From 8ed17d12ee94aed32464c0cedbd8b94e47fed3ab Mon Sep 17 00:00:00 2001 From: Bart De Schuymer Date: Sun, 2 Mar 2003 15:18:08 +0000 Subject: trivial things --- .../include/linux/netfilter_bridge/ebt_ip.h | 2 +- .../include/linux/netfilter_bridge/ebt_log.h | 2 +- .../include/linux/netfilter_bridge/ebt_mark_t.h | 2 +- .../include/linux/netfilter_bridge/ebt_nat.h | 2 +- .../include/linux/netfilter_bridge/ebt_redirect.h | 2 +- .../include/linux/netfilter_bridge/ebtables.h | 121 +++++++++++---------- kernel/linux2.5/net/bridge/netfilter/ebt_arp.c | 10 +- kernel/linux2.5/net/bridge/netfilter/ebt_dnat.c | 6 +- kernel/linux2.5/net/bridge/netfilter/ebt_ip.c | 6 +- kernel/linux2.5/net/bridge/netfilter/ebt_log.c | 6 +- kernel/linux2.5/net/bridge/netfilter/ebt_mark.c | 13 ++- kernel/linux2.5/net/bridge/netfilter/ebt_mark_m.c | 6 +- .../linux2.5/net/bridge/netfilter/ebt_redirect.c | 6 +- kernel/linux2.5/net/bridge/netfilter/ebt_snat.c | 6 +- kernel/linux2.5/net/bridge/netfilter/ebt_vlan.c | 10 +- .../linux2.5/net/bridge/netfilter/ebtable_broute.c | 33 ++++-- .../linux2.5/net/bridge/netfilter/ebtable_filter.c | 58 +++++++--- kernel/linux2.5/net/bridge/netfilter/ebtable_nat.c | 58 +++++++--- 18 files changed, 218 insertions(+), 131 deletions(-) diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_ip.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_ip.h index 499089b..7247385 100644 --- a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_ip.h +++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_ip.h @@ -25,7 +25,7 @@ EBT_IP_SPORT | EBT_IP_DPORT ) #define EBT_IP_MATCH "ip" -// the same values are used for the invflags +/* the same values are used for the invflags */ struct ebt_ip_info { uint32_t saddr; diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_log.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_log.h index d3e7377..358fbc8 100644 --- a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_log.h +++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_log.h @@ -1,7 +1,7 @@ #ifndef __LINUX_BRIDGE_EBT_LOG_H #define __LINUX_BRIDGE_EBT_LOG_H -#define EBT_LOG_IP 0x01 // if the frame is made by ip, log the ip information +#define EBT_LOG_IP 0x01 /* if the frame is made by ip, log the ip information */ #define EBT_LOG_ARP 0x02 #define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP) #define EBT_LOG_PREFIX_SIZE 30 diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_mark_t.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_mark_t.h index f84d2ad..110fec6 100644 --- a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_mark_t.h +++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_mark_t.h @@ -4,7 +4,7 @@ struct ebt_mark_t_info { unsigned long mark; - // EBT_ACCEPT, EBT_DROP or EBT_CONTINUE or EBT_RETURN + /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */ int target; }; #define EBT_MARK_TARGET "mark" diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_nat.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_nat.h index eac1871..26fd90d 100644 --- a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_nat.h +++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_nat.h @@ -4,7 +4,7 @@ struct ebt_nat_info { unsigned char mac[ETH_ALEN]; - // EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN + /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */ int target; }; #define EBT_SNAT_TARGET "snat" diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_redirect.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_redirect.h index c741521..5c67990 100644 --- a/kernel/linux2.5/include/linux/netfilter_bridge/ebt_redirect.h +++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebt_redirect.h @@ -3,7 +3,7 @@ struct ebt_redirect_info { - // EBT_ACCEPT, EBT_DROP or EBT_CONTINUE or EBT_RETURN + /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */ int target; }; #define EBT_REDIRECT_TARGET "redirect" diff --git a/kernel/linux2.5/include/linux/netfilter_bridge/ebtables.h b/kernel/linux2.5/include/linux/netfilter_bridge/ebtables.h index 72e8175..cb6348d 100644 --- a/kernel/linux2.5/include/linux/netfilter_bridge/ebtables.h +++ b/kernel/linux2.5/include/linux/netfilter_bridge/ebtables.h @@ -2,7 +2,7 @@ * ebtables * * Authors: - * Bart De Schuymer + * Bart De Schuymer * * ebtables.c,v 2.0, April, 2002 * @@ -20,7 +20,7 @@ #define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN #define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN -// verdicts >0 are "branches" +/* verdicts >0 are "branches" */ #define EBT_ACCEPT -1 #define EBT_DROP -2 #define EBT_CONTINUE -3 @@ -34,33 +34,34 @@ struct ebt_counter }; struct ebt_entries { - // this field is always set to zero - // See EBT_ENTRY_OR_ENTRIES. - // Must be same size as ebt_entry.bitmask + /* this field is always set to zero + * See EBT_ENTRY_OR_ENTRIES. + * Must be same size as ebt_entry.bitmask */ unsigned int distinguisher; - // the chain name + /* the chain name */ char name[EBT_CHAIN_MAXNAMELEN]; - // counter offset for this chain + /* counter offset for this chain */ unsigned int counter_offset; - // one standard (accept, drop, return) per hook + /* one standard (accept, drop, return) per hook */ int policy; - // nr. of entries + /* nr. of entries */ unsigned int nentries; - // entry list + /* entry list */ char data[0]; }; -// used for the bitmask of struct ebt_entry +/* used for the bitmask of struct ebt_entry */ -// This is a hack to make a difference between an ebt_entry struct and an -// ebt_entries struct when traversing the entries from start to end. -// Using this simplifies the code alot, while still being able to use -// ebt_entries. -// Contrary, iptables doesn't use something like ebt_entries and therefore uses -// different techniques for naming the policy and such. So, iptables doesn't -// need a hack like this. +/* This is a hack to make a difference between an ebt_entry struct and an + * ebt_entries struct when traversing the entries from start to end. + * Using this simplifies the code alot, while still being able to use + * ebt_entries. + * Contrary, iptables doesn't use something like ebt_entries and therefore uses + * different techniques for naming the policy and such. So, iptables doesn't + * need a hack like this. + */ #define EBT_ENTRY_OR_ENTRIES 0x01 -// these are the normal masks +/* these are the normal masks */ #define EBT_NOPROTO 0x02 #define EBT_802_3 0x04 #define EBT_SOURCEMAC 0x08 @@ -84,7 +85,7 @@ struct ebt_entry_match char name[EBT_FUNCTION_MAXNAMELEN]; struct ebt_match *match; } u; - // size of data + /* size of data */ unsigned int match_size; unsigned