diff options
| author | Bart De Schuymer <bdschuym@pandora.be> | 2002-08-20 17:06:14 +0000 |
|---|---|---|
| committer | Bart De Schuymer <bdschuym@pandora.be> | 2002-08-20 17:06:14 +0000 |
| commit | f382b8eae1527e8abab106436bb8ff54d137d6c6 (patch) | |
| tree | 5ec242ea28ab74d3bd0064adcef9158fb453fc93 /kernel/linux/net/bridge | |
| parent | 831873ee9b24b205f74640e89b01fb137e32bf5c (diff) | |
cleanups
Diffstat (limited to 'kernel/linux/net/bridge')
| -rw-r--r-- | kernel/linux/net/bridge/netfilter/ebt_arp.c | 71 | ||||
| -rw-r--r-- | kernel/linux/net/bridge/netfilter/ebt_dnat.c | 17 | ||||
| -rw-r--r-- | kernel/linux/net/bridge/netfilter/ebt_ip.c | 54 | ||||
| -rw-r--r-- | kernel/linux/net/bridge/netfilter/ebt_log.c | 39 | ||||
| -rw-r--r-- | kernel/linux/net/bridge/netfilter/ebt_mark.c | 27 | ||||
| -rw-r--r-- | kernel/linux/net/bridge/netfilter/ebt_mark_m.c | 7 | ||||
| -rw-r--r-- | kernel/linux/net/bridge/netfilter/ebt_redirect.c | 19 | ||||
| -rw-r--r-- | kernel/linux/net/bridge/netfilter/ebt_snat.c | 22 | ||||
| -rw-r--r-- | kernel/linux/net/bridge/netfilter/ebt_vlan.c | 46 | ||||
| -rw-r--r-- | kernel/linux/net/bridge/netfilter/ebtable_broute.c | 8 | ||||
| -rw-r--r-- | kernel/linux/net/bridge/netfilter/ebtable_filter.c | 8 | ||||
| -rw-r--r-- | kernel/linux/net/bridge/netfilter/ebtable_nat.c | 14 | ||||
| -rw-r--r-- | kernel/linux/net/bridge/netfilter/ebtables.c | 182 |
13 files changed, 223 insertions, 291 deletions
diff --git a/kernel/linux/net/bridge/netfilter/ebt_arp.c b/kernel/linux/net/bridge/netfilter/ebt_arp.c index 8900a0c..ba2a2ac 100644 --- a/kernel/linux/net/bridge/netfilter/ebt_arp.c +++ b/kernel/linux/net/bridge/netfilter/ebt_arp.c @@ -14,73 +14,68 @@ #include <linux/if_arp.h> #include <linux/module.h> -#define FWINV2(bool,invflg) ((bool) ^ !!(infostuff->invflags & invflg)) -static int ebt_filter_arp(const struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - const void *data, - unsigned int datalen, const struct ebt_counter *c) +static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in, + const struct net_device *out, const void *data, unsigned int datalen) { - struct ebt_arp_info *infostuff = (struct ebt_arp_info *)data; + struct ebt_arp_info *info = (struct ebt_arp_info *)data; - if (infostuff->bitmask & EBT_ARP_OPCODE && FWINV2(infostuff->opcode != + if (info->bitmask & EBT_ARP_OPCODE && FWINV(info->opcode != ((*skb).nh.arph)->ar_op, EBT_ARP_OPCODE)) - return 1; - if (infostuff->bitmask & EBT_ARP_HTYPE && FWINV2(infostuff->htype != + return EBT_NOMATCH; + if (info->bitmask & EBT_ARP_HTYPE && FWINV(info->htype != ((*skb).nh.arph)->ar_hrd, EBT_ARP_HTYPE)) - return 1; - if (infostuff->bitmask & EBT_ARP_PTYPE && FWINV2(infostuff->ptype != + return EBT_NOMATCH; + if (info->bitmask & EBT_ARP_PTYPE && FWINV(info->ptype != ((*skb).nh.arph)->ar_pro, EBT_ARP_PTYPE)) - return 1; + return EBT_NOMATCH; - if (infostuff->bitmask & (EBT_ARP_SRC_IP | EBT_ARP_DST_IP)) + if (info->bitmask & (EBT_ARP_SRC_IP | EBT_ARP_DST_IP)) { - __u32 arp_len = sizeof(struct arphdr) + - (2*(((*skb).nh.arph)->ar_hln)) + - (2*(((*skb).nh.arph)->ar_pln)); - __u32 dst; - __u32 src; + uint32_t arp_len = sizeof(struct arphdr) + + (2 * (((*skb).nh.arph)->ar_hln)) + + (2 * (((*skb).nh.arph)->ar_pln)); + uint32_t dst; + uint32_t src; - // Make sure the packet is long enough. + // Make sure the packet is long enough. if ((((*skb).nh.raw) + arp_len) > (*skb).tail) - return 1; - // IPV4 addresses are always 4 bytes. - if (((*skb).nh.arph)->ar_pln != sizeof(__u32)) - return 1; + return EBT_NOMATCH; + // IPv4 addresses are always 4 bytes. + if (((*skb).nh.arph)->ar_pln != sizeof(uint32_t)) + return EBT_NOMATCH; - if (infostuff->bitmask & EBT_ARP_SRC_IP) { + if (info->bitmask & EBT_ARP_SRC_IP) { memcpy(&src, ((*skb).nh.raw) + sizeof(struct arphdr) + - ((*skb).nh.arph)->ar_hln, sizeof(__u32)); - if (FWINV2(infostuff->saddr != (src & infostuff->smsk), + ((*skb).nh.arph)->ar_hln, sizeof(uint32_t)); + if (FWINV(info->saddr != (src & info->smsk), EBT_ARP_SRC_IP)) - return 1; + return EBT_NOMATCH; } - if (infostuff->bitmask & EBT_ARP_DST_IP) { + if (info->bitmask & EBT_ARP_DST_IP) { memcpy(&dst, ((*skb).nh.raw)+sizeof(struct arphdr) + (2*(((*skb).nh.arph)->ar_hln)) + - (((*skb).nh.arph)->ar_pln), sizeof(__u32)); - if (FWINV2(infostuff->daddr != (dst & infostuff->dmsk), + (((*skb).nh.arph)->ar_pln), sizeof(uint32_t)); + if (FWINV(info->daddr != (dst & info->dmsk), EBT_ARP_DST_IP)) - return 1; + return EBT_NOMATCH; } } - return 0; + return EBT_MATCH; } static int ebt_arp_check(const char *tablename, unsigned int hookmask, const struct ebt_entry *e, void *data, unsigned int datalen) { - struct ebt_arp_info *infostuff = (struct ebt_arp_info *) data; + struct ebt_arp_info *info = (struct ebt_arp_info *)data; if (datalen != sizeof(struct ebt_arp_info)) return -EINVAL; - if (e->bitmask & (EBT_NOPROTO | EBT_802_3) || - (e->ethproto != __constant_htons(ETH_P_ARP) && - e->ethproto != __constant_htons(ETH_P_RARP)) || + if ((e->ethproto != __constant_htons(ETH_P_ARP) && + e->ethproto != __constant_htons(ETH_P_RARP)) || e->invflags & EBT_IPROTO) return -EINVAL; - if (infostuff->bitmask & ~EBT_ARP_MASK) + if (info->bitmask & ~EBT_ARP_MASK || info->invflags & ~EBT_ARP_MASK) return -EINVAL; return 0; } diff --git a/kernel/linux/net/bridge/netfilter/ebt_dnat.c b/kernel/linux/net/bridge/netfilter/ebt_dnat.c index a910d77..c4fea18 100644 --- a/kernel/linux/net/bridge/netfilter/ebt_dnat.c +++ b/kernel/linux/net/bridge/netfilter/ebt_dnat.c @@ -10,8 +10,6 @@ #include <linux/netfilter_bridge/ebtables.h> #include <linux/netfilter_bridge/ebt_nat.h> -#include <linux/netfilter_bridge.h> -#include <linux/skbuff.h> #include <linux/module.h> #include <net/sock.h> @@ -19,29 +17,28 @@ static int ebt_target_dnat(struct sk_buff **pskb, unsigned int hooknr, const struct net_device *in, const struct net_device *out, const void *data, unsigned int datalen) { - struct ebt_nat_info *infostuff = (struct ebt_nat_info *) data; + struct ebt_nat_info *info = (struct ebt_nat_info *)data; - memcpy(((**pskb).mac.ethernet)->h_dest, infostuff->mac, + memcpy(((**pskb).mac.ethernet)->h_dest, info->mac, ETH_ALEN * sizeof(unsigned char)); - return infostuff->target; + return info->target; } static int ebt_target_dnat_check(const char *tablename, unsigned int hookmask, const struct ebt_entry *e, void *data, unsigned int datalen) { - struct ebt_nat_info *infostuff = (struct ebt_nat_info *) data; + struct ebt_nat_info *info = (struct ebt_nat_info *)data; - if ((hookmask & (1 << NF_BR_NUMHOOKS)) && - infostuff->target == EBT_RETURN) + if (BASE_CHAIN && info->target == EBT_RETURN) return -EINVAL; - hookmask &= ~(1 << NF_BR_NUMHOOKS); + CLEAR_BASE_CHAIN_BIT; if ( (strcmp(tablename, "nat") || (hookmask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT)))) && (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) ) return -EINVAL; if (datalen != sizeof(struct ebt_nat_info)) return -EINVAL; - if (infostuff->target < -NUM_STANDARD_TARGETS || infostuff->target >= 0) + if (INVALID_TARGET) return -EINVAL; return 0; } diff --git a/kernel/linux/net/bridge/netfilter/ebt_ip.c b/kernel/linux/net/bridge/netfilter/ebt_ip.c index e69ee0c..329ecd6 100644 --- a/kernel/linux/net/bridge/netfilter/ebt_ip.c +++ b/kernel/linux/net/bridge/netfilter/ebt_ip.c @@ -13,49 +13,41 @@ #include <linux/ip.h> #include <linux/module.h> -#define FWINV2(bool,invflg) ((bool) ^ !!(infostuff->invflags & invflg)) -static int ebt_filter_ip(const struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - const void *data, - unsigned int datalen, const struct ebt_counter *c) +static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in, + const struct net_device *out, const void *data, + unsigned int datalen) { - struct ebt_ip_info *infostuff = (struct ebt_ip_info *) data; + struct ebt_ip_info *info = (struct ebt_ip_info *)data; - if (infostuff->bitmask & EBT_IP_TOS && - FWINV2(infostuff->tos != ((*skb).nh.iph)->tos, EBT_IP_TOS)) - return 1; - if (infostuff->bitmask & EBT_IP_PROTO && FWINV2(infostuff->protocol != + if (info->bitmask & EBT_IP_TOS && + FWINV(info->tos != ((*skb).nh.iph)->tos, EBT_IP_TOS)) + return EBT_NOMATCH; + if (info->bitmask & EBT_IP_PROTO && FWINV(info->protocol != ((*skb).nh.iph)->protocol, EBT_IP_PROTO)) - return 1; - if (infostuff->bitmask & EBT_IP_SOURCE && - FWINV2((((*skb).nh.iph)->saddr & infostuff->smsk) != - infostuff->saddr, EBT_IP_SOURCE)) - return 1; - if ((infostuff->bitmask & EBT_IP_DEST) && - FWINV2((((*skb).nh.iph)->daddr & infostuff->dmsk) != - infostuff->daddr, EBT_IP_DEST)) - return 1; - return 0; + return EBT_NOMATCH; + if (info->bitmask & EBT_IP_SOURCE && + FWINV((((*skb).nh.iph)->saddr & info->smsk) != + info->saddr, EBT_IP_SOURCE)) + return EBT_NOMATCH; + if ((info->bitmask & EBT_IP_DEST) && + FWINV((((*skb).nh.iph)->daddr & info->dmsk) != + info->daddr, EBT_IP_DEST)) + return EBT_NOMATCH; + return EBT_MATCH; } static int ebt_ip_check(const char *tablename, unsigned int hookmask, const struct ebt_entry *e, void *data, unsigned int datalen) { - struct ebt_ip_info *infostuff = (struct ebt_ip_info *) data; + struct ebt_ip_info *info = (struct ebt_ip_info *)data; - if (datalen != sizeof(struct ebt_ip_info)) { + if (datalen != sizeof(struct ebt_ip_info)) return -EINVAL; - } - if (e->bitmask & (EBT_NOPROTO | EBT_802_3) || - e->ethproto != __constant_htons(ETH_P_IP) || - e->invflags & EBT_IPROTO) - { + if (e->ethproto != __constant_htons(ETH_P_IP) || + e->invflags & EBT_IPROTO) return -EINVAL; - } - if (infostuff->bitmask & ~EBT_IP_MASK) { + if (info->bitmask & ~EBT_IP_MASK || info->invflags & ~EBT_IP_MASK) return -EINVAL; - } return 0; } diff --git a/kernel/linux/net/bridge/netfilter/ebt_log.c b/kernel/linux/net/bridge/netfilter/ebt_log.c index 7d7ed83..86591d2 100644 --- a/kernel/linux/net/bridge/netfilter/ebt_log.c +++ b/kernel/linux/net/bridge/netfilter/ebt_log.c @@ -20,67 +20,56 @@ static spinlock_t ebt_log_lock = SPIN_LOCK_UNLOCKED; static int ebt_log_check(const char *tablename, unsigned int hookmask, const struct ebt_entry *e, void *data, unsigned int datalen) { - struct ebt_log_info *loginfo = (struct ebt_log_info *)data; + struct ebt_log_info *info = (struct ebt_log_info *)data; if (datalen != sizeof(struct ebt_log_info)) return -EINVAL; - if (loginfo->bitmask & ~EBT_LOG_MASK) + if (info->bitmask & ~EBT_LOG_MASK) return -EINVAL; - if (loginfo->loglevel >= 8) + if (info->loglevel >= 8) return -EINVAL; - loginfo->prefix[EBT_LOG_PREFIX_SIZE - 1] = '\0'; + info->prefix[EBT_LOG_PREFIX_SIZE - 1] = '\0'; return 0; } static void ebt_log(const struct sk_buff *skb, const struct net_device *in, - const struct net_device *out, const void *data, unsigned int datalen, - const struct ebt_counter *c) + const struct net_device *out, const void *data, unsigned int datalen) { - struct ebt_log_info *loginfo = (struct ebt_log_info *)data; + struct ebt_log_info *info = (struct ebt_log_info *)data; char level_string[4] = "< >"; - level_string[1] = '0' + loginfo->loglevel; + level_string[1] = '0' + info->loglevel; spin_lock_bh(&ebt_log_lock); printk(level_string); - // max length: 29 + 10 + 2 * 16 - printk("%s IN=%s OUT=%s ", - loginfo->prefix, - in ? in->name : "", - out ? out->name : ""); + printk("%s IN=%s OUT=%s ", info->prefix, in ? in->name : "", + out ? out->name : ""); if (skb->dev->hard_header_len) { int i; unsigned char *p = (skb->mac.ethernet)->h_source; + printk("MAC source = "); for (i = 0; i < ETH_ALEN; i++,p++) - printk("%02x%c", *p, - i == ETH_ALEN - 1 - ? ' ':':');// length: 31 + printk("%02x%c", *p, i == ETH_ALEN - 1 ? ' ':':'); printk("MAC dest = "); p = (skb->mac.ethernet)->h_dest; for (i = 0; i < ETH_ALEN; i++,p++) - printk("%02x%c", *p, - i == ETH_ALEN - 1 - ? ' ':':');// length: 29 + printk("%02x%c", *p, i == ETH_ALEN - 1 ? ' ':':'); } - // length: 14 printk("proto = 0x%04x", ntohs(((*skb).mac.ethernet)->h_proto)); - if ((loginfo->bitmask & EBT_LOG_IP) && skb->mac.ethernet->h_proto == + if ((info->bitmask & EBT_LOG_IP) && skb->mac.ethernet->h_proto == htons(ETH_P_IP)){ struct iphdr *iph = skb->nh.iph; - // max length: 46 printk(" IP SRC=%u.%u.%u.%u IP DST=%u.%u.%u.%u,", NIPQUAD(iph->saddr), NIPQUAD(iph->daddr)); - // max length: 26 printk(" IP tos=0x%02X, IP proto=%d", iph->tos, iph->protocol); } - if ((loginfo->bitmask & EBT_LOG_ARP) && + if ((info->bitmask & EBT_LOG_ARP) && ((skb->mac.ethernet->h_proto == __constant_htons(ETH_P_ARP)) || (skb->mac.ethernet->h_proto == __constant_htons(ETH_P_RARP)))) { struct arphdr * arph = skb->nh.arph; - // max length: 40 printk(" ARP HTYPE=%d, PTYPE=0x%04x, OPCODE=%d", ntohs(arph->ar_hrd), ntohs(arph->ar_pro), ntohs(arph->ar_op)); diff --git a/kernel/linux/net/bridge/netfilter/ebt_mark.c b/kernel/linux/net/bridge/netfilter/ebt_mark.c index 75edcf7..0abb169 100644 --- a/kernel/linux/net/bridge/netfilter/ebt_mark.c +++ b/kernel/linux/net/bridge/netfilter/ebt_mark.c @@ -1,5 +1,5 @@ /* - * ebt_mark_t + * ebt_mark * * Authors: * Bart De Schuymer <bart.de.schuymer@pandora.be> @@ -11,42 +11,35 @@ // The mark target can be used in any chain // I believe adding a mangle table just for marking is total overkill // Marking a frame doesn't really change anything in the frame anyway -// The target member of the struct ebt_vlan_info provides the same -// functionality as a separate table #include <linux/netfilter_bridge/ebtables.h> #include <linux/netfilter_bridge/ebt_mark_t.h> -#include <linux/netfilter_bridge.h> -#include <linux/skbuff.h> #include <linux/module.h> -#include <net/sock.h> -#include "../br_private.h" static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr, const struct net_device *in, const struct net_device *out, const void *data, unsigned int datalen) { - struct ebt_mark_t_info *infostuff = (struct ebt_mark_t_info *) data; + struct ebt_mark_t_info *info = (struct ebt_mark_t_info *)data; - if ((*pskb)->nfmark != infostuff->mark) { - (*pskb)->nfmark = infostuff->mark; + if ((*pskb)->nfmark != info->mark) { + (*pskb)->nfmark = info->mark; (*pskb)->nfcache |= NFC_ALTERED; } - return infostuff->target; + return info->target; } static int ebt_target_mark_check(const char *tablename, unsigned int hookmask, const struct ebt_entry *e, void *data, unsigned int datalen) { - struct ebt_mark_t_info *infostuff = (struct ebt_mark_t_info *) data; + struct ebt_mark_t_info *info = (struct ebt_mark_t_info *)data; - if ((hookmask & (1 << NF_BR_NUMHOOKS)) && - infostuff->target == EBT_RETURN) - return -EINVAL; - hookmask &= ~(1 << NF_BR_NUMHOOKS); if (datalen != sizeof(struct ebt_mark_t_info)) return -EINVAL; - if (infostuff->target < -NUM_STANDARD_TARGETS || infostuff->target >= 0) + if (BASE_CHAIN && info->target == EBT_RETURN) + return -EINVAL; + CLEAR_BASE_CHAIN_BIT; + if (INVALID_TARGET) return -EINVAL; return 0; } diff --git a/kernel/linux/net/bridge/netfilter/ebt_mark_m.c b/kernel/linux/net/bridge/netfilter/ebt_mark_m.c index d3f0119..43d0f32 100644 --- a/kernel/linux/net/bridge/netfilter/ebt_mark_m.c +++ b/kernel/linux/net/bridge/netfilter/ebt_mark_m.c @@ -14,7 +14,7 @@ static int ebt_filter_mark(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const void *data, - unsigned int datalen, const struct ebt_counter *c) + unsigned int datalen) { struct ebt_mark_m_info *info = (struct ebt_mark_m_info *) data; @@ -28,15 +28,14 @@ static int ebt_mark_check(const char *tablename, unsigned int hookmask, { struct ebt_mark_m_info *info = (struct ebt_mark_m_info *) data; + if (datalen != sizeof(struct ebt_mark_m_info)) + return -EINVAL; if (info->bitmask & ~EBT_MARK_MASK) return -EINVAL; if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND)) return -EINVAL; if (!info->bitmask) return -EINVAL; - if (datalen != sizeof(struct ebt_mark_m_info)) { - return -EINVAL; - } return 0; } diff --git a/kernel/linux/net/bridge/netfilter/ebt_redirect.c b/kernel/linux/net/bridge/netfilter/ebt_redirect.c index d7c51ba..0512fa2 100644 --- a/kernel/linux/net/bridge/netfilter/ebt_redirect.c +++ b/kernel/linux/net/bridge/netfilter/ebt_redirect.c @@ -10,8 +10,6 @@ #include <linux/netfilter_bridge/ebtables.h> #include <linux/netfilter_bridge/ebt_redirect.h> -#include <linux/netfilter_bridge.h> -#include <linux/skbuff.h> #include <linux/module.h> #include <net/sock.h> #include "../br_private.h" @@ -20,7 +18,7 @@ static int ebt_target_redirect(struct sk_buff **pskb, unsigned int hooknr, const struct net_device *in, const struct net_device *out, const void *data, unsigned int datalen) { - struct ebt_redirect_info *infostuff = (struct ebt_redirect_info *) data; + struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; if (hooknr != NF_BR_BROUTING) memcpy((**pskb).mac.ethernet->h_dest, @@ -30,24 +28,23 @@ static int ebt_target_redirect(struct sk_buff **pskb, unsigned int hooknr, in->dev_addr, ETH_ALEN); (*pskb)->pkt_type = PACKET_HOST; } - return infostuff->target; + return info->target; } static int ebt_target_redirect_check(const char *tablename, unsigned int hookmask, const struct ebt_entry *e, void *data, unsigned int datalen) { - struct ebt_redirect_info *infostuff = (struct ebt_redirect_info *) data; + struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; - if ((hookmask & (1 << NF_BR_NUMHOOKS)) && - infostuff->target == EBT_RETURN) + if (datalen != sizeof(struct ebt_redirect_info)) + return -EINVAL; + if (BASE_CHAIN && info->target == EBT_RETURN) return -EINVAL; - hookmask &= ~(1 << NF_BR_NUMHOOKS); + CLEAR_BASE_CHAIN_BIT; if ( (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING)) && (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) ) return -EINVAL; - if (datalen != sizeof(struct ebt_redirect_info)) - return -EINVAL; - if (infostuff->target < -NUM_STANDARD_TARGETS || infostuff->target >= 0) + if (INVALID_TARGET) return -EINVAL; return 0; } diff --git a/kernel/linux/net/bridge/netfilter/ebt_snat.c b/kernel/linux/net/bridge/netfilter/ebt_snat.c index 5b2554e..03e3ecb 100644 --- a/kernel/linux/net/bridge/netfilter/ebt_snat.c +++ b/kernel/linux/net/bridge/netfilter/ebt_snat.c @@ -10,38 +10,34 @@ #include <linux/netfilter_bridge/ebtables.h> #include <linux/netfilter_bridge/ebt_nat.h> -#include <linux/netfilter_bridge.h> -#include <linux/skbuff.h> #include <linux/module.h> -#include <net/sock.h> static int ebt_target_snat(struct sk_buff **pskb, unsigned int hooknr, const struct net_device *in, const struct net_device *out, const void *data, unsigned int datalen) { - struct ebt_nat_info *infostuff = (struct ebt_nat_info *) data; + struct ebt_nat_info *info = (struct ebt_nat_info *) data; - memcpy(((**pskb).mac.ethernet)->h_source, infostuff->mac, + memcpy(((**pskb).mac.ethernet)->h_source, info->mac, ETH_ALEN * sizeof(unsigned char)); - return infostuff->target; + return info->target; } static int ebt_target_snat_check(const char *tablename, unsigned int hookmask, const struct ebt_entry *e, void *data, unsigned int datalen) { - struct ebt_nat_info *infostuff = (struct ebt_nat_info *) data; + struct ebt_nat_info *info = (struct ebt_nat_info *) data; - if ((hookmask & (1 << NF_BR_NUMHOOKS)) && - infostuff->target == EBT_RETURN) + if (datalen != sizeof(struct ebt_nat_info)) return -EINVAL; - hookmask &= ~(1 << NF_BR_NUMHOOKS); - if (strcmp(tablename, "nat")) + if (BASE_CHAIN && info->target == EBT_RETURN) return -EINVAL; - if (datalen != sizeof(struct ebt_nat_info)) + CLEAR_BASE_CHAIN_BIT; + if (strcmp(tablename, "nat")) return -EINVAL; if (hookmask & ~(1 << NF_BR_POST_ROUTING)) return -EINVAL; - if (infostuff->target < -NUM_STANDARD_TARGETS || infostuff->target >= 0) + if (INVALID_TARGET) return -EINVAL; return 0; } diff --git a/kernel/linux/net/bridge/netfilter/ebt_vlan.c b/kernel/linux/net/bridge/netfilter/ebt_vlan.c index 68e7966..7fdd571 100644 --- a/kernel/linux/net/bridge/netfilter/ebt_vlan.c +++ b/kernel/linux/net/bridge/netfilter/ebt_vlan.c @@ -36,10 +36,10 @@ MODULE_LICENSE ("GPL"); #define DEBUG_MSG(...) if (debug) printk (KERN_DEBUG __FILE__ ":" __FUNCTION__ ": " __VA_ARGS__) -#define INV_FLAG(_inv_flag_) (infostuff->invflags & _inv_flag_) ? "!" : "" -#define GET_BITMASK(_BIT_MASK_) infostuff->bitmask & _BIT_MASK_ -#define SET_BITMASK(_BIT_MASK_) infostuff->bitmask |= _BIT_MASK_ -#define EXIT_ON_MISMATCH(_MATCH_,_MASK_) if (!((infostuff->_MATCH_ == _MATCH_)^!!