netfilter: xtables: move extension arguments into compound structure (4/6)

This patch does this for target extensions' target functions.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
Jan Engelhardt 2008-10-08 11:35:19 +02:00 committed by Patrick McHardy
parent 6be3d8598e
commit 7eb3558655
42 changed files with 209 additions and 297 deletions

View file

@ -218,6 +218,22 @@ struct xt_mtdtor_param {
void *matchinfo; void *matchinfo;
}; };
/**
* struct xt_target_param - parameters for target extensions' target functions
*
* @hooknum: hook through which this target was invoked
* @target: struct xt_target through which this function was invoked
* @targinfo: per-target data
*
* Other fields see above.
*/
struct xt_target_param {
const struct net_device *in, *out;
unsigned int hooknum;
const struct xt_target *target;
const void *targinfo;
};
struct xt_match struct xt_match
{ {
struct list_head list; struct list_head list;
@ -269,11 +285,7 @@ struct xt_target
must now handle non-linear skbs, using skb_copy_bits and must now handle non-linear skbs, using skb_copy_bits and
skb_ip_make_writable. */ skb_ip_make_writable. */
unsigned int (*target)(struct sk_buff *skb, unsigned int (*target)(struct sk_buff *skb,
const struct net_device *in, const struct xt_target_param *);
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
const void *targinfo);
/* Called when user tries to insert an entry of this type: /* Called when user tries to insert an entry of this type:
hook_mask is a bitmask of hooks from which it can be hook_mask is a bitmask of hooks from which it can be

View file

@ -16,11 +16,9 @@
#include <linux/netfilter_bridge/ebt_arpreply.h> #include <linux/netfilter_bridge/ebt_arpreply.h>
static unsigned int static unsigned int
ebt_arpreply_tg(struct sk_buff *skb, const struct net_device *in, ebt_arpreply_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hook_nr,
const struct xt_target *target, const void *data)
{ {
const struct ebt_arpreply_info *info = data; const struct ebt_arpreply_info *info = par->targinfo;
const __be32 *siptr, *diptr; const __be32 *siptr, *diptr;
__be32 _sip, _dip; __be32 _sip, _dip;
const struct arphdr *ap; const struct arphdr *ap;
@ -53,7 +51,7 @@ ebt_arpreply_tg(struct sk_buff *skb, const struct net_device *in,
if (diptr == NULL) if (diptr == NULL)
return EBT_DROP; return EBT_DROP;
arp_send(ARPOP_REPLY, ETH_P_ARP, *siptr, (struct net_device *)in, arp_send(ARPOP_REPLY, ETH_P_ARP, *siptr, (struct net_device *)par->in,
*diptr, shp, info->mac, shp); *diptr, shp, info->mac, shp);
return info->target; return info->target;

View file

@ -15,11 +15,9 @@
#include <linux/netfilter_bridge/ebt_nat.h> #include <linux/netfilter_bridge/ebt_nat.h>
static unsigned int static unsigned int
ebt_dnat_tg(struct sk_buff *skb, const struct net_device *in, ebt_dnat_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hook_nr,
const struct xt_target *target, const void *data)
{ {
const struct ebt_nat_info *info = data; const struct ebt_nat_info *info = par->targinfo;
if (!skb_make_writable(skb, 0)) if (!skb_make_writable(skb, 0))
return EBT_DROP; return EBT_DROP;

View file

@ -195,11 +195,9 @@ out:
} }
static unsigned int static unsigned int
ebt_log_tg(struct sk_buff *skb, const struct net_device *in, ebt_log_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknr,
const struct xt_target *target, const void *data)
{ {
const struct ebt_log_info *info = data; const struct ebt_log_info *info = par->targinfo;
struct nf_loginfo li; struct nf_loginfo li;
li.type = NF_LOG_TYPE_LOG; li.type = NF_LOG_TYPE_LOG;
@ -207,11 +205,11 @@ ebt_log_tg(struct sk_buff *skb, const struct net_device *in,
li.u.log.logflags = info->bitmask; li.u.log.logflags = info->bitmask;
if (info->bitmask & EBT_LOG_NFLOG) if (info->bitmask & EBT_LOG_NFLOG)
nf_log_packet(NFPROTO_BRIDGE, hooknr, skb, in, out, &li, nf_log_packet(NFPROTO_BRIDGE, par->hooknum, skb, par->in,
"%s", info->prefix); par->out, &li, "%s", info->prefix);
else else
ebt_log_packet(NFPROTO_BRIDGE, hooknr, skb, in, out, &li, ebt_log_packet(NFPROTO_BRIDGE, par->hooknum, skb, par->in,
info->prefix); par->out, &li, info->prefix);
return EBT_CONTINUE; return EBT_CONTINUE;
} }

View file

@ -19,11 +19,9 @@
#include <linux/netfilter_bridge/ebt_mark_t.h> #include <linux/netfilter_bridge/ebt_mark_t.h>
static unsigned int static unsigned int
ebt_mark_tg(struct sk_buff *skb, const struct net_device *in, ebt_mark_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hook_nr,
const struct xt_target *target, const void *data)
{ {
const struct ebt_mark_t_info *info = data; const struct ebt_mark_t_info *info = par->targinfo;
int action = info->target & -16; int action = info->target & -16;
if (action == MARK_SET_VALUE) if (action == MARK_SET_VALUE)

View file

@ -20,11 +20,9 @@
#include <net/netfilter/nf_log.h> #include <net/netfilter/nf_log.h>
static unsigned int static unsigned int
ebt_nflog_tg(struct sk_buff *skb, const struct net_device *in, ebt_nflog_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknr,
const struct xt_target *target, const void *data)
{ {
const struct ebt_nflog_info *info = data; const struct ebt_nflog_info *info = par->targinfo;
struct nf_loginfo li; struct nf_loginfo li;
li.type = NF_LOG_TYPE_ULOG; li.type = NF_LOG_TYPE_ULOG;
@ -32,7 +30,8 @@ ebt_nflog_tg(struct sk_buff *skb, const struct net_device *in,
li.u.ulog.group = info->group; li.u.ulog.group = info->group;
li.u.ulog.qthreshold = info->threshold; li.u.ulog.qthreshold = info->threshold;
nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, "%s", info->prefix); nf_log_packet(PF_BRIDGE, par->hooknum, skb, par->in, par->out,
&li, "%s", info->prefix);
return EBT_CONTINUE; return EBT_CONTINUE;
} }

