Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
243bf6e2
Commit
243bf6e2
authored
Oct 13, 2010
by
Jan Engelhardt
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
netfilter: xtables: resolve indirect macros 3/3
parent
87a2e70d
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
94 additions
and
131 deletions
+94
-131
include/linux/netfilter_arp/arp_tables.h
include/linux/netfilter_arp/arp_tables.h
+10
-23
include/linux/netfilter_ipv4/ip_tables.h
include/linux/netfilter_ipv4/ip_tables.h
+32
-37
include/linux/netfilter_ipv6/ip6_tables.h
include/linux/netfilter_ipv6/ip6_tables.h
+25
-44
net/ipv4/netfilter/arp_tables.c
net/ipv4/netfilter/arp_tables.c
+7
-7
net/ipv4/netfilter/arpt_mangle.c
net/ipv4/netfilter/arpt_mangle.c
+1
-1
net/ipv4/netfilter/ip_tables.c
net/ipv4/netfilter/ip_tables.c
+9
-9
net/ipv6/netfilter/ip6_tables.c
net/ipv6/netfilter/ip6_tables.c
+9
-9
net/sched/act_ipt.c
net/sched/act_ipt.c
+1
-1
No files found.
include/linux/netfilter_arp/arp_tables.h
View file @
243bf6e2
...
@@ -26,6 +26,14 @@
...
@@ -26,6 +26,14 @@
#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
#define arpt_entry_target xt_entry_target
#define arpt_entry_target xt_entry_target
#define arpt_standard_target xt_standard_target
#define arpt_standard_target xt_standard_target
#define ARPT_CONTINUE XT_CONTINUE
#define ARPT_RETURN XT_RETURN
#define arpt_counters_info xt_counters_info
#define arpt_counters xt_counters
#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
#define ARPT_ERROR_TARGET XT_ERROR_TARGET
#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
#endif
#endif
#define ARPT_DEV_ADDR_LEN_MAX 16
#define ARPT_DEV_ADDR_LEN_MAX 16
...
@@ -126,12 +134,6 @@ struct arpt_entry
...
@@ -126,12 +134,6 @@ struct arpt_entry
#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3)
#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3)
#define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET)
#define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET)
/* CONTINUE verdict for targets */
#define ARPT_CONTINUE XT_CONTINUE
/* For standard target */
#define ARPT_RETURN XT_RETURN
/* The argument to ARPT_SO_GET_INFO */
/* The argument to ARPT_SO_GET_INFO */
struct
arpt_getinfo
{
struct
arpt_getinfo
{
/* Which table: caller fills this in. */
/* Which table: caller fills this in. */
...
@@ -185,10 +187,6 @@ struct arpt_replace {
...
@@ -185,10 +187,6 @@ struct arpt_replace {
struct
arpt_entry
entries
[
0
];
struct
arpt_entry
entries
[
0
];
};
};
/* The argument to ARPT_SO_ADD_COUNTERS. */
#define arpt_counters_info xt_counters_info
#define arpt_counters xt_counters
/* The argument to ARPT_SO_GET_ENTRIES. */
/* The argument to ARPT_SO_GET_ENTRIES. */
struct
arpt_get_entries
{
struct
arpt_get_entries
{
/* Which table: user fills this in. */
/* Which table: user fills this in. */
...
@@ -201,23 +199,12 @@ struct arpt_get_entries {
...
@@ -201,23 +199,12 @@ struct arpt_get_entries {
struct
arpt_entry
entrytable
[
0
];
struct
arpt_entry
entrytable
[
0
];
};
};
/* Standard return verdict, or do jump. */
#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
/* Error verdict. */
#define ARPT_ERROR_TARGET XT_ERROR_TARGET
/* Helper functions */
/* Helper functions */
static
__inline__
struct
xt_entry_target
*
arpt_get_target
(
struct
arpt_entry
*
e
)
static
__inline__
struct
xt_entry_target
*
arpt_get_target
(
struct
arpt_entry
*
e
)
{
{
return
(
void
*
)
e
+
e
->
target_offset
;
return
(
void
*
)
e
+
e
->
target_offset
;
}
}
#ifndef __KERNEL__
/* fn returns 0 to continue iteration */
#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
#endif
/*
/*
* Main firewall chains definitions and global var's definitions.
* Main firewall chains definitions and global var's definitions.
*/
*/
...
@@ -248,7 +235,7 @@ struct arpt_error {
...
@@ -248,7 +235,7 @@ struct arpt_error {
#define ARPT_STANDARD_INIT(__verdict) \
#define ARPT_STANDARD_INIT(__verdict) \
{ \
{ \
.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \
.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \
.target = XT_TARGET_INIT(
ARP
T_STANDARD_TARGET, \
.target = XT_TARGET_INIT(
X
T_STANDARD_TARGET, \
sizeof(struct xt_standard_target)), \
sizeof(struct xt_standard_target)), \
.target.verdict = -(__verdict) - 1, \
.target.verdict = -(__verdict) - 1, \
}
}
...
@@ -256,7 +243,7 @@ struct arpt_error {
...
@@ -256,7 +243,7 @@ struct arpt_error {
#define ARPT_ERROR_INIT \
#define ARPT_ERROR_INIT \
{ \
{ \
.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_error)), \
.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_error)), \
.target = XT_TARGET_INIT(
ARP
T_ERROR_TARGET, \
.target = XT_TARGET_INIT(
X
T_ERROR_TARGET, \
sizeof(struct arpt_error_target)), \
sizeof(struct arpt_error_target)), \
.target.errorname = "ERROR", \
.target.errorname = "ERROR", \
}
}
...
...
include/linux/netfilter_ipv4/ip_tables.h
View file @
243bf6e2
...
@@ -38,6 +38,36 @@
...
@@ -38,6 +38,36 @@
#define ipt_entry_target xt_entry_target
#define ipt_entry_target xt_entry_target
#define ipt_standard_target xt_standard_target
#define ipt_standard_target xt_standard_target
#define ipt_counters xt_counters
#define ipt_counters xt_counters
#define IPT_CONTINUE XT_CONTINUE
#define IPT_RETURN XT_RETURN
/* This group is older than old (iptables < v1.4.0-rc1~89) */
#include <linux/netfilter/xt_tcpudp.h>
#define ipt_udp xt_udp
#define ipt_tcp xt_tcp
#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
/* The argument to IPT_SO_ADD_COUNTERS. */
#define ipt_counters_info xt_counters_info
/* Standard return verdict, or do jump. */
#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
/* Error verdict. */
#define IPT_ERROR_TARGET XT_ERROR_TARGET
/* fn returns 0 to continue iteration */
#define IPT_MATCH_ITERATE(e, fn, args...) \
XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
/* fn returns 0 to continue iteration */
#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
#endif
#endif
/* Yes, Virginia, you have to zero the padding. */
/* Yes, Virginia, you have to zero the padding. */
...
@@ -116,23 +146,6 @@ struct ipt_entry {
...
@@ -116,23 +146,6 @@ struct ipt_entry {
#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET
#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET
#define IPT_CONTINUE XT_CONTINUE
#define IPT_RETURN XT_RETURN
#include <linux/netfilter/xt_tcpudp.h>
#define ipt_udp xt_udp
#define ipt_tcp xt_tcp
#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
/* ICMP matching stuff */
/* ICMP matching stuff */
struct
ipt_icmp
{
struct
ipt_icmp
{
u_int8_t
type
;
/* type to match */
u_int8_t
type
;
/* type to match */
...
@@ -196,9 +209,6 @@ struct ipt_replace {
...
@@ -196,9 +209,6 @@ struct ipt_replace {
struct
ipt_entry
entries
[
0
];
struct
ipt_entry
entries
[
0
];
};
};
/* The argument to IPT_SO_ADD_COUNTERS. */
#define ipt_counters_info xt_counters_info
/* The argument to IPT_SO_GET_ENTRIES. */
/* The argument to IPT_SO_GET_ENTRIES. */
struct
ipt_get_entries
{
struct
ipt_get_entries
{
/* Which table: user fills this in. */
/* Which table: user fills this in. */
...
@@ -211,11 +221,6 @@ struct ipt_get_entries {
...
@@ -211,11 +221,6 @@ struct ipt_get_entries {
struct
ipt_entry
entrytable
[
0
];
struct
ipt_entry
entrytable
[
0
];
};
};
/* Standard return verdict, or do jump. */
#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
/* Error verdict. */
#define IPT_ERROR_TARGET XT_ERROR_TARGET
/* Helper functions */
/* Helper functions */
static
__inline__
struct
xt_entry_target
*
static
__inline__
struct
xt_entry_target
*
ipt_get_target
(
struct
ipt_entry
*
e
)
ipt_get_target
(
struct
ipt_entry
*
e
)
...
@@ -223,16 +228,6 @@ ipt_get_target(struct ipt_entry *e)
...
@@ -223,16 +228,6 @@ ipt_get_target(struct ipt_entry *e)
return
(
void
*
)
e
+
e
->
target_offset
;
return
(
void
*
)
e
+
e
->
target_offset
;
}
}
#ifndef __KERNEL__
/* fn returns 0 to continue iteration */
#define IPT_MATCH_ITERATE(e, fn, args...) \
XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
/* fn returns 0 to continue iteration */
#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
#endif
/*
/*
* Main firewall chains definitions and global var's definitions.
* Main firewall chains definitions and global var's definitions.
