mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2025-09-06 20:55:13 +02:00
Update for Linux 2.6.28
This commit is contained in:
Jan Engelhardt
@@ -30,14 +30,30 @@ static int xtnu_match_run(const struct sk_buff *skb,
|
|||||||
const struct net_device *in, const struct net_device *out,
|
const struct net_device *in, const struct net_device *out,
|
||||||
const struct xt_match *cm, const void *matchinfo, int offset,
|
const struct xt_match *cm, const void *matchinfo, int offset,
|
||||||
unsigned int protoff, int *hotdrop)
|
unsigned int protoff, int *hotdrop)
|
||||||
|
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
|
static bool xtnu_match_run(const struct sk_buff *skb,
|
||||||
|
const struct net_device *in, const struct net_device *out,
|
||||||
|
const struct xt_match *cm, const void *matchinfo, int offset,
|
||||||
|
unsigned int protoff, bool *hotdrop)
|
||||||
|
#endif
|
||||||
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
{
|
{
|
||||||
struct xtnu_match *nm = xtcompat_numatch(cm);
|
struct xtnu_match *nm = xtcompat_numatch(cm);
|
||||||
bool lo_drop = false, lo_ret;
|
bool lo_drop = false, lo_ret;
|
||||||
|
struct xt_match_param local_par = {
|
||||||
|
.in = in,
|
||||||
|
.out = out,
|
||||||
|
.match = cm,
|
||||||
|
.matchinfo = matchinfo,
|
||||||
|
.fragoff = offset,
|
||||||
|
.thoff = protoff,
|
||||||
|
.hotdrop = &lo_drop,
|
||||||
|
.family = NFPROTO_UNSPEC, /* don't have that info */
|
||||||
|
};
|
||||||
|
|
||||||
if (nm == NULL || nm->match == NULL)
|
if (nm == NULL || nm->match == NULL)
|
||||||
return false;
|
return false;
|
||||||
lo_ret = nm->match(skb, in, out, nm, matchinfo,
|
lo_ret = nm->match(skb, &local_par);
|
||||||
offset, protoff, &lo_drop);
|
|
||||||
*hotdrop = lo_drop;
|
*hotdrop = lo_drop;
|
||||||
return lo_ret;
|
return lo_ret;
|
||||||
}
|
}
|
||||||
@@ -50,35 +66,51 @@ static int xtnu_match_check(const char *table, const void *entry,
|
|||||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
||||||
static int xtnu_match_check(const char *table, const void *entry,
|
static int xtnu_match_check(const char *table, const void *entry,
|
||||||
const struct xt_match *cm, void *matchinfo, unsigned int hook_mask)
|
const struct xt_match *cm, void *matchinfo, unsigned int hook_mask)
|
||||||
|
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
|
static bool xtnu_match_check(const char *table, const void *entry,
|
||||||
|
const struct xt_match *cm, void *matchinfo, unsigned int hook_mask)
|
||||||
#endif
|
#endif
|
||||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
{
|
{
|
||||||
struct xtnu_match *nm = xtcompat_numatch(cm);
|
struct xtnu_match *nm = xtcompat_numatch(cm);
|
||||||
|
struct xt_mtchk_param local_par = {
|
||||||
|
.table = table,
|
||||||
|
.entryinfo = entry,
|
||||||
|
.match = cm,
|
||||||
|
.matchinfo = matchinfo,
|
||||||
|
.hook_mask = hook_mask,
|
||||||
|
.family = NFPROTO_UNSPEC,
|
||||||
|
};
|
||||||
|
|
||||||
if (nm == NULL)
|
if (nm == NULL)
|
||||||
return false;
|
return false;
|
||||||
if (nm->checkentry == NULL)
|
if (nm->checkentry == NULL)
|
||||||
return true;
|
return true;
|
||||||
return nm->checkentry(table, entry, nm, matchinfo, hook_mask);
|
return nm->checkentry(&local_par);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
|
||||||
static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo,
|
static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo,
|
||||||
unsigned int matchinfosize)
|
unsigned int matchinfosize)
|
||||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo)
|
static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo)
|
||||||
#endif
|
#endif
|
||||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
{
|
{
|
||||||
struct xtnu_match *nm = xtcompat_numatch(cm);
|
struct xtnu_match *nm = xtcompat_numatch(cm);
|
||||||
|
struct xt_mtdtor_param local_par = {
|
||||||
|
.match = cm,
|
||||||
|
.matchinfo = matchinfo,
|
||||||
|
.family = NFPROTO_UNSPEC,
|
||||||
|
};
|
||||||
|
|
||||||
if (nm != NULL && nm->destroy != NULL)
|
if (nm != NULL && nm->destroy != NULL)
|
||||||
nm->destroy(nm, matchinfo);
|
nm->destroy(&local_par);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
int xtnu_register_match(struct xtnu_match *nt)
|
int xtnu_register_match(struct xtnu_match *nt)
|
||||||
{
|
{
|
||||||
struct xt_match *ct;
|
struct xt_match *ct;
|
||||||
@@ -157,18 +189,36 @@ static unsigned int xtnu_target_run(struct sk_buff **pskb,
|
|||||||
static unsigned int xtnu_target_run(struct sk_buff **pskb,
|
static unsigned int xtnu_target_run(struct sk_buff **pskb,
|
||||||
const struct net_device *in, const struct net_device *out,
|
const struct net_device *in, const struct net_device *out,
|
||||||
unsigned int hooknum, const struct xt_target *ct, const void *targinfo)
|
unsigned int hooknum, const struct xt_target *ct, const void *targinfo)
|
||||||
#else
|
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
static unsigned int xtnu_target_run(struct sk_buff *skb,
|
static unsigned int xtnu_target_run(struct sk_buff *skb,
|
||||||
const struct net_device *in, const struct net_device *out,
|
const struct net_device *in, const struct net_device *out,
|
||||||
unsigned int hooknum, const struct xt_target *ct, const void *targinfo)
|
unsigned int hooknum, const struct xt_target *ct, const void *targinfo)
|
||||||
|
#else
|
||||||
|
static unsigned int
|
||||||
|
xtnu_target_run(struct sk_buff *skb, const struct xt_target_param *par)
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
struct xtnu_target *nt = xtcompat_nutarget(ct);
|
struct xtnu_target *nt = xtcompat_nutarget(ct);
|
||||||
|
struct xt_target_param local_par = {
|
||||||
|
.in = in,
|
||||||
|
.out = out,
|
||||||
|
.hooknum = hooknum,
|
||||||
|
.target = ct,
|
||||||
|
.targinfo = targinfo,
|
||||||
|
.family = NFPROTO_UNSPEC,
|
||||||
|
};
|
||||||
|
#else
|
||||||
|
struct xtnu_target *nt = xtcompat_nutarget(par->target);
|
||||||
|
#endif
|
||||||
|
|
||||||
if (nt != NULL && nt->target != NULL)
|
if (nt != NULL && nt->target != NULL)
|
||||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
|
||||||
return nt->target(pskb, in, out, hooknum, nt, targinfo);
|
return nt->target(pskb, &local_par);
|
||||||
|
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
|
return nt->target(&skb, &local_par);
|
||||||
#else
|
#else
|
||||||
return nt->target(&skb, in, out, hooknum, nt, targinfo);
|
return nt->target(&skb, par);
|
||||||
#endif
|
#endif
|
||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
}
|
}
|
||||||
@@ -180,31 +230,50 @@ static int xtnu_target_check(const char *table, const void *entry,
|
|||||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
||||||
static int xtnu_target_check(const char *table, const void *entry,
|
static int xtnu_target_check(const char *table, const void *entry,
|
||||||
const struct xt_target *ct, void *targinfo, unsigned int hook_mask)
|
const struct xt_target *ct, void *targinfo, unsigned int hook_mask)
|
||||||
#else
|
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
static bool xtnu_target_check(const char *table, const void *entry,
|
static bool xtnu_target_check(const char *table, const void *entry,
|
||||||
const struct xt_target *ct, void *targinfo, unsigned int hook_mask)
|
const struct xt_target *ct, void *targinfo, unsigned int hook_mask)
|
||||||
#endif
|
#endif
|
||||||
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
{
|
{
|
||||||
struct xtnu_target *nt = xtcompat_nutarget(ct);
|
struct xtnu_target *nt = xtcompat_nutarget(ct);
|
||||||
|
struct xt_tgchk_param local_par = {
|
||||||
|
.table = table,
|
||||||
|
.entryinfo = entry,
|
||||||
|
.target = ct,
|
||||||
|
.targinfo = targinfo,
|
||||||
|
.hook_mask = hook_mask,
|
||||||
|
.family = NFPROTO_UNSPEC,
|
||||||
|
};
|
||||||
|
|
||||||
if (nt == NULL)
|
if (nt == NULL)
|
||||||
return false;
|
return false;
|
||||||
if (nt->checkentry == NULL)
|
if (nt->checkentry == NULL)
|
||||||
/* this is valid, just like if there was no function */
|
/* this is valid, just like if there was no function */
|
||||||
return true;
|
return true;
|
||||||
return nt->checkentry(table, entry, nt, targinfo, hook_mask);
|
return nt->checkentry(&local_par);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
|
||||||
static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo,
|
static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo,
|
||||||
unsigned int targinfosize)
|
unsigned int targinfosize)
|
||||||
#else
|
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo)
|
static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo)
|
||||||
#endif
|
#endif
|
||||||
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
{
|
{
|
||||||
struct xtnu_target *nt = xtcompat_nutarget(ct);
|
struct xtnu_target *nt = xtcompat_nutarget(ct);
|
||||||
|
struct xt_tgdtor_param local_par = {
|
||||||
|
.target = ct,
|
||||||
|
.targinfo = targinfo,
|
||||||
|
.family = NFPROTO_UNSPEC,
|
||||||
|
};
|
||||||
|
|
||||||
if (nt != NULL && nt->destroy != NULL)
|
if (nt != NULL && nt->destroy != NULL)
|
||||||
nt->destroy(nt, targinfo);
|
nt->destroy(&local_par);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
int xtnu_register_target(struct xtnu_target *nt)
|
int xtnu_register_target(struct xtnu_target *nt)
|
||||||
{
|
{
|
||||||
@@ -228,8 +297,13 @@ int xtnu_register_target(struct xtnu_target *nt)
|
|||||||
ct->hooks = nt->hooks;
|
ct->hooks = nt->hooks;
|
||||||
ct->proto = nt->proto;
|
ct->proto = nt->proto;
|
||||||
ct->target = xtnu_target_run;
|
ct->target = xtnu_target_run;
|
||||||
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
ct->checkentry = xtnu_target_check;
|
ct->checkentry = xtnu_target_check;
|
||||||
ct->destroy = xtnu_target_destroy;
|
ct->destroy = xtnu_target_destroy;
|
||||||
|
#else
|
||||||
|
ct->checkentry = nt->checkentry;
|
||||||
|
ct->destroy = nt->destroy;
|
||||||
|
#endif
|
||||||
ct->targetsize = nt->targetsize;
|
ct->targetsize = nt->targetsize;
|
||||||
ct->me = nt->me;
|
ct->me = nt->me;
|
||||||
|
|
||||||
|
|||||||
@@ -56,7 +56,7 @@
|
|||||||
# define init_net__proc_net init_net.proc_net
|
# define init_net__proc_net init_net.proc_net
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
# define xt_match xtnu_match
|
# define xt_match xtnu_match
|
||||||
# define xt_register_match xtnu_register_match
|
# define xt_register_match xtnu_register_match
|
||||||
# define xt_unregister_match xtnu_unregister_match
|
# define xt_unregister_match xtnu_unregister_match
|
||||||
|
|||||||
@@ -27,17 +27,62 @@ enum {
|
|||||||
NFPROTO_DECNET = 12,
|
NFPROTO_DECNET = 12,
|
||||||
NFPROTO_NUMPROTO,
|
NFPROTO_NUMPROTO,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct xt_match_param {
|
||||||
|
const struct net_device *in, *out;
|
||||||
|
const struct xt_match *match;
|
||||||
|
const void *matchinfo;
|
||||||
|
int fragoff;
|
||||||
|
unsigned int thoff;
|
||||||
|
bool *hotdrop;
|
||||||
|
u_int8_t family;
|
||||||
|
};
|
||||||
|
|
||||||
|
struct xt_mtchk_param {
|
||||||
|
const char *table;
|
||||||
|
const void *entryinfo;
|
||||||
|
const struct xt_match *match;
|
||||||
|
void *matchinfo;
|
||||||
|
unsigned int hook_mask;
|
||||||
|
u_int8_t family;
|
||||||
|
};
|
||||||
|
|
||||||
|
struct xt_mtdtor_param {
|
||||||
|
const struct xt_match *match;
|
||||||
|
void *matchinfo;
|
||||||
|
u_int8_t family;
|
||||||
|
};
|
||||||
|
|
||||||
|
struct xt_target_param {
|
||||||
|
const struct net_device *in, *out;
|
||||||
|
unsigned int hooknum;
|
||||||
|
const struct xt_target *target;
|
||||||
|
const void *targinfo;
|
||||||
|
u_int8_t family;
|
||||||
|
};
|
||||||
|
|
||||||
|
struct xt_tgchk_param {
|
||||||
|
const char *table;
|
||||||
|
const void *entryinfo;
|
||||||
|
const struct xt_target *target;
|
||||||
|
void *targinfo;
|
||||||
|
unsigned int hook_mask;
|
||||||
|
u_int8_t family;
|
||||||
|
};
|
||||||
|
|
||||||
|
struct xt_tgdtor_param {
|
||||||
|
const struct xt_target *target;
|
||||||
|
void *targinfo;
|
||||||
|
u_int8_t family;
|
||||||
|
};
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
struct xtnu_match {
|
struct xtnu_match {
|
||||||
struct list_head list;
|
struct list_head list;
|
||||||
char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)];
|
char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)];
|
||||||
bool (*match)(const struct sk_buff *, const struct net_device *,
|
bool (*match)(const struct sk_buff *, const struct xt_match_param *);
|
||||||
const struct net_device *, const struct xtnu_match *,
|
bool (*checkentry)(const struct xt_mtchk_param *);
|
||||||
const void *, int, unsigned int, bool *);
|
void (*destroy)(const struct xt_mtdtor_param *);
|
||||||
bool (*checkentry)(const char *, const void *,
|
|
||||||
const struct xtnu_match *, void *, unsigned int);
|
|
||||||
void (*destroy)(const struct xtnu_match *, void *);
|
|
||||||
struct module *me;
|
struct module *me;
|
||||||
const char *table;
|
const char *table;
|
||||||
unsigned int matchsize, hooks;
|
unsigned int matchsize, hooks;
|
||||||
@@ -50,12 +95,10 @@ struct xtnu_match {
|
|||||||
struct xtnu_target {
|
struct xtnu_target {
|
||||||
struct list_head list;
|
struct list_head list;
|
||||||
char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)];
|
char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)];
|
||||||
unsigned int (*target)(struct sk_buff **, const struct net_device *,
|
unsigned int (*target)(struct sk_buff **,
|
||||||
const struct net_device *, unsigned int,
|
const struct xt_target_param *);
|
||||||
const struct xtnu_target *, const void *);
|
bool (*checkentry)(const struct xt_tgchk_param *);
|
||||||
bool (*checkentry)(const char *, const void *,
|
void (*destroy)(const struct xt_tgdtor_param *);
|
||||||
const struct xtnu_target *, void *, unsigned int);
|
|
||||||
void (*destroy)(const struct xtnu_target *, void *);
|
|
||||||
struct module *me;
|
struct module *me;
|
||||||
const char *table;
|
const char *table;
|
||||||
unsigned int targetsize, hooks;
|
unsigned int targetsize, hooks;
|
||||||
|
|||||||
@@ -26,103 +26,29 @@
|
|||||||
#include <linux/netfilter/x_tables.h>
|
#include <linux/netfilter/x_tables.h>
|
||||||
#endif
|
#endif
|
||||||
#include "ipt_set.h"
|
#include "ipt_set.h"
|
||||||
|
#include "../compat_xtables.h"
|
||||||
|
|
||||||
static unsigned int
|
static unsigned int
|
||||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
|
target(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||||
target(struct sk_buff **pskb,
|
|
||||||
unsigned int hooknum,
|
|
||||||
const struct net_device *in,
|
|
||||||
const struct net_device *out,
|
|
||||||
const void *targinfo,
|
|
||||||
void *userinfo)
|
|
||||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
|
||||||
target(struct sk_buff **pskb,
|
|
||||||
const struct net_device *in,
|
|
||||||
const struct net_device *out,
|
|
||||||
unsigned int hooknum,
|
|
||||||
const void *targinfo,
|
|
||||||
void *userinfo)
|
|
||||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
|
|
||||||
target(struct sk_buff **pskb,
|
|
||||||
const struct net_device *in,
|
|
||||||
const struct net_device *out,
|
|
||||||
unsigned int hooknum,
|
|
||||||
const struct xt_target *target,
|
|
||||||
const void *targinfo,
|
|
||||||
void *userinfo)
|
|
||||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
|
|
||||||
target(struct sk_buff **pskb,
|
|
||||||
const struct net_device *in,
|
|
||||||
const struct net_device *out,
|
|
||||||
unsigned int hooknum,
|
|
||||||
const struct xt_target *target,
|
|
||||||
const void *targinfo)
|
|
||||||
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) */
|
|
||||||
target(struct sk_buff *skb,
|
|
||||||
const struct net_device *in,
|
|
||||||
const struct net_device *out,
|
|
||||||
unsigned int hooknum,
|
|
||||||
const struct xt_target *target,
|
|
||||||
const void *targinfo)
|
|
||||||
#endif
|
|
||||||
{
|
{
|
||||||
const struct ipt_set_info_target *info = targinfo;
|
const struct ipt_set_info_target *info = par->targinfo;
|
||||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
|
|
||||||
struct sk_buff *skb = *pskb;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
if (info->add_set.index != IP_SET_INVALID_ID)
|
if (info->add_set.index != IP_SET_INVALID_ID)
|
||||||
ip_set_addip_kernel(info->add_set.index,
|
ip_set_addip_kernel(info->add_set.index,
|
||||||
skb,
|
*pskb,
|
||||||
info->add_set.flags);
|
info->add_set.flags);
|
||||||
if (info->del_set.index != IP_SET_INVALID_ID)
|
if (info->del_set.index != IP_SET_INVALID_ID)
|
||||||
ip_set_delip_kernel(info->del_set.index,
|
ip_set_delip_kernel(info->del_set.index,
|
||||||
skb,
|
*pskb,
|
||||||
info->del_set.flags);
|
info->del_set.flags);
|
||||||
|
|
||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
|
|
||||||
static int
|
|
||||||
checkentry(const char *tablename,
|
|
||||||
const struct ipt_entry *e,
|
|
||||||
void *targinfo,
|
|
||||||
unsigned int targinfosize,
|
|
||||||
unsigned int hook_mask)
|
|
||||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
|
||||||
static int
|
|
||||||
checkentry(const char *tablename,
|
|
||||||
const void *e,
|
|
||||||
void *targinfo,
|
|
||||||
unsigned int targinfosize,
|
|
||||||
unsigned int hook_mask)
|
|
||||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
|
|
||||||
static int
|
|
||||||
checkentry(const char *tablename,
|
|
||||||
const void *e,
|
|
||||||
const struct xt_target *target,
|
|
||||||
void *targinfo,
|
|
||||||
unsigned int targinfosize,
|
|
||||||
unsigned int hook_mask)
|
|
||||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
|
|
||||||
static int
|
|
||||||
checkentry(const char *tablename,
|
|
||||||
const void *e,
|
|
||||||
const struct xt_target *target,
|
|
||||||
void *targinfo,
|
|
||||||
unsigned int hook_mask)
|
|
||||||
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
|
|
||||||
static bool
|
static bool
|
||||||
checkentry(const char *tablename,
|
checkentry(const struct xt_tgchk_param *par)
|
||||||
const void *e,
|
|
||||||
const struct xt_target *target,
|
|
||||||
void *targinfo,
|
|
||||||
unsigned int hook_mask)
|
|
||||||
#endif
|
|
||||||
{
|
{
|
||||||
struct ipt_set_info_target *info = targinfo;
|
struct ipt_set_info_target *info = par->targinfo;
|
||||||
ip_set_id_t index;
|
ip_set_id_t index;
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||||
@@ -158,19 +84,9 @@ checkentry(const char *tablename,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
static void destroy(const struct xt_tgdtor_param *par)
|
||||||
static void destroy(void *targetinfo,
|
|
||||||
unsigned int targetsize)
|
|
||||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
|
|
||||||
static void destroy(const struct xt_target *target,
|
|
||||||
void *targetinfo,
|
|
||||||
unsigned int targetsize)
|
|
||||||
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) */
|
|
||||||
static void destroy(const struct xt_target *target,
|
|
||||||
void *targetinfo)
|
|
||||||
#endif
|
|
||||||
{
|
{
|
||||||
struct ipt_set_info_target *info = targetinfo;
|
struct ipt_set_info_target *info = par->targinfo;
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||||
if (targetsize != IPT_ALIGN(sizeof(struct ipt_set_info_target))) {
|
if (targetsize != IPT_ALIGN(sizeof(struct ipt_set_info_target))) {
|
||||||
|
|||||||
@@ -25,6 +25,7 @@
|
|||||||
#endif
|
#endif
|
||||||
#include "ip_set.h"
|
#include "ip_set.h"
|
||||||
#include "ipt_set.h"
|
#include "ipt_set.h"
|
||||||
|
#include "../compat_xtables.h"
|
||||||
|
|
||||||
static inline int
|
static inline int
|
||||||
match_set(const struct ipt_set_info *info,
|
match_set(const struct ipt_set_info *info,
|
||||||
@@ -36,101 +37,20 @@ match_set(const struct ipt_set_info *info,
|
|||||||
return inv;
|
return inv;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
|
|
||||||
static int
|
|
||||||
match(const struct sk_buff *skb,
|
|
||||||
const struct net_device *in,
|
|
||||||
const struct net_device *out,
|
|
||||||
const void *matchinfo,
|
|
||||||
int offset,
|
|
||||||
const void *hdr,
|
|
||||||
u_int16_t datalen,
|
|
||||||
int *hotdrop)
|
|
||||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
|
|
||||||
static int
|
|
||||||
match(const struct sk_buff *skb,
|
|
||||||
const struct net_device *in,
|
|
||||||
const struct net_device *out,
|
|
||||||
const void *matchinfo,
|
|
||||||
int offset,
|
|
||||||
int *hotdrop)
|
|
||||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
|
||||||
static int
|
|
||||||
match(const struct sk_buff *skb,
|
|
||||||
const struct net_device *in,
|
|
||||||
const struct net_device *out,
|
|
||||||
const void *matchinfo,
|
|
||||||
int offset,
|
|
||||||
unsigned int protoff,
|
|
||||||
int *hotdrop)
|
|
||||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
|
|
||||||
static int
|
|
||||||
match(const struct sk_buff *skb,
|
|
||||||
const struct net_device *in,
|
|
||||||
