const struct net_device *in, const struct net_device *out,
const struct xt_match *cm, const void *matchinfo, int offset,
unsigned int protoff, int *hotdrop)
+#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
+static bool xtnu_match_run(const struct sk_buff *skb,
+ const struct net_device *in, const struct net_device *out,
+ const struct xt_match *cm, const void *matchinfo, int offset,
+ unsigned int protoff, bool *hotdrop)
+#endif
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
{
struct xtnu_match *nm = xtcompat_numatch(cm);
bool lo_drop = false, lo_ret;
+ struct xt_match_param local_par = {
+ .in = in,
+ .out = out,
+ .match = cm,
+ .matchinfo = matchinfo,
+ .fragoff = offset,
+ .thoff = protoff,
+ .hotdrop = &lo_drop,
+ .family = NFPROTO_UNSPEC, /* don't have that info */
+ };
if (nm == NULL || nm->match == NULL)
return false;
- lo_ret = nm->match(skb, in, out, nm, matchinfo,
- offset, protoff, &lo_drop);
+ lo_ret = nm->match(skb, &local_par);
*hotdrop = lo_drop;
return lo_ret;
}
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
static int xtnu_match_check(const char *table, const void *entry,
const struct xt_match *cm, void *matchinfo, unsigned int hook_mask)
+#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
+static bool xtnu_match_check(const char *table, const void *entry,
+ const struct xt_match *cm, void *matchinfo, unsigned int hook_mask)
#endif
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
{
struct xtnu_match *nm = xtcompat_numatch(cm);
+ struct xt_mtchk_param local_par = {
+ .table = table,
+ .entryinfo = entry,
+ .match = cm,
+ .matchinfo = matchinfo,
+ .hook_mask = hook_mask,
+ .family = NFPROTO_UNSPEC,
+ };
if (nm == NULL)
return false;
if (nm->checkentry == NULL)
return true;
- return nm->checkentry(table, entry, nm, matchinfo, hook_mask);
+ return nm->checkentry(&local_par);
}
#endif
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo,
unsigned int matchinfosize)
-#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
+#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo)
#endif
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
{
struct xtnu_match *nm = xtcompat_numatch(cm);
+ struct xt_mtdtor_param local_par = {
+ .match = cm,
+ .matchinfo = matchinfo,
+ .family = NFPROTO_UNSPEC,
+ };
if (nm != NULL && nm->destroy != NULL)
- nm->destroy(nm, matchinfo);
+ nm->destroy(&local_par);
}
#endif
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
int xtnu_register_match(struct xtnu_match *nt)
{
struct xt_match *ct;
static unsigned int xtnu_target_run(struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
unsigned int hooknum, const struct xt_target *ct, const void *targinfo)
-#else
+#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
static unsigned int xtnu_target_run(struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
unsigned int hooknum, const struct xt_target *ct, const void *targinfo)
+#else
+static unsigned int
+xtnu_target_run(struct sk_buff *skb, const struct xt_target_param *par)
#endif
{
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
struct xtnu_target *nt = xtcompat_nutarget(ct);
+ struct xt_target_param local_par = {
+ .in = in,
+ .out = out,
+ .hooknum = hooknum,
+ .target = ct,
+ .targinfo = targinfo,
+ .family = NFPROTO_UNSPEC,
+ };
+#else
+ struct xtnu_target *nt = xtcompat_nutarget(par->target);
+#endif
+
if (nt != NULL && nt->target != NULL)
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
- return nt->target(pskb, in, out, hooknum, nt, targinfo);
+ return nt->target(pskb, &local_par);
+#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
+ return nt->target(&skb, &local_par);
#else
- return nt->target(&skb, in, out, hooknum, nt, targinfo);
+ return nt->target(&skb, par);
#endif
return XT_CONTINUE;
}
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
static int xtnu_target_check(const char *table, const void *entry,
const struct xt_target *ct, void *targinfo, unsigned int hook_mask)
-#else
+#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
static bool xtnu_target_check(const char *table, const void *entry,
const struct xt_target *ct, void *targinfo, unsigned int hook_mask)
#endif
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
{
struct xtnu_target *nt = xtcompat_nutarget(ct);
+ struct xt_tgchk_param local_par = {
+ .table = table,
+ .entryinfo = entry,
+ .target = ct,
+ .targinfo = targinfo,
+ .hook_mask = hook_mask,
+ .family = NFPROTO_UNSPEC,
+ };
+
if (nt == NULL)
return false;
if (nt->checkentry == NULL)
/* this is valid, just like if there was no function */
return true;
- return nt->checkentry(table, entry, nt, targinfo, hook_mask);
+ return nt->checkentry(&local_par);
}
+#endif
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo,
unsigned int targinfosize)
-#else
+#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo)
#endif
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
{
struct xtnu_target *nt = xtcompat_nutarget(ct);
+ struct xt_tgdtor_param local_par = {
+ .target = ct,
+ .targinfo = targinfo,
+ .family = NFPROTO_UNSPEC,
+ };
+
if (nt != NULL && nt->destroy != NULL)
- nt->destroy(nt, targinfo);
+ nt->destroy(&local_par);
}
+#endif
int xtnu_register_target(struct xtnu_target *nt)
{
ct->hooks = nt->hooks;
ct->proto = nt->proto;
ct->target = xtnu_target_run;
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
ct->checkentry = xtnu_target_check;
ct->destroy = xtnu_target_destroy;
+#else
+ ct->checkentry = nt->checkentry;
+ ct->destroy = nt->destroy;
+#endif
ct->targetsize = nt->targetsize;
ct->me = nt->me;
# define init_net__proc_net init_net.proc_net
#endif
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
# define xt_match xtnu_match
# define xt_register_match xtnu_register_match
# define xt_unregister_match xtnu_unregister_match
NFPROTO_DECNET = 12,
NFPROTO_NUMPROTO,
};
+
+struct xt_match_param {
+ const struct net_device *in, *out;
+ const struct xt_match *match;
+ const void *matchinfo;
+ int fragoff;
+ unsigned int thoff;
+ bool *hotdrop;
+ u_int8_t family;
+};
+
+struct xt_mtchk_param {
+ const char *table;
+ const void *entryinfo;
+ const struct xt_match *match;
+ void *matchinfo;
+ unsigned int hook_mask;
+ u_int8_t family;
+};
+
+struct xt_mtdtor_param {
+ const struct xt_match *match;
+ void *matchinfo;
+ u_int8_t family;
+};
+
+struct xt_target_param {
+ const struct net_device *in, *out;
+ unsigned int hooknum;
+ const struct xt_target *target;
+ const void *targinfo;
+ u_int8_t family;
+};
+
+struct xt_tgchk_param {
+ const char *table;
+ const void *entryinfo;
+ const struct xt_target *target;
+ void *targinfo;
+ unsigned int hook_mask;
+ u_int8_t family;
+};
+
+struct xt_tgdtor_param {
+ const struct xt_target *target;
+ void *targinfo;
+ u_int8_t family;
+};
#endif
struct xtnu_match {
struct list_head list;
char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)];
- bool (*match)(const struct sk_buff *, const struct net_device *,
- const struct net_device *, const struct xtnu_match *,
- const void *, int, unsigned int, bool *);
- bool (*checkentry)(const char *, const void *,
- const struct xtnu_match *, void *, unsigned int);
- void (*destroy)(const struct xtnu_match *, void *);
+ bool (*match)(const struct sk_buff *, const struct xt_match_param *);
+ bool (*checkentry)(const struct xt_mtchk_param *);
+ void (*destroy)(const struct xt_mtdtor_param *);
struct module *me;
const char *table;
unsigned int matchsize, hooks;
struct xtnu_target {
struct list_head list;
char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)];
- unsigned int (*target)(struct sk_buff **, const struct net_device *,
- const struct net_device *, unsigned int,
- const struct xtnu_target *, const void *);
- bool (*checkentry)(const char *, const void *,
- const struct xtnu_target *, void *, unsigned int);
- void (*destroy)(const struct xtnu_target *, void *);
+ unsigned int (*target)(struct sk_buff **,
+ const struct xt_target_param *);
+ bool (*checkentry)(const struct xt_tgchk_param *);
+ void (*destroy)(const struct xt_tgdtor_param *);
struct module *me;
const char *table;
unsigned int targetsize, hooks;
#include <linux/netfilter/x_tables.h>
#endif
#include "ipt_set.h"
+#include "../compat_xtables.h"
static unsigned int
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
-target(struct sk_buff **pskb,
- unsigned int hooknum,
- const struct net_device *in,
- const struct net_device *out,
- const void *targinfo,
- void *userinfo)
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
-target(struct sk_buff **pskb,
- const struct net_device *in,
- const struct net_device *out,
- unsigned int hooknum,
- const void *targinfo,
- void *userinfo)
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
-target(struct sk_buff **pskb,
- const struct net_device *in,
- const struct net_device *out,
- unsigned int hooknum,
- const struct xt_target *target,
- const void *targinfo,
- void *userinfo)
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
-target(struct sk_buff **pskb,
- const struct net_device *in,
- const struct net_device *out,
- unsigned int hooknum,
- const struct xt_target *target,
- const void *targinfo)
-#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) */
-target(struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- unsigned int hooknum,
- const struct xt_target *target,
- const void *targinfo)
-#endif
+target(struct sk_buff **pskb, const struct xt_target_param *par)
{
- const struct ipt_set_info_target *info = targinfo;
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
- struct sk_buff *skb = *pskb;
-#endif
+ const struct ipt_set_info_target *info = par->targinfo;
-
if (info->add_set.index != IP_SET_INVALID_ID)
ip_set_addip_kernel(info->add_set.index,
- skb,
+ *pskb,
info->add_set.flags);
if (info->del_set.index != IP_SET_INVALID_ID)
ip_set_delip_kernel(info->del_set.index,
- skb,
+ *pskb,
info->del_set.flags);
return XT_CONTINUE;
}
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
-static int
-checkentry(const char *tablename,
- const struct ipt_entry *e,
- void *targinfo,
- unsigned int targinfosize,
- unsigned int hook_mask)
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
-static int
-checkentry(const char *tablename,
- const void *e,
- void *targinfo,
- unsigned int targinfosize,
- unsigned int hook_mask)
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
-static int
-checkentry(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int targinfosize,
- unsigned int hook_mask)
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
-static int
-checkentry(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
-#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
static bool
-checkentry(const char *tablename,
- const void *e,
- const struct xt_target *target,
- void *targinfo,
- unsigned int hook_mask)
-#endif
+checkentry(const struct xt_tgchk_param *par)
{
- struct ipt_set_info_target *info = targinfo;
+ struct ipt_set_info_target *info = par->targinfo;
ip_set_id_t index;
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
return 1;
}
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
-static void destroy(void *targetinfo,
- unsigned int targetsize)
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
-static void destroy(const struct xt_target *target,
- void *targetinfo,
- unsigned int targetsize)
-#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) */
-static void destroy(const struct xt_target *target,
- void *targetinfo)
-#endif
+static void destroy(const struct xt_tgdtor_param *par)
{
- struct ipt_set_info_target *info = targetinfo;
+ struct ipt_set_info_target *info = par->targinfo;
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
if (targetsize != IPT_ALIGN(sizeof(struct ipt_set_info_target))) {
#endif
#include "ip_set.h"
#include "ipt_set.h"
+#include "../compat_xtables.h"
static inline int
match_set(const struct ipt_set_info *info,
return inv;
}
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
-static int
-match(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- const void *matchinfo,
- int offset,
- const void *hdr,
- u_int16_t datalen,
- int *hotdrop)
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
-static int
-match(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- const void *matchinfo,
- int offset,
- int *hotdrop)
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
-static int
-match(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- const void *matchinfo,
- int offset,
- unsigned int protoff,
- int *hotdrop)
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
-static int
-match(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- const struct xt_match *match,
- const void *matchinfo,
- int offset,
- unsigned int protoff,
- int *hotdrop)
-#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
static bool
-match(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- const struct xt_match *match,
- const void *matchinfo,
- int offset,
- unsigned int protoff,
- bool *hotdrop)
-#endif
+match(const struct sk_buff *skb, const struct xt_match_param *par)
{
- const struct ipt_set_info_match *info = matchinfo;
+ const struct ipt_set_info_match *info = par->matchinfo;
return match_set(&info->match_set,
skb,
info->match_set.flags[0] & IPSET_MATCH_INV);
}
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
-static int
-checkentry(const char *tablename,
- const struct ipt_ip *ip,
- void *matchinfo,
- unsigned int matchsize,
- unsigned int hook_mask)
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
-static int
-checkentry(const char *tablename,
- const void *inf,
- void *matchinfo,
- unsigned int matchsize,
- unsigned int hook_mask)
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
-static int
-checkentry(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int matchsize,
- unsigned int hook_mask)
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
-static int
-checkentry(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
-#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
static bool
-checkentry(const char *tablename,
- const void *inf,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mask)
-#endif
+checkentry(const struct xt_mtchk_param *par)
{
- struct ipt_set_info_match *info = matchinfo;
+ struct ipt_set_info_match *info = par->matchinfo;
ip_set_id_t index;
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
return 1;
}
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
-static void destroy(void *matchinfo,
- unsigned int matchsize)
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
-static void destroy(const struct xt_match *match,
- void *matchinfo,
- unsigned int matchsize)
-#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) */
-static void destroy(const struct xt_match *match,
- void *matchinfo)
-#endif
