Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
raspberrypi-kernel
提交
cba7a98a
R
raspberrypi-kernel
项目概览
openeuler
/
raspberrypi-kernel
通知
13
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
raspberrypi-kernel
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
cba7a98a
编写于
14年前
作者:
P
Patrick McHardy
浏览文件
操作
浏览文件
下载
差异文件
Merge branch 'master' of
git://dev.medozas.de/linux
上级
d250fe91
4538506b
变更
98
隐藏空白更改
内联
并排
Showing
98 changed file
with
316 addition
and
367 deletion
+316
-367
include/linux/netfilter/x_tables.h
include/linux/netfilter/x_tables.h
+19
-26
net/bridge/netfilter/ebt_802_3.c
net/bridge/netfilter/ebt_802_3.c
+1
-1
net/bridge/netfilter/ebt_among.c
net/bridge/netfilter/ebt_among.c
+1
-1
net/bridge/netfilter/ebt_arp.c
net/bridge/netfilter/ebt_arp.c
+1
-1
net/bridge/netfilter/ebt_arpreply.c
net/bridge/netfilter/ebt_arpreply.c
+1
-1
net/bridge/netfilter/ebt_dnat.c
net/bridge/netfilter/ebt_dnat.c
+1
-1
net/bridge/netfilter/ebt_ip.c
net/bridge/netfilter/ebt_ip.c
+1
-1
net/bridge/netfilter/ebt_ip6.c
net/bridge/netfilter/ebt_ip6.c
+1
-1
net/bridge/netfilter/ebt_limit.c
net/bridge/netfilter/ebt_limit.c
+1
-1
net/bridge/netfilter/ebt_log.c
net/bridge/netfilter/ebt_log.c
+1
-1
net/bridge/netfilter/ebt_mark.c
net/bridge/netfilter/ebt_mark.c
+1
-1
net/bridge/netfilter/ebt_mark_m.c
net/bridge/netfilter/ebt_mark_m.c
+1
-1
net/bridge/netfilter/ebt_nflog.c
net/bridge/netfilter/ebt_nflog.c
+1
-1
net/bridge/netfilter/ebt_pkttype.c
net/bridge/netfilter/ebt_pkttype.c
+1
-1
net/bridge/netfilter/ebt_redirect.c
net/bridge/netfilter/ebt_redirect.c
+1
-1
net/bridge/netfilter/ebt_snat.c
net/bridge/netfilter/ebt_snat.c
+1
-1
net/bridge/netfilter/ebt_stp.c
net/bridge/netfilter/ebt_stp.c
+1
-1
net/bridge/netfilter/ebt_ulog.c
net/bridge/netfilter/ebt_ulog.c
+1
-1
net/bridge/netfilter/ebt_vlan.c
net/bridge/netfilter/ebt_vlan.c
+1
-1
net/bridge/netfilter/ebtables.c
net/bridge/netfilter/ebtables.c
+16
-17
net/ipv4/netfilter/arp_tables.c
net/ipv4/netfilter/arp_tables.c
+30
-35
net/ipv4/netfilter/arpt_mangle.c
net/ipv4/netfilter/arpt_mangle.c
+1
-1
net/ipv4/netfilter/ip_tables.c
net/ipv4/netfilter/ip_tables.c
+54
-74
net/ipv4/netfilter/ipt_CLUSTERIP.c
net/ipv4/netfilter/ipt_CLUSTERIP.c
+1
-1
net/ipv4/netfilter/ipt_ECN.c
net/ipv4/netfilter/ipt_ECN.c
+1
-1
net/ipv4/netfilter/ipt_LOG.c
net/ipv4/netfilter/ipt_LOG.c
+1
-1
net/ipv4/netfilter/ipt_MASQUERADE.c
net/ipv4/netfilter/ipt_MASQUERADE.c
+1
-1
net/ipv4/netfilter/ipt_NETMAP.c
net/ipv4/netfilter/ipt_NETMAP.c
+1
-1
net/ipv4/netfilter/ipt_REDIRECT.c
net/ipv4/netfilter/ipt_REDIRECT.c
+1
-1
net/ipv4/netfilter/ipt_REJECT.c
net/ipv4/netfilter/ipt_REJECT.c
+1
-1
net/ipv4/netfilter/ipt_ULOG.c
net/ipv4/netfilter/ipt_ULOG.c
+1
-1
net/ipv4/netfilter/ipt_addrtype.c
net/ipv4/netfilter/ipt_addrtype.c
+2
-2
net/ipv4/netfilter/ipt_ah.c
net/ipv4/netfilter/ipt_ah.c
+2
-2
net/ipv4/netfilter/ipt_ecn.c
net/ipv4/netfilter/ipt_ecn.c
+2
-2
net/ipv4/netfilter/nf_nat_rule.c
net/ipv4/netfilter/nf_nat_rule.c
+2
-2
net/ipv6/netfilter/ip6_tables.c
net/ipv6/netfilter/ip6_tables.c
+50
-68
net/ipv6/netfilter/ip6t_LOG.c
net/ipv6/netfilter/ip6t_LOG.c
+1
-1
net/ipv6/netfilter/ip6t_REJECT.c
net/ipv6/netfilter/ip6t_REJECT.c
+1
-1
net/ipv6/netfilter/ip6t_ah.c
net/ipv6/netfilter/ip6t_ah.c
+3
-3
net/ipv6/netfilter/ip6t_eui64.c
net/ipv6/netfilter/ip6t_eui64.c
+2
-2
net/ipv6/netfilter/ip6t_frag.c
net/ipv6/netfilter/ip6t_frag.c
+3
-3
net/ipv6/netfilter/ip6t_hbh.c
net/ipv6/netfilter/ip6t_hbh.c
+3
-3
net/ipv6/netfilter/ip6t_ipv6header.c
net/ipv6/netfilter/ip6t_ipv6header.c
+1
-1
net/ipv6/netfilter/ip6t_mh.c
net/ipv6/netfilter/ip6t_mh.c
+3
-3
net/ipv6/netfilter/ip6t_rt.c
net/ipv6/netfilter/ip6t_rt.c
+3
-3
net/netfilter/xt_CLASSIFY.c
net/netfilter/xt_CLASSIFY.c
+1
-1
net/netfilter/xt_CONNSECMARK.c
net/netfilter/xt_CONNSECMARK.c
+1
-1
net/netfilter/xt_CT.c
net/netfilter/xt_CT.c
+1
-1
net/netfilter/xt_DSCP.c
net/netfilter/xt_DSCP.c
+4
-4
net/netfilter/xt_HL.c
net/netfilter/xt_HL.c
+2
-2
net/netfilter/xt_LED.c
net/netfilter/xt_LED.c
+1
-1
net/netfilter/xt_NFLOG.c
net/netfilter/xt_NFLOG.c
+1
-1
net/netfilter/xt_NFQUEUE.c
net/netfilter/xt_NFQUEUE.c
+2
-2
net/netfilter/xt_NOTRACK.c
net/netfilter/xt_NOTRACK.c
+1
-1
net/netfilter/xt_RATEEST.c
net/netfilter/xt_RATEEST.c
+1
-1
net/netfilter/xt_SECMARK.c
net/netfilter/xt_SECMARK.c
+1
-1
net/netfilter/xt_TCPMSS.c
net/netfilter/xt_TCPMSS.c
+2
-2
net/netfilter/xt_TCPOPTSTRIP.c
net/netfilter/xt_TCPOPTSTRIP.c
+2
-2
net/netfilter/xt_TEE.c
net/netfilter/xt_TEE.c
+2
-2
net/netfilter/xt_TPROXY.c
net/netfilter/xt_TPROXY.c
+1
-1
net/netfilter/xt_TRACE.c
net/netfilter/xt_TRACE.c
+1
-1
net/netfilter/xt_cluster.c
net/netfilter/xt_cluster.c
+1
-1
net/netfilter/xt_comment.c
net/netfilter/xt_comment.c
+1
-1
net/netfilter/xt_connbytes.c
net/netfilter/xt_connbytes.c
+1
-1
net/netfilter/xt_connlimit.c
net/netfilter/xt_connlimit.c
+3
-3
net/netfilter/xt_connmark.c
net/netfilter/xt_connmark.c
+2
-2
net/netfilter/xt_conntrack.c
net/netfilter/xt_conntrack.c
+3
-3
net/netfilter/xt_dccp.c
net/netfilter/xt_dccp.c
+3
-3
net/netfilter/xt_dscp.c
net/netfilter/xt_dscp.c
+3
-3
net/netfilter/xt_esp.c
net/netfilter/xt_esp.c
+2
-2
net/netfilter/xt_hashlimit.c
net/netfilter/xt_hashlimit.c
+2
-2
net/netfilter/xt_helper.c
net/netfilter/xt_helper.c
+1
-1
net/netfilter/xt_hl.c
net/netfilter/xt_hl.c
+2
-2
net/netfilter/xt_iprange.c
net/netfilter/xt_iprange.c
+2
-2
net/netfilter/xt_length.c
net/netfilter/xt_length.c
+2
-2
net/netfilter/xt_limit.c
net/netfilter/xt_limit.c
+1
-1
net/netfilter/xt_mac.c
net/netfilter/xt_mac.c
+1
-1
net/netfilter/xt_mark.c
net/netfilter/xt_mark.c
+2
-2
net/netfilter/xt_multiport.c
net/netfilter/xt_multiport.c
+4
-4
net/netfilter/xt_osf.c
net/netfilter/xt_osf.c
+2
-2
net/netfilter/xt_owner.c
net/netfilter/xt_owner.c
+1
-1
net/netfilter/xt_physdev.c
net/netfilter/xt_physdev.c
+1
-1
net/netfilter/xt_pkttype.c
net/netfilter/xt_pkttype.c
+1
-1
net/netfilter/xt_policy.c
net/netfilter/xt_policy.c
+1
-1
net/netfilter/xt_quota.c
net/netfilter/xt_quota.c
+1
-1
net/netfilter/xt_rateest.c
net/netfilter/xt_rateest.c
+1
-1
net/netfilter/xt_realm.c
net/netfilter/xt_realm.c
+1
-1
net/netfilter/xt_recent.c
net/netfilter/xt_recent.c
+2
-2
net/netfilter/xt_sctp.c
net/netfilter/xt_sctp.c
+3
-3
net/netfilter/xt_socket.c
net/netfilter/xt_socket.c
+3
-3
net/netfilter/xt_state.c
net/netfilter/xt_state.c
+1
-1
net/netfilter/xt_statistic.c
net/netfilter/xt_statistic.c
+1
-1
net/netfilter/xt_string.c
net/netfilter/xt_string.c
+1
-1
net/netfilter/xt_tcpmss.c
net/netfilter/xt_tcpmss.c
+2
-2
net/netfilter/xt_tcpudp.c
net/netfilter/xt_tcpudp.c
+7
-7
net/netfilter/xt_time.c
net/netfilter/xt_time.c
+1
-1
net/netfilter/xt_u32.c
net/netfilter/xt_u32.c
+1
-1
net/sched/act_ipt.c
net/sched/act_ipt.c
+1
-1
未找到文件。
include/linux/netfilter/x_tables.h
浏览文件 @
cba7a98a
...