*/
*/
...
@@ -271,7 +266,7 @@ struct ipt_error {
...
@@ -271,7 +266,7 @@ struct ipt_error {
#define IPT_STANDARD_INIT(__verdict) \
#define IPT_STANDARD_INIT(__verdict) \
{ \
{ \
.entry = IPT_ENTRY_INIT(sizeof(struct ipt_standard)), \
.entry = IPT_ENTRY_INIT(sizeof(struct ipt_standard)), \
.target = XT_TARGET_INIT(
IP
T_STANDARD_TARGET, \
.target = XT_TARGET_INIT(
X
T_STANDARD_TARGET, \
sizeof(struct xt_standard_target)), \
sizeof(struct xt_standard_target)), \
.target.verdict = -(__verdict) - 1, \
.target.verdict = -(__verdict) - 1, \
}
}
...
@@ -279,7 +274,7 @@ struct ipt_error {
...
@@ -279,7 +274,7 @@ struct ipt_error {
#define IPT_ERROR_INIT \
#define IPT_ERROR_INIT \
{ \
{ \
.entry = IPT_ENTRY_INIT(sizeof(struct ipt_error)), \
.entry = IPT_ENTRY_INIT(sizeof(struct ipt_error)), \
.target = XT_TARGET_INIT(
IP
T_ERROR_TARGET, \
.target = XT_TARGET_INIT(
X
T_ERROR_TARGET, \
sizeof(struct ipt_error_target)), \
sizeof(struct ipt_error_target)), \
.target.errorname = "ERROR", \
.target.errorname = "ERROR", \
}
}
...
...
include/linux/netfilter_ipv6/ip6_tables.h
View file @
243bf6e2
...
@@ -38,6 +38,29 @@
...
@@ -38,6 +38,29 @@
#define ip6t_entry_target xt_entry_target
#define ip6t_entry_target xt_entry_target
#define ip6t_standard_target xt_standard_target
#define ip6t_standard_target xt_standard_target
#define ip6t_counters xt_counters
#define ip6t_counters xt_counters
#define IP6T_CONTINUE XT_CONTINUE
#define IP6T_RETURN XT_RETURN
/* Pre-iptables-1.4.0 */
#include <linux/netfilter/xt_tcpudp.h>
#define ip6t_tcp xt_tcp
#define ip6t_udp xt_udp
#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
#define ip6t_counters_info xt_counters_info
#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
#define IP6T_ERROR_TARGET XT_ERROR_TARGET
#define IP6T_MATCH_ITERATE(e, fn, args...) \
XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
#endif
#endif
/* Yes, Virginia, you have to zero the padding. */
/* Yes, Virginia, you have to zero the padding. */
...
@@ -133,7 +156,7 @@ struct ip6t_error {
...
@@ -133,7 +156,7 @@ struct ip6t_error {
#define IP6T_STANDARD_INIT(__verdict) \
#define IP6T_STANDARD_INIT(__verdict) \
{ \
{ \
.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
.target = XT_TARGET_INIT(
IP6
T_STANDARD_TARGET, \
.target = XT_TARGET_INIT(
X
T_STANDARD_TARGET, \
sizeof(struct xt_standard_target)), \
sizeof(struct xt_standard_target)), \
.target.verdict = -(__verdict) - 1, \
.target.verdict = -(__verdict) - 1, \
}
}
...
@@ -141,7 +164,7 @@ struct ip6t_error {
...
@@ -141,7 +164,7 @@ struct ip6t_error {
#define IP6T_ERROR_INIT \
#define IP6T_ERROR_INIT \
{ \
{ \
.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \
.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \
.target = XT_TARGET_INIT(
IP6
T_ERROR_TARGET, \
.target = XT_TARGET_INIT(
X
T_ERROR_TARGET, \
sizeof(struct ip6t_error_target)), \
sizeof(struct ip6t_error_target)), \
.target.errorname = "ERROR", \
.target.errorname = "ERROR", \
}
}
...
@@ -165,30 +188,6 @@ struct ip6t_error {
...
@@ -165,30 +188,6 @@ struct ip6t_error {
#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5)
#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5)
#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET
#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET
/* CONTINUE verdict for targets */
#define IP6T_CONTINUE XT_CONTINUE
/* For standard target */
#define IP6T_RETURN XT_RETURN
/* TCP/UDP matching stuff */
#include <linux/netfilter/xt_tcpudp.h>
#define ip6t_tcp xt_tcp
#define ip6t_udp xt_udp
/* Values for "inv" field in struct ipt_tcp. */
#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
/* Values for "invflags" field in struct ipt_udp. */
#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
/* ICMP matching stuff */
/* ICMP matching stuff */
struct
ip6t_icmp
{
struct
ip6t_icmp
{
u_int8_t
type
;
/* type to match */
u_int8_t
type
;
/* type to match */
...
