const struct ebt_entry *e, void *matchdata, unsigned int datalen);
void (*destroy)(void *matchdata, unsigned int datalen);
unsigned int matchsize;
+ u_int8_t revision;
+ u_int8_t family;
struct module *me;
};
const struct ebt_entry *e, void *watcherdata, unsigned int datalen);
void (*destroy)(void *watcherdata, unsigned int datalen);
unsigned int targetsize;
+ u_int8_t revision;
+ u_int8_t family;
struct module *me;
};
const struct ebt_entry *e, void *targetdata, unsigned int datalen);
void (*destroy)(void *targetdata, unsigned int datalen);
unsigned int targetsize;
+ u_int8_t revision;
+ u_int8_t family;
struct module *me;
};
static struct ebt_match filter_802_3 __read_mostly = {
.name = EBT_802_3_MATCH,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.match = ebt_filter_802_3,
.check = ebt_802_3_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_802_3_info)),
static struct ebt_match filter_among __read_mostly = {
.name = EBT_AMONG_MATCH,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.match = ebt_filter_among,
.check = ebt_among_check,
.matchsize = -1, /* special case */
static struct ebt_match filter_arp __read_mostly = {
.name = EBT_ARP_MATCH,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.match = ebt_filter_arp,
.check = ebt_arp_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_arp_info)),
static struct ebt_target reply_target __read_mostly = {
.name = EBT_ARPREPLY_TARGET,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.target = ebt_target_reply,
.check = ebt_target_reply_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)),
static struct ebt_target dnat __read_mostly = {
.name = EBT_DNAT_TARGET,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.target = ebt_target_dnat,
.check = ebt_target_dnat_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
static struct ebt_match filter_ip __read_mostly = {
.name = EBT_IP_MATCH,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.match = ebt_filter_ip,
.check = ebt_ip_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_ip_info)),
static struct ebt_match filter_ip6 =
{
.name = EBT_IP6_MATCH,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.match = ebt_filter_ip6,
.check = ebt_ip6_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_ip6_info)),
static struct ebt_match ebt_limit_reg __read_mostly = {
.name = EBT_LIMIT_MATCH,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.match = ebt_limit_match,
.check = ebt_limit_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_limit_info)),
static struct ebt_watcher log =
{
.name = EBT_LOG_WATCHER,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.watcher = ebt_log,
.check = ebt_log_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_log_info)),
static struct ebt_target mark_target __read_mostly = {
.name = EBT_MARK_TARGET,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.target = ebt_target_mark,
.check = ebt_target_mark_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_mark_t_info)),
static struct ebt_match filter_mark __read_mostly = {
.name = EBT_MARK_MATCH,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.match = ebt_filter_mark,
.check = ebt_mark_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_mark_m_info)),
static struct ebt_watcher nflog __read_mostly = {
.name = EBT_NFLOG_WATCHER,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.watcher = ebt_nflog,
.check = ebt_nflog_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)),
static struct ebt_match filter_pkttype __read_mostly = {
.name = EBT_PKTTYPE_MATCH,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.match = ebt_filter_pkttype,
.check = ebt_pkttype_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_pkttype_info)),
static struct ebt_target redirect_target __read_mostly = {
.name = EBT_REDIRECT_TARGET,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.target = ebt_target_redirect,
.check = ebt_target_redirect_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)),
static struct ebt_target snat __read_mostly = {
.name = EBT_SNAT_TARGET,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.target = ebt_target_snat,
.check = ebt_target_snat_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
static struct ebt_match filter_stp __read_mostly = {
.name = EBT_STP_MATCH,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.match = ebt_filter_stp,
.check = ebt_stp_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_stp_info)),
static struct ebt_watcher ulog __read_mostly = {
.name = EBT_ULOG_WATCHER,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.watcher = ebt_ulog,
.check = ebt_ulog_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_ulog_info)),
static struct ebt_match filter_vlan __read_mostly = {
.name = EBT_VLAN_MATCH,
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
.match = ebt_filter_vlan,
.check = ebt_check_vlan,
.matchsize = XT_ALIGN(sizeof(struct ebt_vlan_info)),
static LIST_HEAD(ebt_watchers);
static struct ebt_target ebt_standard_target = {
- .name = "standard",
+ .name = "standard",
+ .revision = 0,
+ .family = NFPROTO_BRIDGE,
};
static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
return -ENOENT;
}
mutex_unlock(&ebt_mutex);
+ if (match->family != NFPROTO_BRIDGE) {
+ printk(KERN_WARNING "ebtables: %s match: not for ebtables?\n",
+ match->name);
+ goto out;
+ }
+ if (match->revision != 0) {
+ printk(KERN_WARNING "ebtables: %s match: ebtables is not "
+ "supporting revisions at this time\n",
+ match->name);
+ goto out;
+ }
if (XT_ALIGN(match->matchsize) != m->match_size &&
match->matchsize != -1) {
/*
printk(KERN_WARNING "ebtables: %s match: "
"invalid size %Zu != %u\n",
match->name, XT_ALIGN(match->matchsize), m->match_size);
- module_put(match->me);
- return -EINVAL;
+ goto out;
}
if (match->check &&
!match->check(name, hookmask, e, m->data, m->match_size)) {
BUGPRINT("match->check failed\n");
- module_put(match->me);
- return -EINVAL;
+ goto out;
}
(*cnt)++;
return 0;
+ out:
+ module_put(match->me);
+ return -EINVAL;
}
static inline int
return -ENOENT;
}
mutex_unlock(&ebt_mutex);
+ if (watcher->family != NFPROTO_BRIDGE) {
+ printk(KERN_WARNING "ebtables: %s watcher: not for ebtables?\n",
+ watcher->name);
+ goto out;
+ }
+ if (watcher->revision != 0) {
+ printk(KERN_WARNING "ebtables: %s watcher: ebtables is not "
+ "supporting revisions at this time\n",
+ watcher->name);
+ goto out;
+ }
if (XT_ALIGN(watcher->targetsize) != w->watcher_size) {
printk(KERN_WARNING "ebtables: %s watcher: "
"invalid size %Zu != %u\n",
watcher->name, XT_ALIGN(watcher->targetsize),
w->watcher_size);
- module_put(watcher->me);
- return -EINVAL;
+ goto out;
}
if (watcher->check &&
!watcher->check(name, hookmask, e, w->data, w->watcher_size)) {
BUGPRINT("watcher->check failed\n");
- module_put(watcher->me);
- return -EINVAL;
+ goto out;
}
(*cnt)++;
return 0;
+ out:
+ module_put(watcher->me);
+ return -EINVAL;
}
static int ebt_verify_pointers(struct ebt_replace *repl,
}
mutex_unlock(&ebt_mutex);
+ if (target->family != NFPROTO_BRIDGE) {
+ printk(KERN_WARNING "ebtables: %s target: not for ebtables?\n",
+ target->name);
+ ret = -EINVAL;
+ goto cleanup_watchers;
+ }
+ if (target->revision != 0) {
+ printk(KERN_WARNING "ebtables: %s target: ebtables is not "
+ "supporting revisions at this time\n",
+ target->name);
+ ret = -EINVAL;
+ goto cleanup_watchers;
+ }
+
t->u.target = target;
if (t->u.target == &ebt_standard_target) {
if (gap < sizeof(struct ebt_standard_target)) {