View file

@ -16,20 +16,18 @@
#include <linux/netfilter_bridge/ebt_redirect.h> #include <linux/netfilter_bridge/ebt_redirect.h>
static unsigned int static unsigned int
ebt_redirect_tg(struct sk_buff *skb, const struct net_device *in, ebt_redirect_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknr,
const struct xt_target *target, const void *data)
{ {
const struct ebt_redirect_info *info = data; const struct ebt_redirect_info *info = par->targinfo;
if (!skb_make_writable(skb, 0)) if (!skb_make_writable(skb, 0))
return EBT_DROP; return EBT_DROP;
if (hooknr != NF_BR_BROUTING) if (par->hooknum != NF_BR_BROUTING)
memcpy(eth_hdr(skb)->h_dest, memcpy(eth_hdr(skb)->h_dest,
in->br_port->br->dev->dev_addr, ETH_ALEN); par->in->br_port->br->dev->dev_addr, ETH_ALEN);
else else
memcpy(eth_hdr(skb)->h_dest, in->dev_addr, ETH_ALEN); memcpy(eth_hdr(skb)->h_dest, par->in->dev_addr, ETH_ALEN);
skb->pkt_type = PACKET_HOST; skb->pkt_type = PACKET_HOST;
return info->target; return info->target;
} }

View file

@ -17,11 +17,9 @@
#include <linux/netfilter_bridge/ebt_nat.h> #include <linux/netfilter_bridge/ebt_nat.h>
static unsigned int static unsigned int
ebt_snat_tg(struct sk_buff *skb, const struct net_device *in, ebt_snat_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hook_nr,
const struct xt_target *target, const void *data)
{ {
const struct ebt_nat_info *info = data; const struct ebt_nat_info *info = par->targinfo;
if (!skb_make_writable(skb, 0)) if (!skb_make_writable(skb, 0))
return EBT_DROP; return EBT_DROP;

View file

@ -247,13 +247,10 @@ static void ebt_log_packet(u_int8_t pf, unsigned int hooknum,
} }
static unsigned int static unsigned int
ebt_ulog_tg(struct sk_buff *skb, const struct net_device *in, ebt_ulog_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknr,
const struct xt_target *target, const void *data)
{ {
const struct ebt_ulog_info *uloginfo = data; ebt_ulog_packet(par->hooknum, skb, par->in, par->out,
par->targinfo, NULL);
ebt_ulog_packet(hooknr, skb, in, out, uloginfo, NULL);
return EBT_CONTINUE; return EBT_CONTINUE;
} }

View file

@ -64,11 +64,13 @@ static struct xt_target ebt_standard_target = {
.targetsize = sizeof(int), .targetsize = sizeof(int),
}; };
static inline int ebt_do_watcher (struct ebt_entry_watcher *w, static inline int
struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
const struct net_device *out) struct xt_target_param *par)
{ {
w->u.watcher->target(skb, in, out, hooknr, w->u.watcher, w->data); par->target = w->u.watcher;
par->targinfo = w->data;
w->u.watcher->target(skb, par);
/* watchers don't give a verdict */ /* watchers don't give a verdict */
return 0; return 0;
} }
@ -156,10 +158,12 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
struct ebt_table_info *private; struct ebt_table_info *private;
bool hotdrop = false; bool hotdrop = false;
struct xt_match_param mtpar; struct xt_match_param mtpar;
struct xt_target_param tgpar;
mtpar.in = in; mtpar.in = tgpar.in = in;
mtpar.out = out; mtpar.out = tgpar.out = out;
mtpar.hotdrop = &hotdrop; mtpar.hotdrop = &hotdrop;
tgpar.hooknum = hook;
read_lock_bh(&table->lock); read_lock_bh(&table->lock);
private = table->private; private = table->private;
@ -193,17 +197,18 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
/* these should only watch: not modify, nor tell us /* these should only watch: not modify, nor tell us
what to do with the packet */ what to do with the packet */
EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, hook, in, EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar);
out);
t = (struct ebt_entry_target *) t = (struct ebt_entry_target *)
(((char *)point) + point->target_offset); (((char *)point) + point->target_offset);
/* standard target */ /* standard target */
if (!t->u.target->target) if (!t->u.target->target)
verdict = ((struct ebt_standard_target *)t)->verdict; verdict = ((struct ebt_standard_target *)t)->verdict;
else else {
verdict = t->u.target->target(skb, in, out, hook, tgpar.target = t->u.target;
t->u.target, t->data); tgpar.targinfo = t->data;
verdict = t->u.target->target(skb, &tgpar);
}
if (verdict == EBT_ACCEPT) { if (verdict == EBT_ACCEPT) {
read_unlock_bh(&table->lock); read_unlock_bh(&table->lock);
return NF_ACCEPT; return NF_ACCEPT;

View file

@ -200,15 +200,12 @@ static inline int arp_checkentry(const struct arpt_arp *arp)
return 1; return 1;
} }
static unsigned int arpt_error(struct sk_buff *skb, static unsigned int
const struct net_device *in, arpt_error(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
const void *targinfo)
{ {
if (net_ratelimit()) if (net_ratelimit())
printk("arp_tables: error: '%s'\n", (char *)targinfo); printk("arp_tables: error: '%s'\n",
(const char *)par->targinfo);
return NF_DROP; return NF_DROP;
} }
@ -232,6 +229,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
const char *indev, *outdev; const char *indev, *outdev;
void *table_base; void *table_base;
const struct xt_table_info *private; const struct xt_table_info *private;
struct xt_target_param tgpar;
if (!pskb_may_pull(skb, arp_hdr_len(skb->dev))) if (!pskb_may_pull(skb, arp_hdr_len(skb->dev)))
return NF_DROP; return NF_DROP;
@ -245,6 +243,10 @@ unsigned int arpt_do_table(struct sk_buff *skb,
e = get_entry(table_base, private->hook_entry[hook]); e = get_entry(table_base, private->hook_entry[hook]);
back = get_entry(table_base, private->underflow[hook]); back = get_entry(table_base, private->underflow[hook]);
tgpar.in = in;
tgpar.out = out;
tgpar.hooknum = hook;
arp = arp_hdr(skb); arp = arp_hdr(skb);
do { do {
if (arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) { if (arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {
@ -290,11 +292,10 @@ unsigned int arpt_do_table(struct sk_buff *skb,
/* Targets which reenter must return /* Targets which reenter must return
* abs. verdicts * abs. verdicts
*/ */
tgpar.target = t->u.kernel.target;
tgpar.targinfo = t->data;
verdict = t->u.kernel.target->target(skb, verdict = t->u.kernel.target->target(skb,
in, out, &tgpar);
hook,
t->u.kernel.target,
t->data);
/* Target might have changed stuff. */ /* Target might have changed stuff. */
arp = arp_hdr(skb); arp = arp_hdr(skb);

View file

@ -9,12 +9,9 @@ MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>");
MODULE_DESCRIPTION("arptables arp payload mangle target"); MODULE_DESCRIPTION("arptables arp payload mangle target");
static unsigned int static unsigned int
target(struct sk_buff *skb, target(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *in, const struct net_device *out,
unsigned int hooknum, const struct xt_target *target,
const void *targinfo)
{ {
const struct arpt_mangle *mangle = targinfo; const struct arpt_mangle *mangle = par->targinfo;
const struct arphdr *arp; const struct arphdr *arp;
unsigned char *arpptr; unsigned char *arpptr;
int pln, hln; int pln, hln;

View file

@ -171,15 +171,11 @@ ip_checkentry(const struct ipt_ip *ip)
} }
static unsigned int static unsigned int
ipt_error(struct sk_buff *skb, ipt_error(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
const void *targinfo)
{ {
if (net_ratelimit()) if (net_ratelimit())
printk("ip_tables: error: `%s'\n", (char *)targinfo); printk("ip_tables: error: `%s'\n",
(const char *)par->targinfo);
return NF_DROP; return NF_DROP;
} }
@ -334,6 +330,7 @@ ipt_do_table(struct sk_buff *skb,
struct ipt_entry *e, *back; struct ipt_entry *e, *back;
struct xt_table_info *private; struct xt_table_info *private;
struct xt_match_param mtpar; struct xt_match_param mtpar;
struct xt_target_param tgpar;
/* Initialization */ /* Initialization */
ip = ip_hdr(skb); ip = ip_hdr(skb);
@ -349,8 +346,9 @@ ipt_do_table(struct sk_buff *skb,
mtpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET; mtpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET;
mtpar.thoff = ip_hdrlen(skb); mtpar.thoff = ip_hdrlen(skb);
mtpar.hotdrop = &hotdrop; mtpar.hotdrop = &hotdrop;
mtpar.in = in; mtpar.in = tgpar.in = in;
mtpar.out = out; mtpar.out = tgpar.out = out;
tgpar.hooknum = hook;
read_lock_bh(&table->lock); read_lock_bh(&table->lock);
IP_NF_ASSERT(table->valid_hooks & (1 << hook)); IP_NF_ASSERT(table->valid_hooks & (1 << hook));
@ -414,16 +412,14 @@ ipt_do_table(struct sk_buff *skb,
} else { } else {
/* Targets which reenter must return /* Targets which reenter must return
abs. verdicts */ abs. verdicts */
tgpar.target = t->u.kernel.target;
tgpar.targinfo = t->data;
#ifdef CONFIG_NETFILTER_DEBUG #ifdef CONFIG_NETFILTER_DEBUG
((struct ipt_entry *)table_base)->comefrom ((struct ipt_entry *)table_base)->comefrom
= 0xeeeeeeec; = 0xeeeeeeec;
#endif #endif
verdict = t->u.kernel.target->target(skb, verdict = t->u.kernel.target->target(skb,
in, out, &tgpar);
hook,
t->u.kernel.target,
t->data);
#ifdef CONFIG_NETFILTER_DEBUG #ifdef CONFIG_NETFILTER_DEBUG
if (((struct ipt_entry *)table_base)->comefrom if (((struct ipt_entry *)table_base)->comefrom
!= 0xeeeeeeec != 0xeeeeeeec

View file

@ -281,11 +281,9 @@ clusterip_responsible(const struct clusterip_config *config, u_int32_t hash)
***********************************************************************/ ***********************************************************************/
static unsigned int static unsigned int
clusterip_tg(struct sk_buff *skb, const struct net_device *in, clusterip_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct ipt_clusterip_tgt_info *cipinfo = targinfo; const struct ipt_clusterip_tgt_info *cipinfo = par->targinfo;
struct nf_conn *ct; struct nf_conn *ct;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
u_int32_t hash; u_int32_t hash;

View file

@ -77,11 +77,9 @@ set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
} }
static unsigned int static unsigned int
ecn_tg(struct sk_buff *skb, const struct net_device *in, ecn_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct ipt_ECN_info *einfo = targinfo; const struct ipt_ECN_info *einfo = par->targinfo;
if (einfo->operation & IPT_ECN_OP_SET_IP) if (einfo->operation & IPT_ECN_OP_SET_IP)
if (!set_ect_ip(skb, einfo)) if (!set_ect_ip(skb, einfo))

View file

@ -426,18 +426,16 @@ ipt_log_packet(u_int8_t pf,
} }
static unsigned int static unsigned int
log_tg(struct sk_buff *skb, const struct net_device *in, log_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct ipt_log_info *loginfo = targinfo; const struct ipt_log_info *loginfo = par->targinfo;
struct nf_loginfo li; struct nf_loginfo li;
li.type = NF_LOG_TYPE_LOG; li.type = NF_LOG_TYPE_LOG;
li.u.log.level = loginfo->level; li.u.log.level = loginfo->level;
li.u.log.logflags = loginfo->logflags; li.u.log.logflags = loginfo->logflags;
ipt_log_packet(NFPROTO_IPV4, hooknum, skb, in, out, &li, ipt_log_packet(NFPROTO_IPV4, par->hooknum, skb, par->in, par->out, &li,
loginfo->prefix); loginfo->prefix);
return XT_CONTINUE; return XT_CONTINUE;
} }