...
@@ -183,29 +183,39 @@ struct xt_counters_info {
#include <linux/netdevice.h>
/**
* struct xt_
match_param - parameters for match extensions' match function
s
* struct xt_
action_param - parameters for matches/target
s
*
* @match: the match extension
* @target: the target extension
* @matchinfo: per-match data
* @targetinfo: per-target data
* @in: input netdevice
* @out: output netdevice
* @match: struct xt_match through which this function was invoked
* @matchinfo: per-match data
* @fragoff: packet is a fragment, this is the data offset
* @thoff: position of transport header relative to skb->data
* @hook: hook number given packet came from
* @family: Actual NFPROTO_* through which the function is invoked
* (helpful when match->family == NFPROTO_UNSPEC)
*
* Fields written to by extensions:
*
* @hotdrop: drop packet if we had inspection problems
* Network namespace obtainable using dev_net(in/out)
*/
struct
xt_match_param
{
struct
xt_action_param
{
union
{
const
struct
xt_match
*
match
;
const
struct
xt_target
*
target
;
};
union
{
const
void
*
matchinfo
,
*
targinfo
;
};
const
struct
net_device
*
in
,
*
out
;
const
struct
xt_match
*
match
;
const
void
*
matchinfo
;
int
fragoff
;
unsigned
int
thoff
;
unsigned
int
hooknum
;
u_int8_t
family
;
bool
*
hotdrop
;
bool
hotdrop
;
};
/**
...
...
@@ -242,23 +252,6 @@ struct xt_mtdtor_param {
u_int8_t
family
;
};
/**
* struct xt_target_param - parameters for target extensions' target functions
*
* @hooknum: hook through which this target was invoked
* @target: struct xt_target through which this function was invoked
* @targinfo: per-target data
*
* Other fields see above.
*/
struct
xt_target_param
{
const
struct
net_device
*
in
,
*
out
;
const
struct
xt_target
*
target
;
const
void
*
targinfo
;
unsigned
int
hooknum
;
u_int8_t
family
;
};
/**
* struct xt_tgchk_param - parameters for target extensions'
* checkentry functions
...
...
@@ -298,7 +291,7 @@ struct xt_match {
non-linear skb, using skb_header_pointer and
skb_ip_make_writable. */
bool
(
*
match
)(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
);
struct
xt_action
_param
*
);
/* Called when user tries to insert an entry of this type. */
int
(
*
checkentry
)(
const
struct
xt_mtchk_param
*
);
...
...
@@ -335,7 +328,7 @@ struct xt_target {
must now handle non-linear skbs, using skb_copy_bits and
skb_ip_make_writable. */
unsigned
int
(
*
target
)(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
);
const
struct
xt_
action
_param
*
);
/* Called when user tries to insert an entry of this type:
hook_mask is a bitmask of hooks from which it can be
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_802_3.c
浏览文件 @
cba7a98a
...
...
@@ -13,7 +13,7 @@
#include <linux/netfilter_bridge/ebt_802_3.h>
static
bool
ebt_802_3_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
ebt_802_3_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
ebt_802_3_info
*
info
=
par
->
matchinfo
;
const
struct
ebt_802_3_hdr
*
hdr
=
ebt_802_3_hdr
(
skb
);
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_among.c
浏览文件 @
cba7a98a
...
...
@@ -129,7 +129,7 @@ static int get_ip_src(const struct sk_buff *skb, __be32 *addr)
}
static
bool
ebt_among_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
ebt_among_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
ebt_among_info
*
info
=
par
->
matchinfo
;
const
char
*
dmac
,
*
smac
;
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_arp.c
浏览文件 @
cba7a98a
...
...
@@ -16,7 +16,7 @@
#include <linux/netfilter_bridge/ebt_arp.h>
static
bool
ebt_arp_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
ebt_arp_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
ebt_arp_info
*
info
=
par
->
matchinfo
;
const
struct
arphdr
*
ah
;
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_arpreply.c
浏览文件 @
cba7a98a
...
...
@@ -16,7 +16,7 @@
#include <linux/netfilter_bridge/ebt_arpreply.h>
static
unsigned
int
ebt_arpreply_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
ebt_arpreply_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
ebt_arpreply_info
*
info
=
par
->
targinfo
;
const
__be32
*
siptr
,
*
diptr
;
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_dnat.c
浏览文件 @
cba7a98a
...
...
@@ -15,7 +15,7 @@
#include <linux/netfilter_bridge/ebt_nat.h>
static
unsigned
int
ebt_dnat_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
ebt_dnat_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
ebt_nat_info
*
info
=
par
->
targinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_ip.c
浏览文件 @
cba7a98a
...
...
@@ -25,7 +25,7 @@ struct tcpudphdr {
};
static
bool
ebt_ip_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
ebt_ip_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
ebt_ip_info
*
info
=
par
->
matchinfo
;
const
struct
iphdr
*
ih
;
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_ip6.c
浏览文件 @
cba7a98a
...
...
@@ -28,7 +28,7 @@ struct tcpudphdr {
};
static
bool
ebt_ip6_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
ebt_ip6_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
ebt_ip6_info
*
info
=
par
->
matchinfo
;
const
struct
ipv6hdr
*
ih6
;
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_limit.c
浏览文件 @
cba7a98a
...
...
