summaryrefslogtreecommitdiffstats
path: root/kernel/linux2.5/net/bridge/netfilter
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/linux2.5/net/bridge/netfilter')
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_arp.c7
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_dnat.c7
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_ip.c7
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_log.c35
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_mark.c7
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_mark_m.c7
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_pkttype.c8
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_redirect.c8
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_snat.c7
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebt_vlan.c18
-rw-r--r--kernel/linux2.5/net/bridge/netfilter/ebtables.c64
11 files changed, 42 insertions, 133 deletions
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_arp.c b/kernel/linux2.5/net/bridge/netfilter/ebt_arp.c
index 16cec6d..d63d720 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_arp.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_arp.c
@@ -94,17 +94,13 @@ static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in
return EBT_MATCH;
}
-static struct ebt_match filter_arp;
static int ebt_arp_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen,
- unsigned int version)
+ const struct ebt_entry *e, void *data, unsigned int datalen)
{
struct ebt_arp_info *info = (struct ebt_arp_info *)data;
if (datalen != sizeof(struct ebt_arp_info))
return -EINVAL;
- if (ebt_check_version(version, filter_arp.version, filter_arp.name))
- return -EINVAL;
if ((e->ethproto != __constant_htons(ETH_P_ARP) &&
e->ethproto != __constant_htons(ETH_P_RARP)) ||
e->invflags & EBT_IPROTO)
@@ -120,7 +116,6 @@ static struct ebt_match filter_arp =
.match = ebt_filter_arp,
.check = ebt_arp_check,
.me = THIS_MODULE,
- .version = VERSIONIZE(1,0),
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_dnat.c b/kernel/linux2.5/net/bridge/netfilter/ebt_dnat.c
index ffc986a..fd9a624 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_dnat.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_dnat.c
@@ -24,10 +24,8 @@ static int ebt_target_dnat(struct sk_buff **pskb, unsigned int hooknr,
return info->target;
}
-static struct ebt_target dnat;
static int ebt_target_dnat_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen,
- unsigned int version)
+ const struct ebt_entry *e, void *data, unsigned int datalen)
{
struct ebt_nat_info *info = (struct ebt_nat_info *)data;
@@ -40,8 +38,6 @@ static int ebt_target_dnat_check(const char *tablename, unsigned int hookmask,
return -EINVAL;
if (datalen != sizeof(struct ebt_nat_info))
return -EINVAL;
- if (ebt_check_version(version, dnat.version, dnat.name))
- return -EINVAL;
if (INVALID_TARGET)
return -EINVAL;
return 0;
@@ -53,7 +49,6 @@ static struct ebt_target dnat =
.target = ebt_target_dnat,
.check = ebt_target_dnat_check,
.me = THIS_MODULE,
- .version = VERSIONIZE(1,0),
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_ip.c b/kernel/linux2.5/net/bridge/netfilter/ebt_ip.c
index 9dc311a..7ef0662 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_ip.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_ip.c
@@ -70,17 +70,13 @@ static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in,
return EBT_MATCH;
}
-static struct ebt_match filter_ip;
static int ebt_ip_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen,
- unsigned int version)
+ const struct ebt_entry *e, void *data, unsigned int datalen)
{
struct ebt_ip_info *info = (struct ebt_ip_info *)data;
if (datalen != sizeof(struct ebt_ip_info))
return -EINVAL;
- if (ebt_check_version(version, filter_ip.version, filter_ip.name))
- return -EINVAL;
if (e->ethproto != __constant_htons(ETH_P_IP) ||
e->invflags & EBT_IPROTO)
return -EINVAL;
@@ -106,7 +102,6 @@ static struct ebt_match filter_ip =
.match = ebt_filter_ip,
.check = ebt_ip_check,
.me = THIS_MODULE,
- .version = VERSIONIZE(1,0),
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_log.c b/kernel/linux2.5/net/bridge/netfilter/ebt_log.c
index 72dec1e..e7a3ef4 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_log.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_log.c
@@ -17,6 +17,21 @@
static spinlock_t ebt_log_lock = SPIN_LOCK_UNLOCKED;
+static int ebt_log_check(const char *tablename, unsigned int hookmask,
+ const struct ebt_entry *e, void *data, unsigned int datalen)
+{
+ struct ebt_log_info *info = (struct ebt_log_info *)data;
+
+ if (datalen != sizeof(struct ebt_log_info))
+ return -EINVAL;
+ if (info->bitmask & ~EBT_LOG_MASK)
+ return -EINVAL;
+ if (info->loglevel >= 8)
+ return -EINVAL;
+ info->prefix[EBT_LOG_PREFIX_SIZE - 1] = '\0';
+ return 0;
+}
+
struct tcpudphdr
{
uint16_t src;
@@ -120,32 +135,12 @@ out:
spin_unlock_bh(&ebt_log_lock);
}
-static struct ebt_watcher log;
-static int ebt_log_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen,
- unsigned int version)
-{
- struct ebt_log_info *info = (struct ebt_log_info *)data;
-
- if (datalen != sizeof(struct ebt_log_info))
- return -EINVAL;
- if (ebt_check_version(version, log.version, log.name))
- return -EINVAL;
- if (info->bitmask & ~EBT_LOG_MASK)
- return -EINVAL;
- if (info->loglevel >= 8)
- return -EINVAL;
- info->prefix[EBT_LOG_PREFIX_SIZE - 1] = '\0';
- return 0;
-}
-
static struct ebt_watcher log =
{
.name = EBT_LOG_WATCHER,
.watcher = ebt_log,
.check = ebt_log_check,
.me = THIS_MODULE,
- .version = VERSIONIZE(1,0),
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_mark.c b/kernel/linux2.5/net/bridge/netfilter/ebt_mark.c
index 3a60cea..b7a87f6 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_mark.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_mark.c
@@ -30,17 +30,13 @@ static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr,
return info->target;
}
-static struct ebt_target mark_target;
static int ebt_target_mark_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen,
- unsigned int version)
+ const struct ebt_entry *e, void *data, unsigned int datalen)
{
struct ebt_mark_t_info *info = (struct ebt_mark_t_info *)data;
if (datalen != sizeof(struct ebt_mark_t_info))
return -EINVAL;
- if (ebt_check_version(version, mark_target.version, mark_target.name))
- return -EINVAL;
if (BASE_CHAIN && info->target == EBT_RETURN)
return -EINVAL;
CLEAR_BASE_CHAIN_BIT;
@@ -55,7 +51,6 @@ static struct ebt_target mark_target =
.target = ebt_target_mark,
.check = ebt_target_mark_check,
.me = THIS_MODULE,
- .version = VERSIONIZE(1,0),
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_mark_m.c b/kernel/linux2.5/net/bridge/netfilter/ebt_mark_m.c
index 0bb5a74..c710b4e 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_mark_m.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_mark_m.c
@@ -23,17 +23,13 @@ static int ebt_filter_mark(const struct sk_buff *skb,
return !(((skb->nfmark & info->mask) == info->mark) ^ info->invert);
}
-static struct ebt_match filter_mark;
static int ebt_mark_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen,
- unsigned int version)
+ const struct ebt_entry *e, void *data, unsigned int datalen)
{
struct ebt_mark_m_info *info = (struct ebt_mark_m_info *) data;
if (datalen != sizeof(struct ebt_mark_m_info))
return -EINVAL;
- if (ebt_check_version(version, filter_mark.version, filter_mark.name))
- return -EINVAL;
if (info->bitmask & ~EBT_MARK_MASK)
return -EINVAL;
if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND))
@@ -49,7 +45,6 @@ static struct ebt_match filter_mark =
.match = ebt_filter_mark,
.check = ebt_mark_check,
.me = THIS_MODULE,
- .version = VERSIONIZE(1,0),
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_pkttype.c b/kernel/linux2.5/net/bridge/netfilter/ebt_pkttype.c
index 50e6641..f6458ad 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_pkttype.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_pkttype.c
@@ -23,18 +23,13 @@ static int ebt_filter_pkttype(const struct sk_buff *skb,
return (skb->pkt_type != info->pkt_type) ^ info->invert;
}
-static struct ebt_match filter_pkttype;
static int ebt_pkttype_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen,
- unsigned int version)
+ const struct ebt_entry *e, void *data, unsigned int datalen)
{
struct ebt_pkttype_info *info = (struct ebt_pkttype_info *)data;
if (datalen != sizeof(struct ebt_pkttype_info))
return -EINVAL;
- if (ebt_check_version(version, filter_pkttype.version,
- filter_pkttype.name))
- return -EINVAL;
if (info->invert != 0 && info->invert != 1)
return -EINVAL;
/* Allow any pkt_type value */
@@ -47,7 +42,6 @@ static struct ebt_match filter_pkttype =
.match = ebt_filter_pkttype,
.check = ebt_pkttype_check,
.me = THIS_MODULE,
- .version = VERSIONIZE(1,0),
