Commit a45049c5 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by David S. Miller
Browse files

[NETFILTER]: x_tables: set the protocol family in x_tables targets/matches



Set the family field in xt_[matches|targets] registered.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 4e3882f7
......@@ -220,10 +220,10 @@ struct xt_table_info
char *entries[NR_CPUS];
};
extern int xt_register_target(int af, struct xt_target *target);
extern void xt_unregister_target(int af, struct xt_target *target);
extern int xt_register_match(int af, struct xt_match *target);
extern void xt_unregister_match(int af, struct xt_match *target);
extern int xt_register_target(struct xt_target *target);
extern void xt_unregister_target(struct xt_target *target);
extern int xt_register_match(struct xt_match *target);
extern void xt_unregister_match(struct xt_match *target);
extern int xt_check_match(const struct xt_match *match, unsigned short family,
unsigned int size, const char *table, unsigned int hook,
......
......@@ -263,8 +263,10 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e
*/
#ifdef __KERNEL__
#define arpt_register_target(tgt) xt_register_target(NF_ARP, tgt)
#define arpt_unregister_target(tgt) xt_unregister_target(NF_ARP, tgt)
#define arpt_register_target(tgt) \
({ (tgt)->family = NF_ARP; \
xt_register_target(tgt); })
#define arpt_unregister_target(tgt) xt_unregister_target(tgt)
extern int arpt_register_table(struct arpt_table *table,
const struct arpt_replace *repl);
......
......@@ -321,11 +321,15 @@ ipt_get_target(struct ipt_entry *e)
#include <linux/init.h>
extern void ipt_init(void) __init;
#define ipt_register_target(tgt) xt_register_target(AF_INET, tgt)
#define ipt_unregister_target(tgt) xt_unregister_target(AF_INET, tgt)
#define ipt_register_match(mtch) xt_register_match(AF_INET, mtch)
#define ipt_unregister_match(mtch) xt_unregister_match(AF_INET, mtch)
#define ipt_register_target(tgt) \
({ (tgt)->family = AF_INET; \
xt_register_target(tgt); })
#define ipt_unregister_target(tgt) xt_unregister_target(tgt)
#define ipt_register_match(mtch) \
({ (mtch)->family = AF_INET; \
xt_register_match(mtch); })
#define ipt_unregister_match(mtch) xt_unregister_match(mtch)
//#define ipt_register_table(tbl, repl) xt_register_table(AF_INET, tbl, repl)
//#define ipt_unregister_table(tbl) xt_unregister_table(AF_INET, tbl)
......
......@@ -334,11 +334,15 @@ ip6t_get_target(struct ip6t_entry *e)
#include <linux/init.h>
extern void ip6t_init(void) __init;
#define ip6t_register_target(tgt) xt_register_target(AF_INET6, tgt)
#define ip6t_unregister_target(tgt) xt_unregister_target(AF_INET6, tgt)
#define ip6t_register_match(match) xt_register_match(AF_INET6, match)
#define ip6t_unregister_match(match) xt_unregister_match(AF_INET6, match)
#define ip6t_register_target(tgt) \
({ (tgt)->family = AF_INET6; \
xt_register_target(tgt); })
#define ip6t_unregister_target(tgt) xt_unregister_target(tgt)
#define ip6t_register_match(match) \
({ (match)->family = AF_INET6; \
xt_register_match(match); })
#define ip6t_unregister_match(match) xt_unregister_match(match)
extern int ip6t_register_table(struct ip6t_table *table,
const struct ip6t_replace *repl);
......
......@@ -1146,12 +1146,14 @@ void arpt_unregister_table(struct arpt_table *table)
static struct arpt_target arpt_standard_target = {
.name = ARPT_STANDARD_TARGET,
.targetsize = sizeof(int),
.family = NF_ARP,
};
static struct arpt_target arpt_error_target = {
.name = ARPT_ERROR_TARGET,
.target = arpt_error,
.targetsize = ARPT_FUNCTION_MAXNAMELEN,
.family = NF_ARP,
};
static struct nf_sockopt_ops arpt_sockopts = {
......@@ -1171,8 +1173,8 @@ static int __init init(void)
xt_proto_init(NF_ARP);
/* Noone else will be downing sem now, so we won't sleep */
xt_register_target(NF_ARP, &arpt_standard_target);
xt_register_target(NF_ARP, &arpt_error_target);
xt_register_target(&arpt_standard_target);
xt_register_target(&arpt_error_target);
/* Register setsockopt */
ret = nf_register_sockopt(&arpt_sockopts);
......
......@@ -1335,12 +1335,14 @@ icmp_checkentry(const char *tablename,
static struct ipt_target ipt_standard_target = {
.name = IPT_STANDARD_TARGET,
.targetsize = sizeof(int),
.family = AF_INET,
};
static struct ipt_target ipt_error_target = {
.name = IPT_ERROR_TARGET,
.target = ipt_error,
.targetsize = IPT_FUNCTION_MAXNAMELEN,
.family = AF_INET,
};
static struct nf_sockopt_ops ipt_sockopts = {
......@@ -1358,6 +1360,7 @@ static struct ipt_match icmp_matchstruct = {
.match = icmp_match,
.matchsize = sizeof(struct ipt_icmp),
.proto = IPPROTO_ICMP,
.family = AF_INET,
.checkentry = icmp_checkentry,
};
......@@ -1368,9 +1371,9 @@ static int __init init(void)
xt_proto_init(AF_INET);
/* Noone else will be downing sem now, so we won't sleep */
xt_register_target(AF_INET, &ipt_standard_target);
xt_register_target(AF_INET, &ipt_error_target);
xt_register_match(AF_INET, &icmp_matchstruct);
xt_register_target(&ipt_standard_target);
xt_register_target(&ipt_error_target);
xt_register_match(&icmp_matchstruct);
/* Register setsockopt */
ret = nf_register_sockopt(&ipt_sockopts);
......@@ -1387,9 +1390,9 @@ static void __exit fini(void)
{
nf_unregister_sockopt(&ipt_sockopts);
xt_unregister_match(AF_INET, &icmp_matchstruct);
xt_unregister_target(AF_INET, &ipt_error_target);
xt_unregister_target(AF_INET, &ipt_standard_target);
xt_unregister_match(&icmp_matchstruct);
xt_unregister_target(&ipt_error_target);
xt_unregister_target(&ipt_standard_target);
xt_proto_fini(AF_INET);
}
......
......@@ -1377,12 +1377,14 @@ icmp6_checkentry(const char *tablename,
static struct ip6t_target ip6t_standard_target = {
.name = IP6T_STANDARD_TARGET,
.targetsize = sizeof(int),
.family = AF_INET6,
};
static struct ip6t_target ip6t_error_target = {
.name = IP6T_ERROR_TARGET,
.target = ip6t_error,
.targetsize = IP6T_FUNCTION_MAXNAMELEN,
.family = AF_INET6,
};
static struct nf_sockopt_ops ip6t_sockopts = {
......@@ -1401,6 +1403,7 @@ static struct ip6t_match icmp6_matchstruct = {
.matchsize = sizeof(struct ip6t_icmp),
.checkentry = icmp6_checkentry,
.proto = IPPROTO_ICMPV6,
.family = AF_INET6,
};
static int __init init(void)
......@@ -1410,9 +1413,9 @@ static int __init init(void)
xt_proto_init(AF_INET6);
/* Noone else will be downing sem now, so we won't sleep */
xt_register_target(AF_INET6, &ip6t_standard_target);
xt_register_target(AF_INET6, &ip6t_error_target);
xt_register_match(AF_INET6, &icmp6_matchstruct);
xt_register_target(&ip6t_standard_target);
xt_register_target(&ip6t_error_target);
xt_register_match(&icmp6_matchstruct);
/* Register setsockopt */
ret = nf_register_sockopt(&ip6t_sockopts);
......@@ -1429,9 +1432,9 @@ static int __init init(void)
static void __exit fini(void)
{
nf_unregister_sockopt(&ip6t_sockopts);
xt_unregister_match(AF_INET6, &icmp6_matchstruct);
xt_unregister_target(AF_INET6, &ip6t_error_target);
xt_unregister_target(AF_INET6, &ip6t_standard_target);
xt_unregister_match(&icmp6_matchstruct);
xt_unregister_target(&ip6t_error_target);
xt_unregister_target(&ip6t_standard_target);
xt_proto_fini(AF_INET6);
}
......
......@@ -60,9 +60,9 @@ static const char *xt_prefix[NPROTO] = {
/* Registration hooks for targets. */
int
xt_register_target(int af, struct xt_target *target)
xt_register_target(struct xt_target *target)
{
int ret;
int ret, af = target->family;
ret = down_interruptible(&xt[af].mutex);
if (ret != 0)
......@@ -74,8 +74,10 @@ xt_register_target(int af, struct xt_target *target)
EXPORT_SYMBOL(xt_register_target);
void
xt_unregister_target(int af, struct xt_target *target)
xt_unregister_target(struct xt_target *target)
{
int af = target->family;
down(&xt[af].mutex);
LIST_DELETE(&xt[af].target, target);
up(&xt[af].mutex);
......@@ -83,9 +85,9 @@ xt_unregister_target(int af, struct xt_target *target)
EXPORT_SYMBOL(xt_unregister_target);
int
xt_register_match(int af, struct xt_match *match)
xt_register_match(struct xt_match *match)
{
int ret;
int ret, af = match->family;
ret = down_interruptible(&xt[af].mutex);
if (ret != 0)
......@@ -99,8 +101,10 @@ xt_register_match(int af, struct xt_match *match)
EXPORT_SYMBOL(xt_register_match);
void
xt_unregister_match(int af, struct xt_match *match)
xt_unregister_match(struct xt_match *match)
{
int af = match->family;
down(&xt[af].mutex);
LIST_DELETE(&xt[af].match, match);
up(&xt[af].mutex);
......
......@@ -47,6 +47,7 @@ static struct xt_target classify_reg = {
.table = "mangle",
.hooks = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |
(1 << NF_IP_POST_ROUTING),
.family = AF_INET,
.me = THIS_MODULE,
};
static struct xt_target classify6_reg = {
......@@ -56,6 +57,7 @@ static struct xt_target classify6_reg = {
.table = "mangle",
.hooks = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |
(1 << NF_IP_POST_ROUTING),
.family = AF_INET6,
.me = THIS_MODULE,
};
......@@ -64,21 +66,21 @@ static int __init init(void)
{
int ret;
ret = xt_register_target(AF_INET, &classify_reg);
ret = xt_register_target(&classify_reg);
if (ret)
return ret;
ret = xt_register_target(AF_INET6, &classify6_reg);
ret = xt_register_target(&classify6_reg);
if (ret)
xt_unregister_target(AF_INET, &classify_reg);
xt_unregister_target(&classify_reg);
return ret;
}
static void __exit fini(void)
{
xt_unregister_target(AF_INET, &classify_reg);
xt_unregister_target(AF_INET6, &classify6_reg);
xt_unregister_target(&classify_reg);
xt_unregister_target(&classify6_reg);
}
module_init(init);
......
......@@ -102,6 +102,7 @@ static struct xt_target connmark_reg = {
.target = target,
.targetsize = sizeof(struct xt_connmark_target_info),
.checkentry = checkentry,
.family = AF_INET,
.me = THIS_MODULE
};
......@@ -110,6 +111,7 @@ static struct xt_target connmark6_reg = {
.target = target,
.targetsize = sizeof(struct xt_connmark_target_info),
.checkentry = checkentry,
.family = AF_INET6,
.me = THIS_MODULE
};
......@@ -119,21 +121,21 @@ static int __init init(void)
need_conntrack();
ret = xt_register_target(AF_INET, &connmark_reg);
ret = xt_register_target(&connmark_reg);
if (ret)
return ret;
ret = xt_register_target(AF_INET6, &connmark6_reg);
ret = xt_register_target(&connmark6_reg);
if (ret)
xt_unregister_target(AF_INET, &connmark_reg);
xt_unregister_target(&connmark_reg);
return ret;
}
static void __exit fini(void)
{
xt_unregister_target(AF_INET, &connmark_reg);
xt_unregister_target(AF_INET6, &connmark6_reg);
xt_unregister_target(&connmark_reg);
xt_unregister_target(&connmark6_reg);
}
module_init(init);
......
......@@ -119,6 +119,7 @@ static struct xt_target ipt_mark_reg_v0 = {
.table = "mangle",
.checkentry = checkentry_v0,
.me = THIS_MODULE,
.family = AF_INET,
.revision = 0,
};
......@@ -129,6 +130,7 @@ static struct xt_target ipt_mark_reg_v1 = {
.table = "mangle",
.checkentry = checkentry_v1,
.me = THIS_MODULE,
.family = AF_INET,
.revision = 1,
};
......@@ -139,6 +141,7 @@ static struct xt_target ip6t_mark_reg_v0 = {
.table = "mangle",
.checkentry = checkentry_v0,
.me = THIS_MODULE,
.family = AF_INET6,
.revision = 0,
};
......@@ -146,18 +149,18 @@ static int __init init(void)
{
int err;
err = xt_register_target(AF_INET, &ipt_mark_reg_v0);
err = xt_register_target(&ipt_mark_reg_v0);
if (err)
return err;
err = xt_register_target(AF_INET, &ipt_mark_reg_v1);
err = xt_register_target(&ipt_mark_reg_v1);
if (err)
xt_unregister_target(AF_INET, &ipt_mark_reg_v0);
xt_unregister_target(&ipt_mark_reg_v0);
err = xt_register_target(AF_INET6, &ip6t_mark_reg_v0);
err = xt_register_target(&ip6t_mark_reg_v0);
if (err) {
xt_unregister_target(AF_INET, &ipt_mark_reg_v0);
xt_unregister_target(AF_INET, &ipt_mark_reg_v1);
xt_unregister_target(&ipt_mark_reg_v0);
xt_unregister_target(&ipt_mark_reg_v1);
}
return err;
......@@ -165,9 +168,9 @@ static int __init init(void)
static void __exit fini(void)
{
xt_unregister_target(AF_INET, &ipt_mark_reg_v0);
xt_unregister_target(AF_INET, &ipt_mark_reg_v1);
xt_unregister_target(AF_INET6, &ip6t_mark_reg_v0);
xt_unregister_target(&ipt_mark_reg_v0);
xt_unregister_target(&ipt_mark_reg_v1);
xt_unregister_target(&ip6t_mark_reg_v0);
}
module_init(init);
......
......@@ -41,6 +41,7 @@ static struct xt_target ipt_NFQ_reg = {
.name = "NFQUEUE",
.target = target,
.targetsize = sizeof(struct xt_NFQ_info),
.family = AF_INET,
.me = THIS_MODULE,
};
......@@ -48,6 +49,7 @@ static struct xt_target ip6t_NFQ_reg = {
.name = "NFQUEUE",
.target = target,
.targetsize = sizeof(struct xt_NFQ_info),
.family = AF_INET6,
.me = THIS_MODULE,
};
......@@ -55,36 +57,37 @@ static struct xt_target arpt_NFQ_reg = {
.name = "NFQUEUE",
.target = target,
.targetsize = sizeof(struct xt_NFQ_info),
.family = NF_ARP,
.me = THIS_MODULE,
};
static int __init init(void)
{
int ret;
ret = xt_register_target(AF_INET, &ipt_NFQ_reg);
ret = xt_register_target(&ipt_NFQ_reg);
if (ret)
return ret;
ret = xt_register_target(AF_INET6, &ip6t_NFQ_reg);
ret = xt_register_target(&ip6t_NFQ_reg);
if (ret)
goto out_ip;
ret = xt_register_target(NF_ARP, &arpt_NFQ_reg);
ret = xt_register_target(&arpt_NFQ_reg);
if (ret)
goto out_ip6;
return ret;
out_ip6:
xt_unregister_target(AF_INET6, &ip6t_NFQ_reg);
xt_unregister_target(&ip6t_NFQ_reg);
out_ip:
xt_unregister_target(AF_INET, &ipt_NFQ_reg);
xt_unregister_target(&ipt_NFQ_reg);
return ret;
}
static void __exit fini(void)
{
xt_unregister_target(NF_ARP, &arpt_NFQ_reg);
xt_unregister_target(AF_INET6, &ip6t_NFQ_reg);
xt_unregister_target(AF_INET, &ipt_NFQ_reg);
xt_unregister_target(&arpt_NFQ_reg);
xt_unregister_target(&ip6t_NFQ_reg);
xt_unregister_target(&ipt_NFQ_reg);
}
module_init(init);
......
......@@ -39,6 +39,7 @@ static struct xt_target notrack_reg = {
.target = target,
.targetsize = 0,
.table = "raw",
.family = AF_INET,
.me = THIS_MODULE,
};
......@@ -47,6 +48,7 @@ static struct xt_target notrack6_reg = {
.target = target,
.targetsize = 0,
.table = "raw",
.family = AF_INET6,
.me = THIS_MODULE,
};
......@@ -54,21 +56,21 @@ static int __init init(void)
{
int ret;
ret = xt_register_target(AF_INET, &notrack_reg);
ret = xt_register_target(&notrack_reg);
if (ret)
return ret;
ret = xt_register_target(AF_INET6, &notrack6_reg);
ret = xt_register_target(&notrack6_reg);
if (ret)
xt_unregister_target(AF_INET, &notrack_reg);
xt_unregister_target(&notrack_reg);
return ret;
}
static void __exit fini(void)
{
xt_unregister_target(AF_INET6, &notrack6_reg);
xt_unregister_target(AF_INET, &notrack_reg);
xt_unregister_target(&notrack6_reg);
xt_unregister_target(&notrack_reg);
}
module_init(init);
......
......@@ -33,6 +33,7 @@ static struct xt_match comment_match = {
.name = "comment",
.match = match,
.matchsize = sizeof(struct xt_comment_info),
.family = AF_INET,
.me = THIS_MODULE
};
......@@ -40,6 +41,7 @@ static struct xt_match comment6_match = {
.name = "comment",
.match = match,
.matchsize = sizeof(struct xt_comment_info),
.family = AF_INET6,
.me = THIS_MODULE
};
......@@ -47,21 +49,21 @@ static int __init init(void)
{
int ret;
ret = xt_register_match(AF_INET, &comment_match);
ret = xt_register_match(&comment_match);
if (ret)
return ret;
ret = xt_register_match(AF_INET6, &comment6_match);
ret = xt_register_match(&comment6_match);
if (ret)
xt_unregister_match(AF_INET, &comment_match);
xt_unregister_match(&comment_match);
return ret;
}
static void __exit fini(void)
{
xt_unregister_match(AF_INET, &comment_match);
xt_unregister_match(AF_INET6, &comment6_match);
xt_unregister_match(&comment_match);
xt_unregister_match(&comment6_match);
}
module_init(init);
......
......@@ -148,6 +148,7 @@ static struct xt_match connbytes_match = {
.match = match,
.checkentry = check,
.matchsize = sizeof(struct xt_connbytes_info),
.family = AF_INET,
.me = THIS_MODULE
};
static struct xt_match connbytes6_match = {
......@@ -155,26 +156,27 @@ static struct xt_match connbytes6_match = {
.match = match,
.checkentry = check,
.matchsize = sizeof(struct xt_connbytes_info),
.family = AF_INET6,
.me = THIS_MODULE
};
static int __init init(void)
{
int ret;
ret = xt_register_match(AF_INET, &connbytes_match);
ret = xt_register_match(&connbytes_match);
if (ret)
return ret;
ret = xt_register_match(AF_INET6, &connbytes6_match);
ret = xt_register_match(&connbytes6_match);
if (ret)
xt_unregister_match(AF_INET, &connbytes_match);
xt_unregister_match(&connbytes_match);
return ret;
}
static void __exit fini(void)
{
xt_unregister_match(AF_INET, &connbytes_match);
xt_unregister_match(AF_INET6, &connbytes6_match);
xt_unregister_match(&connbytes_match);
xt_unregister_match(&connbytes6_match);
}
module_init(init);
......
......@@ -72,6 +72,7 @@ static struct xt_match connmark_match = {
.match = match,
.matchsize = sizeof(struct xt_connmark_info),
.checkentry = checkentry,
.family = AF_INET,
.me = THIS_MODULE
};
......@@ -80,6 +81,7 @@ static struct xt_match connmark6_match = {
.match = match,
.matchsize = sizeof(struct xt_connmark_info),
.checkentry = checkentry,
.family = AF_INET6,
.me = THIS_MODULE
};
......@@ -89,20 +91,20 @@ static int __init init(void)
need_conntrack();
ret = xt_register_match(AF_INET, &connmark_match);
ret = xt_register_match(&connmark_match);
if (ret)
return ret;
ret = xt_register_match(AF_INET6, &connmark6_match);
ret = xt_register_match(&connmark6_match);
if (ret)
xt_unregister_match(AF_INET, &connmark_match);
xt_unregister_match(&connmark_match);
return ret;
}
static void __exit fini(void)
{
xt_unregister_match(AF_INET6, &connmark6_match);
xt_unregister_match(AF_INET, &connmark_match);
xt_unregister_match(&connmark6_match);
xt_unregister_match(&connmark_match);
}
module_init(init);
......