *e, *back;
|
||||
struct xt_table_info *private;
|
||||
struct xt_match_param mtpar;
|
||||
struct xt_target_param tgpar;
|
||||
|
||||
/* Initialization */
|
||||
ip = ip_hdr(skb);
|
||||
@ -349,8 +346,9 @@ ipt_do_table(struct sk_buff *skb,
|
||||
mtpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET;
|
||||
mtpar.thoff = ip_hdrlen(skb);
|
||||
mtpar.hotdrop = &hotdrop;
|
||||
mtpar.in = in;
|
||||
mtpar.out = out;
|
||||
mtpar.in = tgpar.in = in;
|
||||
mtpar.out = tgpar.out = out;
|
||||
tgpar.hooknum = hook;
|
||||
|
||||
read_lock_bh(&table->lock);
|
||||
IP_NF_ASSERT(table->valid_hooks & (1 << hook));
|
||||
@ -414,16 +412,14 @@ ipt_do_table(struct sk_buff *skb,
|
||||
} else {
|
||||
/* Targets which reenter must return
|
||||
abs. verdicts */
|
||||
tgpar.target = t->u.kernel.target;
|
||||
tgpar.targinfo = t->data;
|
||||
#ifdef CONFIG_NETFILTER_DEBUG
|
||||
((struct ipt_entry *)table_base)->comefrom
|
||||
= 0xeeeeeeec;
|
||||
#endif
|
||||
verdict = t->u.kernel.target->target(skb,
|
||||
in, out,
|
||||
hook,
|
||||
t->u.kernel.target,
|
||||
t->data);
|
||||
|
||||
&tgpar);
|
||||
#ifdef CONFIG_NETFILTER_DEBUG
|
||||
if (((struct ipt_entry *)table_base)->comefrom
|
||||
!= 0xeeeeeeec
|
||||
|
@ -281,11 +281,9 @@ clusterip_responsible(const struct clusterip_config *config, u_int32_t hash)
|
||||
***********************************************************************/
|
||||
|
||||
static unsigned int
|
||||
clusterip_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
clusterip_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct ipt_clusterip_tgt_info *cipinfo = targinfo;
|
||||
const struct ipt_clusterip_tgt_info *cipinfo = par->targinfo;
|
||||
struct nf_conn *ct;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
u_int32_t hash;
|
||||
|
@ -77,11 +77,9 @@ set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
ecn_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
ecn_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct ipt_ECN_info *einfo = targinfo;
|
||||
const struct ipt_ECN_info *einfo = par->targinfo;
|
||||
|
||||
if (einfo->operation & IPT_ECN_OP_SET_IP)
|
||||
if (!set_ect_ip(skb, einfo))
|
||||
|
@ -426,18 +426,16 @@ ipt_log_packet(u_int8_t pf,
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
log_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
log_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct ipt_log_info *loginfo = targinfo;
|
||||
const struct ipt_log_info *loginfo = par->targinfo;
|
||||
struct nf_loginfo li;
|
||||
|
||||
li.type = NF_LOG_TYPE_LOG;
|
||||
li.u.log.level = loginfo->level;
|
||||
li.u.log.logflags = loginfo->logflags;
|
||||
|
||||
ipt_log_packet(NFPROTO_IPV4, hooknum, skb, in, out, &li,
|
||||
ipt_log_packet(NFPROTO_IPV4, par->hooknum, skb, par->in, par->out, &li,
|
||||
loginfo->prefix);
|
||||
return XT_CONTINUE;
|
||||
}
|
||||
|
@ -50,9 +50,7 @@ masquerade_tg_check(const char *tablename, const void *e,
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
masquerade_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
masquerade_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
struct nf_conn *ct;
|
||||
struct nf_conn_nat *nat;
|
||||
@ -62,7 +60,7 @@ masquerade_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct rtable *rt;
|
||||
__be32 newsrc;
|
||||
|
||||
NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING);
|
||||
NF_CT_ASSERT(par->hooknum == NF_INET_POST_ROUTING);
|
||||
|
||||
ct = nf_ct_get(skb, &ctinfo);
|
||||
nat = nfct_nat(ct);
|
||||
@ -76,16 +74,16 @@ masquerade_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip == 0)
|
||||
return NF_ACCEPT;
|
||||
|
||||
mr = targinfo;
|
||||
mr = par->targinfo;
|
||||