(infostuff->invflags & _MASK_))) return 1; +#define INV_FLAG(_inv_flag_) (info->invflags & _inv_flag_) ? "!" : "" +#define GET_BITMASK(_BIT_MASK_) info->bitmask & _BIT_MASK_ +#define SET_BITMASK(_BIT_MASK_) info->bitmask |= _BIT_MASK_ +#define EXIT_ON_MISMATCH(_MATCH_,_MASK_) if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return 1; /* * Function description: ebt_filter_vlan() is main engine for @@ -63,9 +63,9 @@ ebt_filter_vlan (const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const void *data, - unsigned int datalen, const struct ebt_counter *c) + unsigned int datalen) { - struct ebt_vlan_info *infostuff = (struct ebt_vlan_info *) data; /* userspace data */ + struct ebt_vlan_info *info = (struct ebt_vlan_info *) data; /* userspace data */ struct vlan_ethhdr *frame = (struct vlan_ethhdr *) skb->mac.raw; /* Passed tagged frame */ unsigned short TCI; /* Whole TCI, given from parsed frame */ @@ -109,7 +109,7 @@ ebt_filter_vlan (const struct sk_buff *skb, EXIT_ON_MISMATCH (id, EBT_VLAN_ID); DEBUG_MSG ("matched rule id=%s%d for frame id=%d\n", - INV_FLAG (EBT_VLAN_ID), infostuff->id, id); + INV_FLAG (EBT_VLAN_ID), info->id, id); } } else { /* @@ -119,7 +119,7 @@ ebt_filter_vlan (const struct sk_buff *skb, EXIT_ON_MISMATCH (prio, EBT_VLAN_PRIO); DEBUG_MSG ("matched rule prio=%s%d for frame prio=%d\n", - INV_FLAG (EBT_VLAN_PRIO), infostuff->prio, + INV_FLAG (EBT_VLAN_PRIO), info->prio, prio); } } @@ -130,7 +130,7 @@ ebt_filter_vlan (const struct sk_buff *skb, EXIT_ON_MISMATCH (encap, EBT_VLAN_ENCAP); DEBUG_MSG ("matched encap=%s%2.4X for frame encap=%2.4X\n", INV_FLAG (EBT_VLAN_ENCAP), - ntohs (infostuff->encap), ntohs (encap)); + ntohs (info->encap), ntohs (encap)); } /* * All possible extension parameters was parsed. @@ -159,7 +159,7 @@ ebt_check_vlan (const char *tablename, const struct ebt_entry *e, void *data, unsigned int datalen) { - struct ebt_vlan_info *infostuff = (struct ebt_vlan_info *) data; + struct ebt_vlan_info *info = (struct ebt_vlan_info *) data; /* * Parameters buffer overflow check @@ -175,7 +175,7 @@ ebt_check_vlan (const char *tablename, * Is it 802.1Q frame checked? */ if (e->ethproto != __constant_htons (ETH_P_8021Q)) { - DEBUG_MSG ("passed frame %2.4X is not 802.1Q (8100)\n", + DEBUG_MSG ("passed entry proto %2.4X is not 802.1Q (8100)\n", (unsigned short) ntohs (e->ethproto)); return -EINVAL; } @@ -184,18 +184,18 @@ ebt_check_vlan (const char *tablename, * Check for bitmask range * True if even one bit is out of mask */ - if (infostuff->bitmask & ~EBT_VLAN_MASK) { + if (info->bitmask & ~EBT_VLAN_MASK) { DEBUG_MSG ("bitmask %2X is out of mask (%2X)\n", - infostuff->bitmask, EBT_VLAN_MASK); + info->bitmask, EBT_VLAN_MASK); return -EINVAL; } /* * Check for inversion flags range */ - if (infostuff->invflags & ~EBT_VLAN_MASK) { + if (info->invflags & ~EBT_VLAN_MASK) { DEBUG_MSG ("inversion flags %2X is out of mask (%2X)\n", - infostuff->invflags, EBT_VLAN_MASK); + info->invflags, EBT_VLAN_MASK); return -EINVAL; } @@ -223,11 +223,11 @@ ebt_check_vlan (const char *tablename, * For Linux, N = 4094. */ if (GET_BITMASK (EBT_VLAN_ID)) { /* when vlan-id param was spec-ed */ - if (!!infostuff->id) { /* if id!=0 => check vid range */ - if (infostuff->id > 4094) { /* check if id > than (0x0FFE) */ + if (!!info->id) { /* if id!=0 => check vid range */ + if (info->id > 4094) { /* check if id > than (0x0FFE) */ DEBUG_MSG ("vlan id %d is out of range (1-4094)\n", - infostuff->id); + info->id); return -EINVAL; } /* @@ -240,10 +240,10 @@ ebt_check_vlan (const char *tablename, * if id=0 (null VLAN ID) => Check for user_priority range */ if (GET_BITMASK (EBT_VLAN_PRIO)) { - if ((unsigned char) infostuff->prio > 7) { + if ((unsigned char) info->prio > 7) { DEBUG_MSG ("prio %d is out of range (0-7)\n", - infostuff->prio); + info->prio); return -EINVAL; } } @@ -254,7 +254,7 @@ ebt_check_vlan (const char *tablename, } } else { /* VLAN Id not set */ if (GET_BITMASK (EBT_VLAN_PRIO)) { /* But user_priority is set - abnormal! */ - infostuff->id = 0; /* Set null VID (case for Priority-tagged frames) */ + info->id = 0; /* Set null VID (case for Priority-tagged frames) */ SET_BITMASK (EBT_VLAN_ID); /* and set id flag */ } } @@ -266,10 +266,10 @@ ebt_check_vlan (const char *tablename, * if_ether.h: ETH_ZLEN 60 - Min. octets in frame sans FCS */ if (GET_BITMASK (EBT_VLAN_ENCAP)) { - if ((unsigned short) ntohs (infostuff->encap) < ETH_ZLEN) { + if ((unsigned short) ntohs (info->encap) < ETH_ZLEN) { DEBUG_MSG ("encap packet length %d is less than minimal %d\n", - ntohs (infostuff->encap), ETH_ZLEN); + ntohs (info->encap), ETH_ZLEN); return -EINVAL; } } diff --git a/kernel/linux/net/bridge/netfilter/ebtable_broute.c b/kernel/linux/net/bridge/netfilter/ebtable_broute.c index 2a87fbe..7990f18 100644 --- a/kernel/linux/net/bridge/netfilter/ebtable_broute.c +++ b/kernel/linux/net/bridge/netfilter/ebtable_broute.c @@ -12,8 +12,6 @@ */ #include <linux/netfilter_bridge/ebtables.h> -#include <linux/netfilter_bridge.h> -#include <linux/netdevice.h> #include <linux/module.h> #include <linux/if_bridge.h> #include <linux/brlock.h> @@ -43,10 +41,8 @@ static struct ebt_table broute_table = }; static unsigned int -ebt_broute (unsigned int hook, struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)) +ebt_broute(unsigned int hook, struct sk_buff **pskb, const struct net_device *in, + const struct net_device *out, int (*okfn)(struct sk_buff *)) { return ebt_do_table(hook, pskb, in, out, &broute_table); } diff --git a/kernel/linux/net/bridge/netfilter/ebtable_filter.c b/kernel/linux/net/bridge/netfilter/ebtable_filter.c index 8b72f8e..9b7c0f9 100644 --- a/kernel/linux/net/bridge/netfilter/ebtable_filter.c +++ b/kernel/linux/net/bridge/netfilter/ebtable_filter.c @@ -9,7 +9,6 @@ */ #include <linux/netfilter_bridge/ebtables.h> -#include <linux/netfilter_bridge.h> #include <linux/module.h> #define FILTER_VALID_HOOKS ((1 << NF_BR_LOCAL_IN) | (1 << NF_BR_FORWARD) | \ @@ -42,10 +41,9 @@ static struct ebt_table frame_filter = RW_LOCK_UNLOCKED, check, NULL }; -static unsigned int ebt_hook (unsigned int hook, struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)) +static unsigned int +ebt_hook (unsigned int hook, struct sk_buff **pskb, const struct net_device *in, + const struct net_device *out, int (*okfn)(struct sk_buff *)) { return ebt_do_table(hook, pskb, in, out, &frame_filter); } diff --git a/kernel/linux/net/bridge/netfilter/ebtable_nat.c b/kernel/linux/net/bridge/netfilter/ebtable_nat.c index 348a167..f687c5a 100644 --- a/kernel/linux/net/bridge/netfilter/ebtable_nat.c +++ b/kernel/linux/net/bridge/netfilter/ebtable_nat.c @@ -9,8 +9,6 @@ */ #include <linux/netfilter_bridge/ebtables.h> -#include <linux/netfilter_bridge.h> -#include <linux/netdevice.h> #include <linux/module.h> #define NAT_VALID_HOOKS ((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT) | \ (1 << NF_BR_POST_ROUTING)) @@ -43,17 +41,15 @@ static struct ebt_table frame_nat = }; static unsigned int -ebt_nat_dst (unsigned int hook, struct sk_buff **pskb, - const struct net_device *in, const struct net_device *out, - int (*okfn)(struct sk_buff *)) +ebt_nat_dst(unsigned int hook, struct sk_buff **pskb, const struct net_device *in + , const struct net_device *out, int (*okfn)(struct sk_buff *)) { return ebt_do_table(hook, pskb, in, out, &frame_nat); } -static unsigned int ebt_nat_src (unsigned int hook, struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)) +static unsigned int +ebt_nat_src(unsigned int hook, struct sk_buff **pskb, const struct net_device *in + , const struct net_device *out, int (*okfn)(struct sk_buff *)) { return ebt_do_table(hook, pskb, in, out, &frame_nat); } diff --git a/kernel/linux/net/bridge/netfilter/ebtables.c b/kernel/linux/net/bridge/netfilter/ebtables.c index 22daedd..fafec9f 100644 --- a/kernel/linux/net/bridge/netfilter/ebtables.c +++ b/kernel/linux/net/bridge/netfilter/ebtables.c @@ -22,10 +22,6 @@ #include <linux/kmod.h> #include <linux/module.h> #include <linux/vmalloc.h> -#include <linux/skbuff.h> -#include <linux/if_ether.h> -#include <linux/netfilter_bridge.h> -#include <linux/netfilter_ipv4.h> #include <linux/netfilter_bridge/ebtables.h> #include <linux/spinlock.h> #include <asm/uaccess.h> @@ -40,6 +36,21 @@ #include <linux/netfilter_ipv4/listhelp.h> #if 0 // use this for remote debugging +// Copyright (C) 1998 by Ori Pomerantz +// Print the string to the appropriate tty, the one +// the current task uses +static void print_string(char *str) +{ + struct tty_struct *my_tty; + + /* The tty for the current task */ + my_tty = current->tty; + if (my_tty != NULL) { + (*(my_tty->driver).write)(my_tty, 0, str, strlen(str)); + (*(my_tty->driver).write)(my_tty, 0, "\015\012", 2); + } +} + #define BUGPRINT(args) print_string(args); #else #define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\ @@ -65,8 +76,6 @@ -static void print_string(char *str); - static DECLARE_MUTEX(ebt_mutex); static LIST_HEAD(ebt_tables); static LIST_HEAD(ebt_targets); @@ -78,20 +87,20 @@ static struct ebt_target ebt_standard_target = static inline int ebt_do_watcher (struct ebt_entry_watcher *w, const struct sk_buff *skb, const struct net_device *in, - const struct net_device *out, const struct ebt_counter *c) + const struct net_device *out) { w->u.watcher->watcher(skb, in, out, w->data, - w->watcher_size, c); + w->watcher_size); // watchers don't give a verdict return 0; } static inline int ebt_do_match (struct ebt_entry_match *m, const struct sk_buff *skb, const struct net_device *in, - const struct net_device *out, const struct ebt_counter *c) + const struct net_device *out) { return m->u.match->match(skb, in, out, m->data, - m->match_size, c); + m->match_size); } static inline int ebt_dev_check(char *entry, const struct net_device *device) @@ -100,48 +109,48 @@ static inline int ebt_dev_check(char *entry, const struct net_device *device) return 0; if (!device) return 1; - return !!strncmp(entry, device->name, IFNAMSIZ); + return !!strcmp(entry, device->name); } -#define FWINV(bool,invflg) ((bool) ^ !!(p->invflags & invflg)) +#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg)) // process standard matches -static inline int ebt_basic_match(struct ebt_entry *p, struct ethhdr *h, +static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, const struct net_device *in, const struct net_device *out) { int verdict, i; - if (p->bitmask & EBT_802_3) { - if (FWINV(ntohs(h->h_proto) >= 1536, EBT_IPROTO)) + if (e->bitmask & EBT_802_3) { + if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO)) return 1; - } else if (!(p->bitmask & EBT_NOPROTO) && - FWINV(p->ethproto != h->h_proto, EBT_IPROTO)) + } else if (!(e->bitmask & EBT_NOPROTO) && + FWINV2(e->ethproto != h->h_proto, EBT_IPROTO)) return 1; - if (FWINV(ebt_dev_check(p->in, in), EBT_IIN)) + if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN)) return 1; - if (FWINV(ebt_dev_check(p->out, out), EBT_IOUT)) + if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT)) return 1; - if ((!in || !in->br_port) ? 0 : FWINV(ebt_dev_check( - p->logical_in, &in->br_port->br->dev), EBT_ILOGICALIN)) + if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check( + e->logical_in, &in->br_port->br->dev), EBT_ILOGICALIN)) return 1; - if ((!out || !out->br_port) ? 0 : FWINV(ebt_dev_check( - (p->logical_out), &out->br_port->br->dev), EBT_ILOGICALOUT)) + if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check( + e->logical_out, &out->br_port->br->dev), EBT_ILOGICALOUT)) return 1; - - if (p->bitmask & EBT_SOURCEMAC) { + + if (e->bitmask & EBT_SOURCEMAC) { verdict = 0; for (i = 0; i < 6; i++) - verdict |= (h->h_source[i] ^ p->sourcemac[i]) & - p->sourcemsk[i]; - if (FWINV(verdict != 0, EBT_ISOURCE) ) + verdict |= (h->h_source[i] ^ e->sourcemac[i]) & + e->sourcemsk[i]; + if (FWINV2(verdict != 0, EBT_ISOURCE) ) return 1; } - if (p->bitmask & EBT_DESTMAC) { + if (e->bitmask & EBT_DESTMAC) { verdict = 0; for (i = 0; i < 6; i++) - verdict |= (h->h_dest[i] ^ p->destmac[i]) & - p->destmsk[i]; - if (FWINV(verdict != 0, EBT_IDEST) ) + verdict |= (h->h_dest[i] ^ e->destmac[i]) & + e->destmsk[i]; + if (FWINV2(verdict != 0, EBT_IDEST) ) return 1; } return 0; @@ -163,7 +172,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, struct ebt_table_info *private = table->private; read_lock_bh(&table->lock); - cb_base = COUNTER_BASE(private->counters, private->nentries, \ + cb_base = COUNTER_BASE(private->counters, private->nentries, cpu_number_map(smp_processor_id())); if (private->chainstack) cs = private->chainstack[cpu_number_map(smp_processor_id())]; @@ -180,8 +189,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, if (ebt_basic_match(point, (**pskb).mac.ethernet, in, out)) goto letscontinue; - if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, - out, counter_base + i) != 0) + if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0) goto letscontinue; // increase counter @@ -190,7 +198,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, // these should only watch: not modify, nor tell us // what to do with the packet EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, in, - out, counter_base + i); + out); t = (struct ebt_entry_target *) (((char *)point) + point->target_offset); @@ -210,11 +218,13 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, } if (verdict == EBT_RETURN) { letsreturn: +#ifdef CONFIG_NETFILTER_DEBUG if (sp == 0) { BUGPRINT("RETURN on base chain"); // act like this is EBT_CONTINUE goto letscontinue; } +#endif sp--; // put all the local variables right i = cs[sp].n; @@ -227,11 +237,13 @@ letsreturn: } if (verdict == EBT_CONTINUE) goto letscontinue; +#ifdef CONFIG_NETFILTER_DEBUG if (verdict < 0) { BUGPRINT("bogus standard verdict\n"); read_unlock_bh(&table->lock); return NF_DROP; } +#endif // jump to a udc cs[sp].n = i + 1; cs[sp].chaininfo = chaininfo; @@ -239,11 +251,13 @@ letsreturn: (((char *)point) + point->next_offset); i = 0; chaininfo = (struct ebt_entries *) (base + verdict); +#ifdef CONFIG_NETFILTER_DEBUG if (chaininfo->distinguisher) { BUGPRINT("jump to non-chain\n"); read_unlock_bh(&table->lock); return NF_DROP; } +#endif nentries = chaininfo->nentries; point = (struct ebt_entry *)chaininfo->data; counter_base = cb_base + chaininfo->counter_offset; @@ -266,12 +280,10 @@ letscontinue: return NF_DROP; } -/* If it succeeds, returns element and locks mutex */ +// If it succeeds, returns element and locks mutex static inline void * -find_inlist_lock_noload(struct list_head *head, - const char *name, - int *error, - struct semaphore *mutex) +find_inlist_lock_noload(struct list_head *head, const char *name, int *error, + struct semaphore *mutex) { void *ret; @@ -291,11 +303,8 @@ find_inlist_lock_noload(struct list_head *head, #define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m)) #else static void * -find_inlist_lock(struct list_head *head, - const char *name, - const char *prefix, - int *error, - struct semaphore *mutex) +find_inlist_lock(struct list_head *head, const char *name, const char *prefix, + int *error, struct semaphore *mutex) { void *ret; @@ -345,7 +354,6 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, if (((char *)m) + m->match_size + sizeof(struct ebt_entry_match) > ((char *)e) + e->watchers_offset) return -EINVAL; - m->u.name[EBT_FUNCTION_MAXNAMELEN - 1] = '\0'; match = find_match_lock(m->u.name, &ret, &ebt_mutex); if (!match) return ret; @@ -374,7 +382,6 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, if (((char *)w) + w->watcher_size + sizeof(struct ebt_entry_watcher) > ((char *)e) + e->target_offset) return -EINVAL; - w->u.name[EBT_FUNCTION_MAXNAMELEN - 1] = '\0'; watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex); if (!watcher) return ret; @@ -457,7 +464,7 @@ ebt_check_entry_size_and_hooks(struct ebt_entry *e, // a plain old entry, heh if (sizeof(struct ebt_entry) > e->watchers_offset || e->watchers_offset > e->target_offset || - e->target_offset > e->next_offset) { + e->target_offset >= e->next_offset) { BUGPRINT("entry offsets not in right order\n"); return -EINVAL; } @@ -537,6 +544,27 @@ ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i) } static inline int +ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) +{ + struct ebt_entry_target *t; + + if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) + return 0; + // we're done + if (cnt && (*cnt)-- == 0) + return 1; + EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL); + EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); + t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); + if (t->u.target->destroy) + t->u.target->destroy(t->data, t->target_size); + if (t->u.target->me) + __MOD_DEC_USE_COUNT(t->u.target->me); + + return 0; +} + +static inline int ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, const char *name, unsigned int *cnt, unsigned int valid_hooks, struct ebt_cl_stack *cl_s, unsigned int udc_cnt) @@ -562,10 +590,6 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, BUGPRINT("NOPROTO & 802_3 not allowed\n"); return -EINVAL; } - e->in[IFNAMSIZ - 1] = '\0'; - e->out[IFNAMSIZ - 1] = '\0'; - e->logical_in[IFNAMSIZ - 1] = '\0'; - e->logical_out[IFNAMSIZ - 1] = '\0'; // what hook do we belong to? for (i = 0; i < NF_BR_NUMHOOKS; i++) { if ((valid_hooks & (1 << i)) == 0) @@ -597,7 +621,6 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, if (ret != 0) goto cleanup_watchers; t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); - t->u.name[EBT_FUNCTION_MAXNAMELEN - 1] = '\0'; target = find_target_lock(t->u.name, &ret, &ebt_mutex); if (!target) goto cleanup_watchers; @@ -637,27 +660,6 @@ cleanup_matches: return ret; } -static inline int -ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) -{ - struct ebt_entry_target *t; - - if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) - return 0; - // we're done - if (cnt && (*cnt)-- == 0) - return 1; - EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL); - EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); - t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); - if (t->u.target->destroy) - t->u.target->destroy(t->data, t->target_size); - if (t->u.target->me) - __MOD_DEC_USE_COUNT(t->u.target->me); - - return 0; -} - // checks for loops and sets the hook mask for udc // the hook mask for udc tells us from which base chains the udc can be // accessed. This mask is a parameter to the check() functions of the extensions @@ -687,7 +689,6 @@ int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s, } t = (struct ebt_entry_target *) (((char *)e) + e->target_offset); - t->u.name[EBT_FUNCTION_MAXNAMELEN - 1] = '\0'; if (strcmp(t->u.name, EBT_STANDARD_TARGET)) goto letscontinue; if (e->target_offset + sizeof(struct ebt_standard_target) > @@ -857,7 +858,6 @@ static int translate_table(struct ebt_replace *repl, // beginning of a chain. This can only occur in chains that // are not accessible from any base chains, so we don't care. - repl->name[EBT_TABLE_MAXNAMELEN - 1] = '\0'; // used to know what we need to clean up if something goes wrong i = 0; ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, @@ -961,7 +961,7 @@ static int do_replace(void *user, unsigned int len) // the table doesn't like it if (t->check && (ret = t->check(newinfo, tmp.valid_hooks))) goto free_unlock; - + if (tmp.num_counters && tmp.num_counters != t->private->nentries) { BUGPRINT("Wrong nr. of counters requested\n"); ret = -EINVAL; @@ -979,8 +979,8 @@ static int do_replace(void *user, unsigned int len) t->private = newinfo; write_unlock_bh(&t->lock); up(&ebt_mutex); - // So, a user can change the chains while having messed up his counter - // allocation. Only reason why I do this is because this way the lock + // So, a user can change the chains while having messed up her counter + // allocation. Only reason why this is done is because this way the lock // is held only once, while this doesn't bring the kernel into a // dangerous state. if (tmp.num_counters && @@ -1220,11 +1220,10 @@ static int update_counters(void *user, unsigned int len) if ( !(tmp = (struct ebt_counter *) vmalloc(hlp.num_counters * sizeof(struct ebt_counter))) ){ - MEMPRINT("Updata_counters && nomemory\n"); + MEMPRINT("Update_counters && nomemory\n"); return -ENOMEM; } - hlp.name[EBT_TABLE_MAXNAMELEN - 1] = '\0'; t = find_table_lock(hlp.name, &ret, &ebt_mutex); if (!t) goto free_tmp; @@ -1451,21 +1450,6 @@ static struct nf_sockopt_ops ebt_sockopts = EBT_BASE_CTL, EBT_SO_GET_MAX + 1, do_ebt_get_ctl, 0, NULL }; -// Copyright (C) 1998 by Ori Pomerantz -// Print the string to the appropriate tty, the one -// the current task uses -static void print_string(char *str) -{ - struct tty_struct *my_tty; - - /* The tty for the current task */ - my_tty = current->tty; - if (my_tty != NULL) { - (*(my_tty->driver).write)(my_tty, 0, str, strlen(str)); - (*(my_tty->driver).write)(my_tty, 0, "\015\012", 2); - } -} - static int __init init(void) { int ret; @@ -1476,14 +1460,14 @@ static int __init init(void) if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0) return ret; - print_string("Ebtables v2.0 registered"); + printk("Ebtables v2.0 registered"); return 0; } static void __exit fini(void) { nf_unregister_sockopt(&ebt_sockopts); - print_string("Ebtables v2.0 unregistered"); + printk("Ebtables v2.0 unregistered"); } EXPORT_SYMBOL(ebt_register_table); |