mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2025-09-20 19:44:56 +02:00
Merge branch 'api35'
This commit is contained in:
Jan Engelhardt
@@ -264,7 +264,7 @@ static int ipt_acc_table_insert(const char *name, __be32 ip, __be32 netmask)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool ipt_acc_checkentry(const struct xt_tgchk_param *par)
|
static int ipt_acc_checkentry(const struct xt_tgchk_param *par)
|
||||||
{
|
{
|
||||||
struct ipt_acc_info *info = par->targinfo;
|
struct ipt_acc_info *info = par->targinfo;
|
||||||
int table_nr;
|
int table_nr;
|
||||||
@@ -276,13 +276,13 @@ static bool ipt_acc_checkentry(const struct xt_tgchk_param *par)
|
|||||||
|
|
||||||
if (table_nr == -1) {
|
if (table_nr == -1) {
|
||||||
printk("ACCOUNT: Table insert problem. Aborting\n");
|
printk("ACCOUNT: Table insert problem. Aborting\n");
|
||||||
return false;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
/* Table nr caching so we don't have to do an extra string compare
|
/* Table nr caching so we don't have to do an extra string compare
|
||||||
for every packet */
|
for every packet */
|
||||||
info->table_nr = table_nr;
|
info->table_nr = table_nr;
|
||||||
|
|
||||||
return true;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void ipt_acc_destroy(const struct xt_tgdtor_param *par)
|
static void ipt_acc_destroy(const struct xt_tgdtor_param *par)
|
||||||
|
|||||||
@@ -84,6 +84,33 @@ static bool xtnu_match_check(const char *table, const void *entry,
|
|||||||
return nm->checkentry(&local_par);
|
return nm->checkentry(&local_par);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28) && \
|
||||||
|
LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34)
|
||||||
|
static bool xtnu_match_check(const struct xt_mtchk_param *par)
|
||||||
|
{
|
||||||
|
struct xtnu_match *nm = xtcompat_numatch(cm);
|
||||||
|
|
||||||
|
if (nm == NULL)
|
||||||
|
return false;
|
||||||
|
if (nm->checkentry == NULL)
|
||||||
|
return true;
|
||||||
|
return nm->checkentry(par) == 0 ? true : false;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28) && \
|
||||||
|
LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 34)
|
||||||
|
static bool xtnu_match_check(const struct xt_mtchk_param *par)
|
||||||
|
{
|
||||||
|
struct xtnu_match *nm = xtcompat_numatch(cm);
|
||||||
|
|
||||||
|
if (nm == NULL)
|
||||||
|
return false;
|
||||||
|
if (nm->checkentry == NULL)
|
||||||
|
return true;
|
||||||
|
return nm->checkentry(par);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
|
||||||
static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo,
|
static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo,
|
||||||
@@ -105,7 +132,7 @@ static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34)
|
||||||
int xtnu_register_match(struct xtnu_match *nt)
|
int xtnu_register_match(struct xtnu_match *nt)
|
||||||
{
|
{
|
||||||
struct xt_match *ct;
|
struct xt_match *ct;
|
||||||
@@ -250,6 +277,20 @@ static bool xtnu_target_check(const char *table, const void *entry,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28) && \
|
||||||
|
LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 34)
|
||||||
|
static bool xtnu_target_check(const struct xt_tgchk_param *par)
|
||||||
|
{
|
||||||
|
struct xtnu_target *nt = xtcompat_nutarget(cm);
|
||||||
|
|
||||||
|
if (nt == NULL)
|
||||||
|
return false;
|
||||||
|
if (nt->checkentry == NULL)
|
||||||
|
return true;
|
||||||
|