char data[0]; }; @@ -95,7 +96,7 @@ struct ebt_entry_watcher char name[EBT_FUNCTION_MAXNAMELEN]; struct ebt_watcher *watcher; } u; - // size of data + /* size of data */ unsigned int watcher_size; unsigned char data[0]; }; @@ -106,7 +107,7 @@ struct ebt_entry_target char name[EBT_FUNCTION_MAXNAMELEN]; struct ebt_target *target; } u; - // size of data + /* size of data */ unsigned int target_size; unsigned char data[0]; }; @@ -118,29 +119,29 @@ struct ebt_standard_target int verdict; }; -// one entry +/* one entry */ struct ebt_entry { - // this needs to be the first field + /* this needs to be the first field */ unsigned int bitmask; unsigned int invflags; uint16_t ethproto; - // the physical in-dev + /* the physical in-dev */ char in[IFNAMSIZ]; - // the logical in-dev + /* the logical in-dev */ char logical_in[IFNAMSIZ]; - // the physical out-dev + /* the physical out-dev */ char out[IFNAMSIZ]; - // the logical out-dev + /* the logical out-dev */ char logical_out[IFNAMSIZ]; unsigned char sourcemac[ETH_ALEN]; unsigned char sourcemsk[ETH_ALEN]; unsigned char destmac[ETH_ALEN]; unsigned char destmsk[ETH_ALEN]; - // sizeof ebt_entry + matches + /* sizeof ebt_entry + matches */ unsigned int watchers_offset; - // sizeof ebt_entry + matches + watchers + /* sizeof ebt_entry + matches + watchers */ unsigned int target_offset; - // sizeof ebt_entry + matches + watchers + target + /* sizeof ebt_entry + matches + watchers + target */ unsigned int next_offset; unsigned char elems[0]; }; @@ -149,20 +150,20 @@ struct ebt_replace { char name[EBT_TABLE_MAXNAMELEN]; unsigned int valid_hooks; - // nr of rules in the table + /* nr of rules in the table */ unsigned int nentries; - // total size of the entries + /* total size of the entries */ unsigned int entries_size; - // start of the chains + /* start of the chains */ struct ebt_entries *hook_entry[NF_BR_NUMHOOKS]; - // nr of counters userspace expects back + /* nr of counters userspace expects back */ unsigned int num_counters; - // where the kernel will put the old counters + /* where the kernel will put the old counters */ struct ebt_counter *counters; char *entries; }; -// [gs]etsockopt numbers +/* {g,s}etsockopt numbers */ #define EBT_BASE_CTL 128 #define EBT_SO_SET_ENTRIES (EBT_BASE_CTL) @@ -177,7 +178,7 @@ struct ebt_replace #ifdef __KERNEL__ -// return values for match() functions +/* return values for match() functions */ #define EBT_MATCH 0 #define EBT_NOMATCH 1 @@ -185,11 +186,11 @@ struct ebt_match { struct list_head list; const char name[EBT_FUNCTION_MAXNAMELEN]; - // 0 == it matches + /* 0 == it matches */ int (*match)(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const void *matchdata, unsigned int datalen); - // 0 == let it in + /* 0 == let it in */ int (*check)(const char *tablename, unsigned int hookmask, const struct ebt_entry *e, void *matchdata, unsigned int datalen); void (*destroy)(void *matchdata, unsigned int datalen); @@ -203,7 +204,7 @@ struct ebt_watcher void (*watcher)(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const void *watcherdata, unsigned int datalen); - // 0 == let it in + /* 0 == let it in */ int (*check)(const char *tablename, unsigned int hookmask, const struct ebt_entry *e, void *watcherdata, unsigned int datalen); void (*destroy)(void *watcherdata, unsigned int datalen); @@ -214,33 +215,33 @@ struct ebt_target { struct list_head list; const char name[EBT_FUNCTION_MAXNAMELEN]; - // returns one of the standard verdicts + /* returns one of the standard verdicts */ int (*target)(struct sk_buff **pskb, unsigned int hooknr, const struct net_device *in, const struct net_device *out, const void *targetdata, unsigned int datalen); - // 0 == let it in + /* 0 == let it in */ int (*check)(const char *tablename, unsigned int hookmask, const struct ebt_entry *e, void *targetdata, unsigned int datalen); void (*destroy)(void *targetdata, unsigned int datalen); struct module *me; }; -// used for jumping from and into user defined chains (udc) +/* used for jumping from and into user defined chains (udc) */ struct ebt_chainstack { - struct ebt_entries *chaininfo; // pointer to chain data - struct ebt_entry *e; // pointer to entry data - unsigned int n; // n'th entry + struct ebt_entries *chaininfo; /* pointer to chain data */ + struct ebt_entry *e; /* pointer to entry data */ + unsigned int n; /* n'th entry */ }; struct ebt_table_info { - // total size of the entries + /* total size of the entries */ unsigned int entries_size; unsigned int nentries; - // pointers to the start of the chains + /* pointers to the start of the chains */ struct ebt_entries *hook_entry[NF_BR_NUMHOOKS]; - // room to maintain the stack used for jumping from and into udc + /* room to maintain the stack used for jumping from and into udc */ struct ebt_chainstack **chainstack; char *entries; struct ebt_counter counters[0] ____cacheline_aligned; @@ -253,11 +254,11 @@ struct ebt_table struct ebt_replace *table; unsigned int valid_hooks; rwlock_t lock; - // e.g. could be the table explicitly only allows certain - // matches, targets, ... 0 == let it in + /* e.g. could be the table explicitly only allows certain + * matches, targets, ... 0 == let it in */ int (*check)(const struct ebt_table_info *info, unsigned int valid_hooks); - // the data used by the kernel + /* the data used by the kernel */ struct ebt_table_info *private; }; @@ -273,20 +274,20 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff **pskb, const struct net_device *in, const struct net_device *out, struct ebt_table *table); - // Used in the kernel match() functions +/* Used in the kernel match() functions */ #define FWINV(bool,invflg) ((bool) ^ !!(info->invflags & invflg)) -// True if the hook mask denotes that the rule is in a base chain, -// used in the check() functions +/* True if the hook mask denotes that the rule is in a base chain, + * used in the check() functions */ #define BASE_CHAIN (hookmask & (1 << NF_BR_NUMHOOKS)) -// Clear the bit in the hook mask that tells if the rule is on a base chain +/* Clear the bit in the hook mask that tells if the rule is on a base chain */ #define CLEAR_BASE_CHAIN_BIT (hookmask &= ~(1 << NF_BR_NUMHOOKS)) -// True if the target is not a standard target +/* True if the target is not a standard target */ #define INVALID_TARGET (info->target < -NUM_STANDARD_TARGETS || info->target >= 0) #endif /* __KERNEL__ */ -// blatently stolen from ip_tables.h -// fn returns 0 to continue iteration +/* blatently stolen from ip_tables.h + * fn returns 0 to continue iteration */ #define EBT_MATCH_ITERATE(e, fn, args...) \ ({ \ unsigned int __i; \ diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_arp.c b/kernel/linux2.5/net/bridge/netfilter/ebt_arp.c index f3dae30..8673967 100644 --- a/kernel/linux2.5/net/bridge/netfilter/ebt_arp.c +++ b/kernel/linux2.5/net/bridge/netfilter/ebt_arp.c @@ -37,10 +37,10 @@ static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in uint32_t dst; uint32_t src; - // Make sure the packet is long enough. + /* Make sure the packet is long enough */ if ((((*skb).nh.raw) + arp_len) > (*skb).tail) return EBT_NOMATCH; - // IPv4 addresses are always 4 bytes. + /* IPv4 addresses are always 4 bytes */ if (((*skb).nh.arph)->ar_pln != sizeof(uint32_t)) return EBT_NOMATCH; @@ -82,8 +82,10 @@ static int ebt_arp_check(const char *tablename, unsigned int hookmask, static struct ebt_match filter_arp = { - {NULL, NULL}, EBT_ARP_MATCH, ebt_filter_arp, ebt_arp_check, NULL, - THIS_MODULE + .name = EBT_ARP_MATCH, + .match = ebt_filter_arp, + .check = ebt_arp_check, + .me = THIS_MODULE }; static int __init init(void) diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_dnat.c b/kernel/linux2.5/net/bridge/netfilter/ebt_dnat.c index e125c01..b31093e 100644 --- a/kernel/linux2.5/net/bridge/netfilter/ebt_dnat.c +++ b/kernel/linux2.5/net/bridge/netfilter/ebt_dnat.c @@ -45,8 +45,10 @@ static int ebt_target_dnat_check(const char *tablename, unsigned int hookmask, static struct ebt_target dnat = { - {NULL, NULL}, EBT_DNAT_TARGET, ebt_target_dnat, ebt_target_dnat_check, - NULL, THIS_MODULE + .name = EBT_DNAT_TARGET, + .target = ebt_target_dnat, + .check = ebt_target_dnat_check, + .me = THIS_MODULE }; static int __init init(void) diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_ip.c b/kernel/linux2.5/net/bridge/netfilter/ebt_ip.c index 6a2154c..c5ae789 100644 --- a/kernel/linux2.5/net/bridge/netfilter/ebt_ip.c +++ b/kernel/linux2.5/net/bridge/netfilter/ebt_ip.c @@ -101,8 +101,10 @@ static int ebt_ip_check(const char *tablename, unsigned int hookmask, static struct ebt_match filter_ip = { - {NULL, NULL}, EBT_IP_MATCH, ebt_filter_ip, ebt_ip_check, NULL, - THIS_MODULE + .name = EBT_IP_MATCH, + .match = ebt_filter_ip, + .check = ebt_ip_check, + .me = THIS_MODULE }; static int __init init(void) diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_log.c b/kernel/linux2.5/net/bridge/netfilter/ebt_log.c index 4cb58f8..c1552d7 100644 --- a/kernel/linux2.5/net/bridge/netfilter/ebt_log.c +++ b/kernel/linux2.5/net/bridge/netfilter/ebt_log.c @@ -80,8 +80,10 @@ static void ebt_log(const struct sk_buff *skb, const struct net_device *in, static struct ebt_watcher log = { - {NULL, NULL}, EBT_LOG_WATCHER, ebt_log, ebt_log_check, NULL, - THIS_MODULE + .name = EBT_LOG_WATCHER, + .watcher = ebt_log, + .check = ebt_log_check, + .me = THIS_MODULE }; static int __init init(void) diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_mark.c b/kernel/linux2.5/net/bridge/netfilter/ebt_mark.c index 9edf7d2..47f90d9 100644 --- a/kernel/linux2.5/net/bridge/netfilter/ebt_mark.c +++ b/kernel/linux2.5/net/bridge/netfilter/ebt_mark.c @@ -8,9 +8,10 @@ * */ -// The mark target can be used in any chain -// I believe adding a mangle table just for marking is total overkill -// Marking a frame doesn't really change anything in the frame anyway +/* The mark target can be used in any chain, + * I believe adding a mangle table just for marking is total overkill. + * Marking a frame doesn't really change anything in the frame anyway. + */ #include #include @@ -46,8 +47,10 @@ static int ebt_target_mark_check(const char *tablename, unsigned int hookmask, static struct ebt_target mark_target = { - {NULL, NULL}, EBT_MARK_TARGET, ebt_target_mark, - ebt_target_mark_check, NULL, THIS_MODULE + .name = EBT_MARK_TARGET, + .target = ebt_target_mark, + .check = ebt_target_mark_check, + .me = THIS_MODULE }; static int __init init(void) diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_mark_m.c b/kernel/linux2.5/net/bridge/netfilter/ebt_mark_m.c index fce545d..715b213 100644 --- a/kernel/linux2.5/net/bridge/netfilter/ebt_mark_m.c +++ b/kernel/linux2.5/net/bridge/netfilter/ebt_mark_m.c @@ -41,8 +41,10 @@ static int ebt_mark_check(const char *tablename, unsigned int hookmask, static struct ebt_match filter_mark = { - {NULL, NULL}, EBT_MARK_MATCH, ebt_filter_mark, ebt_mark_check, NULL, - THIS_MODULE + .name = EBT_MARK_MATCH, + .match = ebt_filter_mark, + .check = ebt_mark_check, + .me = THIS_MODULE }; static int __init init(void) diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_redirect.c b/kernel/linux2.5/net/bridge/netfilter/ebt_redirect.c index 8813e93..9c7ce6c 100644 --- a/kernel/linux2.5/net/bridge/netfilter/ebt_redirect.c +++ b/kernel/linux2.5/net/bridge/netfilter/ebt_redirect.c @@ -51,8 +51,10 @@ static int ebt_target_redirect_check(const char *tablename, unsigned int hookmas static struct ebt_target redirect_target = { - {NULL, NULL}, EBT_REDIRECT_TARGET, ebt_target_redirect, - ebt_target_redirect_check, NULL, THIS_MODULE + .name = EBT_REDIRECT_TARGET, + .target = ebt_target_redirect, + .check = ebt_target_redirect_check, + .me = THIS_MODULE }; static int __init init(void) diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_snat.c b/kernel/linux2.5/net/bridge/netfilter/ebt_snat.c index 19fdaf2..da116ec 100644 --- a/kernel/linux2.5/net/bridge/netfilter/ebt_snat.c +++ b/kernel/linux2.5/net/bridge/netfilter/ebt_snat.c @@ -44,8 +44,10 @@ static int ebt_target_snat_check(const char *tablename, unsigned int hookmask, static struct ebt_target snat = { - {NULL, NULL}, EBT_SNAT_TARGET, ebt_target_snat, ebt_target_snat_check, - NULL, THIS_MODULE + .name = EBT_SNAT_TARGET, + .target = ebt_target_snat, + .check = ebt_target_snat_check, + .me = THIS_MODULE }; static int __init init(void) diff --git a/kernel/linux2.5/net/bridge/netfilter/ebt_vlan.c b/kernel/linux2.5/net/bridge/netfilter/ebt_vlan.c index 2c8d996..f69aaf6 100644 --- a/kernel/linux2.5/net/bridge/netfilter/ebt_vlan.c +++ b/kernel/linux2.5/net/bridge/netfilter/ebt_vlan.c @@ -226,12 +226,10 @@ ebt_check_vlan(const char *tablename, } static struct ebt_match filter_vlan = { - {NULL, NULL}, - EBT_VLAN_MATCH, - ebt_filter_vlan, - ebt_check_vlan, - NULL, - THIS_MODULE + .name = EBT_VLAN_MATCH, + .match = ebt_filter_vlan, + .check = ebt_check_vlan, + .me = THIS_MODULE }; /* diff --git a/kernel/linux2.5/net/bridge/netfilter/ebtable_broute.c b/kernel/linux2.5/net/bridge/netfilter/ebtable_broute.c index 3a34da1..c1fb15b 100644 --- a/kernel/linux2.5/net/bridge/netfilter/ebtable_broute.c +++ b/kernel/linux2.5/net/bridge/netfilter/ebtable_broute.c @@ -16,15 +16,23 @@ #include #include -// EBT_ACCEPT means the frame will be bridged -// EBT_DROP means the frame will be routed -static struct ebt_entries initial_chain = - {0, "BROUTING", 0, EBT_ACCEPT, 0}; +/* EBT_ACCEPT means the frame will be bridged + * EBT_DROP means the frame will be routed + */ +static struct ebt_entries initial_chain = { + .name = "BROUTING", + .policy = EBT_ACCEPT, +}; static struct ebt_replace initial_table = { - "broute", 1 << NF_BR_BROUTING, 0, sizeof(struct ebt_entries), - { [NF_BR_BROUTING]&initial_chain}, 0, NULL, (char *)&initial_chain + .name = "broute", + .valid_hooks = 1 << NF_BR_BROUTING, + .entries_size = sizeof(struct ebt_entries), + .hook_entry = { + [NF_BR_BROUTING] = &initial_chain + }, + .entries = (char *)&initial_chain }; static int check(const struct ebt_table_info *info, unsigned int valid_hooks) @@ -36,8 +44,11 @@ static int check(const struct ebt_table_info *info, unsigned int valid_hooks) static struct ebt_table broute_table = { - {NULL, NULL}, "broute", &initial_table, 1 << NF_BR_BROUTING, - RW_LOCK_UNLOCKED, check, NULL + .name = "broute", + .table = &initial_table, + .valid_hooks = 1 << NF_BR_BROUTING, + .lock = RW_LOCK_UNLOCKED, + .check = check, }; static int ebt_broute(struct sk_buff **pskb) @@ -47,8 +58,8 @@ static int ebt_broute(struct sk_buff **pskb) ret = ebt_do_table(NF_BR_BROUTING, pskb, (*pskb)->dev, NULL, &broute_table); if (ret == NF_DROP) - return 1; // route it - return 0; // bridge it + return 1; /* route it */ + return 0; /* bridge it */ } static int __init init(void) @@ -59,7 +70,7 @@ static int __init init(void) if (ret < 0) return ret; br_write_lock_bh(BR_NETPROTO_LOCK); - // see br_input.c + /* see br_input.c */ br_should_route_hook = ebt_broute; br_write_unlock_bh(BR_NETPROTO_LOCK); return ret; diff --git a/kernel/linux2.5/net/bridge/netfilter/ebtable_filter.c b/kernel/linux2.5/net/bridge/netfilter/ebtable_filter.c index 5f6a7bc..ba6de32 100644 --- a/kernel/linux2.5/net/bridge/netfilter/ebtable_filter.c +++ b/kernel/linux2.5/net/bridge/netfilter/ebtable_filter.c @@ -16,16 +16,31 @@ static struct ebt_entries initial_chains[] = { - {0, "INPUT", 0, EBT_ACCEPT, 0}, - {0, "FORWARD", 0, EBT_ACCEPT, 0}, - {0, "OUTPUT", 0, EBT_ACCEPT, 0} + { + .name = "INPUT", + .policy = EBT_ACCEPT + }, + { + .name = "FORWARD", + .policy = EBT_ACCEPT + }, + { + .name = "OUTPUT", + .policy = EBT_ACCEPT + } }; static struct ebt_replace initial_table = { - "filter", FILTER_VALID_HOOKS, 0, 3 * sizeof(struct ebt_entries), - { [NF_BR_LOCAL_IN]&initial_chains[0], [NF_BR_FORWARD]&initial_chains[1], - [NF_BR_LOCAL_OUT]&initial_chains[2] }, 0, NULL, (char *)initial_chains + .name = "filter", + .valid_hooks = FILTER_VALID_HOOKS, + .entries_size = 3 * sizeof(struct ebt_entries), + .hook_entry = { + [NF_BR_LOCAL_IN] = &initial_chains[0], + [NF_BR_FORWARD] = &initial_chains[1], + [NF_BR_LOCAL_OUT] = &initial_chains[2], + }, + .entries = (char *)initial_chains }; static int check(const struct ebt_table_info *info, unsigned int valid_hooks) @@ -37,8 +52,11 @@ static int check(const struct ebt_table_info *info, unsigned int valid_hooks) static struct ebt_table frame_filter = { - {NULL, NULL}, "filter", &initial_table, FILTER_VALID_HOOKS, - RW_LOCK_UNLOCKED, check, NULL + .name = "filter", + .table = &initial_table, + .valid_hooks = FILTER_VALID_HOOKS, + .lock = RW_LOCK_UNLOCKED, + .check = check }; static unsigned int @@ -49,12 +67,24 @@ ebt_hook (unsigned int hook, struct sk_buff **pskb, const struct net_device *in, } static struct nf_hook_ops ebt_ops_filter[] = { - { { NULL, NULL }, ebt_hook, PF_BRIDGE, NF_BR_LOCAL_IN, - NF_BR_PRI_FILTER_BRIDGED}, - { { NULL, NULL }, ebt_hook, PF_BRIDGE, NF_BR_FORWARD, - NF_BR_PRI_FILTER_BRIDGED}, - { { NULL, NULL }, ebt_hook, PF_BRIDGE, NF_BR_LOCAL_OUT, - NF_BR_PRI_FILTER_OTHER} + { + .hook = ebt_hook, + .pf = PF_BRIDGE, + .hooknum = NF_BR_LOCAL_IN, + .priority = NF_BR_PRI_FILTER_BRIDGED, + }, + { + .hook = ebt_hook, + .pf = PF_BRIDGE, + .hooknum = NF_BR_FORWARD, + .priority = NF_BR_PRI_FILTER_BRIDGED + }, + { + .hook = ebt_hook, + .pf = PF_BRIDGE, + .hooknum = NF_BR_LOCAL_OUT, + .priority = NF_BR_PRI_FILTER_OTHER + } }; static int __init init(void) diff --git a/kernel/linux2.5/net/bridge/netfilter/ebtable_nat.c b/kernel/linux2.5/net/bridge/netfilter/ebtable_nat.c index e2a140c..184d802 100644 --- a/kernel/linux2.5/net/bridge/netfilter/ebtable_nat.c +++ b/kernel/linux2.5/net/bridge/netfilter/ebtable_nat.c @@ -15,16 +15,31 @@ static struct ebt_entries initial_chains[] = { - {0, "PREROUTING", 0, EBT_ACCEPT, 0}, - {0, "OUTPUT", 0, EBT_ACCEPT, 0}, - {0, "POSTROUTING", 0, EBT_ACCEPT, 0} + { + .name = "PREROUTING", + .policy = EBT_ACCEPT + }, + { + .name = "OUTPUT", + .policy = EBT_ACCEPT + }, + { + .name = "POSTROUTING", + .policy = EBT_ACCEPT + } }; static struct ebt_replace initial_table = { - "nat", NAT_VALID_HOOKS, 0, 3 * sizeof(struct ebt_entries), - { [NF_BR_PRE_ROUTING]&initial_chains[0], [NF_BR_LOCAL_OUT]&initial_chains[1], - [NF_BR_POST_ROUTING]&initial_chains[2] }, 0, NULL, (char *)initial_chains + .name = "nat", + .valid_hooks = NAT_VALID_HOOKS, + .entries_size = 3 * sizeof(struct ebt_entries), + .hook_entry = { + [NF_BR_PRE_ROUTING] = &initial_chains[0], + [NF_BR_LOCAL_OUT] = &initial_chains[1], + [NF_BR_POST_ROUTING] = &initial_chains[2] + }, + .entries = (char *)initial_chains }; static int check(const struct ebt_table_info *info, unsigned int valid_hooks) @@ -36,8 +51,11 @@ static int check(const struct ebt_table_info *info, unsigned int valid_hooks) static struct ebt_table frame_nat = { - {NULL, NULL}, "nat", &initial_table, NAT_VALID_HOOKS, - RW_LOCK_UNLOCKED, check, NULL + .name = "nat", + .table = &initial_table, + .valid_hooks = NAT_VALID_HOOKS, + .lock = RW_LOCK_UNLOCKED, + .check = check }; static unsigned int @@ -55,12 +73,24 @@ ebt_nat_src(unsigned int hook, struct sk_buff **pskb, const struct net_device *i } static struct nf_hook_ops ebt_ops_nat[] = { - { { NULL, NULL }, ebt_nat_dst, PF_BRIDGE, NF_BR_LOCAL_OUT, - NF_BR_PRI_NAT_DST_OTHER}, - { { NULL, NULL }, ebt_nat_src, PF_BRIDGE, NF_BR_POST_ROUTING, - NF_BR_PRI_NAT_SRC}, - { { NULL, NULL }, ebt_nat_dst, PF_BRIDGE, NF_BR_PRE_ROUTING, - NF_BR_PRI_NAT_DST_BRIDGED}, + { + .hook = ebt_nat_dst, + .pf = PF_BRIDGE, + .hooknum = NF_BR_LOCAL_OUT, + .priority = NF_BR_PRI_NAT_DST_OTHER + }, + { + .hook = ebt_nat_src, + .pf = PF_BRIDGE, + .hooknum = NF_BR_POST_ROUTING, + .priority = NF_BR_PRI_NAT_SRC + }, + { + .hook = ebt_nat_dst, + .pf = PF_BRIDGE, + .hooknum = NF_BR_PRE_ROUTING, + .priority = NF_BR_PRI_NAT_DST_BRIDGED + } }; static int __init init(void) -- cgit v1.2.3