rt = skb->rtable;
|
||||
newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
|
||||
newsrc = inet_select_addr(par->out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
|
||||
if (!newsrc) {
|
||||
printk("MASQUERADE: %s ate my IP address\n", out->name);
|
||||
printk("MASQUERADE: %s ate my IP address\n", par->out->name);
|
||||
return NF_DROP;
|
||||
}
|
||||
|
||||
write_lock_bh(&masq_lock);
|
||||
nat->masq_index = out->ifindex;
|
||||
nat->masq_index = par->out->ifindex;
|
||||
write_unlock_bh(&masq_lock);
|
||||
|
||||
/* Transfer from original range. */
|
||||
|
@ -41,24 +41,23 @@ netmap_tg_check(const char *tablename, const void *e,
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
netmap_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
netmap_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
struct nf_conn *ct;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
__be32 new_ip, netmask;
|
||||
const struct nf_nat_multi_range_compat *mr = targinfo;
|
||||
const struct nf_nat_multi_range_compat *mr = par->targinfo;
|
||||
struct nf_nat_range newrange;
|
||||
|
||||
NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING
|
||||
|| hooknum == NF_INET_POST_ROUTING
|
||||
|| hooknum == NF_INET_LOCAL_OUT);
|
||||
NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
|
||||
par->hooknum == NF_INET_POST_ROUTING ||
|
||||
par->hooknum == NF_INET_LOCAL_OUT);
|
||||
ct = nf_ct_get(skb, &ctinfo);
|
||||
|
||||
netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
|
||||
|
||||
if (hooknum == NF_INET_PRE_ROUTING || hooknum == NF_INET_LOCAL_OUT)
|
||||
if (par->hooknum == NF_INET_PRE_ROUTING ||
|
||||
par->hooknum == NF_INET_LOCAL_OUT)
|
||||
new_ip = ip_hdr(skb)->daddr & ~netmask;
|
||||
else
|
||||
new_ip = ip_hdr(skb)->saddr & ~netmask;
|
||||
@ -70,7 +69,7 @@ netmap_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
mr->range[0].min, mr->range[0].max });
|
||||
|
||||
/* Hand modified range to generic setup. */
|
||||
return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(hooknum));
|
||||
return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
|
||||
}
|
||||
|
||||
static struct xt_target netmap_tg_reg __read_mostly = {
|
||||
|
@ -45,24 +45,22 @@ redirect_tg_check(const char *tablename, const void *e,
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
redirect_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
redirect_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
struct nf_conn *ct;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
__be32 newdst;
|
||||
const struct nf_nat_multi_range_compat *mr = targinfo;
|
||||
const struct nf_nat_multi_range_compat *mr = par->targinfo;
|
||||
struct nf_nat_range newrange;
|
||||
|
||||
NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING
|
||||
|| hooknum == NF_INET_LOCAL_OUT);
|
||||
NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
|
||||
par->hooknum == NF_INET_LOCAL_OUT);
|
||||
|
||||
ct = nf_ct_get(skb, &ctinfo);
|
||||
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
|
||||
|
||||
/* Local packets: make them go to loopback */
|
||||
if (hooknum == NF_INET_LOCAL_OUT)
|
||||
if (par->hooknum == NF_INET_LOCAL_OUT)
|
||||
newdst = htonl(0x7F000001);
|
||||
else {
|
||||
struct in_device *indev;
|
||||
|
@ -136,11 +136,9 @@ static inline void send_unreach(struct sk_buff *skb_in, int code)
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
reject_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
reject_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct ipt_reject_info *reject = targinfo;
|
||||
const struct ipt_reject_info *reject = par->targinfo;
|
||||
|
||||
/* WARNING: This code causes reentry within iptables.
