]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commitdiff
netfilter: move Ebtables to use Xtables
authorJan Engelhardt <jengelh@medozas.de>
Wed, 8 Oct 2008 09:35:15 +0000 (11:35 +0200)
committerPatrick McHardy <kaber@trash.net>
Wed, 8 Oct 2008 09:35:15 +0000 (11:35 +0200)
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
22 files changed:
include/linux/netfilter_bridge/ebtables.h
net/bridge/netfilter/Kconfig
net/bridge/netfilter/ebt_802_3.c
net/bridge/netfilter/ebt_among.c
net/bridge/netfilter/ebt_arp.c
net/bridge/netfilter/ebt_arpreply.c
net/bridge/netfilter/ebt_dnat.c
net/bridge/netfilter/ebt_ip.c
net/bridge/netfilter/ebt_ip6.c
net/bridge/netfilter/ebt_limit.c
net/bridge/netfilter/ebt_log.c
net/bridge/netfilter/ebt_mark.c
net/bridge/netfilter/ebt_mark_m.c
net/bridge/netfilter/ebt_nflog.c
net/bridge/netfilter/ebt_pkttype.c
net/bridge/netfilter/ebt_redirect.c
net/bridge/netfilter/ebt_snat.c
net/bridge/netfilter/ebt_stp.c
net/bridge/netfilter/ebt_ulog.c
net/bridge/netfilter/ebt_vlan.c
net/bridge/netfilter/ebtables.c
net/netfilter/x_tables.c

index f20a57da7a25166babbcaba28bf23e72f04c7400..d3f9243b9d9b9bc3e6572542689863dc5c60853a 100644 (file)
@@ -124,7 +124,7 @@ struct ebt_entry_match
 {
        union {
                char name[EBT_FUNCTION_MAXNAMELEN];
-               struct ebt_match *match;
+               struct xt_match *match;
        } u;
        /* size of data */
        unsigned int match_size;
@@ -135,7 +135,7 @@ struct ebt_entry_watcher
 {
        union {
                char name[EBT_FUNCTION_MAXNAMELEN];
-               struct ebt_watcher *watcher;
+               struct xt_target *watcher;
        } u;
        /* size of data */
        unsigned int watcher_size;
@@ -146,7 +146,7 @@ struct ebt_entry_target
 {
        union {
                char name[EBT_FUNCTION_MAXNAMELEN];
-               struct ebt_target *target;
+               struct xt_target *target;
        } u;
        /* size of data */
        unsigned int target_size;
index 909479794999df06c015914542c834ddadd534cb..e7c197ffb2f44886188fb8251d83955423311c24 100644 (file)
@@ -7,6 +7,7 @@ menu "Bridge: Netfilter Configuration"
 
 config BRIDGE_NF_EBTABLES
        tristate "Ethernet Bridge tables (ebtables) support"
+       select NETFILTER_XTABLES
        help
          ebtables is a general, extensible frame/packet identification
          framework. Say 'Y' or 'M' here if you want to do Ethernet
index 6f1a69c28ed9a9abe1dd3ab773353f15d014dab0..6fc2a59e09a1a62a56ffaaf558cb777cc5832c21 100644 (file)
@@ -51,8 +51,8 @@ ebt_802_3_mt_check(const char *table, const void *entry,
        return true;
 }
 
-static struct ebt_match filter_802_3 __read_mostly = {
-       .name           = EBT_802_3_MATCH,
+static struct xt_match ebt_802_3_mt_reg __read_mostly = {
+       .name           = "802_3",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .match          = ebt_802_3_mt,
@@ -63,12 +63,12 @@ static struct ebt_match filter_802_3 __read_mostly = {
 
 static int __init ebt_802_3_init(void)
 {
-       return ebt_register_match(&filter_802_3);
+       return xt_register_match(&ebt_802_3_mt_reg);
 }
 
 static void __exit ebt_802_3_fini(void)
 {
-       ebt_unregister_match(&filter_802_3);
+       xt_unregister_match(&ebt_802_3_mt_reg);
 }
 
 module_init(ebt_802_3_init);
index 84a306f085b5f4e9e96ed7a41e104a69fe713687..084559e1840fd0e4aca8b3919e6a61155e5efba2 100644 (file)
@@ -7,12 +7,12 @@
  *  August, 2003
  *
  */
-
-#include <linux/netfilter_bridge/ebtables.h>
-#include <linux/netfilter_bridge/ebt_among.h>
 #include <linux/ip.h>
 #include <linux/if_arp.h>
 #include <linux/module.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter_bridge/ebtables.h>
+#include <linux/netfilter_bridge/ebt_among.h>
 
 static bool ebt_mac_wormhash_contains(const struct ebt_mac_wormhash *wh,
                                      const char *mac, __be32 ip)
@@ -211,8 +211,8 @@ ebt_among_mt_check(const char *table, const void *entry,
        return true;
 }
 