const struct net_device *out,
|
|
||||||
const struct xt_match *match,
|
|
||||||
const void *matchinfo,
|
|
||||||
int offset,
|
|
||||||
unsigned int protoff,
|
|
||||||
int *hotdrop)
|
|
||||||
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
|
|
||||||
static bool
|
static bool
|
||||||
match(const struct sk_buff *skb,
|
match(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||||
const struct net_device *in,
|
|
||||||
const struct net_device *out,
|
|
||||||
const struct xt_match *match,
|
|
||||||
const void *matchinfo,
|
|
||||||
int offset,
|
|
||||||
unsigned int protoff,
|
|
||||||
bool *hotdrop)
|
|
||||||
#endif
|
|
||||||
{
|
{
|
||||||
const struct ipt_set_info_match *info = matchinfo;
|
const struct ipt_set_info_match *info = par->matchinfo;
|
||||||
|
|
||||||
return match_set(&info->match_set,
|
return match_set(&info->match_set,
|
||||||
skb,
|
skb,
|
||||||
info->match_set.flags[0] & IPSET_MATCH_INV);
|
info->match_set.flags[0] & IPSET_MATCH_INV);
|
||||||
}
|
}
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
|
|
||||||
static int
|
|
||||||
checkentry(const char *tablename,
|
|
||||||
const struct ipt_ip *ip,
|
|
||||||
void *matchinfo,
|
|
||||||
unsigned int matchsize,
|
|
||||||
unsigned int hook_mask)
|
|
||||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
|
||||||
static int
|
|
||||||
checkentry(const char *tablename,
|
|
||||||
const void *inf,
|
|
||||||
void *matchinfo,
|
|
||||||
unsigned int matchsize,
|
|
||||||
unsigned int hook_mask)
|
|
||||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
|
|
||||||
static int
|
|
||||||
checkentry(const char *tablename,
|
|
||||||
const void *inf,
|
|
||||||
const struct xt_match *match,
|
|
||||||
void *matchinfo,
|
|
||||||
unsigned int matchsize,
|
|
||||||
unsigned int hook_mask)
|
|
||||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
|
|
||||||
static int
|
|
||||||
checkentry(const char *tablename,
|
|
||||||
const void *inf,
|
|
||||||
const struct xt_match *match,
|
|
||||||
void *matchinfo,
|
|
||||||
unsigned int hook_mask)
|
|
||||||
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
|
|
||||||
static bool
|
static bool
|
||||||
checkentry(const char *tablename,
|
checkentry(const struct xt_mtchk_param *par)
|
||||||
const void *inf,
|
|
||||||
const struct xt_match *match,
|
|
||||||
void *matchinfo,
|
|
||||||
unsigned int hook_mask)
|
|
||||||
#endif
|
|
||||||
{
|
{
|
||||||
struct ipt_set_info_match *info = matchinfo;
|
struct ipt_set_info_match *info = par->matchinfo;
|
||||||
ip_set_id_t index;
|
ip_set_id_t index;
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||||
@@ -155,19 +75,9 @@ checkentry(const char *tablename,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
static void destroy(const struct xt_mtdtor_param *par)
|
||||||
static void destroy(void *matchinfo,
|
|
||||||
unsigned int matchsize)
|
|
||||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
|
|
||||||
static void destroy(const struct xt_match *match,
|
|
||||||
void *matchinfo,
|
|
||||||
unsigned int matchsize)
|
|
||||||
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) */
|
|
||||||
static void destroy(const struct xt_match *match,
|
|
||||||
void *matchinfo)
|
|
||||||
#endif
|
|
||||||
{
|
{
|
||||||
struct ipt_set_info_match *info = matchinfo;
|
struct ipt_set_info_match *info = par->matchinfo;
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||||
if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
|
if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
|
||||||
|
|||||||
@@ -44,13 +44,13 @@ static const struct xt_tcp tcp_params = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
/* CHAOS functions */
|
/* CHAOS functions */
|
||||||
static void xt_chaos_total(const struct xt_chaos_tginfo *info,
|
static void
|
||||||
struct sk_buff *skb, const struct net_device *in,
|
xt_chaos_total(struct sk_buff *skb, const struct xt_target_param *par)
|
||||||
const struct net_device *out, unsigned int hooknum)
|
|
||||||
{
|
{
|
||||||
|
const struct xt_chaos_tginfo *info = par->targinfo;
|
||||||
const struct iphdr *iph = ip_hdr(skb);
|
const struct iphdr *iph = ip_hdr(skb);
|
||||||
const int protoff = 4 * iph->ihl;
|
const int thoff = 4 * iph->ihl;
|
||||||
const int offset = ntohs(iph->frag_off) & IP_OFFSET;
|
const int fragoff = ntohs(iph->frag_off) & IP_OFFSET;
|
||||||
typeof(xt_tarpit) destiny;
|
typeof(xt_tarpit) destiny;
|
||||||
bool ret;
|
bool ret;
|
||||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
||||||
@@ -59,24 +59,44 @@ static void xt_chaos_total(const struct xt_chaos_tginfo *info,
|
|||||||
bool hotdrop = false;
|
bool hotdrop = false;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
ret = xm_tcp->match(skb, in, out, xm_tcp, &tcp_params,
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
offset, protoff, &hotdrop);
|
ret = xm_tcp->match(skb, par->in, par->out, xm_tcp, &tcp_params,
|
||||||
|
fragoff, thoff, &hotdrop);
|
||||||
|
#else
|
||||||
|
{
|
||||||
|
struct xt_match_param local_par = {
|
||||||
|
.in = par->in,
|
||||||
|
.out = par->out,
|
||||||
|
.match = xm_tcp,
|
||||||
|
.matchinfo = &tcp_params,
|
||||||
|
.fragoff = fragoff,
|
||||||
|
.thoff = thoff,
|
||||||
|
.hotdrop = &hotdrop,
|
||||||
|
};
|
||||||
|
ret = xm_tcp->match(skb, &local_par);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
if (!ret || hotdrop || (unsigned int)net_random() > delude_percentage)
|
if (!ret || hotdrop || (unsigned int)net_random() > delude_percentage)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude;
|
destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude;
|
||||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
|
||||||
destiny->target(&skb, in, out, hooknum, destiny, NULL, NULL);
|
destiny->target(&skb, par->in, par->out, par->hooknum, destiny, NULL, NULL);
|
||||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
|
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
|
||||||
destiny->target(&skb, in, out, hooknum, destiny, NULL);
|
destiny->target(&skb, par->in, par->out, par->hooknum, destiny, NULL);
|
||||||
|
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
|
destiny->target(skb, par->in, par->out, par->hooknum, destiny, NULL);
|
||||||
#else
|
#else
|
||||||
destiny->target(skb, in, out, hooknum, destiny, NULL);
|
{
|
||||||
|
struct xt_target_param local_par = *par;
|
||||||
|
local_par.target = destiny;
|
||||||
|
destiny->target(skb, &local_par);
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int chaos_tg(struct sk_buff **pskb,
|
static unsigned int
|
||||||
const struct net_device *in, const struct net_device *out,
|
chaos_tg(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||||
unsigned int hooknum, const struct xt_target *target, const void *targinfo)
|
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* Equivalent to:
|
* Equivalent to:
|
||||||
@@ -86,34 +106,44 @@ static unsigned int chaos_tg(struct sk_buff **pskb,
|
|||||||
* $delude_percentage -j DELUDE;
|
* $delude_percentage -j DELUDE;
|
||||||
* -A chaos -j DROP;
|
* -A chaos -j DROP;
|
||||||
*/
|
*/
|
||||||
const struct xt_chaos_tginfo *info = targinfo;
|
const struct xt_chaos_tginfo *info = par->targinfo;
|
||||||
struct sk_buff *skb = *pskb;
|
struct sk_buff *skb = *pskb;
|
||||||
const struct iphdr *iph = ip_hdr(skb);
|
const struct iphdr *iph = ip_hdr(skb);
|
||||||
|
|
||||||
if ((unsigned int)net_random() <= reject_percentage)
|
if ((unsigned int)net_random() <= reject_percentage) {
|
||||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
|
||||||
return xt_reject->target(pskb, in, out, hooknum,
|
return xt_reject->target(pskb, par->in, par->out, par->hooknum,
|
||||||
target->__compat_target, &reject_params, NULL);
|
xt_reject, &reject_params, NULL);
|
||||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
|
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
|
||||||
return xt_reject->target(pskb, in, out, hooknum,
|
return xt_reject->target(pskb, par->in, par->out, par->hooknum,
|
||||||
target->__compat_target, &reject_params);
|
xt_reject, &reject_params);
|
||||||
|
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||||
|
return xt_reject->target(skb, par->in, par->out, par->hooknum,
|
||||||
|
xt_reject, &reject_params);
|
||||||
#else
|
#else
|
||||||
return xt_reject->target(skb, in, out, hooknum,
|
struct xt_target_param local_par = {
|
||||||
target->__compat_target, &reject_params);
|
.in = par->in,
|
||||||
|
.out = par->out,
|
||||||
|
.hooknum = par->hooknum,
|
||||||
|
.target = xt_reject,
|
||||||
|
.targinfo = &reject_params,
|
||||||
|
};
|
||||||
|
return xt_reject->target(skb, &local_par);
|
||||||
#endif
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
/* TARPIT/DELUDE may not be called from the OUTPUT chain */
|
/* TARPIT/DELUDE may not be called from the OUTPUT chain */
|
||||||
if (iph->protocol == IPPROTO_TCP &&
|
if (iph->protocol == IPPROTO_TCP &&
|
||||||
info->variant != XTCHAOS_NORMAL && hooknum != NF_INET_LOCAL_OUT)
|
info->variant != XTCHAOS_NORMAL &&
|
||||||
xt_chaos_total(info, skb, in, out, hooknum);
|
par->hooknum != NF_INET_LOCAL_OUT)
|
||||||
|
xt_chaos_total(skb, par);
|
||||||
|
|
||||||
return NF_DROP;
|
return NF_DROP;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool chaos_tg_check(const char *tablename, const void *entry,
|
static bool chaos_tg_check(const struct xt_tgchk_param *par)
|
||||||
const struct xt_target *target, void *targinfo, unsigned int hook_mask)
|
|
||||||
{
|
{
|
||||||
const struct xt_chaos_tginfo *info = targinfo;
|
const struct xt_chaos_tginfo *info = par->targinfo;
|
||||||
|
|
||||||
if (info->variant == XTCHAOS_DELUDE && !have_delude) {
|
if (info->variant == XTCHAOS_DELUDE && !have_delude) {
|
||||||
printk(KERN_WARNING PFX "Error: Cannot use --delude when "
|
printk(KERN_WARNING PFX "Error: Cannot use --delude when "
|
||||||
|
|||||||
@@ -143,14 +143,13 @@ static void delude_send_reset(struct sk_buff *oldskb, unsigned int hook)
|
|||||||
kfree_skb(nskb);
|
kfree_skb(nskb);
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int delude_tg(struct sk_buff **pskb,
|
static unsigned int
|
||||||
const struct net_device *in, const struct net_device *out,
|
delude_tg(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||||
unsigned int hooknum, const struct xt_target *target, const void *targinfo)
|
|
||||||
{
|
{
|
||||||
/* WARNING: This code causes reentry within iptables.
|
/* WARNING: This code causes reentry within iptables.
|
||||||
This means that the iptables jump stack is now crap. We
|
This means that the iptables jump stack is now crap. We
|
||||||
must return an absolute verdict. --RR */
|
must return an absolute verdict. --RR */
|
||||||
delude_send_reset(*pskb, hooknum);
|
delude_send_reset(*pskb, par->hooknum);
|
||||||
return NF_DROP;
|
return NF_DROP;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -68,15 +68,14 @@ static bool ether_cmp(const unsigned char *lh, const unsigned char *rh,
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool dhcpaddr_mt(const struct sk_buff *skb, const struct net_device *in,
|
static bool
|
||||||
const struct net_device *out, const struct xt_match *match,
|
dhcpaddr_mt(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||||
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
|
||||||
{
|
{
|
||||||
const struct dhcpaddr_info *info = matchinfo;
|
const struct dhcpaddr_info *info = par->matchinfo;
|
||||||
const struct dhcp_message *dh;
|
const struct dhcp_message *dh;
|
||||||
struct dhcp_message dhcpbuf;
|
struct dhcp_message dhcpbuf;
|
||||||
|
|
||||||
dh = skb_header_pointer(skb, protoff + sizeof(struct udphdr),
|
dh = skb_header_pointer(skb, par->thoff + sizeof(struct udphdr),
|
||||||
sizeof(dhcpbuf), &dhcpbuf);
|
sizeof(dhcpbuf), &dhcpbuf);
|
||||||
if (dh == NULL)
|
if (dh == NULL)
|
||||||
/*
|
/*
|
||||||
@@ -89,11 +88,10 @@ static bool dhcpaddr_mt(const struct sk_buff *skb, const struct net_device *in,
|
|||||||
return ether_cmp((const void *)dh->chaddr, info->addr, info->mask);
|
return ether_cmp((const void *)dh->chaddr, info->addr, info->mask);
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int dhcpaddr_tg(struct sk_buff **pskb,
|
static unsigned int
|
||||||
const struct net_device *in, const struct net_device *out,
|
dhcpaddr_tg(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||||
unsigned int hooknum, const struct xt_target *target, const void *targinfo)
|
|
||||||
{
|
{
|
||||||
const struct dhcpaddr_info *info = targinfo;
|
const struct dhcpaddr_info *info = par->targinfo;
|
||||||
struct dhcp_message dhcpbuf, *dh;
|
struct dhcp_message dhcpbuf, *dh;
|
||||||
struct udphdr udpbuf, *udph;
|
struct udphdr udpbuf, *udph;
|
||||||
struct sk_buff *skb = *pskb;
|
struct sk_buff *skb = *pskb;
|
||||||
|
|||||||
@@ -20,9 +20,8 @@
|
|||||||
#include <net/ip.h>
|
#include <net/ip.h>
|
||||||
#include "compat_xtables.h"
|
#include "compat_xtables.h"
|
||||||
|
|
||||||
static unsigned int echo_tg4(struct sk_buff **poldskb,
|
static unsigned int
|
||||||
const struct net_device *in, const struct net_device *out,
|
echo_tg4(struct sk_buff **poldskb, const struct xt_target_param *par)
|
||||||
unsigned int hooknum, const struct xt_target *target, const void *targinfo)
|
|
||||||
{
|
{
|
||||||
const struct sk_buff *oldskb = *poldskb;
|
const struct sk_buff *oldskb = *poldskb;
|
||||||
const struct udphdr *oldudp;
|
const struct udphdr *oldudp;
|
||||||
|
|||||||
@@ -25,11 +25,9 @@ MODULE_ALIAS("ipt_IPMARK");
|
|||||||
MODULE_ALIAS("ip6t_IPMARK");
|
MODULE_ALIAS("ip6t_IPMARK");
|
||||||
|
|
||||||
static unsigned int
|
static unsigned int
|
||||||
ipmark_tg4(struct sk_buff **pskb, const struct net_device *in,
|
ipmark_tg4(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||||
const struct net_device *out, unsigned int hooknum,
|
|
||||||
const struct xt_target *target, const void *targinfo)
|
|
||||||
{
|
{
|
||||||
const struct xt_ipmark_tginfo *ipmarkinfo = targinfo;
|
const struct xt_ipmark_tginfo *ipmarkinfo = par->targinfo;
|
||||||
const struct sk_buff *skb = *pskb;
|
const struct sk_buff *skb = *pskb;
|
||||||
const struct iphdr *iph = ip_hdr(skb);
|
const struct iphdr *iph = ip_hdr(skb);
|
||||||
__u32 mark;
|
__u32 mark;
|
||||||
@@ -63,11 +61,9 @@ static __u32 ipmark_from_ip6(const struct in6_addr *a, unsigned int s)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int
|
static unsigned int
|
||||||
ipmark_tg6(struct sk_buff **pskb, const struct net_device *in,
|
ipmark_tg6(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||||
const struct net_device *out, unsigned int hooknum,
|
|
||||||
const struct xt_target *target, const void *targinfo)
|
|
||||||
{
|
{
|
||||||
const struct xt_ipmark_tginfo *info = targinfo;
|
const struct xt_ipmark_tginfo *info = par->targinfo;
|
||||||
const struct sk_buff *skb = *pskb;
|
const struct sk_buff *skb = *pskb;
|
||||||
const struct ipv6hdr *iph = ipv6_hdr(skb);
|
const struct ipv6hdr *iph = ipv6_hdr(skb);
|
||||||
__u32 mark;
|
__u32 mark;
|
||||||
|
|||||||
@@ -30,19 +30,17 @@ static const char *const dir_names[] = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
static unsigned int
|
static unsigned int
|
||||||
logmark_tg(struct sk_buff **pskb, const struct net_device *in,
|
logmark_tg(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||||
const struct net_device *out, unsigned int hooknum,
|
|
||||||
const struct xt_target *target, const void *targinfo)
|
|
||||||
{
|
{
|
||||||
const struct sk_buff *skb = *pskb;
|
const struct sk_buff *skb = *pskb;
|
||||||
const struct xt_logmark_tginfo *info = targinfo;
|
const struct xt_logmark_tginfo *info = par->targinfo;
|
||||||
const struct nf_conn *ct;
|
const struct nf_conn *ct;
|
||||||
enum ip_conntrack_info ctinfo;
|
enum ip_conntrack_info ctinfo;
|
||||||
bool prev = false;
|
bool prev = false;
|
||||||
|
|
||||||
printk("<%u>%.*s""hook=%s nfmark=0x%x secmark=0x%x classify=0x%x",
|
printk("<%u>%.*s""hook=%s nfmark=0x%x secmark=0x%x classify=0x%x",
|
||||||
info->level, (unsigned int)sizeof(info->prefix), info->prefix,
|
info->level, (unsigned int)sizeof(info->prefix), info->prefix,
|
||||||
hook_names[hooknum],
|
hook_names[par->hooknum],
|
||||||
skb_nfmark(skb), skb_secmark(skb), skb->priority);
|
skb_nfmark(skb), skb_secmark(skb), skb->priority);
|
||||||
|
|
||||||
ct = nf_ct_get(skb, &ctinfo);
|
ct = nf_ct_get(skb, &ctinfo);
|
||||||
@@ -83,11 +81,9 @@ logmark_tg(struct sk_buff **pskb, const struct net_device *in,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static bool
|
||||||
logmark_tg_check(const char *tablename, const void *e,
|
logmark_tg_check(const struct xt_tgchk_param *par)
|
||||||
const struct xt_target *target, void *targinfo,
|
|
||||||
unsigned int hook_mask)
|
|
||||||
{
|
{
|
||||||
const struct xt_logmark_tginfo *info = targinfo;
|
const struct xt_logmark_tginfo *info = par->targinfo;
|
||||||
|
|
||||||
if (info->level >= 8) {
|
if (info->level >= 8) {
|
||||||
pr_debug("LOGMARK: level %u >= 8\n", info->level);
|
pr_debug("LOGMARK: level %u >= 8\n", info->level);
|
||||||
|
|||||||
@@ -58,9 +58,8 @@ static unsigned int sysrq_tg(const void *pdata, uint16_t len)
|
|||||||
return NF_ACCEPT;
|
return NF_ACCEPT;
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int sysrq_tg4(struct sk_buff **pskb,
|
static unsigned int
|
||||||
const struct net_device *in, const struct net_device *out,
|
sysrq_tg4(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||||
unsigned int hooknum, const struct xt_target *target, const void *targinfo)
|
|
||||||
{
|
{
|
||||||
struct sk_buff *skb = *pskb;
|
struct sk_buff *skb = *pskb;
|
||||||
const struct iphdr *iph;
|
const struct iphdr *iph;
|
||||||
@@ -80,9 +79,8 @@ static unsigned int sysrq_tg4(struct sk_buff **pskb,
|
|||||||
return sysrq_tg((void *)udph + sizeof(struct udphdr), len);
|
return sysrq_tg((void *)udph + sizeof(struct udphdr), len);
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int sysrq_tg6(struct sk_buff **pskb,
|
static unsigned int
|
||||||
const struct net_device *in, const struct net_device *out,
|
sysrq_tg6(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||||
unsigned int hooknum, const struct xt_target *target, const void *targinfo)
|
|
||||||
{
|
{
|
||||||
struct sk_buff *skb = *pskb;
|
struct sk_buff *skb = *pskb;
|
||||||
const struct ipv6hdr *iph;
|
const struct ipv6hdr *iph;
|
||||||
@@ -102,18 +100,17 @@ static unsigned int sysrq_tg6(struct sk_buff **pskb,
|
|||||||
return sysrq_tg(udph + sizeof(struct udphdr), len);
|
return sysrq_tg(udph + sizeof(struct udphdr), len);
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool sysrq_tg_check(const char *table, const void *ventry,
|
static bool sysrq_tg_check(const struct xt_tgchk_param *par)
|
||||||
const struct xt_target *target, void *targinfo, unsigned int hook_mask)
|
|
||||||
{
|
{
|
||||||
if (target->family == NFPROTO_IPV4) {
|
if (par->target->family == NFPROTO_IPV4) {
|
||||||
const struct ipt_entry *entry = ventry;
|
const struct ipt_entry *entry = par->entryinfo;
|
||||||
|
|
||||||
if ((entry->ip.proto != IPPROTO_UDP &&
|
if ((entry->ip.proto != IPPROTO_UDP &&
|
||||||
entry->ip.proto != IPPROTO_UDPLITE) ||
|
entry->ip.proto != IPPROTO_UDPLITE) ||
|
||||||
entry->ip.invflags & XT_INV_PROTO)
|
entry->ip.invflags & XT_INV_PROTO)
|
||||||
goto out;
|
goto out;
|
||||||
} else if (target->family == NFPROTO_IPV6) {
|
} else if (par->target->family == NFPROTO_IPV6) {
|
||||||
const struct ip6t_entry *entry = ventry;
|
const struct ip6t_entry *entry = par->entryinfo;
|
||||||
|
|
||||||
if ((entry->ipv6.proto != IPPROTO_UDP &&
|
if ((entry->ipv6.proto != IPPROTO_UDP &&
|
||||||
entry->ipv6.proto != IPPROTO_UDPLITE) ||
|
entry->ipv6.proto != IPPROTO_UDPLITE) ||
|
||||||
|
|||||||
@@ -188,9 +188,7 @@ static void tarpit_tcp(struct sk_buff *oldskb, unsigned int hook)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int
|
static unsigned int
|
||||||
tarpit_tg(struct sk_buff **pskb, const struct net_device *in,
|
tarpit_tg(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||||
const struct net_device *out, unsigned int hooknum,
|
|
||||||
const struct xt_target *target, const void *targinfo)
|
|
||||||
{
|
{
|
||||||
const struct sk_buff *skb = *pskb;
|
const struct sk_buff *skb = *pskb;
|
||||||
const struct iphdr *iph = ip_hdr(skb);
|
const struct iphdr *iph = ip_hdr(skb);
|
||||||
@@ -220,7 +218,7 @@ tarpit_tg(struct sk_buff **pskb, const struct net_device *in,
|
|||||||
if (iph->frag_off & htons(IP_OFFSET))
|
if (iph->frag_off & htons(IP_OFFSET))
|
||||||
return NF_DROP;
|
return NF_DROP;
|
||||||
|
|
||||||
tarpit_tcp(*pskb, hooknum);
|
tarpit_tcp(*pskb, par->hooknum);
|
||||||
return NF_DROP;
|
return NF_DROP;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -142,11 +142,9 @@ static void tee_ip_direct_send(struct sk_buff *skb)
|
|||||||
* packets when we see they already have that ->nfct.
|
* packets when we see they already have that ->nfct.
|
||||||
*/
|
*/
|
||||||
static unsigned int
|
static unsigned int
|
||||||
tee_tg(struct sk_buff **pskb, const struct net_device *in,
|
tee_tg(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||||
const struct net_device *out, unsigned int hooknum,
|
|
||||||
const struct xt_target *target, const void *targinfo)
|
|
||||||
{
|
{
|
||||||
const struct xt_tee_tginfo *info = targinfo;
|
const struct xt_tee_tginfo *info = par->targinfo;
|
||||||
struct sk_buff *skb = *pskb;
|
struct sk_buff *skb = *pskb;
|
||||||
|
|
||||||
#ifdef WITH_CONNTRACK
|
#ifdef WITH_CONNTRACK
|
||||||
@@ -169,7 +167,7 @@ tee_tg(struct sk_buff **pskb, const struct net_device *in,
|
|||||||
* If we are in INPUT, the checksum must be recalculated since
|
* If we are in INPUT, the checksum must be recalculated since
|
||||||
* the length could have changed as a result of defragmentation.
|
* the length could have changed as a result of defragmentation.
|
||||||
*/
|
*/
|
||||||
if (hooknum == NF_INET_LOCAL_IN) {
|
if (par->hooknum == NF_INET_LOCAL_IN) {
|
||||||
struct iphdr *iph = ip_hdr(skb);
|
struct iphdr *iph = ip_hdr(skb);
|
||||||
iph->check = 0;
|
iph->check = 0;
|
||||||
iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
|
iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
|
||||||
@@ -208,11 +206,9 @@ tee_tg(struct sk_buff **pskb, const struct net_device *in,
|
|||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool tee_tg_check(const char *tablename, const void *entry,
|
static bool tee_tg_check(const struct xt_tgchk_param *par)
|
||||||
const struct xt_target *target, void *targinfo,
|
|
||||||
unsigned int hook_mask)
|
|
||||||
{
|
{
|
||||||
const struct xt_tee_tginfo *info = targinfo;
|
const struct xt_tee_tginfo *info = par->targinfo;
|
||||||
|
|
||||||
/* 0.0.0.0 and :: not allowed */
|
/* 0.0.0.0 and :: not allowed */
|
||||||
return memcmp(&info->gw, &zero_address, sizeof(zero_address)) != 0;
|
return memcmp(&info->gw, &zero_address, sizeof(zero_address)) != 0;
|
||||||
|
|||||||
@@ -97,12 +97,9 @@ static int condition_proc_write(struct file *file, const char __user *buffer,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static bool
|
||||||
condition_mt(const struct sk_buff *skb, const struct net_device *in,
|
condition_mt(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||||
const struct net_device *out, const struct xt_match *match,
|
|
||||||
const void *matchinfo, int offset, unsigned int protoff,
|
|
||||||
bool *hotdrop)
|
|
||||||
{
|
{
|
||||||
const struct xt_condition_mtinfo *info = matchinfo;
|
const struct xt_condition_mtinfo *info = par->matchinfo;
|
||||||
const struct condition_variable *var = info->condvar;
|
const struct condition_variable *var = info->condvar;
|
||||||
bool x;
|
bool x;
|
||||||
|
|
||||||
@@ -113,12 +110,9 @@ condition_mt(const struct sk_buff *skb, const struct net_device *in,
|
|||||||
return x ^ info->invert;
|
return x ^ info->invert;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static bool condition_mt_check(const struct xt_mtchk_param *par)
|
||||||
condition_mt_check(const char *tablename, const void *entry,
|
|
||||||
const struct xt_match *match, void *matchinfo,
|
|
||||||
unsigned int hook_mask)
|
|
||||||
{
|
{
|
||||||
struct xt_condition_mtinfo *info = matchinfo;
|
struct xt_condition_mtinfo *info = par->matchinfo;
|
||||||
struct condition_variable *var;
|
struct condition_variable *var;
|
||||||
|
|
||||||
/* Forbid certain names */
|
/* Forbid certain names */
|
||||||
@@ -184,9 +178,9 @@ condition_mt_check(const char *tablename, const void *entry,
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void condition_mt_destroy(const struct xt_match *match, void *matchinfo)
|
static void condition_mt_destroy(const struct xt_mtdtor_param *par)
|
||||||
{
|
{
|
||||||
const struct xt_condition_mtinfo *info = matchinfo;
|
const struct xt_condition_mtinfo *info = par->matchinfo;
|
||||||
struct condition_variable *var = info->condvar;
|
struct condition_variable *var = info->condvar;
|
||||||
|
|
||||||
down(&proc_lock);
|
down(&proc_lock);
|
||||||
|
|||||||
@@ -60,12 +60,9 @@ static uint8_t mf_low(uint32_t tx, uint32_t mini, uint32_t maxi)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static bool
|
||||||
fuzzy_mt(const struct sk_buff *skb, const struct net_device *in,
|
fuzzy_mt(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||||
const struct net_device *out, const struct xt_match *match,
|
|
||||||
const void *matchinfo, int offset, unsigned int protoff,
|
|
||||||
bool *hotdrop)
|
|
||||||
{
|
{
|
||||||
struct xt_fuzzy_mtinfo *info = (void *)matchinfo;
|
struct xt_fuzzy_mtinfo *info = (void *)par->matchinfo;
|
||||||
unsigned long amount;
|
unsigned long amount;
|
||||||
uint8_t howhigh, howlow, random_number;
|
uint8_t howhigh, howlow, random_number;
|
||||||
|
|
||||||
@@ -128,11 +125,9 @@ fuzzy_mt(const struct sk_buff *skb, const struct net_device *in,
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static bool fuzzy_mt_check(const struct xt_mtchk_param *par)
|
||||||
fuzzy_mt_check(const char *table, const void *ip, const struct xt_match *match,
|
|
||||||
void *matchinfo, unsigned int hook_mask)
|
|
||||||
{
|
{
|
||||||
const struct xt_fuzzy_mtinfo *info = matchinfo;
|
const struct xt_fuzzy_mtinfo *info = par->matchinfo;
|
||||||
|
|
||||||
if (info->minimum_rate < FUZZY_MIN_RATE ||
|
if (info->minimum_rate < FUZZY_MIN_RATE ||
|
||||||
info->maximum_rate > FUZZY_MAX_RATE ||
|
info->maximum_rate > FUZZY_MAX_RATE ||
|
||||||
|
|||||||
@@ -135,11 +135,10 @@ static bool geoip_bsearch(const struct geoip_subnet *range,
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool xt_geoip_mt(const struct sk_buff *skb, const struct net_device *in,
|
static bool
|
||||||
const struct net_device *out, const struct xt_match *match,
|
xt_geoip_mt(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||||
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
|
||||||
{
|
{
|
||||||
const struct xt_geoip_match_info *info = matchinfo;
|
const struct xt_geoip_match_info *info = par->matchinfo;
|
||||||
const struct geoip_country_kernel *node;
|
const struct geoip_country_kernel *node;
|
||||||
const struct iphdr *iph = ip_hdr(skb);
|
const struct iphdr *iph = ip_hdr(skb);
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
@@ -169,10 +168,9 @@ static bool xt_geoip_mt(const struct sk_buff *skb, const struct net_device *in,
|
|||||||
return info->flags & XT_GEOIP_INV;
|
return info->flags & XT_GEOIP_INV;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool xt_geoip_mt_checkentry(const char *table, const void *entry,
|
static bool xt_geoip_mt_checkentry(const struct xt_mtchk_param *par)
|
||||||
const struct xt_match *match, void *matchinfo, unsigned int hook_mask)
|
|
||||||
{
|
{
|
||||||
struct xt_geoip_match_info *info = matchinfo;
|
struct xt_geoip_match_info *info = par->matchinfo;
|
||||||
struct geoip_country_kernel *node;
|
struct geoip_country_kernel *node;
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
|
||||||
@@ -197,9 +195,9 @@ static bool xt_geoip_mt_checkentry(const char *table, const void *entry,
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void xt_geoip_mt_destroy(const struct xt_match *match, void *matchinfo)
|
static void xt_geoip_mt_destroy(const struct xt_mtdtor_param *par)
|
||||||
{
|
{
|
||||||
struct xt_geoip_match_info *info = matchinfo;
|
struct xt_geoip_match_info *info = par->matchinfo;
|
||||||
struct geoip_country_kernel *node;
|
struct geoip_country_kernel *node;
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
|
||||||
|
|||||||
@@ -785,11 +785,9 @@ static const struct {
|
|||||||
};
|
};
|
||||||
|
|
||||||
static bool
|
static bool
|
||||||
ipp2p_mt(const struct sk_buff *skb, const struct net_device *in,
|
ipp2p_mt(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||||
const struct net_device *out, const struct xt_match *match,
|
|
||||||
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
|
||||||
{
|
{
|
||||||
const struct ipt_p2p_info *info = matchinfo;
|
const struct ipt_p2p_info *info = par->matchinfo;
|
||||||
const unsigned char *haystack;
|
const unsigned char *haystack;
|
||||||
const struct iphdr *ip = ip_hdr(skb);
|
const struct iphdr *ip = ip_hdr(skb);
|
||||||
bool p2p_result = false;
|
bool p2p_result = false;
|
||||||
@@ -797,9 +795,9 @@ ipp2p_mt(const struct sk_buff *skb, const struct net_device *in,
|
|||||||
unsigned int hlen = ntohs(ip->tot_len) - ip_hdrlen(skb); /* hlen = packet-data length */
|
unsigned int hlen = ntohs(ip->tot_len) - ip_hdrlen(skb); /* hlen = packet-data length */
|
||||||
|
|
||||||
/* must not be a fragment */
|
/* must not be a fragment */
|
||||||
if (offset != 0) {
|
if (par->fragoff != 0) {
|
||||||
if (info->debug)
|
if (info->debug)
|
||||||
printk("IPP2P.match: offset found %i \n", offset);
|
printk("IPP2P.match: offset found %d\n", par->fragoff);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -171,18 +171,16 @@ static inline unsigned int portscan_mt_full(int mark,
|
|||||||
return mark;
|
return mark;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool portscan_mt(const struct sk_buff *skb,
|
static bool
|
||||||
const struct net_device *in, const struct net_device *out,
|
portscan_mt(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||||
const struct xt_match *match, const void *matchinfo, int offset,
|
|
||||||
unsigned int protoff, bool *hotdrop)
|
|
||||||
{
|
{
|
||||||
const struct xt_portscan_mtinfo *info = matchinfo;
|
const struct xt_portscan_mtinfo *info = par->matchinfo;
|
||||||
enum ip_conntrack_info ctstate;
|
enum ip_conntrack_info ctstate;
|
||||||
const struct tcphdr *tcph;
|
const struct tcphdr *tcph;
|
||||||
struct nf_conn *ctdata;
|
struct nf_conn *ctdata;
|
||||||
struct tcphdr tcph_buf;
|
struct tcphdr tcph_buf;
|
||||||
|
|
||||||
tcph = skb_header_pointer(skb, protoff, sizeof(tcph_buf), &tcph_buf);
|
tcph = skb_header_pointer(skb, par->thoff, sizeof(tcph_buf), &tcph_buf);
|
||||||
if (tcph == NULL)
|
if (tcph == NULL)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
@@ -207,8 +205,8 @@ static bool portscan_mt(const struct sk_buff *skb,
|
|||||||
unsigned int n;
|
unsigned int n;
|
||||||
|
|
||||||
n = portscan_mt_full(ctdata->mark & connmark_mask, ctstate,
|
n = portscan_mt_full(ctdata->mark & connmark_mask, ctstate,
|
||||||
in == init_net__loopback_dev, tcph,
|
par->in == init_net__loopback_dev, tcph,
|
||||||
skb->len - protoff - 4 * tcph->doff);
|
skb->len - par->thoff - 4 * tcph->doff);
|
||||||
|
|
||||||
ctdata->mark = (ctdata->mark & ~connmark_mask) | n;
|
ctdata->mark = (ctdata->mark & ~connmark_mask) | n;
|
||||||
skb_nfmark(skb) = (skb_nfmark(skb) & ~packet_mask) ^ mark_seen;
|
skb_nfmark(skb) = (skb_nfmark(skb) & ~packet_mask) ^ mark_seen;
|
||||||
@@ -219,10 +217,9 @@ static bool portscan_mt(const struct sk_buff *skb,
|
|||||||
(info->match_gr && ctdata->mark == mark_grscan);
|
(info->match_gr && ctdata->mark == mark_grscan);
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool portscan_mt_check(const char *tablename, const void *entry,
|
static bool portscan_mt_check(const struct xt_mtchk_param *par)
|
||||||
const struct xt_match *match, void *matchinfo, unsigned int hook_mask)
|
|
||||||
{
|
{
|
||||||
const struct xt_portscan_mtinfo *info = matchinfo;
|
const struct xt_portscan_mtinfo *info = par->matchinfo;
|
||||||
|
|
||||||
if ((info->match_stealth & ~1) || (info->match_syn & ~1) ||
|
if ((info->match_stealth & ~1) || (info->match_syn & ~1) ||
|
||||||
(info->match_cn & ~1) || (info->match_gr & ~1)) {
|
(info->match_cn & ~1) || (info->match_gr & ~1)) {
|
||||||
|
|||||||
@@ -120,12 +120,9 @@ static struct quota_counter *q2_get_counter(const struct xt_quota_mtinfo2 *q)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static bool quota_mt2_check(const struct xt_mtchk_param *par)
|
||||||
quota_mt2_check(const char *tablename, const void *entry,
|
|
||||||
const struct xt_match *match, void *matchinfo,
|
|
||||||
unsigned int hook_mask)
|
|
||||||
{
|
{
|
||||||
struct xt_quota_mtinfo2 *q = matchinfo;
|
struct xt_quota_mtinfo2 *q = par->matchinfo;
|
||||||
|
|
||||||
if (q->flags & ~XT_QUOTA_MASK)
|
if (q->flags & ~XT_QUOTA_MASK)
|
||||||
return false;
|
return false;
|
||||||
@@ -146,9 +143,9 @@ quota_mt2_check(const char *tablename, const void *entry,
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void quota_mt2_destroy(const struct xt_match *match, void *matchinfo)
|
static void quota_mt2_destroy(const struct xt_mtdtor_param *par)
|
||||||
{
|
{
|
||||||
struct xt_quota_mtinfo2 *q = matchinfo;
|
struct xt_quota_mtinfo2 *q = par->matchinfo;
|
||||||
struct quota_counter *e = q->master;
|
struct quota_counter *e = q->master;
|
||||||
|
|
||||||
spin_lock_bh(&counter_list_lock);
|
spin_lock_bh(&counter_list_lock);
|
||||||
@@ -164,12 +161,9 @@ static void quota_mt2_destroy(const struct xt_match *match, void *matchinfo)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static bool
|
||||||
quota_mt2(const struct sk_buff *skb, const struct net_device *in,
|
quota_mt2(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||||
const struct net_device *out, const struct xt_match *match,
|
|
||||||
const void *matchinfo, int offset, unsigned int protoff,
|
|
||||||
bool *hotdrop)
|
|
||||||
{
|
{
|
||||||
struct xt_quota_mtinfo2 *q = (void *)matchinfo;
|
struct xt_quota_mtinfo2 *q = (void *)par->matchinfo;
|
||||||
struct quota_counter *e = q->master;
|
struct quota_counter *e = q->master;
|
||||||
bool ret = q->flags & XT_QUOTA_INVERT;
|
bool ret = q->flags & XT_QUOTA_INVERT;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user