Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
87a2e70d
Commit
87a2e70d
authored
Oct 13, 2010
by
Jan Engelhardt
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
netfilter: xtables: resolve indirect macros 2/3
Signed-off-by:
Jan Engelhardt
<
jengelh@medozas.de
>
parent
12b00c2c
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
103 additions
and
108 deletions
+103
-108
include/linux/netfilter_arp/arp_tables.h
include/linux/netfilter_arp/arp_tables.h
+7
-8
include/linux/netfilter_ipv4/ip_tables.h
include/linux/netfilter_ipv4/ip_tables.h
+8
-10
include/linux/netfilter_ipv6/ip6_tables.h
include/linux/netfilter_ipv6/ip6_tables.h
+9
-11
net/ipv4/netfilter/arp_tables.c
net/ipv4/netfilter/arp_tables.c
+19
-19
net/ipv4/netfilter/ip_tables.c
net/ipv4/netfilter/ip_tables.c
+27
-27
net/ipv6/netfilter/ip6_tables.c
net/ipv6/netfilter/ip6_tables.c
+27
-27
net/sched/act_ipt.c
net/sched/act_ipt.c
+6
-6
No files found.
include/linux/netfilter_arp/arp_tables.h
View file @
87a2e70d
...
@@ -24,6 +24,8 @@
...
@@ -24,6 +24,8 @@
#ifndef __KERNEL__
#ifndef __KERNEL__
#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
#define arpt_entry_target xt_entry_target
#define arpt_standard_target xt_standard_target
#endif
#endif
#define ARPT_DEV_ADDR_LEN_MAX 16
#define ARPT_DEV_ADDR_LEN_MAX 16
...
@@ -65,9 +67,6 @@ struct arpt_arp {
...
@@ -65,9 +67,6 @@ struct arpt_arp {
u_int16_t
invflags
;
u_int16_t
invflags
;
};
};
#define arpt_entry_target xt_entry_target
#define arpt_standard_target xt_standard_target
/* Values for "flag" field in struct arpt_ip (general arp structure).
/* Values for "flag" field in struct arpt_ip (general arp structure).
* No flags defined yet.
* No flags defined yet.
*/
*/
...
@@ -208,7 +207,7 @@ struct arpt_get_entries {
...
@@ -208,7 +207,7 @@ struct arpt_get_entries {
#define ARPT_ERROR_TARGET XT_ERROR_TARGET
#define ARPT_ERROR_TARGET XT_ERROR_TARGET
/* Helper functions */
/* Helper functions */
static
__inline__
struct
arp
t_entry_target
*
arpt_get_target
(
struct
arpt_entry
*
e
)
static
__inline__
struct
x
t_entry_target
*
arpt_get_target
(
struct
arpt_entry
*
e
)
{
{
return
(
void
*
)
e
+
e
->
target_offset
;
return
(
void
*
)
e
+
e
->
target_offset
;
}
}
...
@@ -227,11 +226,11 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e
...
@@ -227,11 +226,11 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e
/* Standard entry. */
/* Standard entry. */
struct
arpt_standard
{
struct
arpt_standard
{
struct
arpt_entry
entry
;
struct
arpt_entry
entry
;
struct
arp
t_standard_target
target
;
struct
x
t_standard_target
target
;
};
};
struct
arpt_error_target
{
struct
arpt_error_target
{
struct
arp
t_entry_target
target
;
struct
x
t_entry_target
target
;
char
errorname
[
XT_FUNCTION_MAXNAMELEN
];
char
errorname
[
XT_FUNCTION_MAXNAMELEN
];
};
};
...
@@ -250,7 +249,7 @@ struct arpt_error {
...
@@ -250,7 +249,7 @@ struct arpt_error {
{ \
{ \
.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \
.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \
.target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \
.target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \
sizeof(struct
arp
t_standard_target)), \
sizeof(struct
x
t_standard_target)), \
.target.verdict = -(__verdict) - 1, \
.target.verdict = -(__verdict) - 1, \
}
}
...
@@ -287,7 +286,7 @@ struct compat_arpt_entry {
...
@@ -287,7 +286,7 @@ struct compat_arpt_entry {
unsigned
char
elems
[
0
];
unsigned
char
elems
[
0
];
};
};
static
inline
struct
arp
t_entry_target
*
static
inline
struct
x
t_entry_target
*
compat_arpt_get_target
(
struct
compat_arpt_entry
*
e
)
compat_arpt_get_target
(
struct
compat_arpt_entry
*
e
)
{
{
return
(
void
*
)
e
+
e
->
target_offset
;
return
(
void
*
)
e
+
e
->
target_offset
;
...
...
include/linux/netfilter_ipv4/ip_tables.h
View file @
87a2e70d
...
@@ -34,6 +34,10 @@
...
@@ -34,6 +34,10 @@
#define ipt_target xt_target
#define ipt_target xt_target
#define ipt_table xt_table
#define ipt_table xt_table
#define ipt_get_revision xt_get_revision
#define ipt_get_revision xt_get_revision
#define ipt_entry_match xt_entry_match
#define ipt_entry_target xt_entry_target
#define ipt_standard_target xt_standard_target
#define ipt_counters xt_counters
#endif
#endif
/* Yes, Virginia, you have to zero the padding. */
/* Yes, Virginia, you have to zero the padding. */
...
@@ -54,12 +58,6 @@ struct ipt_ip {
...
@@ -54,12 +58,6 @@ struct ipt_ip {
u_int8_t
invflags
;
u_int8_t
invflags
;
};
};
#define ipt_entry_match xt_entry_match
#define ipt_entry_target xt_entry_target
#define ipt_standard_target xt_standard_target
#define ipt_counters xt_counters
/* Values for "flag" field in struct ipt_ip (general ip structure). */
/* Values for "flag" field in struct ipt_ip (general ip structure). */
#define IPT_F_FRAG 0x01
/* Set if rule is a fragment rule */
#define IPT_F_FRAG 0x01
/* Set if rule is a fragment rule */
#define IPT_F_GOTO 0x02
/* Set if jump is a goto */
#define IPT_F_GOTO 0x02
/* Set if jump is a goto */
...
@@ -219,7 +217,7 @@ struct ipt_get_entries {
...
@@ -219,7 +217,7 @@ struct ipt_get_entries {
#define IPT_ERROR_TARGET XT_ERROR_TARGET
#define IPT_ERROR_TARGET XT_ERROR_TARGET
/* Helper functions */
/* Helper functions */
static
__inline__
struct
ip
t_entry_target
*
static
__inline__
struct
x
t_entry_target
*
ipt_get_target
(
struct
ipt_entry
*
e
)
ipt_get_target
(
struct
ipt_entry
*
e
)
{
{
return
(
void
*
)
e
+
e
->
target_offset
;
return
(
void
*
)
e
+
e
->
target_offset
;
...
@@ -251,11 +249,11 @@ extern void ipt_unregister_table(struct net *net, struct xt_table *table);
...
@@ -251,11 +249,11 @@ extern void ipt_unregister_table(struct net *net, struct xt_table *table);
/* Standard entry. */
/* Standard entry. */
struct
ipt_standard
{
struct
ipt_standard
{
struct
ipt_entry
entry
;
struct
ipt_entry
entry
;
struct
ip
t_standard_target
target
;
struct
x
t_standard_target
target
;
};
};
struct
ipt_error_target
{
struct
ipt_error_target
{
struct
ip
t_entry_target
target
;
struct
x
t_entry_target
target
;
char
errorname
[
XT_FUNCTION_MAXNAMELEN
];
char
errorname
[
XT_FUNCTION_MAXNAMELEN
];
};
};
...
@@ -309,7 +307,7 @@ struct compat_ipt_entry {
...
@@ -309,7 +307,7 @@ struct compat_ipt_entry {
};
};
/* Helper functions */
/* Helper functions */
static
inline
struct
ip
t_entry_target
*
static
inline
struct
x
t_entry_target
*
compat_ipt_get_target
(
struct
compat_ipt_entry
*
e
)
compat_ipt_get_target
(
struct
compat_ipt_entry
*
e
)
{
{
return
(
void
*
)
e
+
e
->
target_offset
;
return
(
void
*
)
e
+
e
->
target_offset
;
...
...
include/linux/netfilter_ipv6/ip6_tables.h
View file @
87a2e70d
...
@@ -34,6 +34,10 @@
...