+static void destroy(const struct xt_mtdtor_param *par)
{
- struct ipt_set_info_match *info = matchinfo;
+ struct ipt_set_info_match *info = par->matchinfo;
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
};
/* CHAOS functions */
-static void xt_chaos_total(const struct xt_chaos_tginfo *info,
- struct sk_buff *skb, const struct net_device *in,
- const struct net_device *out, unsigned int hooknum)
+static void
+xt_chaos_total(struct sk_buff *skb, const struct xt_target_param *par)
{
+ const struct xt_chaos_tginfo *info = par->targinfo;
const struct iphdr *iph = ip_hdr(skb);
- const int protoff = 4 * iph->ihl;
- const int offset = ntohs(iph->frag_off) & IP_OFFSET;
+ const int thoff = 4 * iph->ihl;
+ const int fragoff = ntohs(iph->frag_off) & IP_OFFSET;
typeof(xt_tarpit) destiny;
bool ret;
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
bool hotdrop = false;
#endif
- ret = xm_tcp->match(skb, in, out, xm_tcp, &tcp_params,
- offset, protoff, &hotdrop);
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
+ ret = xm_tcp->match(skb, par->in, par->out, xm_tcp, &tcp_params,
+ fragoff, thoff, &hotdrop);
+#else
+ {
+ struct xt_match_param local_par = {
+ .in = par->in,
+ .out = par->out,
+ .match = xm_tcp,
+ .matchinfo = &tcp_params,
+ .fragoff = fragoff,
+ .thoff = thoff,
+ .hotdrop = &hotdrop,
+ };
+ ret = xm_tcp->match(skb, &local_par);
+ }
+#endif
if (!ret || hotdrop || (unsigned int)net_random() > delude_percentage)
return;
destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude;
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
- destiny->target(&skb, in, out, hooknum, destiny, NULL, NULL);
+ destiny->target(&skb, par->in, par->out, par->hooknum, destiny, NULL, NULL);
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
- destiny->target(&skb, in, out, hooknum, destiny, NULL);
+ destiny->target(&skb, par->in, par->out, par->hooknum, destiny, NULL);
+#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
+ destiny->target(skb, par->in, par->out, par->hooknum, destiny, NULL);
#else
- destiny->target(skb, in, out, hooknum, destiny, NULL);
+ {
+ struct xt_target_param local_par = *par;
+ local_par.target = destiny;
+ destiny->target(skb, &local_par);
+ }
#endif
}
-static unsigned int chaos_tg(struct sk_buff **pskb,
- const struct net_device *in, const struct net_device *out,
- unsigned int hooknum, const struct xt_target *target, const void *targinfo)
+static unsigned int
+chaos_tg(struct sk_buff **pskb, const struct xt_target_param *par)
{
/*
* Equivalent to:
* $delude_percentage -j DELUDE;
* -A chaos -j DROP;
*/
- const struct xt_chaos_tginfo *info = targinfo;
+ const struct xt_chaos_tginfo *info = par->targinfo;
struct sk_buff *skb = *pskb;
const struct iphdr *iph = ip_hdr(skb);
- if ((unsigned int)net_random() <= reject_percentage)
+ if ((unsigned int)net_random() <= reject_percentage) {
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
- return xt_reject->target(pskb, in, out, hooknum,
- target->__compat_target, &reject_params, NULL);
+ return xt_reject->target(pskb, par->in, par->out, par->hooknum,
+ xt_reject, &reject_params, NULL);
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
- return xt_reject->target(pskb, in, out, hooknum,
- target->__compat_target, &reject_params);
+ return xt_reject->target(pskb, par->in, par->out, par->hooknum,
+ xt_reject, &reject_params);
+#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
+ return xt_reject->target(skb, par->in, par->out, par->hooknum,
+ xt_reject, &reject_params);
#else
- return xt_reject->target(skb, in, out, hooknum,
- target->__compat_target, &reject_params);
+ struct xt_target_param local_par = {
+ .in = par->in,
+ .out = par->out,
+ .hooknum = par->hooknum,
+ .target = xt_reject,
+ .targinfo = &reject_params,
+ };
+ return xt_reject->target(skb, &local_par);
#endif
+ }
/* TARPIT/DELUDE may not be called from the OUTPUT chain */
if (iph->protocol == IPPROTO_TCP &&
- info->variant != XTCHAOS_NORMAL && hooknum != NF_INET_LOCAL_OUT)
- xt_chaos_total(info, skb, in, out, hooknum);
+ info->variant != XTCHAOS_NORMAL &&
+ par->hooknum != NF_INET_LOCAL_OUT)
+ xt_chaos_total(skb, par);
return NF_DROP;
}
-static bool chaos_tg_check(const char *tablename, const void *entry,
- const struct xt_target *target, void *targinfo, unsigned int hook_mask)
+static bool chaos_tg_check(const struct xt_tgchk_param *par)
{
- const struct xt_chaos_tginfo *info = targinfo;
+ const struct xt_chaos_tginfo *info = par->targinfo;
if (info->variant == XTCHAOS_DELUDE && !have_delude) {
printk(KERN_WARNING PFX "Error: Cannot use --delude when "
kfree_skb(nskb);
}
-static unsigned int delude_tg(struct sk_buff **pskb,
- const struct net_device *in, const struct net_device *out,
- unsigned int hooknum, const struct xt_target *target, const void *targinfo)
+static unsigned int
+delude_tg(struct sk_buff **pskb, const struct xt_target_param *par)
{
/* WARNING: This code causes reentry within iptables.