@@ -252,9 +251,6 @@ struct ip6t_replace {
...
@@ -252,9 +251,6 @@ struct ip6t_replace {
struct
ip6t_entry
entries
[
0
];
struct
ip6t_entry
entries
[
0
];
};
};
/* The argument to IP6T_SO_ADD_COUNTERS. */
#define ip6t_counters_info xt_counters_info
/* The argument to IP6T_SO_GET_ENTRIES. */
/* The argument to IP6T_SO_GET_ENTRIES. */
struct
ip6t_get_entries
{
struct
ip6t_get_entries
{
/* Which table: user fills this in. */
/* Which table: user fills this in. */
...
@@ -267,11 +263,6 @@ struct ip6t_get_entries {
...
@@ -267,11 +263,6 @@ struct ip6t_get_entries {
struct
ip6t_entry
entrytable
[
0
];
struct
ip6t_entry
entrytable
[
0
];
};
};
/* Standard return verdict, or do jump. */
#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
/* Error verdict. */
#define IP6T_ERROR_TARGET XT_ERROR_TARGET
/* Helper functions */
/* Helper functions */
static
__inline__
struct
xt_entry_target
*
static
__inline__
struct
xt_entry_target
*
ip6t_get_target
(
struct
ip6t_entry
*
e
)
ip6t_get_target
(
struct
ip6t_entry
*
e
)
...
@@ -279,16 +270,6 @@ ip6t_get_target(struct ip6t_entry *e)
...
@@ -279,16 +270,6 @@ ip6t_get_target(struct ip6t_entry *e)
return
(
void
*
)
e
+
e
->
target_offset
;
return
(
void
*
)
e
+
e
->
target_offset
;
}
}
#ifndef __KERNEL__
/* fn returns 0 to continue iteration */
#define IP6T_MATCH_ITERATE(e, fn, args...) \
XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
/* fn returns 0 to continue iteration */
#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
#endif
/*
/*
* Main firewall chains definitions and global var's definitions.
* Main firewall chains definitions and global var's definitions.
*/
*/
...
...
net/ipv4/netfilter/arp_tables.c
View file @
243bf6e2
...
@@ -300,7 +300,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
...
@@ -300,7 +300,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
v
=
((
struct
xt_standard_target
*
)
t
)
->
verdict
;
v
=
((
struct
xt_standard_target
*
)
t
)
->
verdict
;
if
(
v
<
0
)
{
if
(
v
<
0
)
{
/* Pop from stack? */
/* Pop from stack? */
if
(
v
!=
ARP
T_RETURN
)
{
if
(
v
!=
X
T_RETURN
)
{
verdict
=
(
unsigned
)(
-
v
)
-
1
;
verdict
=
(
unsigned
)(
-
v
)
-
1
;
break
;
break
;
}
}
...
@@ -332,7 +332,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
...
@@ -332,7 +332,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
/* Target might have changed stuff. */
/* Target might have changed stuff. */
arp
=
arp_hdr
(
skb
);
arp
=
arp_hdr
(
skb
);
if
(
verdict
==
ARP
T_CONTINUE
)
if
(
verdict
==
X
T_CONTINUE
)
e
=
arpt_next_entry
(
e
);
e
=
arpt_next_entry
(
e
);
else
else
/* Verdict */
/* Verdict */
...
@@ -392,13 +392,13 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
...
@@ -392,13 +392,13 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
/* Unconditional return/END. */
/* Unconditional return/END. */
if
((
e
->
target_offset
==
sizeof
(
struct
arpt_entry
)
&&
if
((
e
->
target_offset
==
sizeof
(
struct
arpt_entry
)
&&
(
strcmp
(
t
->
target
.
u
.
user
.
name
,
(
strcmp
(
t
->
target
.
u
.
user
.
name
,
ARP
T_STANDARD_TARGET
)
==
0
)
&&
X
T_STANDARD_TARGET
)
==
0
)
&&
t
->
verdict
<
0
&&
unconditional
(
&
e
->
arp
))
||
t
->
verdict
<
0
&&
unconditional
(
&
e
->
arp
))
||
visited
)
{
visited
)
{
unsigned
int
oldpos
,
size
;
unsigned
int
oldpos
,
size
;
if
((
strcmp
(
t
->
target
.
u
.
user
.
name
,
if
((
strcmp
(
t
->
target
.
u
.
user
.
name
,
ARP
T_STANDARD_TARGET
)
==
0
)
&&
X
T_STANDARD_TARGET
)
==
0
)
&&
t
->
verdict
<
-
NF_MAX_VERDICT
-
1
)
{
t
->
verdict
<
-
NF_MAX_VERDICT
-
1
)
{
duprintf
(
"mark_source_chains: bad "
duprintf
(
"mark_source_chains: bad "
"negative verdict (%i)
\n
"
,
"negative verdict (%i)
\n
"
,
...