@@ -34,6 +34,10 @@
#define ip6t_target xt_target
#define ip6t_target xt_target
#define ip6t_table xt_table
#define ip6t_table xt_table
#define ip6t_get_revision xt_get_revision
#define ip6t_get_revision xt_get_revision
#define ip6t_entry_match xt_entry_match
#define ip6t_entry_target xt_entry_target
#define ip6t_standard_target xt_standard_target
#define ip6t_counters xt_counters
#endif
#endif
/* Yes, Virginia, you have to zero the padding. */
/* Yes, Virginia, you have to zero the padding. */
...
@@ -63,12 +67,6 @@ struct ip6t_ip6 {
...
@@ -63,12 +67,6 @@ struct ip6t_ip6 {
u_int8_t
invflags
;
u_int8_t
invflags
;
};
};
#define ip6t_entry_match xt_entry_match
#define ip6t_entry_target xt_entry_target
#define ip6t_standard_target xt_standard_target
#define ip6t_counters xt_counters
/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
#define IP6T_F_PROTO 0x01
/* Set if rule cares about upper
#define IP6T_F_PROTO 0x01
/* Set if rule cares about upper
protocols */
protocols */
...
@@ -113,11 +111,11 @@ struct ip6t_entry {
...
@@ -113,11 +111,11 @@ struct ip6t_entry {
/* Standard entry */
/* Standard entry */
struct
ip6t_standard
{
struct
ip6t_standard
{
struct
ip6t_entry
entry
;
struct
ip6t_entry
entry
;
struct
ip6
t_standard_target
target
;
struct
x
t_standard_target
target
;
};
};
struct
ip6t_error_target
{
struct
ip6t_error_target
{
struct
ip6
t_entry_target
target
;
struct
x
t_entry_target
target
;
char
errorname
[
XT_FUNCTION_MAXNAMELEN
];
char
errorname
[
XT_FUNCTION_MAXNAMELEN
];
};
};
...
@@ -136,7 +134,7 @@ struct ip6t_error {
...
@@ -136,7 +134,7 @@ struct ip6t_error {
{ \
{ \
.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
.target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \
.target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \
sizeof(struct
ip6t_standard_target)),
\
sizeof(struct
xt_standard_target)),
\
.target.verdict = -(__verdict) - 1, \
.target.verdict = -(__verdict) - 1, \
}
}
...
@@ -275,7 +273,7 @@ struct ip6t_get_entries {
...
@@ -275,7 +273,7 @@ struct ip6t_get_entries {
#define IP6T_ERROR_TARGET XT_ERROR_TARGET
#define IP6T_ERROR_TARGET XT_ERROR_TARGET
/* Helper functions */
/* Helper functions */
static
__inline__
struct
ip6
t_entry_target
*
static
__inline__
struct
x
t_entry_target
*
ip6t_get_target
(
struct
ip6t_entry
*
e
)
ip6t_get_target
(
struct
ip6t_entry
*
e
)
{
{
return
(
void
*
)
e
+
e
->
target_offset
;
return
(
void
*
)
e
+
e
->
target_offset
;
...
@@ -332,7 +330,7 @@ struct compat_ip6t_entry {
...
@@ -332,7 +330,7 @@ struct compat_ip6t_entry {
unsigned
char
elems
[
0
];
unsigned
char
elems
[
0
];
};
};
static
inline
struct
ip6
t_entry_target
*
static
inline
struct
x
t_entry_target
*
compat_ip6t_get_target
(
struct
compat_ip6t_entry
*
e
)
compat_ip6t_get_target
(
struct
compat_ip6t_entry
*
e
)
{
{
return
(
void
*
)
e
+
e
->
target_offset
;
return
(
void
*
)
e
+
e
->
target_offset
;
...
...
net/ipv4/netfilter/arp_tables.c
View file @
87a2e70d
...
@@ -228,7 +228,7 @@ arpt_error(struct sk_buff *skb, const struct xt_action_param *par)
...
@@ -228,7 +228,7 @@ arpt_error(struct sk_buff *skb, const struct xt_action_param *par)
return
NF_DROP
;
return
NF_DROP
;
}
}
static
inline
const
struct
arp
t_entry_target
*
static
inline
const
struct
x
t_entry_target
*
arpt_get_target_c
(
const
struct
arpt_entry
*
e
)
arpt_get_target_c
(
const
struct
arpt_entry
*
e
)
{
{
return
arpt_get_target
((
struct
arpt_entry
*
)
e
);
return
arpt_get_target
((
struct
arpt_entry
*
)
e
);
...
@@ -282,7 +282,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
...
@@ -282,7 +282,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
arp
=
arp_hdr
(
skb
);
arp
=
arp_hdr
(
skb
);
do
{
do
{
const
struct
arp
t_entry_target
*
t
;
const
struct
x
t_entry_target
*
t
;
if
(
!
arp_packet_match
(
arp
,
skb
->
dev
,
indev
,
outdev
,
&
e
->
arp
))
{
if
(
!
arp_packet_match
(
arp
,
skb
->
dev
,
indev
,
outdev
,
&
e
->
arp
))
{
e
=
arpt_next_entry
(
e
);
e
=
arpt_next_entry
(
e
);
...
@@ -297,7 +297,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
...
@@ -297,7 +297,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
if
(
!
t
->
u
.
kernel
.
target
->
target
)
{
if
(
!
t
->
u
.
kernel
.
target
->
target
)
{
int
v
;
int
v
;
v
=
((
struct
arp
t_standard_target
*
)
t
)
->
verdict
;
v
=
((
struct
x
t_standard_target
*
)
t
)
->
verdict
;
if
(
v
<
0
)
{
if
(
v
<
0
)
{
/* Pop from stack? */
/* Pop from stack? */
if
(
v
!=
ARPT_RETURN
)
{
if
(
v
!=
ARPT_RETURN
)
{
...
@@ -377,7 +377,7 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
...
@@ -377,7 +377,7 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
e
->
counters
.
pcnt
=
pos
;
e
->
counters
.
pcnt
=
pos
;
for
(;;)
{
for
(;;)
{
const
struct
arp
t_standard_target
*
t
const
struct
x
t_standard_target
*
t
=
(
void
*
)
arpt_get_target_c
(
e
);
=
(
void
*
)
arpt_get_target_c
(
e
);
int
visited
=
e
->
comefrom
&
(
1
<<
hook
);
int
visited
=
e
->
comefrom
&
(
1
<<
hook
);
...
@@ -464,14 +464,14 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
...
@@ -464,14 +464,14 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
static
inline
int
check_entry
(
const
struct
arpt_entry
*
e
,
const
char
*
name
)
static
inline
int
check_entry
(
const
struct
arpt_entry
*
e
,
const
char
*
name
)
{
{
const
struct
arp
t_entry_target
*
t
;
const
struct
x
t_entry_target
*
t
;
if
(
!
arp_checkentry
(
&
e
->
arp
))
{
if
(
!
arp_checkentry
(
&
e
->
arp
))
{
duprintf
(
"arp_tables: arp check failed %p %s.
\n
"
,
e
,
name
);
duprintf
(
"arp_tables: arp check failed %p %s.
\n
"
,
e
,
name
);
return
-
EINVAL
;
return
-
EINVAL
;
}
}
if
(
e
->
target_offset
+
sizeof
(
struct
arp
t_entry_target
)
>
e
->
next_offset
)
if
(
e
->
target_offset
+
sizeof
(
struct
x
t_entry_target
)
>
e
->
next_offset
)
return
-
EINVAL
;
return
-
EINVAL
;
t
=
arpt_get_target_c
(
e
);
t
=
arpt_get_target_c
(
e
);
...
@@ -483,7 +483,7 @@ static inline int check_entry(const struct arpt_entry *e, const char *name)
...
@@ -483,7 +483,7 @@ static inline int check_entry(const struct arpt_entry *e, const char *name)
static
inline
int
check_target
(
struct
arpt_entry
*
e
,
const
char
*
name
)
static
inline
int
check_target
(
struct
arpt_entry
*
e
,
const
char
*
name
)
{
{
struct
arp
t_entry_target
*
t
=
arpt_get_target
(
e
);
struct
x
t_entry_target
*
t
=
arpt_get_target
(
e
);
int
ret
;
int
ret
;
struct
xt_tgchk_param
par
=
{
struct
xt_tgchk_param
par
=
{
.
table
=
name
,
.
table
=
name
,
...
@@ -506,7 +506,7 @@ static inline int check_target(struct arpt_entry *e, const char *name)
...
@@ -506,7 +506,7 @@ static inline int check_target(struct arpt_entry *e, const char *name)
static
inline
int
static
inline
int
find_check_entry
(
struct
arpt_entry
*
e
,
const
char
*
name
,
unsigned
int
size
)
find_check_entry
(
struct
arpt_entry
*
e
,
const
char
*
name
,
unsigned
int
size
)
{
{
struct
arp
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
xt_target
*
target
;
struct
xt_target
*
target
;
int
ret
;
int
ret
;
...
@@ -536,7 +536,7 @@ find_check_entry(struct arpt_entry *e, const char *name, unsigned int size)
...
@@ -536,7 +536,7 @@ find_check_entry(struct arpt_entry *e, const char *name, unsigned int size)
static
bool
check_underflow
(
const
struct
arpt_entry
*
e
)
static
bool
check_underflow
(
const
struct
arpt_entry
*
e
)
{
{
const
struct
arp
t_entry_target
*
t
;
const
struct
x
t_entry_target
*
t
;
unsigned
int
verdict
;
unsigned
int
verdict
;
if
(
!
unconditional
(
&
e
->
arp
))
if
(
!
unconditional
(
&
e
->
arp
))
...
@@ -544,7 +544,7 @@ static bool check_underflow(const struct arpt_entry *e)
...
@@ -544,7 +544,7 @@ static bool check_underflow(const struct arpt_entry *e)
t
=
arpt_get_target_c
(
e
);
t
=
arpt_get_target_c
(
e
);
if
(
strcmp
(
t
->
u
.
user
.
name
,
XT_STANDARD_TARGET
)
!=
0
)
if
(
strcmp
(
t
->
u
.
user
.
name
,
XT_STANDARD_TARGET
)
!=
0
)
return
false
;
return
false
;
verdict
=
((
struct
arp
t_standard_target
*
)
t
)
->
verdict
;
verdict
=
((
struct
x
t_standard_target
*
)
t
)
->
verdict
;
verdict
=
-
verdict
-
1
;
verdict
=
-
verdict
-
1
;
return
verdict
==
NF_DROP
||
verdict
==
NF_ACCEPT
;
return
verdict
==
NF_DROP
||
verdict
==
NF_ACCEPT
;
}
}
...
@@ -566,7 +566,7 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e,
...
@@ -566,7 +566,7 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e,
}
}
if
(
e
->
next_offset
if
(
e
->
next_offset
<
sizeof
(
struct
arpt_entry
)
+
sizeof
(
struct
arp
t_entry_target
))
{
<
sizeof
(
struct
arpt_entry
)
+
sizeof
(
struct
x
t_entry_target
))
{
duprintf
(
"checking: element %p size %u
\n
"
,
duprintf
(
"checking: element %p size %u
\n
"
,
e
,
e
->
next_offset
);
e
,
e
->
next_offset
);
return
-
EINVAL
;
return
-
EINVAL
;
...
@@ -598,7 +598,7 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e,
...
@@ -598,7 +598,7 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e,
static
inline
void
cleanup_entry
(
struct
arpt_entry
*
e
)
static
inline
void
cleanup_entry
(
struct
arpt_entry
*
e
)
{
{
struct
xt_tgdtor_param
par
;
struct
xt_tgdtor_param
par
;
struct
arp
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
t
=
arpt_get_target
(
e
);
t
=
arpt_get_target
(
e
);
par
.
target
=
t
->
u
.
kernel
.
target
;
par
.
target
=
t
->
u
.
kernel
.
target
;
...
@@ -794,7 +794,7 @@ static int copy_entries_to_user(unsigned int total_size,
...
@@ -794,7 +794,7 @@ static int copy_entries_to_user(unsigned int total_size,
/* FIXME: use iterator macros --RR */
/* FIXME: use iterator macros --RR */
/* ... then go back and fix counters and names */
/* ... then go back and fix counters and names */
for
(
off
=
0
,
num
=
0
;
off
<
total_size
;
off
+=
e
->
next_offset
,
num
++
){
for
(
off
=
0
,
num
=
0
;
off
<
total_size
;
off
+=
e
->
next_offset
,
num
++
){
const
struct
arp
t_entry_target
*
t
;
const
struct
x
t_entry_target
*
t
;
e
=
(
struct
arpt_entry
*
)(
loc_cpu_entry
+
off
);
e
=
(
struct
arpt_entry
*
)(
loc_cpu_entry
+
off
);
if
(
copy_to_user
(
userptr
+
off
if
(
copy_to_user
(
userptr
+
off
...
@@ -807,7 +807,7 @@ static int copy_entries_to_user(unsigned int total_size,
...
@@ -807,7 +807,7 @@ static int copy_entries_to_user(unsigned int total_size,
t
=
arpt_get_target_c
(
e
);
t
=
arpt_get_target_c
(
e
);
if
(
copy_to_user
(
userptr
+
off
+
e
->
target_offset
if
(
copy_to_user
(
userptr
+
off
+
e
->
target_offset
+
offsetof
(
struct
arp
t_entry_target
,
+
offsetof
(
struct
x
t_entry_target
,
u
.
user
.
name
),
u
.
user
.
name
),
t
->
u
.
kernel
.
target
->
name
,
t
->
u
.
kernel
.
target
->
name
,
strlen
(
t
->
u
.
kernel
.
target
->
name
)
+
1
)
!=
0
)
{
strlen
(
t
->
u
.
kernel
.
target
->
name
)
+
1
)
!=
0
)
{
...
@@ -844,7 +844,7 @@ static int compat_calc_entry(const struct arpt_entry *e,
...
@@ -844,7 +844,7 @@ static int compat_calc_entry(const struct arpt_entry *e,
const
struct
xt_table_info
*
info
,
const
struct
xt_table_info
*
info
,
const
void
*
base
,
struct
xt_table_info
*
newinfo
)
const
void
*
base
,
struct
xt_table_info
*
newinfo
)
{
{
const
struct
arp
t_entry_target
*
t
;
const
struct
x
t_entry_target
*
t
;
unsigned
int
entry_offset
;
unsigned
int
entry_offset
;
int
off
,
i
,
ret
;
int
off
,
i
,
ret
;
...
@@ -1204,7 +1204,7 @@ static int do_add_counters(struct net *net, const void __user *user,
...
@@ -1204,7 +1204,7 @@ static int do_add_counters(struct net *net, const void __user *user,
#ifdef CONFIG_COMPAT
#ifdef CONFIG_COMPAT
static
inline
void
compat_release_entry
(
struct
compat_arpt_entry
*
e
)
static
inline
void
compat_release_entry
(
struct
compat_arpt_entry
*
e
)
{
{
struct
arp
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
t
=
compat_arpt_get_target
(
e
);
t
=
compat_arpt_get_target
(
e
);
module_put
(
t
->
u
.
kernel
.
target
->
me
);
module_put
(
t
->
u
.
kernel
.
target
->
me
);
...
@@ -1220,7 +1220,7 @@ check_compat_entry_size_and_hooks(struct compat_arpt_entry *e,
...
@@ -1220,7 +1220,7 @@ check_compat_entry_size_and_hooks(struct compat_arpt_entry *e,
const
unsigned
int
*
underflows
,
const
unsigned
int
*
underflows
,
const
char
*
name
)
const
char
*
name
)
{
{
struct
arp
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
xt_target
*
target
;
struct
xt_target
*
target
;
unsigned
int
entry_offset
;
unsigned
int
entry_offset
;
int
ret
,
off
,
h
;
int
ret
,
off
,
h
;
...
@@ -1288,7 +1288,7 @@ compat_copy_entry_from_user(struct compat_arpt_entry *e, void **dstptr,
...
@@ -1288,7 +1288,7 @@ compat_copy_entry_from_user(struct compat_arpt_entry *e, void **dstptr,
unsigned
int
*
size
,
const
char
*
name
,
unsigned
int
*
size
,
const
char
*
name
,
struct
xt_table_info
*
newinfo
,
unsigned
char
*
base
)
struct
xt_table_info
*
newinfo
,
unsigned
char
*
base
)
{
{
struct
arp
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
xt_target
*
target
;
struct
xt_target
*
target
;
struct
arpt_entry
*
de
;
struct
arpt_entry
*
de
;
unsigned
int
origsize
;
unsigned
int
origsize
;
...
@@ -1567,7 +1567,7 @@ static int compat_copy_entry_to_user(struct arpt_entry *e, void __user **dstptr,
...
@@ -1567,7 +1567,7 @@ static int compat_copy_entry_to_user(struct arpt_entry *e, void __user **dstptr,
struct
xt_counters
*
counters
,
struct
xt_counters
*
counters
,
unsigned
int
i
)
unsigned
int
i
)
{
{
struct
arp
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
compat_arpt_entry
__user
*
ce
;
struct
compat_arpt_entry
__user
*
ce
;
u_int16_t
target_offset
,
next_offset
;
u_int16_t
target_offset
,
next_offset
;
compat_uint_t
origsize
;
compat_uint_t
origsize
;
...
...
net/ipv4/netfilter/ip_tables.c
View file @
87a2e70d
...
@@ -186,7 +186,7 @@ static inline bool unconditional(const struct ipt_ip *ip)
...
@@ -186,7 +186,7 @@ static inline bool unconditional(const struct ipt_ip *ip)
}
}
/* for const-correctness */
/* for const-correctness */
static
inline
const
struct
ip
t_entry_target
*
static
inline
const
struct
x
t_entry_target
*
ipt_get_target_c
(
const
struct
ipt_entry
*
e
)
ipt_get_target_c
(
const
struct
ipt_entry
*
e
)
{
{
return
ipt_get_target
((
struct
ipt_entry
*
)
e
);
return
ipt_get_target
((
struct
ipt_entry
*
)
e
);
...
@@ -230,7 +230,7 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e,
...
@@ -230,7 +230,7 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e,
const
char
*
hookname
,
const
char
**
chainname
,
const
char
*
hookname
,
const
char
**
chainname
,
const
char
**
comment
,
unsigned
int
*
rulenum
)
const
char
**
comment
,
unsigned
int
*
rulenum
)
{
{
const
struct
ip
t_standard_target
*
t
=
(
void
*
)
ipt_get_target_c
(
s
);
const
struct
x
t_standard_target
*
t
=
(
void
*
)
ipt_get_target_c
(
s
);
if
(
strcmp
(
t
->
target
.
u
.
kernel
.
target
->
name
,
IPT_ERROR_TARGET
)
==
0
)
{
if
(
strcmp
(
t
->
target
.
u
.
kernel
.
target
->
name
,
IPT_ERROR_TARGET
)
==
0
)
{
/* Head of user chain: ERROR target with chainname */
/* Head of user chain: ERROR target with chainname */
...
@@ -346,7 +346,7 @@ ipt_do_table(struct sk_buff *skb,
...
@@ -346,7 +346,7 @@ ipt_do_table(struct sk_buff *skb,
get_entry
(
table_base
,
private
->
underflow
[
hook
]));
get_entry
(
table_base
,
private
->
underflow
[
hook
]));
do
{
do
{
const
struct
ip
t_entry_target
*
t
;
const
struct
x
t_entry_target
*
t
;
const
struct
xt_entry_match
*
ematch
;
const
struct
xt_entry_match
*
ematch
;
IP_NF_ASSERT
(
e
);
IP_NF_ASSERT
(
e
);
...
@@ -380,7 +380,7 @@ ipt_do_table(struct sk_buff *skb,
...
@@ -380,7 +380,7 @@ ipt_do_table(struct sk_buff *skb,
if
(
!
t
->
u
.
kernel
.
target
->
target
)
{
if
(
!
t
->
u
.
kernel
.
target
->
target
)
{
int
v
;
int
v
;
v
=
((
struct
ip
t_standard_target
*
)
t
)
->
verdict
;
v
=
((
struct
x
t_standard_target
*
)
t
)
->
verdict
;
if
(
v
<
0
)
{
if
(
v
<
0
)
{
/* Pop from stack? */
/* Pop from stack? */
if
(
v
!=
IPT_RETURN
)
{
if
(
v
!=
IPT_RETURN
)
{
...
@@ -461,7 +461,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
...
@@ -461,7 +461,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
e
->
counters
.
pcnt
=
pos
;
e
->
counters
.
pcnt
=
pos
;
for
(;;)
{
for
(;;)
{
const
struct
ip
t_standard_target
*
t
const
struct
x
t_standard_target
*
t
=
(
void
*
)
ipt_get_target_c
(
e
);
=
(
void
*
)
ipt_get_target_c
(
e
);
int
visited
=
e
->
comefrom
&
(
1
<<
hook
);
int
visited
=
e
->
comefrom
&
(
1
<<
hook
);
...
@@ -552,7 +552,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
...
@@ -552,7 +552,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
return
1
;
return
1
;
}
}
static
void
cleanup_match
(
struct
ip
t_entry_match
*
m
,
struct
net
*
net
)
static
void
cleanup_match
(
struct
x
t_entry_match
*
m
,
struct
net
*
net
)
{
{
struct
xt_mtdtor_param
par
;
struct
xt_mtdtor_param
par
;
...
@@ -568,14 +568,14 @@ static void cleanup_match(struct ipt_entry_match *m, struct net *net)
...
@@ -568,14 +568,14 @@ static void cleanup_match(struct ipt_entry_match *m, struct net *net)
static
int
static
int
check_entry
(
const
struct
ipt_entry
*
e
,
const
char
*
name
)
check_entry
(
const
struct
ipt_entry
*
e
,
const
char
*
name
)
{
{
const
struct
ip
t_entry_target
*
t
;
const
struct
x
t_entry_target
*
t
;
if
(
!
ip_checkentry
(
&
e
->
ip
))
{
if
(
!
ip_checkentry
(
&
e
->
ip
))
{
duprintf
(
"ip check failed %p %s.
\n
"
,
e
,
par
->
match
->
name
);
duprintf
(
"ip check failed %p %s.
\n
"
,
e
,
par
->
match
->
name
);
return
-
EINVAL
;
return
-
EINVAL
;
}
}
if
(
e
->
target_offset
+
sizeof
(
struct
ip
t_entry_target
)
>
if
(
e
->
target_offset
+
sizeof
(
struct
x
t_entry_target
)
>
e
->
next_offset
)
e
->
next_offset
)
return
-
EINVAL
;
return
-
EINVAL
;
...
@@ -587,7 +587,7 @@ check_entry(const struct ipt_entry *e, const char *name)
...
@@ -587,7 +587,7 @@ check_entry(const struct ipt_entry *e, const char *name)
}
}
static
int
static
int
check_match
(
struct
ip
t_entry_match
*
m
,
struct
xt_mtchk_param
*
par
)
check_match
(
struct
x
t_entry_match
*
m
,
struct
xt_mtchk_param
*
par
)
{
{
const
struct
ipt_ip
*
ip
=
par
->
entryinfo
;
const
struct
ipt_ip
*
ip
=
par
->
entryinfo
;
int
ret
;
int
ret
;
...
@@ -605,7 +605,7 @@ check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par)
...
@@ -605,7 +605,7 @@ check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par)
}
}
static
int
static
int
find_check_match
(
struct
ip
t_entry_match
*
m
,
struct
xt_mtchk_param
*
par
)
find_check_match
(
struct
x
t_entry_match
*
m
,
struct
xt_mtchk_param
*
par
)
{
{
struct
xt_match
*
match
;
struct
xt_match
*
match
;
int
ret
;
int
ret
;
...
@@ -630,7 +630,7 @@ find_check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par)
...
@@ -630,7 +630,7 @@ find_check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par)
static
int
check_target
(
struct
ipt_entry
*
e
,
struct
net
*
net
,
const
char
*
name
)
static
int
check_target
(
struct
ipt_entry
*
e
,
struct
net
*
net
,
const
char
*
name
)
{
{
struct
ip
t_entry_target
*
t
=
ipt_get_target
(
e
);
struct
x
t_entry_target
*
t
=
ipt_get_target
(
e
);
struct
xt_tgchk_param
par
=
{
struct
xt_tgchk_param
par
=
{
.
net
=
net
,
.
net
=
net
,
.
table
=
name
,
.
table
=
name
,
...
@@ -656,7 +656,7 @@ static int
...
@@ -656,7 +656,7 @@ static int
find_check_entry
(
struct
ipt_entry
*
e
,
struct
net
*
net
,
const
char
*
name
,
find_check_entry
(
struct
ipt_entry
*
e
,
struct
net
*
net
,
const
char
*
name
,
unsigned
int
size
)
unsigned
int
size
)
{
{
struct
ip
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
xt_target
*
target
;
struct
xt_target
*
target
;
int
ret
;
int
ret
;
unsigned
int
j
;
unsigned
int
j
;
...
@@ -707,7 +707,7 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name,
...
@@ -707,7 +707,7 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name,
static
bool
check_underflow
(
const
struct
ipt_entry
*
e
)
static
bool
check_underflow
(
const
struct
ipt_entry
*
e
)
{
{
const
struct
ip
t_entry_target
*
t
;
const
struct
x
t_entry_target
*
t
;
unsigned
int
verdict
;
unsigned
int
verdict
;
if
(
!
unconditional
(
&
e
->
ip
))
if
(
!
unconditional
(
&
e
->
ip
))
...
@@ -715,7 +715,7 @@ static bool check_underflow(const struct ipt_entry *e)
...
@@ -715,7 +715,7 @@ static bool check_underflow(const struct ipt_entry *e)
t
=
ipt_get_target_c
(
e
);
t
=
ipt_get_target_c
(
e
);
if
(
strcmp
(
t
->
u
.
user
.
name
,
XT_STANDARD_TARGET
)
!=
0
)
if
(
strcmp
(
t
->
u
.
user
.
name
,
XT_STANDARD_TARGET
)
!=
0
)
return
false
;
return
false
;
verdict
=
((
struct
ip
t_standard_target
*
)
t
)
->
verdict
;
verdict
=
((
struct
x
t_standard_target
*
)
t
)
->
verdict
;
verdict
=
-
verdict
-
1
;
verdict
=
-
verdict
-
1
;
return
verdict
==
NF_DROP
||
verdict
==
NF_ACCEPT
;
return
verdict
==
NF_DROP
||
verdict
==
NF_ACCEPT
;
}
}
...
@@ -738,7 +738,7 @@ check_entry_size_and_hooks(struct ipt_entry *e,
...
@@ -738,7 +738,7 @@ check_entry_size_and_hooks(struct ipt_entry *e,
}
}
if
(
e
->
next_offset
if
(
e
->
next_offset
<
sizeof
(
struct
ipt_entry
)
+
sizeof
(
struct
ip
t_entry_target
))
{
<
sizeof
(
struct
ipt_entry
)
+
sizeof
(
struct
x
t_entry_target
))
{
duprintf
(
"checking: element %p size %u
\n
"
,
duprintf
(
"checking: element %p size %u
\n
"
,
e
,
e
->
next_offset
);
e
,
e
->
next_offset
);
return
-
EINVAL
;
return
-
EINVAL
;
...
@@ -771,7 +771,7 @@ static void
...
@@ -771,7 +771,7 @@ static void
cleanup_entry
(
struct
ipt_entry
*
e
,
struct
net
*
net
)
cleanup_entry
(
struct
ipt_entry
*
e
,
struct
net
*
net
)
{
{
struct
xt_tgdtor_param
par
;
struct
xt_tgdtor_param
par
;
struct
ip
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
xt_entry_match
*
ematch
;
struct
xt_entry_match
*
ematch
;
/* Cleanup all matches */
/* Cleanup all matches */
...
@@ -972,8 +972,8 @@ copy_entries_to_user(unsigned int total_size,
...
@@ -972,8 +972,8 @@ copy_entries_to_user(unsigned int total_size,
/* ... then go back and fix counters and names */
/* ... then go back and fix counters and names */
for
(
off
=
0
,
num
=
0
;
off
<
total_size
;
off
+=
e
->
next_offset
,
num
++
){
for
(
off
=
0
,
num
=
0
;
off
<
total_size
;
off
+=
e
->
next_offset
,
num
++
){
unsigned
int
i
;
unsigned
int
i
;
const
struct
ip
t_entry_match
*
m
;
const
struct
x
t_entry_match
*
m
;
const
struct
ip
t_entry_target
*
t
;
const
struct
x
t_entry_target
*
t
;
e
=
(
struct
ipt_entry
*
)(
loc_cpu_entry
+
off
);
e
=
(
struct
ipt_entry
*
)(
loc_cpu_entry
+
off
);
if
(
copy_to_user
(
userptr
+
off
if
(
copy_to_user
(
userptr
+
off
...
@@ -990,7 +990,7 @@ copy_entries_to_user(unsigned int total_size,
...
@@ -990,7 +990,7 @@ copy_entries_to_user(unsigned int total_size,
m
=
(
void
*
)
e
+
i
;
m
=
(
void
*
)
e
+
i
;
if
(
copy_to_user
(
userptr
+
off
+
i
if
(
copy_to_user
(
userptr
+
off
+
i
+
offsetof
(
struct
ip
t_entry_match
,
+
offsetof
(
struct
x
t_entry_match
,
u
.
user
.
name
),
u
.
user
.
name
),
m
->
u
.
kernel
.
match
->
name
,
m
->
u
.
kernel
.
match
->
name
,
strlen
(
m
->
u
.
kernel
.
match
->
name
)
+
1
)
strlen
(
m
->
u
.
kernel
.
match
->
name
)
+
1
)
...
@@ -1002,7 +1002,7 @@ copy_entries_to_user(unsigned int total_size,
...
@@ -1002,7 +1002,7 @@ copy_entries_to_user(unsigned int total_size,
t
=
ipt_get_target_c
(
e
);
t
=
ipt_get_target_c
(
e
);
if
(
copy_to_user
(
userptr
+
off
+
e
->
target_offset
if
(
copy_to_user
(
userptr
+
off
+
e
->
target_offset
+
offsetof
(
struct
ip
t_entry_target
,
+
offsetof
(
struct
x
t_entry_target
,
u
.
user
.
name
),
u
.
user
.
name
),
t
->
u
.
kernel
.
target
->
name
,
t
->
u
.
kernel
.
target
->
name
,
strlen
(
t
->
u
.
kernel
.
target
->
name
)
+
1
)
!=
0
)
{
strlen
(
t
->
u
.
kernel
.
target
->
name
)
+
1
)
!=
0
)
{
...
@@ -1040,7 +1040,7 @@ static int compat_calc_entry(const struct ipt_entry *e,
...
@@ -1040,7 +1040,7 @@ static int compat_calc_entry(const struct ipt_entry *e,
const
void
*
base
,
struct
xt_table_info
*
newinfo
)
const
void
*
base
,
struct
xt_table_info
*
newinfo
)
{
{
const
struct
xt_entry_match
*
ematch
;
const
struct
xt_entry_match
*
ematch
;
const
struct
ip
t_entry_target
*
t
;
const
struct
x
t_entry_target
*
t
;
unsigned
int
entry_offset
;
unsigned
int
entry_offset
;
int
off
,
i
,
ret
;
int
off
,
i
,
ret
;
...
@@ -1407,7 +1407,7 @@ struct compat_ipt_replace {
...
@@ -1407,7 +1407,7 @@ struct compat_ipt_replace {
u32
hook_entry
[
NF_INET_NUMHOOKS
];
u32
hook_entry
[
NF_INET_NUMHOOKS
];
u32
underflow
[
NF_INET_NUMHOOKS
];
u32
underflow
[
NF_INET_NUMHOOKS
];
u32
num_counters
;
u32
num_counters
;
compat_uptr_t
counters
;
/* struct
ip
t_counters * */
compat_uptr_t
counters
;
/* struct
x
t_counters * */
struct
compat_ipt_entry
entries
[
0
];
struct
compat_ipt_entry
entries
[
0
];
};
};
...
@@ -1416,7 +1416,7 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr,
...
@@ -1416,7 +1416,7 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr,
unsigned
int
*
size
,
struct
xt_counters
*
counters
,
unsigned
int
*
size
,
struct
xt_counters
*
counters
,
unsigned
int
i
)
unsigned
int
i
)
{
{
struct
ip
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
compat_ipt_entry
__user
*
ce
;
struct
compat_ipt_entry
__user
*
ce
;
u_int16_t
target_offset
,
next_offset
;
u_int16_t
target_offset
,
next_offset
;
compat_uint_t
origsize
;
compat_uint_t
origsize
;
...
@@ -1451,7 +1451,7 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr,
...
@@ -1451,7 +1451,7 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr,
}
}
static
int
static
int
compat_find_calc_match
(
struct
ip
t_entry_match
*
m
,
compat_find_calc_match
(
struct
x
t_entry_match
*
m
,
const
char
*
name
,
const
char
*
name
,
const
struct
ipt_ip
*
ip
,
const
struct
ipt_ip
*
ip
,
unsigned
int
hookmask
,
unsigned
int
hookmask
,
...
@@ -1473,7 +1473,7 @@ compat_find_calc_match(struct ipt_entry_match *m,
...
@@ -1473,7 +1473,7 @@ compat_find_calc_match(struct ipt_entry_match *m,
static
void
compat_release_entry
(
struct
compat_ipt_entry
*
e
)
static
void
compat_release_entry
(
struct
compat_ipt_entry
*
e
)
{
{
struct
ip
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
xt_entry_match
*
ematch
;
struct
xt_entry_match
*
ematch
;
/* Cleanup all matches */
/* Cleanup all matches */
...
@@ -1494,7 +1494,7 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e,
...