This means that the iptables jump stack is now crap. We
must return an absolute verdict. --RR */
- delude_send_reset(*pskb, hooknum);
+ delude_send_reset(*pskb, par->hooknum);
return NF_DROP;
}
return true;
}
-static bool dhcpaddr_mt(const struct sk_buff *skb, const struct net_device *in,
- const struct net_device *out, const struct xt_match *match,
- const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
+static bool
+dhcpaddr_mt(const struct sk_buff *skb, const struct xt_match_param *par)
{
- const struct dhcpaddr_info *info = matchinfo;
+ const struct dhcpaddr_info *info = par->matchinfo;
const struct dhcp_message *dh;
struct dhcp_message dhcpbuf;
- dh = skb_header_pointer(skb, protoff + sizeof(struct udphdr),
+ dh = skb_header_pointer(skb, par->thoff + sizeof(struct udphdr),
sizeof(dhcpbuf), &dhcpbuf);
if (dh == NULL)
/*
return ether_cmp((const void *)dh->chaddr, info->addr, info->mask);
}
-static unsigned int dhcpaddr_tg(struct sk_buff **pskb,
- const struct net_device *in, const struct net_device *out,
- unsigned int hooknum, const struct xt_target *target, const void *targinfo)
+static unsigned int
+dhcpaddr_tg(struct sk_buff **pskb, const struct xt_target_param *par)
{
- const struct dhcpaddr_info *info = targinfo;
+ const struct dhcpaddr_info *info = par->targinfo;
struct dhcp_message dhcpbuf, *dh;
struct udphdr udpbuf, *udph;
struct sk_buff *skb = *pskb;
#include <net/ip.h>
#include "compat_xtables.h"
-static unsigned int echo_tg4(struct sk_buff **poldskb,
- const struct net_device *in, const struct net_device *out,
- unsigned int hooknum, const struct xt_target *target, const void *targinfo)
+static unsigned int
+echo_tg4(struct sk_buff **poldskb, const struct xt_target_param *par)
{
const struct sk_buff *oldskb = *poldskb;
const struct udphdr *oldudp;
MODULE_ALIAS("ip6t_IPMARK");
static unsigned int
-ipmark_tg4(struct sk_buff **pskb, const struct net_device *in,
- const struct net_device *out, unsigned int hooknum,
- const struct xt_target *target, const void *targinfo)
+ipmark_tg4(struct sk_buff **pskb, const struct xt_target_param *par)
{
- const struct xt_ipmark_tginfo *ipmarkinfo = targinfo;
+ const struct xt_ipmark_tginfo *ipmarkinfo = par->targinfo;
const struct sk_buff *skb = *pskb;
const struct iphdr *iph = ip_hdr(skb);
__u32 mark;
}
static unsigned int
-ipmark_tg6(struct sk_buff **pskb, const struct net_device *in,
- const struct net_device *out, unsigned int hooknum,
- const struct xt_target *target, const void *targinfo)
+ipmark_tg6(struct sk_buff **pskb, const struct xt_target_param *par)
{
- const struct xt_ipmark_tginfo *info = targinfo;
+ const struct xt_ipmark_tginfo *info = par->targinfo;
const struct sk_buff *skb = *pskb;
const struct ipv6hdr *iph = ipv6_hdr(skb);
__u32 mark;
};
static unsigned int
-logmark_tg(struct sk_buff **pskb, const struct net_device *in,
- const struct net_device *out, unsigned int hooknum,
- const struct xt_target *target, const void *targinfo)
+logmark_tg(struct sk_buff **pskb, const struct xt_target_param *par)
{
const struct sk_buff *skb = *pskb;
- const struct xt_logmark_tginfo *info = targinfo;
+ const struct xt_logmark_tginfo *info = par->targinfo;
const struct nf_conn *ct;
enum ip_conntrack_info ctinfo;
bool prev = false;
printk("<%u>%.*s""hook=%s nfmark=0x%x secmark=0x%x classify=0x%x",
info->level, (unsigned int)sizeof(info->prefix), info->prefix,
- hook_names[hooknum],
+ hook_names[par->hooknum],
skb_nfmark(skb), skb_secmark(skb), skb->priority);
ct = nf_ct_get(skb, &ctinfo);
}
static bool
-logmark_tg_check(const char *tablename, const void *e,
- const struct xt_target *target, void *targinfo,
- unsigned int hook_mask)
+logmark_tg_check(const struct xt_tgchk_param *par)
{
- const struct xt_logmark_tginfo *info = targinfo;
+ const struct xt_logmark_tginfo *info = par->targinfo;
if (info->level >= 8) {
pr_debug("LOGMARK: level %u >= 8\n", info->level);
return NF_ACCEPT;
}
-static unsigned int sysrq_tg4(struct sk_buff **pskb,
- const struct net_device *in, const struct net_device *out,
- unsigned int hooknum, const struct xt_target *target, const void *targinfo)
+static unsigned int
+sysrq_tg4(struct sk_buff **pskb, const struct xt_target_param *par)
{
struct sk_buff *skb = *pskb;
const struct iphdr *iph;
return sysrq_tg((void *)udph + sizeof(struct udphdr), len);
}
-static unsigned int sysrq_tg6(struct sk_buff **pskb,
- const struct net_device *in, const struct net_device *out,
- unsigned int hooknum, const struct xt_target *target, const void *targinfo)
+static unsigned int
+sysrq_tg6(struct sk_buff **pskb, const struct xt_target_param *par)
{
struct sk_buff *skb = *pskb;
const struct ipv6hdr *iph;
return sysrq_tg(udph + sizeof(struct udphdr), len);
}
-static bool sysrq_tg_check(const char *table, const void *ventry,
- const struct xt_target *target, void *targinfo, unsigned int hook_mask)
+static bool sysrq_tg_check(const struct xt_tgchk_param *par)
{
- if (target->family == NFPROTO_IPV4) {
- const struct ipt_entry *entry = ventry;
+ if (par->target->family == NFPROTO_IPV4) {
+ const struct ipt_entry *entry = par->entryinfo;
if ((entry->ip.proto != IPPROTO_UDP &&
entry->ip.proto != IPPROTO_UDPLITE) ||
entry->ip.invflags & XT_INV_PROTO)
goto out;
- } else if (target->family == NFPROTO_IPV6) {
- const struct ip6t_entry *entry = ventry;
+ } else if (par->target->family == NFPROTO_IPV6) {
+ const struct ip6t_entry *entry = par->entryinfo;
if ((entry->ipv6.proto != IPPROTO_UDP &&
entry->ipv6.proto != IPPROTO_UDPLITE) ||
}
static unsigned int
-tarpit_tg(struct sk_buff **pskb, const struct net_device *in,
- const struct net_device *out, unsigned int hooknum,
- const struct xt_target *target, const void *targinfo)
+tarpit_tg(struct sk_buff **pskb, const struct xt_target_param *par)
{
const struct sk_buff *skb = *pskb;
const struct iphdr *iph = ip_hdr(skb);
if (iph->frag_off & htons(IP_OFFSET))
return NF_DROP;
- tarpit_tcp(*pskb, hooknum);
+ tarpit_tcp(*pskb, par->hooknum);
return NF_DROP;
}
* packets when we see they already have that ->nfct.
*/
static unsigned int
-tee_tg(struct sk_buff **pskb, const struct net_device *in,
- const struct net_device *out, unsigned int hooknum,
- const struct xt_target *target, const void *targinfo)
+tee_tg(struct sk_buff **pskb, const struct xt_target_param *par)
{
- const struct xt_tee_tginfo *info = targinfo;
+ const struct xt_tee_tginfo *info = par->targinfo;
struct sk_buff *skb = *pskb;
#ifdef WITH_CONNTRACK
* If we are in INPUT, the checksum must be recalculated since
* the length could have changed as a result of defragmentation.
*/
- if (hooknum == NF_INET_LOCAL_IN) {
+ if (par->hooknum == NF_INET_LOCAL_IN) {
struct iphdr *iph = ip_hdr(skb);
iph->check = 0;
iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
return XT_CONTINUE;
}
-static bool tee_tg_check(const char *tablename, const void *entry,
- const struct xt_target *target, void *targinfo,
- unsigned int hook_mask)
+static bool tee_tg_check(const struct xt_tgchk_param *par)
{
- const struct xt_tee_tginfo *info = targinfo;
+ const struct xt_tee_tginfo *info = par->targinfo;
/* 0.0.0.0 and :: not allowed */
return memcmp(&info->gw, &zero_address, sizeof(zero_address)) != 0;
}
static bool
-condition_mt(const struct sk_buff *skb, const struct net_device *in,
- const struct net_device *out, const struct xt_match *match,
- const void *matchinfo, int offset, unsigned int protoff,
- bool *hotdrop)
+condition_mt(const struct sk_buff *skb, const struct xt_match_param *par)
{
- const struct xt_condition_mtinfo *info = matchinfo;
+ const struct xt_condition_mtinfo *info = par->matchinfo;
const struct condition_variable *var = info->condvar;
bool x;
return x ^ info->invert;
}
-static bool
-condition_mt_check(const char *tablename, const void *entry,
- const struct xt_match *match, void *matchinfo,
- unsigned int hook_mask)
+static bool condition_mt_check(const struct xt_mtchk_param *par)
{
- struct xt_condition_mtinfo *info = matchinfo;
+ struct xt_condition_mtinfo *info = par->matchinfo;
struct condition_variable *var;
/* Forbid certain names */
return true;
}
-static void condition_mt_destroy(const struct xt_match *match, void *matchinfo)
+static void condition_mt_destroy(const struct xt_mtdtor_param *par)
{
- const struct xt_condition_mtinfo *info = matchinfo;
+ const struct xt_condition_mtinfo *info = par->matchinfo;
struct condition_variable *var = info->condvar;
down(&proc_lock);
}
static bool
-fuzzy_mt(const struct sk_buff *skb, const struct net_device *in,
- const struct net_device *out, const struct xt_match *match,
- const void *matchinfo, int offset, unsigned int protoff,
- bool *hotdrop)
+fuzzy_mt(const struct sk_buff *skb, const struct xt_match_param *par)
{
- struct xt_fuzzy_mtinfo *info = (void *)matchinfo;
+ struct xt_fuzzy_mtinfo *info = (void *)par->matchinfo;
unsigned long amount;
uint8_t howhigh, howlow, random_number;
return false;
}
-static bool
-fuzzy_mt_check(const char *table, const void *ip, const struct xt_match *match,
- void *matchinfo, unsigned int hook_mask)
+static bool fuzzy_mt_check(const struct xt_mtchk_param *par)
{
- const struct xt_fuzzy_mtinfo *info = matchinfo;
+ const struct xt_fuzzy_mtinfo *info = par->matchinfo;
if (info->minimum_rate < FUZZY_MIN_RATE ||
info->maximum_rate > FUZZY_MAX_RATE ||
return false;
}
-static bool xt_geoip_mt(const struct sk_buff *skb, const struct net_device *in,
- const struct net_device *out, const struct xt_match *match,
- const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
+static bool
+xt_geoip_mt(const struct sk_buff *skb, const struct xt_match_param *par)
{
- const struct xt_geoip_match_info *info = matchinfo;
+ const struct xt_geoip_match_info *info = par->matchinfo;
const struct geoip_country_kernel *node;
const struct iphdr *iph = ip_hdr(skb);
unsigned int i;
return info->flags & XT_GEOIP_INV;
}
-static bool xt_geoip_mt_checkentry(const char *table, const void *entry,
- const struct xt_match *match, void *matchinfo, unsigned int hook_mask)
+static bool xt_geoip_mt_checkentry(const struct xt_mtchk_param *par)
{
- struct xt_geoip_match_info *info = matchinfo;
+ struct xt_geoip_match_info *info = par->matchinfo;
struct geoip_country_kernel *node;
unsigned int i;
return true;
}
-static void xt_geoip_mt_destroy(const struct xt_match *match, void *matchinfo)