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_redirect.c b/kernel/linux2.5/net/bridge/netfilter/ebt_redirect.c
index 73b1e49..d482b3d 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_redirect.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_redirect.c
@@ -31,18 +31,13 @@ static int ebt_target_redirect(struct sk_buff **pskb, unsigned int hooknr,
return info->target;
}
-static struct ebt_target redirect_target;
static int ebt_target_redirect_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen,
- unsigned int version)
+ const struct ebt_entry *e, void *data, unsigned int datalen)
{
struct ebt_redirect_info *info = (struct ebt_redirect_info *)data;
if (datalen != sizeof(struct ebt_redirect_info))
return -EINVAL;
- if (ebt_check_version(version, redirect_target.version,
- redirect_target.name))
- return -EINVAL;
if (BASE_CHAIN && info->target == EBT_RETURN)
return -EINVAL;
CLEAR_BASE_CHAIN_BIT;
@@ -60,7 +55,6 @@ static struct ebt_target redirect_target =
.target = ebt_target_redirect,
.check = ebt_target_redirect_check,
.me = THIS_MODULE,
- .version = VERSIONIZE(1,0),
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_snat.c b/kernel/linux2.5/net/bridge/netfilter/ebt_snat.c
index b457dad..3c0a650 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_snat.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_snat.c
@@ -23,17 +23,13 @@ static int ebt_target_snat(struct sk_buff **pskb, unsigned int hooknr,
return info->target;
}
-static struct ebt_target snat;
static int ebt_target_snat_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen,
- unsigned int version)
+ const struct ebt_entry *e, void *data, unsigned int datalen)
{
struct ebt_nat_info *info = (struct ebt_nat_info *) data;
if (datalen != sizeof(struct ebt_nat_info))
return -EINVAL;
- if (ebt_check_version(version, snat.version, snat.name))
- return -EINVAL;
if (BASE_CHAIN && info->target == EBT_RETURN)
return -EINVAL;
CLEAR_BASE_CHAIN_BIT;
@@ -52,7 +48,6 @@ static struct ebt_target snat =
.target = ebt_target_snat,
.check = ebt_target_snat_check,
.me = THIS_MODULE,
- .version = VERSIONIZE(1,0),
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_vlan.c b/kernel/linux2.5/net/bridge/netfilter/ebt_vlan.c
index 5e20e88..54120a7 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebt_vlan.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebt_vlan.c
@@ -42,8 +42,10 @@ MODULE_LICENSE("GPL");
#define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return EBT_NOMATCH;}
static int
-ebt_filter_vlan(const struct sk_buff *skb, const struct net_device *in,
- const struct net_device *out, const void *data, unsigned int datalen)
+ebt_filter_vlan(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const void *data, unsigned int datalen)
{
struct ebt_vlan_info *info = (struct ebt_vlan_info *) data;
struct vlan_ethhdr frame;
@@ -84,11 +86,10 @@ ebt_filter_vlan(const struct sk_buff *skb, const struct net_device *in,
return EBT_MATCH;
}
-static struct ebt_match filter_vlan;
static int
-ebt_check_vlan(const char *tablename, unsigned int hooknr,
- const struct ebt_entry *e, void *data, unsigned int datalen,
- unsigned int version)
+ebt_check_vlan(const char *tablename,
+ unsigned int hooknr,
+ const struct ebt_entry *e, void *data, unsigned int datalen)
{
struct ebt_vlan_info *info = (struct ebt_vlan_info *) data;
@@ -100,10 +101,6 @@ ebt_check_vlan(const char *tablename, unsigned int hooknr,
return -EINVAL;
}
- if (ebt_check_version(version, filter_vlan.version,
- filter_vlan.name))
- return -EINVAL;
-
/* Is it 802.1Q frame checked? */
if (e->ethproto != __constant_htons(ETH_P_8021Q)) {
DEBUG_MSG
@@ -177,7 +174,6 @@ static struct ebt_match filter_vlan = {
.match = ebt_filter_vlan,
.check = ebt_check_vlan,
.me = THIS_MODULE,
- .version = VERSIONIZE(1,0),
};
static int __init init(void)
diff --git a/kernel/linux2.5/net/bridge/netfilter/ebtables.c b/kernel/linux2.5/net/bridge/netfilter/ebtables.c
index ea2dc75..7f32804 100644
--- a/kernel/linux2.5/net/bridge/netfilter/ebtables.c
+++ b/kernel/linux2.5/net/bridge/netfilter/ebtables.c
@@ -35,59 +35,24 @@
#define ASSERT_WRITE_LOCK(x)
#include <linux/netfilter_ipv4/listhelp.h>
-/* Copyright (C) 1998 by Ori Pomerantz
+#if 0
+/* use this for remote debugging
+ * Copyright (C) 1998 by Ori Pomerantz
* Print the string to the appropriate tty, the one
- * the current task uses.
