mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2025-09-06 04:35:12 +02:00
Update for Linux 2.6.28
This commit is contained in:
Jan Engelhardt
@@ -30,14 +30,30 @@ static int xtnu_match_run(const struct sk_buff *skb,
|
||||
const struct net_device *in, const struct net_device *out,
|
||||
const struct xt_match *cm, const void *matchinfo, int offset,
|
||||
unsigned int protoff, int *hotdrop)
|
||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
static bool xtnu_match_run(const struct sk_buff *skb,
|
||||
const struct net_device *in, const struct net_device *out,
|
||||
const struct xt_match *cm, const void *matchinfo, int offset,
|
||||
unsigned int protoff, bool *hotdrop)
|
||||
#endif
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
{
|
||||
struct xtnu_match *nm = xtcompat_numatch(cm);
|
||||
bool lo_drop = false, lo_ret;
|
||||
struct xt_match_param local_par = {
|
||||
.in = in,
|
||||
.out = out,
|
||||
.match = cm,
|
||||
.matchinfo = matchinfo,
|
||||
.fragoff = offset,
|
||||
.thoff = protoff,
|
||||
.hotdrop = &lo_drop,
|
||||
.family = NFPROTO_UNSPEC, /* don't have that info */
|
||||
};
|
||||
|
||||
if (nm == NULL || nm->match == NULL)
|
||||
return false;
|
||||
lo_ret = nm->match(skb, in, out, nm, matchinfo,
|
||||
offset, protoff, &lo_drop);
|
||||
lo_ret = nm->match(skb, &local_par);
|
||||
*hotdrop = lo_drop;
|
||||
return lo_ret;
|
||||
}
|
||||
@@ -50,35 +66,51 @@ static int xtnu_match_check(const char *table, const void *entry,
|
||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
||||
static int xtnu_match_check(const char *table, const void *entry,
|
||||
const struct xt_match *cm, void *matchinfo, unsigned int hook_mask)
|
||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
static bool xtnu_match_check(const char *table, const void *entry,
|
||||
const struct xt_match *cm, void *matchinfo, unsigned int hook_mask)
|
||||
#endif
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
{
|
||||
struct xtnu_match *nm = xtcompat_numatch(cm);
|
||||
struct xt_mtchk_param local_par = {
|
||||
.table = table,
|
||||
.entryinfo = entry,
|
||||
.match = cm,
|
||||
.matchinfo = matchinfo,
|
||||
.hook_mask = hook_mask,
|
||||
.family = NFPROTO_UNSPEC,
|
||||
};
|
||||
|
||||
if (nm == NULL)
|
||||
return false;
|
||||
if (nm->checkentry == NULL)
|
||||
return true;
|
||||
return nm->checkentry(table, entry, nm, matchinfo, hook_mask);
|
||||
return nm->checkentry(&local_par);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
|
||||
static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo,
|
||||
unsigned int matchinfosize)
|
||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo)
|
||||
#endif
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
{
|
||||
struct xtnu_match *nm = xtcompat_numatch(cm);
|
||||
struct xt_mtdtor_param local_par = {
|
||||
.match = cm,
|
||||
.matchinfo = matchinfo,
|
||||
.family = NFPROTO_UNSPEC,
|
||||
};
|
||||
|
||||
if (nm != NULL && nm->destroy != NULL)
|
||||
nm->destroy(nm, matchinfo);
|
||||
nm->destroy(&local_par);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
int xtnu_register_match(struct xtnu_match *nt)
|
||||
{
|
||||
struct xt_match *ct;
|
||||
@@ -157,18 +189,36 @@ static unsigned int xtnu_target_run(struct sk_buff **pskb,
|
||||
static unsigned int xtnu_target_run(struct sk_buff **pskb,
|
||||
const struct net_device *in, const struct net_device *out,
|
||||
unsigned int hooknum, const struct xt_target *ct, const void *targinfo)
|
||||
#else
|
||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
static unsigned int xtnu_target_run(struct sk_buff *skb,
|
||||
const struct net_device *in, const struct net_device *out,
|
||||
unsigned int hooknum, const struct xt_target *ct, const void *targinfo)
|
||||
#else
|
||||
static unsigned int
|
||||
xtnu_target_run(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
#endif
|
||||
{
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
struct xtnu_target *nt = xtcompat_nutarget(ct);
|
||||
struct xt_target_param local_par = {
|
||||
.in = in,
|
||||
.out = out,
|
||||
.hooknum = hooknum,
|
||||
.target = ct,
|
||||
.targinfo = targinfo,
|
||||
.family = NFPROTO_UNSPEC,
|
||||
};
|
||||
#else
|
||||
struct xtnu_target *nt = xtcompat_nutarget(par->target);
|
||||
#endif
|
||||
|
||||
if (nt != NULL && nt->target != NULL)
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
|
||||
return nt->target(pskb, in, out, hooknum, nt, targinfo);
|
||||
return nt->target(pskb, &local_par);
|
||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
return nt->target(&skb, &local_par);
|
||||
#else
|
||||
return nt->target(&skb, in, out, hooknum, nt, targinfo);
|
||||
return nt->target(&skb, par);
|
||||
#endif
|
||||
return XT_CONTINUE;
|
||||
}
|
||||
@@ -180,31 +230,50 @@ static int xtnu_target_check(const char *table, const void *entry,
|
||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
||||
static int xtnu_target_check(const char *table, const void *entry,
|
||||
const struct xt_target *ct, void *targinfo, unsigned int hook_mask)
|
||||
#else
|
||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
static bool xtnu_target_check(const char *table, const void *entry,
|
||||
const struct xt_target *ct, void *targinfo, unsigned int hook_mask)
|
||||
#endif
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
{
|
||||
struct xtnu_target *nt = xtcompat_nutarget(ct);
|
||||
struct xt_tgchk_param local_par = {
|
||||
.table = table,
|
||||
.entryinfo = entry,
|
||||
.target = ct,
|
||||
.targinfo = targinfo,
|
||||
.hook_mask = hook_mask,
|
||||
.family = NFPROTO_UNSPEC,
|
||||
};
|
||||
|
||||
if (nt == NULL)
|
||||
return false;
|
||||
if (nt->checkentry == NULL)
|
||||
/* this is valid, just like if there was no function */
|
||||
return true;
|
||||
return nt->checkentry(table, entry, nt, targinfo, hook_mask);
|
||||
return nt->checkentry(&local_par);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
|
||||
static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo,
|
||||
unsigned int targinfosize)
|
||||
#else
|
||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo)
|
||||
#endif
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
{
|
||||
struct xtnu_target *nt = xtcompat_nutarget(ct);
|
||||
struct xt_tgdtor_param local_par = {
|
||||
.target = ct,
|
||||
.targinfo = targinfo,
|
||||
.family = NFPROTO_UNSPEC,
|
||||
};
|
||||
|
||||
if (nt != NULL && nt->destroy != NULL)
|
||||
nt->destroy(nt, targinfo);
|
||||
nt->destroy(&local_par);
|
||||
}
|
||||
#endif
|
||||
|
||||
int xtnu_register_target(struct xtnu_target *nt)
|
||||
{
|
||||
@@ -228,8 +297,13 @@ int xtnu_register_target(struct xtnu_target *nt)
|
||||
ct->hooks = nt->hooks;
|
||||
ct->proto = nt->proto;
|
||||
ct->target = xtnu_target_run;
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
ct->checkentry = xtnu_target_check;
|
||||
ct->destroy = xtnu_target_destroy;
|
||||
#else
|
||||
ct->checkentry = nt->checkentry;
|
||||
ct->destroy = nt->destroy;
|
||||
#endif
|
||||
ct->targetsize = nt->targetsize;
|
||||
ct->me = nt->me;
|
||||
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
# define init_net__proc_net init_net.proc_net
|
||||
#endif
|
||||
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
# define xt_match xtnu_match
|
||||
# define xt_register_match xtnu_register_match
|
||||
# define xt_unregister_match xtnu_unregister_match
|
||||
|
||||
@@ -27,17 +27,62 @@ enum {
|
||||
NFPROTO_DECNET = 12,
|
||||
NFPROTO_NUMPROTO,
|
||||
};
|
||||
|
||||
struct xt_match_param {
|
||||
const struct net_device *in, *out;
|
||||
const struct xt_match *match;
|
||||
const void *matchinfo;
|
||||
int fragoff;
|
||||
unsigned int thoff;
|
||||
bool *hotdrop;
|
||||
u_int8_t family;
|
||||
};
|
||||
|
||||
struct xt_mtchk_param {
|
||||
const char *table;
|
||||
const void *entryinfo;
|
||||
const struct xt_match *match;
|
||||
void *matchinfo;
|
||||
unsigned int hook_mask;
|
||||
u_int8_t family;
|
||||
};
|
||||
|
||||
struct xt_mtdtor_param {
|
||||
const struct xt_match *match;
|
||||
void *matchinfo;
|
||||
u_int8_t family;
|
||||
};
|
||||
|
||||
struct xt_target_param {
|
||||
const struct net_device *in, *out;
|
||||
unsigned int hooknum;
|
||||
const struct xt_target *target;
|
||||
const void *targinfo;
|
||||
u_int8_t family;
|
||||
};
|
||||
|
||||
struct xt_tgchk_param {
|
||||
const char *table;
|
||||
const void *entryinfo;
|
||||
const struct xt_target *target;
|
||||
void *targinfo;
|
||||
unsigned int hook_mask;
|
||||
u_int8_t family;
|
||||
};
|
||||
|
||||
struct xt_tgdtor_param {
|
||||
const struct xt_target *target;
|
||||
void *targinfo;
|
||||
u_int8_t family;
|
||||
};
|
||||
#endif
|
||||
|
||||
struct xtnu_match {
|
||||
struct list_head list;
|
||||
char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)];
|
||||
bool (*match)(const struct sk_buff *, const struct net_device *,
|
||||
const struct net_device *, const struct xtnu_match *,
|
||||
const void *, int, unsigned int, bool *);
|
||||
bool (*checkentry)(const char *, const void *,
|
||||
const struct xtnu_match *, void *, unsigned int);
|
||||
void (*destroy)(const struct xtnu_match *, void *);
|
||||
bool (*match)(const struct sk_buff *, const struct xt_match_param *);
|
||||
bool (*checkentry)(const struct xt_mtchk_param *);
|
||||
void (*destroy)(const struct xt_mtdtor_param *);
|
||||
struct module *me;
|
||||
const char *table;
|
||||
unsigned int matchsize, hooks;
|
||||
@@ -50,12 +95,10 @@ struct xtnu_match {
|
||||
struct xtnu_target {
|
||||
struct list_head list;
|
||||
char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)];
|
||||
unsigned int (*target)(struct sk_buff **, const struct net_device *,
|
||||
const struct net_device *, unsigned int,
|
||||
const struct xtnu_target *, const void *);
|
||||
bool (*checkentry)(const char *, const void *,
|
||||
const struct xtnu_target *, void *, unsigned int);
|
||||
void (*destroy)(const struct xtnu_target *, void *);
|
||||
unsigned int (*target)(struct sk_buff **,
|
||||
const struct xt_target_param *);
|
||||
bool (*checkentry)(const struct xt_tgchk_param *);
|
||||
void (*destroy)(const struct xt_tgdtor_param *);
|
||||
struct module *me;
|
||||
const char *table;
|
||||
unsigned int targetsize, hooks;
|
||||
|
||||
@@ -26,103 +26,29 @@
|
||||
#include <linux/netfilter/x_tables.h>
|
||||
#endif
|
||||
#include "ipt_set.h"
|
||||
#include "../compat_xtables.h"
|
||||
|
||||
static unsigned int
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
|
||||
target(struct sk_buff **pskb,
|
||||
unsigned int hooknum,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
const void *targinfo,
|
||||
void *userinfo)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||
target(struct sk_buff **pskb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
unsigned int hooknum,
|
||||
const void *targinfo,
|
||||
void *userinfo)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
|
||||
target(struct sk_buff **pskb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
unsigned int hooknum,
|
||||
const struct xt_target *target,
|
||||
const void *targinfo,
|
||||
void *userinfo)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
|
||||
target(struct sk_buff **pskb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
unsigned int hooknum,
|
||||
const struct xt_target *target,
|
||||
const void *targinfo)
|
||||
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) */
|
||||
target(struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
unsigned int hooknum,
|
||||
const struct xt_target *target,
|
||||
const void *targinfo)
|
||||
#endif
|
||||
target(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct ipt_set_info_target *info = targinfo;
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
|
||||
struct sk_buff *skb = *pskb;
|
||||
#endif
|
||||
const struct ipt_set_info_target *info = par->targinfo;
|
||||
|
||||
|
||||
if (info->add_set.index != IP_SET_INVALID_ID)
|
||||
ip_set_addip_kernel(info->add_set.index,
|
||||
skb,
|
||||
*pskb,
|
||||
info->add_set.flags);
|
||||
if (info->del_set.index != IP_SET_INVALID_ID)
|
||||
ip_set_delip_kernel(info->del_set.index,
|
||||
skb,
|
||||
*pskb,
|
||||
info->del_set.flags);
|
||||
|
||||
return XT_CONTINUE;
|
||||
}
|
||||
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
|
||||
static int
|
||||
checkentry(const char *tablename,
|
||||
const struct ipt_entry *e,
|
||||
void *targinfo,
|
||||
unsigned int targinfosize,
|
||||
unsigned int hook_mask)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||
static int
|
||||
checkentry(const char *tablename,
|
||||
const void *e,
|
||||
void *targinfo,
|
||||
unsigned int targinfosize,
|
||||
unsigned int hook_mask)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
|
||||
static int
|
||||
checkentry(const char *tablename,
|
||||
const void *e,
|
||||
const struct xt_target *target,
|
||||
void *targinfo,
|
||||
unsigned int targinfosize,
|
||||
unsigned int hook_mask)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
|
||||
static int
|
||||
checkentry(const char *tablename,
|
||||
const void *e,
|
||||
const struct xt_target *target,
|
||||
void *targinfo,
|
||||
unsigned int hook_mask)
|
||||
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
|
||||
static bool
|
||||
checkentry(const char *tablename,
|
||||
const void *e,
|
||||
const struct xt_target *target,
|
||||
void *targinfo,
|
||||
unsigned int hook_mask)
|
||||
#endif
|
||||
checkentry(const struct xt_tgchk_param *par)
|
||||
{
|
||||
struct ipt_set_info_target *info = targinfo;
|
||||
struct ipt_set_info_target *info = par->targinfo;
|
||||
ip_set_id_t index;
|
||||
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||
@@ -158,19 +84,9 @@ checkentry(const char *tablename,
|
||||
return 1;
|
||||
}
|
||||
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||
static void destroy(void *targetinfo,
|
||||
unsigned int targetsize)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
|
||||
static void destroy(const struct xt_target *target,
|
||||
void *targetinfo,
|
||||
unsigned int targetsize)
|
||||
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) */
|
||||
static void destroy(const struct xt_target *target,
|
||||
void *targetinfo)
|
||||
#endif
|
||||
static void destroy(const struct xt_tgdtor_param *par)
|
||||
{
|
||||
struct ipt_set_info_target *info = targetinfo;
|
||||
struct ipt_set_info_target *info = par->targinfo;
|
||||
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||
if (targetsize != IPT_ALIGN(sizeof(struct ipt_set_info_target))) {
|
||||
|
||||
@@ -25,6 +25,7 @@
|
||||
#endif
|
||||
#include "ip_set.h"
|
||||
#include "ipt_set.h"
|
||||
#include "../compat_xtables.h"
|
||||
|
||||
static inline int
|
||||
match_set(const struct ipt_set_info *info,
|
||||
@@ -36,101 +37,20 @@ match_set(const struct ipt_set_info *info,
|
||||
return inv;
|
||||
}
|
||||
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
|
||||
static int
|
||||
match(const struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
const void *matchinfo,
|
||||
int offset,
|
||||
const void *hdr,
|
||||
u_int16_t datalen,
|
||||
int *hotdrop)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
|
||||
static int
|
||||
match(const struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
const void *matchinfo,
|
||||
int offset,
|
||||
int *hotdrop)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||
static int
|
||||
match(const struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
const void *matchinfo,
|
||||
int offset,
|
||||
unsigned int protoff,
|
||||
int *hotdrop)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
|
||||
static int
|
||||
match(const struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
const struct xt_match *match,
|
||||
const void *matchinfo,
|
||||
int offset,
|
||||
unsigned int protoff,
|
||||
int *hotdrop)
|
||||
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
|
||||
static bool
|
||||
match(const struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
const struct xt_match *match,
|
||||
const void *matchinfo,
|
||||
int offset,
|
||||
unsigned int protoff,
|
||||
bool *hotdrop)
|
||||
#endif
|
||||
match(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||
{
|
||||
const struct ipt_set_info_match *info = matchinfo;
|
||||
const struct ipt_set_info_match *info = par->matchinfo;
|
||||
|
||||
return match_set(&info->match_set,
|
||||
skb,
|
||||
info->match_set.flags[0] & IPSET_MATCH_INV);
|
||||
}
|
||||
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
|
||||
static int
|
||||
checkentry(const char *tablename,
|
||||
const struct ipt_ip *ip,
|
||||
void *matchinfo,
|
||||
unsigned int matchsize,
|
||||
unsigned int hook_mask)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||
static int
|
||||
checkentry(const char *tablename,
|
||||
const void *inf,
|
||||
void *matchinfo,
|
||||
unsigned int matchsize,
|
||||
unsigned int hook_mask)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
|
||||
static int
|
||||
checkentry(const char *tablename,
|
||||
const void *inf,
|
||||
const struct xt_match *match,
|
||||
void *matchinfo,
|
||||
unsigned int matchsize,
|
||||
unsigned int hook_mask)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
|
||||
static int
|
||||
checkentry(const char *tablename,
|
||||
const void *inf,
|
||||
const struct xt_match *match,
|
||||
void *matchinfo,
|
||||
unsigned int hook_mask)
|
||||
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
|
||||
static bool
|
||||
checkentry(const char *tablename,
|
||||
const void *inf,
|
||||
const struct xt_match *match,
|
||||
void *matchinfo,
|
||||
unsigned int hook_mask)
|
||||
#endif
|
||||
checkentry(const struct xt_mtchk_param *par)
|
||||
{
|
||||
struct ipt_set_info_match *info = matchinfo;
|
||||
struct ipt_set_info_match *info = par->matchinfo;
|
||||
ip_set_id_t index;
|
||||
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||
@@ -155,19 +75,9 @@ checkentry(const char *tablename,
|
||||
return 1;
|
||||
}
|
||||
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||
static void destroy(void *matchinfo,
|
||||
unsigned int matchsize)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
|
||||
static void destroy(const struct xt_match *match,
|
||||
void *matchinfo,
|
||||
unsigned int matchsize)
|
||||
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) */
|
||||
static void destroy(const struct xt_match *match,
|
||||
void *matchinfo)
|
||||
#endif
|
||||
static void destroy(const struct xt_mtdtor_param *par)
|
||||
{
|
||||
struct ipt_set_info_match *info = matchinfo;
|
||||
struct ipt_set_info_match *info = par->matchinfo;
|
||||
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||
if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
|
||||
|
||||
@@ -44,13 +44,13 @@ static const struct xt_tcp tcp_params = {
|
||||
};
|
||||
|
||||
/* CHAOS functions */
|
||||
static void xt_chaos_total(const struct xt_chaos_tginfo *info,
|
||||
struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum)
|
||||
static void
|
||||
xt_chaos_total(struct sk_buff *skb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_chaos_tginfo *info = par->targinfo;
|
||||
const struct iphdr *iph = ip_hdr(skb);
|
||||
const int protoff = 4 * iph->ihl;
|
||||
const int offset = ntohs(iph->frag_off) & IP_OFFSET;
|
||||
const int thoff = 4 * iph->ihl;
|
||||
const int fragoff = ntohs(iph->frag_off) & IP_OFFSET;
|
||||
typeof(xt_tarpit) destiny;
|
||||
bool ret;
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
|
||||
@@ -59,24 +59,44 @@ static void xt_chaos_total(const struct xt_chaos_tginfo *info,
|
||||
bool hotdrop = false;
|
||||
#endif
|
||||
|
||||
ret = xm_tcp->match(skb, in, out, xm_tcp, &tcp_params,
|
||||
offset, protoff, &hotdrop);
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
ret = xm_tcp->match(skb, par->in, par->out, xm_tcp, &tcp_params,
|
||||
fragoff, thoff, &hotdrop);
|
||||
#else
|
||||
{
|
||||
struct xt_match_param local_par = {
|
||||
.in = par->in,
|
||||
.out = par->out,
|
||||
.match = xm_tcp,
|
||||
.matchinfo = &tcp_params,
|
||||
.fragoff = fragoff,
|
||||
.thoff = thoff,
|
||||
.hotdrop = &hotdrop,
|
||||
};
|
||||
ret = xm_tcp->match(skb, &local_par);
|
||||
}
|
||||
#endif
|
||||
if (!ret || hotdrop || (unsigned int)net_random() > delude_percentage)
|
||||
return;
|
||||
|
||||
destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude;
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
|
||||
destiny->target(&skb, in, out, hooknum, destiny, NULL, NULL);
|
||||
destiny->target(&skb, par->in, par->out, par->hooknum, destiny, NULL, NULL);
|
||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
|
||||
destiny->target(&skb, in, out, hooknum, destiny, NULL);
|
||||
destiny->target(&skb, par->in, par->out, par->hooknum, destiny, NULL);
|
||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
destiny->target(skb, par->in, par->out, par->hooknum, destiny, NULL);
|
||||
#else
|
||||
destiny->target(skb, in, out, hooknum, destiny, NULL);
|
||||
{
|
||||
struct xt_target_param local_par = *par;
|
||||
local_par.target = destiny;
|
||||
destiny->target(skb, &local_par);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
static unsigned int chaos_tg(struct sk_buff **pskb,
|
||||
const struct net_device *in, const struct net_device *out,
|
||||
unsigned int hooknum, const struct xt_target *target, const void *targinfo)
|
||||
static unsigned int
|
||||
chaos_tg(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||
{
|
||||
/*
|
||||
* Equivalent to:
|
||||
@@ -86,34 +106,44 @@ static unsigned int chaos_tg(struct sk_buff **pskb,
|
||||
* $delude_percentage -j DELUDE;
|
||||
* -A chaos -j DROP;
|
||||
*/
|
||||
const struct xt_chaos_tginfo *info = targinfo;
|
||||
const struct xt_chaos_tginfo *info = par->targinfo;
|
||||
struct sk_buff *skb = *pskb;
|
||||
const struct iphdr *iph = ip_hdr(skb);
|
||||
|
||||
if ((unsigned int)net_random() <= reject_percentage)
|
||||
if ((unsigned int)net_random() <= reject_percentage) {
|
||||
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
|
||||
return xt_reject->target(pskb, in, out, hooknum,
|
||||
target->__compat_target, &reject_params, NULL);
|
||||
return xt_reject->target(pskb, par->in, par->out, par->hooknum,
|
||||
xt_reject, &reject_params, NULL);
|
||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
|
||||
return xt_reject->target(pskb, in, out, hooknum,
|
||||
target->__compat_target, &reject_params);
|
||||
return xt_reject->target(pskb, par->in, par->out, par->hooknum,
|
||||
xt_reject, &reject_params);
|
||||
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
|
||||
return xt_reject->target(skb, par->in, par->out, par->hooknum,
|
||||
xt_reject, &reject_params);
|
||||
#else
|
||||
return xt_reject->target(skb, in, out, hooknum,
|
||||
target->__compat_target, &reject_params);
|
||||
struct xt_target_param local_par = {
|
||||
.in = par->in,
|
||||
.out = par->out,
|
||||
.hooknum = par->hooknum,
|
||||
.target = xt_reject,
|
||||
.targinfo = &reject_params,
|
||||
};
|
||||
return xt_reject->target(skb, &local_par);
|
||||
#endif
|
||||
}
|
||||
|
||||
/* TARPIT/DELUDE may not be called from the OUTPUT chain */
|
||||
if (iph->protocol == IPPROTO_TCP &&
|
||||
info->variant != XTCHAOS_NORMAL && hooknum != NF_INET_LOCAL_OUT)
|
||||
xt_chaos_total(info, skb, in, out, hooknum);
|
||||
info->variant != XTCHAOS_NORMAL &&
|
||||
par->hooknum != NF_INET_LOCAL_OUT)
|
||||
xt_chaos_total(skb, par);
|
||||
|
||||
return NF_DROP;
|
||||
}
|
||||
|
||||
static bool chaos_tg_check(const char *tablename, const void *entry,
|
||||
const struct xt_target *target, void *targinfo, unsigned int hook_mask)
|
||||
static bool chaos_tg_check(const struct xt_tgchk_param *par)
|
||||
{
|
||||
const struct xt_chaos_tginfo *info = targinfo;
|
||||
const struct xt_chaos_tginfo *info = par->targinfo;
|
||||
|
||||
if (info->variant == XTCHAOS_DELUDE && !have_delude) {
|
||||
printk(KERN_WARNING PFX "Error: Cannot use --delude when "
|
||||
|
||||
@@ -143,14 +143,13 @@ static void delude_send_reset(struct sk_buff *oldskb, unsigned int hook)
|
||||
kfree_skb(nskb);
|
||||
}
|
||||
|
||||
static unsigned int delude_tg(struct sk_buff **pskb,
|
||||
const struct net_device *in, const struct net_device *out,
|
||||
unsigned int hooknum, const struct xt_target *target, const void *targinfo)
|
||||
static unsigned int
|
||||
delude_tg(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||
{
|
||||
/* WARNING: This code causes reentry within iptables.
|
||||
This means that the iptables jump stack is now crap. We
|
||||
must return an absolute verdict. --RR */
|
||||
delude_send_reset(*pskb, hooknum);
|
||||
delude_send_reset(*pskb, par->hooknum);
|
||||
return NF_DROP;
|
||||
}
|
||||
|
||||
|
||||
@@ -68,15 +68,14 @@ static bool ether_cmp(const unsigned char *lh, const unsigned char *rh,
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool dhcpaddr_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, const struct xt_match *match,
|
||||
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
||||
static bool
|
||||
dhcpaddr_mt(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||
{
|
||||
const struct dhcpaddr_info *info = matchinfo;
|
||||
const struct dhcpaddr_info *info = par->matchinfo;
|
||||
const struct dhcp_message *dh;
|
||||
struct dhcp_message dhcpbuf;
|
||||
|
||||
dh = skb_header_pointer(skb, protoff + sizeof(struct udphdr),
|
||||
dh = skb_header_pointer(skb, par->thoff + sizeof(struct udphdr),
|
||||
sizeof(dhcpbuf), &dhcpbuf);
|
||||
if (dh == NULL)
|
||||
/*
|
||||
@@ -89,11 +88,10 @@ static bool dhcpaddr_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
return ether_cmp((const void *)dh->chaddr, info->addr, info->mask);
|
||||
}
|
||||
|
||||
static unsigned int dhcpaddr_tg(struct sk_buff **pskb,
|
||||
const struct net_device *in, const struct net_device *out,
|
||||
unsigned int hooknum, const struct xt_target *target, const void *targinfo)
|
||||
static unsigned int
|
||||
dhcpaddr_tg(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct dhcpaddr_info *info = targinfo;
|
||||
const struct dhcpaddr_info *info = par->targinfo;
|
||||
struct dhcp_message dhcpbuf, *dh;
|
||||
struct udphdr udpbuf, *udph;
|
||||
struct sk_buff *skb = *pskb;
|
||||
|
||||
@@ -20,9 +20,8 @@
|
||||
#include <net/ip.h>
|
||||
#include "compat_xtables.h"
|
||||
|
||||
static unsigned int echo_tg4(struct sk_buff **poldskb,
|
||||
const struct net_device *in, const struct net_device *out,
|
||||
unsigned int hooknum, const struct xt_target *target, const void *targinfo)
|
||||
static unsigned int
|
||||
echo_tg4(struct sk_buff **poldskb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct sk_buff *oldskb = *poldskb;
|
||||
const struct udphdr *oldudp;
|
||||
|
||||
@@ -25,11 +25,9 @@ MODULE_ALIAS("ipt_IPMARK");
|
||||
MODULE_ALIAS("ip6t_IPMARK");
|
||||
|
||||
static unsigned int
|
||||
ipmark_tg4(struct sk_buff **pskb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
ipmark_tg4(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_ipmark_tginfo *ipmarkinfo = targinfo;
|
||||
const struct xt_ipmark_tginfo *ipmarkinfo = par->targinfo;
|
||||
const struct sk_buff *skb = *pskb;
|
||||
const struct iphdr *iph = ip_hdr(skb);
|
||||
__u32 mark;
|
||||
@@ -63,11 +61,9 @@ static __u32 ipmark_from_ip6(const struct in6_addr *a, unsigned int s)
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
ipmark_tg6(struct sk_buff **pskb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
ipmark_tg6(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_ipmark_tginfo *info = targinfo;
|
||||
const struct xt_ipmark_tginfo *info = par->targinfo;
|
||||
const struct sk_buff *skb = *pskb;
|
||||
const struct ipv6hdr *iph = ipv6_hdr(skb);
|
||||
__u32 mark;
|
||||
|
||||
@@ -30,19 +30,17 @@ static const char *const dir_names[] = {
|
||||
};
|
||||
|
||||
static unsigned int
|
||||
logmark_tg(struct sk_buff **pskb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
logmark_tg(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct sk_buff *skb = *pskb;
|
||||
const struct xt_logmark_tginfo *info = targinfo;
|
||||
const struct xt_logmark_tginfo *info = par->targinfo;
|
||||
const struct nf_conn *ct;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
bool prev = false;
|
||||
|
||||
printk("<%u>%.*s""hook=%s nfmark=0x%x secmark=0x%x classify=0x%x",
|
||||
info->level, (unsigned int)sizeof(info->prefix), info->prefix,
|
||||
hook_names[hooknum],
|
||||
hook_names[par->hooknum],
|
||||
skb_nfmark(skb), skb_secmark(skb), skb->priority);
|
||||
|
||||
ct = nf_ct_get(skb, &ctinfo);
|
||||
@@ -83,11 +81,9 @@ logmark_tg(struct sk_buff **pskb, const struct net_device *in,
|
||||
}
|
||||
|
||||
static bool
|
||||
logmark_tg_check(const char *tablename, const void *e,
|
||||
const struct xt_target *target, void *targinfo,
|
||||
unsigned int hook_mask)
|
||||
logmark_tg_check(const struct xt_tgchk_param *par)
|
||||
{
|
||||
const struct xt_logmark_tginfo *info = targinfo;
|
||||
const struct xt_logmark_tginfo *info = par->targinfo;
|
||||
|
||||
if (info->level >= 8) {
|
||||
pr_debug("LOGMARK: level %u >= 8\n", info->level);
|
||||
|
||||
@@ -58,9 +58,8 @@ static unsigned int sysrq_tg(const void *pdata, uint16_t len)
|
||||
return NF_ACCEPT;
|
||||
}
|
||||
|
||||
static unsigned int sysrq_tg4(struct sk_buff **pskb,
|
||||
const struct net_device *in, const struct net_device *out,
|
||||
unsigned int hooknum, const struct xt_target *target, const void *targinfo)
|
||||
static unsigned int
|
||||
sysrq_tg4(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||
{
|
||||
struct sk_buff *skb = *pskb;
|
||||
const struct iphdr *iph;
|
||||
@@ -80,9 +79,8 @@ static unsigned int sysrq_tg4(struct sk_buff **pskb,
|
||||
return sysrq_tg((void *)udph + sizeof(struct udphdr), len);
|
||||
}
|
||||
|
||||
static unsigned int sysrq_tg6(struct sk_buff **pskb,
|
||||
const struct net_device *in, const struct net_device *out,
|
||||
unsigned int hooknum, const struct xt_target *target, const void *targinfo)
|
||||
static unsigned int
|
||||
sysrq_tg6(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||
{
|
||||
struct sk_buff *skb = *pskb;
|
||||
const struct ipv6hdr *iph;
|
||||
@@ -102,18 +100,17 @@ static unsigned int sysrq_tg6(struct sk_buff **pskb,
|
||||
return sysrq_tg(udph + sizeof(struct udphdr), len);
|
||||
}
|
||||
|
||||
static bool sysrq_tg_check(const char *table, const void *ventry,
|
||||
const struct xt_target *target, void *targinfo, unsigned int hook_mask)
|
||||
static bool sysrq_tg_check(const struct xt_tgchk_param *par)
|
||||
{
|
||||
if (target->family == NFPROTO_IPV4) {
|
||||
const struct ipt_entry *entry = ventry;
|
||||
if (par->target->family == NFPROTO_IPV4) {
|
||||
const struct ipt_entry *entry = par->entryinfo;
|
||||
|
||||
if ((entry->ip.proto != IPPROTO_UDP &&
|
||||
entry->ip.proto != IPPROTO_UDPLITE) ||
|
||||
entry->ip.invflags & XT_INV_PROTO)
|
||||
goto out;
|
||||
} else if (target->family == NFPROTO_IPV6) {
|
||||
const struct ip6t_entry *entry = ventry;
|
||||
} else if (par->target->family == NFPROTO_IPV6) {
|
||||
const struct ip6t_entry *entry = par->entryinfo;
|
||||
|
||||
if ((entry->ipv6.proto != IPPROTO_UDP &&
|
||||
entry->ipv6.proto != IPPROTO_UDPLITE) ||
|
||||
|
||||
@@ -188,9 +188,7 @@ static void tarpit_tcp(struct sk_buff *oldskb, unsigned int hook)
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
tarpit_tg(struct sk_buff **pskb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
tarpit_tg(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct sk_buff *skb = *pskb;
|
||||
const struct iphdr *iph = ip_hdr(skb);
|
||||
@@ -220,7 +218,7 @@ tarpit_tg(struct sk_buff **pskb, const struct net_device *in,
|
||||
if (iph->frag_off & htons(IP_OFFSET))
|
||||
return NF_DROP;
|
||||
|
||||
tarpit_tcp(*pskb, hooknum);
|
||||
tarpit_tcp(*pskb, par->hooknum);
|
||||
return NF_DROP;
|
||||
}
|
||||
|
||||
|
||||
@@ -142,11 +142,9 @@ static void tee_ip_direct_send(struct sk_buff *skb)
|
||||
* packets when we see they already have that ->nfct.
|
||||
*/
|
||||
static unsigned int
|
||||
tee_tg(struct sk_buff **pskb, const struct net_device *in,
|
||||
const struct net_device *out, unsigned int hooknum,
|
||||
const struct xt_target *target, const void *targinfo)
|
||||
tee_tg(struct sk_buff **pskb, const struct xt_target_param *par)
|
||||
{
|
||||
const struct xt_tee_tginfo *info = targinfo;
|
||||
const struct xt_tee_tginfo *info = par->targinfo;
|
||||
struct sk_buff *skb = *pskb;
|
||||
|
||||
#ifdef WITH_CONNTRACK
|
||||
@@ -169,7 +167,7 @@ tee_tg(struct sk_buff **pskb, const struct net_device *in,
|
||||
* If we are in INPUT, the checksum must be recalculated since
|
||||
* the length could have changed as a result of defragmentation.
|
||||
*/
|
||||
if (hooknum == NF_INET_LOCAL_IN) {
|
||||
if (par->hooknum == NF_INET_LOCAL_IN) {
|
||||
struct iphdr *iph = ip_hdr(skb);
|
||||
iph->check = 0;
|
||||
iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
|
||||
@@ -208,11 +206,9 @@ tee_tg(struct sk_buff **pskb, const struct net_device *in,
|
||||
return XT_CONTINUE;
|
||||
}
|
||||
|
||||
static bool tee_tg_check(const char *tablename, const void *entry,
|
||||
const struct xt_target *target, void *targinfo,
|
||||
unsigned int hook_mask)
|
||||
static bool tee_tg_check(const struct xt_tgchk_param *par)
|
||||
{
|
||||
const struct xt_tee_tginfo *info = targinfo;
|
||||
const struct xt_tee_tginfo *info = par->targinfo;
|
||||
|
||||
/* 0.0.0.0 and :: not allowed */
|
||||
return memcmp(&info->gw, &zero_address, sizeof(zero_address)) != 0;
|
||||
|
||||
@@ -97,12 +97,9 @@ static int condition_proc_write(struct file *file, const char __user *buffer,
|
||||
}
|
||||
|
||||
static bool
|
||||
condition_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, const struct xt_match *match,
|
||||
const void *matchinfo, int offset, unsigned int protoff,
|
||||
bool *hotdrop)
|
||||
condition_mt(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||
{
|
||||
const struct xt_condition_mtinfo *info = matchinfo;
|
||||
const struct xt_condition_mtinfo *info = par->matchinfo;
|
||||
const struct condition_variable *var = info->condvar;
|
||||
bool x;
|
||||
|
||||
@@ -113,12 +110,9 @@ condition_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
return x ^ info->invert;
|
||||
}
|
||||
|
||||
static bool
|
||||
condition_mt_check(const char *tablename, const void *entry,
|
||||
const struct xt_match *match, void *matchinfo,
|
||||
unsigned int hook_mask)
|
||||
static bool condition_mt_check(const struct xt_mtchk_param *par)
|
||||
{
|
||||
struct xt_condition_mtinfo *info = matchinfo;
|
||||
struct xt_condition_mtinfo *info = par->matchinfo;
|
||||
struct condition_variable *var;
|
||||
|
||||
/* Forbid certain names */
|
||||
@@ -184,9 +178,9 @@ condition_mt_check(const char *tablename, const void *entry,
|
||||
return true;
|
||||
}
|
||||
|
||||
static void condition_mt_destroy(const struct xt_match *match, void *matchinfo)
|
||||
static void condition_mt_destroy(const struct xt_mtdtor_param *par)
|
||||
{
|
||||
const struct xt_condition_mtinfo *info = matchinfo;
|
||||
const struct xt_condition_mtinfo *info = par->matchinfo;
|
||||
struct condition_variable *var = info->condvar;
|
||||
|
||||
down(&proc_lock);
|
||||
|
||||
@@ -60,12 +60,9 @@ static uint8_t mf_low(uint32_t tx, uint32_t mini, uint32_t maxi)
|
||||
}
|
||||
|
||||
static bool
|
||||
fuzzy_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, const struct xt_match *match,
|
||||
const void *matchinfo, int offset, unsigned int protoff,
|
||||
bool *hotdrop)
|
||||
fuzzy_mt(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||
{
|
||||
struct xt_fuzzy_mtinfo *info = (void *)matchinfo;
|
||||
struct xt_fuzzy_mtinfo *info = (void *)par->matchinfo;
|
||||
unsigned long amount;
|
||||
uint8_t howhigh, howlow, random_number;
|
||||
|
||||
@@ -128,11 +125,9 @@ fuzzy_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool
|
||||
fuzzy_mt_check(const char *table, const void *ip, const struct xt_match *match,
|
||||
void *matchinfo, unsigned int hook_mask)
|
||||
static bool fuzzy_mt_check(const struct xt_mtchk_param *par)
|
||||
{
|
||||
const struct xt_fuzzy_mtinfo *info = matchinfo;
|
||||
const struct xt_fuzzy_mtinfo *info = par->matchinfo;
|
||||
|
||||
if (info->minimum_rate < FUZZY_MIN_RATE ||
|
||||
info->maximum_rate > FUZZY_MAX_RATE ||
|
||||
|
||||
@@ -135,11 +135,10 @@ static bool geoip_bsearch(const struct geoip_subnet *range,
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool xt_geoip_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, const struct xt_match *match,
|
||||
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
||||
static bool
|
||||
xt_geoip_mt(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||
{
|
||||
const struct xt_geoip_match_info *info = matchinfo;
|
||||
const struct xt_geoip_match_info *info = par->matchinfo;
|
||||
const struct geoip_country_kernel *node;
|
||||
const struct iphdr *iph = ip_hdr(skb);
|
||||
unsigned int i;
|
||||
@@ -169,10 +168,9 @@ static bool xt_geoip_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
return info->flags & XT_GEOIP_INV;
|
||||
}
|
||||
|
||||
static bool xt_geoip_mt_checkentry(const char *table, const void *entry,
|
||||
const struct xt_match *match, void *matchinfo, unsigned int hook_mask)
|
||||
static bool xt_geoip_mt_checkentry(const struct xt_mtchk_param *par)
|
||||
{
|
||||
struct xt_geoip_match_info *info = matchinfo;
|
||||
struct xt_geoip_match_info *info = par->matchinfo;
|
||||
struct geoip_country_kernel *node;
|
||||
unsigned int i;
|
||||
|
||||
@@ -197,9 +195,9 @@ static bool xt_geoip_mt_checkentry(const char *table, const void *entry,
|
||||
return true;
|
||||
}
|
||||
|
||||
static void xt_geoip_mt_destroy(const struct xt_match *match, void *matchinfo)
|
||||
static void xt_geoip_mt_destroy(const struct xt_mtdtor_param *par)
|
||||
{
|
||||
struct xt_geoip_match_info *info = matchinfo;
|
||||
struct xt_geoip_match_info *info = par->matchinfo;
|
||||
struct geoip_country_kernel *node;
|
||||
unsigned int i;
|
||||
|
||||
|
||||
@@ -785,11 +785,9 @@ static const struct {
|
||||
};
|
||||
|
||||
static bool
|
||||
ipp2p_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, const struct xt_match *match,
|
||||
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
||||
ipp2p_mt(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||
{
|
||||
const struct ipt_p2p_info *info = matchinfo;
|
||||
const struct ipt_p2p_info *info = par->matchinfo;
|
||||
const unsigned char *haystack;
|
||||
const struct iphdr *ip = ip_hdr(skb);
|
||||
bool p2p_result = false;
|
||||
@@ -797,9 +795,9 @@ ipp2p_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
unsigned int hlen = ntohs(ip->tot_len) - ip_hdrlen(skb); /* hlen = packet-data length */
|
||||
|
||||
/* must not be a fragment */
|
||||
if (offset != 0) {
|
||||
if (par->fragoff != 0) {
|
||||
if (info->debug)
|
||||
printk("IPP2P.match: offset found %i \n", offset);
|
||||
printk("IPP2P.match: offset found %d\n", par->fragoff);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@@ -171,18 +171,16 @@ static inline unsigned int portscan_mt_full(int mark,
|
||||
return mark;
|
||||
}
|
||||
|
||||
static bool portscan_mt(const struct sk_buff *skb,
|
||||
const struct net_device *in, const struct net_device *out,
|
||||
const struct xt_match *match, const void *matchinfo, int offset,
|
||||
unsigned int protoff, bool *hotdrop)
|
||||
static bool
|
||||
portscan_mt(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||
{
|
||||
const struct xt_portscan_mtinfo *info = matchinfo;
|
||||
const struct xt_portscan_mtinfo *info = par->matchinfo;
|
||||
enum ip_conntrack_info ctstate;
|
||||
const struct tcphdr *tcph;
|
||||
struct nf_conn *ctdata;
|
||||
struct tcphdr tcph_buf;
|
||||
|
||||
tcph = skb_header_pointer(skb, protoff, sizeof(tcph_buf), &tcph_buf);
|
||||
tcph = skb_header_pointer(skb, par->thoff, sizeof(tcph_buf), &tcph_buf);
|
||||
if (tcph == NULL)
|
||||
return false;
|
||||
|
||||
@@ -207,8 +205,8 @@ static bool portscan_mt(const struct sk_buff *skb,
|
||||
unsigned int n;
|
||||
|
||||
n = portscan_mt_full(ctdata->mark & connmark_mask, ctstate,
|
||||
in == init_net__loopback_dev, tcph,
|
||||
skb->len - protoff - 4 * tcph->doff);
|
||||
par->in == init_net__loopback_dev, tcph,
|
||||
skb->len - par->thoff - 4 * tcph->doff);
|
||||
|
||||
ctdata->mark = (ctdata->mark & ~connmark_mask) | n;
|
||||
skb_nfmark(skb) = (skb_nfmark(skb) & ~packet_mask) ^ mark_seen;
|
||||
@@ -219,10 +217,9 @@ static bool portscan_mt(const struct sk_buff *skb,
|
||||
(info->match_gr && ctdata->mark == mark_grscan);
|
||||
}
|
||||
|
||||
static bool portscan_mt_check(const char *tablename, const void *entry,
|
||||
const struct xt_match *match, void *matchinfo, unsigned int hook_mask)
|
||||
static bool portscan_mt_check(const struct xt_mtchk_param *par)
|
||||
{
|
||||
const struct xt_portscan_mtinfo *info = matchinfo;
|
||||
const struct xt_portscan_mtinfo *info = par->matchinfo;
|
||||
|
||||
if ((info->match_stealth & ~1) || (info->match_syn & ~1) ||
|
||||
(info->match_cn & ~1) || (info->match_gr & ~1)) {
|
||||
|
||||
@@ -120,12 +120,9 @@ static struct quota_counter *q2_get_counter(const struct xt_quota_mtinfo2 *q)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static bool
|
||||
quota_mt2_check(const char *tablename, const void *entry,
|
||||
const struct xt_match *match, void *matchinfo,
|
||||
unsigned int hook_mask)
|
||||
static bool quota_mt2_check(const struct xt_mtchk_param *par)
|
||||
{
|
||||
struct xt_quota_mtinfo2 *q = matchinfo;
|
||||
struct xt_quota_mtinfo2 *q = par->matchinfo;
|
||||
|
||||
if (q->flags & ~XT_QUOTA_MASK)
|
||||
return false;
|
||||
@@ -146,9 +143,9 @@ quota_mt2_check(const char *tablename, const void *entry,
|
||||
return true;
|
||||
}
|
||||
|
||||
static void quota_mt2_destroy(const struct xt_match *match, void *matchinfo)
|
||||
static void quota_mt2_destroy(const struct xt_mtdtor_param *par)
|
||||
{
|
||||
struct xt_quota_mtinfo2 *q = matchinfo;
|
||||
struct xt_quota_mtinfo2 *q = par->matchinfo;
|
||||
struct quota_counter *e = q->master;
|
||||
|
||||
spin_lock_bh(&counter_list_lock);
|
||||
@@ -164,12 +161,9 @@ static void quota_mt2_destroy(const struct xt_match *match, void *matchinfo)
|
||||
}
|
||||
|
||||
static bool
|
||||
quota_mt2(const struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, const struct xt_match *match,
|
||||
const void *matchinfo, int offset, unsigned int protoff,
|
||||
bool *hotdrop)
|
||||
quota_mt2(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||
{
|
||||
struct xt_quota_mtinfo2 *q = (void *)matchinfo;
|
||||
struct xt_quota_mtinfo2 *q = (void *)par->matchinfo;
|
||||
struct quota_counter *e = q->master;
|
||||
bool ret = q->flags & XT_QUOTA_INVERT;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user