[NETFILTER]: x_tables: pass registered match/target data to match/target functions
authorPatrick McHardy <kaber@trash.net>
Tue, 21 Mar 2006 02:02:15 +0000 (18:02 -0800)
committerDavid S. Miller <davem@davemloft.net>
Tue, 21 Mar 2006 02:02:15 +0000 (18:02 -0800)
This allows to make decisions based on the revision (and address family
with a follow-up patch) at runtime.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/netfilter/x_tables.h
net/ipv4/netfilter/arp_tables.c
net/ipv4/netfilter/ip_tables.c
net/ipv6/netfilter/ip6_tables.c
net/sched/act_ipt.c

index b9c37e1e67301cb04ae1ae0216b61fafd4b96150..2fdbc4a446bfe772a50f5df56a7c9ad573366a14 100644 (file)
@@ -100,6 +100,7 @@ struct xt_match
        int (*match)(const struct sk_buff *skb,
                     const struct net_device *in,
                     const struct net_device *out,
+                    const struct xt_match *match,
                     const void *matchinfo,
                     int offset,
                     unsigned int protoff,
@@ -109,12 +110,14 @@ struct xt_match
        /* Should return true or false. */
        int (*checkentry)(const char *tablename,
                          const void *ip,
+                         const struct xt_match *match,
                          void *matchinfo,
                          unsigned int matchinfosize,
                          unsigned int hook_mask);
 
        /* Called when entry of this type deleted. */
-       void (*destroy)(void *matchinfo, unsigned int matchinfosize);
+       void (*destroy)(const struct xt_match *match, void *matchinfo,
+                       unsigned int matchinfosize);
 
        /* Set this to THIS_MODULE if you are a module, otherwise NULL */
        struct module *me;
@@ -140,6 +143,7 @@ struct xt_target
                               const struct net_device *in,
                               const struct net_device *out,
                               unsigned int hooknum,
+                              const struct xt_target *target,
                               const void *targinfo,
                               void *userdata);
 
@@ -149,12 +153,14 @@ struct xt_target
        /* Should return true or false. */
        int (*checkentry)(const char *tablename,
                          const void *entry,
+                         const struct xt_target *target,
                          void *targinfo,
                          unsigned int targinfosize,
                          unsigned int hook_mask);
 
        /* Called when entry of this type deleted. */
-       void (*destroy)(void *targinfo, unsigned int targinfosize);
+       void (*destroy)(const struct xt_target *target, void *targinfo,
+                       unsigned int targinfosize);
 
        /* Set this to THIS_MODULE if you are a module, otherwise NULL */
        struct module *me;
index 6162d0e328eca371557b2c7e563f043c2271c572..87b3b792010173b4f195620e19066464ebab7fa3 100644 (file)
@@ -300,6 +300,7 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
                                verdict = t->u.kernel.target->target(pskb,
                                                                     in, out,
                                                                     hook,
+                                                                    t->u.kernel.target,
                                                                     t->data,
                                                                     userdata);
 
@@ -491,7 +492,7 @@ static inline int check_entry(struct arpt_entry *e, const char *name, unsigned i
                        goto out;
                }
        } else if (t->u.kernel.target->checkentry
-                  && !t->u.kernel.target->checkentry(name, e, t->data,
+                  && !t->u.kernel.target->checkentry(name, e, target, t->data,
                                                      t->u.target_size
                                                      - sizeof(*t),
                                                      e->comefrom)) {
@@ -560,7 +561,7 @@ static inline int cleanup_entry(struct arpt_entry *e, unsigned int *i)
 
        t = arpt_get_target(e);
        if (t->u.kernel.target->destroy)
-               t->u.kernel.target->destroy(t->data,
+               t->u.kernel.target->destroy(t->u.kernel.target, t->data,
                                            t->u.target_size - sizeof(*t));
        module_put(t->u.kernel.target->me);
        return 0;
index 62f8d639ab9c02f53129611e536173da6285c125..2381a4aa71d0386318414f6dd5dae625aac161c7 100644 (file)
@@ -197,8 +197,8 @@ int do_match(struct ipt_entry_match *m,
             int *hotdrop)
 {
        /* Stop iteration if it doesn't match */
-       if (!m->u.kernel.match->match(skb, in, out, m->data, offset, 
-           skb->nh.iph->ihl*4, hotdrop))
+       if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
+                                     offset, skb->nh.iph->ihl*4, hotdrop))
                return 1;
        else
                return 0;
@@ -305,6 +305,7 @@ ipt_do_table(struct sk_buff **pskb,
                                verdict = t->u.kernel.target->target(pskb,
                                                                     in, out,
                                                                     hook,
+                                                                    t->u.kernel.target,
                                                                     t->data,
                                                                     userdata);
 
@@ -464,7 +465,7 @@ cleanup_match(struct ipt_entry_match *m, unsigned int *i)
                return 1;
 
        if (m->u.kernel.match->destroy)
-               m->u.kernel.match->destroy(m->data,
+               m->u.kernel.match->destroy(m->u.kernel.match, m->data,
                                           m->u.match_size - sizeof(*m));
        module_put(m->u.kernel.match->me);
        return 0;
@@ -517,7 +518,7 @@ check_match(struct ipt_entry_match *m,
                goto err;
 
        if (m->u.kernel.match->checkentry
-           && !m->u.kernel.match->checkentry(name, ip, m->data,
+           && !m->u.kernel.match->checkentry(name, ip, match, m->data,
                                              m->u.match_size - sizeof(*m),
                                              hookmask)) {
                duprintf("ip_tables: check failed for `%s'.\n",
@@ -578,7 +579,7 @@ check_entry(struct ipt_entry *e, const char *name, unsigned int size,
                        goto cleanup_matches;
                }
        } else if (t->u.kernel.target->checkentry
-                  && !t->u.kernel.target->checkentry(name, e, t->data,
+                  && !t->u.kernel.target->checkentry(name, e, target, t->data,
                                                      t->u.target_size
                                                      - sizeof(*t),
                                                      e->comefrom)) {
@@ -652,7 +653,7 @@ cleanup_entry(struct ipt_entry *e, unsigned int *i)
        IPT_MATCH_ITERATE(e, cleanup_match, NULL);
        t = ipt_get_target(e);
        if (t->u.kernel.target->destroy)
-               t->u.kernel.target->destroy(t->data,
+               t->u.kernel.target->destroy(t->u.kernel.target, t->data,
                                            t->u.target_size - sizeof(*t));
        module_put(t->u.kernel.target->me);
        return 0;
index e2e8d0140d7bac971bf3861faf1be05c85abec7f..1b32a2d1e9e0234b2dfe016200bb790c0d7b9a40 100644 (file)
@@ -251,7 +251,7 @@ int do_match(struct ip6t_entry_match *m,
             int *hotdrop)
 {
        /* Stop iteration if it doesn't match */
-       if (!m->u.kernel.match->match(skb, in, out, m->data,
+       if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
                                      offset, protoff, hotdrop))
                return 1;
        else
@@ -373,6 +373,7 @@ ip6t_do_table(struct sk_buff **pskb,
                                verdict = t->u.kernel.target->target(pskb,
                                                                     in, out,
                                                                     hook,
+                                                                    t->u.kernel.target,
                                                                     t->data,
                                                                     userdata);
 
@@ -531,7 +532,7 @@ cleanup_match(struct ip6t_entry_match *m, unsigned int *i)
                return 1;
 
        if (m->u.kernel.match->destroy)
-               m->u.kernel.match->destroy(m->data,
+               m->u.kernel.match->destroy(m->u.kernel.match, m->data,
                                           m->u.match_size - sizeof(*m));
        module_put(m->u.kernel.match->me);
        return 0;
@@ -584,7 +585,7 @@ check_match(struct ip6t_entry_match *m,
                goto err;
 
        if (m->u.kernel.match->checkentry
-           && !m->u.kernel.match->checkentry(name, ipv6, m->data,
+           && !m->u.kernel.match->checkentry(name, ipv6, match,  m->data,
                                              m->u.match_size - sizeof(*m),
                                              hookmask)) {
                duprintf("ip_tables: check failed for `%s'.\n",
@@ -645,7 +646,7 @@ check_entry(struct ip6t_entry *e, const char *name, unsigned int size,
                        goto cleanup_matches;
                }
        } else if (t->u.kernel.target->checkentry
-                  && !t->u.kernel.target->checkentry(name, e, t->data,
+                  && !t->u.kernel.target->checkentry(name, e, target, t->data,
                                                      t->u.target_size
                                                      - sizeof(*t),
                                                      e->comefrom)) {
@@ -719,7 +720,7 @@ cleanup_entry(struct ip6t_entry *e, unsigned int *i)
        IP6T_MATCH_ITERATE(e, cleanup_match, NULL);
        t = ip6t_get_target(e);
        if (t->u.kernel.target->destroy)
-               t->u.kernel.target->destroy(t->data,
+               t->u.kernel.target->destroy(t->u.kernel.target, t->data,
                                            t->u.target_size - sizeof(*t));
        module_put(t->u.kernel.target->me);
        return 0;
index 39a22a3ffe78822636cad6306536916c368e5f19..6056d20ef429daac373be83b3fefbd9c315c17b5 100644 (file)
@@ -70,7 +70,8 @@ ipt_init_target(struct ipt_entry_target *t, char *table, unsigned int hook)
        t->u.kernel.target = target;
 
        if (t->u.kernel.target->checkentry
-           && !t->u.kernel.target->checkentry(table, NULL, t->data,
+           && !t->u.kernel.target->checkentry(table, NULL,
+                                              t->u.kernel.target, t->data,
                                               t->u.target_size - sizeof(*t),
                                               hook)) {
                DPRINTK("ipt_init_target: check failed for `%s'.\n",
@@ -86,7 +87,7 @@ static void
 ipt_destroy_target(struct ipt_entry_target *t)
 {
        if (t->u.kernel.target->destroy)
-               t->u.kernel.target->destroy(t->data,
+               t->u.kernel.target->destroy(t->u.kernel.target, t->data,
                                            t->u.target_size - sizeof(*t));
         module_put(t->u.kernel.target->me);
 }
@@ -224,8 +225,9 @@ tcf_ipt(struct sk_buff *skb, struct tc_action *a, struct tcf_result *res)
        /* iptables targets take a double skb pointer in case the skb
         * needs to be replaced. We don't own the skb, so this must not
         * happen. The pskb_expand_head above should make sure of this */
-       ret = p->t->u.kernel.target->target(&skb, skb->dev, NULL,
-                                           p->hook, p->t->data, NULL);
+       ret = p->t->u.kernel.target->target(&skb, skb->dev, NULL, p->hook,
+                                           p->t->u.kernel.target, p->t->data,
+                                           NULL);
        switch (ret) {
        case NF_ACCEPT:
                result = TC_ACT_OK;