|
||||
This means that the iptables jump stack is now crap. We
|
||||
@ -168,7 +166,7 @@ reject_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
send_unreach(skb, ICMP_PKT_FILTERED);
|
||||
break;
|
||||
case IPT_TCP_RESET:
|
||||
send_reset(skb, hooknum);
|
||||
send_reset(skb, par->hooknum);
|
||||
case IPT_ICMP_ECHOREPLY:
|
||||
/* Doesn't happen. */
|
||||
break;
|
||||
|
@ -20,12 +20,10 @@ MODULE_DESCRIPTION("Xtables: IPv4 TTL field modification target");
|
||||
MODULE_LICENSE("GPL");
|
||||
|
||||
static unsigned int
|
||||
ttl_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
ttl_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
struct iphdr *iph;
|
||||
const struct ipt_TTL_info *info = targinfo;
|
||||
const struct ipt_TTL_info *info = par->targinfo;
|
||||
int new_ttl;
|
||||
|
||||
if (!skb_make_writable(skb, skb->len))
|
||||
|
@ -281,14 +281,10 @@ alloc_failure:
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
ulog_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
ulog_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
|
||||
|
||||
ipt_ulog_packet(hooknum, skb, in, out, loginfo, NULL);
|
||||
|
||||
ipt_ulog_packet(par->hooknum, skb, par->in, par->out,
|
||||
par->targinfo, NULL);
|
||||
return XT_CONTINUE;
|
||||
}
|
||||
|
||||
|
@ -67,25 +67,21 @@ static struct xt_table nat_table = {
|
||||
};
|
||||
|
||||
/* Source NAT */
|
||||
static unsigned int ipt_snat_target(struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
unsigned int hooknum,
|
||||
const struct xt_target *target,
|
||||
const void *targinfo)
|
||||
static unsigned int
|
||||
ipt_snat_target(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
struct nf_conn *ct;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
const struct nf_nat_multi_range_compat *mr = targinfo;
|
||||
const struct nf_nat_multi_range_compat *mr = par->targinfo;
|
||||
|
||||
NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING);
|
||||
NF_CT_ASSERT(par->hooknum == NF_INET_POST_ROUTING);
|
||||
|
||||
ct = nf_ct_get(skb, &ctinfo);
|
||||
|
||||
/* Connection must be valid and new. */
|
||||
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
|
||||
ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
|
||||
NF_CT_ASSERT(out);
|
||||
NF_CT_ASSERT(par->out != NULL);
|
||||
|
||||
return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_SRC);
|
||||
}
|
||||
@ -109,28 +105,24 @@ static void warn_if_extra_mangle(struct net *net, __be32 dstip, __be32 srcip)
|
||||
ip_rt_put(rt);
|
||||
}
|
||||
|
||||
static unsigned int ipt_dnat_target(struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
unsigned int hooknum,
|
||||
const struct xt_target *target,
|
||||
const void *targinfo)
|
||||
static unsigned int
|
||||
ipt_dnat_target(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
struct nf_conn *ct;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
const struct nf_nat_multi_range_compat *mr = targinfo;
|
||||
const struct nf_nat_multi_range_compat *mr = par->targinfo;
|
||||
|
||||
NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING ||
|
||||
hooknum == NF_INET_LOCAL_OUT);
|
||||
NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
|
||||
par->hooknum == NF_INET_LOCAL_OUT);
|
||||
|
||||
ct = nf_ct_get(skb, &ctinfo);
|
||||
|
||||
/* Connection must be valid and new. */
|
||||
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
|
||||
|
||||
if (hooknum == NF_INET_LOCAL_OUT &&
|
||||
if (par->hooknum == NF_INET_LOCAL_OUT &&
|
||||
mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)
|
||||
warn_if_extra_mangle(dev_net(out), ip_hdr(skb)->daddr,
|
||||
warn_if_extra_mangle(dev_net(par->out), ip_hdr(skb)->daddr,
|
||||
mr->range[0].min_ip);
|
||||
|
||||
return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST);
|
||||
|
@ -200,15 +200,11 @@ ip6_checkentry(const struct ip6t_ip6 *ipv6)
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
ip6t_error(struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
unsigned int hooknum,
|
||||
const struct xt_target *target,
|
||||
const void *targinfo)
|
||||
ip6t_error(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
if (net_ratelimit())
|
||||
printk("ip6_tables: error: `%s'\n", (char *)targinfo);
|
||||
printk("ip6_tables: error: `%s'\n",
|
||||
(const char *)par->targinfo);
|
||||
|
||||
return NF_DROP;
|
||||
}
|
||||
@ -360,6 +356,7 @@ ip6t_do_table(struct sk_buff *skb,
|
||||
struct ip6t_entry *e, *back;
|
||||
struct xt_table_info *private;
|
||||
struct xt_match_param mtpar;
|
||||
struct xt_target_param tgpar;
|
||||
|
||||
/* Initialization */
|
||||
indev = in ? in->name : nulldevname;
|
||||
@ -371,8 +368,9 @@ ip6t_do_table(struct sk_buff *skb,
|
||||
* rule is also a fragment-specific rule, non-fragments won't
|
||||
* match it. */
|
||||
mtpar.hotdrop = &hotdrop;
|
||||
mtpar.in = in;
|
||||
mtpar.out = out;
|
||||
mtpar.in = tgpar.in = in;
|
||||
mtpar.out = tgpar.out = out;
|
||||
tgpar.hooknum = hook;
|
||||
|
||||
read_lock_bh(&table->lock);
|
||||
IP_NF_ASSERT(table->valid_hooks & (1 << hook));
|
||||
@ -438,15 +436,15 @@ ip6t_do_table(struct sk_buff *skb,
|
||||
} else {
|
||||
/* Targets which reenter must return
|
||||
abs. verdicts */
|
||||
tgpar.target = t->u.kernel.target;
|
||||
tgpar.targinfo = t->data;
|
||||
|
||||
#ifdef CONFIG_NETFILTER_DEBUG
|
||||
((struct ip6t_entry *)table_base)->comefrom
|
||||
= 0xeeeeeeec;
|
||||
#endif
|
||||
verdict = t->u.kernel.target->target(skb,
|
||||
in, out,
|
||||
hook,
|
||||
t->u.kernel.target,
|
||||
t->data);
|
||||
&tgpar);
|
||||
|
||||
#ifdef CONFIG_NETFILTER_DEBUG
|
||||
if (((struct ip6t_entry *)table_base)->comefrom
|
||||
|
@ -19,12 +19,10 @@ MODULE_DESCRIPTION("Xtables: IPv6 Hop Limit field modification target");
|
||||
MODULE_LICENSE("GPL");
|
||||
|
||||
static unsigned int
|
||||
hl_tg6(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
hl_tg6(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
struct ipv6hdr *ip6h;
|
||||
const struct ip6t_HL_info *info = targinfo;
|
||||
const struct ip6t_HL_info *info = par->targinfo;
|
||||
int new_hl;
|
||||
|
||||
if (!skb_make_writable(skb, skb->len))
|
||||
|
@ -438,18 +438,16 @@ ip6t_log_packet(u_int8_t pf,
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
log_tg6(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
log_tg6(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct ip6t_log_info *loginfo = targinfo;
|
||||
const struct ip6t_log_info *loginfo = par->targinfo;
|
||||
struct nf_loginfo li;
|
||||
|
||||
li.type = NF_LOG_TYPE_LOG;
|
||||
li.u.log.level = loginfo->level;
|
||||
li.u.log.logflags = loginfo->logflags;
|
||||
|
||||
ip6t_log_packet(NFPROTO_IPV6, hooknum, skb, in, out,
|
||||
ip6t_log_packet(NFPROTO_IPV6, par->hooknum, skb, par->in, par->out,
|
||||
&li, loginfo->prefix);
|
||||
return XT_CONTINUE;
|
||||
}
|
||||
|
@ -173,12 +173,10 @@ send_unreach(struct net *net, struct sk_buff *skb_in, unsigned char code,
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
reject_tg6(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
reject_tg6(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct ip6t_reject_info *reject = targinfo;
|
||||
struct net *net = dev_net(in ? in : out);
|
||||
const struct ip6t_reject_info *reject = par->targinfo;
|
||||
struct net *net = dev_net((par->in != NULL) ? par->in : par->out);
|
||||
|
||||
pr_debug("%s: medium point\n", __func__);
|
||||
/* WARNING: This code causes reentry within ip6tables.