return nt->checkentry(par) == 0 ? true : false;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
|
||||||
static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo,
|
static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo,
|
||||||
unsigned int targinfosize)
|
unsigned int targinfosize)
|
||||||
@@ -292,7 +333,7 @@ int xtnu_register_target(struct xtnu_target *nt)
|
|||||||
ct->hooks = nt->hooks;
|
ct->hooks = nt->hooks;
|
||||||
ct->proto = nt->proto;
|
ct->proto = nt->proto;
|
||||||
ct->target = xtnu_target_run;
|
ct->target = xtnu_target_run;
|
||||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34)
|
||||||
ct->checkentry = xtnu_target_check;
|
ct->checkentry = xtnu_target_check;
|
||||||
ct->destroy = xtnu_target_destroy;
|
ct->destroy = xtnu_target_destroy;
|
||||||
#else
|
#else
|
||||||
|
|||||||
@@ -60,7 +60,7 @@
|
|||||||
# define init_net__proc_net init_net.proc_net
|
# define init_net__proc_net init_net.proc_net
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34)
|
||||||
# define xt_match xtnu_match
|
# define xt_match xtnu_match
|
||||||
# define xt_register_match xtnu_register_match
|
# define xt_register_match xtnu_register_match
|
||||||
# define xt_unregister_match xtnu_unregister_match
|
# define xt_unregister_match xtnu_unregister_match
|
||||||
|
|||||||
@@ -85,7 +85,7 @@ struct xtnu_match {
|
|||||||
struct list_head list;
|
struct list_head list;
|
||||||
char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)];
|
char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)];
|
||||||
bool (*match)(const struct sk_buff *, const struct xt_match_param *);
|
bool (*match)(const struct sk_buff *, const struct xt_match_param *);
|
||||||
bool (*checkentry)(const struct xt_mtchk_param *);
|
int (*checkentry)(const struct xt_mtchk_param *);
|
||||||
void (*destroy)(const struct xt_mtdtor_param *);
|
void (*destroy)(const struct xt_mtdtor_param *);
|
||||||
struct module *me;
|
struct module *me;
|
||||||
const char *table;
|
const char *table;
|
||||||
@@ -101,7 +101,7 @@ struct xtnu_target {
|
|||||||
char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)];
|
char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)];
|
||||||
unsigned int (*target)(struct sk_buff **,
|
unsigned int (*target)(struct sk_buff **,
|
||||||
const struct xt_target_param *);
|
const struct xt_target_param *);
|
||||||
bool (*checkentry)(const struct xt_tgchk_param *);
|
int (*checkentry)(const struct xt_tgchk_param *);
|
||||||
void (*destroy)(const struct xt_tgdtor_param *);
|
void (*destroy)(const struct xt_tgdtor_param *);
|
||||||
struct module *me;
|
struct module *me;
|
||||||
const char *table;
|
const char *table;
|
||||||
|
|||||||
@@ -45,7 +45,7 @@ target(struct sk_buff **pskb, const struct xt_target_param *par)
|
|||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static int
|
||||||
checkentry(const struct xt_tgchk_param *par)
|
checkentry(const struct xt_tgchk_param *par)
|
||||||
{
|
{
|
||||||
struct ipt_set_info_target *info = par->targinfo;
|
struct ipt_set_info_target *info = par->targinfo;
|
||||||
@@ -54,7 +54,7 @@ checkentry(const struct xt_tgchk_param *par)
|
|||||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||||
if (targinfosize != IPT_ALIGN(sizeof(*info))) {
|
if (targinfosize != IPT_ALIGN(sizeof(*info))) {
|
||||||
DP("bad target info size %u", targinfosize);
|
DP("bad target info size %u", targinfosize);
|
||||||
