* The 4 lsb are more than enough to store the verdict. */
#define EBT_VERDICT_BITS 0x0000000F
+struct xt_match;
+struct xt_target;
+
struct ebt_counter
{
uint64_t pcnt;
struct list_head list;
const char name[EBT_FUNCTION_MAXNAMELEN];
bool (*match)(const struct sk_buff *skb, const struct net_device *in,
- const struct net_device *out, const void *matchdata,
- unsigned int datalen);
- bool (*check)(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *matchdata, unsigned int datalen);
- void (*destroy)(void *matchdata, unsigned int datalen);
+ const struct net_device *out, const struct xt_match *match,
+ const void *matchinfo, int offset, unsigned int protoff,
+ bool *hotdrop);
+ bool (*checkentry)(const char *table, const void *entry,
+ const struct xt_match *match, void *matchinfo,
+ unsigned int hook_mask);
+ void (*destroy)(const struct xt_match *match, void *matchinfo);
unsigned int matchsize;
u_int8_t revision;
u_int8_t family;
{
struct list_head list;
const char name[EBT_FUNCTION_MAXNAMELEN];
- unsigned int (*watcher)(const struct sk_buff *skb, unsigned int hooknr,
- const struct net_device *in, const struct net_device *out,
- const void *watcherdata, unsigned int datalen);
- bool (*check)(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *watcherdata, unsigned int datalen);
- void (*destroy)(void *watcherdata, unsigned int datalen);
+ unsigned int (*target)(struct sk_buff *skb,
+ const struct net_device *in, const struct net_device *out,
+ unsigned int hook_num, const struct xt_target *target,
+ const void *targinfo);
+ bool (*checkentry)(const char *table, const void *entry,
+ const struct xt_target *target, void *targinfo,
+ unsigned int hook_mask);
+ void (*destroy)(const struct xt_target *target, void *targinfo);
unsigned int targetsize;
u_int8_t revision;
u_int8_t family;
struct list_head list;
const char name[EBT_FUNCTION_MAXNAMELEN];
/* returns one of the standard EBT_* verdicts */
- unsigned int (*target)(struct sk_buff *skb, unsigned int hooknr,
- const struct net_device *in, const struct net_device *out,
- const void *targetdata, unsigned int datalen);
- bool (*check)(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *targetdata, unsigned int datalen);
- void (*destroy)(void *targetdata, unsigned int datalen);
+ unsigned int (*target)(struct sk_buff *skb,
+ const struct net_device *in, const struct net_device *out,
+ unsigned int hook_num, const struct xt_target *target,
+ const void *targinfo);
+ bool (*checkentry)(const char *table, const void *entry,
+ const struct xt_target *target, void *targinfo,
+ unsigned int hook_mask);
+ void (*destroy)(const struct xt_target *target, void *targinfo);
unsigned int targetsize;
u_int8_t revision;
u_int8_t family;
#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_802_3.h>
-static bool ebt_filter_802_3(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out, const void *data, unsigned int datalen)
+static bool
+ebt_802_3_mt(const struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, const struct xt_match *match,
+ const void *data, int offset, unsigned int protoff, bool *hotdrop)
{
const struct ebt_802_3_info *info = data;
const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb);
return true;
}
-static struct ebt_match filter_802_3;
-static bool ebt_802_3_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen)
+static bool
+ebt_802_3_mt_check(const char *table, const void *entry,
+ const struct xt_match *match, void *data,
+ unsigned int hook_mask)
{
const struct ebt_802_3_info *info = data;
.name = EBT_802_3_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .match = ebt_filter_802_3,
- .check = ebt_802_3_check,
+ .match = ebt_802_3_mt,
+ .checkentry = ebt_802_3_mt_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_802_3_info)),
.me = THIS_MODULE,
};
return 0;
}
-static bool ebt_filter_among(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out, const void *data,
- unsigned int datalen)
+static bool
+ebt_among_mt(const struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, const struct xt_match *match,
+ const void *data, int offset, unsigned int protoff, bool *hotdrop)
{
const struct ebt_among_info *info = data;
const char *dmac, *smac;
}
static bool
-ebt_among_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data,
- unsigned int datalen)
+ebt_among_mt_check(const char *table, const void *entry,
+ const struct xt_match *match, void *data,
+ unsigned int hook_mask)
{
const struct ebt_entry_match *em =
container_of(data, const struct ebt_entry_match, data);
.name = EBT_AMONG_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .match = ebt_filter_among,
- .check = ebt_among_check,
+ .match = ebt_among_mt,
+ .checkentry = ebt_among_mt_check,
.matchsize = -1, /* special case */
.me = THIS_MODULE,
};
#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_arp.h>
-static bool ebt_filter_arp(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out, const void *data, unsigned int datalen)
+static bool
+ebt_arp_mt(const struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, const struct xt_match *match,
+ const void *data, int offset, unsigned int protoff, bool *hotdrop)
{
const struct ebt_arp_info *info = data;
const struct arphdr *ah;
return true;
}
-static bool ebt_arp_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen)
+static bool
+ebt_arp_mt_check(const char *table, const void *entry,
+ const struct xt_match *match, void *data,
+ unsigned int hook_mask)
{
const struct ebt_arp_info *info = data;
+ const struct ebt_entry *e = entry;
if ((e->ethproto != htons(ETH_P_ARP) &&
e->ethproto != htons(ETH_P_RARP)) ||
.name = EBT_ARP_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .match = ebt_filter_arp,
- .check = ebt_arp_check,
+ .match = ebt_arp_mt,
+ .checkentry = ebt_arp_mt_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_arp_info)),
.me = THIS_MODULE,
};
#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_arpreply.h>
-static unsigned int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr,
- const struct net_device *in, const struct net_device *out,
- const void *data, unsigned int datalen)
+static unsigned int
+ebt_arpreply_tg(struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, unsigned int hook_nr,
+ const struct xt_target *target, const void *data)
{
struct ebt_arpreply_info *info = (void *)data;
const __be32 *siptr, *diptr;
return info->target;
}
-static bool ebt_target_reply_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen)
+static bool
+ebt_arpreply_tg_check(const char *tablename, const void *entry,
+ const struct xt_target *target, void *data,
+ unsigned int hookmask)
{
const struct ebt_arpreply_info *info = data;
+ const struct ebt_entry *e = entry;
if (BASE_CHAIN && info->target == EBT_RETURN)
return false;
.name = EBT_ARPREPLY_TARGET,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .target = ebt_target_reply,
- .check = ebt_target_reply_check,
+ .target = ebt_arpreply_tg,
+ .checkentry = ebt_arpreply_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)),
.me = THIS_MODULE,
};
#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_nat.h>
-static unsigned int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr,
- const struct net_device *in, const struct net_device *out,
- const void *data, unsigned int datalen)
+static unsigned int
+ebt_dnat_tg(struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, unsigned int hook_nr,
+ const struct xt_target *target, const void *data)
{
const struct ebt_nat_info *info = data;
return info->target;
}
-static bool ebt_target_dnat_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen)
+static bool
+ebt_dnat_tg_check(const char *tablename, const void *entry,
+ const struct xt_target *target, void *data,
+ unsigned int hookmask)
{
const struct ebt_nat_info *info = data;
.name = EBT_DNAT_TARGET,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .target = ebt_target_dnat,
- .check = ebt_target_dnat_check,
+ .target = ebt_dnat_tg,
+ .checkentry = ebt_dnat_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
.me = THIS_MODULE,
};
__be16 dst;
};
-static bool ebt_filter_ip(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out, const void *data,
- unsigned int datalen)
+static bool
+ebt_ip_mt(const struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, const struct xt_match *match,
+ const void *data, int offset, unsigned int protoff, bool *hotdrop)
{
const struct ebt_ip_info *info = data;
const struct iphdr *ih;
return true;
}
-static bool ebt_ip_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen)
+static bool
+ebt_ip_mt_check(const char *table, const void *entry,
+ const struct xt_match *match, void *data,
+ unsigned int hook_mask)
{
const struct ebt_ip_info *info = data;
+ const struct ebt_entry *e = entry;
if (e->ethproto != htons(ETH_P_IP) ||
e->invflags & EBT_IPROTO)
.name = EBT_IP_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .match = ebt_filter_ip,
- .check = ebt_ip_check,
+ .match = ebt_ip_mt,
+ .checkentry = ebt_ip_mt_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_ip_info)),
.me = THIS_MODULE,
};
__be16 dst;
};
-static bool ebt_filter_ip6(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out, const void *data,
- unsigned int datalen)
+static bool
+ebt_ip6_mt(const struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, const struct xt_match *match,
+ const void *data, int offset, unsigned int protoff, bool *hotdrop)
{
const struct ebt_ip6_info *info = (struct ebt_ip6_info *)data;
const struct ipv6hdr *ih6;
return true;
}
-static bool ebt_ip6_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen)
+static bool
+ebt_ip6_mt_check(const char *table, const void *entry,
+ const struct xt_match *match, void *data,
+ unsigned int hook_mask)
{
+ const struct ebt_entry *e = entry;
struct ebt_ip6_info *info = (struct ebt_ip6_info *)data;
if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO)
.name = EBT_IP6_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .match = ebt_filter_ip6,
- .check = ebt_ip6_check,
+ .match = ebt_ip6_mt,
+ .checkentry = ebt_ip6_mt_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_ip6_info)),
.me = THIS_MODULE,
};
#define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ)
-static bool ebt_limit_match(const struct sk_buff *skb,
- const struct net_device *in, const struct net_device *out,
- const void *data, unsigned int datalen)
+static bool
+ebt_limit_mt(const struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, const struct xt_match *match,
+ const void *data, int offset, unsigned int protoff, bool *hotdrop)
{
struct ebt_limit_info *info = (struct ebt_limit_info *)data;
unsigned long now = jiffies;
return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE;
}
-static bool ebt_limit_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen)
+static bool
+ebt_limit_mt_check(const char *table, const void *e,
+ const struct xt_match *match, void *data,
+ unsigned int hook_mask)
{
struct ebt_limit_info *info = data;
.name = EBT_LIMIT_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .match = ebt_limit_match,
- .check = ebt_limit_check,
+ .match = ebt_limit_mt,
+ .checkentry = ebt_limit_mt_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_limit_info)),
.me = THIS_MODULE,
};
static DEFINE_SPINLOCK(ebt_log_lock);
-static bool ebt_log_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen)
+static bool
+ebt_log_tg_check(const char *table, const void *entry,
+ const struct xt_target *target, void *data,
+ unsigned int hook_mask)
{
struct ebt_log_info *info = data;
}
-static unsigned int ebt_log(const struct sk_buff *skb, unsigned int hooknr,
- const struct net_device *in, const struct net_device *out,
- const void *data, unsigned int datalen)
+static unsigned int
+ebt_log_tg(struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, unsigned int hooknr,
+ const struct xt_target *target, const void *data)
{
const struct ebt_log_info *info = data;
struct nf_loginfo li;
.name = EBT_LOG_WATCHER,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .watcher = ebt_log,
- .check = ebt_log_check,
+ .target = ebt_log_tg,
+ .checkentry = ebt_log_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_log_info)),
.me = THIS_MODULE,
};
#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_mark_t.h>
-static unsigned int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr,
- const struct net_device *in, const struct net_device *out,
- const void *data, unsigned int datalen)
+static unsigned int
+ebt_mark_tg(struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, unsigned int hook_nr,
+ const struct xt_target *target, const void *data)
{
const struct ebt_mark_t_info *info = data;
int action = info->target & -16;
return info->target | ~EBT_VERDICT_BITS;
}
-static bool ebt_target_mark_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen)
+static bool
+ebt_mark_tg_check(const char *table, const void *e,
+ const struct xt_target *target, void *data,
+ unsigned int hookmask)
{
const struct ebt_mark_t_info *info = data;
int tmp;
.name = EBT_MARK_TARGET,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .target = ebt_target_mark,
- .check = ebt_target_mark_check,
+ .target = ebt_mark_tg,
+ .checkentry = ebt_mark_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_mark_t_info)),
.me = THIS_MODULE,
};
#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_mark_m.h>
-static bool ebt_filter_mark(const struct sk_buff *skb,
- const struct net_device *in, const struct net_device *out, const void *data,
- unsigned int datalen)
+static bool
+ebt_mark_mt(const struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, const struct xt_match *match,
+ const void *data, int offset, unsigned int protoff, bool *hotdrop)
{
const struct ebt_mark_m_info *info = data;
return ((skb->mark & info->mask) == info->mark) ^ info->invert;
}
-static bool ebt_mark_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen)
+static bool
+ebt_mark_mt_check(const char *table, const void *e,
+ const struct xt_match *match, void *data,
+ unsigned int hook_mask)
{
const struct ebt_mark_m_info *info = data;
.name = EBT_MARK_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .match = ebt_filter_mark,
- .check = ebt_mark_check,
+ .match = ebt_mark_mt,
+ .checkentry = ebt_mark_mt_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_mark_m_info)),
.me = THIS_MODULE,
};
#include <linux/netfilter_bridge/ebt_nflog.h>
#include <net/netfilter/nf_log.h>
-static unsigned int ebt_nflog(const struct sk_buff *skb,
- unsigned int hooknr,
- const struct net_device *in,
- const struct net_device *out,
- const void *data, unsigned int datalen)
+static unsigned int
+ebt_nflog_tg(struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, unsigned int hooknr,
+ const struct xt_target *target, const void *data)
{
struct ebt_nflog_info *info = (struct ebt_nflog_info *)data;
struct nf_loginfo li;
return EBT_CONTINUE;
}
-static bool ebt_nflog_check(const char *tablename,
- unsigned int hookmask,
- const struct ebt_entry *e,
- void *data, unsigned int datalen)
+static bool
+ebt_nflog_tg_check(const char *table, const void *e,
+ const struct xt_target *target, void *data,
+ unsigned int hookmask)
{
struct ebt_nflog_info *info = (struct ebt_nflog_info *)data;
.name = EBT_NFLOG_WATCHER,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .watcher = ebt_nflog,
- .check = ebt_nflog_check,
+ .target = ebt_nflog_tg,
+ .checkentry = ebt_nflog_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_nflog_info)),
.me = THIS_MODULE,
};
#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_pkttype.h>
-static bool ebt_filter_pkttype(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- const void *data,
- unsigned int datalen)
+static bool
+ebt_pkttype_mt(const struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, const struct xt_match *match,
+ const void *data, int offset, unsigned int protoff,
+ bool *hotdrop)
{
const struct ebt_pkttype_info *info = data;
return (skb->pkt_type == info->pkt_type) ^ info->invert;
}
-static bool ebt_pkttype_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen)
+static bool
+ebt_pkttype_mt_check(const char *table, const void *e,
+ const struct xt_match *match, void *data,
+ unsigned int hook_mask)
{
const struct ebt_pkttype_info *info = data;
.name = EBT_PKTTYPE_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .match = ebt_filter_pkttype,
- .check = ebt_pkttype_check,
+ .match = ebt_pkttype_mt,
+ .checkentry = ebt_pkttype_mt_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_pkttype_info)),
.me = THIS_MODULE,
};
#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_redirect.h>
-static unsigned int ebt_target_redirect(struct sk_buff *skb,
- unsigned int hooknr,
- const struct net_device *in, const struct net_device *out,
- const void *data, unsigned int datalen)
+static unsigned int
+ebt_redirect_tg(struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, unsigned int hooknr,
+ const struct xt_target *target, const void *data)
{
const struct ebt_redirect_info *info = data;
return info->target;
}
-static bool ebt_target_redirect_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen)
+static bool
+ebt_redirect_tg_check(const char *tablename, const void *e,
+ const struct xt_target *target, void *data,
+ unsigned int hookmask)
{
const struct ebt_redirect_info *info = data;
.name = EBT_REDIRECT_TARGET,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .target = ebt_target_redirect,
- .check = ebt_target_redirect_check,
+ .target = ebt_redirect_tg,
+ .checkentry = ebt_redirect_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)),
.me = THIS_MODULE,
};
#include <linux/netfilter_bridge/ebtables.h>
#include <linux/netfilter_bridge/ebt_nat.h>
-static unsigned int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr,
- const struct net_device *in, const struct net_device *out,
- const void *data, unsigned int datalen)
+static unsigned int
+ebt_snat_tg(struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, unsigned int hook_nr,
+ const struct xt_target *target, const void *data)
{
const struct ebt_nat_info *info = data;
return info->target | ~EBT_VERDICT_BITS;
}
-static bool ebt_target_snat_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen)
+static bool
+ebt_snat_tg_check(const char *tablename, const void *e,
+ const struct xt_target *target, void *data,
+ unsigned int hookmask)
{
const struct ebt_nat_info *info = data;
int tmp;
.name = EBT_SNAT_TARGET,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .target = ebt_target_snat,
- .check = ebt_target_snat_check,
+ .target = ebt_snat_tg,
+ .checkentry = ebt_snat_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
.me = THIS_MODULE,
};
return true;
}
-static bool ebt_filter_stp(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out, const void *data, unsigned int datalen)
+static bool
+ebt_stp_mt(const struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, const struct xt_match *match,
+ const void *data, int offset, unsigned int protoff, bool *hotdrop)
{
const struct ebt_stp_info *info = data;
const struct stp_header *sp;
return true;
}
-static bool ebt_stp_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen)
+static bool
+ebt_stp_mt_check(const char *table, const void *entry,
+ const struct xt_match *match, void *data,
+ unsigned int hook_mask)
{
const struct ebt_stp_info *info = data;
const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00};
const uint8_t msk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+ const struct ebt_entry *e = entry;
if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK ||
!(info->bitmask & EBT_STP_MASK))
.name = EBT_STP_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .match = ebt_filter_stp,
- .check = ebt_stp_check,
+ .match = ebt_stp_mt,
+ .checkentry = ebt_stp_mt_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_stp_info)),
.me = THIS_MODULE,
};
ebt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
}
-static unsigned int ebt_ulog(const struct sk_buff *skb, unsigned int hooknr,
- const struct net_device *in, const struct net_device *out,
- const void *data, unsigned int datalen)
+static unsigned int
+ebt_ulog_tg(struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, unsigned int hooknr,
+ const struct xt_target *target, const void *data)
{
const struct ebt_ulog_info *uloginfo = data;
return EBT_CONTINUE;
}
-static bool ebt_ulog_check(const char *tablename, unsigned int hookmask,
- const struct ebt_entry *e, void *data, unsigned int datalen)
+static bool
+ebt_ulog_tg_check(const char *table, const void *entry,
+ const struct xt_target *target, void *data,
+ unsigned int hookmask)
{
struct ebt_ulog_info *uloginfo = data;
.name = EBT_ULOG_WATCHER,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .watcher = ebt_ulog,
- .check = ebt_ulog_check,
+ .target = ebt_ulog_tg,
+ .checkentry = ebt_ulog_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_ulog_info)),
.me = THIS_MODULE,
};
#define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; }
static bool
-ebt_filter_vlan(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- const void *data, unsigned int datalen)
+ebt_vlan_mt(const struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, const struct xt_match *match,
+ const void *data, int offset, unsigned int protoff, bool *hotdrop)
{
const struct ebt_vlan_info *info = data;
const struct vlan_hdr *fp;
}
static bool
-ebt_check_vlan(const char *tablename,
- unsigned int hooknr,
- const struct ebt_entry *e, void *data, unsigned int datalen)
+ebt_vlan_mt_check(const char *table, const void *entry,
+ const struct xt_match *match, void *data,
+ unsigned int hook_mask)
{
struct ebt_vlan_info *info = data;
+ const struct ebt_entry *e = entry;
/* Is it 802.1Q frame checked? */
if (e->ethproto != htons(ETH_P_8021Q)) {
.name = EBT_VLAN_MATCH,
.revision = 0,
.family = NFPROTO_BRIDGE,
- .match = ebt_filter_vlan,
- .check = ebt_check_vlan,
+ .match = ebt_vlan_mt,
+ .checkentry = ebt_vlan_mt_check,
.matchsize = XT_ALIGN(sizeof(struct ebt_vlan_info)),
.me = THIS_MODULE,
};
};
static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
- const struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
+ struct sk_buff *skb, unsigned int hooknr, const struct net_device *in,
const struct net_device *out)
{
- w->u.watcher->watcher(skb, hooknr, in, out, w->data,
- w->watcher_size);
+ w->u.watcher->target(skb, in, out, hooknr, NULL, w->data);
/* watchers don't give a verdict */
return 0;
}
const struct sk_buff *skb, const struct net_device *in,
const struct net_device *out)
{
- return m->u.match->match(skb, in, out, m->data,
- m->match_size);
+ return m->u.match->match(skb, in, out, NULL, m->data, 0, 0, NULL);
}
static inline int ebt_dev_check(char *entry, const struct net_device *device)
if (!t->u.target->target)
verdict = ((struct ebt_standard_target *)t)->verdict;
else
- verdict = t->u.target->target(skb, hook,
- in, out, t->data, t->target_size);
+ verdict = t->u.target->target(skb, in, out, hook,
+ NULL, t->data);
if (verdict == EBT_ACCEPT) {
read_unlock_bh(&table->lock);
return NF_ACCEPT;
match->name, XT_ALIGN(match->matchsize), m->match_size);
goto out;
}
- if (match->check &&
- !match->check(name, hookmask, e, m->data, m->match_size)) {
+ if (match->checkentry &&
+ !match->checkentry(name, e, NULL, m->data, hookmask)) {
BUGPRINT("match->check failed\n");
goto out;
}
w->watcher_size);
goto out;
}
- if (watcher->check &&
- !watcher->check(name, hookmask, e, w->data, w->watcher_size)) {
+ if (watcher->checkentry &&
+ !watcher->checkentry(name, e, NULL, w->data, hookmask)) {
BUGPRINT("watcher->check failed\n");
goto out;
}
if (i && (*i)-- == 0)
return 1;
if (m->u.match->destroy)
- m->u.match->destroy(m->data, m->match_size);
+ m->u.match->destroy(NULL, m->data);
module_put(m->u.match->me);
return 0;
if (i && (*i)-- == 0)
return 1;
if (w->u.watcher->destroy)
- w->u.watcher->destroy(w->data, w->watcher_size);
+ w->u.watcher->destroy(NULL, w->data);
module_put(w->u.watcher->me);
return 0;
EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
if (t->u.target->destroy)
- t->u.target->destroy(t->data, t->target_size);
+ t->u.target->destroy(NULL, t->data);
module_put(t->u.target->me);
return 0;
module_put(t->u.target->me);
ret = -EINVAL;
goto cleanup_watchers;
- } else if (t->u.target->check &&
- !t->u.target->check(name, hookmask, e, t->data, t->target_size)) {
+ } else if (t->u.target->checkentry &&
+ !t->u.target->checkentry(name, e, NULL, t->data, hookmask)) {
module_put(t->u.target->me);
ret = -EFAULT;
goto cleanup_watchers;