|
||||
@ -186,19 +184,19 @@ reject_tg6(struct sk_buff *skb, const struct net_device *in,
|
||||
must return an absolute verdict. --RR */
|
||||
switch (reject->with) {
|
||||
case IP6T_ICMP6_NO_ROUTE:
|
||||
send_unreach(net, skb, ICMPV6_NOROUTE, hooknum);
|
||||
send_unreach(net, skb, ICMPV6_NOROUTE, par->hooknum);
|
||||
break;
|
||||
case IP6T_ICMP6_ADM_PROHIBITED:
|
||||
send_unreach(net, skb, ICMPV6_ADM_PROHIBITED, hooknum);
|
||||
send_unreach(net, skb, ICMPV6_ADM_PROHIBITED, par->hooknum);
|
||||
break;
|
||||
case IP6T_ICMP6_NOT_NEIGHBOUR:
|
||||
send_unreach(net, skb, ICMPV6_NOT_NEIGHBOUR, hooknum);
|
||||
send_unreach(net, skb, ICMPV6_NOT_NEIGHBOUR, par->hooknum);
|
||||
break;
|
||||
case IP6T_ICMP6_ADDR_UNREACH:
|
||||
send_unreach(net, skb, ICMPV6_ADDR_UNREACH, hooknum);
|
||||
send_unreach(net, skb, ICMPV6_ADDR_UNREACH, par->hooknum);
|
||||
break;
|
||||
case IP6T_ICMP6_PORT_UNREACH:
|
||||
send_unreach(net, skb, ICMPV6_PORT_UNREACH, hooknum);
|
||||
send_unreach(net, skb, ICMPV6_PORT_UNREACH, par->hooknum);
|
||||
break;
|
||||
case IP6T_ICMP6_ECHOREPLY:
|
||||
/* Do nothing */
|
||||
|
@ -27,11 +27,9 @@ MODULE_ALIAS("ipt_CLASSIFY");
|
||||
MODULE_ALIAS("ip6t_CLASSIFY");
|
||||
|
||||
static unsigned int
|
||||
classify_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
classify_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_classify_target_info *clinfo = targinfo;
|
||||
const struct xt_classify_target_info *clinfo = par->targinfo;
|
||||
|
||||
skb->priority = clinfo->priority;
|
||||
return XT_CONTINUE;
|
||||
|
@ -36,11 +36,9 @@ MODULE_ALIAS("ip6t_CONNMARK");
|
||||
#include <net/netfilter/nf_conntrack_ecache.h>
|
||||
|
||||
static unsigned int
|
||||
connmark_tg_v0(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
connmark_tg_v0(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_connmark_target_info *markinfo = targinfo;
|
||||
const struct xt_connmark_target_info *markinfo = par->targinfo;
|
||||
struct nf_conn *ct;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
u_int32_t diff;
|
||||
@ -77,11 +75,9 @@ connmark_tg_v0(struct sk_buff *skb, const struct net_device *in,
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
connmark_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
connmark_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_connmark_tginfo1 *info = targinfo;
|
||||
const struct xt_connmark_tginfo1 *info = par->targinfo;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
struct nf_conn *ct;
|
||||
u_int32_t newmark;
|
||||
|
@ -65,11 +65,9 @@ static void secmark_restore(struct sk_buff *skb)
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
connsecmark_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
connsecmark_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_connsecmark_target_info *info = targinfo;
|
||||
const struct xt_connsecmark_target_info *info = par->targinfo;
|
||||
|
||||
switch (info->mode) {
|
||||
case CONNSECMARK_SAVE:
|
||||
|
@ -29,11 +29,9 @@ MODULE_ALIAS("ipt_TOS");
|
||||
MODULE_ALIAS("ip6t_TOS");
|
||||
|
||||
static unsigned int
|
||||
dscp_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
dscp_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_DSCP_info *dinfo = targinfo;
|
||||
const struct xt_DSCP_info *dinfo = par->targinfo;
|
||||
u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
|
||||
|
||||
if (dscp != dinfo->dscp) {
|
||||
@ -48,11 +46,9 @@ dscp_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
dscp_tg6(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
dscp_tg6(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_DSCP_info *dinfo = targinfo;
|
||||
const struct xt_DSCP_info *dinfo = par->targinfo;
|
||||
u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT;
|
||||
|
||||
if (dscp != dinfo->dscp) {
|
||||
@ -80,11 +76,9 @@ dscp_tg_check(const char *tablename, const void *e_void,
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
tos_tg_v0(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
tos_tg_v0(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct ipt_tos_target_info *info = targinfo;
|
||||
const struct ipt_tos_target_info *info = par->targinfo;
|
||||
struct iphdr *iph = ip_hdr(skb);
|
||||
u_int8_t oldtos;
|
||||
|
||||
@ -119,11 +113,9 @@ tos_tg_check_v0(const char *tablename, const void *e_void,
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
tos_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
tos_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_tos_target_info *info = targinfo;
|
||||
const struct xt_tos_target_info *info = par->targinfo;
|
||||
struct iphdr *iph = ip_hdr(skb);
|
||||
u_int8_t orig, nv;
|
||||
|
||||
@ -141,11 +133,9 @@ tos_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
tos_tg6(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
tos_tg6(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_tos_target_info *info = targinfo;
|
||||
const struct xt_tos_target_info *info = par->targinfo;
|
||||
struct ipv6hdr *iph = ipv6_hdr(skb);
|
||||
u_int8_t orig, nv;
|
||||
|
||||
|
@ -25,22 +25,18 @@ MODULE_ALIAS("ipt_MARK");
|
||||
MODULE_ALIAS("ip6t_MARK");
|
||||
|
||||
static unsigned int
|
||||
mark_tg_v0(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
mark_tg_v0(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_mark_target_info *markinfo = targinfo;
|
||||
const struct xt_mark_target_info *markinfo = par->targinfo;
|
||||
|
||||
skb->mark = markinfo->mark;
|
||||
return XT_CONTINUE;
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
mark_tg_v1(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
mark_tg_v1(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_mark_target_info_v1 *markinfo = targinfo;
|
||||
const struct xt_mark_target_info_v1 *markinfo = par->targinfo;
|
||||
int mark = 0;
|
||||
|
||||
switch (markinfo->mode) {
|
||||
@ -62,11 +58,9 @@ mark_tg_v1(struct sk_buff *skb, const struct net_device *in,
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
mark_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
mark_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_mark_tginfo2 *info = targinfo;
|
||||
const struct xt_mark_tginfo2 *info = par->targinfo;
|
||||
|
||||
skb->mark = (skb->mark & ~info->mask) ^ info->mark;
|
||||
return XT_CONTINUE;
|
||||
|
@ -21,11 +21,9 @@ MODULE_ALIAS("ipt_NFLOG");
|
||||
MODULE_ALIAS("ip6t_NFLOG");
|
||||
|
||||
static unsigned int
|
||||
nflog_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
nflog_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_nflog_info *info = targinfo;
|
||||
const struct xt_nflog_info *info = par->targinfo;
|
||||
struct nf_loginfo li;
|
||||
|
||||
li.type = NF_LOG_TYPE_ULOG;
|
||||
@ -33,8 +31,8 @@ nflog_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
li.u.ulog.group = info->group;
|
||||
