Commit f2ff525c authored by Jan Engelhardt's avatar Jan Engelhardt Committed by Patrick McHardy

netfilter: ebtables: use generic table checking

Ebtables ORs (1 << NF_BR_NUMHOOKS) into the hook mask to indicate that
the extension was called from a base chain. So this also needs to be
present in the extensions' ->hooks.
Signed-off-by: default avatarJan Engelhardt <jengelh@medozas.de>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 102befab
...@@ -73,8 +73,6 @@ ebt_arpreply_tg_check(const char *tablename, const void *entry, ...@@ -73,8 +73,6 @@ ebt_arpreply_tg_check(const char *tablename, const void *entry,
e->invflags & EBT_IPROTO) e->invflags & EBT_IPROTO)
return false; return false;
CLEAR_BASE_CHAIN_BIT; CLEAR_BASE_CHAIN_BIT;
if (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING))
return false;
return true; return true;
} }
...@@ -82,6 +80,8 @@ static struct xt_target ebt_arpreply_tg_reg __read_mostly = { ...@@ -82,6 +80,8 @@ static struct xt_target ebt_arpreply_tg_reg __read_mostly = {
.name = "arpreply", .name = "arpreply",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.table = "nat",
.hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING),
.target = ebt_arpreply_tg, .target = ebt_arpreply_tg,
.checkentry = ebt_arpreply_tg_check, .checkentry = ebt_arpreply_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)), .targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)),
......
...@@ -51,6 +51,8 @@ static struct xt_target ebt_dnat_tg_reg __read_mostly = { ...@@ -51,6 +51,8 @@ static struct xt_target ebt_dnat_tg_reg __read_mostly = {
.name = "dnat", .name = "dnat",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING) |
(1 << NF_BR_LOCAL_OUT) | (1 << NF_BR_BROUTING),
.target = ebt_dnat_tg, .target = ebt_dnat_tg,
.checkentry = ebt_dnat_tg_check, .checkentry = ebt_dnat_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
......
...@@ -56,6 +56,8 @@ static struct xt_target ebt_redirect_tg_reg __read_mostly = { ...@@ -56,6 +56,8 @@ static struct xt_target ebt_redirect_tg_reg __read_mostly = {
.name = "redirect", .name = "redirect",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING) |
(1 << NF_BR_BROUTING),
.target = ebt_redirect_tg, .target = ebt_redirect_tg,
.checkentry = ebt_redirect_tg_check, .checkentry = ebt_redirect_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)), .targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)),
......
...@@ -56,10 +56,6 @@ ebt_snat_tg_check(const char *tablename, const void *e, ...@@ -56,10 +56,6 @@ ebt_snat_tg_check(const char *tablename, const void *e,
if (BASE_CHAIN && tmp == EBT_RETURN) if (BASE_CHAIN && tmp == EBT_RETURN)
return false; return false;
CLEAR_BASE_CHAIN_BIT; CLEAR_BASE_CHAIN_BIT;
if (strcmp(tablename, "nat"))
return false;
if (hookmask & ~(1 << NF_BR_POST_ROUTING))
return false;
if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0)
return false; return false;
...@@ -73,6 +69,8 @@ static struct xt_target ebt_snat_tg_reg __read_mostly = { ...@@ -73,6 +69,8 @@ static struct xt_target ebt_snat_tg_reg __read_mostly = {
.name = "snat", .name = "snat",
.revision = 0, .revision = 0,
.family = NFPROTO_BRIDGE, .family = NFPROTO_BRIDGE,
.table = "nat",
.hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_POST_ROUTING),
.target = ebt_snat_tg, .target = ebt_snat_tg,
.checkentry = ebt_snat_tg_check, .checkentry = ebt_snat_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment