summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBart De Schuymer <bdschuym@pandora.be>2003-03-02 15:18:08 +0000
committerBart De Schuymer <bdschuym@pandora.be>2003-03-02 15:18:08 +0000
commit8ed17d12ee94aed32464c0cedbd8b94e47fed3ab (patch)
treefb68636019976ccad346c86ae1fef48d2fee9800
parentd43d7ed07f94ee0ede64529c9dbc5a85ec713f3a (diff)
trivial things
-rw-r--r--kernel/linux2.5/include/linux/netfilter_bridge/ebt_ip.h2
-rw-r--r--kernel/linux2.5/include/linux/netfilter_bridge/ebt_log.h2
-rw-r--r--kernel/linux2.5/include/linux/netfilter_bridge/ebt_mark_t.h2
-rw-r--r--kernel/linux2.5/include/linux/netfilter_bridge/ebt_nat.h2
-rw-r--r--kernel/linux2.5/include/linux/netfilter_bridge/ebt_redirect.h2
-rw-r--r--kernel/linux2.5/include/linux/netfilter_bridge/ebtables.h121
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_arp.c10
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_dnat.c6
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_ip.c6
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_log.c6
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_mark.c13
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_mark_m.c6
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_redirect.c6
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_snat.c6
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_vlan.c10
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebtable_broute.c33
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebtable_filter.c58
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebtable_nat.c58
18 files changed, 218 insertions, 131 deletions
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_ip.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_ip.h
index 499089b..7247385 100644
--- a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_ip.h
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_ip.h
@@ -25,7 +25,7 @@
EBT_IP_SPORT | EBT_IP_DPORT )
#define EBT_IP_MATCH "ip"
-// the same values are used for the invflags
+/* the same values are used for the invflags */
struct ebt_ip_info
{
uint32_t saddr;
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_log.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_log.h
index d3e7377..358fbc8 100644
--- a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_log.h
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_log.h
@@ -1,7 +1,7 @@
#ifndef __LINUX_BRIDGE_EBT_LOG_H
#define __LINUX_BRIDGE_EBT_LOG_H
-#define EBT_LOG_IP 0x01 // if the frame is made by ip, log the ip information
+#define EBT_LOG_IP 0x01 /* if the frame is made by ip, log the ip information */
#define EBT_LOG_ARP 0x02
#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP)
#define EBT_LOG_PREFIX_SIZE 30
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_mark_t.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_mark_t.h
index f84d2ad..110fec6 100644
--- a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_mark_t.h
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_mark_t.h
@@ -4,7 +4,7 @@
struct ebt_mark_t_info
{
unsigned long mark;
- // EBT_ACCEPT, EBT_DROP or EBT_CONTINUE or EBT_RETURN
+ /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
int target;
};
#define EBT_MARK_TARGET "mark"
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_nat.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_nat.h
index eac1871..26fd90d 100644
--- a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_nat.h
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_nat.h
@@ -4,7 +4,7 @@
struct ebt_nat_info
{
unsigned char mac[ETH_ALEN];
- // EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN
+ /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
int target;
};
#define EBT_SNAT_TARGET "snat"
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_redirect.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_redirect.h
index c741521..5c67990 100644
--- a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_redirect.h
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_redirect.h
@@ -3,7 +3,7 @@
struct ebt_redirect_info
{
- // EBT_ACCEPT, EBT_DROP or EBT_CONTINUE or EBT_RETURN
+ /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
int target;
};
#define EBT_REDIRECT_TARGET "redirect"
diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebtables.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebtables.h
index 72e8175..cb6348d 100644
--- a/kernel/linux2.5/include/linux/netfilter_bridge/ebtables.h
+++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebtables.h
@@ -2,7 +2,7 @@
* ebtables
*
* Authors:
- * Bart De Schuymer <bart.de.schuymer@pandora.be>
+ * Bart De Schuymer <bdschuym@pandora.be>
*
* ebtables.c,v 2.0, April, 2002
*
@@ -20,7 +20,7 @@
#define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN
#define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN
-// verdicts >0 are "branches"
+/* verdicts >0 are "branches" */
#define EBT_ACCEPT -1
#define EBT_DROP -2
#define EBT_CONTINUE -3
@@ -34,33 +34,34 @@ struct ebt_counter
};
struct ebt_entries {
- // this field is always set to zero
- // See EBT_ENTRY_OR_ENTRIES.
- // Must be same size as ebt_entry.bitmask
+ /* this field is always set to zero
+ * See EBT_ENTRY_OR_ENTRIES.
+ * Must be same size as ebt_entry.bitmask */
unsigned int distinguisher;
- // the chain name
+ /* the chain name */
char name[EBT_CHAIN_MAXNAMELEN];
- // counter offset for this chain
+ /* counter offset for this chain */
unsigned int counter_offset;
- // one standard (accept, drop, return) per hook
+ /* one standard (accept, drop, return) per hook */
int policy;
- // nr. of entries
+ /* nr. of entries */
unsigned int nentries;
- // entry list
+ /* entry list */
char data[0];
};
-// used for the bitmask of struct ebt_entry
+/* used for the bitmask of struct ebt_entry */
-// This is a hack to make a difference between an ebt_entry struct and an
-// ebt_entries struct when traversing the entries from start to end.
-// Using this simplifies the code alot, while still being able to use
-// ebt_entries.
-// Contrary, iptables doesn't use something like ebt_entries and therefore uses
-// different techniques for naming the policy and such. So, iptables doesn't
-// need a hack like this.
+/* This is a hack to make a difference between an ebt_entry struct and an
+ * ebt_entries struct when traversing the entries from start to end.
+ * Using this simplifies the code alot, while still being able to use
+ * ebt_entries.
+ * Contrary, iptables doesn't use something like ebt_entries and therefore uses
+ * different techniques for naming the policy and such. So, iptables doesn't
+ * need a hack like this.
+ */
#define EBT_ENTRY_OR_ENTRIES 0x01
-// these are the normal masks
+/* these are the normal masks */
#define EBT_NOPROTO 0x02
#define EBT_802_3 0x04
#define EBT_SOURCEMAC 0x08
@@ -84,7 +85,7 @@ struct ebt_entry_match
char name[EBT_FUNCTION_MAXNAMELEN];
struct ebt_match *match;
} u;
- // size of data
+ /* size of data */
unsigned int match_size;
unsigned char data[0];
};
@@ -95,7 +96,7 @@ struct ebt_entry_watcher
char name[EBT_FUNCTION_MAXNAMELEN];
struct ebt_watcher *watcher;
} u;
- // size of data
+ /* size of data */
unsigned int watcher_size;
unsigned char data[0];
};
@@ -106,7 +107,7 @@ struct ebt_entry_target
char name[EBT_FUNCTION_MAXNAMELEN];
struct ebt_target *target;
} u;
- // size of data
+ /* size of data */
unsigned int target_size;
unsigned char data[0];
};
@@ -118,29 +119,29 @@ struct ebt_standard_target
int verdict;
};
-// one entry
+/* one entry */
struct ebt_entry {
- // this needs to be the first field
+ /* this needs to be the first field */
unsigned int bitmask;
unsigned int invflags;
uint16_t ethproto;
- // the physical in-dev
+ /* the physical in-dev */
char in[IFNAMSIZ];
- // the logical in-dev
+ /* the logical in-dev */
char logical_in[IFNAMSIZ];
- // the physical out-dev
+ /* the physical out-dev */
char out[IFNAMSIZ];
- // the logical out-dev
+ /* the logical out-dev */
char logical_out[IFNAMSIZ];
unsigned char sourcemac[ETH_ALEN];
unsigned char sourcemsk[ETH_ALEN];
unsigned char destmac[ETH_ALEN];
unsigned char destmsk[ETH_ALEN];
- // sizeof ebt_entry + matches
+ /* sizeof ebt_entry + matches */
unsigned int watchers_offset;
- // sizeof ebt_entry + matches + watchers
+ /* sizeof ebt_entry + matches + watchers */
unsigned int target_offset;
- // sizeof ebt_entry + matches + watchers + target
+ /* sizeof ebt_entry + matches + watchers + target */
unsigned int next_offset;
unsigned char elems[0];
};
@@ -149,20 +150,20 @@ struct ebt_replace
{
char name[EBT_TABLE_MAXNAMELEN];
unsigned int valid_hooks;
- // nr of rules in the table
+ /* nr of rules in the table */
unsigned int nentries;
- // total size of the entries
+ /* total size of the entries */
unsigned int entries_size;
- // start of the chains
+ /* start of the chains */
struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
- // nr of counters userspace expects back
+ /* nr of counters userspace expects back */
unsigned int num_counters;
- // where the kernel will put the old counters
+ /* where the kernel will put the old counters */
struct ebt_counter *counters;
char *entries;
};
-// [gs]etsockopt numbers
+/* {g,s}etsockopt numbers */
#define EBT_BASE_CTL 128
#define EBT_SO_SET_ENTRIES (EBT_BASE_CTL)
@@ -177,7 +178,7 @@ struct ebt_replace
#ifdef __KERNEL__
-// return values for match() functions
+/* return values for match() functions */
#define EBT_MATCH 0
#define EBT_NOMATCH 1
@@ -185,11 +186,11 @@ struct ebt_match
{
struct list_head list;
const char name[EBT_FUNCTION_MAXNAMELEN];
- // 0 == it matches
+ /* 0 == it matches */
int (*match)(const struct sk_buff *skb, const struct net_device *in,
const struct net_device *out, const void *matchdata,
unsigned int datalen);
- // 0 == let it in
+ /* 0 == let it in */
int (*check)(const char *tablename, unsigned int hookmask,
const struct ebt_entry *e, void *matchdata, unsigned int datalen);
void (*destroy)(void *matchdata, unsigned int datalen);
@@ -203,7 +204,7 @@ struct ebt_watcher
void (*watcher)(const struct sk_buff *skb, const struct net_device *in,
const struct net_device *out, const void *watcherdata,
unsigned int datalen);
- // 0 == let it in
+ /* 0 == let it in */
int (*check)(const char *tablename, unsigned int hookmask,
const struct ebt_entry *e, void *watcherdata, unsigned int datalen);
void (*destroy)(void *watcherdata, unsigned int datalen);
@@ -214,33 +215,33 @@ struct ebt_target
{
struct list_head list;
const char name[EBT_FUNCTION_MAXNAMELEN];
- // returns one of the standard verdicts
+ /* returns one of the standard verdicts */
int (*target)(struct sk_buff **pskb, unsigned int hooknr,
const struct net_device *in, const struct net_device *out,
const void *targetdata, unsigned int datalen);
- // 0 == let it in
+ /* 0 == let it in */
int (*check)(const char *tablename, unsigned int hookmask,
const struct ebt_entry *e, void *targetdata, unsigned int datalen);
void (*destroy)(void *targetdata, unsigned int datalen);
struct module *me;
};
-// used for jumping from and into user defined chains (udc)
+/* used for jumping from and into user defined chains (udc) */
struct ebt_chainstack
{
- struct ebt_entries *chaininfo; // pointer to chain data
- struct ebt_entry *e; // pointer to entry data
- unsigned int n; // n'th entry
+ struct ebt_entries *chaininfo; /* pointer to chain data */
+ struct ebt_entry *e; /* pointer to entry data */
+ unsigned int n; /* n'th entry */
};
struct ebt_table_info
{
- // total size of the entries
+ /* total size of the entries */
unsigned int entries_size;
unsigned int nentries;
- // pointers to the start of the chains
+ /* pointers to the start of the chains */
struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
- // room to maintain the stack used for jumping from and into udc
+ /* room to maintain the stack used for jumping from and into udc */
struct ebt_chainstack **chainstack;
char *entries;
struct ebt_counter counters[0] ____cacheline_aligned;
@@ -253,11 +254,11 @@ struct ebt_table
struct ebt_replace *table;
unsigned int valid_hooks;
rwlock_t lock;
- // e.g. could be the table explicitly only allows certain
- // matches, targets, ... 0 == let it in
+ /* e.g. could be the table explicitly only allows certain
+ * matches, targets, ... 0 == let it in */
int (*check)(const struct ebt_table_info *info,
unsigned int valid_hooks);
- // the data used by the kernel
+ /* the data used by the kernel */
struct ebt_table_info *private;
};
@@ -273,20 +274,20 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
struct ebt_table *table);
- // Used in the kernel match() functions
+/* Used in the kernel match() functions */
#define FWINV(bool,invflg) ((bool) ^ !!(info->invflags & invflg))
-// True if the hook mask denotes that the rule is in a base chain,
-// used in the check() functions
+/* True if the hook mask denotes that the rule is in a base chain,
+ * used in the check() functions */
#define BASE_CHAIN (hookmask & (1 << NF_BR_NUMHOOKS))
-// Clear the bit in the hook mask that tells if the rule is on a base chain
+/* Clear the bit in the hook mask that tells if the rule is on a base chain */
#define CLEAR_BASE_CHAIN_BIT (hookmask &= ~(1 << NF_BR_NUMHOOKS))
-// True if the target is not a standard target
+/* True if the target is not a standard target */
#define INVALID_TARGET (info->target < -NUM_STANDARD_TARGETS || info->target >= 0)
#endif /* __KERNEL__ */
-// blatently stolen from ip_tables.h
-// fn returns 0 to continue iteration
+/* blatently stolen from ip_tables.h
+ * fn returns 0 to continue iteration */
#define EBT_MATCH_ITERATE(e, fn, args...) \
({ \
unsigned int __i; \
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_arp.c b/kernel/linux2.5/net/bridge/netfilter/ebt_arp.c
index f3dae30..8673967 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_arp.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_arp.c
@@ -37,10 +37,10 @@ static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in
uint32_t dst;
uint32_t src;
- // Make sure the packet is long enough.
+ /* Make sure the packet is long enough */
if ((((*skb).nh.raw) + arp_len) > (*skb).tail)
return EBT_NOMATCH;
- // IPv4 addresses are always 4 bytes.
+ /* IPv4 addresses are always 4 bytes */
if (((*skb).nh.arph)->ar_pln != sizeof(uint32_t))
return EBT_NOMATCH;
@@ -82,8 +82,10 @@ static int ebt_arp_check(const char *tablename, unsigned int hookmask,
static struct ebt_match filter_arp =
{
- {NULL, NULL}, EBT_ARP_MATCH, ebt_filter_arp, ebt_arp_check, NULL,
- THIS_MODULE
+ .name = EBT_ARP_MATCH,
+ .match = ebt_filter_arp,
+ .check = ebt_arp_check,
+ .me = THIS_MODULE
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_dnat.c b/kernel/linux2.5/net/bridge/netfilter/ebt_dnat.c
index e125c01..b31093e 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_dnat.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_dnat.c
@@ -45,8 +45,10 @@ static int ebt_target_dnat_check(const char *tablename, unsigned int hookmask,
static struct ebt_target dnat =
{
- {NULL, NULL}, EBT_DNAT_TARGET, ebt_target_dnat, ebt_target_dnat_check,
- NULL, THIS_MODULE
+ .name = EBT_DNAT_TARGET,
+ .target = ebt_target_dnat,
+ .check = ebt_target_dnat_check,
+ .me = THIS_MODULE
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_ip.c b/kernel/linux2.5/net/bridge/netfilter/ebt_ip.c
index 6a2154c..c5ae789 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_ip.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_ip.c
@@ -101,8 +101,10 @@ static int ebt_ip_check(const char *tablename, unsigned int hookmask,
static struct ebt_match filter_ip =
{
- {NULL, NULL}, EBT_IP_MATCH, ebt_filter_ip, ebt_ip_check, NULL,
- THIS_MODULE
+ .name = EBT_IP_MATCH,
+ .match = ebt_filter_ip,
+ .check = ebt_ip_check,
+ .me = THIS_MODULE
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_log.c b/kernel/linux2.5/net/bridge/netfilter/ebt_log.c
index 4cb58f8..c1552d7 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_log.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_log.c
@@ -80,8 +80,10 @@ static void ebt_log(const struct sk_buff *skb, const struct net_device *in,
static struct ebt_watcher log =
{
- {NULL, NULL}, EBT_LOG_WATCHER, ebt_log, ebt_log_check, NULL,
- THIS_MODULE
+ .name = EBT_LOG_WATCHER,
+ .watcher = ebt_log,
+ .check = ebt_log_check,
+ .me = THIS_MODULE
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_mark.c b/kernel/linux2.5/net/bridge/netfilter/ebt_mark.c
index 9edf7d2..47f90d9 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_mark.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_mark.c
@@ -8,9 +8,10 @@
*
*/
-// The mark target can be used in any chain
-// I believe adding a mangle table just for marking is total overkill
-// Marking a frame doesn't really change anything in the frame anyway
+/* The mark target can be used in any chain,
+ * I believe adding a mangle table just for marking is total overkill.
+ * Marking a frame doesn't really change anything in the frame anyway.
+ */
#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_mark_t.h>
@@ -46,8 +47,10 @@ static int ebt_target_mark_check(const char *tablename, unsigned int hookmask,
static struct ebt_target mark_target =
{
- {NULL, NULL}, EBT_MARK_TARGET, ebt_target_mark,
- ebt_target_mark_check, NULL, THIS_MODULE
+ .name = EBT_MARK_TARGET,
+ .target = ebt_target_mark,
+ .check = ebt_target_mark_check,
+ .me = THIS_MODULE
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_mark_m.c b/kernel/linux2.5/net/bridge/netfilter/ebt_mark_m.c
index fce545d..715b213 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_mark_m.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_mark_m.c
@@ -41,8 +41,10 @@ static int ebt_mark_check(const char *tablename, unsigned int hookmask,
static struct ebt_match filter_mark =
{
- {NULL, NULL}, EBT_MARK_MATCH, ebt_filter_mark, ebt_mark_check, NULL,
- THIS_MODULE
+ .name = EBT_MARK_MATCH,
+ .match = ebt_filter_mark,
+ .check = ebt_mark_check,
+ .me = THIS_MODULE
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_redirect.c b/kernel/linux2.5/net/bridge/netfilter/ebt_redirect.c
index 8813e93..9c7ce6c 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_redirect.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_redirect.c
@@ -51,8 +51,10 @@ static int ebt_target_redirect_check(const char *tablename, unsigned int hookmas
static struct ebt_target redirect_target =
{
- {NULL, NULL}, EBT_REDIRECT_TARGET, ebt_target_redirect,
- ebt_target_redirect_check, NULL, THIS_MODULE
+ .name = EBT_REDIRECT_TARGET,
+ .target = ebt_target_redirect,
+ .check = ebt_target_redirect_check,
+ .me = THIS_MODULE
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_snat.c b/kernel/linux2.5/net/bridge/netfilter/ebt_snat.c
index 19fdaf2..da116ec 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_snat.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_snat.c
@@ -44,8 +44,10 @@ static int ebt_target_snat_check(const char *tablename, unsigned int hookmask,
static struct ebt_target snat =
{
- {NULL, NULL}, EBT_SNAT_TARGET, ebt_target_snat, ebt_target_snat_check,
- NULL, THIS_MODULE
+ .name = EBT_SNAT_TARGET,
+ .target = ebt_target_snat,
+ .check = ebt_target_snat_check,
+ .me = THIS_MODULE
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_vlan.c b/kernel/linux2.5/net/bridge/netfilter/ebt_vlan.c
index 2c8d996..f69aaf6 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_vlan.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_vlan.c
@@ -226,12 +226,10 @@ ebt_check_vlan(const char *tablename,
}
static struct ebt_match filter_vlan = {
- {NULL, NULL},
- EBT_VLAN_MATCH,
- ebt_filter_vlan,
- ebt_check_vlan,
- NULL,
- THIS_MODULE
+ .name = EBT_VLAN_MATCH,
+ .match = ebt_filter_vlan,
+ .check = ebt_check_vlan,
+ .me = THIS_MODULE
};
/*
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebtable_broute.c b/kernel/linux2.5/net/bridge/netfilter/ebtable_broute.c
index 3a34da1..c1fb15b 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebtable_broute.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebtable_broute.c
@@ -16,15 +16,23 @@
#include <linux/if_bridge.h>
#include <linux/brlock.h>
-// EBT_ACCEPT means the frame will be bridged
-// EBT_DROP means the frame will be routed
-static struct ebt_entries initial_chain =
- {0, "BROUTING", 0, EBT_ACCEPT, 0};
+/* EBT_ACCEPT means the frame will be bridged
+ * EBT_DROP means the frame will be routed
+ */
+static struct ebt_entries initial_chain = {
+ .name = "BROUTING",
+ .policy = EBT_ACCEPT,
+};
static struct ebt_replace initial_table =
{
- "broute", 1 << NF_BR_BROUTING, 0, sizeof(struct ebt_entries),
- { [NF_BR_BROUTING]&initial_chain}, 0, NULL, (char *)&initial_chain
+ .name = "broute",
+ .valid_hooks = 1 << NF_BR_BROUTING,
+ .entries_size = sizeof(struct ebt_entries),
+ .hook_entry = {
+ [NF_BR_BROUTING] = &initial_chain
+ },
+ .entries = (char *)&initial_chain
};
static int check(const struct ebt_table_info *info, unsigned int valid_hooks)
@@ -36,8 +44,11 @@ static int check(const struct ebt_table_info *info, unsigned int valid_hooks)
static struct ebt_table broute_table =
{
- {NULL, NULL}, "broute", &initial_table, 1 << NF_BR_BROUTING,
- RW_LOCK_UNLOCKED, check, NULL
+ .name = "broute",
+ .table = &initial_table,
+ .valid_hooks = 1 << NF_BR_BROUTING,
+ .lock = RW_LOCK_UNLOCKED,
+ .check = check,
};
static int ebt_broute(struct sk_buff **pskb)
@@ -47,8 +58,8 @@ static int ebt_broute(struct sk_buff **pskb)
ret = ebt_do_table(NF_BR_BROUTING, pskb, (*pskb)->dev, NULL,
&broute_table);
if (ret == NF_DROP)
- return 1; // route it
- return 0; // bridge it
+ return 1; /* route it */
+ return 0; /* bridge it */
}
static int __init init(void)
@@ -59,7 +70,7 @@ static int __init init(void)
if (ret < 0)
return ret;
br_write_lock_bh(BR_NETPROTO_LOCK);
- // see br_input.c
+ /* see br_input.c */
br_should_route_hook = ebt_broute;
br_write_unlock_bh(BR_NETPROTO_LOCK);
return ret;
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebtable_filter.c b/kernel/linux2.5/net/bridge/netfilter/ebtable_filter.c
index 5f6a7bc..ba6de32 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebtable_filter.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebtable_filter.c
@@ -16,16 +16,31 @@
static struct ebt_entries initial_chains[] =
{
- {0, "INPUT", 0, EBT_ACCEPT, 0},
- {0, "FORWARD", 0, EBT_ACCEPT, 0},
- {0, "OUTPUT", 0, EBT_ACCEPT, 0}
+ {
+ .name = "INPUT",
+ .policy = EBT_ACCEPT
+ },
+ {
+ .name = "FORWARD",
+ .policy = EBT_ACCEPT
+ },
+ {
+ .name = "OUTPUT",
+ .policy = EBT_ACCEPT
+ }
};
static struct ebt_replace initial_table =
{
- "filter", FILTER_VALID_HOOKS, 0, 3 * sizeof(struct ebt_entries),
- { [NF_BR_LOCAL_IN]&initial_chains[0], [NF_BR_FORWARD]&initial_chains[1],
- [NF_BR_LOCAL_OUT]&initial_chains[2] }, 0, NULL, (char *)initial_chains
+ .name = "filter",
+ .valid_hooks = FILTER_VALID_HOOKS,
+ .entries_size = 3 * sizeof(struct ebt_entries),
+ .hook_entry = {
+ [NF_BR_LOCAL_IN] = &initial_chains[0],
+ [NF_BR_FORWARD] = &initial_chains[1],
+ [NF_BR_LOCAL_OUT] = &initial_chains[2],
+ },
+ .entries = (char *)initial_chains
};
static int check(const struct ebt_table_info *info, unsigned int valid_hooks)
@@ -37,8 +52,11 @@ static int check(const struct ebt_table_info *info, unsigned int valid_hooks)
static struct ebt_table frame_filter =
{
- {NULL, NULL}, "filter", &initial_table, FILTER_VALID_HOOKS,
- RW_LOCK_UNLOCKED, check, NULL
+ .name = "filter",
+ .table = &initial_table,
+ .valid_hooks = FILTER_VALID_HOOKS,
+ .lock = RW_LOCK_UNLOCKED,
+ .check = check
};
static unsigned int
@@ -49,12 +67,24 @@ ebt_hook (unsigned int hook, struct sk_buff **pskb, const struct net_device *in,
}
static struct nf_hook_ops ebt_ops_filter[] = {
- { { NULL, NULL }, ebt_hook, PF_BRIDGE, NF_BR_LOCAL_IN,
- NF_BR_PRI_FILTER_BRIDGED},
- { { NULL, NULL }, ebt_hook, PF_BRIDGE, NF_BR_FORWARD,
- NF_BR_PRI_FILTER_BRIDGED},
- { { NULL, NULL }, ebt_hook, PF_BRIDGE, NF_BR_LOCAL_OUT,
- NF_BR_PRI_FILTER_OTHER}
+ {
+ .hook = ebt_hook,
+ .pf = PF_BRIDGE,
+ .hooknum = NF_BR_LOCAL_IN,
+ .priority = NF_BR_PRI_FILTER_BRIDGED,
+ },
+ {
+ .hook = ebt_hook,
+ .pf = PF_BRIDGE,
+ .hooknum = NF_BR_FORWARD,
+ .priority = NF_BR_PRI_FILTER_BRIDGED
+ },
+ {
+ .hook = ebt_hook,
+ .pf = PF_BRIDGE,
+ .hooknum = NF_BR_LOCAL_OUT,
+ .priority = NF_BR_PRI_FILTER_OTHER
+ }
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebtable_nat.c b/kernel/linux2.5/net/bridge/netfilter/ebtable_nat.c
index e2a140c..184d802 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebtable_nat.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebtable_nat.c
@@ -15,16 +15,31 @@
static struct ebt_entries initial_chains[] =
{
- {0, "PREROUTING", 0, EBT_ACCEPT, 0},
- {0, "OUTPUT", 0, EBT_ACCEPT, 0},
- {0, "POSTROUTING", 0, EBT_ACCEPT, 0}
+ {
+ .name = "PREROUTING",
+ .policy = EBT_ACCEPT
+ },
+ {
+ .name = "OUTPUT",
+ .policy = EBT_ACCEPT
+ },
+ {
+ .name = "POSTROUTING",
+ .policy = EBT_ACCEPT
+ }
};
static struct ebt_replace initial_table =
{
- "nat", NAT_VALID_HOOKS, 0, 3 * sizeof(struct ebt_entries),
- { [NF_BR_PRE_ROUTING]&initial_chains[0], [NF_BR_LOCAL_OUT]&initial_chains[1],
- [NF_BR_POST_ROUTING]&initial_chains[2] }, 0, NULL, (char *)initial_chains
+ .name = "nat",
+ .valid_hooks = NAT_VALID_HOOKS,
+ .entries_size = 3 * sizeof(struct ebt_entries),
+ .hook_entry = {
+ [NF_BR_PRE_ROUTING] = &initial_chains[0],
+ [NF_BR_LOCAL_OUT] = &initial_chains[1],
+ [NF_BR_POST_ROUTING] = &initial_chains[2]
+ },
+ .entries = (char *)initial_chains
};
static int check(const struct ebt_table_info *info, unsigned int valid_hooks)
@@ -36,8 +51,11 @@ static int check(const struct ebt_table_info *info, unsigned int valid_hooks)
static struct ebt_table frame_nat =
{
- {NULL, NULL}, "nat", &initial_table, NAT_VALID_HOOKS,
- RW_LOCK_UNLOCKED, check, NULL
+ .name = "nat",
+ .table = &initial_table,
+ .valid_hooks = NAT_VALID_HOOKS,
+ .lock = RW_LOCK_UNLOCKED,
+ .check = check
};
static unsigned int
@@ -55,12 +73,24 @@ ebt_nat_src(unsigned int hook, struct sk_buff **pskb, const struct net_device *i
}
static struct nf_hook_ops ebt_ops_nat[] = {
- { { NULL, NULL }, ebt_nat_dst, PF_BRIDGE, NF_BR_LOCAL_OUT,
- NF_BR_PRI_NAT_DST_OTHER},
- { { NULL, NULL }, ebt_nat_src, PF_BRIDGE, NF_BR_POST_ROUTING,
- NF_BR_PRI_NAT_SRC},
- { { NULL, NULL }, ebt_nat_dst, PF_BRIDGE, NF_BR_PRE_ROUTING,
- NF_BR_PRI_NAT_DST_BRIDGED},
+ {
+ .hook = ebt_nat_dst,
+ .pf = PF_BRIDGE,
+ .hooknum = NF_BR_LOCAL_OUT,
+ .priority = NF_BR_PRI_NAT_DST_OTHER
+ },
+ {
+ .hook = ebt_nat_src,
+ .pf = PF_BRIDGE,
+ .hooknum = NF_BR_POST_ROUTING,
+ .priority = NF_BR_PRI_NAT_SRC
+ },
+ {
+ .hook = ebt_nat_dst,
+ .pf = PF_BRIDGE,
+ .hooknum = NF_BR_PRE_ROUTING,
+ .priority = NF_BR_PRI_NAT_DST_BRIDGED
+ }
};
static int __init init(void)