return 0;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -63,7 +63,7 @@ checkentry(const struct xt_tgchk_param *par)
|
|||||||
if (index == IP_SET_INVALID_ID) {
|
if (index == IP_SET_INVALID_ID) {
|
||||||
ip_set_printk("cannot find add_set index %u as target",
|
ip_set_printk("cannot find add_set index %u as target",
|
||||||
info->add_set.index);
|
info->add_set.index);
|
||||||
return 0; /* error */
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -72,16 +72,16 @@ checkentry(const struct xt_tgchk_param *par)
|
|||||||
if (index == IP_SET_INVALID_ID) {
|
if (index == IP_SET_INVALID_ID) {
|
||||||
ip_set_printk("cannot find del_set index %u as target",
|
ip_set_printk("cannot find del_set index %u as target",
|
||||||
info->del_set.index);
|
info->del_set.index);
|
||||||
return 0; /* error */
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (info->add_set.flags[IP_SET_MAX_BINDINGS] != 0
|
if (info->add_set.flags[IP_SET_MAX_BINDINGS] != 0
|
||||||
|| info->del_set.flags[IP_SET_MAX_BINDINGS] != 0) {
|
|| info->del_set.flags[IP_SET_MAX_BINDINGS] != 0) {
|
||||||
ip_set_printk("That's nasty!");
|
ip_set_printk("That's nasty!");
|
||||||
return 0; /* error */
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void destroy(const struct xt_tgdtor_param *par)
|
static void destroy(const struct xt_tgdtor_param *par)
|
||||||
|
|||||||
@@ -47,7 +47,7 @@ match(const struct sk_buff *skb, const struct xt_match_param *par)
|
|||||||
info->match_set.flags[0] & IPSET_MATCH_INV);
|
info->match_set.flags[0] & IPSET_MATCH_INV);
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static int
|
||||||
checkentry(const struct xt_mtchk_param *par)
|
checkentry(const struct xt_mtchk_param *par)
|
||||||
{
|
{
|
||||||
struct ipt_set_info_match *info = par->matchinfo;
|
struct ipt_set_info_match *info = par->matchinfo;
|
||||||
@@ -56,7 +56,7 @@ checkentry(const struct xt_mtchk_param *par)
|
|||||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||||
if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
|
if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
|
||||||
ip_set_printk("invalid matchsize %d", matchsize);
|
ip_set_printk("invalid matchsize %d", matchsize);
|
||||||
return 0;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -65,14 +65,14 @@ checkentry(const struct xt_mtchk_param *par)
|
|||||||
if (index == IP_SET_INVALID_ID) {
|
if (index == IP_SET_INVALID_ID) {
|
||||||
ip_set_printk("Cannot find set indentified by id %u to match",
|
ip_set_printk("Cannot find set indentified by id %u to match",
|
||||||
info->match_set.index);
|
info->match_set.index);
|
||||||
return 0; /* error */
|
return -ENOENT;
|
||||||
}
|
}
|
||||||
if (info->match_set.flags[IP_SET_MAX_BINDINGS] != 0) {
|
if (info->match_set.flags[IP_SET_MAX_BINDINGS] != 0) {
|
||||||
ip_set_printk("That's nasty!");
|
ip_set_printk("That's nasty!");
|
||||||
return 0; /* error */
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void destroy(const struct xt_mtdtor_param *par)
|
static void destroy(const struct xt_mtdtor_param *par)
|
||||||
|
|||||||
@@ -1064,9 +1064,9 @@ out:
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
#define RETURN_ERR(err) do { printk(KERN_ERR PKNOCK err); return false; } while (false)
|
#define RETURN_ERR(err) do { printk(KERN_ERR PKNOCK err); return -EINVAL; } while (false)
|
||||||
|
|
||||||
static bool pknock_mt_check(const struct xt_mtchk_param *par)
|
static int pknock_mt_check(const struct xt_mtchk_param *par)
|
||||||
{
|
{
|
||||||
struct xt_pknock_mtinfo *info = par->matchinfo;
|
struct xt_pknock_mtinfo *info = par->matchinfo;
|
||||||
|
|
||||||
@@ -1124,9 +1124,10 @@ static bool pknock_mt_check(const struct xt_mtchk_param *par)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!add_rule(info))
|
if (!add_rule(info))
|
||||||
|
/* should ENOMEM here */
|
||||||
RETURN_ERR("add_rule() error in checkentry() function.\n");
|
RETURN_ERR("add_rule() error in checkentry() function.\n");
|
||||||
|
|
||||||
return true;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void pknock_mt_destroy(const struct xt_mtdtor_param *par)
|
static void pknock_mt_destroy(const struct xt_mtdtor_param *par)
|
||||||
|
|||||||
@@ -141,22 +141,22 @@ chaos_tg(struct sk_buff **pskb, const struct xt_target_param *par)
|
|||||||
return NF_DROP;
|
return NF_DROP;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool chaos_tg_check(const struct xt_tgchk_param *par)
|
static int chaos_tg_check(const struct xt_tgchk_param *par)
|
||||||
{
|
{
|
||||||
const struct xt_chaos_tginfo *info = par->targinfo;
|
const struct xt_chaos_tginfo *info = par->targinfo;
|
||||||
|
|
||||||
if (info->variant == XTCHAOS_DELUDE && !have_delude) {
|
if (info->variant == XTCHAOS_DELUDE && !have_delude) {
|
||||||
printk(KERN_WARNING PFX "Error: Cannot use --delude when "
|
printk(KERN_WARNING PFX "Error: Cannot use --delude when "
|
||||||
"DELUDE module not available\n");
|
"DELUDE module not available\n");
|
||||||
return false;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
if (info->variant == XTCHAOS_TARPIT && !have_tarpit) {
|
if (info->variant == XTCHAOS_TARPIT && !have_tarpit) {
|
||||||
printk(KERN_WARNING PFX "Error: Cannot use --tarpit when "
|
printk(KERN_WARNING PFX "Error: Cannot use --tarpit when "
|
||||||
"TARPIT module not available\n");
|
"TARPIT module not available\n");
|
||||||
return false;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_target chaos_tg_reg = {
|
static struct xt_target chaos_tg_reg = {
|
||||||
|
|||||||
@@ -81,17 +81,17 @@ logmark_tg(struct sk_buff **pskb, const struct xt_target_param *par)
|
|||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static int
|
||||||
logmark_tg_check(const struct xt_tgchk_param *par)
|
logmark_tg_check(const struct xt_tgchk_param *par)
|
||||||
{
|
{
|
||||||
const struct xt_logmark_tginfo *info = par->targinfo;
|
const struct xt_logmark_tginfo *info = par->targinfo;
|
||||||
|
|
||||||
if (info->level >= 8) {
|
if (info->level >= 8) {
|
||||||
pr_debug("LOGMARK: level %u >= 8\n", info->level);
|
pr_debug("LOGMARK: level %u >= 8\n", info->level);
|
||||||
return false;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_target logmark_tg_reg[] __read_mostly = {
|
static struct xt_target logmark_tg_reg[] __read_mostly = {
|
||||||
|
|||||||
@@ -283,15 +283,15 @@ rawdnat_tg6(struct sk_buff **pskb, const struct xt_target_param *par)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static bool rawnat_tg_check(const struct xt_tgchk_param *par)
|
static int rawnat_tg_check(const struct xt_tgchk_param *par)
|
||||||
{
|
{
|
||||||
if (strcmp(par->table, "raw") == 0 ||
|
if (strcmp(par->table, "raw") == 0 ||
|
||||||
strcmp(par->table, "rawpost") == 0)
|
strcmp(par->table, "rawpost") == 0)
|
||||||
return true;
|
return 0;
|
||||||
|
|
||||||
printk(KERN_ERR KBUILD_MODNAME " may only be used in the \"raw\" or "
|
printk(KERN_ERR KBUILD_MODNAME " may only be used in the \"raw\" or "
|
||||||
"\"rawpost\" table.\n");
|
"\"rawpost\" table.\n");
|
||||||
return false;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_target rawnat_tg_reg[] __read_mostly = {
|
static struct xt_target rawnat_tg_reg[] __read_mostly = {
|
||||||
|
|||||||
@@ -253,9 +253,8 @@ sysrq_tg6(struct sk_buff **pskb, const struct xt_target_param *par)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static bool sysrq_tg_check(const struct xt_tgchk_param *par)
|
static int sysrq_tg_check(const struct xt_tgchk_param *par)
|
||||||
{
|
{
|
||||||
|
|
||||||
if (par->target->family == NFPROTO_IPV4) {
|
if (par->target->family == NFPROTO_IPV4) {
|
||||||
const struct ipt_entry *entry = par->entryinfo;
|
const struct ipt_entry *entry = par->entryinfo;
|
||||||
|
|
||||||
@@ -272,11 +271,11 @@ static bool sysrq_tg_check(const struct xt_tgchk_param *par)
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return 0;
|
||||||
|
|
||||||
out:
|
out:
|
||||||
printk(KERN_ERR KBUILD_MODNAME ": only available for UDP and UDP-Lite");
|
printk(KERN_ERR KBUILD_MODNAME ": only available for UDP and UDP-Lite");
|
||||||
return false;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_target sysrq_tg_reg[] __read_mostly = {
|
static struct xt_target sysrq_tg_reg[] __read_mostly = {
|
||||||
|
|||||||
@@ -285,13 +285,13 @@ tee_tg6(struct sk_buff **pskb, const struct xt_target_param *par)
|
|||||||
}
|
}
|
||||||
#endif /* WITH_IPV6 */
|
#endif /* WITH_IPV6 */
|
||||||
|
|
||||||
static bool tee_tg_check(const struct xt_tgchk_param *par)
|
static int tee_tg_check(const struct xt_tgchk_param *par)
|
||||||
{
|
{
|
||||||
const struct xt_tee_tginfo *info = par->targinfo;
|
const struct xt_tee_tginfo *info = par->targinfo;
|
||||||
|
|
||||||
/* 0.0.0.0 and :: not allowed */
|
/* 0.0.0.0 and :: not allowed */
|
||||||
return memcmp(&info->gw, &tee_zero_address,
|
return (memcmp(&info->gw, &tee_zero_address,
|
||||||
sizeof(tee_zero_address)) != 0;
|
sizeof(tee_zero_address)) == 0) ? -EINVAL : 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_target tee_tg_reg[] __read_mostly = {
|
static struct xt_target tee_tg_reg[] __read_mostly = {
|
||||||
|
|||||||
@@ -109,7 +109,7 @@ condition_mt(const struct sk_buff *skb, const struct xt_match_param *par)
|
|||||||
return x ^ info->invert;
|
return x ^ info->invert;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool condition_mt_check(const struct xt_mtchk_param *par)
|
static int condition_mt_check(const struct xt_mtchk_param *par)
|
||||||
{
|
{
|
||||||
struct xt_condition_mtinfo *info = par->matchinfo;
|
struct xt_condition_mtinfo *info = par->matchinfo;
|
||||||
struct condition_variable *var;
|
struct condition_variable *var;
|
||||||
@@ -121,21 +121,21 @@ static bool condition_mt_check(const struct xt_mtchk_param *par)
|
|||||||
printk(KERN_INFO KBUILD_MODNAME ": name not allowed or too "
|
printk(KERN_INFO KBUILD_MODNAME ": name not allowed or too "
|
||||||
"long: \"%.*s\"\n", (unsigned int)sizeof(info->name),
|
"long: \"%.*s\"\n", (unsigned int)sizeof(info->name),
|
||||||
info->name);
|
info->name);
|
||||||
return false;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
* Let's acquire the lock, check for the condition and add it
|
* Let's acquire the lock, check for the condition and add it
|
||||||
* or increase the reference counter.
|
* or increase the reference counter.
|
||||||
*/
|
*/
|
||||||
if (mutex_lock_interruptible(&proc_lock) != 0)
|
if (mutex_lock_interruptible(&proc_lock) != 0)
|
||||||
return false;
|
return -EINTR;
|
||||||
|
|
||||||
list_for_each_entry(var, &conditions_list, list) {
|
list_for_each_entry(var, &conditions_list, list) {
|
||||||
if (strcmp(info->name, var->status_proc->name) == 0) {
|
if (strcmp(info->name, var->status_proc->name) == 0) {
|
||||||
var->refcount++;
|
var->refcount++;
|
||||||
mutex_unlock(&proc_lock);
|
mutex_unlock(&proc_lock);
|
||||||
info->condvar = var;
|
info->condvar = var;
|
||||||
return true;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -143,7 +143,7 @@ static bool condition_mt_check(const struct xt_mtchk_param *par)
|
|||||||
var = kmalloc(sizeof(struct condition_variable), GFP_KERNEL);
|
var = kmalloc(sizeof(struct condition_variable), GFP_KERNEL);
|
||||||
if (var == NULL) {
|
if (var == NULL) {
|
||||||
mutex_unlock(&proc_lock);
|
mutex_unlock(&proc_lock);
|
||||||
return false;
|
return -ENOMEM;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Create the condition variable's proc file entry. */
|
/* Create the condition variable's proc file entry. */
|
||||||
@@ -152,7 +152,7 @@ static bool condition_mt_check(const struct xt_mtchk_param *par)
|
|||||||
if (var->status_proc == NULL) {
|
if (var->status_proc == NULL) {
|
||||||
kfree(var);
|
kfree(var);
|
||||||
mutex_unlock(&proc_lock);
|
mutex_unlock(&proc_lock);
|
||||||
return false;
|
return -ENOMEM;
|
||||||
}
|
}
|
||||||
|
|
||||||
var->refcount = 1;
|
var->refcount = 1;
|
||||||
@@ -169,7 +169,7 @@ static bool condition_mt_check(const struct xt_mtchk_param *par)
|
|||||||
var->status_proc->gid = condition_gid_perms;
|
var->status_proc->gid = condition_gid_perms;
|
||||||
mutex_unlock(&proc_lock);
|
mutex_unlock(&proc_lock);
|
||||||
info->condvar = var;
|
info->condvar = var;
|
||||||
return true;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void condition_mt_destroy(const struct xt_mtdtor_param *par)
|
static void condition_mt_destroy(const struct xt_mtdtor_param *par)
|
||||||
|
|||||||
@@ -125,7 +125,7 @@ fuzzy_mt(const struct sk_buff *skb, const struct xt_match_param *par)
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool fuzzy_mt_check(const struct xt_mtchk_param *par)
|
static int fuzzy_mt_check(const struct xt_mtchk_param *par)
|
||||||
{
|
{
|
||||||
const struct xt_fuzzy_mtinfo *info = par->matchinfo;
|
const struct xt_fuzzy_mtinfo *info = par->matchinfo;
|
||||||
|
|
||||||
@@ -133,10 +133,10 @@ static bool fuzzy_mt_check(const struct xt_mtchk_param *par)
|
|||||||
info->maximum_rate > FUZZY_MAX_RATE ||
|
info->maximum_rate > FUZZY_MAX_RATE ||
|
||||||
info->minimum_rate >= info->maximum_rate) {
|
info->minimum_rate >= info->maximum_rate) {
|
||||||
printk(KERN_INFO KBUILD_MODNAME ": bad values, please check.\n");
|
printk(KERN_INFO KBUILD_MODNAME ": bad values, please check.\n");
|
||||||
return false;
|
return -EDOM;
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_match fuzzy_mt_reg[] __read_mostly = {
|
static struct xt_match fuzzy_mt_reg[] __read_mostly = {
|
||||||
|
|||||||
@@ -46,23 +46,28 @@ geoip_add_node(const struct geoip_country_user __user *umem_ptr)
|
|||||||
struct geoip_country_user umem;
|
struct geoip_country_user umem;
|
||||||
struct geoip_country_kernel *p;
|
struct geoip_country_kernel *p;
|
||||||
struct geoip_subnet *s;
|
struct geoip_subnet *s;
|
||||||
|
int ret;
|
||||||
|
|
||||||
if (copy_from_user(&umem, umem_ptr, sizeof(umem)) != 0)
|
if (copy_from_user(&umem, umem_ptr, sizeof(umem)) != 0)
|
||||||
return NULL;
|
return ERR_PTR(-EFAULT);
|
||||||
|
|
||||||
p = kmalloc(sizeof(struct geoip_country_kernel), GFP_KERNEL);
|
p = kmalloc(sizeof(struct geoip_country_kernel), GFP_KERNEL);
|
||||||
if (p == NULL)
|
if (p == NULL)
|
||||||
return NULL;
|
return ERR_PTR(-ENOMEM);
|
||||||
|
|
||||||
p->count = umem.count;
|
p->count = umem.count;
|
||||||
p->cc = umem.cc;
|
p->cc = umem.cc;
|
||||||
|
|
||||||
s = vmalloc(p->count * sizeof(struct geoip_subnet));
|
s = vmalloc(p->count * sizeof(struct geoip_subnet));
|
||||||
if (s == NULL)
|
if (s == NULL) {
|
||||||
|
ret = -ENOMEM;
|
||||||
goto free_p;
|
goto free_p;
|
||||||
|
}
|
||||||
if (copy_from_user(s, (const void __user *)(unsigned long)umem.subnets,
|
if (copy_from_user(s, (const void __user *)(unsigned long)umem.subnets,
|
||||||
p->count * sizeof(struct geoip_subnet)) != 0)
|
p->count * sizeof(struct geoip_subnet)) != 0) {
|
||||||
|
ret = -EFAULT;
|
||||||
goto free_s;
|
goto free_s;
|
||||||
|
}
|
||||||
|
|
||||||
p->subnets = s;
|
p->subnets = s;
|
||||||
atomic_set(&p->ref, 1);
|
atomic_set(&p->ref, 1);
|
||||||
@@ -78,7 +83,7 @@ geoip_add_node(const struct geoip_country_user __user *umem_ptr)
|
|||||||
vfree(s);
|
vfree(s);
|
||||||
free_p:
|
free_p:
|
||||||
kfree(p);
|
kfree(p);
|
||||||
return NULL;
|
return ERR_PTR(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void geoip_try_remove_node(struct geoip_country_kernel *p)
|
static void geoip_try_remove_node(struct geoip_country_kernel *p)
|
||||||
@@ -168,7 +173,7 @@ xt_geoip_mt(const struct sk_buff *skb, const struct xt_match_param *par)
|
|||||||
return info->flags & XT_GEOIP_INV;
|
return info->flags & XT_GEOIP_INV;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool xt_geoip_mt_checkentry(const struct xt_mtchk_param *par)
|
static int xt_geoip_mt_checkentry(const struct xt_mtchk_param *par)
|
||||||
{
|
{
|
||||||
struct xt_geoip_match_info *info = par->matchinfo;
|
struct xt_geoip_match_info *info = par->matchinfo;
|
||||||
struct geoip_country_kernel *node;
|
struct geoip_country_kernel *node;
|
||||||
@@ -176,13 +181,15 @@ static bool xt_geoip_mt_checkentry(const struct xt_mtchk_param *par)
|
|||||||
|
|
||||||
for (i = 0; i < info->count; i++) {
|
for (i = 0; i < info->count; i++) {
|
||||||
node = find_node(info->cc[i]);
|
node = find_node(info->cc[i]);
|
||||||
if (node == NULL)
|
if (node == NULL) {
|
||||||
if ((node = geoip_add_node((const void __user *)(unsigned long)info->mem[i].user)) == NULL) {
|
node = geoip_add_node((const void __user *)(unsigned long)info->mem[i].user);
|
||||||
|
if (IS_ERR(node)) {
|
||||||
printk(KERN_ERR
|
printk(KERN_ERR
|
||||||
"xt_geoip: unable to load '%c%c' into memory\n",
|
"xt_geoip: unable to load '%c%c' into memory: %ld\n",
|
||||||
COUNTRY(info->cc[i]));
|
COUNTRY(info->cc[i]), PTR_ERR(node));
|
||||||
return false;
|
return PTR_ERR(node);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* Overwrite the now-useless pointer info->mem[i] with
|
/* Overwrite the now-useless pointer info->mem[i] with
|
||||||
* a pointer to the node's kernelspace structure.