li.u.ulog.qthreshold = info->threshold;
|
||||
|
||||
nf_log_packet(target->family, hooknum, skb, in, out, &li,
|
||||
"%s", info->prefix);
|
||||
nf_log_packet(par->target->family, par->hooknum, skb, par->in,
|
||||
par->out, &li, "%s", info->prefix);
|
||||
return XT_CONTINUE;
|
||||
}
|
||||
|
||||
|
@ -24,11 +24,9 @@ MODULE_ALIAS("ip6t_NFQUEUE");
|
||||
MODULE_ALIAS("arpt_NFQUEUE");
|
||||
|
||||
static unsigned int
|
||||
nfqueue_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
nfqueue_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_NFQ_info *tinfo = targinfo;
|
||||
const struct xt_NFQ_info *tinfo = par->targinfo;
|
||||
|
||||
return NF_QUEUE_NR(tinfo->queuenum);
|
||||
}
|
||||
|
@ -13,9 +13,7 @@ MODULE_ALIAS("ipt_NOTRACK");
|
||||
MODULE_ALIAS("ip6t_NOTRACK");
|
||||
|
||||
static unsigned int
|
||||
notrack_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
notrack_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
/* Previously seen (loopback)? Ignore. */
|
||||
if (skb->nfct != NULL)
|
||||
|
@ -71,14 +71,9 @@ void xt_rateest_put(struct xt_rateest *est)
|
||||
EXPORT_SYMBOL_GPL(xt_rateest_put);
|
||||
|
||||
static unsigned int
|
||||
xt_rateest_tg(struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
unsigned int hooknum,
|
||||
const struct xt_target *target,
|
||||
const void *targinfo)
|
||||
xt_rateest_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_rateest_target_info *info = targinfo;
|
||||
const struct xt_rateest_target_info *info = par->targinfo;
|
||||
struct gnet_stats_basic *stats = &info->est->bstats;
|
||||
|
||||
spin_lock_bh(&info->est->lock);
|
||||
|
@ -29,12 +29,10 @@ MODULE_ALIAS("ip6t_SECMARK");
|
||||
static u8 mode;
|
||||
|
||||
static unsigned int
|
||||
secmark_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
secmark_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
u32 secmark = 0;
|
||||
const struct xt_secmark_target_info *info = targinfo;
|
||||
const struct xt_secmark_target_info *info = par->targinfo;
|
||||
|
||||
BUG_ON(info->mode != mode);
|
||||
|
||||
|
@ -174,15 +174,13 @@ static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
tcpmss_tg4(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
tcpmss_tg4(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
struct iphdr *iph = ip_hdr(skb);
|
||||
__be16 newlen;
|
||||
int ret;
|
||||
|
||||
ret = tcpmss_mangle_packet(skb, targinfo,
|
||||
ret = tcpmss_mangle_packet(skb, par->targinfo,
|
||||
tcpmss_reverse_mtu(skb, PF_INET),
|
||||
iph->ihl * 4,
|
||||
sizeof(*iph) + sizeof(struct tcphdr));
|
||||
@ -199,9 +197,7 @@ tcpmss_tg4(struct sk_buff *skb, const struct net_device *in,
|
||||
|
||||
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
|
||||
static unsigned int
|
||||
tcpmss_tg6(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
tcpmss_tg6(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
struct ipv6hdr *ipv6h = ipv6_hdr(skb);
|
||||
u8 nexthdr;
|
||||
@ -212,7 +208,7 @@ tcpmss_tg6(struct sk_buff *skb, const struct net_device *in,
|
||||
tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr);
|
||||
if (tcphoff < 0)
|
||||
return NF_DROP;
|
||||
ret = tcpmss_mangle_packet(skb, targinfo,
|
||||
ret = tcpmss_mangle_packet(skb, par->targinfo,
|
||||
tcpmss_reverse_mtu(skb, PF_INET6),
|
||||
tcphoff,
|
||||
sizeof(*ipv6h) + sizeof(struct tcphdr));
|
||||
|
@ -75,19 +75,15 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb,