@@ -1494,7 +1494,7 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e,
const
char
*
name
)
const
char
*
name
)
{
{
struct
xt_entry_match
*
ematch
;
struct
xt_entry_match
*
ematch
;
struct
ip
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
xt_target
*
target
;
struct
xt_target
*
target
;
unsigned
int
entry_offset
;
unsigned
int
entry_offset
;
unsigned
int
j
;
unsigned
int
j
;
...
@@ -1576,7 +1576,7 @@ compat_copy_entry_from_user(struct compat_ipt_entry *e, void **dstptr,
...
@@ -1576,7 +1576,7 @@ compat_copy_entry_from_user(struct compat_ipt_entry *e, void **dstptr,
unsigned
int
*
size
,
const
char
*
name
,
unsigned
int
*
size
,
const
char
*
name
,
struct
xt_table_info
*
newinfo
,
unsigned
char
*
base
)
struct
xt_table_info
*
newinfo
,
unsigned
char
*
base
)
{
{
struct
ip
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
xt_target
*
target
;
struct
xt_target
*
target
;
struct
ipt_entry
*
de
;
struct
ipt_entry
*
de
;
unsigned
int
origsize
;
unsigned
int
origsize
;
...
...
net/ipv6/netfilter/ip6_tables.c
View file @
87a2e70d
...
@@ -215,7 +215,7 @@ static inline bool unconditional(const struct ip6t_ip6 *ipv6)
...
@@ -215,7 +215,7 @@ static inline bool unconditional(const struct ip6t_ip6 *ipv6)
return
memcmp
(
ipv6
,
&
uncond
,
sizeof
(
uncond
))
==
0
;
return
memcmp
(
ipv6
,
&
uncond
,
sizeof
(
uncond
))
==
0
;
}
}
static
inline
const
struct
ip6
t_entry_target
*
static
inline
const
struct
x
t_entry_target
*
ip6t_get_target_c
(
const
struct
ip6t_entry
*
e
)
ip6t_get_target_c
(
const
struct
ip6t_entry
*
e
)
{
{
return
ip6t_get_target
((
struct
ip6t_entry
*
)
e
);
return
ip6t_get_target
((
struct
ip6t_entry
*
)
e
);
...
@@ -260,7 +260,7 @@ get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e,
...
@@ -260,7 +260,7 @@ get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e,
const
char
*
hookname
,
const
char
**
chainname
,
const
char
*
hookname
,
const
char
**
chainname
,
const
char
**
comment
,
unsigned
int
*
rulenum
)
const
char
**
comment
,
unsigned
int
*
rulenum
)
{
{
const
struct
ip6
t_standard_target
*
t
=
(
void
*
)
ip6t_get_target_c
(
s
);
const
struct
x
t_standard_target
*
t
=
(
void
*
)
ip6t_get_target_c
(
s
);
if
(
strcmp
(
t
->
target
.
u
.
kernel
.
target
->
name
,
IP6T_ERROR_TARGET
)
==
0
)
{
if
(
strcmp
(
t
->
target
.
u
.
kernel
.
target
->
name
,
IP6T_ERROR_TARGET
)
==
0
)
{
/* Head of user chain: ERROR target with chainname */
/* Head of user chain: ERROR target with chainname */
...
@@ -369,7 +369,7 @@ ip6t_do_table(struct sk_buff *skb,
...
@@ -369,7 +369,7 @@ ip6t_do_table(struct sk_buff *skb,
e
=
get_entry
(
table_base
,
private
->
hook_entry
[
hook
]);
e
=
get_entry
(
table_base
,
private
->
hook_entry
[
hook
]);
do
{
do
{
const
struct
ip6
t_entry_target
*
t
;
const
struct
x
t_entry_target
*
t
;
const
struct
xt_entry_match
*
ematch
;
const
struct
xt_entry_match
*
ematch
;
IP_NF_ASSERT
(
e
);
IP_NF_ASSERT
(
e
);
...
@@ -403,7 +403,7 @@ ip6t_do_table(struct sk_buff *skb,
...
@@ -403,7 +403,7 @@ ip6t_do_table(struct sk_buff *skb,
if
(
!
t
->
u
.
kernel
.
target
->
target
)
{
if
(
!
t
->
u
.
kernel
.
target
->
target
)
{
int
v
;
int
v
;
v
=
((
struct
ip6
t_standard_target
*
)
t
)
->
verdict
;
v
=
((
struct
x
t_standard_target
*
)
t
)
->
verdict
;
if
(
v
<
0
)
{
if
(
v
<
0
)
{
/* Pop from stack? */
/* Pop from stack? */
if
(
v
!=
IP6T_RETURN
)
{
if
(
v
!=
IP6T_RETURN
)
{
...
@@ -474,7 +474,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
...
@@ -474,7 +474,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
e
->
counters
.
pcnt
=
pos
;
e
->
counters
.
pcnt
=
pos
;
for
(;;)
{
for
(;;)
{
const
struct
ip6
t_standard_target
*
t
const
struct
x
t_standard_target
*
t
=
(
void
*
)
ip6t_get_target_c
(
e
);
=
(
void
*
)
ip6t_get_target_c
(
e
);
int
visited
=
e
->
comefrom
&
(
1
<<
hook
);
int
visited
=
e
->
comefrom
&
(
1
<<
hook
);
...
@@ -565,7 +565,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
...
@@ -565,7 +565,7 @@ mark_source_chains(const struct xt_table_info *newinfo,
return
1
;
return
1
;
}
}
static
void
cleanup_match
(
struct
ip6
t_entry_match
*
m
,
struct
net
*
net
)
static
void
cleanup_match
(
struct
x
t_entry_match
*
m
,
struct
net
*
net
)
{
{
struct
xt_mtdtor_param
par
;
struct
xt_mtdtor_param
par
;
...
@@ -581,14 +581,14 @@ static void cleanup_match(struct ip6t_entry_match *m, struct net *net)
...
@@ -581,14 +581,14 @@ static void cleanup_match(struct ip6t_entry_match *m, struct net *net)
static
int
static
int
check_entry
(
const
struct
ip6t_entry
*
e
,
const
char
*
name
)
check_entry
(
const
struct
ip6t_entry
*
e
,
const
char
*
name
)
{
{
const
struct
ip6
t_entry_target
*
t
;
const
struct
x
t_entry_target
*
t
;
if
(
!
ip6_checkentry
(
&
e
->
ipv6
))
{
if
(
!
ip6_checkentry
(
&
e
->
ipv6
))
{
duprintf
(
"ip_tables: ip check failed %p %s.
\n
"
,
e
,
name
);
duprintf
(
"ip_tables: ip check failed %p %s.
\n
"
,
e
,
name
);
return
-
EINVAL
;
return
-
EINVAL
;
}
}
if
(
e
->
target_offset
+
sizeof
(
struct
ip6
t_entry_target
)
>
if
(
e
->
target_offset
+
sizeof
(
struct
x
t_entry_target
)
>
e
->
next_offset
)
e
->
next_offset
)
return
-
EINVAL
;
return
-
EINVAL
;
...
@@ -599,7 +599,7 @@ check_entry(const struct ip6t_entry *e, const char *name)
...
@@ -599,7 +599,7 @@ check_entry(const struct ip6t_entry *e, const char *name)
return
0
;
return
0
;
}
}
static
int
check_match
(
struct
ip6
t_entry_match
*
m
,
struct
xt_mtchk_param
*
par
)
static
int
check_match
(
struct
x
t_entry_match
*
m
,
struct
xt_mtchk_param
*
par
)
{
{
const
struct
ip6t_ip6
*
ipv6
=
par
->
entryinfo
;
const
struct
ip6t_ip6
*
ipv6
=
par
->
entryinfo
;
int
ret
;
int
ret
;
...
@@ -618,7 +618,7 @@ static int check_match(struct ip6t_entry_match *m, struct xt_mtchk_param *par)
...
@@ -618,7 +618,7 @@ static int check_match(struct ip6t_entry_match *m, struct xt_mtchk_param *par)
}
}
static
int
static
int
find_check_match
(
struct
ip6
t_entry_match
*
m
,
struct
xt_mtchk_param
*
par
)
find_check_match
(
struct
x
t_entry_match
*
m
,
struct
xt_mtchk_param
*
par
)
{
{
struct
xt_match
*
match
;
struct
xt_match
*
match
;
int
ret
;
int
ret
;
...
@@ -643,7 +643,7 @@ find_check_match(struct ip6t_entry_match *m, struct xt_mtchk_param *par)
...
@@ -643,7 +643,7 @@ find_check_match(struct ip6t_entry_match *m, struct xt_mtchk_param *par)
static
int
check_target
(
struct
ip6t_entry
*
e
,
struct
net
*
net
,
const
char
*
name
)
static
int
check_target
(
struct
ip6t_entry
*
e
,
struct
net
*
net
,
const
char
*
name
)
{
{
struct
ip6
t_entry_target
*
t
=
ip6t_get_target
(
e
);
struct
x
t_entry_target
*
t
=
ip6t_get_target
(
e
);
struct
xt_tgchk_param
par
=
{
struct
xt_tgchk_param
par
=
{
.
net
=
net
,
.
net
=
net
,
.
table
=
name
,
.
table
=
name
,
...
@@ -670,7 +670,7 @@ static int
...
@@ -670,7 +670,7 @@ static int
find_check_entry
(
struct
ip6t_entry
*
e
,
struct
net
*
net
,
const
char
*
name
,
find_check_entry
(
struct
ip6t_entry
*
e
,
struct
net
*
net
,
const
char
*
name
,
unsigned
int
size
)
unsigned
int
size
)
{
{
struct
ip6
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
xt_target
*
target
;
struct
xt_target
*
target
;
int
ret
;
int
ret
;
unsigned
int
j
;
unsigned
int
j
;
...
@@ -721,7 +721,7 @@ find_check_entry(struct ip6t_entry *e, struct net *net, const char *name,
...
@@ -721,7 +721,7 @@ find_check_entry(struct ip6t_entry *e, struct net *net, const char *name,
static
bool
check_underflow
(
const
struct
ip6t_entry
*
e
)
static
bool
check_underflow
(
const
struct
ip6t_entry
*
e
)
{
{
const
struct
ip6
t_entry_target
*
t
;
const
struct
x
t_entry_target
*
t
;
unsigned
int
verdict
;
unsigned
int
verdict
;
if
(
!
unconditional
(
&
e
->
ipv6
))
if
(
!
unconditional
(
&
e
->
ipv6
))
...
@@ -729,7 +729,7 @@ static bool check_underflow(const struct ip6t_entry *e)
...
@@ -729,7 +729,7 @@ static bool check_underflow(const struct ip6t_entry *e)
t
=
ip6t_get_target_c
(
e
);
t
=
ip6t_get_target_c
(
e
);
if
(
strcmp
(
t
->
u
.
user
.
name
,
XT_STANDARD_TARGET
)
!=
0
)
if
(
strcmp
(
t
->
u
.
user
.
name
,
XT_STANDARD_TARGET
)
!=
0
)
return
false
;
return
false
;
verdict
=
((
struct
ip6
t_standard_target
*
)
t
)
->
verdict
;
verdict
=
((
struct
x
t_standard_target
*
)
t
)
->
verdict
;
verdict
=
-
verdict
-
1
;
verdict
=
-
verdict
-
1
;
return
verdict
==
NF_DROP
||
verdict
==
NF_ACCEPT
;
return
verdict
==
NF_DROP
||
verdict
==
NF_ACCEPT
;
}
}
...
@@ -752,7 +752,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e,
...
@@ -752,7 +752,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e,
}
}
if
(
e
->
next_offset
if
(
e
->
next_offset
<
sizeof
(
struct
ip6t_entry
)
+
sizeof
(
struct
ip6
t_entry_target
))
{
<
sizeof
(
struct
ip6t_entry
)
+
sizeof
(
struct
x
t_entry_target
))
{
duprintf
(
"checking: element %p size %u
\n
"
,
duprintf
(
"checking: element %p size %u
\n
"
,
e
,
e
->
next_offset
);
e
,
e
->
next_offset
);
return
-
EINVAL
;
return
-
EINVAL
;
...
@@ -784,7 +784,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e,
...
@@ -784,7 +784,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e,
static
void
cleanup_entry
(
struct
ip6t_entry
*
e
,
struct
net
*
net
)
static
void
cleanup_entry
(
struct
ip6t_entry
*
e
,
struct
net
*
net
)
{
{
struct
xt_tgdtor_param
par
;
struct
xt_tgdtor_param
par
;
struct
ip6
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
xt_entry_match
*
ematch
;
struct
xt_entry_match
*
ematch
;
/* Cleanup all matches */
/* Cleanup all matches */
...
@@ -985,8 +985,8 @@ copy_entries_to_user(unsigned int total_size,
...
@@ -985,8 +985,8 @@ copy_entries_to_user(unsigned int total_size,
/* ... then go back and fix counters and names */
/* ... then go back and fix counters and names */
for
(
off
=
0
,
num
=
0
;
off
<
total_size
;
off
+=
e
->
next_offset
,
num
++
){
for
(
off
=
0
,
num
=
0
;
off
<
total_size
;
off
+=
e
->
next_offset
,
num
++
){
unsigned
int
i
;
unsigned
int
i
;
const
struct
ip6
t_entry_match
*
m
;
const
struct
x
t_entry_match
*
m
;
const
struct
ip6
t_entry_target
*
t
;
const
struct
x
t_entry_target
*
t
;
e
=
(
struct
ip6t_entry
*
)(
loc_cpu_entry
+
off
);
e
=
(
struct
ip6t_entry
*
)(
loc_cpu_entry
+
off
);
if
(
copy_to_user
(
userptr
+
off
if
(
copy_to_user
(
userptr
+
off
...
@@ -1003,7 +1003,7 @@ copy_entries_to_user(unsigned int total_size,
...
@@ -1003,7 +1003,7 @@ copy_entries_to_user(unsigned int total_size,
m
=
(
void
*
)
e
+
i
;
m
=
(
void
*
)
e
+
i
;
if
(
copy_to_user
(
userptr
+
off
+
i
if
(
copy_to_user
(
userptr
+
off
+
i
+
offsetof
(
struct
ip6
t_entry_match
,
+
offsetof
(
struct
x
t_entry_match
,
u
.
user
.
name
),
u
.
user
.
name
),
m
->
u
.
kernel
.
match
->
name
,
m
->
u
.
kernel
.
match
->
name
,
strlen
(
m
->
u
.
kernel
.
match
->
name
)
+
1
)
strlen
(
m
->
u
.
kernel
.
match
->
name
)
+
1
)
...
@@ -1015,7 +1015,7 @@ copy_entries_to_user(unsigned int total_size,
...
@@ -1015,7 +1015,7 @@ copy_entries_to_user(unsigned int total_size,
t
=
ip6t_get_target_c
(
e
);
t
=
ip6t_get_target_c
(
e
);
if
(
copy_to_user
(
userptr
+
off
+
e
->
target_offset
if
(
copy_to_user
(
userptr
+
off
+
e
->
target_offset
+
offsetof
(
struct
ip6
t_entry_target
,
+
offsetof
(
struct
x
t_entry_target
,
u
.
user
.
name
),
u
.
user
.
name
),
t
->
u
.
kernel
.
target
->
name
,
t
->
u
.
kernel
.
target
->
name
,
strlen
(
t
->
u
.
kernel
.
target
->
name
)
+
1
)
!=
0
)
{
strlen
(
t
->
u
.
kernel
.
target
->
name
)
+
1
)
!=
0
)
{
...
@@ -1053,7 +1053,7 @@ static int compat_calc_entry(const struct ip6t_entry *e,
...
@@ -1053,7 +1053,7 @@ static int compat_calc_entry(const struct ip6t_entry *e,
const
void
*
base
,
struct
xt_table_info
*
newinfo
)
const
void
*
base
,
struct
xt_table_info
*
newinfo
)
{
{
const
struct
xt_entry_match
*
ematch
;
const
struct
xt_entry_match
*
ematch
;
const
struct
ip6
t_entry_target
*
t
;
const
struct
x
t_entry_target
*
t
;
unsigned
int
entry_offset
;
unsigned
int
entry_offset
;
int
off
,
i
,
ret
;
int
off
,
i
,
ret
;
...
@@ -1422,7 +1422,7 @@ struct compat_ip6t_replace {
...
@@ -1422,7 +1422,7 @@ struct compat_ip6t_replace {
u32
hook_entry
[
NF_INET_NUMHOOKS
];
u32
hook_entry
[
NF_INET_NUMHOOKS
];
u32
underflow
[
NF_INET_NUMHOOKS
];
u32
underflow
[
NF_INET_NUMHOOKS
];
u32
num_counters
;
u32
num_counters
;
compat_uptr_t
counters
;
/* struct
ip6
t_counters * */
compat_uptr_t
counters
;
/* struct
x
t_counters * */
struct
compat_ip6t_entry
entries
[
0
];
struct
compat_ip6t_entry
entries
[
0
];
};
};
...
@@ -1431,7 +1431,7 @@ compat_copy_entry_to_user(struct ip6t_entry *e, void __user **dstptr,
...
@@ -1431,7 +1431,7 @@ compat_copy_entry_to_user(struct ip6t_entry *e, void __user **dstptr,
unsigned
int
*
size
,
struct
xt_counters
*
counters
,
unsigned
int
*
size
,
struct
xt_counters
*
counters
,
unsigned
int
i
)
unsigned
int
i
)
{
{
struct
ip6
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
compat_ip6t_entry
__user
*
ce
;
struct
compat_ip6t_entry
__user
*
ce
;
u_int16_t
target_offset
,
next_offset
;
u_int16_t
target_offset
,
next_offset
;
compat_uint_t
origsize
;
compat_uint_t
origsize
;
...
@@ -1466,7 +1466,7 @@ compat_copy_entry_to_user(struct ip6t_entry *e, void __user **dstptr,
...
@@ -1466,7 +1466,7 @@ compat_copy_entry_to_user(struct ip6t_entry *e, void __user **dstptr,
}
}
static
int
static
int
compat_find_calc_match
(
struct
ip6
t_entry_match
*
m
,
compat_find_calc_match
(
struct
x
t_entry_match
*
m
,
const
char
*
name
,
const
char
*
name
,
const
struct
ip6t_ip6
*
ipv6
,
const
struct
ip6t_ip6
*
ipv6
,
unsigned
int
hookmask
,
unsigned
int
hookmask
,
...
@@ -1488,7 +1488,7 @@ compat_find_calc_match(struct ip6t_entry_match *m,
...
@@ -1488,7 +1488,7 @@ compat_find_calc_match(struct ip6t_entry_match *m,
static
void
compat_release_entry
(
struct
compat_ip6t_entry
*
e
)
static
void
compat_release_entry
(
struct
compat_ip6t_entry
*
e
)
{
{
struct
ip6
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
xt_entry_match
*
ematch
;
struct
xt_entry_match
*
ematch
;
/* Cleanup all matches */
/* Cleanup all matches */
...
@@ -1509,7 +1509,7 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e,
...
@@ -1509,7 +1509,7 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e,
const
char
*
name
)
const
char
*
name
)
{
{
struct
xt_entry_match
*
ematch
;
struct
xt_entry_match
*
ematch
;
struct
ip6
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
xt_target
*
target
;
struct
xt_target
*
target
;
unsigned
int
entry_offset
;
unsigned
int
entry_offset
;
unsigned
int
j
;
unsigned
int
j
;
...
@@ -1591,7 +1591,7 @@ compat_copy_entry_from_user(struct compat_ip6t_entry *e, void **dstptr,
...
@@ -1591,7 +1591,7 @@ compat_copy_entry_from_user(struct compat_ip6t_entry *e, void **dstptr,
unsigned
int
*
size
,
const
char
*
name
,
unsigned
int
*
size
,
const
char
*
name
,
struct
xt_table_info
*
newinfo
,
unsigned
char
*
base
)
struct
xt_table_info
*
newinfo
,
unsigned
char
*
base
)
{
{
struct
ip6
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
xt_target
*
target
;
struct
xt_target
*
target
;
struct
ip6t_entry
*
de
;
struct
ip6t_entry
*
de
;
unsigned
int
origsize
;
unsigned
int
origsize
;
...
...
net/sched/act_ipt.c
View file @
87a2e70d
...
@@ -39,7 +39,7 @@ static struct tcf_hashinfo ipt_hash_info = {
...
@@ -39,7 +39,7 @@ static struct tcf_hashinfo ipt_hash_info = {
.
lock
=
&
ipt_lock
,
.
lock
=
&
ipt_lock
,
};
};
static
int
ipt_init_target
(
struct
ip
t_entry_target
*
t
,
char
*
table
,
unsigned
int
hook
)
static
int
ipt_init_target
(
struct
x
t_entry_target
*
t
,
char
*
table
,
unsigned
int
hook
)
{
{
struct
xt_tgchk_param
par
;
struct
xt_tgchk_param
par
;
struct
xt_target
*
target
;
struct
xt_target
*
target
;
...
@@ -66,7 +66,7 @@ static int ipt_init_target(struct ipt_entry_target *t, char *table, unsigned int
...
@@ -66,7 +66,7 @@ static int ipt_init_target(struct ipt_entry_target *t, char *table, unsigned int
return
0
;
return
0
;
}
}
static
void
ipt_destroy_target
(
struct
ip
t_entry_target
*
t
)
static
void
ipt_destroy_target
(
struct
x
t_entry_target
*
t
)
{
{
struct
xt_tgdtor_param
par
=
{
struct
xt_tgdtor_param
par
=
{
.
target
=
t
->
u
.
kernel
.
target
,
.
target
=
t
->
u
.
kernel
.
target
,
...
@@ -99,7 +99,7 @@ static const struct nla_policy ipt_policy[TCA_IPT_MAX + 1] = {
...
@@ -99,7 +99,7 @@ static const struct nla_policy ipt_policy[TCA_IPT_MAX + 1] = {
[
TCA_IPT_TABLE
]
=
{
.
type
=
NLA_STRING
,
.
len
=
IFNAMSIZ
},
[
TCA_IPT_TABLE
]
=
{
.
type
=
NLA_STRING
,
.
len
=
IFNAMSIZ
},
[
TCA_IPT_HOOK
]
=
{
.
type
=
NLA_U32
},
[
TCA_IPT_HOOK
]
=
{
.
type
=
NLA_U32
},
[
TCA_IPT_INDEX
]
=
{
.
type
=
NLA_U32
},
[
TCA_IPT_INDEX
]
=
{
.
type
=
NLA_U32
},
[
TCA_IPT_TARG
]
=
{
.
len
=
sizeof
(
struct
ip
t_entry_target
)
},
[
TCA_IPT_TARG
]
=
{
.
len
=
sizeof
(
struct
x
t_entry_target
)
},
};
};
static
int
tcf_ipt_init
(
struct
nlattr
*
nla
,
struct
nlattr
*
est
,
static
int
tcf_ipt_init
(
struct
nlattr
*
nla
,
struct
nlattr
*
est
,
...
@@ -108,7 +108,7 @@ static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est,
...
@@ -108,7 +108,7 @@ static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est,
struct
nlattr
*
tb
[
TCA_IPT_MAX
+
1
];
struct
nlattr
*
tb
[
TCA_IPT_MAX
+
1
];
struct
tcf_ipt
*
ipt
;
struct
tcf_ipt
*
ipt
;
struct
tcf_common
*
pc
;
struct
tcf_common
*
pc
;
struct
ip
t_entry_target
*
td
,
*
t
;
struct
x
t_entry_target
*
td
,
*
t
;
char
*
tname
;
char
*
tname
;
int
ret
=
0
,
err
;
int
ret
=
0
,
err
;
u32
hook
=
0
;
u32
hook
=
0
;
...
@@ -126,7 +126,7 @@ static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est,
...
@@ -126,7 +126,7 @@ static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est,
if
(
tb
[
TCA_IPT_TARG
]
==
NULL
)
if
(
tb
[
TCA_IPT_TARG
]
==
NULL
)
return
-
EINVAL
;
return
-
EINVAL
;
td
=
(
struct
ip
t_entry_target
*
)
nla_data
(
tb
[
TCA_IPT_TARG
]);
td
=
(
struct
x
t_entry_target
*
)
nla_data
(
tb
[
TCA_IPT_TARG
]);
if
(
nla_len
(
tb
[
TCA_IPT_TARG
])
<
td
->
u
.
target_size
)
if
(
nla_len
(
tb
[
TCA_IPT_TARG
])
<
td
->
u
.
target_size
)
return
-
EINVAL
;
return
-
EINVAL
;
...
@@ -249,7 +249,7 @@ static int tcf_ipt_dump(struct sk_buff *skb, struct tc_action *a, int bind, int
...
@@ -249,7 +249,7 @@ static int tcf_ipt_dump(struct sk_buff *skb, struct tc_action *a, int bind, int
{
{
unsigned
char
*
b
=
skb_tail_pointer
(
skb
);
unsigned
char
*
b
=
skb_tail_pointer
(
skb
);
struct
tcf_ipt
*
ipt
=
a
->
priv
;
struct
tcf_ipt
*
ipt
=
a
->
priv
;
struct
ip
t_entry_target
*
t
;
struct
x
t_entry_target
*
t
;
struct
tcf_t
tm
;
struct
tcf_t
tm
;
struct
tc_cnt
c
;
struct
tc_cnt
c
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment