Commit 001a18d3 authored by Jan Engelhardt's avatar Jan Engelhardt Committed by Patrick McHardy

netfilter: add dummy members to Ebtables code to ease transition to Xtables

Signed-off-by: default avatarJan Engelhardt <jengelh@medozas.de>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 0ac6ab1f
...@@ -214,6 +214,8 @@ struct ebt_match ...@@ -214,6 +214,8 @@ struct ebt_match
const struct ebt_entry *e, void *matchdata, unsigned int datalen); const struct ebt_entry *e, void *matchdata, unsigned int datalen);
void (*destroy)(void *matchdata, unsigned int datalen); void (*destroy)(void *matchdata, unsigned int datalen);
unsigned int matchsize; unsigned int matchsize;
u_int8_t revision;
u_int8_t family;
struct module *me; struct module *me;
}; };
...@@ -228,6 +230,8 @@ struct ebt_watcher ...@@ -228,6 +230,8 @@ struct ebt_watcher
const struct ebt_entry *e, void *watcherdata, unsigned int datalen); const struct ebt_entry *e, void *watcherdata, unsigned int datalen);
void (*destroy)(void *watcherdata, unsigned int datalen); void (*destroy)(void *watcherdata, unsigned int datalen);
unsigned int targetsize; unsigned int targetsize;
u_int8_t revision;
u_int8_t family;
struct module *me; struct module *me;
}; };
...@@ -243,6 +247,8 @@ struct ebt_target ...@@ -243,6 +247,8 @@ struct ebt_target
const struct ebt_entry *e, void *targetdata, unsigned int datalen); const struct ebt_entry *e, void *targetdata, unsigned int datalen);
void (*destroy)(void *targetdata, unsigned int datalen); void (*destroy)(void *targetdata, unsigned int datalen);
unsigned int targetsize; unsigned int targetsize;
u_int8_t revision;
u_int8_t family;
struct module *me; struct module *me;
}; };
......
...@@ -51,6 +51,8 @@ static bool ebt_802_3_check(const char *tablename, unsigned int hookmask, ...@@ -51,6 +51,8 @@ static bool ebt_802_3_check(const char *tablename, unsigned int hookmask,
static struct ebt_match filter_802_3 __read_mostly = { static struct ebt_match filter_802_3 __read_mostly = {
.name = EBT_802_3_MATCH, .name = EBT_802_3_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
.match = ebt_filter_802_3, .match = ebt_filter_802_3,
.check = ebt_802_3_check, .check = ebt_802_3_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_802_3_info)), .matchsize = XT_ALIGN(sizeof(struct ebt_802_3_info)),
......
...@@ -211,6 +211,8 @@ ebt_among_check(const char *tablename, unsigned int hookmask, ...@@ -211,6 +211,8 @@ ebt_among_check(const char *tablename, unsigned int hookmask,
static struct ebt_match filter_among __read_mostly = { static struct ebt_match filter_among __read_mostly = {
.name = EBT_AMONG_MATCH, .name = EBT_AMONG_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
.match = ebt_filter_among, .match = ebt_filter_among,
.check = ebt_among_check, .check = ebt_among_check,
.matchsize = -1, /* special case */ .matchsize = -1, /* special case */
......
...@@ -117,6 +117,8 @@ static bool ebt_arp_check(const char *tablename, unsigned int hookmask, ...@@ -117,6 +117,8 @@ static bool ebt_arp_check(const char *tablename, unsigned int hookmask,
static struct ebt_match filter_arp __read_mostly = { static struct ebt_match filter_arp __read_mostly = {
.name = EBT_ARP_MATCH, .name = EBT_ARP_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
.match = ebt_filter_arp, .match = ebt_filter_arp,
.check = ebt_arp_check, .check = ebt_arp_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_arp_info)), .matchsize = XT_ALIGN(sizeof(struct ebt_arp_info)),
......
...@@ -76,6 +76,8 @@ static bool ebt_target_reply_check(const char *tablename, unsigned int hookmask, ...@@ -76,6 +76,8 @@ static bool ebt_target_reply_check(const char *tablename, unsigned int hookmask,
static struct ebt_target reply_target __read_mostly = { static struct ebt_target reply_target __read_mostly = {
.name = EBT_ARPREPLY_TARGET, .name = EBT_ARPREPLY_TARGET,
.revision = 0,
.family = NFPROTO_BRIDGE,
.target = ebt_target_reply, .target = ebt_target_reply,
.check = ebt_target_reply_check, .check = ebt_target_reply_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)), .targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)),
......
...@@ -46,6 +46,8 @@ static bool ebt_target_dnat_check(const char *tablename, unsigned int hookmask, ...@@ -46,6 +46,8 @@ static bool ebt_target_dnat_check(const char *tablename, unsigned int hookmask,
static struct ebt_target dnat __read_mostly = { static struct ebt_target dnat __read_mostly = {
.name = EBT_DNAT_TARGET, .name = EBT_DNAT_TARGET,
.revision = 0,
.family = NFPROTO_BRIDGE,
.target = ebt_target_dnat, .target = ebt_target_dnat,
.check = ebt_target_dnat_check, .check = ebt_target_dnat_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
......
...@@ -108,6 +108,8 @@ static bool ebt_ip_check(const char *tablename, unsigned int hookmask, ...@@ -108,6 +108,8 @@ static bool ebt_ip_check(const char *tablename, unsigned int hookmask,
static struct ebt_match filter_ip __read_mostly = { static struct ebt_match filter_ip __read_mostly = {
.name = EBT_IP_MATCH, .name = EBT_IP_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
.match = ebt_filter_ip, .match = ebt_filter_ip,
.check = ebt_ip_check, .check = ebt_ip_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_ip_info)), .matchsize = XT_ALIGN(sizeof(struct ebt_ip_info)),
......
...@@ -121,6 +121,8 @@ static bool ebt_ip6_check(const char *tablename, unsigned int hookmask, ...@@ -121,6 +121,8 @@ static bool ebt_ip6_check(const char *tablename, unsigned int hookmask,
static struct ebt_match filter_ip6 = static struct ebt_match filter_ip6 =
{ {
.name = EBT_IP6_MATCH, .name = EBT_IP6_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
.match = ebt_filter_ip6, .match = ebt_filter_ip6,
.check = ebt_ip6_check, .check = ebt_ip6_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_ip6_info)), .matchsize = XT_ALIGN(sizeof(struct ebt_ip6_info)),
......
...@@ -88,6 +88,8 @@ static bool ebt_limit_check(const char *tablename, unsigned int hookmask, ...@@ -88,6 +88,8 @@ static bool ebt_limit_check(const char *tablename, unsigned int hookmask,
static struct ebt_match ebt_limit_reg __read_mostly = { static struct ebt_match ebt_limit_reg __read_mostly = {
.name = EBT_LIMIT_MATCH, .name = EBT_LIMIT_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
.match = ebt_limit_match, .match = ebt_limit_match,
.check = ebt_limit_check, .check = ebt_limit_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_limit_info)), .matchsize = XT_ALIGN(sizeof(struct ebt_limit_info)),
......
...@@ -215,6 +215,8 @@ static unsigned int ebt_log(const struct sk_buff *skb, unsigned int hooknr, ...@@ -215,6 +215,8 @@ static unsigned int ebt_log(const struct sk_buff *skb, unsigned int hooknr,
static struct ebt_watcher log = static struct ebt_watcher log =
{ {
.name = EBT_LOG_WATCHER, .name = EBT_LOG_WATCHER,
.revision = 0,
.family = NFPROTO_BRIDGE,
.watcher = ebt_log, .watcher = ebt_log,
.check = ebt_log_check, .check = ebt_log_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_log_info)), .targetsize = XT_ALIGN(sizeof(struct ebt_log_info)),
......
...@@ -58,6 +58,8 @@ static bool ebt_target_mark_check(const char *tablename, unsigned int hookmask, ...@@ -58,6 +58,8 @@ static bool ebt_target_mark_check(const char *tablename, unsigned int hookmask,
static struct ebt_target mark_target __read_mostly = { static struct ebt_target mark_target __read_mostly = {
.name = EBT_MARK_TARGET, .name = EBT_MARK_TARGET,
.revision = 0,
.family = NFPROTO_BRIDGE,
.target = ebt_target_mark, .target = ebt_target_mark,
.check = ebt_target_mark_check, .check = ebt_target_mark_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_mark_t_info)), .targetsize = XT_ALIGN(sizeof(struct ebt_mark_t_info)),
......
...@@ -39,6 +39,8 @@ static bool ebt_mark_check(const char *tablename, unsigned int hookmask, ...@@ -39,6 +39,8 @@ static bool ebt_mark_check(const char *tablename, unsigned int hookmask,
static struct ebt_match filter_mark __read_mostly = { static struct ebt_match filter_mark __read_mostly = {
.name = EBT_MARK_MATCH, .name = EBT_MARK_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
.match = ebt_filter_mark, .match = ebt_filter_mark,
.check = ebt_mark_check, .check = ebt_mark_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_mark_m_info)), .matchsize = XT_ALIGN(sizeof(struct ebt_mark_m_info)),
......
...@@ -52,6 +52,8 @@ static bool ebt_nflog_check(const char *tablename, ...@@ -52,6 +52,8 @@ static bool ebt_nflog_check(const char *tablename,
static struct ebt_watcher nflog __read_mostly = { static struct ebt_watcher nflog __read_mostly = {
.name = EBT_NFLOG_WATCHER, .name = EBT_NFLOG_WATCHER,
.revision = 0,
.family = NFPROTO_BRIDGE,
.watcher = ebt_nflog, .watcher = ebt_nflog,
.check = ebt_nflog_check, .check = ebt_nflog_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)), .targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)),
......
...@@ -36,6 +36,8 @@ static bool ebt_pkttype_check(const char *tablename, unsigned int hookmask, ...@@ -36,6 +36,8 @@ static bool ebt_pkttype_check(const char *tablename, unsigned int hookmask,
static struct ebt_match filter_pkttype __read_mostly = { static struct ebt_match filter_pkttype __read_mostly = {
.name = EBT_PKTTYPE_MATCH, .name = EBT_PKTTYPE_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
.match = ebt_filter_pkttype, .match = ebt_filter_pkttype,
.check = ebt_pkttype_check, .check = ebt_pkttype_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_pkttype_info)), .matchsize = XT_ALIGN(sizeof(struct ebt_pkttype_info)),
......
...@@ -52,6 +52,8 @@ static bool ebt_target_redirect_check(const char *tablename, unsigned int hookma ...@@ -52,6 +52,8 @@ static bool ebt_target_redirect_check(const char *tablename, unsigned int hookma
static struct ebt_target redirect_target __read_mostly = { static struct ebt_target redirect_target __read_mostly = {
.name = EBT_REDIRECT_TARGET, .name = EBT_REDIRECT_TARGET,
.revision = 0,
.family = NFPROTO_BRIDGE,
.target = ebt_target_redirect, .target = ebt_target_redirect,
.check = ebt_target_redirect_check, .check = ebt_target_redirect_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)), .targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)),
......
...@@ -68,6 +68,8 @@ static bool ebt_target_snat_check(const char *tablename, unsigned int hookmask, ...@@ -68,6 +68,8 @@ static bool ebt_target_snat_check(const char *tablename, unsigned int hookmask,
static struct ebt_target snat __read_mostly = { static struct ebt_target snat __read_mostly = {
.name = EBT_SNAT_TARGET, .name = EBT_SNAT_TARGET,
.revision = 0,
.family = NFPROTO_BRIDGE,
.target = ebt_target_snat, .target = ebt_target_snat,
.check = ebt_target_snat_check, .check = ebt_target_snat_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
......
...@@ -174,6 +174,8 @@ static bool ebt_stp_check(const char *tablename, unsigned int hookmask, ...@@ -174,6 +174,8 @@ static bool ebt_stp_check(const char *tablename, unsigned int hookmask,
static struct ebt_match filter_stp __read_mostly = { static struct ebt_match filter_stp __read_mostly = {
.name = EBT_STP_MATCH, .name = EBT_STP_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
.match = ebt_filter_stp, .match = ebt_filter_stp,
.check = ebt_stp_check, .check = ebt_stp_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_stp_info)), .matchsize = XT_ALIGN(sizeof(struct ebt_stp_info)),
......
...@@ -274,6 +274,8 @@ static bool ebt_ulog_check(const char *tablename, unsigned int hookmask, ...@@ -274,6 +274,8 @@ static bool ebt_ulog_check(const char *tablename, unsigned int hookmask,
static struct ebt_watcher ulog __read_mostly = { static struct ebt_watcher ulog __read_mostly = {
.name = EBT_ULOG_WATCHER, .name = EBT_ULOG_WATCHER,
.revision = 0,
.family = NFPROTO_BRIDGE,
.watcher = ebt_ulog, .watcher = ebt_ulog,
.check = ebt_ulog_check, .check = ebt_ulog_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_ulog_info)), .targetsize = XT_ALIGN(sizeof(struct ebt_ulog_info)),
......
...@@ -164,6 +164,8 @@ ebt_check_vlan(const char *tablename, ...@@ -164,6 +164,8 @@ ebt_check_vlan(const char *tablename,
static struct ebt_match filter_vlan __read_mostly = { static struct ebt_match filter_vlan __read_mostly = {
.name = EBT_VLAN_MATCH, .name = EBT_VLAN_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
.match = ebt_filter_vlan, .match = ebt_filter_vlan,
.check = ebt_check_vlan, .check = ebt_check_vlan,
.matchsize = XT_ALIGN(sizeof(struct ebt_vlan_info)), .matchsize = XT_ALIGN(sizeof(struct ebt_vlan_info)),
......
...@@ -62,6 +62,8 @@ static LIST_HEAD(ebt_watchers); ...@@ -62,6 +62,8 @@ static LIST_HEAD(ebt_watchers);
static struct ebt_target ebt_standard_target = { static struct ebt_target ebt_standard_target = {
.name = "standard", .name = "standard",
.revision = 0,
.family = NFPROTO_BRIDGE,
}; };
static inline int ebt_do_watcher (struct ebt_entry_watcher *w, static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
...@@ -352,6 +354,17 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, ...@@ -352,6 +354,17 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
return -ENOENT; return -ENOENT;
} }
mutex_unlock(&ebt_mutex); mutex_unlock(&ebt_mutex);
if (match->family != NFPROTO_BRIDGE) {
printk(KERN_WARNING "ebtables: %s match: not for ebtables?\n",
match->name);
goto out;
}
if (match->revision != 0) {
printk(KERN_WARNING "ebtables: %s match: ebtables is not "
"supporting revisions at this time\n",
match->name);
goto out;
}
if (XT_ALIGN(match->matchsize) != m->match_size && if (XT_ALIGN(match->matchsize) != m->match_size &&
match->matchsize != -1) { match->matchsize != -1) {
/* /*
...@@ -361,17 +374,18 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, ...@@ -361,17 +374,18 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
printk(KERN_WARNING "ebtables: %s match: " printk(KERN_WARNING "ebtables: %s match: "
"invalid size %Zu != %u\n", "invalid size %Zu != %u\n",
match->name, XT_ALIGN(match->matchsize), m->match_size); match->name, XT_ALIGN(match->matchsize), m->match_size);
module_put(match->me); goto out;
return -EINVAL;
} }
if (match->check && if (match->check &&
!match->check(name, hookmask, e, m->data, m->match_size)) { !match->check(name, hookmask, e, m->data, m->match_size)) {
BUGPRINT("match->check failed\n"); BUGPRINT("match->check failed\n");
module_put(match->me); goto out;
return -EINVAL;
} }
(*cnt)++; (*cnt)++;
return 0; return 0;
out:
module_put(match->me);
return -EINVAL;
} }
static inline int static inline int
...@@ -394,22 +408,34 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, ...@@ -394,22 +408,34 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
return -ENOENT; return -ENOENT;
} }
mutex_unlock(&ebt_mutex); mutex_unlock(&ebt_mutex);
if (watcher->family != NFPROTO_BRIDGE) {
printk(KERN_WARNING "ebtables: %s watcher: not for ebtables?\n",
watcher->name);
goto out;
}
if (watcher->revision != 0) {
printk(KERN_WARNING "ebtables: %s watcher: ebtables is not "
"supporting revisions at this time\n",
watcher->name);
goto out;
}
if (XT_ALIGN(watcher->targetsize) != w->watcher_size) { if (XT_ALIGN(watcher->targetsize) != w->watcher_size) {
printk(KERN_WARNING "ebtables: %s watcher: " printk(KERN_WARNING "ebtables: %s watcher: "
"invalid size %Zu != %u\n", "invalid size %Zu != %u\n",
watcher->name, XT_ALIGN(watcher->targetsize), watcher->name, XT_ALIGN(watcher->targetsize),
w->watcher_size); w->watcher_size);
module_put(watcher->me); goto out;
return -EINVAL;
} }
if (watcher->check && if (watcher->check &&
!watcher->check(name, hookmask, e, w->data, w->watcher_size)) { !watcher->check(name, hookmask, e, w->data, w->watcher_size)) {
BUGPRINT("watcher->check failed\n"); BUGPRINT("watcher->check failed\n");
module_put(watcher->me); goto out;
return -EINVAL;
} }
(*cnt)++; (*cnt)++;
return 0; return 0;
out:
module_put(watcher->me);
return -EINVAL;
} }
static int ebt_verify_pointers(struct ebt_replace *repl, static int ebt_verify_pointers(struct ebt_replace *repl,
...@@ -690,6 +716,20 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, ...@@ -690,6 +716,20 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
} }
mutex_unlock(&ebt_mutex); mutex_unlock(&ebt_mutex);
if (target->family != NFPROTO_BRIDGE) {
printk(KERN_WARNING "ebtables: %s target: not for ebtables?\n",
target->name);
ret = -EINVAL;
goto cleanup_watchers;
}
if (target->revision != 0) {
printk(KERN_WARNING "ebtables: %s target: ebtables is not "
"supporting revisions at this time\n",
target->name);
ret = -EINVAL;
goto cleanup_watchers;
}
t->u.target = target; t->u.target = target;
if (t->u.target == &ebt_standard_target) { if (t->u.target == &ebt_standard_target) {
if (gap < sizeof(struct ebt_standard_target)) { if (gap < sizeof(struct ebt_standard_target)) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment