extern int xt_check_match(const struct xt_match *match, unsigned short family,
unsigned int size, const char *table, unsigned int hook,
- unsigned short proto, int inv_proto);
+ unsigned short proto, int inv_proto,
+ const void *entry, void *matchinfo);
extern int xt_check_target(const struct xt_target *target, unsigned short family,
unsigned int size, const char *table, unsigned int hook,
- unsigned short proto, int inv_proto);
+ unsigned short proto, int inv_proto,
+ const void *entry, void *targinfo);
extern struct xt_table *xt_register_table(struct net *net,
struct xt_table *table,
m->u.match = match;
ret = xt_check_match(match, NFPROTO_BRIDGE, m->match_size,
- name, hookmask, e->ethproto, e->invflags & EBT_IPROTO);
+ name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
+ e, m->data);
if (ret < 0) {
module_put(match->me);
return ret;
- } else if (match->checkentry != NULL &&
- !match->checkentry(name, e, NULL, m->data, hookmask)) {
- module_put(match->me);
- BUGPRINT("match->check failed\n");
- return -EINVAL;
}
(*cnt)++;
w->u.watcher = watcher;
ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size,
- name, hookmask, e->ethproto, e->invflags & EBT_IPROTO);
+ name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
+ e, w->data);
if (ret < 0) {
module_put(watcher->me);
return ret;
- } else if (watcher->checkentry != NULL &&
- !watcher->checkentry(name, e, NULL, w->data, hookmask)) {
- module_put(watcher->me);
- BUGPRINT("watcher->check failed\n");
- return -EINVAL;
}
(*cnt)++;
}
ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size,
- name, hookmask, e->ethproto, e->invflags & EBT_IPROTO);
+ name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
+ e, t->data);
if (ret < 0) {
module_put(target->me);
goto cleanup_watchers;
- } else if (t->u.target->checkentry &&
- !t->u.target->checkentry(name, e, NULL, t->data, hookmask)) {
- module_put(t->u.target->me);
- ret = -EINVAL;
- goto cleanup_watchers;
}
(*cnt)++;
return 0;
ret = xt_check_target(target, NFPROTO_ARP,
t->u.target_size - sizeof(*t),
- name, e->comefrom, 0, 0);
- if (!ret && t->u.kernel.target->checkentry
- && !t->u.kernel.target->checkentry(name, e, target, t->data,
- e->comefrom)) {
+ name, e->comefrom, 0, 0, e, t->data);
+ if (ret < 0) {
duprintf("arp_tables: check failed for `%s'.\n",
t->u.kernel.target->name);
- ret = -EINVAL;
+ return ret;
}
- return ret;
+ return 0;
}
static inline int
match = m->u.kernel.match;
ret = xt_check_match(match, AF_INET, m->u.match_size - sizeof(*m),
name, hookmask, ip->proto,
- ip->invflags & IPT_INV_PROTO);
- if (!ret && m->u.kernel.match->checkentry
- && !m->u.kernel.match->checkentry(name, ip, match, m->data,
- hookmask)) {
+ ip->invflags & IPT_INV_PROTO, ip, m->data);
+ if (ret < 0) {
duprintf("ip_tables: check failed for `%s'.\n",
m->u.kernel.match->name);
- ret = -EINVAL;
+ return ret;
}
- if (!ret)
- (*i)++;
- return ret;
+ ++*i;
+ return 0;
}
static int
target = t->u.kernel.target;
ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t),
name, e->comefrom, e->ip.proto,
- e->ip.invflags & IPT_INV_PROTO);
- if (!ret && t->u.kernel.target->checkentry
- && !t->u.kernel.target->checkentry(name, e, target, t->data,
- e->comefrom)) {
+ e->ip.invflags & IPT_INV_PROTO, e, t->data);
+ if (ret < 0) {
duprintf("ip_tables: check failed for `%s'.\n",
t->u.kernel.target->name);
- ret = -EINVAL;
+ return ret;
}
- return ret;
+ return 0;
}
static int
match = m->u.kernel.match;
ret = xt_check_match(match, AF_INET6, m->u.match_size - sizeof(*m),
name, hookmask, ipv6->proto,
- ipv6->invflags & IP6T_INV_PROTO);
- if (!ret && m->u.kernel.match->checkentry
- && !m->u.kernel.match->checkentry(name, ipv6, match, m->data,
- hookmask)) {
+ ipv6->invflags & IP6T_INV_PROTO, ipv6, m->data);
+ if (ret < 0) {
duprintf("ip_tables: check failed for `%s'.\n",
m->u.kernel.match->name);
- ret = -EINVAL;
+ return ret;
}
- if (!ret)
- (*i)++;
- return ret;
+ ++*i;
+ return 0;
}
static int
target = t->u.kernel.target;
ret = xt_check_target(target, AF_INET6, t->u.target_size - sizeof(*t),
name, e->comefrom, e->ipv6.proto,
- e->ipv6.invflags & IP6T_INV_PROTO);
- if (!ret && t->u.kernel.target->checkentry
- && !t->u.kernel.target->checkentry(name, e, target, t->data,
- e->comefrom)) {
+ e->ipv6.invflags & IP6T_INV_PROTO, e, t->data);
+ if (ret < 0) {
duprintf("ip_tables: check failed for `%s'.\n",
t->u.kernel.target->name);
- ret = -EINVAL;
+ return ret;
}
- return ret;
+ return 0;
}
static int
int xt_check_match(const struct xt_match *match, unsigned short family,
unsigned int size, const char *table, unsigned int hook_mask,
- unsigned short proto, int inv_proto)
+ unsigned short proto, int inv_proto, const void *entry,
+ void *matchinfo)
{
if (XT_ALIGN(match->matchsize) != size &&
match->matchsize != -1) {
xt_prefix[family], match->name, match->proto);
return -EINVAL;
}
+ if (match->checkentry != NULL &&
+ !match->checkentry(table, entry, match, matchinfo, hook_mask))
+ return -EINVAL;
return 0;
}
EXPORT_SYMBOL_GPL(xt_check_match);
int xt_check_target(const struct xt_target *target, unsigned short family,
unsigned int size, const char *table, unsigned int hook_mask,
- unsigned short proto, int inv_proto)
+ unsigned short proto, int inv_proto, const void *entry,
+ void *targinfo)
{
if (XT_ALIGN(target->targetsize) != size) {
printk("%s_tables: %s target: invalid size %Zu != %u\n",
xt_prefix[family], target->name, target->proto);
return -EINVAL;
}
+ if (target->checkentry != NULL &&
+ !target->checkentry(table, entry, target, targinfo, hook_mask))
+ return -EINVAL;
return 0;
}
EXPORT_SYMBOL_GPL(xt_check_target);
t->u.kernel.target = target;
ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t),
- table, hook, 0, 0);
- if (ret) {
+ table, hook, 0, 0, NULL, t->data);
+ if (ret < 0) {
module_put(t->u.kernel.target->me);
return ret;
}
- if (t->u.kernel.target->checkentry
- && !t->u.kernel.target->checkentry(table, NULL,
- t->u.kernel.target, t->data,
- hook)) {
- module_put(t->u.kernel.target->me);
- ret = -EINVAL;
- }
-
- return ret;
+ return 0;
}
static void ipt_destroy_target(struct ipt_entry_target *t)
projects / platform / upstream / kernel-adaptation-pc.git / commitdiff