|
* a pointer to the node's kernelspace structure.
|
||||||
@@ -192,7 +199,7 @@ static bool xt_geoip_mt_checkentry(const struct xt_mtchk_param *par)
|
|||||||
info->mem[i].kernel = node;
|
info->mem[i].kernel = node;
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void xt_geoip_mt_destroy(const struct xt_mtdtor_param *par)
|
static void xt_geoip_mt_destroy(const struct xt_mtdtor_param *par)
|
||||||
|
|||||||
@@ -216,16 +216,16 @@ lscan_mt(const struct sk_buff *skb, const struct xt_match_param *par)
|
|||||||
(info->match_gr && ctdata->mark == mark_grscan);
|
(info->match_gr && ctdata->mark == mark_grscan);
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool lscan_mt_check(const struct xt_mtchk_param *par)
|
static int lscan_mt_check(const struct xt_mtchk_param *par)
|
||||||
{
|
{
|
||||||
const struct xt_lscan_mtinfo *info = par->matchinfo;
|
const struct xt_lscan_mtinfo *info = par->matchinfo;
|
||||||
|
|
||||||
if ((info->match_stealth & ~1) || (info->match_syn & ~1) ||
|
if ((info->match_stealth & ~1) || (info->match_syn & ~1) ||
|
||||||
(info->match_cn & ~1) || (info->match_gr & ~1)) {
|
(info->match_cn & ~1) || (info->match_gr & ~1)) {
|
||||||
printk(KERN_WARNING PFX "Invalid flags\n");
|
printk(KERN_WARNING PFX "Invalid flags\n");
|
||||||
return false;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
return true;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_match lscan_mt_reg[] __read_mostly = {
|
static struct xt_match lscan_mt_reg[] __read_mostly = {
|
||||||
|
|||||||
@@ -144,28 +144,28 @@ q2_get_counter(const struct xt_quota_mtinfo2 *q)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool quota_mt2_check(const struct xt_mtchk_param *par)
|
static int quota_mt2_check(const struct xt_mtchk_param *par)
|
||||||
{
|
{
|
||||||
struct xt_quota_mtinfo2 *q = par->matchinfo;
|
struct xt_quota_mtinfo2 *q = par->matchinfo;
|
||||||
|
|
||||||
if (q->flags & ~XT_QUOTA_MASK)
|
if (q->flags & ~XT_QUOTA_MASK)
|
||||||
return false;
|
return -EINVAL;
|
||||||
|
|
||||||
q->name[sizeof(q->name)-1] = '\0';
|
q->name[sizeof(q->name)-1] = '\0';
|
||||||
if (*q->name == '.' || strchr(q->name, '/') != NULL) {
|
if (*q->name == '.' || strchr(q->name, '/') != NULL) {
|
||||||
printk(KERN_ERR "xt_quota<%u>: illegal name\n",
|
printk(KERN_ERR "xt_quota<%u>: illegal name\n",
|
||||||
par->match->revision);
|
par->match->revision);
|
||||||
return false;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
q->master = q2_get_counter(q);
|
q->master = q2_get_counter(q);
|
||||||
if (q->master == NULL) {
|
if (q->master == NULL) {
|
||||||
printk(KERN_ERR "xt_quota<%u>: memory alloc failure\n",
|
printk(KERN_ERR "xt_quota<%u>: memory alloc failure\n",
|
||||||
par->match->revision);
|
par->match->revision);
|
||||||
return false;
|
return -ENOMEM;
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void quota_mt2_destroy(const struct xt_mtdtor_param *par)
|
static void quota_mt2_destroy(const struct xt_mtdtor_param *par)
|
||||||
|
|||||||
Reference in New Issue
Block a user