-static struct ebt_match filter_among __read_mostly = {
-       .name           = EBT_AMONG_MATCH,
+static struct xt_match ebt_among_mt_reg __read_mostly = {
+       .name           = "among",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .match          = ebt_among_mt,
@@ -223,12 +223,12 @@ static struct ebt_match filter_among __read_mostly = {
 
 static int __init ebt_among_init(void)
 {
-       return ebt_register_match(&filter_among);
+       return xt_register_match(&ebt_among_mt_reg);
 }
 
 static void __exit ebt_among_fini(void)
 {
-       ebt_unregister_match(&filter_among);
+       xt_unregister_match(&ebt_among_mt_reg);
 }
 
 module_init(ebt_among_init);
index 6e7cd2f5ad741615fb30f923feb6055f2802d633..a073dffe7a11e1993eeade9d6f65acc87e3960f2 100644 (file)
@@ -119,8 +119,8 @@ ebt_arp_mt_check(const char *table, const void *entry,
        return true;
 }
 
-static struct ebt_match filter_arp __read_mostly = {
-       .name           = EBT_ARP_MATCH,
+static struct xt_match ebt_arp_mt_reg __read_mostly = {
+       .name           = "arp",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .match          = ebt_arp_mt,
@@ -131,12 +131,12 @@ static struct ebt_match filter_arp __read_mostly = {
 
 static int __init ebt_arp_init(void)
 {
-       return ebt_register_match(&filter_arp);
+       return xt_register_match(&ebt_arp_mt_reg);
 }
 
 static void __exit ebt_arp_fini(void)
 {
-       ebt_unregister_match(&filter_arp);
+       xt_unregister_match(&ebt_arp_mt_reg);
 }
 
 module_init(ebt_arp_init);
index 6f2f6589777075af32cd6645f2600479479a5988..8071b64af46f17524c386d6d2041cb49bf21b8d5 100644 (file)
@@ -78,8 +78,8 @@ ebt_arpreply_tg_check(const char *tablename, const void *entry,
        return true;
 }
 
-static struct ebt_target reply_target __read_mostly = {
-       .name           = EBT_ARPREPLY_TARGET,
+static struct xt_target ebt_arpreply_tg_reg __read_mostly = {
+       .name           = "arpreply",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .target         = ebt_arpreply_tg,
@@ -90,12 +90,12 @@ static struct ebt_target reply_target __read_mostly = {
 
 static int __init ebt_arpreply_init(void)
 {
-       return ebt_register_target(&reply_target);
+       return xt_register_target(&ebt_arpreply_tg_reg);
 }
 
 static void __exit ebt_arpreply_fini(void)
 {
-       ebt_unregister_target(&reply_target);
+       xt_unregister_target(&ebt_arpreply_tg_reg);
 }
 
 module_init(ebt_arpreply_init);
index b7cc013bd37795e1da581b9e4b3556b428f0aa08..d2211c4a477e4e842f7ce9a4bdadeb6757b06088 100644 (file)
@@ -47,8 +47,8 @@ ebt_dnat_tg_check(const char *tablename, const void *entry,
        return true;
 }
 
-static struct ebt_target dnat __read_mostly = {
-       .name           = EBT_DNAT_TARGET,
+static struct xt_target ebt_dnat_tg_reg __read_mostly = {
+       .name           = "dnat",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .target         = ebt_dnat_tg,
@@ -59,12 +59,12 @@ static struct ebt_target dnat __read_mostly = {
 
 static int __init ebt_dnat_init(void)
 {
-       return ebt_register_target(&dnat);
+       return xt_register_target(&ebt_dnat_tg_reg);
 }
 
 static void __exit ebt_dnat_fini(void)
 {
-       ebt_unregister_target(&dnat);
+       xt_unregister_target(&ebt_dnat_tg_reg);
 }
 
 module_init(ebt_dnat_init);
index e7f3b1776b0282004be9f8e23a49056d7081ca5b..b42c7ce799b38199a43785576266ee2218a25ccc 100644 (file)
@@ -109,8 +109,8 @@ ebt_ip_mt_check(const char *table, const void *entry,
        return true;
 }
 