- * Unlike prink, this function will print text on xterms and ssh connections.
- * Useful for telling the user she did something wrong, without it being logged.
+ * the current task uses
*/
-void ebt_print_string(const char *fmt, ...)
+static void print_string(char *str)
{
struct tty_struct *my_tty;
- static char print_buf[PRINT_BUFFER_LENGTH];
/* The tty for the current task */
my_tty = current->tty;
if (my_tty != NULL) {
- va_list args;
- int printed_len;
-
- va_start(args, fmt);
- printed_len = vsnprintf(print_buf, sizeof(print_buf), fmt, args);
- va_end(args);
- my_tty->driver->write(my_tty, 0, print_buf, printed_len);
+ my_tty->driver->write(my_tty, 0, str, strlen(str));
my_tty->driver->write(my_tty, 0, "\015\012", 2);
}
}
-/* different major number implies incompatibility. Same major number
- * but userspace minor number > kernel minor number also implies
- * incompatibility.
- * Minor numbers can be used when adding new functionality while
- * compatibility with older versions with the same major number is
- * guaranteed.
- */
-int ebt_check_version(unsigned int u,unsigned int k, const char *n)
-{
- int ret = 0;
- unsigned int uma = u >> NR_MINORS;
- unsigned int umi = u - (uma << NR_MINORS);
- unsigned int kma = k >> NR_MINORS;
- unsigned int kmi = k - (kma << NR_MINORS);
-
- if (uma != kma || umi > kmi) {
- ret = 1;
- ebt_print_string("Conflicting version between the \'%s\'"
- " userspace and kernel module: the userspace module version"
- " is %d.%d, the kernel module version is %d.%d",
- n, uma, umi, kma, kmi);
- }
- return ret;
-}
-
-
-#if 0
-/* use this for remote debugging */
#define BUGPRINT(args) print_string(args);
#else
#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
@@ -122,9 +87,7 @@ static LIST_HEAD(ebt_matches);
static LIST_HEAD(ebt_watchers);
static struct ebt_target ebt_standard_target =
-{
- .name = EBT_STANDARD_TARGET,
-};
+{ {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL};
static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
const struct sk_buff *skb, const struct net_device *in,
@@ -403,8 +366,8 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
}
up(&ebt_mutex);
if (match->check &&
- match->check(name, hookmask, e, m->data, m->match_size,
- m->version) != 0) {
+ match->check(name, hookmask, e, m->data, m->match_size) != 0) {
+ BUGPRINT("match->check failed\n");
module_put(match->me);
return -EINVAL;
}
@@ -432,8 +395,8 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
}
up(&ebt_mutex);
if (watcher->check &&
- watcher->check(name, hookmask, e, w->data, w->watcher_size,
- w->version) != 0) {
+ watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) {
+ BUGPRINT("watcher->check failed\n");
module_put(watcher->me);
return -EINVAL;
}
@@ -690,8 +653,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
} else if ((e->target_offset + t->target_size +
sizeof(struct ebt_entry_target) > e->next_offset) ||
(t->u.target->check &&
- t->u.target->check(name, hookmask, e, t->data, t->target_size,
- t->version) != 0)) {
+ t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){
module_put(t->u.target->me);
ret = -EFAULT;
goto cleanup_watchers;
@@ -1533,8 +1495,6 @@ EXPORT_SYMBOL(ebt_unregister_watcher);
EXPORT_SYMBOL(ebt_register_target);
EXPORT_SYMBOL(ebt_unregister_target);
EXPORT_SYMBOL(ebt_do_table);
-EXPORT_SYMBOL(ebt_print_string);
-EXPORT_SYMBOL(ebt_check_version);
module_init(init);
module_exit(fini);
MODULE_LICENSE("GPL");