@@ -433,7 +433,7 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
...
@@ -433,7 +433,7 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
int
newpos
=
t
->
verdict
;
int
newpos
=
t
->
verdict
;
if
(
strcmp
(
t
->
target
.
u
.
user
.
name
,
if
(
strcmp
(
t
->
target
.
u
.
user
.
name
,
ARP
T_STANDARD_TARGET
)
==
0
&&
X
T_STANDARD_TARGET
)
==
0
&&
newpos
>=
0
)
{
newpos
>=
0
)
{
if
(
newpos
>
newinfo
->
size
-
if
(
newpos
>
newinfo
->
size
-
sizeof
(
struct
arpt_entry
))
{
sizeof
(
struct
arpt_entry
))
{
...
@@ -1828,7 +1828,7 @@ void arpt_unregister_table(struct xt_table *table)
...
@@ -1828,7 +1828,7 @@ void arpt_unregister_table(struct xt_table *table)
/* The built-in targets: standard (NULL) and error. */
/* The built-in targets: standard (NULL) and error. */
static
struct
xt_target
arpt_builtin_tg
[]
__read_mostly
=
{
static
struct
xt_target
arpt_builtin_tg
[]
__read_mostly
=
{
{
{
.
name
=
ARP
T_STANDARD_TARGET
,
.
name
=
X
T_STANDARD_TARGET
,
.
targetsize
=
sizeof
(
int
),
.
targetsize
=
sizeof
(
int
),
.
family
=
NFPROTO_ARP
,
.
family
=
NFPROTO_ARP
,
#ifdef CONFIG_COMPAT
#ifdef CONFIG_COMPAT
...
@@ -1838,7 +1838,7 @@ static struct xt_target arpt_builtin_tg[] __read_mostly = {
...
@@ -1838,7 +1838,7 @@ static struct xt_target arpt_builtin_tg[] __read_mostly = {
#endif
#endif
},
},
{
{
.
name
=
ARP
T_ERROR_TARGET
,
.
name
=
X
T_ERROR_TARGET
,
.
target
=
arpt_error
,
.
target
=
arpt_error
,
.
targetsize
=
XT_FUNCTION_MAXNAMELEN
,
.
targetsize
=
XT_FUNCTION_MAXNAMELEN
,
.
family
=
NFPROTO_ARP
,
.
family
=
NFPROTO_ARP
,
...
...
net/ipv4/netfilter/arpt_mangle.c
View file @
243bf6e2
...
@@ -63,7 +63,7 @@ static int checkentry(const struct xt_tgchk_param *par)
...
@@ -63,7 +63,7 @@ static int checkentry(const struct xt_tgchk_param *par)
return
false
;
return
false
;
if
(
mangle
->
target
!=
NF_DROP
&&
mangle
->
target
!=
NF_ACCEPT
&&
if
(
mangle
->
target
!=
NF_DROP
&&
mangle
->
target
!=
NF_ACCEPT
&&
mangle
->
target
!=
ARP
T_CONTINUE
)
mangle
->
target
!=
X
T_CONTINUE
)
return
false
;
return
false
;
return
true
;
return
true
;
}
}
...
...
net/ipv4/netfilter/ip_tables.c
View file @
243bf6e2
...
@@ -232,7 +232,7 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e,
...
@@ -232,7 +232,7 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e,
{
{
const
struct
xt_standard_target
*
t
=
(
void
*
)
ipt_get_target_c
(
s
);
const
struct
xt_standard_target
*
t
=
(
void
*
)
ipt_get_target_c
(
s
);
if
(
strcmp
(
t
->
target
.
u
.
kernel
.
target
->
name
,
IP
T_ERROR_TARGET
)
==
0
)
{
if
(
strcmp
(
t
->
target
.
u
.
kernel
.
target
->
name
,
X
T_ERROR_TARGET
)
==
0
)
{
/* Head of user chain: ERROR target with chainname */
/* Head of user chain: ERROR target with chainname */
*
chainname
=
t
->
target
.
data
;
*
chainname
=
t
->
target
.
data
;
(
*
rulenum
)
=
0
;
(
*
rulenum
)
=
0
;
...
@@ -241,7 +241,7 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e,
...
@@ -241,7 +241,7 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e,
if
(
s
->
target_offset
==
sizeof
(
struct
ipt_entry
)
&&
if
(
s
->
target_offset
==
sizeof
(
struct
ipt_entry
)
&&
strcmp
(
t
->
target
.
u
.
kernel
.
target
->
name
,
strcmp
(
t
->
target
.
u
.
kernel
.
target
->
name
,
IP
T_STANDARD_TARGET
)
==
0
&&
X
T_STANDARD_TARGET
)
==
0
&&
t
->
verdict
<
0
&&
t
->
verdict
<
0
&&
unconditional
(
&
s
->
ip
))
{
unconditional
(
&
s
->
ip
))
{
/* Tail of chains: STANDARD target (return/policy) */
/* Tail of chains: STANDARD target (return/policy) */
...
@@ -383,7 +383,7 @@ ipt_do_table(struct sk_buff *skb,
...
@@ -383,7 +383,7 @@ ipt_do_table(struct sk_buff *skb,
v
=
((
struct
xt_standard_target
*
)
t
)
->
verdict
;
v
=
((
struct
xt_standard_target
*
)
t
)
->
verdict
;
if
(
v
<
0
)
{
if
(
v
<
0
)
{
/* Pop from stack? */
/* Pop from stack? */
if
(
v
!=
IP
T_RETURN
)
{
if
(
v
!=
X
T_RETURN
)
{
verdict
=
(
unsigned
)(
-
v
)
-
1
;
verdict
=
(
unsigned
)(
-
v
)
-
1
;
break
;
break
;
}
}
...
@@ -421,7 +421,7 @@ ipt_do_table(struct sk_buff *skb,
...
@@ -421,7 +421,7 @@ ipt_do_table(struct sk_buff *skb,
verdict
=
t
->
u
.
kernel
.
target
->
target
(
skb
,
&
acpar
);
verdict
=
t
->
u
.
kernel
.
target
->
target
(
skb
,
&
acpar
);
/* Target might have changed stuff. */
/* Target might have changed stuff. */
ip
=
ip_hdr
(
skb
);
ip
=
ip_hdr
(
skb
);
if
(
verdict
==
IP
T_CONTINUE
)
if
(
verdict
==
X
T_CONTINUE
)
e
=
ipt_next_entry
(
e
);
e
=
ipt_next_entry
(
e
);
else
else
/* Verdict */
/* Verdict */
...
@@ -475,13 +475,13 @@ mark_source_chains(const struct xt_table_info *newinfo,
...
@@ -475,13 +475,13 @@ mark_source_chains(const struct xt_table_info *newinfo,
/* Unconditional return/END. */
/* Unconditional return/END. */
if
((
e
->
target_offset
==
sizeof
(
struct
ipt_entry
)
&&
if
((
e
->
target_offset
==
sizeof
(
struct
ipt_entry
)
&&
(
strcmp
(
t
->
target
.
u
.
user
.
name
,
(
strcmp
(
t
->
target
.
u
.
user
.
name
,
IP
T_STANDARD_TARGET
)
==
0
)
&&
X
T_STANDARD_TARGET
)
==
0
)
&&
t
->
verdict
<
0
&&
unconditional
(
&
e
->
ip
))
||
t
->
verdict
<
0
&&
unconditional
(
&
e
->
ip
))
||
visited
)
{
visited
)
{
unsigned
int
oldpos
,
size
;
unsigned
int
oldpos
,
size
;
if
((
strcmp
(
t
->
target
.
u
.
user
.
name
,
if
((
strcmp
(
t
->
target
.
u
.
user
.
name
,
IP
T_STANDARD_TARGET
)
==
0
)
&&
X
T_STANDARD_TARGET
)
==
0
)
&&
t
->
verdict
<
-
NF_MAX_VERDICT
-
1
)
{
t
->
verdict
<
-
NF_MAX_VERDICT
-
1
)
{
duprintf
(
"mark_source_chains: bad "
duprintf
(
"mark_source_chains: bad "
"negative verdict (%i)
\n
"
,
"negative verdict (%i)
\n
"
,
...
@@ -524,7 +524,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
...
@@ -524,7 +524,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
int
newpos
=
t
->
verdict
;
int
newpos
=
t
->
verdict
;
if
(
strcmp
(
t
->
target
.
u
.
user
.
name
,
if
(
strcmp
(
t
->
target
.
u
.
user
.
name
,
IP
T_STANDARD_TARGET
)
==
0
&&
X
T_STANDARD_TARGET
)
==
0
&&
newpos
>=
0
)
{
newpos
>=
0
)
{
if
(
newpos
>
newinfo
->
size
-
if
(
newpos
>
newinfo
->
size
-
sizeof
(
struct
ipt_entry
))
{
sizeof
(
struct
ipt_entry
))
{
...
@@ -2176,7 +2176,7 @@ static int icmp_checkentry(const struct xt_mtchk_param *par)
...
@@ -2176,7 +2176,7 @@ static int icmp_checkentry(const struct xt_mtchk_param *par)
static
struct
xt_target
ipt_builtin_tg
[]
__read_mostly
=
{
static
struct
xt_target
ipt_builtin_tg
[]
__read_mostly
=
{
{
{
.
name
=
IP
T_STANDARD_TARGET
,
.
name
=
X
T_STANDARD_TARGET
,
.
targetsize
=
sizeof
(
int
),
.
targetsize
=
sizeof
(
int
),
.
family
=
NFPROTO_IPV4
,
.
family
=
NFPROTO_IPV4
,
#ifdef CONFIG_COMPAT
#ifdef CONFIG_COMPAT
...
@@ -2186,7 +2186,7 @@ static struct xt_target ipt_builtin_tg[] __read_mostly = {
...
@@ -2186,7 +2186,7 @@ static struct xt_target ipt_builtin_tg[] __read_mostly = {
#endif
#endif
},
},
{
{
.
name
=
IP
T_ERROR_TARGET
,
.
name
=
X
T_ERROR_TARGET
,
.
target
=
ipt_error
,
.
target
=
ipt_error
,
.
targetsize
=
XT_FUNCTION_MAXNAMELEN
,
.
targetsize
=
XT_FUNCTION_MAXNAMELEN
,
.
family
=
NFPROTO_IPV4
,
.
family
=
NFPROTO_IPV4
,
...
...
net/ipv6/netfilter/ip6_tables.c
View file @
243bf6e2
...
@@ -262,7 +262,7 @@ get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e,
...
@@ -262,7 +262,7 @@ get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e,
{
{
const
struct
xt_standard_target
*
t
=
(
void
*
)
ip6t_get_target_c
(
s
);
const
struct
xt_standard_target
*
t
=
(
void
*
)
ip6t_get_target_c
(
s
);
if
(
strcmp
(
t
->
target
.
u
.
kernel
.
target
->
name
,
IP6
T_ERROR_TARGET
)
==
0
)
{
if
(
strcmp
(
t
->
target
.
u
.
kernel
.
target
->
name
,
X
T_ERROR_TARGET
)
==
0
)
{
/* Head of user chain: ERROR target with chainname */
/* Head of user chain: ERROR target with chainname */
*
chainname
=
t
->
target
.
data
;
*
chainname
=
t
->
target
.
data
;
(
*
rulenum
)
=
0
;
(
*
rulenum
)
=
0
;
...
@@ -271,7 +271,7 @@ get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e,
...
@@ -271,7 +271,7 @@ get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e,
if
(
s
->
target_offset
==
sizeof
(
struct
ip6t_entry
)
&&
if
(
s
->
target_offset
==
sizeof
(
struct
ip6t_entry
)
&&
strcmp
(
t
->
target
.
u
.
kernel
.
target
->
name
,
strcmp
(
t
->
target
.
u
.
kernel
.
target
->
name
,
IP6
T_STANDARD_TARGET
)
==
0
&&
X
T_STANDARD_TARGET
)
==
0
&&
t
->
verdict
<
0
&&
t
->
verdict
<
0
&&
unconditional
(
&
s
->
ipv6
))
{
unconditional
(
&
s
->
ipv6
))
{
/* Tail of chains: STANDARD target (return/policy) */
/* Tail of chains: STANDARD target (return/policy) */
...
@@ -406,7 +406,7 @@ ip6t_do_table(struct sk_buff *skb,
...
@@ -406,7 +406,7 @@ ip6t_do_table(struct sk_buff *skb,
v
=
((
struct
xt_standard_target
*
)
t
)
->
verdict
;
v
=
((
struct
xt_standard_target
*
)
t
)
->
verdict
;
if
(
v
<
0
)
{
if
(
v
<
0
)
{
/* Pop from stack? */
/* Pop from stack? */
if
(
v
!=
IP6
T_RETURN
)
{
if
(
v
!=
X
T_RETURN
)
{
verdict
=
(
unsigned
)(
-
v
)
-
1
;
verdict
=
(
unsigned
)(
-
v
)
-
1
;
break
;
break
;
}
}
...
@@ -434,7 +434,7 @@ ip6t_do_table(struct sk_buff *skb,
...
@@ -434,7 +434,7 @@ ip6t_do_table(struct sk_buff *skb,
acpar
.
targinfo
=
t
->
data
;
acpar
.
targinfo
=
t
->
data
;
verdict
=
t
->
u
.
kernel
.
target
->
target
(
skb
,
&
acpar
);
verdict
=
t
->
u
.
kernel
.
target
->
target
(
skb
,
&
acpar
);
if
(
verdict
==
IP6
T_CONTINUE
)
if
(
verdict
==
X
T_CONTINUE
)
e
=
ip6t_next_entry
(
e
);
e
=
ip6t_next_entry
(
e
);
else
else
/* Verdict */
/* Verdict */
...
@@ -488,13 +488,13 @@ mark_source_chains(const struct xt_table_info *newinfo,
...
@@ -488,13 +488,13 @@ mark_source_chains(const struct xt_table_info *newinfo,
/* Unconditional return/END. */
/* Unconditional return/END. */
if
((
e
->
target_offset
==
sizeof
(
struct
ip6t_entry
)
&&
if
((
e
->
target_offset
==
sizeof
(
struct
ip6t_entry
)
&&
(
strcmp
(
t
->
target
.
u
.
user
.
name
,
(
strcmp
(
t
->
target
.
u
.
user
.
name
,
IP6
T_STANDARD_TARGET
)
==
0
)
&&
X
T_STANDARD_TARGET
)
==
0
)
&&
t
->
verdict
<
0
&&
t
->
verdict
<
0
&&
unconditional
(
&
e
->
ipv6
))
||
visited
)
{
unconditional
(
&
e
->
ipv6
))
||
visited
)
{
unsigned
int
oldpos
,
size
;
unsigned
int
oldpos
,
size
;
if
((
strcmp
(
t
->
target
.
u
.
user
.
name
,
if
((
strcmp
(
t
->
target
.
u
.
user
.
name
,
IP6
T_STANDARD_TARGET
)
==
0
)
&&
X
T_STANDARD_TARGET
)
==
0
)
&&
t
->
verdict
<
-
NF_MAX_VERDICT
-
1
)
{
t
->
verdict
<
-
NF_MAX_VERDICT
-
1
)
{
duprintf
(
"mark_source_chains: bad "
duprintf
(
"mark_source_chains: bad "
"negative verdict (%i)
\n
"
,
"negative verdict (%i)
\n
"
,
...
@@ -537,7 +537,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
...
@@ -537,7 +537,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
int
newpos
=
t
->
verdict
;
int
newpos
=
t
->
verdict
;
if
(
strcmp
(
t
->
target
.
u
.
user
.
name
,
if
(
strcmp
(
t
->
target
.
u
.
user
.
name
,
IP6
T_STANDARD_TARGET
)
==
0
&&
X
T_STANDARD_TARGET
)
==
0
&&
newpos
>=
0
)
{
newpos
>=
0
)
{
if
(
newpos
>
newinfo
->
size
-
if
(
newpos
>
newinfo
->
size
-
sizeof
(
struct
ip6t_entry
))
{
sizeof
(
struct
ip6t_entry
))
{
...
@@ -2191,7 +2191,7 @@ static int icmp6_checkentry(const struct xt_mtchk_param *par)
...
@@ -2191,7 +2191,7 @@ static int icmp6_checkentry(const struct xt_mtchk_param *par)
/* The built-in targets: standard (NULL) and error. */
/* The built-in targets: standard (NULL) and error. */
static
struct
xt_target
ip6t_builtin_tg
[]
__read_mostly
=
{
static
struct
xt_target
ip6t_builtin_tg
[]
__read_mostly
=
{
{
{
.
name
=
IP6
T_STANDARD_TARGET
,
.
name
=
X
T_STANDARD_TARGET
,
.
targetsize
=
sizeof
(
int
),
.
targetsize
=
sizeof
(
int
),
.
family
=
NFPROTO_IPV6
,
.
family
=
NFPROTO_IPV6
,
#ifdef CONFIG_COMPAT
#ifdef CONFIG_COMPAT
...
@@ -2201,7 +2201,7 @@ static struct xt_target ip6t_builtin_tg[] __read_mostly = {
...
@@ -2201,7 +2201,7 @@ static struct xt_target ip6t_builtin_tg[] __read_mostly = {
#endif
#endif
},
},
{
{
.
name
=
IP6
T_ERROR_TARGET
,
.
name
=
X
T_ERROR_TARGET
,
.
target
=
ip6t_error
,
.
target
=
ip6t_error
,
.
targetsize
=
XT_FUNCTION_MAXNAMELEN
,
.
targetsize
=
XT_FUNCTION_MAXNAMELEN
,
.
family
=
NFPROTO_IPV6
,
.
family
=
NFPROTO_IPV6
,
...
...
net/sched/act_ipt.c
View file @
243bf6e2
...
@@ -230,7 +230,7 @@ static int tcf_ipt(struct sk_buff *skb, struct tc_action *a,
...
@@ -230,7 +230,7 @@ static int tcf_ipt(struct sk_buff *skb, struct tc_action *a,
result
=
TC_ACT_SHOT
;
result
=
TC_ACT_SHOT
;
ipt
->
tcf_qstats
.
drops
++
;
ipt
->
tcf_qstats
.
drops
++
;
break
;
break
;
case
IP
T_CONTINUE
:
case
X
T_CONTINUE
:
result
=
TC_ACT_PIPE
;
result
=
TC_ACT_PIPE
;
break
;
break
;
default:
default:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment