[NETFILTER]: x_tables: set the protocol family in x_tables targets/matches

Set the family field in xt_[matches|targets] registered.
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

include/linux/netfilter/x_tables.h

@@ -220,10 +220,10 @@ struct xt_table_info
 	char *entries[NR_CPUS];
 };
 
-extern int xt_register_target(int af, struct xt_target *target);
-extern void xt_unregister_target(int af, struct xt_target *target);
-extern int xt_register_match(int af, struct xt_match *target);
-extern void xt_unregister_match(int af, struct xt_match *target);
+extern int xt_register_target(struct xt_target *target);
+extern void xt_unregister_target(struct xt_target *target);
+extern int xt_register_match(struct xt_match *target);
+extern void xt_unregister_match(struct xt_match *target);
 
 extern int xt_check_match(const struct xt_match *match, unsigned short family,
 			  unsigned int size, const char *table, unsigned int hook,

include/linux/netfilter_arp/arp_tables.h

@@ -263,8 +263,10 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e
  */
 #ifdef __KERNEL__
 
-#define arpt_register_target(tgt) xt_register_target(NF_ARP, tgt)
-#define arpt_unregister_target(tgt) xt_unregister_target(NF_ARP, tgt)
+#define arpt_register_target(tgt) 	\
+({	(tgt)->family = NF_ARP;		\
+ 	xt_register_target(tgt); })
+#define arpt_unregister_target(tgt) xt_unregister_target(tgt)
 
 extern int arpt_register_table(struct arpt_table *table,
 			       const struct arpt_replace *repl);

include/linux/netfilter_ipv4/ip_tables.h

@@ -321,11 +321,15 @@ ipt_get_target(struct ipt_entry *e)
 #include <linux/init.h>
 extern void ipt_init(void) __init;
 
-#define ipt_register_target(tgt) xt_register_target(AF_INET, tgt)
-#define ipt_unregister_target(tgt) xt_unregister_target(AF_INET, tgt)
-
-#define ipt_register_match(mtch) xt_register_match(AF_INET, mtch)
-#define ipt_unregister_match(mtch) xt_unregister_match(AF_INET, mtch)
+#define ipt_register_target(tgt) 	\
+({	(tgt)->family = AF_INET;	\
+ 	xt_register_target(tgt); })
+#define ipt_unregister_target(tgt) xt_unregister_target(tgt)
+
+#define ipt_register_match(mtch) 	\
+({	(mtch)->family = AF_INET;	\
+	xt_register_match(mtch); })
+#define ipt_unregister_match(mtch) xt_unregister_match(mtch)
 
 //#define ipt_register_table(tbl, repl) xt_register_table(AF_INET, tbl, repl)
 //#define ipt_unregister_table(tbl) xt_unregister_table(AF_INET, tbl)

include/linux/netfilter_ipv6/ip6_tables.h

@@ -334,11 +334,15 @@ ip6t_get_target(struct ip6t_entry *e)
 #include <linux/init.h>
 extern void ip6t_init(void) __init;
 
-#define ip6t_register_target(tgt) xt_register_target(AF_INET6, tgt)
-#define ip6t_unregister_target(tgt) xt_unregister_target(AF_INET6, tgt)
-
-#define ip6t_register_match(match) xt_register_match(AF_INET6, match)
-#define ip6t_unregister_match(match) xt_unregister_match(AF_INET6, match)
+#define ip6t_register_target(tgt) 		\
+({	(tgt)->family = AF_INET6;		\
+ 	xt_register_target(tgt); })
+#define ip6t_unregister_target(tgt) xt_unregister_target(tgt)
+
+#define ip6t_register_match(match)		\
+({	(match)->family = AF_INET6;		\
+	xt_register_match(match); })
+#define ip6t_unregister_match(match) xt_unregister_match(match)
 
 extern int ip6t_register_table(struct ip6t_table *table,
 			       const struct ip6t_replace *repl);

net/ipv4/netfilter/arp_tables.c

@@ -1146,12 +1146,14 @@ void arpt_unregister_table(struct arpt_table *table)
 static struct arpt_target arpt_standard_target = {
 	.name		= ARPT_STANDARD_TARGET,
 	.targetsize	= sizeof(int),
+	.family		= NF_ARP,
 };
 
 static struct arpt_target arpt_error_target = {
 	.name		= ARPT_ERROR_TARGET,
 	.target		= arpt_error,
 	.targetsize	= ARPT_FUNCTION_MAXNAMELEN,
+	.family		= NF_ARP,
 };
 
 static struct nf_sockopt_ops arpt_sockopts = {
@@ -1171,8 +1173,8 @@ static int __init init(void)
 	xt_proto_init(NF_ARP);
 
 	/* Noone else will be downing sem now, so we won't sleep */
-	xt_register_target(NF_ARP, &arpt_standard_target);
-	xt_register_target(NF_ARP, &arpt_error_target);
+	xt_register_target(&arpt_standard_target);
+	xt_register_target(&arpt_error_target);
 
 	/* Register setsockopt */
 	ret = nf_register_sockopt(&arpt_sockopts);

net/ipv4/netfilter/ip_tables.c

@@ -1335,12 +1335,14 @@ icmp_checkentry(const char *tablename,
 static struct ipt_target ipt_standard_target = {
 	.name		= IPT_STANDARD_TARGET,
 	.targetsize	= sizeof(int),
+	.family		= AF_INET,
 };
 
 static struct ipt_target ipt_error_target = {
 	.name		= IPT_ERROR_TARGET,
 	.target		= ipt_error,
 	.targetsize	= IPT_FUNCTION_MAXNAMELEN,
+	.family		= AF_INET,
 };
 
 static struct nf_sockopt_ops ipt_sockopts = {
@@ -1358,6 +1360,7 @@ static struct ipt_match icmp_matchstruct = {
 	.match		= icmp_match,
 	.matchsize	= sizeof(struct ipt_icmp),
 	.proto		= IPPROTO_ICMP,
+	.family		= AF_INET,
 	.checkentry	= icmp_checkentry,
 };
 
@@ -1368,9 +1371,9 @@ static int __init init(void)
 	xt_proto_init(AF_INET);
 
 	/* Noone else will be downing sem now, so we won't sleep */
-	xt_register_target(AF_INET, &ipt_standard_target);
-	xt_register_target(AF_INET, &ipt_error_target);
-	xt_register_match(AF_INET, &icmp_matchstruct);
+	xt_register_target(&ipt_standard_target);
+	xt_register_target(&ipt_error_target);
+	xt_register_match(&icmp_matchstruct);
 
 	/* Register setsockopt */
 	ret = nf_register_sockopt(&ipt_sockopts);
@@ -1387,9 +1390,9 @@ static void __exit fini(void)
 {
 	nf_unregister_sockopt(&ipt_sockopts);
 
-	xt_unregister_match(AF_INET, &icmp_matchstruct);
-	xt_unregister_target(AF_INET, &ipt_error_target);
-	xt_unregister_target(AF_INET, &ipt_standard_target);
+	xt_unregister_match(&icmp_matchstruct);
+	xt_unregister_target(&ipt_error_target);
+	xt_unregister_target(&ipt_standard_target);
 
 	xt_proto_fini(AF_INET);
 }

net/ipv6/netfilter/ip6_tables.c

@@ -1377,12 +1377,14 @@ icmp6_checkentry(const char *tablename,
 static struct ip6t_target ip6t_standard_target = {
 	.name		= IP6T_STANDARD_TARGET,
 	.targetsize	= sizeof(int),
+	.family		= AF_INET6,
 };
 
 static struct ip6t_target ip6t_error_target = {
 	.name		= IP6T_ERROR_TARGET,
 	.target		= ip6t_error,
 	.targetsize	= IP6T_FUNCTION_MAXNAMELEN,
+	.family		= AF_INET6,
 };
 
 static struct nf_sockopt_ops ip6t_sockopts = {
@@ -1401,6 +1403,7 @@ static struct ip6t_match icmp6_matchstruct = {
 	.matchsize	= sizeof(struct ip6t_icmp),
 	.checkentry	= icmp6_checkentry,
 	.proto		= IPPROTO_ICMPV6,
+	.family		= AF_INET6,
 };
 
 static int __init init(void)
@@ -1410,9 +1413,9 @@ static int __init init(void)
 	xt_proto_init(AF_INET6);
 
 	/* Noone else will be downing sem now, so we won't sleep */
-	xt_register_target(AF_INET6, &ip6t_standard_target);
-	xt_register_target(AF_INET6, &ip6t_error_target);
-	xt_register_match(AF_INET6, &icmp6_matchstruct);
+	xt_register_target(&ip6t_standard_target);
+	xt_register_target(&ip6t_error_target);
+	xt_register_match(&icmp6_matchstruct);
 
 	/* Register setsockopt */
 	ret = nf_register_sockopt(&ip6t_sockopts);
@@ -1429,9 +1432,9 @@ static int __init init(void)
 static void __exit fini(void)
 {
 	nf_unregister_sockopt(&ip6t_sockopts);
-	xt_unregister_match(AF_INET6, &icmp6_matchstruct);
-	xt_unregister_target(AF_INET6, &ip6t_error_target);
-	xt_unregister_target(AF_INET6, &ip6t_standard_target);
+	xt_unregister_match(&icmp6_matchstruct);
+	xt_unregister_target(&ip6t_error_target);
+	xt_unregister_target(&ip6t_standard_target);
 	xt_proto_fini(AF_INET6);
 }
 

net/netfilter/x_tables.c

@@ -60,9 +60,9 @@ static const char *xt_prefix[NPROTO] = {
 
 /* Registration hooks for targets. */
 int
-xt_register_target(int af, struct xt_target *target)
+xt_register_target(struct xt_target *target)
 {
-	int ret;
+	int ret, af = target->family;
 
 	ret = down_interruptible(&xt[af].mutex);
 	if (ret != 0)
@@ -74,8 +74,10 @@ xt_register_target(int af, struct xt_target *target)
 EXPORT_SYMBOL(xt_register_target);
 
 void
-xt_unregister_target(int af, struct xt_target *target)
+xt_unregister_target(struct xt_target *target)
 {
+	int af = target->family;
+
 	down(&xt[af].mutex);
 	LIST_DELETE(&xt[af].target, target);
 	up(&xt[af].mutex);
@@ -83,9 +85,9 @@ xt_unregister_target(int af, struct xt_target *target)
 EXPORT_SYMBOL(xt_unregister_target);
 
 int
-xt_register_match(int af, struct xt_match *match)
+xt_register_match(struct xt_match *match)
 {
-	int ret;
+	int ret, af = match->family;
 
 	ret = down_interruptible(&xt[af].mutex);
 	if (ret != 0)
@@ -99,8 +101,10 @@ xt_register_match(int af, struct xt_match *match)
 EXPORT_SYMBOL(xt_register_match);
 
 void
-xt_unregister_match(int af, struct xt_match *match)
+xt_unregister_match(struct xt_match *match)
 {
+	int af =  match->family;
+
 	down(&xt[af].mutex);
 	LIST_DELETE(&xt[af].match, match);
 	up(&xt[af].mutex);

net/netfilter/xt_CLASSIFY.c

@@ -47,6 +47,7 @@ static struct xt_target classify_reg = {
 	.table		= "mangle",
 	.hooks		= (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |
 		          (1 << NF_IP_POST_ROUTING),
+	.family		= AF_INET,
 	.me 		= THIS_MODULE,
 };
 static struct xt_target classify6_reg = { 
@@ -56,6 +57,7 @@ static struct xt_target classify6_reg = {
 	.table		= "mangle",
 	.hooks		= (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |
 		          (1 << NF_IP_POST_ROUTING),
+	.family		= AF_INET6,
 	.me 		= THIS_MODULE,
 };
 
@@ -64,21 +66,21 @@ static int __init init(void)
 {
 	int ret;
 
-	ret = xt_register_target(AF_INET, &classify_reg);
+	ret = xt_register_target(&classify_reg);
 	if (ret)
 		return ret;
 
-	ret = xt_register_target(AF_INET6, &classify6_reg);
+	ret = xt_register_target(&classify6_reg);
 	if (ret)
-		xt_unregister_target(AF_INET, &classify_reg);
+		xt_unregister_target(&classify_reg);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_target(AF_INET, &classify_reg);
-	xt_unregister_target(AF_INET6, &classify6_reg);
+	xt_unregister_target(&classify_reg);
+	xt_unregister_target(&classify6_reg);
 }
 
 module_init(init);

net/netfilter/xt_CONNMARK.c

@@ -102,6 +102,7 @@ static struct xt_target connmark_reg = {
 	.target		= target,
 	.targetsize	= sizeof(struct xt_connmark_target_info),
 	.checkentry	= checkentry,
+	.family		= AF_INET,
 	.me		= THIS_MODULE
 };
 
@@ -110,6 +111,7 @@ static struct xt_target connmark6_reg = {
 	.target		= target,
 	.targetsize	= sizeof(struct xt_connmark_target_info),
 	.checkentry	= checkentry,
+	.family		= AF_INET6,
 	.me		= THIS_MODULE
 };
 
@@ -119,21 +121,21 @@ static int __init init(void)
 
 	need_conntrack();
 
-	ret = xt_register_target(AF_INET, &connmark_reg);
+	ret = xt_register_target(&connmark_reg);
 	if (ret)
 		return ret;
 
-	ret = xt_register_target(AF_INET6, &connmark6_reg);
+	ret = xt_register_target(&connmark6_reg);
 	if (ret)
-		xt_unregister_target(AF_INET, &connmark_reg);
+		xt_unregister_target(&connmark_reg);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_target(AF_INET, &connmark_reg);
-	xt_unregister_target(AF_INET6, &connmark6_reg);
+	xt_unregister_target(&connmark_reg);
+	xt_unregister_target(&connmark6_reg);
 }
 
 module_init(init);

net/netfilter/xt_MARK.c

@@ -119,6 +119,7 @@ static struct xt_target ipt_mark_reg_v0 = {
 	.table		= "mangle",
 	.checkentry	= checkentry_v0,
 	.me		= THIS_MODULE,
+	.family		= AF_INET,
 	.revision	= 0,
 };
 
@@ -129,6 +130,7 @@ static struct xt_target ipt_mark_reg_v1 = {
 	.table		= "mangle",
 	.checkentry	= checkentry_v1,
 	.me		= THIS_MODULE,
+	.family		= AF_INET,
 	.revision	= 1,
 };
 
@@ -139,6 +141,7 @@ static struct xt_target ip6t_mark_reg_v0 = {
 	.table		= "mangle",
 	.checkentry	= checkentry_v0,
 	.me		= THIS_MODULE,
+	.family		= AF_INET6,
 	.revision	= 0,
 };
 
@@ -146,18 +149,18 @@ static int __init init(void)
 {
 	int err;
 
-	err = xt_register_target(AF_INET, &ipt_mark_reg_v0);
+	err = xt_register_target(&ipt_mark_reg_v0);
 	if (err)
 		return err;
 
-	err = xt_register_target(AF_INET, &ipt_mark_reg_v1);
+	err = xt_register_target(&ipt_mark_reg_v1);
 	if (err)
-		xt_unregister_target(AF_INET, &ipt_mark_reg_v0);
+		xt_unregister_target(&ipt_mark_reg_v0);
 
-	err = xt_register_target(AF_INET6, &ip6t_mark_reg_v0);
+	err = xt_register_target(&ip6t_mark_reg_v0);
 	if (err) {
-		xt_unregister_target(AF_INET, &ipt_mark_reg_v0);
-		xt_unregister_target(AF_INET, &ipt_mark_reg_v1);
+		xt_unregister_target(&ipt_mark_reg_v0);
+		xt_unregister_target(&ipt_mark_reg_v1);
 	}
 
 	return err;
@@ -165,9 +168,9 @@ static int __init init(void)
 
 static void __exit fini(void)
 {
-	xt_unregister_target(AF_INET, &ipt_mark_reg_v0);
-	xt_unregister_target(AF_INET, &ipt_mark_reg_v1);
-	xt_unregister_target(AF_INET6, &ip6t_mark_reg_v0);
+	xt_unregister_target(&ipt_mark_reg_v0);
+	xt_unregister_target(&ipt_mark_reg_v1);
+	xt_unregister_target(&ip6t_mark_reg_v0);
 }
 
 module_init(init);

net/netfilter/xt_NFQUEUE.c

@@ -41,6 +41,7 @@ static struct xt_target ipt_NFQ_reg = {
 	.name		= "NFQUEUE",
 	.target		= target,
 	.targetsize	= sizeof(struct xt_NFQ_info),
+	.family		= AF_INET,
 	.me		= THIS_MODULE,
 };
 
@@ -48,6 +49,7 @@ static struct xt_target ip6t_NFQ_reg = {
 	.name		= "NFQUEUE",
 	.target		= target,
 	.targetsize	= sizeof(struct xt_NFQ_info),
+	.family		= AF_INET6,
 	.me		= THIS_MODULE,
 };
 
@@ -55,36 +57,37 @@ static struct xt_target arpt_NFQ_reg = {
 	.name		= "NFQUEUE",
 	.target		= target,
 	.targetsize	= sizeof(struct xt_NFQ_info),
+	.family		= NF_ARP,
 	.me		= THIS_MODULE,
 };
 
 static int __init init(void)
 {
 	int ret;
-	ret = xt_register_target(AF_INET, &ipt_NFQ_reg);
+	ret = xt_register_target(&ipt_NFQ_reg);
 	if (ret)
 		return ret;
-	ret = xt_register_target(AF_INET6, &ip6t_NFQ_reg);
+	ret = xt_register_target(&ip6t_NFQ_reg);
 	if (ret)
 		goto out_ip;
-	ret = xt_register_target(NF_ARP, &arpt_NFQ_reg);
+	ret = xt_register_target(&arpt_NFQ_reg);
 	if (ret)
 		goto out_ip6;
 
 	return ret;
 out_ip6:
-	xt_unregister_target(AF_INET6, &ip6t_NFQ_reg);
+	xt_unregister_target(&ip6t_NFQ_reg);
 out_ip:
-	xt_unregister_target(AF_INET, &ipt_NFQ_reg);
+	xt_unregister_target(&ipt_NFQ_reg);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_target(NF_ARP, &arpt_NFQ_reg);
-	xt_unregister_target(AF_INET6, &ip6t_NFQ_reg);
-	xt_unregister_target(AF_INET, &ipt_NFQ_reg);
+	xt_unregister_target(&arpt_NFQ_reg);
+	xt_unregister_target(&ip6t_NFQ_reg);
+	xt_unregister_target(&ipt_NFQ_reg);
 }
 
 module_init(init);

net/netfilter/xt_NOTRACK.c

@@ -39,6 +39,7 @@ static struct xt_target notrack_reg = {
 	.target		= target,
 	.targetsize	= 0,
 	.table		= "raw",
+	.family		= AF_INET,
 	.me		= THIS_MODULE,
 };
 
@@ -47,6 +48,7 @@ static struct xt_target notrack6_reg = {
 	.target		= target,
 	.targetsize	= 0,
 	.table		= "raw",
+	.family		= AF_INET6,
 	.me		= THIS_MODULE,
 };
 
@@ -54,21 +56,21 @@ static int __init init(void)
 {
 	int ret;
 
-	ret = xt_register_target(AF_INET, &notrack_reg);
+	ret = xt_register_target(&notrack_reg);
 	if (ret)
 		return ret;
 
-	ret = xt_register_target(AF_INET6, &notrack6_reg);
+	ret = xt_register_target(&notrack6_reg);
 	if (ret)
-		xt_unregister_target(AF_INET, &notrack_reg);
+		xt_unregister_target(&notrack_reg);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_target(AF_INET6, &notrack6_reg);
-	xt_unregister_target(AF_INET, &notrack_reg);
+	xt_unregister_target(&notrack6_reg);
+	xt_unregister_target(&notrack_reg);
 }
 
 module_init(init);

net/netfilter/xt_comment.c

@@ -33,6 +33,7 @@ static struct xt_match comment_match = {
 	.name		= "comment",
 	.match		= match,
 	.matchsize	= sizeof(struct xt_comment_info),
+	.family		= AF_INET,
 	.me		= THIS_MODULE
 };
 
@@ -40,6 +41,7 @@ static struct xt_match comment6_match = {
 	.name		= "comment",
 	.match		= match,
 	.matchsize	= sizeof(struct xt_comment_info),
+	.family		= AF_INET6,
 	.me		= THIS_MODULE
 };
 
@@ -47,21 +49,21 @@ static int __init init(void)
 {
 	int ret;
 
-	ret = xt_register_match(AF_INET, &comment_match);
+	ret = xt_register_match(&comment_match);
 	if (ret)
 		return ret;
 
-	ret = xt_register_match(AF_INET6, &comment6_match);
+	ret = xt_register_match(&comment6_match);
 	if (ret)
-		xt_unregister_match(AF_INET, &comment_match);
+		xt_unregister_match(&comment_match);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET, &comment_match);
-	xt_unregister_match(AF_INET6, &comment6_match);
+	xt_unregister_match(&comment_match);
+	xt_unregister_match(&comment6_match);
 }
 
 module_init(init);

net/netfilter/xt_connbytes.c

@@ -148,6 +148,7 @@ static struct xt_match connbytes_match = {
 	.match		= match,
 	.checkentry	= check,
 	.matchsize	= sizeof(struct xt_connbytes_info),
+	.family		= AF_INET,
 	.me		= THIS_MODULE
 };
 static struct xt_match connbytes6_match = {
@@ -155,26 +156,27 @@ static struct xt_match connbytes6_match = {
 	.match		= match,
 	.checkentry	= check,
 	.matchsize	= sizeof(struct xt_connbytes_info),
+	.family		= AF_INET6,
 	.me		= THIS_MODULE
 };
 
 static int __init init(void)
 {
 	int ret;
-	ret = xt_register_match(AF_INET, &connbytes_match);
+	ret = xt_register_match(&connbytes_match);
 	if (ret)
 		return ret;
 
-	ret = xt_register_match(AF_INET6, &connbytes6_match);
+	ret = xt_register_match(&connbytes6_match);
 	if (ret)
-		xt_unregister_match(AF_INET, &connbytes_match);
+		xt_unregister_match(&connbytes_match);
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET, &connbytes_match);
-	xt_unregister_match(AF_INET6, &connbytes6_match);
+	xt_unregister_match(&connbytes_match);
+	xt_unregister_match(&connbytes6_match);
 }
 
 module_init(init);

net/netfilter/xt_connmark.c

@@ -72,6 +72,7 @@ static struct xt_match connmark_match = {
 	.match		= match,
 	.matchsize	= sizeof(struct xt_connmark_info),
 	.checkentry	= checkentry,
+	.family		= AF_INET,
 	.me		= THIS_MODULE
 };
 
@@ -80,6 +81,7 @@ static struct xt_match connmark6_match = {
 	.match		= match,
 	.matchsize	= sizeof(struct xt_connmark_info),
 	.checkentry	= checkentry,
+	.family		= AF_INET6,
 	.me		= THIS_MODULE
 };
 
@@ -89,20 +91,20 @@ static int __init init(void)
 
 	need_conntrack();
 
-	ret = xt_register_match(AF_INET, &connmark_match);
+	ret = xt_register_match(&connmark_match);
 	if (ret)
 		return ret;
 
-	ret = xt_register_match(AF_INET6, &connmark6_match);
+	ret = xt_register_match(&connmark6_match);
 	if (ret)
-		xt_unregister_match(AF_INET, &connmark_match);
+		xt_unregister_match(&connmark_match);
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET6, &connmark6_match);
-	xt_unregister_match(AF_INET, &connmark_match);
+	xt_unregister_match(&connmark6_match);
+	xt_unregister_match(&connmark_match);
 }
 
 module_init(init);

net/netfilter/xt_conntrack.c

@@ -207,6 +207,7 @@ static struct xt_match conntrack_match = {
 	.name		= "conntrack",
 	.match		= match,
 	.matchsize	= sizeof(struct xt_conntrack_info),
+	.family		= AF_INET,
 	.me		= THIS_MODULE,
 };
 
@@ -214,14 +215,14 @@ static int __init init(void)
 {
 	int ret;
 	need_conntrack();
-	ret = xt_register_match(AF_INET, &conntrack_match);
+	ret = xt_register_match(&conntrack_match);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET, &conntrack_match);
+	xt_unregister_match(&conntrack_match);
 }
 
 module_init(init);

net/netfilter/xt_dccp.c

@@ -149,6 +149,7 @@ static struct xt_match dccp_match =
 	.matchsize	= sizeof(struct xt_dccp_info),
 	.proto		= IPPROTO_DCCP,
 	.checkentry	= checkentry,
+	.family		= AF_INET,
 	.me 		= THIS_MODULE,
 };
 static struct xt_match dccp6_match = 
@@ -158,6 +159,7 @@ static struct xt_match dccp6_match =
 	.matchsize	= sizeof(struct xt_dccp_info),
 	.proto		= IPPROTO_DCCP,
 	.checkentry	= checkentry,
+	.family		= AF_INET6,
 	.me 		= THIS_MODULE,
 };
 
@@ -172,17 +174,17 @@ static int __init init(void)
 	dccp_optbuf = kmalloc(256 * 4, GFP_KERNEL);
 	if (!dccp_optbuf)
 		return -ENOMEM;
-	ret = xt_register_match(AF_INET, &dccp_match);
+	ret = xt_register_match(&dccp_match);
 	if (ret)
 		goto out_kfree;
-	ret = xt_register_match(AF_INET6, &dccp6_match);
+	ret = xt_register_match(&dccp6_match);
 	if (ret)
 		goto out_unreg;
 
 	return ret;
 
 out_unreg:
-	xt_unregister_match(AF_INET, &dccp_match);
+	xt_unregister_match(&dccp_match);
 out_kfree:
 	kfree(dccp_optbuf);
 
@@ -191,8 +193,8 @@ static int __init init(void)
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET6, &dccp6_match);
-	xt_unregister_match(AF_INET, &dccp_match);
+	xt_unregister_match(&dccp6_match);
+	xt_unregister_match(&dccp_match);
 	kfree(dccp_optbuf);
 }
 

net/netfilter/xt_helper.c

@@ -153,6 +153,7 @@ static struct xt_match helper_match = {
 	.match		= match,
 	.matchsize	= sizeof(struct xt_helper_info),
 	.checkentry	= check,
+	.family		= AF_INET,
 	.me		= THIS_MODULE,
 };
 static struct xt_match helper6_match = {
@@ -160,6 +161,7 @@ static struct xt_match helper6_match = {
 	.match		= match,
 	.matchsize	= sizeof(struct xt_helper_info),
 	.checkentry	= check,
+	.family		= AF_INET6,
 	.me		= THIS_MODULE,
 };
 
@@ -168,21 +170,21 @@ static int __init init(void)
 	int ret;
 	need_conntrack();
 
-	ret = xt_register_match(AF_INET, &helper_match);
+	ret = xt_register_match(&helper_match);
 	if (ret < 0)
 		return ret;
 
-	ret = xt_register_match(AF_INET6, &helper6_match);
+	ret = xt_register_match(&helper6_match);
 	if (ret < 0)
-		xt_unregister_match(AF_INET, &helper_match);
+		xt_unregister_match(&helper_match);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET, &helper_match);
-	xt_unregister_match(AF_INET6, &helper6_match);
+	xt_unregister_match(&helper_match);
+	xt_unregister_match(&helper6_match);
 }
 
 module_init(init);

net/netfilter/xt_length.c

@@ -56,6 +56,7 @@ static struct xt_match length_match = {
 	.name		= "length",
 	.match		= match,
 	.matchsize	= sizeof(struct xt_length_info),
+	.family		= AF_INET,
 	.me		= THIS_MODULE,
 };
 
@@ -63,26 +64,27 @@ static struct xt_match length6_match = {
 	.name		= "length",
 	.match		= match6,
 	.matchsize	= sizeof(struct xt_length_info),
+	.family		= AF_INET6,
 	.me		= THIS_MODULE,
 };
 
 static int __init init(void)
 {
 	int ret;
-	ret = xt_register_match(AF_INET, &length_match);
+	ret = xt_register_match(&length_match);
 	if (ret)
 		return ret;
-	ret = xt_register_match(AF_INET6, &length6_match);
+	ret = xt_register_match(&length6_match);
 	if (ret)
-		xt_unregister_match(AF_INET, &length_match);
+		xt_unregister_match(&length_match);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET, &length_match);
-	xt_unregister_match(AF_INET6, &length6_match);
+	xt_unregister_match(&length_match);
+	xt_unregister_match(&length6_match);
 }
 
 module_init(init);

net/netfilter/xt_limit.c

@@ -141,6 +141,7 @@ static struct xt_match ipt_limit_reg = {
 	.match		= ipt_limit_match,
 	.matchsize	= sizeof(struct xt_rateinfo),
 	.checkentry	= ipt_limit_checkentry,
+	.family		= AF_INET,
 	.me		= THIS_MODULE,
 };
 static struct xt_match limit6_reg = {
@@ -148,6 +149,7 @@ static struct xt_match limit6_reg = {
 	.match		= ipt_limit_match,
 	.matchsize	= sizeof(struct xt_rateinfo),
 	.checkentry	= ipt_limit_checkentry,
+	.family		= AF_INET6,
 	.me		= THIS_MODULE,
 };
 
@@ -155,21 +157,21 @@ static int __init init(void)
 {
 	int ret;
 	
-	ret = xt_register_match(AF_INET, &ipt_limit_reg);
+	ret = xt_register_match(&ipt_limit_reg);
 	if (ret)
 		return ret;
 	
-	ret = xt_register_match(AF_INET6, &limit6_reg);
+	ret = xt_register_match(&limit6_reg);
 	if (ret)
-		xt_unregister_match(AF_INET, &ipt_limit_reg);
+		xt_unregister_match(&ipt_limit_reg);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET, &ipt_limit_reg);
-	xt_unregister_match(AF_INET6, &limit6_reg);
+	xt_unregister_match(&ipt_limit_reg);
+	xt_unregister_match(&limit6_reg);
 }
 
 module_init(init);

net/netfilter/xt_mac.c

@@ -49,6 +49,7 @@ static struct xt_match mac_match = {
 	.matchsize	= sizeof(struct xt_mac_info),
 	.hooks		= (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN) |
 			  (1 << NF_IP_FORWARD),
+	.family		= AF_INET,
 	.me		= THIS_MODULE,
 };
 static struct xt_match mac6_match = {
@@ -57,27 +58,28 @@ static struct xt_match mac6_match = {
 	.matchsize	= sizeof(struct xt_mac_info),
 	.hooks		= (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN) |
 			  (1 << NF_IP_FORWARD),
+	.family		= AF_INET6,
 	.me		= THIS_MODULE,
 };
 
 static int __init init(void)
 {
 	int ret;
-	ret = xt_register_match(AF_INET, &mac_match);
+	ret = xt_register_match(&mac_match);
 	if (ret)
 		return ret;
 
-	ret = xt_register_match(AF_INET6, &mac6_match);
+	ret = xt_register_match(&mac6_match);
 	if (ret)
-		xt_unregister_match(AF_INET, &mac_match);
+		xt_unregister_match(&mac_match);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET, &mac_match);
-	xt_unregister_match(AF_INET6, &mac6_match);
+	xt_unregister_match(&mac_match);
+	xt_unregister_match(&mac6_match);
 }
 
 module_init(init);

net/netfilter/xt_mark.c

@@ -56,6 +56,7 @@ static struct xt_match mark_match = {
 	.match		= match,
 	.matchsize	= sizeof(struct xt_mark_info),
 	.checkentry	= checkentry,
+	.family		= AF_INET,
 	.me		= THIS_MODULE,
 };
 
@@ -64,27 +65,28 @@ static struct xt_match mark6_match = {
 	.match		= match,
 	.matchsize	= sizeof(struct xt_mark_info),
 	.checkentry	= checkentry,
+	.family		= AF_INET6,
 	.me		= THIS_MODULE,
 };
 
 static int __init init(void)
 {
 	int ret;
-	ret = xt_register_match(AF_INET, &mark_match);
+	ret = xt_register_match(&mark_match);
 	if (ret)
 		return ret;
 
-	ret = xt_register_match(AF_INET6, &mark6_match);
+	ret = xt_register_match(&mark6_match);
 	if (ret)
-		xt_unregister_match(AF_INET, &mark_match);
+		xt_unregister_match(&mark_match);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET, &mark_match);
-	xt_unregister_match(AF_INET6, &mark6_match);
+	xt_unregister_match(&mark_match);
+	xt_unregister_match(&mark6_match);
 }
 
 module_init(init);

net/netfilter/xt_physdev.c

@@ -121,6 +121,7 @@ static struct xt_match physdev_match = {
 	.match		= match,
 	.matchsize	= sizeof(struct xt_physdev_info),
 	.checkentry	= checkentry,
+	.family		= AF_INET,
 	.me		= THIS_MODULE,
 };
 
@@ -129,6 +130,7 @@ static struct xt_match physdev6_match = {
 	.match		= match,
 	.matchsize	= sizeof(struct xt_physdev_info),
 	.checkentry	= checkentry,
+	.family		= AF_INET6,
 	.me		= THIS_MODULE,
 };
 
@@ -136,21 +138,21 @@ static int __init init(void)
 {
 	int ret;
 
-	ret = xt_register_match(AF_INET, &physdev_match);
+	ret = xt_register_match(&physdev_match);
 	if (ret < 0)
 		return ret;
 
-	ret = xt_register_match(AF_INET6, &physdev6_match);
+	ret = xt_register_match(&physdev6_match);
 	if (ret < 0)
-		xt_unregister_match(AF_INET, &physdev_match);
+		xt_unregister_match(&physdev_match);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET, &physdev_match);
-	xt_unregister_match(AF_INET6, &physdev6_match);
+	xt_unregister_match(&physdev_match);
+	xt_unregister_match(&physdev6_match);
 }
 
 module_init(init);

net/netfilter/xt_pkttype.c

@@ -37,6 +37,7 @@ static struct xt_match pkttype_match = {
 	.name		= "pkttype",
 	.match		= match,
 	.matchsize	= sizeof(struct xt_pkttype_info),
+	.family		= AF_INET,
 	.me		= THIS_MODULE,
 };
 
@@ -44,27 +45,28 @@ static struct xt_match pkttype6_match = {
 	.name		= "pkttype",
 	.match		= match,
 	.matchsize	= sizeof(struct xt_pkttype_info),
+	.family		= AF_INET6,
 	.me		= THIS_MODULE,
 };
 
 static int __init init(void)
 {
 	int ret;
-	ret = xt_register_match(AF_INET, &pkttype_match);
+	ret = xt_register_match(&pkttype_match);
 	if (ret)
 		return ret;
 
-	ret = xt_register_match(AF_INET6, &pkttype6_match);
+	ret = xt_register_match(&pkttype6_match);
 	if (ret)
-		xt_unregister_match(AF_INET, &pkttype_match);
+		xt_unregister_match(&pkttype_match);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET, &pkttype_match);
-	xt_unregister_match(AF_INET6, &pkttype6_match);
+	xt_unregister_match(&pkttype_match);
+	xt_unregister_match(&pkttype6_match);
 }
 
 module_init(init);

net/netfilter/xt_policy.c

@@ -172,6 +172,7 @@ static struct xt_match policy_match = {
 	.match		= match,
 	.matchsize	= sizeof(struct xt_policy_info),
 	.checkentry 	= checkentry,
+	.family		= AF_INET,
 	.me		= THIS_MODULE,
 };
 
@@ -181,6 +182,7 @@ static struct xt_match policy6_match = {
 	.match		= match,
 	.matchsize	= sizeof(struct xt_policy_info),
 	.checkentry	= checkentry,
+	.family		= AF_INET6,
 	.me		= THIS_MODULE,
 };
 
@@ -188,19 +190,19 @@ static int __init init(void)
 {
 	int ret;
 
-	ret = xt_register_match(AF_INET, &policy_match);
+	ret = xt_register_match(&policy_match);
 	if (ret)
 		return ret;
-	ret = xt_register_match(AF_INET6, &policy6_match);
+	ret = xt_register_match(&policy6_match);
 	if (ret)
-		xt_unregister_match(AF_INET, &policy_match);
+		xt_unregister_match(&policy_match);
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET6, &policy6_match);
-	xt_unregister_match(AF_INET, &policy_match);
+	xt_unregister_match(&policy6_match);
+	xt_unregister_match(&policy_match);
 }
 
 module_init(init);

net/netfilter/xt_realm.c

@@ -45,17 +45,18 @@ static struct xt_match realm_match = {
 	.matchsize	= sizeof(struct xt_realm_info),
 	.hooks		= (1 << NF_IP_POST_ROUTING) | (1 << NF_IP_FORWARD) |
 			  (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_LOCAL_IN),
+	.family		= AF_INET,
 	.me		= THIS_MODULE
 };
 
 static int __init init(void)
 {
-	return xt_register_match(AF_INET, &realm_match);
+	return xt_register_match(&realm_match);
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET, &realm_match);
+	xt_unregister_match(&realm_match);
 }
 
 module_init(init);

net/netfilter/xt_sctp.c

@@ -186,6 +186,7 @@ static struct xt_match sctp_match = {
 	.matchsize	= sizeof(struct xt_sctp_info),
 	.proto		= IPPROTO_SCTP,
 	.checkentry	= checkentry,
+	.family		= AF_INET,
 	.me		= THIS_MODULE
 };
 
@@ -195,27 +196,28 @@ static struct xt_match sctp6_match = {
 	.matchsize	= sizeof(struct xt_sctp_info),
 	.proto		= IPPROTO_SCTP,
 	.checkentry	= checkentry,
+	.family		= AF_INET6,
 	.me		= THIS_MODULE
 };
 
 static int __init init(void)
 {
 	int ret;
-	ret = xt_register_match(AF_INET, &sctp_match);
+	ret = xt_register_match(&sctp_match);
 	if (ret)
 		return ret;
 
-	ret = xt_register_match(AF_INET6, &sctp6_match);
+	ret = xt_register_match(&sctp6_match);
 	if (ret)
-		xt_unregister_match(AF_INET, &sctp_match);
+		xt_unregister_match(&sctp_match);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET6, &sctp6_match);
-	xt_unregister_match(AF_INET, &sctp_match);
+	xt_unregister_match(&sctp6_match);
+	xt_unregister_match(&sctp_match);
 }
 
 module_init(init);

net/netfilter/xt_state.c

@@ -48,6 +48,7 @@ static struct xt_match state_match = {
 	.name		= "state",
 	.match		= match,
 	.matchsize	= sizeof(struct xt_state_info),
+	.family		= AF_INET,
 	.me		= THIS_MODULE,
 };
 
@@ -55,6 +56,7 @@ static struct xt_match state6_match = {
 	.name		= "state",
 	.match		= match,
 	.matchsize	= sizeof(struct xt_state_info),
+	.family		= AF_INET6,
 	.me		= THIS_MODULE,
 };
 
@@ -64,21 +66,21 @@ static int __init init(void)
 
 	need_conntrack();
 
-	ret = xt_register_match(AF_INET, &state_match);
+	ret = xt_register_match(&state_match);
 	if (ret < 0)
 		return ret;
 
-	ret = xt_register_match(AF_INET6, &state6_match);
+	ret = xt_register_match(&state6_match);
 	if (ret < 0)
-		xt_unregister_match(AF_INET,&state_match);
+		xt_unregister_match(&state_match);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET, &state_match);
-	xt_unregister_match(AF_INET6, &state6_match);
+	xt_unregister_match(&state_match);
+	xt_unregister_match(&state6_match);
 }
 
 module_init(init);

net/netfilter/xt_string.c

@@ -78,6 +78,7 @@ static struct xt_match string_match = {
 	.matchsize	= sizeof(struct xt_string_info),
 	.checkentry	= checkentry,
 	.destroy 	= destroy,
+	.family		= AF_INET,
 	.me 		= THIS_MODULE
 };
 static struct xt_match string6_match = {
@@ -86,6 +87,7 @@ static struct xt_match string6_match = {
 	.matchsize	= sizeof(struct xt_string_info),
 	.checkentry	= checkentry,
 	.destroy 	= destroy,
+	.family		= AF_INET6,
 	.me 		= THIS_MODULE
 };
 
@@ -93,20 +95,20 @@ static int __init init(void)
 {
 	int ret;
 
-	ret = xt_register_match(AF_INET, &string_match);
+	ret = xt_register_match(&string_match);
 	if (ret)
 		return ret;
-	ret = xt_register_match(AF_INET6, &string6_match);
+	ret = xt_register_match(&string6_match);
 	if (ret)
-		xt_unregister_match(AF_INET, &string_match);
+		xt_unregister_match(&string_match);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET, &string_match);
-	xt_unregister_match(AF_INET6, &string6_match);
+	xt_unregister_match(&string_match);
+	xt_unregister_match(&string6_match);
 }
 
 module_init(init);

net/netfilter/xt_tcpmss.c

@@ -98,6 +98,7 @@ static struct xt_match tcpmss_match = {
 	.match		= match,
 	.matchsize	= sizeof(struct xt_tcpmss_match_info),
 	.proto		= IPPROTO_TCP,
+	.family		= AF_INET,
 	.me		= THIS_MODULE,
 };
 
@@ -106,6 +107,7 @@ static struct xt_match tcpmss6_match = {
 	.match		= match,
 	.matchsize	= sizeof(struct xt_tcpmss_match_info),
 	.proto		= IPPROTO_TCP,
+	.family		= AF_INET6,
 	.me		= THIS_MODULE,
 };
 
@@ -113,21 +115,21 @@ static struct xt_match tcpmss6_match = {
 static int __init init(void)
 {
 	int ret;
-	ret = xt_register_match(AF_INET, &tcpmss_match);
+	ret = xt_register_match(&tcpmss_match);
 	if (ret)
 		return ret;
 
-	ret = xt_register_match(AF_INET6, &tcpmss6_match);
+	ret = xt_register_match(&tcpmss6_match);
 	if (ret)
-		xt_unregister_match(AF_INET, &tcpmss_match);
+		xt_unregister_match(&tcpmss_match);
 
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET6, &tcpmss6_match);
-	xt_unregister_match(AF_INET, &tcpmss_match);
+	xt_unregister_match(&tcpmss6_match);
+	xt_unregister_match(&tcpmss_match);
 }
 
 module_init(init);

net/netfilter/xt_tcpudp.c

@@ -204,6 +204,7 @@ static struct xt_match tcp_matchstruct = {
 	.match		= tcp_match,
 	.matchsize	= sizeof(struct xt_tcp),
 	.proto		= IPPROTO_TCP,
+	.family		= AF_INET,
 	.checkentry	= tcp_checkentry,
 	.me		= THIS_MODULE,
 };
@@ -213,6 +214,7 @@ static struct xt_match tcp6_matchstruct = {
 	.match		= tcp_match,
 	.matchsize	= sizeof(struct xt_tcp),
 	.proto		= IPPROTO_TCP,
+	.family		= AF_INET6,
 	.checkentry	= tcp_checkentry,
 	.me		= THIS_MODULE,
 };
@@ -222,6 +224,7 @@ static struct xt_match udp_matchstruct = {
 	.match		= udp_match,
 	.matchsize	= sizeof(struct xt_udp),
 	.proto		= IPPROTO_UDP,
+	.family		= AF_INET,
 	.checkentry	= udp_checkentry,
 	.me		= THIS_MODULE,
 };
@@ -230,6 +233,7 @@ static struct xt_match udp6_matchstruct = {
 	.match		= udp_match,
 	.matchsize	= sizeof(struct xt_udp),
 	.proto		= IPPROTO_UDP,
+	.family		= AF_INET6,
 	.checkentry	= udp_checkentry,
 	.me		= THIS_MODULE,
 };
@@ -237,39 +241,39 @@ static struct xt_match udp6_matchstruct = {
 static int __init init(void)
 {
 	int ret;
-	ret = xt_register_match(AF_INET, &tcp_matchstruct);
+	ret = xt_register_match(&tcp_matchstruct);
 	if (ret)
 		return ret;
 
-	ret = xt_register_match(AF_INET6, &tcp6_matchstruct);
+	ret = xt_register_match(&tcp6_matchstruct);
 	if (ret)
 		goto out_unreg_tcp;
 
-	ret = xt_register_match(AF_INET, &udp_matchstruct);
+	ret = xt_register_match(&udp_matchstruct);
 	if (ret)
 		goto out_unreg_tcp6;
 	
-	ret = xt_register_match(AF_INET6, &udp6_matchstruct);
+	ret = xt_register_match(&udp6_matchstruct);
 	if (ret)
 		goto out_unreg_udp;
 
 	return ret;
 
 out_unreg_udp:
-	xt_unregister_match(AF_INET, &tcp_matchstruct);
+	xt_unregister_match(&tcp_matchstruct);
 out_unreg_tcp6:
-	xt_unregister_match(AF_INET6, &tcp6_matchstruct);
+	xt_unregister_match(&tcp6_matchstruct);
 out_unreg_tcp:
-	xt_unregister_match(AF_INET, &tcp_matchstruct);
+	xt_unregister_match(&tcp_matchstruct);
 	return ret;
 }
 
 static void __exit fini(void)
 {
-	xt_unregister_match(AF_INET6, &udp6_matchstruct);
-	xt_unregister_match(AF_INET, &udp_matchstruct);
-	xt_unregister_match(AF_INET6, &tcp6_matchstruct);
-	xt_unregister_match(AF_INET, &tcp_matchstruct);
+	xt_unregister_match(&udp6_matchstruct);
+	xt_unregister_match(&udp_matchstruct);
+	xt_unregister_match(&tcp6_matchstruct);
+	xt_unregister_match(&tcp_matchstruct);
 }
 
 module_init(init);