[NETFILTER]: Convert x_tables matches/targets to centralized error checking
authorPatrick McHardy <kaber@trash.net>
Tue, 21 Mar 2006 02:01:58 +0000 (18:01 -0800)
committerDavid S. Miller <davem@davemloft.net>
Tue, 21 Mar 2006 02:01:58 +0000 (18:01 -0800)
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
23 files changed:
net/netfilter/xt_CLASSIFY.c
net/netfilter/xt_CONNMARK.c
net/netfilter/xt_MARK.c
net/netfilter/xt_NFQUEUE.c
net/netfilter/xt_NOTRACK.c
net/netfilter/xt_comment.c
net/netfilter/xt_connbytes.c
net/netfilter/xt_connmark.c
net/netfilter/xt_conntrack.c
net/netfilter/xt_dccp.c
net/netfilter/xt_helper.c
net/netfilter/xt_length.c
net/netfilter/xt_limit.c
net/netfilter/xt_mac.c
net/netfilter/xt_mark.c
net/netfilter/xt_physdev.c
net/netfilter/xt_pkttype.c
net/netfilter/xt_realm.c
net/netfilter/xt_sctp.c
net/netfilter/xt_state.c
net/netfilter/xt_string.c
net/netfilter/xt_tcpmss.c
net/netfilter/xt_tcpudp.c

index 78ee266a12ee3fa05d51c690f7885f14b95f9bd6..6b36e84756577fca069ad63ca777771386b63a77 100644 (file)
@@ -39,47 +39,22 @@ target(struct sk_buff **pskb,
        return XT_CONTINUE;
 }
 
-static int
-checkentry(const char *tablename,
-           const void *e,
-           void *targinfo,
-           unsigned int targinfosize,
-           unsigned int hook_mask)
-{
-       if (targinfosize != XT_ALIGN(sizeof(struct xt_classify_target_info))){
-               printk(KERN_ERR "CLASSIFY: invalid size (%u != %Zu).\n",
-                      targinfosize,
-                      XT_ALIGN(sizeof(struct xt_classify_target_info)));
-               return 0;
-       }
-       
-       if (hook_mask & ~((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |
-                         (1 << NF_IP_POST_ROUTING))) {
-               printk(KERN_ERR "CLASSIFY: only valid in LOCAL_OUT, FORWARD "
-                               "and POST_ROUTING.\n");
-               return 0;
-       }
-
-       if (strcmp(tablename, "mangle") != 0) {
-               printk(KERN_ERR "CLASSIFY: can only be called from "
-                               "\"mangle\" table, not \"%s\".\n",
-                               tablename);
-               return 0;
-       }
-
-       return 1;
-}
-
 static struct xt_target classify_reg = { 
        .name           = "CLASSIFY", 
        .target         = target,
-       .checkentry     = checkentry,
+       .targetsize     = sizeof(struct xt_classify_target_info),
+       .table          = "mangle",
+       .hooks          = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |
+                         (1 << NF_IP_POST_ROUTING),
        .me             = THIS_MODULE,
 };
 static struct xt_target classify6_reg = { 
        .name           = "CLASSIFY", 
        .target         = target,
-       .checkentry     = checkentry,
+       .targetsize     = sizeof(struct xt_classify_target_info),
+       .table          = "mangle",
+       .hooks          = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |
+                         (1 << NF_IP_POST_ROUTING),
        .me             = THIS_MODULE,
 };
 
index 22506e376be5b1a17a904720c391805eba6d6163..b269ba9f2934d75d11fe5f80361c9b616cc3d9f8 100644 (file)
@@ -79,12 +79,6 @@ checkentry(const char *tablename,
           unsigned int hook_mask)
 {
        struct xt_connmark_target_info *matchinfo = targinfo;
-       if (targinfosize != XT_ALIGN(sizeof(struct xt_connmark_target_info))) {
-               printk(KERN_WARNING "CONNMARK: targinfosize %u != %Zu\n",
-                      targinfosize,
-                      XT_ALIGN(sizeof(struct xt_connmark_target_info)));
-               return 0;
-       }
 
        if (matchinfo->mode == XT_CONNMARK_RESTORE) {
            if (strcmp(tablename, "mangle") != 0) {
@@ -102,16 +96,19 @@ checkentry(const char *tablename,
 }
 
 static struct xt_target connmark_reg = {
-       .name = "CONNMARK",
-       .target = &target,
-       .checkentry = &checkentry,
-       .me = THIS_MODULE
+       .name           = "CONNMARK",
+       .target         = target,
+       .targetsize     = sizeof(struct xt_connmark_target_info),
+       .checkentry     = checkentry,
+       .me             = THIS_MODULE
 };
+
 static struct xt_target connmark6_reg = {
-       .name = "CONNMARK",
-       .target = &target,
-       .checkentry = &checkentry,
-       .me = THIS_MODULE
+       .name           = "CONNMARK",
+       .target         = target,
+       .targetsize     = sizeof(struct xt_connmark_target_info),
+       .checkentry     = checkentry,
+       .me             = THIS_MODULE
 };
 
 static int __init init(void)
index 0c11ee9550f37d901dc033d34ae522d8c48b246d..1bc968b519d8837771fc7b62805f6718e262f1e6 100644 (file)
@@ -78,23 +78,10 @@ checkentry_v0(const char *tablename,
 {
        struct xt_mark_target_info *markinfo = targinfo;
 
-       if (targinfosize != XT_ALIGN(sizeof(struct xt_mark_target_info))) {
-               printk(KERN_WARNING "MARK: targinfosize %u != %Zu\n",
-                      targinfosize,
-                      XT_ALIGN(sizeof(struct xt_mark_target_info)));
-               return 0;
-       }
-
-       if (strcmp(tablename, "mangle") != 0) {
-               printk(KERN_WARNING "MARK: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
-               return 0;
-       }
-
        if (markinfo->mark > 0xffffffff) {
                printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n");
                return 0;
        }
-
        return 1;
 }
 
@@ -107,18 +94,6 @@ checkentry_v1(const char *tablename,
 {
        struct xt_mark_target_info_v1 *markinfo = targinfo;
 
-       if (targinfosize != XT_ALIGN(sizeof(struct xt_mark_target_info_v1))){
-               printk(KERN_WARNING "MARK: targinfosize %u != %Zu\n",
-                      targinfosize,
-                      XT_ALIGN(sizeof(struct xt_mark_target_info_v1)));
-               return 0;
-       }
-
-       if (strcmp(tablename, "mangle") != 0) {
-               printk(KERN_WARNING "MARK: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
-               return 0;
-       }
-
        if (markinfo->mode != XT_MARK_SET
            && markinfo->mode != XT_MARK_AND
            && markinfo->mode != XT_MARK_OR) {
@@ -126,18 +101,18 @@ checkentry_v1(const char *tablename,
                       markinfo->mode);
                return 0;
        }
-
        if (markinfo->mark > 0xffffffff) {
                printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n");
                return 0;
        }
-
        return 1;
 }
 
 static struct xt_target ipt_mark_reg_v0 = {
        .name           = "MARK",
        .target         = target_v0,
+       .targetsize     = sizeof(struct xt_mark_target_info),
+       .table          = "mangle",
        .checkentry     = checkentry_v0,
        .me             = THIS_MODULE,
        .revision       = 0,
@@ -146,6 +121,8 @@ static struct xt_target ipt_mark_reg_v0 = {
 static struct xt_target ipt_mark_reg_v1 = {
        .name           = "MARK",
        .target         = target_v1,
+       .targetsize     = sizeof(struct xt_mark_target_info_v1),
+       .table          = "mangle",
        .checkentry     = checkentry_v1,
        .me             = THIS_MODULE,
        .revision       = 1,
@@ -154,6 +131,8 @@ static struct xt_target ipt_mark_reg_v1 = {
 static struct xt_target ip6t_mark_reg_v0 = {
        .name           = "MARK",
        .target         = target_v0,
+       .targetsize     = sizeof(struct xt_mark_target_info),
+       .table          = "mangle",
        .checkentry     = checkentry_v0,
        .me             = THIS_MODULE,
        .revision       = 0,
index 8b76b6f8d1e436fe4677fed76c6b1343eecd4542..b1da0ad10a6c81afc832140f3c63ea535fe5647e 100644 (file)
@@ -36,41 +36,24 @@ target(struct sk_buff **pskb,
        return NF_QUEUE_NR(tinfo->queuenum);
 }
 
-static int
-checkentry(const char *tablename,
-          const void *entry,
-           void *targinfo,
-           unsigned int targinfosize,
-           unsigned int hook_mask)
-{
-       if (targinfosize != XT_ALIGN(sizeof(struct xt_NFQ_info))) {
-               printk(KERN_WARNING "NFQUEUE: targinfosize %u != %Zu\n",
-                      targinfosize,
-                      XT_ALIGN(sizeof(struct xt_NFQ_info)));
-               return 0;
-       }
-
-       return 1;
-}
-
 static struct xt_target ipt_NFQ_reg = {
        .name           = "NFQUEUE",
        .target         = target,
-       .checkentry     = checkentry,
+       .targetsize     = sizeof(struct xt_NFQ_info),
        .me             = THIS_MODULE,
 };
 
 static struct xt_target ip6t_NFQ_reg = {
        .name           = "NFQUEUE",
        .target         = target,
-       .checkentry     = checkentry,
+       .targetsize     = sizeof(struct xt_NFQ_info),
        .me             = THIS_MODULE,
 };
 
 static struct xt_target arpt_NFQ_reg = {
        .name           = "NFQUEUE",
        .target         = target,
-       .checkentry     = checkentry,
+       .targetsize     = sizeof(struct xt_NFQ_info),
        .me             = THIS_MODULE,
 };
 
index 24d477afa9398b2e92d1cf3c29e79960bef7ebbd..8bacbe14afb5714143d74ef5cbe7b11dc930155b 100644 (file)
@@ -33,38 +33,20 @@ target(struct sk_buff **pskb,
        return XT_CONTINUE;
 }
 
-static int
-checkentry(const char *tablename,
-          const void *entry,
-           void *targinfo,
-           unsigned int targinfosize,
-           unsigned int hook_mask)
-{
-       if (targinfosize != 0) {
-               printk(KERN_WARNING "NOTRACK: targinfosize %u != 0\n",
-                      targinfosize);
-               return 0;
-       }
-
-       if (strcmp(tablename, "raw") != 0) {
-               printk(KERN_WARNING "NOTRACK: can only be called from \"raw\" table, not \"%s\"\n", tablename);
-               return 0;
-       }
-
-       return 1;
-}
-
-static struct xt_target notrack_reg = { 
-       .name = "NOTRACK", 
-       .target = target, 
-       .checkentry = checkentry,
-       .me = THIS_MODULE,
+static struct xt_target notrack_reg = {
+       .name           = "NOTRACK",
+       .target         = target,
+       .targetsize     = 0,
+       .table          = "raw",
+       .me             = THIS_MODULE,
 };
-static struct xt_target notrack6_reg = { 
-       .name = "NOTRACK", 
-       .target = target, 
-       .checkentry = checkentry,
-       .me = THIS_MODULE,
+
+static struct xt_target notrack6_reg = {
+       .name           = "NOTRACK",
+       .target         = target,
+       .targetsize     = 0,
+       .table          = "raw",
+       .me             = THIS_MODULE,
 };
 
 static int __init init(void)
index 4ba6fd65c6e9319a6be5b4eb321cd6a600e72f3b..b3f07aa593f4f8f1cd8ea77b3b30b7e4a4d3704a 100644 (file)
@@ -28,30 +28,17 @@ match(const struct sk_buff *skb,
        return 1;
 }
 
-static int
-checkentry(const char *tablename,
-           const void *ip,
-           void *matchinfo,
-           unsigned int matchsize,
-           unsigned int hook_mask)
-{
-       /* Check the size */
-       if (matchsize != XT_ALIGN(sizeof(struct xt_comment_info)))
-               return 0;
-       return 1;
-}
-
 static struct xt_match comment_match = {
        .name           = "comment",
        .match          = match,
-       .checkentry     = checkentry,
+       .matchsize      = sizeof(struct xt_comment_info),
        .me             = THIS_MODULE
 };
 
 static struct xt_match comment6_match = {
        .name           = "comment",
        .match          = match,
-       .checkentry     = checkentry,
+       .matchsize      = sizeof(struct xt_comment_info),
        .me             = THIS_MODULE
 };
 
index 150d2a4b0f71059edaad4a8995a794f7fe456030..d9851358ff49eb6275b4192a8d05493e1d544ae2 100644 (file)
@@ -128,9 +128,6 @@ static int check(const char *tablename,
 {
        const struct xt_connbytes_info *sinfo = matchinfo;
 
-       if (matchsize != XT_ALIGN(sizeof(struct xt_connbytes_info)))
-               return 0;
-
        if (sinfo->what != XT_CONNBYTES_PKTS &&
            sinfo->what != XT_CONNBYTES_BYTES &&
            sinfo->what != XT_CONNBYTES_AVGPKT)
@@ -146,14 +143,16 @@ static int check(const char *tablename,
 
 static struct xt_match connbytes_match = {
        .name           = "connbytes",
-       .match          = &match,
-       .checkentry     = &check,
+       .match          = match,
+       .checkentry     = check,
+       .matchsize      = sizeof(struct xt_connbytes_info),
        .me             = THIS_MODULE
 };
 static struct xt_match connbytes6_match = {
        .name           = "connbytes",
-       .match          = &match,
-       .checkentry     = &check,
+       .match          = match,
+       .checkentry     = check,
+       .matchsize      = sizeof(struct xt_connbytes_info),
        .me             = THIS_MODULE
 };
 
index d06e925032dab42562b03e7deee4d6cc6a8f3ad8..2bb987f7bdd9d6fbda1a91b6f6df244250cfc752 100644 (file)
@@ -56,33 +56,31 @@ checkentry(const char *tablename,
           unsigned int matchsize,
           unsigned int hook_mask)
 {
-       struct xt_connmark_info *cm = 
-                               (struct xt_connmark_info *)matchinfo;
-       if (matchsize != XT_ALIGN(sizeof(struct xt_connmark_info)))
-               return 0;
+       struct xt_connmark_info *cm = (struct xt_connmark_info *)matchinfo;
 
        if (cm->mark > 0xffffffff || cm->mask > 0xffffffff) {
                printk(KERN_WARNING "connmark: only support 32bit mark\n");
                return 0;
        }
-
        return 1;
 }
 
 static struct xt_match connmark_match = {
-       .name = "connmark",
-       .match = &match,
-       .checkentry = &checkentry,
-       .me = THIS_MODULE
+       .name           = "connmark",
+       .match          = match,
+       .matchsize      = sizeof(struct xt_connmark_info),
+       .checkentry     = checkentry,
+       .me             = THIS_MODULE
 };
+
 static struct xt_match connmark6_match = {
-       .name = "connmark",
-       .match = &match,
-       .checkentry = &checkentry,
-       .me = THIS_MODULE
+       .name           = "connmark",
+       .match          = match,
+       .matchsize      = sizeof(struct xt_connmark_info),
+       .checkentry     = checkentry,
+       .me             = THIS_MODULE
 };
 
-
 static int __init init(void)
 {
        int ret;
index ffdebc95eb9520902944e9a9875d58589b1a90f4..45a5a7d1939aef93fca22720c3f58c23ad571181 100644 (file)
@@ -201,22 +201,10 @@ match(const struct sk_buff *skb,
 
 #endif /* CONFIG_NF_IP_CONNTRACK */
 
-static int check(const char *tablename,
-                const void *ip,
-                void *matchinfo,
-                unsigned int matchsize,
-                unsigned int hook_mask)
-{
-       if (matchsize != XT_ALIGN(sizeof(struct xt_conntrack_info)))
-               return 0;
-
-       return 1;
-}
-
 static struct xt_match conntrack_match = {
        .name           = "conntrack",
-       .match          = &match,
-       .checkentry     = &check,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_conntrack_info),
        .me             = THIS_MODULE,
 };
 
index 779f42fc95243ad27fe4d569041ea6f038b244f3..06e9ef2b1d4c99fee19134d93916cb1a9490ee10 100644 (file)
@@ -133,52 +133,29 @@ checkentry(const char *tablename,
           unsigned int matchsize,
           unsigned int hook_mask)
 {
-       const struct ipt_ip *ip = inf;
-       const struct xt_dccp_info *info;
+       const struct xt_dccp_info *info = matchinfo;
 
-       info = (const struct xt_dccp_info *)matchinfo;
-
-       return ip->proto == IPPROTO_DCCP
-               && !(ip->invflags & XT_INV_PROTO)
-               && matchsize == XT_ALIGN(sizeof(struct xt_dccp_info))
-               && !(info->flags & ~XT_DCCP_VALID_FLAGS)
-               && !(info->invflags & ~XT_DCCP_VALID_FLAGS)
-               && !(info->invflags & ~info->flags);
-}
-
-static int
-checkentry6(const char *tablename,
-          const void *inf,
-          void *matchinfo,
-          unsigned int matchsize,
-          unsigned int hook_mask)
-{
-       const struct ip6t_ip6 *ip = inf;
-       const struct xt_dccp_info *info;
-
-       info = (const struct xt_dccp_info *)matchinfo;
-
-       return ip->proto == IPPROTO_DCCP
-               && !(ip->invflags & XT_INV_PROTO)
-               && matchsize == XT_ALIGN(sizeof(struct xt_dccp_info))
-               && !(info->flags & ~XT_DCCP_VALID_FLAGS)
+       return !(info->flags & ~XT_DCCP_VALID_FLAGS)
                && !(info->invflags & ~XT_DCCP_VALID_FLAGS)
                && !(info->invflags & ~info->flags);
 }
 
-
 static struct xt_match dccp_match = 
 { 
        .name           = "dccp",
-       .match          = &match,
-       .checkentry     = &checkentry,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_dccp_info),
+       .proto          = IPPROTO_DCCP,
+       .checkentry     = checkentry,
        .me             = THIS_MODULE,
 };
 static struct xt_match dccp6_match = 
 { 
        .name           = "dccp",
-       .match          = &match,
-       .checkentry     = &checkentry6,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_dccp_info),
+       .proto          = IPPROTO_DCCP,
+       .checkentry     = checkentry,
        .me             = THIS_MODULE,
 };
 
index 0ddb32363d062f115a347917c87799b0b9f4feff..dc28f49c484bdf712983b2f8ecaa4224f2d65815 100644 (file)
@@ -142,24 +142,21 @@ static int check(const char *tablename,
        struct xt_helper_info *info = matchinfo;
 
        info->name[29] = '\0';
-
-       /* verify size */
-       if (matchsize != XT_ALIGN(sizeof(struct xt_helper_info)))
-               return 0;
-
        return 1;
 }
 
 static struct xt_match helper_match = {
        .name           = "helper",
-       .match          = &match,
-       .checkentry     = &check,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_helper_info),
+       .checkentry     = check,
        .me             = THIS_MODULE,
 };
 static struct xt_match helper6_match = {
        .name           = "helper",
-       .match          = &match,
-       .checkentry     = &check,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_helper_info),
+       .checkentry     = check,
        .me             = THIS_MODULE,
 };
 
index 39c8faea63dec5c6e857197a042bc462b4e8dfc0..11a2812a99b141560d759dd4ebf24daff20d11dc 100644 (file)
@@ -50,29 +50,17 @@ match6(const struct sk_buff *skb,
        return (pktlen >= info->min && pktlen <= info->max) ^ info->invert;
 }
 
-static int
-checkentry(const char *tablename,
-           const void *ip,
-           void *matchinfo,
-           unsigned int matchsize,
-           unsigned int hook_mask)
-{
-       if (matchsize != XT_ALIGN(sizeof(struct xt_length_info)))
-               return 0;
-
-       return 1;
-}
-
 static struct xt_match length_match = {
        .name           = "length",
-       .match          = &match,
-       .checkentry     = &checkentry,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_length_info),
        .me             = THIS_MODULE,
 };
+
 static struct xt_match length6_match = {
        .name           = "length",
-       .match          = &match6,
-       .checkentry     = &checkentry,
+       .match          = match6,
+       .matchsize      = sizeof(struct xt_length_info),
        .me             = THIS_MODULE,
 };
 
index 15e40506bc3afb26224fab89b83ec318e9cdec38..dec3f02a983414651bf35dc097d5645ed167acf5 100644 (file)
@@ -113,9 +113,6 @@ ipt_limit_checkentry(const char *tablename,
 {
        struct xt_rateinfo *r = matchinfo;
 
-       if (matchsize != XT_ALIGN(sizeof(struct xt_rateinfo)))
-               return 0;
-
        /* Check for overflow. */
        if (r->burst == 0
            || user2credits(r->avg * r->burst) < user2credits(r->avg)) {
@@ -140,12 +137,14 @@ ipt_limit_checkentry(const char *tablename,
 static struct xt_match ipt_limit_reg = {
        .name           = "limit",
        .match          = ipt_limit_match,
+       .matchsize      = sizeof(struct xt_rateinfo),
        .checkentry     = ipt_limit_checkentry,
        .me             = THIS_MODULE,
 };
 static struct xt_match limit6_reg = {
        .name           = "limit",
        .match          = ipt_limit_match,
+       .matchsize      = sizeof(struct xt_rateinfo),
        .checkentry     = ipt_limit_checkentry,
        .me             = THIS_MODULE,
 };
index 0461dcb5fc7a41a86655014c8892802ef92e2cac..e20772616f5590d76b3c4322dd3fe8433cfacbbc 100644 (file)
@@ -42,37 +42,20 @@ match(const struct sk_buff *skb,
                ^ info->invert));
 }
 
-static int
-ipt_mac_checkentry(const char *tablename,
-                  const void *inf,
-                  void *matchinfo,
-                  unsigned int matchsize,
-                  unsigned int hook_mask)
-{
-       /* FORWARD isn't always valid, but it's nice to be able to do --RR */
-       if (hook_mask
-           & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN)
-               | (1 << NF_IP_FORWARD))) {
-               printk("xt_mac: only valid for PRE_ROUTING, LOCAL_IN or FORWARD.\n");
-               return 0;
-       }
-
-       if (matchsize != XT_ALIGN(sizeof(struct xt_mac_info)))
-               return 0;
-
-       return 1;
-}
-
 static struct xt_match mac_match = {
        .name           = "mac",
-       .match          = &match,
-       .checkentry     = &ipt_mac_checkentry,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_mac_info),
+       .hooks          = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN) |
+                         (1 << NF_IP_FORWARD),
        .me             = THIS_MODULE,
 };
 static struct xt_match mac6_match = {
        .name           = "mac",
-       .match          = &match,
-       .checkentry     = &ipt_mac_checkentry,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_mac_info),
+       .hooks          = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN) |
+                         (1 << NF_IP_FORWARD),
        .me             = THIS_MODULE,
 };
 
index 2a0ac62b72c8cfe097403228abaff594310e79b4..b21b94a4684f1f7d77f824c083c3576e36591ea7 100644 (file)
@@ -42,28 +42,26 @@ checkentry(const char *tablename,
 {
        struct xt_mark_info *minfo = (struct xt_mark_info *) matchinfo;
 
-       if (matchsize != XT_ALIGN(sizeof(struct xt_mark_info)))
-               return 0;
-
        if (minfo->mark > 0xffffffff || minfo->mask > 0xffffffff) {
                printk(KERN_WARNING "mark: only supports 32bit mark\n");
                return 0;
        }
-
        return 1;
 }
 
 static struct xt_match mark_match = {
        .name           = "mark",
-       .match          = &match,
-       .checkentry     = &checkentry,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_mark_info),
+       .checkentry     = checkentry,
        .me             = THIS_MODULE,
 };
 
 static struct xt_match mark6_match = {
        .name           = "mark",
-       .match          = &match,
-       .checkentry     = &checkentry,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_mark_info),
+       .checkentry     = checkentry,
        .me             = THIS_MODULE,
 };
 
index 19bb57c14dfe956c8b9fb1bffb883480f2e3c663..5afc41734d513ba7950542c0b41893a5d62cd755 100644 (file)
@@ -108,8 +108,6 @@ checkentry(const char *tablename,
 {
        const struct xt_physdev_info *info = matchinfo;
 
-       if (matchsize != XT_ALIGN(sizeof(struct xt_physdev_info)))
-               return 0;
        if (!(info->bitmask & XT_PHYSDEV_OP_MASK) ||
            info->bitmask & ~XT_PHYSDEV_OP_MASK)
                return 0;
@@ -118,15 +116,17 @@ checkentry(const char *tablename,
 
 static struct xt_match physdev_match = {
        .name           = "physdev",
-       .match          = &match,
-       .checkentry     = &checkentry,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_physdev_info),
+       .checkentry     = checkentry,
        .me             = THIS_MODULE,
 };
 
 static struct xt_match physdev6_match = {
        .name           = "physdev",
-       .match          = &match,
-       .checkentry     = &checkentry,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_physdev_info),
+       .checkentry     = checkentry,
        .me             = THIS_MODULE,
 };
 
index ab1b2630f97d1d54c1ae64f4ba8626d3606a2988..872bb2a7d5b897f449384bec60f5c7adfe9df553 100644 (file)
@@ -32,32 +32,20 @@ static int match(const struct sk_buff *skb,
        return (skb->pkt_type == info->pkttype) ^ info->invert;
 }
 
-static int checkentry(const char *tablename,
-                  const void *ip,
-                  void *matchinfo,
-                  unsigned int matchsize,
-                  unsigned int hook_mask)
-{
-       if (matchsize != XT_ALIGN(sizeof(struct xt_pkttype_info)))
-               return 0;
-
-       return 1;
-}
-
 static struct xt_match pkttype_match = {
        .name           = "pkttype",
-       .match          = &match,
-       .checkentry     = &checkentry,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_pkttype_info),
        .me             = THIS_MODULE,
 };
+
 static struct xt_match pkttype6_match = {
        .name           = "pkttype",
-       .match          = &match,
-       .checkentry     = &checkentry,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_pkttype_info),
        .me             = THIS_MODULE,
 };
 
-
 static int __init init(void)
 {
        int ret;
index 2b7e1781d34da3fa56d6dd82c0eae5380ded8c56..249e0a3e156b0f253d9c6d4d95e5300fbe2d9361 100644 (file)
@@ -38,30 +38,12 @@ match(const struct sk_buff *skb,
        return (info->id == (dst->tclassid & info->mask)) ^ info->invert;
 }
 
-static int check(const char *tablename,
-                 const void *ip,
-                 void *matchinfo,
-                 unsigned int matchsize,
-                 unsigned int hook_mask)
-{
-       if (hook_mask
-           & ~((1 << NF_IP_POST_ROUTING) | (1 << NF_IP_FORWARD) |
-               (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_LOCAL_IN))) {
-               printk("xt_realm: only valid for POST_ROUTING, LOCAL_OUT, "
-                      "LOCAL_IN or FORWARD.\n");
-               return 0;
-       }
-       if (matchsize != XT_ALIGN(sizeof(struct xt_realm_info))) {
-               printk("xt_realm: invalid matchsize.\n");
-               return 0;
-       }
-       return 1;
-}
-
 static struct xt_match realm_match = {
        .name           = "realm",
-       .match          = match, 
-       .checkentry     = check,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_realm_info),
+       .hooks          = (1 << NF_IP_POST_ROUTING) | (1 << NF_IP_FORWARD) |
+                         (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_LOCAL_IN),
        .me             = THIS_MODULE
 };
 
index 10fbfc5ba7587990370f0e14c32ea1d5ba0e170f..f0a25e5a5306584ace4ab2693e71c8a8eec27f1d 100644 (file)
@@ -166,15 +166,9 @@ checkentry(const char *tablename,
           unsigned int matchsize,
           unsigned int hook_mask)
 {
-       const struct xt_sctp_info *info;
-       const struct ipt_ip *ip = inf;
-
-       info = (const struct xt_sctp_info *)matchinfo;
+       const struct xt_sctp_info *info = matchinfo;
 
-       return ip->proto == IPPROTO_SCTP
-               && !(ip->invflags & XT_INV_PROTO)
-               && matchsize == XT_ALIGN(sizeof(struct xt_sctp_info))
-               && !(info->flags & ~XT_SCTP_VALID_FLAGS)
+       return !(info->flags & ~XT_SCTP_VALID_FLAGS)
                && !(info->invflags & ~XT_SCTP_VALID_FLAGS)
                && !(info->invflags & ~info->flags)
                && ((!(info->flags & XT_SCTP_CHUNK_TYPES)) || 
@@ -184,47 +178,23 @@ checkentry(const char *tablename,
                                | SCTP_CHUNK_MATCH_ONLY)));
 }
 
-static int
-checkentry6(const char *tablename,
-          const void *inf,
-          void *matchinfo,
-          unsigned int matchsize,
-          unsigned int hook_mask)
-{
-       const struct xt_sctp_info *info;
-       const struct ip6t_ip6 *ip = inf;
-
-       info = (const struct xt_sctp_info *)matchinfo;
-
-       return ip->proto == IPPROTO_SCTP
-               && !(ip->invflags & XT_INV_PROTO)
-               && matchsize == XT_ALIGN(sizeof(struct xt_sctp_info))
-               && !(info->flags & ~XT_SCTP_VALID_FLAGS)
-               && !(info->invflags & ~XT_SCTP_VALID_FLAGS)
-               && !(info->invflags & ~info->flags)
-               && ((!(info->flags & XT_SCTP_CHUNK_TYPES)) || 
-                       (info->chunk_match_type &
-                               (SCTP_CHUNK_MATCH_ALL 
-                               | SCTP_CHUNK_MATCH_ANY
-                               | SCTP_CHUNK_MATCH_ONLY)));
-}
-
-
-static struct xt_match sctp_match = 
-{ 
-       .name = "sctp",
-       .match = &match,
-       .checkentry = &checkentry,
-       .me = THIS_MODULE
-};
-static struct xt_match sctp6_match = 
-{ 
-       .name = "sctp",
-       .match = &match,
-       .checkentry = &checkentry6,
-       .me = THIS_MODULE
+static struct xt_match sctp_match = {
+       .name           = "sctp",
+       .match          = match,
+       .matchsize      = sizeof(struct xt_sctp_info),
+       .proto          = IPPROTO_SCTP,
+       .checkentry     = checkentry,
+       .me             = THIS_MODULE
 };
 
+static struct xt_match sctp6_match = {
+       .name           = "sctp",
+       .match          = match,
+       .matchsize      = sizeof(struct xt_sctp_info),
+       .proto          = IPPROTO_SCTP,
+       .checkentry     = checkentry,
+       .me             = THIS_MODULE
+};
 
 static int __init init(void)
 {
index 39ce808d40ef7b834daeb598e3a9935d23e55f12..9a7d6dfd7efbbfbc7ec1de449f517410d33a810f 100644 (file)
@@ -43,29 +43,17 @@ match(const struct sk_buff *skb,
        return (sinfo->statemask & statebit);
 }
 
-static int check(const char *tablename,
-                const void *ip,
-                void *matchinfo,
-                unsigned int matchsize,
-                unsigned int hook_mask)
-{
-       if (matchsize != XT_ALIGN(sizeof(struct xt_state_info)))
-               return 0;
-
-       return 1;
-}
-
 static struct xt_match state_match = {
        .name           = "state",
-       .match          = &match,
-       .checkentry     = &check,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_state_info),
        .me             = THIS_MODULE,
 };
 
 static struct xt_match state6_match = {
        .name           = "state",
-       .match          = &match,
-       .checkentry     = &check,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_state_info),
        .me             = THIS_MODULE,
 };
 
index 7c7d5c8807d6ce458e21e636a9ac5af92ddf705d..c3efd3773d75762b8d8bc0a0a104a945b7e43284 100644 (file)
@@ -50,9 +50,6 @@ static int checkentry(const char *tablename,
        struct xt_string_info *conf = matchinfo;
        struct ts_config *ts_conf;
 
-       if (matchsize != XT_ALIGN(sizeof(struct xt_string_info)))
-               return 0;
-
        /* Damn, can't handle this case properly with iptables... */
        if (conf->from_offset > conf->to_offset)
                return 0;
@@ -75,6 +72,7 @@ static void destroy(void *matchinfo, unsigned int matchsize)
 static struct xt_match string_match = {
        .name           = "string",
        .match          = match,
+       .matchsize      = sizeof(struct xt_string_info),
        .checkentry     = checkentry,
        .destroy        = destroy,
        .me             = THIS_MODULE
@@ -82,6 +80,7 @@ static struct xt_match string_match = {
 static struct xt_match string6_match = {
        .name           = "string",
        .match          = match,
+       .matchsize      = sizeof(struct xt_string_info),
        .checkentry     = checkentry,
        .destroy        = destroy,
        .me             = THIS_MODULE
index acf7f533e9f1928c4b03bcacbbe2fd19f499fc1a..95d8611eef23c1cc0188266883f35853c77f8f7d 100644 (file)
@@ -92,58 +92,19 @@ match(const struct sk_buff *skb,
                               info->invert, hotdrop);
 }
 
-static int
-checkentry(const char *tablename,
-           const void *ipinfo,
-           void *matchinfo,
-           unsigned int matchsize,
-           unsigned int hook_mask)
-{
-       const struct ipt_ip *ip = ipinfo;
-       if (matchsize != XT_ALIGN(sizeof(struct xt_tcpmss_match_info)))
-               return 0;
-
-       /* Must specify -p tcp */
-       if (ip->proto != IPPROTO_TCP || (ip->invflags & IPT_INV_PROTO)) {
-               printk("tcpmss: Only works on TCP packets\n");
-               return 0;
-       }
-
-       return 1;
-}
-
-static int
-checkentry6(const char *tablename,
-          const void *ipinfo,
-           void *matchinfo,
-           unsigned int matchsize,
-           unsigned int hook_mask)
-{
-       const struct ip6t_ip6 *ip = ipinfo;
-
-       if (matchsize != XT_ALIGN(sizeof(struct xt_tcpmss_match_info)))
-               return 0;
-
-       /* Must specify -p tcp */
-       if (ip->proto != IPPROTO_TCP || (ip->invflags & XT_INV_PROTO)) {
-               printk("tcpmss: Only works on TCP packets\n");
-               return 0;
-       }
-
-       return 1;
-}
-
 static struct xt_match tcpmss_match = {
        .name           = "tcpmss",
-       .match          = &match,
-       .checkentry     = &checkentry,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_tcpmss_match_info),
+       .proto          = IPPROTO_TCP,
        .me             = THIS_MODULE,
 };
 
 static struct xt_match tcpmss6_match = {
        .name           = "tcpmss",
-       .match          = &match,
-       .checkentry     = &checkentry6,
+       .match          = match,
+       .matchsize      = sizeof(struct xt_tcpmss_match_info),
+       .proto          = IPPROTO_TCP,
        .me             = THIS_MODULE,
 };
 
index 669c8113cc601a57ea696f0fd965cb16015e8b49..9d01f07ceb652d190c32f3ae5b91610104c50233 100644 (file)
@@ -142,35 +142,12 @@ tcp_checkentry(const char *tablename,
               unsigned int matchsize,
               unsigned int hook_mask)
 {
-       const struct ipt_ip *ip = info;
        const struct xt_tcp *tcpinfo = matchinfo;
 
-       /* Must specify proto == TCP, and no unknown invflags */
-       return ip->proto == IPPROTO_TCP
-               && !(ip->invflags & XT_INV_PROTO)
-               && matchsize == XT_ALIGN(sizeof(struct xt_tcp))
-               && !(tcpinfo->invflags & ~XT_TCP_INV_MASK);
+       /* Must specify no unknown invflags */
+       return !(tcpinfo->invflags & ~XT_TCP_INV_MASK);
 }
 
-/* Called when user tries to insert an entry of this type. */
-static int
-tcp6_checkentry(const char *tablename,
-              const void *entry,
-              void *matchinfo,
-              unsigned int matchsize,
-              unsigned int hook_mask)
-{
-       const struct ip6t_ip6 *ipv6 = entry;
-       const struct xt_tcp *tcpinfo = matchinfo;
-
-       /* Must specify proto == TCP, and no unknown invflags */
-       return ipv6->proto == IPPROTO_TCP
-               && !(ipv6->invflags & XT_INV_PROTO)
-               && matchsize == XT_ALIGN(sizeof(struct xt_tcp))
-               && !(tcpinfo->invflags & ~XT_TCP_INV_MASK);
-}
-
-
 static int
 udp_match(const struct sk_buff *skb,
          const struct net_device *in,
@@ -209,86 +186,47 @@ static int
 udp_checkentry(const char *tablename,
               const void *info,
               void *matchinfo,
-              unsigned int matchinfosize,
-              unsigned int hook_mask)
-{
-       const struct ipt_ip *ip = info;
-       const struct xt_udp *udpinfo = matchinfo;
-
-       /* Must specify proto == UDP, and no unknown invflags */
-       if (ip->proto != IPPROTO_UDP || (ip->invflags & XT_INV_PROTO)) {
-               duprintf("ipt_udp: Protocol %u != %u\n", ip->proto,
-                        IPPROTO_UDP);
-               return 0;
-       }
-       if (matchinfosize != XT_ALIGN(sizeof(struct xt_udp))) {
-               duprintf("ipt_udp: matchsize %u != %u\n",
-                        matchinfosize, XT_ALIGN(sizeof(struct xt_udp)));
-               return 0;
-       }
-       if (udpinfo->invflags & ~XT_UDP_INV_MASK) {
-               duprintf("ipt_udp: unknown flags %X\n",
-                        udpinfo->invflags);
-               return 0;
-       }
-
-       return 1;
-}
-
-/* Called when user tries to insert an entry of this type. */
-static int
-udp6_checkentry(const char *tablename,
-              const void *entry,
-              void *matchinfo,
-              unsigned int matchinfosize,
+              unsigned int matchsize,
               unsigned int hook_mask)
 {
-       const struct ip6t_ip6 *ipv6 = entry;
-       const struct xt_udp *udpinfo = matchinfo;
+       const struct xt_tcp *udpinfo = matchinfo;
 
-       /* Must specify proto == UDP, and no unknown invflags */
-       if (ipv6->proto != IPPROTO_UDP || (ipv6->invflags & XT_INV_PROTO)) {
-               duprintf("ip6t_udp: Protocol %u != %u\n", ipv6->proto,
-                        IPPROTO_UDP);
-               return 0;
-       }
-       if (matchinfosize != XT_ALIGN(sizeof(struct xt_udp))) {
-               duprintf("ip6t_udp: matchsize %u != %u\n",
-                        matchinfosize, XT_ALIGN(sizeof(struct xt_udp)));
-               return 0;
-       }
-       if (udpinfo->invflags & ~XT_UDP_INV_MASK) {
-               duprintf("ip6t_udp: unknown flags %X\n",
-                        udpinfo->invflags);
-               return 0;
-       }
-
-       return 1;
+       /* Must specify no unknown invflags */
+       return !(udpinfo->invflags & ~XT_UDP_INV_MASK);
 }
 
 static struct xt_match tcp_matchstruct = {
        .name           = "tcp",
-       .match          = &tcp_match,
-       .checkentry     = &tcp_checkentry,
+       .match          = tcp_match,
+       .matchsize      = sizeof(struct xt_tcp),
+       .proto          = IPPROTO_TCP,
+       .checkentry     = tcp_checkentry,
        .me             = THIS_MODULE,
 };
+
 static struct xt_match tcp6_matchstruct = {
        .name           = "tcp",
-       .match          = &tcp_match,
-       .checkentry     = &tcp6_checkentry,
+       .match          = tcp_match,
+       .matchsize      = sizeof(struct xt_tcp),
+       .proto          = IPPROTO_TCP,
+       .checkentry     = tcp_checkentry,
        .me             = THIS_MODULE,
 };
 
 static struct xt_match udp_matchstruct = {
        .name           = "udp",
-       .match          = &udp_match,
-       .checkentry     = &udp_checkentry,
+       .match          = udp_match,
+       .matchsize      = sizeof(struct xt_udp),
+       .proto          = IPPROTO_UDP,
+       .checkentry     = udp_checkentry,
        .me             = THIS_MODULE,
 };
 static struct xt_match udp6_matchstruct = {
        .name           = "udp",
-       .match          = &udp_match,
-       .checkentry     = &udp6_checkentry,
+       .match          = udp_match,
+       .matchsize      = sizeof(struct xt_udp),
+       .proto          = IPPROTO_UDP,
+       .checkentry     = udp_checkentry,
        .me             = THIS_MODULE,
 };