+static void xt_geoip_mt_destroy(const struct xt_mtdtor_param *par)
{
- struct xt_geoip_match_info *info = matchinfo;
+ struct xt_geoip_match_info *info = par->matchinfo;
struct geoip_country_kernel *node;
unsigned int i;
};
static bool
-ipp2p_mt(const struct sk_buff *skb, const struct net_device *in,
- const struct net_device *out, const struct xt_match *match,
- const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
+ipp2p_mt(const struct sk_buff *skb, const struct xt_match_param *par)
{
- const struct ipt_p2p_info *info = matchinfo;
+ const struct ipt_p2p_info *info = par->matchinfo;
const unsigned char *haystack;
const struct iphdr *ip = ip_hdr(skb);
bool p2p_result = false;
unsigned int hlen = ntohs(ip->tot_len) - ip_hdrlen(skb); /* hlen = packet-data length */
/* must not be a fragment */
- if (offset != 0) {
+ if (par->fragoff != 0) {
if (info->debug)
- printk("IPP2P.match: offset found %i \n", offset);
+ printk("IPP2P.match: offset found %d\n", par->fragoff);
return 0;
}
return mark;
}
-static bool portscan_mt(const struct sk_buff *skb,
- const struct net_device *in, const struct net_device *out,
- const struct xt_match *match, const void *matchinfo, int offset,
- unsigned int protoff, bool *hotdrop)
+static bool
+portscan_mt(const struct sk_buff *skb, const struct xt_match_param *par)
{
- const struct xt_portscan_mtinfo *info = matchinfo;
+ const struct xt_portscan_mtinfo *info = par->matchinfo;
enum ip_conntrack_info ctstate;
const struct tcphdr *tcph;
struct nf_conn *ctdata;
struct tcphdr tcph_buf;
- tcph = skb_header_pointer(skb, protoff, sizeof(tcph_buf), &tcph_buf);
+ tcph = skb_header_pointer(skb, par->thoff, sizeof(tcph_buf), &tcph_buf);
if (tcph == NULL)
return false;
unsigned int n;
n = portscan_mt_full(ctdata->mark & connmark_mask, ctstate,
- in == init_net__loopback_dev, tcph,
- skb->len - protoff - 4 * tcph->doff);
+ par->in == init_net__loopback_dev, tcph,
+ skb->len - par->thoff - 4 * tcph->doff);
ctdata->mark = (ctdata->mark & ~connmark_mask) | n;
skb_nfmark(skb) = (skb_nfmark(skb) & ~packet_mask) ^ mark_seen;
(info->match_gr && ctdata->mark == mark_grscan);
}
-static bool portscan_mt_check(const char *tablename, const void *entry,
- const struct xt_match *match, void *matchinfo, unsigned int hook_mask)
+static bool portscan_mt_check(const struct xt_mtchk_param *par)
{
- const struct xt_portscan_mtinfo *info = matchinfo;
+ const struct xt_portscan_mtinfo *info = par->matchinfo;
if ((info->match_stealth & ~1) || (info->match_syn & ~1) ||
(info->match_cn & ~1) || (info->match_gr & ~1)) {
return NULL;
}
-static bool
-quota_mt2_check(const char *tablename, const void *entry,
- const struct xt_match *match, void *matchinfo,
- unsigned int hook_mask)
+static bool quota_mt2_check(const struct xt_mtchk_param *par)
{
- struct xt_quota_mtinfo2 *q = matchinfo;
+ struct xt_quota_mtinfo2 *q = par->matchinfo;
if (q->flags & ~XT_QUOTA_MASK)
return false;
return true;
}
-static void quota_mt2_destroy(const struct xt_match *match, void *matchinfo)
+static void quota_mt2_destroy(const struct xt_mtdtor_param *par)
{
- struct xt_quota_mtinfo2 *q = matchinfo;
+ struct xt_quota_mtinfo2 *q = par->matchinfo;
struct quota_counter *e = q->master;
spin_lock_bh(&counter_list_lock);
}
static bool
-quota_mt2(const struct sk_buff *skb, const struct net_device *in,
- const struct net_device *out, const struct xt_match *match,
- const void *matchinfo, int offset, unsigned int protoff,
- bool *hotdrop)
+quota_mt2(const struct sk_buff *skb, const struct xt_match_param *par)
{
- struct xt_quota_mtinfo2 *q = (void *)matchinfo;
+ struct xt_quota_mtinfo2 *q = (void *)par->matchinfo;
struct quota_counter *e = q->master;
bool ret = q->flags & XT_QUOTA_INVERT;
projects / thirdparty / xtables-addons.git / commitdiff