-static struct ebt_match filter_ip __read_mostly = {
-       .name           = EBT_IP_MATCH,
+static struct xt_match ebt_ip_mt_reg __read_mostly = {
+       .name           = "ip",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .match          = ebt_ip_mt,
@@ -121,12 +121,12 @@ static struct ebt_match filter_ip __read_mostly = {
 
 static int __init ebt_ip_init(void)
 {
-       return ebt_register_match(&filter_ip);
+       return xt_register_match(&ebt_ip_mt_reg);
 }
 
 static void __exit ebt_ip_fini(void)
 {
-       ebt_unregister_match(&filter_ip);
+       xt_unregister_match(&ebt_ip_mt_reg);
 }
 
 module_init(ebt_ip_init);
index 807685da2934d211d8f29e57c226d9d8722bab8b..317e624ae59fa84303fdc4ef074fc4b73cd7182c 100644 (file)
@@ -121,9 +121,8 @@ ebt_ip6_mt_check(const char *table, const void *entry,
        return true;
 }
 
-static struct ebt_match filter_ip6 =
-{
-       .name           = EBT_IP6_MATCH,
+static struct xt_match ebt_ip6_mt_reg __read_mostly = {
+       .name           = "ip6",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .match          = ebt_ip6_mt,
@@ -134,12 +133,12 @@ static struct ebt_match filter_ip6 =
 
 static int __init ebt_ip6_init(void)
 {
-       return ebt_register_match(&filter_ip6);
+       return xt_register_match(&ebt_ip6_mt_reg);
 }
 
 static void __exit ebt_ip6_fini(void)
 {
-       ebt_unregister_match(&filter_ip6);
+       xt_unregister_match(&ebt_ip6_mt_reg);
 }
 
 module_init(ebt_ip6_init);
index d3372739227ec01f7f25196550db32ed5dde6050..43d9a50036330ee6016fbec9a10988f6264b09d2 100644 (file)
@@ -89,8 +89,8 @@ ebt_limit_mt_check(const char *table, const void *e,
        return true;
 }
 
-static struct ebt_match ebt_limit_reg __read_mostly = {
-       .name           = EBT_LIMIT_MATCH,
+static struct xt_match ebt_limit_mt_reg __read_mostly = {
+       .name           = "limit",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .match          = ebt_limit_mt,
@@ -101,12 +101,12 @@ static struct ebt_match ebt_limit_reg __read_mostly = {
 
 static int __init ebt_limit_init(void)
 {
-       return ebt_register_match(&ebt_limit_reg);
+       return xt_register_match(&ebt_limit_mt_reg);
 }
 
 static void __exit ebt_limit_fini(void)
 {
-       ebt_unregister_match(&ebt_limit_reg);
+       xt_unregister_match(&ebt_limit_mt_reg);
 }
 
 module_init(ebt_limit_init);
index 424dfdf7f27e452467811c89406f71cfd9c729ab..b40f9ed4c343290591512fc41e08cba4c699847b 100644 (file)
@@ -215,9 +215,8 @@ ebt_log_tg(struct sk_buff *skb, const struct net_device *in,
        return EBT_CONTINUE;
 }
 
-static struct ebt_watcher log =
-{
-       .name           = EBT_LOG_WATCHER,
+static struct xt_target ebt_log_tg_reg __read_mostly = {
+       .name           = "log",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .target         = ebt_log_tg,
@@ -236,7 +235,7 @@ static int __init ebt_log_init(void)
 {
        int ret;
 
-       ret = ebt_register_watcher(&log);
+       ret = xt_register_target(&ebt_log_tg_reg);
        if (ret < 0)
                return ret;
        nf_log_register(NFPROTO_BRIDGE, &ebt_log_logger);
@@ -246,7 +245,7 @@ static int __init ebt_log_init(void)
 static void __exit ebt_log_fini(void)
 {
        nf_log_unregister(&ebt_log_logger);
-       ebt_unregister_watcher(&log);
+       xt_unregister_target(&ebt_log_tg_reg);
 }
 
 module_init(ebt_log_init);
index 92c67271bd8d8c15a797bb6a25e14de7d984b590..dff19fc91cf50d0dd914a629d9e67d43bd0b320b 100644 (file)
@@ -59,8 +59,8 @@ ebt_mark_tg_check(const char *table, const void *e,
        return true;
 }
 
-static struct ebt_target mark_target __read_mostly = {
-       .name           = EBT_MARK_TARGET,
+static struct xt_target ebt_mark_tg_reg __read_mostly = {
+       .name           = "mark",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .target         = ebt_mark_tg,
@@ -71,12 +71,12 @@ static struct ebt_target mark_target __read_mostly = {
 
 static int __init ebt_mark_init(void)
 {
-       return ebt_register_target(&mark_target);
+       return xt_register_target(&ebt_mark_tg_reg);
 }
 
 static void __exit ebt_mark_fini(void)
 {
-       ebt_unregister_target(&mark_target);
+       xt_unregister_target(&ebt_mark_tg_reg);
 }
 
 module_init(ebt_mark_init);
index db64a0de4f741428497b8fc1e3bf46caa508153d..aa6781c7f98b77e90e1cbe1f8790f286680f669d 100644 (file)
@@ -40,8 +40,8 @@ ebt_mark_mt_check(const char *table, const void *e,
        return true;
 }
 
-static struct ebt_match filter_mark __read_mostly = {
-       .name           = EBT_MARK_MATCH,
+static struct xt_match ebt_mark_mt_reg __read_mostly = {
+       .name           = "mark_m",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .match          = ebt_mark_mt,
@@ -52,12 +52,12 @@ static struct ebt_match filter_mark __read_mostly = {
 
 static int __init ebt_mark_m_init(void)
 {
-       return ebt_register_match(&filter_mark);
+       return xt_register_match(&ebt_mark_mt_reg);
 }
 
 static void __exit ebt_mark_m_fini(void)
 {
-       ebt_unregister_match(&filter_mark);
+       xt_unregister_match(&ebt_mark_mt_reg);
 }
 
 module_init(ebt_mark_m_init);
index b415f887188350a705efee64d9cd0ccb07d1c7b4..917ac3600791d2238a78861da85f86b19f4e4fbc 100644 (file)
@@ -49,24 +49,24 @@ ebt_nflog_tg_check(const char *table, const void *e,
        return true;
 }
 
-static struct ebt_watcher nflog __read_mostly = {
-       .name = EBT_NFLOG_WATCHER,
-       .revision = 0,
-       .family = NFPROTO_BRIDGE,
-       .target = ebt_nflog_tg,
+static struct xt_target ebt_nflog_tg_reg __read_mostly = {
+       .name       = "nflog",
+       .revision   = 0,
+       .family     = NFPROTO_BRIDGE,
+       .target     = ebt_nflog_tg,
        .checkentry = ebt_nflog_tg_check,
        .targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)),
-       .me = THIS_MODULE,
+       .me         = THIS_MODULE,
 };
 
 static int __init ebt_nflog_init(void)
 {
-       return ebt_register_watcher(&nflog);
+       return xt_register_target(&ebt_nflog_tg_reg);
 }
 
 static void __exit ebt_nflog_fini(void)
 {
-       ebt_unregister_watcher(&nflog);
+       xt_unregister_target(&ebt_nflog_tg_reg);
 }
 
 module_init(ebt_nflog_init);
index 06393452ef91cbca6b7c9b2eee75dbbf03a6ce1c..1c04ce5a52c77fda4ab3ba144998f2093dca804e 100644 (file)
@@ -36,8 +36,8 @@ ebt_pkttype_mt_check(const char *table, const void *e,
        return true;
 }
 
-static struct ebt_match filter_pkttype __read_mostly = {
-       .name           = EBT_PKTTYPE_MATCH,
+static struct xt_match ebt_pkttype_mt_reg __read_mostly = {
+       .name           = "pkttype",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .match          = ebt_pkttype_mt,
@@ -48,12 +48,12 @@ static struct ebt_match filter_pkttype __read_mostly = {
 
 static int __init ebt_pkttype_init(void)
 {
-       return ebt_register_match(&filter_pkttype);
+       return xt_register_match(&ebt_pkttype_mt_reg);
 }
 
 static void __exit ebt_pkttype_fini(void)
 {
-       ebt_unregister_match(&filter_pkttype);
+       xt_unregister_match(&ebt_pkttype_mt_reg);
 }
 
 module_init(ebt_pkttype_init);
index e9540cf4f6d67d80f61add7e73c20559bd386ae9..1b7684ffe4045e89b4fb7e66c606c519cf10bab8 100644 (file)
@@ -52,8 +52,8 @@ ebt_redirect_tg_check(const char *tablename, const void *e,
        return true;
 }
 
-static struct ebt_target redirect_target __read_mostly = {
-       .name           = EBT_REDIRECT_TARGET,
+static struct xt_target ebt_redirect_tg_reg __read_mostly = {
+       .name           = "redirect",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .target         = ebt_redirect_tg,
@@ -64,12 +64,12 @@ static struct ebt_target redirect_target __read_mostly = {
 
 static int __init ebt_redirect_init(void)
 {
-       return ebt_register_target(&redirect_target);
+       return xt_register_target(&ebt_redirect_tg_reg);
 }
 
 static void __exit ebt_redirect_fini(void)
 {
-       ebt_unregister_target(&redirect_target);
+       xt_unregister_target(&ebt_redirect_tg_reg);
 }
 
 module_init(ebt_redirect_init);
index 363d0051e04bc367b2dbf7c464b4076bf788d43a..c90217a4f9e117b27d855e1b3481519c35d66b8f 100644 (file)
@@ -69,8 +69,8 @@ ebt_snat_tg_check(const char *tablename, const void *e,
        return true;
 }
 
-static struct ebt_target snat __read_mostly = {
-       .name           = EBT_SNAT_TARGET,
+static struct xt_target ebt_snat_tg_reg __read_mostly = {
+       .name           = "snat",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .target         = ebt_snat_tg,
@@ -81,12 +81,12 @@ static struct ebt_target snat __read_mostly = {
 
 static int __init ebt_snat_init(void)
 {
-       return ebt_register_target(&snat);
+       return xt_register_target(&ebt_snat_tg_reg);
 }
 
 static void __exit ebt_snat_fini(void)
 {
-       ebt_unregister_target(&snat);
+       xt_unregister_target(&ebt_snat_tg_reg);
 }
 
 module_init(ebt_snat_init);
index 7576d1d62a496bd87d319f3d8b6c499e35bfca29..28bb48b67a8005e7eaea0857f44cfefc1c6a84c0 100644 (file)
@@ -176,8 +176,8 @@ ebt_stp_mt_check(const char *table, const void *entry,
        return true;
 }
 
-static struct ebt_match filter_stp __read_mostly = {
-       .name           = EBT_STP_MATCH,
+static struct xt_match ebt_stp_mt_reg __read_mostly = {
+       .name           = "stp",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .match          = ebt_stp_mt,
@@ -188,12 +188,12 @@ static struct ebt_match filter_stp __read_mostly = {
 
 static int __init ebt_stp_init(void)
 {
-       return ebt_register_match(&filter_stp);
+       return xt_register_match(&ebt_stp_mt_reg);
 }
 
 static void __exit ebt_stp_fini(void)
 {
-       ebt_unregister_match(&filter_stp);
+       xt_unregister_match(&ebt_stp_mt_reg);
 }
 
 module_init(ebt_stp_init);
index 77ff9c46b26829310eccf7ebf7be8ac8c2a459cb..25ca6467349e7d29bb2a07067211c967233e5600 100644 (file)
@@ -275,8 +275,8 @@ ebt_ulog_tg_check(const char *table, const void *entry,
        return 0;
 }
 
-static struct ebt_watcher ulog __read_mostly = {
-       .name           = EBT_ULOG_WATCHER,
+static struct xt_target ebt_ulog_tg_reg __read_mostly = {
+       .name           = "ulog",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .target         = ebt_ulog_tg,
@@ -286,7 +286,7 @@ static struct ebt_watcher ulog __read_mostly = {
 };
 
 static const struct nf_logger ebt_ulog_logger = {
-       .name           = EBT_ULOG_WATCHER,
+       .name           = "ulog",
        .logfn          = &ebt_log_packet,
        .me             = THIS_MODULE,
 };
@@ -315,7 +315,7 @@ static int __init ebt_ulog_init(void)
                printk(KERN_WARNING KBUILD_MODNAME ": out of memory trying to "
                       "call netlink_kernel_create\n");
                ret = false;
-       } else if (ebt_register_watcher(&ulog) != 0) {
+       } else if (xt_register_target(&ebt_ulog_tg_reg) != 0) {
                netlink_kernel_release(ebtulognl);
        }
 
@@ -331,7 +331,7 @@ static void __exit ebt_ulog_fini(void)
        int i;
 
        nf_log_unregister(&ebt_ulog_logger);
-       ebt_unregister_watcher(&ulog);
+       xt_unregister_target(&ebt_ulog_tg_reg);
        for (i = 0; i < EBT_ULOG_MAXNLGROUPS; i++) {
                ub = &ulog_buffers[i];
                if (timer_pending(&ub->timer))
index 3af688b0fc3743497d95768caa13e2c410b191b9..5addef6d62f0d9a7ba53bdb6b6e7d281966ebd6d 100644 (file)
@@ -162,8 +162,8 @@ ebt_vlan_mt_check(const char *table, const void *entry,
        return true;
 }
 
-static struct ebt_match filter_vlan __read_mostly = {
-       .name           = EBT_VLAN_MATCH,
+static struct xt_match ebt_vlan_mt_reg __read_mostly = {
+       .name           = "vlan",
        .revision       = 0,
        .family         = NFPROTO_BRIDGE,
        .match          = ebt_vlan_mt,
@@ -177,12 +177,12 @@ static int __init ebt_vlan_init(void)
        DEBUG_MSG("ebtables 802.1Q extension module v"
                  MODULE_VERS "\n");
        DEBUG_MSG("module debug=%d\n", !!debug);
-       return ebt_register_match(&filter_vlan);
+       return xt_register_match(&ebt_vlan_mt_reg);
 }
 
 static void __exit ebt_vlan_fini(void)
 {
-       ebt_unregister_match(&filter_vlan);
+       xt_unregister_match(&ebt_vlan_mt_reg);
 }
 
 module_init(ebt_vlan_init);
index 340e1c6bdcb155d7f8dcc2a17d8b99b7ab27832d..c4f7a2e8ed39a30d9fcd8c218e4afe2fa9435544 100644 (file)
@@ -60,17 +60,18 @@ static LIST_HEAD(ebt_targets);
 static LIST_HEAD(ebt_matches);
 static LIST_HEAD(ebt_watchers);
 
-static struct ebt_target ebt_standard_target = {
+static struct xt_target ebt_standard_target = {
        .name       = "standard",
        .revision   = 0,
        .family     = NFPROTO_BRIDGE,
+       .targetsize = sizeof(int),
 };
 
 static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
    struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
    const struct net_device *out)
 {
-       w->u.watcher->target(skb, in, out, hooknr, NULL, w->data);
+       w->u.watcher->target(skb, in, out, hooknr, w->u.watcher, w->data);
        /* watchers don't give a verdict */
        return 0;
 }
@@ -79,7 +80,7 @@ static inline int ebt_do_match (struct ebt_entry_match *m,
    const struct sk_buff *skb, const struct net_device *in,
    const struct net_device *out)
 {
-       return m->u.match->match(skb, in, out, NULL, m->data, 0, 0, NULL);
+       return m->u.match->match(skb, in, out, m->u.match, m->data, 0, 0, NULL);
 }
 
 static inline int ebt_dev_check(char *entry, const struct net_device *device)
@@ -194,7 +195,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
                        verdict = ((struct ebt_standard_target *)t)->verdict;
                else
                        verdict = t->u.target->target(skb, in, out, hook,
-                                 NULL, t->data);
+                                 t->u.target, t->data);
                if (verdict == EBT_ACCEPT) {
                        read_unlock_bh(&table->lock);
                        return NF_ACCEPT;
@@ -336,104 +337,73 @@ static inline int
 ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
    const char *name, unsigned int hookmask, unsigned int *cnt)
 {
-       struct ebt_match *match;
+       struct xt_match *match;
        size_t left = ((char *)e + e->watchers_offset) - (char *)m;
        int ret;
 
        if (left < sizeof(struct ebt_entry_match) ||
            left - sizeof(struct ebt_entry_match) < m->match_size)
                return -EINVAL;
-       match = find_match_lock(m->u.name, &ret, &ebt_mutex);
-       if (!match)
-               return ret;
-       m->u.match = match;
-       if (!try_module_get(match->me)) {
-               mutex_unlock(&ebt_mutex);
+
+       match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE,
+               m->u.name, 0), "ebt_%s", m->u.name);
+       if (IS_ERR(match))
+               return PTR_ERR(match);
+       if (match == NULL)
                return -ENOENT;
-       }
-       mutex_unlock(&ebt_mutex);
-       if (match->family != NFPROTO_BRIDGE) {
-               printk(KERN_WARNING "ebtables: %s match: not for ebtables?\n",
-                      match->name);
-               goto out;
-       }
-       if (match->revision != 0) {
-               printk(KERN_WARNING "ebtables: %s match: ebtables is not "
-                      "supporting revisions at this time\n",
-                      match->name);
-               goto out;
-       }
-       if (XT_ALIGN(match->matchsize) != m->match_size &&
-           match->matchsize != -1) {
-               /*
-                * ebt_among is exempt from centralized matchsize checking
-                * because it uses a dynamic-size data set.
-                */
-               printk(KERN_WARNING "ebtables: %s match: "
-                      "invalid size %Zu != %u\n",
-                      match->name, XT_ALIGN(match->matchsize), m->match_size);
-               goto out;
-       }
-       if (match->checkentry &&
+       m->u.match = match;
+
+       ret = xt_check_match(match, NFPROTO_BRIDGE, m->match_size,
+             name, hookmask, e->ethproto, e->invflags & EBT_IPROTO);
+       if (ret < 0) {
+               module_put(match->me);
+               return ret;
+       } else if (match->checkentry != NULL &&
            !match->checkentry(name, e, NULL, m->data, hookmask)) {
+               module_put(match->me);
                BUGPRINT("match->check failed\n");
-               goto out;
+               return -EINVAL;
        }
+
        (*cnt)++;
        return 0;
- out:
-       module_put(match->me);
-       return -EINVAL;
 }
 
 static inline int
 ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
    const char *name, unsigned int hookmask, unsigned int *cnt)
 {
-       struct ebt_watcher *watcher;
+       struct xt_target *watcher;
        size_t left = ((char *)e + e->target_offset) - (char *)w;
        int ret;
 
        if (left < sizeof(struct ebt_entry_watcher) ||
           left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
                return -EINVAL;
-       watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex);
-       if (!watcher)
-               return ret;
-       w->u.watcher = watcher;
-       if (!try_module_get(watcher->me)) {
-               mutex_unlock(&ebt_mutex);
+
+       watcher = try_then_request_module(
+                 xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
+                 "ebt_%s", w->u.name);
+       if (IS_ERR(watcher))
+               return PTR_ERR(watcher);
+       if (watcher == NULL)
                return -ENOENT;
-       }
-       mutex_unlock(&ebt_mutex);
-       if (watcher->family != NFPROTO_BRIDGE) {
-               printk(KERN_WARNING "ebtables: %s watcher: not for ebtables?\n",
-                      watcher->name);
-               goto out;
-       }
-       if (watcher->revision != 0) {
-               printk(KERN_WARNING "ebtables: %s watcher: ebtables is not "
-                      "supporting revisions at this time\n",
-                      watcher->name);
-               goto out;
-       }
-       if (XT_ALIGN(watcher->targetsize) != w->watcher_size) {
-               printk(KERN_WARNING "ebtables: %s watcher: "
-                      "invalid size %Zu != %u\n",
-                      watcher->name, XT_ALIGN(watcher->targetsize),
-                      w->watcher_size);
-               goto out;
-       }
-       if (watcher->checkentry &&
+       w->u.watcher = watcher;
+
+       ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size,
+             name, hookmask, e->ethproto, e->invflags & EBT_IPROTO);
+       if (ret < 0) {
+               module_put(watcher->me);
+               return ret;
+       } else if (watcher->checkentry != NULL &&
            !watcher->checkentry(name, e, NULL, w->data, hookmask)) {
+               module_put(watcher->me);
                BUGPRINT("watcher->check failed\n");
-               goto out;
+               return -EINVAL;
        }
+
        (*cnt)++;
        return 0;
- out:
-       module_put(watcher->me);
-       return -EINVAL;
 }
 
 static int ebt_verify_pointers(struct ebt_replace *repl,
@@ -607,7 +577,7 @@ ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i)
        if (i && (*i)-- == 0)
                return 1;
        if (m->u.match->destroy)
-               m->u.match->destroy(NULL, m->data);
+               m->u.match->destroy(m->u.match, m->data);
        module_put(m->u.match->me);
 
        return 0;
@@ -619,7 +589,7 @@ ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
        if (i && (*i)-- == 0)
                return 1;
        if (w->u.watcher->destroy)
-               w->u.watcher->destroy(NULL, w->data);
+               w->u.watcher->destroy(w->u.watcher, w->data);
        module_put(w->u.watcher->me);
 
        return 0;
@@ -639,7 +609,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
        EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
        t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
        if (t->u.target->destroy)
-               t->u.target->destroy(NULL, t->data);
+               t->u.target->destroy(t->u.target, t->data);
        module_put(t->u.target->me);
 
        return 0;
@@ -651,7 +621,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
    struct ebt_cl_stack *cl_s, unsigned int udc_cnt)
 {
        struct ebt_entry_target *t;
-       struct ebt_target *target;
+       struct xt_target *target;
        unsigned int i, j, hook = 0, hookmask = 0;
        size_t gap;
        int ret;
@@ -704,27 +674,15 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
                goto cleanup_watchers;
        t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
        gap = e->next_offset - e->target_offset;
-       target = find_target_lock(t->u.name, &ret, &ebt_mutex);
-       if (!target)
-               goto cleanup_watchers;
-       if (!try_module_get(target->me)) {
-               mutex_unlock(&ebt_mutex);
-               ret = -ENOENT;
-               goto cleanup_watchers;
-       }
-       mutex_unlock(&ebt_mutex);
 
-       if (target->family != NFPROTO_BRIDGE) {
-               printk(KERN_WARNING "ebtables: %s target: not for ebtables?\n",
-                      target->name);
-               ret = -EINVAL;
+       target = try_then_request_module(
+                xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
+                "ebt_%s", t->u.name);
+       if (IS_ERR(target)) {
+               ret = PTR_ERR(target);
                goto cleanup_watchers;
-       }
-       if (target->revision != 0) {
-               printk(KERN_WARNING "ebtables: %s target: ebtables is not "
-                      "supporting revisions at this time\n",
-                      target->name);
-               ret = -EINVAL;
+       } else if (target == NULL) {
+               ret = -ENOENT;
                goto cleanup_watchers;
        }
 
@@ -745,13 +703,12 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
                module_put(t->u.target->me);
                ret = -EFAULT;
                goto cleanup_watchers;
-       } else if (XT_ALIGN(target->targetsize) != t->target_size) {
-               printk(KERN_WARNING "ebtables: %s target: "
-                      "invalid size %Zu != %u\n",
-                      target->name, XT_ALIGN(target->targetsize),
-                      t->target_size);
-               module_put(t->u.target->me);
-               ret = -EINVAL;
+       }
+
+       ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size,
+             name, hookmask, e->ethproto, e->invflags & EBT_IPROTO);
+       if (ret < 0) {
+               module_put(target->me);
                goto cleanup_watchers;
        } else if (t->u.target->checkentry &&
            !t->u.target->checkentry(name, e, NULL, t->data, hookmask)) {
@@ -1589,11 +1546,14 @@ static int __init ebtables_init(void)
 {
        int ret;
 
-       mutex_lock(&ebt_mutex);
-       list_add(&ebt_standard_target.list, &ebt_targets);
-       mutex_unlock(&ebt_mutex);
-       if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0)
+       ret = xt_register_target(&ebt_standard_target);
+       if (ret < 0)
                return ret;
+       ret = nf_register_sockopt(&ebt_sockopts);
+       if (ret < 0) {
+               xt_unregister_target(&ebt_standard_target);
+               return ret;
+       }
 
        printk(KERN_INFO "Ebtables v2.0 registered\n");
        return 0;
@@ -1602,6 +1562,7 @@ static int __init ebtables_init(void)
 static void __exit ebtables_fini(void)
 {
        nf_unregister_sockopt(&ebt_sockopts);
+       xt_unregister_target(&ebt_standard_target);
        printk(KERN_INFO "Ebtables v2.0 unregistered\n");
 }
 
index aece6c2d134b7e2cb091152b51bcc1f7d5f578b8..0e23f42e3411c01f34a8c3c8e87c7f966196c927 100644 (file)
@@ -30,7 +30,7 @@
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
-MODULE_DESCRIPTION("[ip,ip6,arp]_tables backend module");
+MODULE_DESCRIPTION("{ip,ip6,arp,eb}_tables backend module");
 
 #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
 
@@ -325,7 +325,12 @@ int xt_check_match(const struct xt_match *match, unsigned short family,
                   unsigned int size, const char *table, unsigned int hook_mask,
                   unsigned short proto, int inv_proto)
 {
-       if (XT_ALIGN(match->matchsize) != size) {
+       if (XT_ALIGN(match->matchsize) != size &&
+           match->matchsize != -1) {
+               /*
+                * ebt_among is exempt from centralized matchsize checking
+                * because it uses a dynamic-size data set.
+                */
                printk("%s_tables: %s match: invalid size %Zu != %u\n",
                       xt_prefix[family], match->name,
                       XT_ALIGN(match->matchsize), size);