View file

@ -50,9 +50,7 @@ masquerade_tg_check(const char *tablename, const void *e,
} }
static unsigned int static unsigned int
masquerade_tg(struct sk_buff *skb, const struct net_device *in, masquerade_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
struct nf_conn *ct; struct nf_conn *ct;
struct nf_conn_nat *nat; struct nf_conn_nat *nat;
@ -62,7 +60,7 @@ masquerade_tg(struct sk_buff *skb, const struct net_device *in,
const struct rtable *rt; const struct rtable *rt;
__be32 newsrc; __be32 newsrc;
NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING); NF_CT_ASSERT(par->hooknum == NF_INET_POST_ROUTING);
ct = nf_ct_get(skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo);
nat = nfct_nat(ct); nat = nfct_nat(ct);
@ -76,16 +74,16 @@ masquerade_tg(struct sk_buff *skb, const struct net_device *in,
if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip == 0) if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip == 0)
return NF_ACCEPT; return NF_ACCEPT;
mr = targinfo; mr = par->targinfo;
rt = skb->rtable; rt = skb->rtable;
newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE); newsrc = inet_select_addr(par->out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
if (!newsrc) { if (!newsrc) {
printk("MASQUERADE: %s ate my IP address\n", out->name); printk("MASQUERADE: %s ate my IP address\n", par->out->name);
return NF_DROP; return NF_DROP;
} }
write_lock_bh(&masq_lock); write_lock_bh(&masq_lock);
nat->masq_index = out->ifindex; nat->masq_index = par->out->ifindex;
write_unlock_bh(&masq_lock); write_unlock_bh(&masq_lock);
/* Transfer from original range. */ /* Transfer from original range. */

View file

@ -41,24 +41,23 @@ netmap_tg_check(const char *tablename, const void *e,
} }
static unsigned int static unsigned int
netmap_tg(struct sk_buff *skb, const struct net_device *in, netmap_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
struct nf_conn *ct; struct nf_conn *ct;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
__be32 new_ip, netmask; __be32 new_ip, netmask;
const struct nf_nat_multi_range_compat *mr = targinfo; const struct nf_nat_multi_range_compat *mr = par->targinfo;
struct nf_nat_range newrange; struct nf_nat_range newrange;
NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
|| hooknum == NF_INET_POST_ROUTING par->hooknum == NF_INET_POST_ROUTING ||
|| hooknum == NF_INET_LOCAL_OUT); par->hooknum == NF_INET_LOCAL_OUT);
ct = nf_ct_get(skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo);
netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
if (hooknum == NF_INET_PRE_ROUTING || hooknum == NF_INET_LOCAL_OUT) if (par->hooknum == NF_INET_PRE_ROUTING ||
par->hooknum == NF_INET_LOCAL_OUT)
new_ip = ip_hdr(skb)->daddr & ~netmask; new_ip = ip_hdr(skb)->daddr & ~netmask;
else else
new_ip = ip_hdr(skb)->saddr & ~netmask; new_ip = ip_hdr(skb)->saddr & ~netmask;
@ -70,7 +69,7 @@ netmap_tg(struct sk_buff *skb, const struct net_device *in,
mr->range[0].min, mr->range[0].max }); mr->range[0].min, mr->range[0].max });
/* Hand modified range to generic setup. */ /* Hand modified range to generic setup. */
return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(hooknum)); return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
} }
static struct xt_target netmap_tg_reg __read_mostly = { static struct xt_target netmap_tg_reg __read_mostly = {

View file

@ -45,24 +45,22 @@ redirect_tg_check(const char *tablename, const void *e,
} }
static unsigned int static unsigned int
redirect_tg(struct sk_buff *skb, const struct net_device *in, redirect_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
struct nf_conn *ct; struct nf_conn *ct;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
__be32 newdst; __be32 newdst;
const struct nf_nat_multi_range_compat *mr = targinfo; const struct nf_nat_multi_range_compat *mr = par->targinfo;
struct nf_nat_range newrange; struct nf_nat_range newrange;
NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
|| hooknum == NF_INET_LOCAL_OUT); par->hooknum == NF_INET_LOCAL_OUT);
ct = nf_ct_get(skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo);
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
/* Local packets: make them go to loopback */ /* Local packets: make them go to loopback */
if (hooknum == NF_INET_LOCAL_OUT) if (par->hooknum == NF_INET_LOCAL_OUT)
newdst = htonl(0x7F000001); newdst = htonl(0x7F000001);
else { else {
struct in_device *indev; struct in_device *indev;

View file

@ -136,11 +136,9 @@ static inline void send_unreach(struct sk_buff *skb_in, int code)
} }
static unsigned int static unsigned int
reject_tg(struct sk_buff *skb, const struct net_device *in, reject_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct ipt_reject_info *reject = targinfo; const struct ipt_reject_info *reject = par->targinfo;
/* WARNING: This code causes reentry within iptables. /* WARNING: This code causes reentry within iptables.
This means that the iptables jump stack is now crap. We This means that the iptables jump stack is now crap. We
@ -168,7 +166,7 @@ reject_tg(struct sk_buff *skb, const struct net_device *in,
send_unreach(skb, ICMP_PKT_FILTERED); send_unreach(skb, ICMP_PKT_FILTERED);
break; break;
case IPT_TCP_RESET: case IPT_TCP_RESET:
send_reset(skb, hooknum); send_reset(skb, par->hooknum);
case IPT_ICMP_ECHOREPLY: case IPT_ICMP_ECHOREPLY:
/* Doesn't happen. */ /* Doesn't happen. */
break; break;

View file

@ -20,12 +20,10 @@ MODULE_DESCRIPTION("Xtables: IPv4 TTL field modification target");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
static unsigned int static unsigned int
ttl_tg(struct sk_buff *skb, const struct net_device *in, ttl_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
struct iphdr *iph; struct iphdr *iph;
const struct ipt_TTL_info *info = targinfo; const struct ipt_TTL_info *info = par->targinfo;
int new_ttl; int new_ttl;
if (!skb_make_writable(skb, skb->len)) if (!skb_make_writable(skb, skb->len))

View file

@ -281,14 +281,10 @@ alloc_failure:
} }
static unsigned int static unsigned int
ulog_tg(struct sk_buff *skb, const struct net_device *in, ulog_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; ipt_ulog_packet(par->hooknum, skb, par->in, par->out,
par->targinfo, NULL);
ipt_ulog_packet(hooknum, skb, in, out, loginfo, NULL);
return XT_CONTINUE; return XT_CONTINUE;
} }

View file

@ -67,25 +67,21 @@ static struct xt_table nat_table = {
}; };
/* Source NAT */ /* Source NAT */
static unsigned int ipt_snat_target(struct sk_buff *skb, static unsigned int
const struct net_device *in, ipt_snat_target(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
const void *targinfo)
{ {
struct nf_conn *ct; struct nf_conn *ct;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
const struct nf_nat_multi_range_compat *mr = targinfo; const struct nf_nat_multi_range_compat *mr = par->targinfo;
NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING); NF_CT_ASSERT(par->hooknum == NF_INET_POST_ROUTING);
ct = nf_ct_get(skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo);
/* Connection must be valid and new. */ /* Connection must be valid and new. */
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
NF_CT_ASSERT(out); NF_CT_ASSERT(par->out != NULL);
return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_SRC); return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_SRC);
} }
@ -109,28 +105,24 @@ static void warn_if_extra_mangle(struct net *net, __be32 dstip, __be32 srcip)
ip_rt_put(rt); ip_rt_put(rt);
} }
static unsigned int ipt_dnat_target(struct sk_buff *skb, static unsigned int
const struct net_device *in, ipt_dnat_target(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
const void *targinfo)
{ {
struct nf_conn *ct; struct nf_conn *ct;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
const struct nf_nat_multi_range_compat *mr = targinfo; const struct nf_nat_multi_range_compat *mr = par->targinfo;
NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING || NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
hooknum == NF_INET_LOCAL_OUT); par->hooknum == NF_INET_LOCAL_OUT);
ct = nf_ct_get(skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo);
/* Connection must be valid and new. */ /* Connection must be valid and new. */
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
if (hooknum == NF_INET_LOCAL_OUT && if (par->hooknum == NF_INET_LOCAL_OUT &&
mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)
warn_if_extra_mangle(dev_net(out), ip_hdr(skb)->daddr, warn_if_extra_mangle(dev_net(par->out), ip_hdr(skb)->daddr,
mr->range[0].min_ip); mr->range[0].min_ip);
return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST); return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST);

View file

@ -200,15 +200,11 @@ ip6_checkentry(const struct ip6t_ip6 *ipv6)
} }
static unsigned int static unsigned int
ip6t_error(struct sk_buff *skb, ip6t_error(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
const void *targinfo)
{ {
if (net_ratelimit()) if (net_ratelimit())
printk("ip6_tables: error: `%s'\n", (char *)targinfo); printk("ip6_tables: error: `%s'\n",
(const char *)par->targinfo);
return NF_DROP; return NF_DROP;
} }
@ -360,6 +356,7 @@ ip6t_do_table(struct sk_buff *skb,
struct ip6t_entry *e, *back; struct ip6t_entry *e, *back;
struct xt_table_info *private; struct xt_table_info *private;
struct xt_match_param mtpar; struct xt_match_param mtpar;
struct xt_target_param tgpar;
/* Initialization */ /* Initialization */
indev = in ? in->name : nulldevname; indev = in ? in->name : nulldevname;
@ -371,8 +368,9 @@ ip6t_do_table(struct sk_buff *skb,
* rule is also a fragment-specific rule, non-fragments won't * rule is also a fragment-specific rule, non-fragments won't
* match it. */ * match it. */
mtpar.hotdrop = &hotdrop; mtpar.hotdrop = &hotdrop;
mtpar.in = in; mtpar.in = tgpar.in = in;
mtpar.out = out; mtpar.out = tgpar.out = out;
tgpar.hooknum = hook;
read_lock_bh(&table->lock); read_lock_bh(&table->lock);
IP_NF_ASSERT(table->valid_hooks & (1 << hook)); IP_NF_ASSERT(table->valid_hooks & (1 << hook));
@ -438,15 +436,15 @@ ip6t_do_table(struct sk_buff *skb,
} else { } else {
/* Targets which reenter must return /* Targets which reenter must return
abs. verdicts */ abs. verdicts */
tgpar.target = t->u.kernel.target;
tgpar.targinfo = t->data;
#ifdef CONFIG_NETFILTER_DEBUG #ifdef CONFIG_NETFILTER_DEBUG
((struct ip6t_entry *)table_base)->comefrom ((struct ip6t_entry *)table_base)->comefrom
= 0xeeeeeeec; = 0xeeeeeeec;
#endif #endif
verdict = t->u.kernel.target->target(skb, verdict = t->u.kernel.target->target(skb,
in, out, &tgpar);
hook,
t->u.kernel.target,
t->data);
#ifdef CONFIG_NETFILTER_DEBUG #ifdef CONFIG_NETFILTER_DEBUG
if (((struct ip6t_entry *)table_base)->comefrom if (((struct ip6t_entry *)table_base)->comefrom

View file

@ -19,12 +19,10 @@ MODULE_DESCRIPTION("Xtables: IPv6 Hop Limit field modification target");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
static unsigned int static unsigned int
hl_tg6(struct sk_buff *skb, const struct net_device *in, hl_tg6(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
struct ipv6hdr *ip6h; struct ipv6hdr *ip6h;
const struct ip6t_HL_info *info = targinfo; const struct ip6t_HL_info *info = par->targinfo;
int new_hl; int new_hl;
if (!skb_make_writable(skb, skb->len)) if (!skb_make_writable(skb, skb->len))

View file

@ -438,18 +438,16 @@ ip6t_log_packet(u_int8_t pf,
} }
static unsigned int static unsigned int
log_tg6(struct sk_buff *skb, const struct net_device *in, log_tg6(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct ip6t_log_info *loginfo = targinfo; const struct ip6t_log_info *loginfo = par->targinfo;
struct nf_loginfo li; struct nf_loginfo li;
li.type = NF_LOG_TYPE_LOG; li.type = NF_LOG_TYPE_LOG;
li.u.log.level = loginfo->level; li.u.log.level = loginfo->level;
li.u.log.logflags = loginfo->logflags; li.u.log.logflags = loginfo->logflags;
ip6t_log_packet(NFPROTO_IPV6, hooknum, skb, in, out, ip6t_log_packet(NFPROTO_IPV6, par->hooknum, skb, par->in, par->out,
&li, loginfo->prefix); &li, loginfo->prefix);
return XT_CONTINUE; return XT_CONTINUE;
} }

View file

@ -173,12 +173,10 @@ send_unreach(struct net *net, struct sk_buff *skb_in, unsigned char code,
} }
static unsigned int static unsigned int
reject_tg6(struct sk_buff *skb, const struct net_device *in, reject_tg6(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct ip6t_reject_info *reject = targinfo; const struct ip6t_reject_info *reject = par->targinfo;
struct net *net = dev_net(in ? in : out); struct net *net = dev_net((par->in != NULL) ? par->in : par->out);
pr_debug("%s: medium point\n", __func__); pr_debug("%s: medium point\n", __func__);
/* WARNING: This code causes reentry within ip6tables. /* WARNING: This code causes reentry within ip6tables.
@ -186,19 +184,19 @@ reject_tg6(struct sk_buff *skb, const struct net_device *in,
must return an absolute verdict. --RR */ must return an absolute verdict. --RR */
switch (reject->with) { switch (reject->with) {
case IP6T_ICMP6_NO_ROUTE: case IP6T_ICMP6_NO_ROUTE:
send_unreach(net, skb, ICMPV6_NOROUTE, hooknum); send_unreach(net, skb, ICMPV6_NOROUTE, par->hooknum);
break; break;
case IP6T_ICMP6_ADM_PROHIBITED: case IP6T_ICMP6_ADM_PROHIBITED:
send_unreach(net, skb, ICMPV6_ADM_PROHIBITED, hooknum); send_unreach(net, skb, ICMPV6_ADM_PROHIBITED, par->hooknum);
break; break;
case IP6T_ICMP6_NOT_NEIGHBOUR: case IP6T_ICMP6_NOT_NEIGHBOUR:
send_unreach(net, skb, ICMPV6_NOT_NEIGHBOUR, hooknum); send_unreach(net, skb, ICMPV6_NOT_NEIGHBOUR, par->hooknum);
break; break;
case IP6T_ICMP6_ADDR_UNREACH: case IP6T_ICMP6_ADDR_UNREACH:
send_unreach(net, skb, ICMPV6_ADDR_UNREACH, hooknum); send_unreach(net, skb, ICMPV6_ADDR_UNREACH, par->hooknum);
break; break;
case IP6T_ICMP6_PORT_UNREACH: case IP6T_ICMP6_PORT_UNREACH:
send_unreach(net, skb, ICMPV6_PORT_UNREACH, hooknum); send_unreach(net, skb, ICMPV6_PORT_UNREACH, par->hooknum);
break; break;
case IP6T_ICMP6_ECHOREPLY: case IP6T_ICMP6_ECHOREPLY:
/* Do nothing */ /* Do nothing */

View file

@ -27,11 +27,9 @@ MODULE_ALIAS("ipt_CLASSIFY");
MODULE_ALIAS("ip6t_CLASSIFY"); MODULE_ALIAS("ip6t_CLASSIFY");
static unsigned int static unsigned int
classify_tg(struct sk_buff *skb, const struct net_device *in, classify_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct xt_classify_target_info *clinfo = targinfo; const struct xt_classify_target_info *clinfo = par->targinfo;
skb->priority = clinfo->priority; skb->priority = clinfo->priority;
return XT_CONTINUE; return XT_CONTINUE;

View file

@ -36,11 +36,9 @@ MODULE_ALIAS("ip6t_CONNMARK");
#include <net/netfilter/nf_conntrack_ecache.h> #include <net/netfilter/nf_conntrack_ecache.h>
static unsigned int static unsigned int
connmark_tg_v0(struct sk_buff *skb, const struct net_device *in, connmark_tg_v0(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct xt_connmark_target_info *markinfo = targinfo; const struct xt_connmark_target_info *markinfo = par->targinfo;
struct nf_conn *ct; struct nf_conn *ct;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
u_int32_t diff; u_int32_t diff;
@ -77,11 +75,9 @@ connmark_tg_v0(struct sk_buff *skb, const struct net_device *in,
} }
static unsigned int static unsigned int
connmark_tg(struct sk_buff *skb, const struct net_device *in, connmark_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct xt_connmark_tginfo1 *info = targinfo; const struct xt_connmark_tginfo1 *info = par->targinfo;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
struct nf_conn *ct; struct nf_conn *ct;
u_int32_t newmark; u_int32_t newmark;

View file

@ -65,11 +65,9 @@ static void secmark_restore(struct sk_buff *skb)
} }
static unsigned int static unsigned int
connsecmark_tg(struct sk_buff *skb, const struct net_device *in, connsecmark_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct xt_connsecmark_target_info *info = targinfo; const struct xt_connsecmark_target_info *info = par->targinfo;
switch (info->mode) { switch (info->mode) {
case CONNSECMARK_SAVE: case CONNSECMARK_SAVE:

View file

@ -29,11 +29,9 @@ MODULE_ALIAS("ipt_TOS");
MODULE_ALIAS("ip6t_TOS"); MODULE_ALIAS("ip6t_TOS");
static unsigned int static unsigned int
dscp_tg(struct sk_buff *skb, const struct net_device *in, dscp_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct xt_DSCP_info *dinfo = targinfo; const struct xt_DSCP_info *dinfo = par->targinfo;
u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
if (dscp != dinfo->dscp) { if (dscp != dinfo->dscp) {
@ -48,11 +46,9 @@ dscp_tg(struct sk_buff *skb, const struct net_device *in,
} }
static unsigned int static unsigned int
dscp_tg6(struct sk_buff *skb, const struct net_device *in, dscp_tg6(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct xt_DSCP_info *dinfo = targinfo; const struct xt_DSCP_info *dinfo = par->targinfo;
u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT;
if (dscp != dinfo->dscp) { if (dscp != dinfo->dscp) {
@ -80,11 +76,9 @@ dscp_tg_check(const char *tablename, const void *e_void,
} }
static unsigned int static unsigned int
tos_tg_v0(struct sk_buff *skb, const struct net_device *in, tos_tg_v0(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct ipt_tos_target_info *info = targinfo; const struct ipt_tos_target_info *info = par->targinfo;
struct iphdr *iph = ip_hdr(skb); struct iphdr *iph = ip_hdr(skb);
u_int8_t oldtos; u_int8_t oldtos;
@ -119,11 +113,9 @@ tos_tg_check_v0(const char *tablename, const void *e_void,
} }
static unsigned int static unsigned int
tos_tg(struct sk_buff *skb, const struct net_device *in, tos_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct xt_tos_target_info *info = targinfo; const struct xt_tos_target_info *info = par->targinfo;
struct iphdr *iph = ip_hdr(skb); struct iphdr *iph = ip_hdr(skb);
u_int8_t orig, nv; u_int8_t orig, nv;
@ -141,11 +133,9 @@ tos_tg(struct sk_buff *skb, const struct net_device *in,
} }
static unsigned int static unsigned int
tos_tg6(struct sk_buff *skb, const struct net_device *in, tos_tg6(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct xt_tos_target_info *info = targinfo; const struct xt_tos_target_info *info = par->targinfo;
struct ipv6hdr *iph = ipv6_hdr(skb); struct ipv6hdr *iph = ipv6_hdr(skb);
u_int8_t orig, nv; u_int8_t orig, nv;

View file

@ -25,22 +25,18 @@ MODULE_ALIAS("ipt_MARK");
MODULE_ALIAS("ip6t_MARK"); MODULE_ALIAS("ip6t_MARK");
static unsigned int static unsigned int
mark_tg_v0(struct sk_buff *skb, const struct net_device *in, mark_tg_v0(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct xt_mark_target_info *markinfo = targinfo; const struct xt_mark_target_info *markinfo = par->targinfo;
skb->mark = markinfo->mark; skb->mark = markinfo->mark;
return XT_CONTINUE; return XT_CONTINUE;
} }
static unsigned int static unsigned int
mark_tg_v1(struct sk_buff *skb, const struct net_device *in, mark_tg_v1(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct xt_mark_target_info_v1 *markinfo = targinfo; const struct xt_mark_target_info_v1 *markinfo = par->targinfo;
int mark = 0; int mark = 0;
switch (markinfo->mode) { switch (markinfo->mode) {
@ -62,11 +58,9 @@ mark_tg_v1(struct sk_buff *skb, const struct net_device *in,
} }
static unsigned int static unsigned int
mark_tg(struct sk_buff *skb, const struct net_device *in, mark_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct xt_mark_tginfo2 *info = targinfo; const struct xt_mark_tginfo2 *info = par->targinfo;
skb->mark = (skb->mark & ~info->mask) ^ info->mark; skb->mark = (skb->mark & ~info->mask) ^ info->mark;
return XT_CONTINUE; return XT_CONTINUE;

View file

@ -21,11 +21,9 @@ MODULE_ALIAS("ipt_NFLOG");
MODULE_ALIAS("ip6t_NFLOG"); MODULE_ALIAS("ip6t_NFLOG");
static unsigned int static unsigned int
nflog_tg(struct sk_buff *skb, const struct net_device *in, nflog_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct xt_nflog_info *info = targinfo; const struct xt_nflog_info *info = par->targinfo;
struct nf_loginfo li; struct nf_loginfo li;
li.type = NF_LOG_TYPE_ULOG; li.type = NF_LOG_TYPE_ULOG;
@ -33,8 +31,8 @@ nflog_tg(struct sk_buff *skb, const struct net_device *in,
li.u.ulog.group = info->group; li.u.ulog.group = info->group;
li.u.ulog.qthreshold = info->threshold; li.u.ulog.qthreshold = info->threshold;
nf_log_packet(target->family, hooknum, skb, in, out, &li, nf_log_packet(par->target->family, par->hooknum, skb, par->in,
"%s", info->prefix); par->out, &li, "%s", info->prefix);
return XT_CONTINUE; return XT_CONTINUE;
} }

View file

@ -24,11 +24,9 @@ MODULE_ALIAS("ip6t_NFQUEUE");
MODULE_ALIAS("arpt_NFQUEUE"); MODULE_ALIAS("arpt_NFQUEUE");
static unsigned int static unsigned int
nfqueue_tg(struct sk_buff *skb, const struct net_device *in, nfqueue_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
const struct xt_NFQ_info *tinfo = targinfo; const struct xt_NFQ_info *tinfo = par->targinfo;
return NF_QUEUE_NR(tinfo->queuenum); return NF_QUEUE_NR(tinfo->queuenum);
} }

View file

@ -13,9 +13,7 @@ MODULE_ALIAS("ipt_NOTRACK");
MODULE_ALIAS("ip6t_NOTRACK"); MODULE_ALIAS("ip6t_NOTRACK");
static unsigned int static unsigned int
notrack_tg(struct sk_buff *skb, const struct net_device *in, notrack_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
/* Previously seen (loopback)? Ignore. */ /* Previously seen (loopback)? Ignore. */
if (skb->nfct != NULL) if (skb->nfct != NULL)

View file

@ -71,14 +71,9 @@ void xt_rateest_put(struct xt_rateest *est)
EXPORT_SYMBOL_GPL(xt_rateest_put); EXPORT_SYMBOL_GPL(xt_rateest_put);
static unsigned int static unsigned int
xt_rateest_tg(struct sk_buff *skb, xt_rateest_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
const void *targinfo)
{ {
const struct xt_rateest_target_info *info = targinfo; const struct xt_rateest_target_info *info = par->targinfo;
struct gnet_stats_basic *stats = &info->est->bstats; struct gnet_stats_basic *stats = &info->est->bstats;
spin_lock_bh(&info->est->lock); spin_lock_bh(&info->est->lock);

View file

@ -29,12 +29,10 @@ MODULE_ALIAS("ip6t_SECMARK");
static u8 mode; static u8 mode;
static unsigned int static unsigned int
secmark_tg(struct sk_buff *skb, const struct net_device *in, secmark_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
u32 secmark = 0; u32 secmark = 0;
const struct xt_secmark_target_info *info = targinfo; const struct xt_secmark_target_info *info = par->targinfo;
BUG_ON(info->mode != mode); BUG_ON(info->mode != mode);

View file

@ -174,15 +174,13 @@ static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
} }
static unsigned int static unsigned int
tcpmss_tg4(struct sk_buff *skb, const struct net_device *in, tcpmss_tg4(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
struct iphdr *iph = ip_hdr(skb); struct iphdr *iph = ip_hdr(skb);
__be16 newlen; __be16 newlen;
int ret; int ret;
ret = tcpmss_mangle_packet(skb, targinfo, ret = tcpmss_mangle_packet(skb, par->targinfo,
tcpmss_reverse_mtu(skb, PF_INET), tcpmss_reverse_mtu(skb, PF_INET),
iph->ihl * 4, iph->ihl * 4,
sizeof(*iph) + sizeof(struct tcphdr)); sizeof(*iph) + sizeof(struct tcphdr));
@ -199,9 +197,7 @@ tcpmss_tg4(struct sk_buff *skb, const struct net_device *in,
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
static unsigned int static unsigned int
tcpmss_tg6(struct sk_buff *skb, const struct net_device *in, tcpmss_tg6(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
struct ipv6hdr *ipv6h = ipv6_hdr(skb); struct ipv6hdr *ipv6h = ipv6_hdr(skb);
u8 nexthdr; u8 nexthdr;
@ -212,7 +208,7 @@ tcpmss_tg6(struct sk_buff *skb, const struct net_device *in,
tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr); tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr);
if (tcphoff < 0) if (tcphoff < 0)
return NF_DROP; return NF_DROP;
ret = tcpmss_mangle_packet(skb, targinfo, ret = tcpmss_mangle_packet(skb, par->targinfo,
tcpmss_reverse_mtu(skb, PF_INET6), tcpmss_reverse_mtu(skb, PF_INET6),
tcphoff, tcphoff,
sizeof(*ipv6h) + sizeof(struct tcphdr)); sizeof(*ipv6h) + sizeof(struct tcphdr));

View file

@ -75,19 +75,15 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb,
} }
static unsigned int static unsigned int
tcpoptstrip_tg4(struct sk_buff *skb, const struct net_device *in, tcpoptstrip_tg4(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
return tcpoptstrip_mangle_packet(skb, targinfo, ip_hdrlen(skb), return tcpoptstrip_mangle_packet(skb, par->targinfo, ip_hdrlen(skb),
sizeof(struct iphdr) + sizeof(struct tcphdr)); sizeof(struct iphdr) + sizeof(struct tcphdr));
} }
#if defined(CONFIG_IP6_NF_MANGLE) || defined(CONFIG_IP6_NF_MANGLE_MODULE) #if defined(CONFIG_IP6_NF_MANGLE) || defined(CONFIG_IP6_NF_MANGLE_MODULE)
static unsigned int static unsigned int
tcpoptstrip_tg6(struct sk_buff *skb, const struct net_device *in, tcpoptstrip_tg6(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
struct ipv6hdr *ipv6h = ipv6_hdr(skb); struct ipv6hdr *ipv6h = ipv6_hdr(skb);
int tcphoff; int tcphoff;
@ -98,7 +94,7 @@ tcpoptstrip_tg6(struct sk_buff *skb, const struct net_device *in,
if (tcphoff < 0) if (tcphoff < 0)
return NF_DROP; return NF_DROP;
return tcpoptstrip_mangle_packet(skb, targinfo, tcphoff, return tcpoptstrip_mangle_packet(skb, par->targinfo, tcphoff,
sizeof(*ipv6h) + sizeof(struct tcphdr)); sizeof(*ipv6h) + sizeof(struct tcphdr));
} }
#endif #endif

View file

@ -25,15 +25,10 @@
#include <net/netfilter/nf_tproxy_core.h> #include <net/netfilter/nf_tproxy_core.h>
static unsigned int static unsigned int
tproxy_tg(struct sk_buff *skb, tproxy_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
const void *targinfo)
{ {
const struct iphdr *iph = ip_hdr(skb); const struct iphdr *iph = ip_hdr(skb);
const struct xt_tproxy_target_info *tgi = targinfo; const struct xt_tproxy_target_info *tgi = par->targinfo;
struct udphdr _hdr, *hp; struct udphdr _hdr, *hp;
struct sock *sk; struct sock *sk;
@ -44,7 +39,7 @@ tproxy_tg(struct sk_buff *skb,
sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), iph->protocol, sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), iph->protocol,
iph->saddr, tgi->laddr ? tgi->laddr : iph->daddr, iph->saddr, tgi->laddr ? tgi->laddr : iph->daddr,
hp->source, tgi->lport ? tgi->lport : hp->dest, hp->source, tgi->lport ? tgi->lport : hp->dest,
in, true); par->in, true);
/* NOTE: assign_sock consumes our sk reference */ /* NOTE: assign_sock consumes our sk reference */
if (sk && nf_tproxy_assign_sock(skb, sk)) { if (sk && nf_tproxy_assign_sock(skb, sk)) {

View file

@ -11,9 +11,7 @@ MODULE_ALIAS("ipt_TRACE");
MODULE_ALIAS("ip6t_TRACE"); MODULE_ALIAS("ip6t_TRACE");
static unsigned int static unsigned int
trace_tg(struct sk_buff *skb, const struct net_device *in, trace_tg(struct sk_buff *skb, const struct xt_target_param *par)
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{ {
skb->nf_trace = 1; skb->nf_trace = 1;
return XT_CONTINUE; return XT_CONTINUE;

View file

@ -188,6 +188,7 @@ static int tcf_ipt(struct sk_buff *skb, struct tc_action *a,
{ {
int ret = 0, result = 0; int ret = 0, result = 0;
struct tcf_ipt *ipt = a->priv; struct tcf_ipt *ipt = a->priv;
struct xt_target_param par;
if (skb_cloned(skb)) { if (skb_cloned(skb)) {
if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
@ -203,10 +204,13 @@ static int tcf_ipt(struct sk_buff *skb, struct tc_action *a,
/* yes, we have to worry about both in and out dev /* yes, we have to worry about both in and out dev
worry later - danger - this API seems to have changed worry later - danger - this API seems to have changed
from earlier kernels */ from earlier kernels */
ret = ipt->tcfi_t->u.kernel.target->target(skb, skb->dev, NULL, par.in = skb->dev;
ipt->tcfi_hook, par.out = NULL;
ipt->tcfi_t->u.kernel.target, par.hooknum = ipt->tcfi_hook;
ipt->tcfi_t->data); par.target = ipt->tcfi_t->u.kernel.target;
par.targinfo = ipt->tcfi_t->data;
ret = par.target->target(skb, &par);
switch (ret) { switch (ret) {
case NF_ACCEPT: case NF_ACCEPT:
result = TC_ACT_OK; result = TC_ACT_OK;