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
tcpoptstrip_tg4(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
tcpoptstrip_tg4(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
return tcpoptstrip_mangle_packet(skb, targinfo, ip_hdrlen(skb),
|
||||
return tcpoptstrip_mangle_packet(skb, par->targinfo, ip_hdrlen(skb),
|
||||
sizeof(struct iphdr) + sizeof(struct tcphdr));
|
||||
}
|
||||
|
||||
#if defined(CONFIG_IP6_NF_MANGLE) || defined(CONFIG_IP6_NF_MANGLE_MODULE)
|
||||
static unsigned int
|
||||
tcpoptstrip_tg6(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
tcpoptstrip_tg6(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
struct ipv6hdr *ipv6h = ipv6_hdr(skb);
|
||||
int tcphoff;
|
||||
@ -98,7 +94,7 @@ tcpoptstrip_tg6(struct sk_buff *skb, const struct net_device *in,
|
||||
if (tcphoff < 0)
|
||||
return NF_DROP;
|
||||
|
||||
return tcpoptstrip_mangle_packet(skb, targinfo, tcphoff,
|
||||
return tcpoptstrip_mangle_packet(skb, par->targinfo, tcphoff,
|
||||
sizeof(*ipv6h) + sizeof(struct tcphdr));
|
||||
}
|
||||
#endif
|
||||
|
@ -25,15 +25,10 @@
|
||||
#include <net/netfilter/nf_tproxy_core.h>
|
||||
|
||||
static unsigned int
|
||||
tproxy_tg(struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
unsigned int hooknum,
|
||||
const struct xt_target *target,
|
||||
const void *targinfo)
|
||||
tproxy_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct iphdr *iph = ip_hdr(skb);
|
||||
const struct xt_tproxy_target_info *tgi = targinfo;
|
||||
const struct xt_tproxy_target_info *tgi = par->targinfo;
|
||||
struct udphdr _hdr, *hp;
|
||||
struct sock *sk;
|
||||
|
||||
@ -44,7 +39,7 @@ tproxy_tg(struct sk_buff *skb,
|
||||
sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), iph->protocol,
|
||||
iph->saddr, tgi->laddr ? tgi->laddr : iph->daddr,
|
||||
hp->source, tgi->lport ? tgi->lport : hp->dest,
|
||||
in, true);
|
||||
par->in, true);
|
||||
|
||||
/* NOTE: assign_sock consumes our sk reference */
|
||||
if (sk && nf_tproxy_assign_sock(skb, sk)) {
|
||||
|
@ -11,9 +11,7 @@ MODULE_ALIAS("ipt_TRACE");
|
||||
MODULE_ALIAS("ip6t_TRACE");
|
||||
|
||||
static unsigned int
|
||||
trace_tg(struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
trace_tg(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
skb->nf_trace = 1;
|
||||
return XT_CONTINUE;
|
||||
|
@ -188,6 +188,7 @@ static int tcf_ipt(struct sk_buff *skb, struct tc_action *a,
|
||||
{
|
||||
int ret = 0, result = 0;
|
||||
struct tcf_ipt *ipt = a->priv;
|
||||
struct xt_target_param par;
|
||||
|
||||
if (skb_cloned(skb)) {
|
||||
if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
|
||||
@ -203,10 +204,13 @@ static int tcf_ipt(struct sk_buff *skb, struct tc_action *a,
|
||||
/* yes, we have to worry about both in and out dev
|
||||
worry later - danger - this API seems to have changed
|
||||
from earlier kernels */
|
||||
ret = ipt->tcfi_t->u.kernel.target->target(skb, skb->dev, NULL,
|
||||
ipt->tcfi_hook,
|
||||
ipt->tcfi_t->u.kernel.target,
|
||||
ipt->tcfi_t->data);
|
||||
par.in = skb->dev;
|
||||
par.out = NULL;
|
||||
par.hooknum = ipt->tcfi_hook;
|
||||
par.target = ipt->tcfi_t->u.kernel.target;
|
||||
par.targinfo = ipt->tcfi_t->data;
|
||||
ret = par.target->target(skb, &par);
|
||||
|
||||
switch (ret) {
|
||||
case NF_ACCEPT:
|
||||
result = TC_ACT_OK;
|
||||
|
Loading…
Reference in New Issue
Block a user