@@ -32,7 +32,7 @@ static DEFINE_SPINLOCK(limit_lock);
#define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ)
static
bool
ebt_limit_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
ebt_limit_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
struct
ebt_limit_info
*
info
=
(
void
*
)
par
->
matchinfo
;
unsigned
long
now
=
jiffies
;
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_log.c
浏览文件 @
cba7a98a
...
...
@@ -171,7 +171,7 @@ ebt_log_packet(u_int8_t pf, unsigned int hooknum,
}
static
unsigned
int
ebt_log_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
ebt_log_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
ebt_log_info
*
info
=
par
->
targinfo
;
struct
nf_loginfo
li
;
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_mark.c
浏览文件 @
cba7a98a
...
...
@@ -19,7 +19,7 @@
#include <linux/netfilter_bridge/ebt_mark_t.h>
static
unsigned
int
ebt_mark_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
ebt_mark_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
ebt_mark_t_info
*
info
=
par
->
targinfo
;
int
action
=
info
->
target
&
-
16
;
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_mark_m.c
浏览文件 @
cba7a98a
...
...
@@ -13,7 +13,7 @@
#include <linux/netfilter_bridge/ebt_mark_m.h>
static
bool
ebt_mark_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
ebt_mark_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
ebt_mark_m_info
*
info
=
par
->
matchinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_nflog.c
浏览文件 @
cba7a98a
...
...
@@ -20,7 +20,7 @@
#include <net/netfilter/nf_log.h>
static
unsigned
int
ebt_nflog_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
ebt_nflog_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
ebt_nflog_info
*
info
=
par
->
targinfo
;
struct
nf_loginfo
li
;
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_pkttype.c
浏览文件 @
cba7a98a
...
...
@@ -13,7 +13,7 @@
#include <linux/netfilter_bridge/ebt_pkttype.h>
static
bool
ebt_pkttype_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
ebt_pkttype_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
ebt_pkttype_info
*
info
=
par
->
matchinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_redirect.c
浏览文件 @
cba7a98a
...
...
@@ -16,7 +16,7 @@
#include <linux/netfilter_bridge/ebt_redirect.h>
static
unsigned
int
ebt_redirect_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
ebt_redirect_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
ebt_redirect_info
*
info
=
par
->
targinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_snat.c
浏览文件 @
cba7a98a
...
...
@@ -17,7 +17,7 @@
#include <linux/netfilter_bridge/ebt_nat.h>
static
unsigned
int
ebt_snat_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
ebt_snat_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
ebt_nat_info
*
info
=
par
->
targinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_stp.c
浏览文件 @
cba7a98a
...
...
@@ -120,7 +120,7 @@ static bool ebt_filter_config(const struct ebt_stp_info *info,
}
static
bool
ebt_stp_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
ebt_stp_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
ebt_stp_info
*
info
=
par
->
matchinfo
;
const
struct
stp_header
*
sp
;
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_ulog.c
浏览文件 @
cba7a98a
...
...
@@ -243,7 +243,7 @@ static void ebt_log_packet(u_int8_t pf, unsigned int hooknum,
}
static
unsigned
int
ebt_ulog_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
ebt_ulog_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
ebt_ulog_packet
(
par
->
hooknum
,
skb
,
par
->
in
,
par
->
out
,
par
->
targinfo
,
NULL
);
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebt_vlan.c
浏览文件 @
cba7a98a
...
...
@@ -36,7 +36,7 @@ MODULE_LICENSE("GPL");
#define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; }
static
bool
ebt_vlan_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
ebt_vlan_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
ebt_vlan_info
*
info
=
par
->
matchinfo
;
const
struct
vlan_hdr
*
fp
;
...
...
This diff is collapsed.
Click to expand it.
net/bridge/netfilter/ebtables.c
浏览文件 @
cba7a98a
...
...
@@ -86,7 +86,7 @@ static struct xt_target ebt_standard_target = {
static
inline
int
ebt_do_watcher
(
const
struct
ebt_entry_watcher
*
w
,
struct
sk_buff
*
skb
,
struct
xt_
target
_param
*
par
)
struct
xt_
action
_param
*
par
)
{
par
->
target
=
w
->
u
.
watcher
;
par
->
targinfo
=
w
->
data
;
...
...
@@ -95,8 +95,9 @@ ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
return
0
;
}
static
inline
int
ebt_do_match
(
struct
ebt_entry_match
*
m
,
const
struct
sk_buff
*
skb
,
struct
xt_match_param
*
par
)
static
inline
int
ebt_do_match
(
struct
ebt_entry_match
*
m
,
const
struct
sk_buff
*
skb
,
struct
xt_action_param
*
par
)
{
par
->
match
=
m
->
u
.
match
;
par
->
matchinfo
=
m
->
data
;
...
...
@@ -185,15 +186,13 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
struct
ebt_entries
*
chaininfo
;
const
char
*
base
;
const
struct
ebt_table_info
*
private
;
bool
hotdrop
=
false
;
struct
xt_match_param
mtpar
;
struct
xt_target_param
tgpar
;
struct
xt_action_param
acpar
;
mtpar
.
family
=
tgpar
.
family
=
NFPROTO_BRIDGE
;
mtpar
.
in
=
tgpar
.
in
=
in
;
mtpar
.
out
=
tgpar
.
out
=
out
;
mtpar
.
hotdrop
=
&
hotdrop
;
mtpar
.
hooknum
=
tg
par
.
hooknum
=
hook
;
acpar
.
family
=
NFPROTO_BRIDGE
;
acpar
.
in
=
in
;
acpar
.
out
=
out
;
acpar
.
hotdrop
=
false
;
ac
par
.
hooknum
=
hook
;
read_lock_bh
(
&
table
->
lock
);
private
=
table
->
private
;
...
...
@@ -214,9 +213,9 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
if
(
ebt_basic_match
(
point
,
eth_hdr
(
skb
),
in
,
out
))
goto
letscontinue
;
if
(
EBT_MATCH_ITERATE
(
point
,
ebt_do_match
,
skb
,
&
mt
par
)
!=
0
)
if
(
EBT_MATCH_ITERATE
(
point
,
ebt_do_match
,
skb
,
&
ac
par
)
!=
0
)
goto
letscontinue
;
if
(
hotdrop
)
{
if
(
acpar
.
hotdrop
)
{
read_unlock_bh
(
&
table
->
lock
);
return
NF_DROP
;
}
...
...
@@ -227,7 +226,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
/* these should only watch: not modify, nor tell us
what to do with the packet */
EBT_WATCHER_ITERATE
(
point
,
ebt_do_watcher
,
skb
,
&
tg
par
);
EBT_WATCHER_ITERATE
(
point
,
ebt_do_watcher
,
skb
,
&
ac
par
);
t
=
(
struct
ebt_entry_target
*
)
(((
char
*
)
point
)
+
point
->
target_offset
);
...
...
@@ -235,9 +234,9 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
if
(
!
t
->
u
.
target
->
target
)
verdict
=
((
struct
ebt_standard_target
*
)
t
)
->
verdict
;
else
{
tg
par
.
target
=
t
->
u
.
target
;
tg
par
.
targinfo
=
t
->
data
;
verdict
=
t
->
u
.
target
->
target
(
skb
,
&
tg
par
);
ac
par
.
target
=
t
->
u
.
target
;
ac
par
.
targinfo
=
t
->
data
;
verdict
=
t
->
u
.
target
->
target
(
skb
,
&
ac
par
);
}
if
(
verdict
==
EBT_ACCEPT
)
{
read_unlock_bh
(
&
table
->
lock
);
...
...
This diff is collapsed.
Click to expand it.
net/ipv4/netfilter/arp_tables.c
浏览文件 @
cba7a98a
...
...
@@ -224,7 +224,7 @@ static inline int arp_checkentry(const struct arpt_arp *arp)
}
static
unsigned
int
arpt_error
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
arpt_error
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
if
(
net_ratelimit
())
printk
(
"arp_tables: error: '%s'
\n
"
,
...
...
@@ -260,12 +260,11 @@ unsigned int arpt_do_table(struct sk_buff *skb,
static
const
char
nulldevname
[
IFNAMSIZ
]
__attribute__
((
aligned
(
sizeof
(
long
))));
unsigned
int
verdict
=
NF_DROP
;
const
struct
arphdr
*
arp
;
bool
hotdrop
=
false
;
struct
arpt_entry
*
e
,
*
back
;
const
char
*
indev
,
*
outdev
;
void
*
table_base
;
const
struct
xt_table_info
*
private
;
struct
xt_
target_param
tg
par
;
struct
xt_
action_param
ac
par
;
if
(
!
pskb_may_pull
(
skb
,
arp_hdr_len
(
skb
->
dev
)))
return
NF_DROP
;
...
...
@@ -280,10 +279,11 @@ unsigned int arpt_do_table(struct sk_buff *skb,
e
=
get_entry
(
table_base
,
private
->
hook_entry
[
hook
]);
back
=
get_entry
(
table_base
,
private
->
underflow
[
hook
]);
tgpar
.
in
=
in
;
tgpar
.
out
=
out
;
tgpar
.
hooknum
=
hook
;
tgpar
.
family
=
NFPROTO_ARP
;
acpar
.
in
=
in
;
acpar
.
out
=
out
;
acpar
.
hooknum
=
hook
;
acpar
.
family
=
NFPROTO_ARP
;
acpar
.
hotdrop
=
false
;
arp
=
arp_hdr
(
skb
);
do
{
...
...
@@ -333,9 +333,9 @@ unsigned int arpt_do_table(struct sk_buff *skb,
/* Targets which reenter must return
* abs. verdicts
*/
tg
par
.
target
=
t
->
u
.
kernel
.
target
;
tg
par
.
targinfo
=
t
->
data
;
verdict
=
t
->
u
.
kernel
.
target
->
target
(
skb
,
&
tg
par
);
ac
par
.
target
=
t
->
u
.
kernel
.
target
;
ac
par
.
targinfo
=
t
->
data
;
verdict
=
t
->
u
.
kernel
.
target
->
target
(
skb
,
&
ac
par
);
/* Target might have changed stuff. */
arp
=
arp_hdr
(
skb
);
...
...
@@ -345,10 +345,10 @@ unsigned int arpt_do_table(struct sk_buff *skb,
else
/* Verdict */
break
;
}
while
(
!
hotdrop
);
}
while
(
!
acpar
.
hotdrop
);
xt_info_rdunlock_bh
();
if
(
hotdrop
)
if
(
acpar
.
hotdrop
)
return
NF_DROP
;
else
return
verdict
;
...
...
@@ -1828,22 +1828,23 @@ void arpt_unregister_table(struct xt_table *table)
}
/* The built-in targets: standard (NULL) and error. */
static
struct
xt_target
arpt_standard_target
__read_mostly
=
{
.
name
=
ARPT_STANDARD_TARGET
,
.
targetsize
=
sizeof
(
int
),
.
family
=
NFPROTO_ARP
,
static
struct
xt_target
arpt_builtin_tg
[]
__read_mostly
=
{
{
.
name
=
ARPT_STANDARD_TARGET
,
.
targetsize
=
sizeof
(
int
),
.
family
=
NFPROTO_ARP
,
#ifdef CONFIG_COMPAT
.
compatsize
=
sizeof
(
compat_int_t
),
.
compat_from_user
=
compat_standard_from_user
,
.
compat_to_user
=
compat_standard_to_user
,
.
compatsize
=
sizeof
(
compat_int_t
),
.
compat_from_user
=
compat_standard_from_user
,
.
compat_to_user
=
compat_standard_to_user
,
#endif
};
static
struct
xt_target
arpt_error_target
__read_mostly
=
{
.
name
=
ARPT_ERROR_TARGET
,
.
target
=
arpt_error
,
.
targetsize
=
ARPT_FUNCTION_MAXNAMELEN
,
.
family
=
NFPROTO_ARP
,
},
{
.
name
=
ARPT_ERROR_TARGET
,
.
target
=
arpt_error
,
.
targetsize
=
ARPT_FUNCTION_MAXNAMELEN
,
.
family
=
NFPROTO_ARP
,
}
,
};
static
struct
nf_sockopt_ops
arpt_sockopts
=
{
...
...
@@ -1887,12 +1888,9 @@ static int __init arp_tables_init(void)
goto
err1
;
/* Noone else will be downing sem now, so we won't sleep */
ret
=
xt_register_target
(
&
arpt_standard_target
);
ret
=
xt_register_target
s
(
arpt_builtin_tg
,
ARRAY_SIZE
(
arpt_builtin_tg
)
);
if
(
ret
<
0
)
goto
err2
;
ret
=
xt_register_target
(
&
arpt_error_target
);
if
(
ret
<
0
)
goto
err3
;
/* Register setsockopt */
ret
=
nf_register_sockopt
(
&
arpt_sockopts
);
...
...
@@ -1903,9 +1901,7 @@ static int __init arp_tables_init(void)
return
0
;
err4:
xt_unregister_target
(
&
arpt_error_target
);
err3:
xt_unregister_target
(
&
arpt_standard_target
);
xt_unregister_targets
(
arpt_builtin_tg
,
ARRAY_SIZE
(
arpt_builtin_tg
));
err2:
unregister_pernet_subsys
(
&
arp_tables_net_ops
);
err1:
...
...
@@ -1915,8 +1911,7 @@ static int __init arp_tables_init(void)
static
void
__exit
arp_tables_fini
(
void
)
{
nf_unregister_sockopt
(
&
arpt_sockopts
);
xt_unregister_target
(
&
arpt_error_target
);
xt_unregister_target
(
&
arpt_standard_target
);
xt_unregister_targets
(
arpt_builtin_tg
,
ARRAY_SIZE
(
arpt_builtin_tg
));
unregister_pernet_subsys
(
&
arp_tables_net_ops
);
}
...
...
This diff is collapsed.
Click to expand it.
net/ipv4/netfilter/arpt_mangle.c
浏览文件 @
cba7a98a
...
...
@@ -9,7 +9,7 @@ MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>");
MODULE_DESCRIPTION
(
"arptables arp payload mangle target"
);
static
unsigned
int
target
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
target
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
arpt_mangle
*
mangle
=
par
->
targinfo
;
const
struct
arphdr
*
arp
;
...
...
This diff is collapsed.
Click to expand it.
net/ipv4/netfilter/ip_tables.c
浏览文件 @
cba7a98a
...
...
@@ -165,7 +165,7 @@ ip_checkentry(const struct ipt_ip *ip)
}
static
unsigned
int
ipt_error
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
ipt_error
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
if
(
net_ratelimit
())
pr_info
(
"error: `%s'
\n
"
,
(
const
char
*
)
par
->
targinfo
);
...
...
@@ -173,21 +173,6 @@ ipt_error(struct sk_buff *skb, const struct xt_target_param *par)
return
NF_DROP
;
}
/* Performance critical - called for every packet */
static
inline
bool
do_match
(
const
struct
ipt_entry_match
*
m
,
const
struct
sk_buff
*
skb
,
struct
xt_match_param
*
par
)
{
par
->
match
=
m
->
u
.
kernel
.
match
;
par
->
matchinfo
=
m
->
data
;
/* Stop iteration if it doesn't match */
if
(
!
m
->
u
.
kernel
.
match
->
match
(
skb
,
par
))
return
true
;
else
return
false
;
}
/* Performance critical */
static
inline
struct
ipt_entry
*
get_entry
(
const
void
*
base
,
unsigned
int
offset
)
...
...
@@ -323,7 +308,6 @@ ipt_do_table(struct sk_buff *skb,
{
static
const
char
nulldevname
[
IFNAMSIZ
]
__attribute__
((
aligned
(
sizeof
(
long
))));
const
struct
iphdr
*
ip
;
bool
hotdrop
=
false
;
/* Initializing verdict to NF_DROP keeps gcc happy. */
unsigned
int
verdict
=
NF_DROP
;
const
char
*
indev
,
*
outdev
;
...
...
@@ -331,8 +315,7 @@ ipt_do_table(struct sk_buff *skb,
struct
ipt_entry
*
e
,
**
jumpstack
;
unsigned
int
*
stackptr
,
origptr
,
cpu
;
const
struct
xt_table_info
*
private
;
struct
xt_match_param
mtpar
;
struct
xt_target_param
tgpar
;
struct
xt_action_param
acpar
;
/* Initialization */
ip
=
ip_hdr
(
skb
);
...
...
@@ -344,13 +327,13 @@ ipt_do_table(struct sk_buff *skb,
* things we don't know, ie. tcp syn flag or ports). If the
* rule is also a fragment-specific rule, non-fragments won't
* match it. */
mt
par
.
fragoff
=
ntohs
(
ip
->
frag_off
)
&
IP_OFFSET
;
mt
par
.
thoff
=
ip_hdrlen
(
skb
);
mtpar
.
hotdrop
=
&
hotdrop
;
mtpar
.
in
=
tgpar
.
in
=
in
;
mtpar
.
out
=
tgpar
.
out
=
out
;
mtpar
.
family
=
tgpar
.
family
=
NFPROTO_IPV4
;
mtpar
.
hooknum
=
tg
par
.
hooknum
=
hook
;
ac
par
.
fragoff
=
ntohs
(
ip
->
frag_off
)
&
IP_OFFSET
;
ac
par
.
thoff
=
ip_hdrlen
(
skb
);
acpar
.
hotdrop
=
false
;
acpar
.
in
=
in
;
acpar
.
out
=
out
;
acpar
.
family
=
NFPROTO_IPV4
;
ac
par
.
hooknum
=
hook
;
IP_NF_ASSERT
(
table
->
valid_hooks
&
(
1
<<
hook
));
xt_info_rdlock_bh
();
...
...
@@ -373,15 +356,18 @@ ipt_do_table(struct sk_buff *skb,
IP_NF_ASSERT
(
e
);
if
(
!
ip_packet_match
(
ip
,
indev
,
outdev
,
&
e
->
ip
,
mt
par
.
fragoff
))
{
&
e
->
ip
,
ac
par
.
fragoff
))
{
no_match:
e
=
ipt_next_entry
(
e
);
continue
;
}
xt_ematch_foreach
(
ematch
,
e
)
if
(
do_match
(
ematch
,
skb
,
&
mtpar
)
!=
0
)
xt_ematch_foreach
(
ematch
,
e
)
{
acpar
.
match
=
ematch
->
u
.
kernel
.
match
;
acpar
.
matchinfo
=
ematch
->
data
;
if
(
!
acpar
.
match
->
match
(
skb
,
&
acpar
))
goto
no_match
;
}
ADD_COUNTER
(
e
->
counters
,
ntohs
(
ip
->
tot_len
),
1
);
...
...
@@ -434,11 +420,10 @@ ipt_do_table(struct sk_buff *skb,
continue
;
}
tgpar
.
target
=
t
->
u
.
kernel
.
target
;
tgpar
.
targinfo
=
t
->
data
;
acpar
.
target
=
t
->
u
.
kernel
.
target
;
acpar
.
targinfo
=
t
->
data
;
verdict
=
t
->
u
.
kernel
.
target
->
target
(
skb
,
&
tg
par
);
verdict
=
t
->
u
.
kernel
.
target
->
target
(
skb
,
&
ac
par
);
/* Target might have changed stuff. */
ip
=
ip_hdr
(
skb
);
if
(
verdict
==
IPT_CONTINUE
)
...
...
@@ -446,7 +431,7 @@ ipt_do_table(struct sk_buff *skb,
else
/* Verdict */
break
;
}
while
(
!
hotdrop
);
}
while
(
!
acpar
.
hotdrop
);
xt_info_rdunlock_bh
();
pr_debug
(
"Exiting %s; resetting sp from %u to %u
\n
"
,
__func__
,
*
stackptr
,
origptr
);
...
...
@@ -454,7 +439,7 @@ ipt_do_table(struct sk_buff *skb,
#ifdef DEBUG_ALLOW_ALL
return
NF_ACCEPT
;
#else
if
(
hotdrop
)
if
(
acpar
.
hotdrop
)
return
NF_DROP
;
else
return
verdict
;
#endif
...
...
@@ -591,7 +576,7 @@ check_entry(const struct ipt_entry *e, const char *name)
const
struct
ipt_entry_target
*
t
;
if
(
!
ip_checkentry
(
&
e
->
ip
))
{
duprintf
(
"ip check failed %p %s.
\n
"
,
e
,
name
);
duprintf
(
"ip check failed %p %s.
\n
"
,
e
,
par
->
match
->
name
);
return
-
EINVAL
;
}
...
...
@@ -618,7 +603,7 @@ check_match(struct ipt_entry_match *m, struct xt_mtchk_param *par)
ret
=
xt_check_match
(
par
,
m
->
u
.
match_size
-
sizeof
(
*
m
),
ip
->
proto
,
ip
->
invflags
&
IPT_INV_PROTO
);
if
(
ret
<
0
)
{
duprintf
(
"check failed for `%s'.
\n
"
,
par
.
match
->
name
);
duprintf
(
"check failed for `%s'.
\n
"
,
par
->
match
->
name
);
return
ret
;
}
return
0
;
...
...
@@ -2152,7 +2137,7 @@ icmp_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code,
}
static
bool
icmp_match
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
icmp_match
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
icmphdr
*
ic
;
struct
icmphdr
_icmph
;
...
...
@@ -2168,7 +2153,7 @@ icmp_match(const struct sk_buff *skb, const struct xt_match_param *par)
* can't. Hence, no choice but to drop.
*/
duprintf
(
"Dropping evil ICMP tinygram.
\n
"
);
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
...
...
@@ -2187,23 +2172,23 @@ static int icmp_checkentry(const struct xt_mtchk_param *par)
return
(
icmpinfo
->
invflags
&
~
IPT_ICMP_INV
)
?
-
EINVAL
:
0
;
}
/* The built-in targets: standard (NULL) and error. */
static
struct
xt_target
ipt_standard_target
__read_mostly
=
{
.
name
=
IPT_STANDARD_TARGET
,
.
targetsize
=
sizeof
(
int
),
.
family
=
NFPROTO_IPV4
,
static
struct
xt_target
ipt_builtin_tg
[]
__read_mostly
=
{
{
.
name
=
IPT_STANDARD_TARGET
,
.
targetsize
=
sizeof
(
int
),
.
family
=
NFPROTO_IPV4
,
#ifdef CONFIG_COMPAT
.
compatsize
=
sizeof
(
compat_int_t
),
.
compat_from_user
=
compat_standard_from_user
,
.
compat_to_user
=
compat_standard_to_user
,
.
compatsize
=
sizeof
(
compat_int_t
),
.
compat_from_user
=
compat_standard_from_user
,
.
compat_to_user
=
compat_standard_to_user
,
#endif
};
static
struct
xt_target
ipt_error_target
__read_mostly
=
{
.
name
=
IPT_ERROR_TARGET
,
.
target
=
ipt_error
,
.
targetsize
=
IPT_FUNCTION_MAXNAMELEN
,
.
family
=
NFPROTO_IPV4
,
},
{
.
name
=
IPT_ERROR_TARGET
,
.
target
=
ipt_error
,
.
targetsize
=
IPT_FUNCTION_MAXNAMELEN
,
.
family
=
NFPROTO_IPV4
,
}
,
};
static
struct
nf_sockopt_ops
ipt_sockopts
=
{
...
...
@@ -2223,13 +2208,15 @@ static struct nf_sockopt_ops ipt_sockopts = {
.
owner
=
THIS_MODULE
,
};
static
struct
xt_match
icmp_matchstruct
__read_mostly
=
{
.
name
=
"icmp"
,
.
match
=
icmp_match
,
.
matchsize
=
sizeof
(
struct
ipt_icmp
),
.
checkentry
=
icmp_checkentry
,
.
proto
=
IPPROTO_ICMP
,
.
family
=
NFPROTO_IPV4
,
static
struct
xt_match
ipt_builtin_mt
[]
__read_mostly
=
{
{
.
name
=
"icmp"
,
.
match
=
icmp_match
,
.
matchsize
=
sizeof
(
struct
ipt_icmp
),
.
checkentry
=
icmp_checkentry
,
.
proto
=
IPPROTO_ICMP
,
.
family
=
NFPROTO_IPV4
,
},
};
static
int
__net_init
ip_tables_net_init
(
struct
net
*
net
)
...
...
@@ -2256,13 +2243,10 @@ static int __init ip_tables_init(void)
goto
err1
;
/* Noone else will be downing sem now, so we won't sleep */
ret
=
xt_register_target
(
&
ipt_standard_target
);
ret
=
xt_register_target
s
(
ipt_builtin_tg
,
ARRAY_SIZE
(
ipt_builtin_tg
)
);
if
(
ret
<
0
)
goto
err2
;
ret
=
xt_register_target
(
&
ipt_error_target
);
if
(
ret
<
0
)
goto
err3
;
ret
=
xt_register_match
(
&
icmp_matchstruct
);
ret
=
xt_register_matches
(
ipt_builtin_mt
,
ARRAY_SIZE
(
ipt_builtin_mt
));
if
(
ret
<
0
)
goto
err4
;
...
...
@@ -2275,11 +2259,9 @@ static int __init ip_tables_init(void)
return
0
;
err5:
xt_unregister_match
(
&
icmp_matchstruct
);
xt_unregister_match
es
(
ipt_builtin_mt
,
ARRAY_SIZE
(
ipt_builtin_mt
)
);
err4:
xt_unregister_target
(
&
ipt_error_target
);
err3:
xt_unregister_target
(
&
ipt_standard_target
);
xt_unregister_targets
(
ipt_builtin_tg
,
ARRAY_SIZE
(
ipt_builtin_tg
));
err2:
unregister_pernet_subsys
(
&
ip_tables_net_ops
);
err1:
...
...
@@ -2290,10 +2272,8 @@ static void __exit ip_tables_fini(void)
{
nf_unregister_sockopt
(
&
ipt_sockopts
);
xt_unregister_match
(
&
icmp_matchstruct
);
xt_unregister_target
(
&
ipt_error_target
);
xt_unregister_target
(
&
ipt_standard_target
);
xt_unregister_matches
(
ipt_builtin_mt
,
ARRAY_SIZE
(
ipt_builtin_mt
));
xt_unregister_targets
(
ipt_builtin_tg
,
ARRAY_SIZE
(
ipt_builtin_tg
));
unregister_pernet_subsys
(
&
ip_tables_net_ops
);
}
...
...
This diff is collapsed.
Click to expand it.
net/ipv4/netfilter/ipt_CLUSTERIP.c
浏览文件 @
cba7a98a
...
...
@@ -282,7 +282,7 @@ clusterip_responsible(const struct clusterip_config *config, u_int32_t hash)
***********************************************************************/
static
unsigned
int
clusterip_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
clusterip_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
ipt_clusterip_tgt_info
*
cipinfo
=
par
->
targinfo
;
struct
nf_conn
*
ct
;
...
...
This diff is collapsed.
Click to expand it.
net/ipv4/netfilter/ipt_ECN.c
浏览文件 @
cba7a98a
...
...
@@ -77,7 +77,7 @@ set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
}
static
unsigned
int
ecn_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
ecn_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
ipt_ECN_info
*
einfo
=
par
->
targinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/ipv4/netfilter/ipt_LOG.c
浏览文件 @
cba7a98a
...
...
@@ -425,7 +425,7 @@ ipt_log_packet(u_int8_t pf,
}
static
unsigned
int
log_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
log_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
ipt_log_info
*
loginfo
=
par
->
targinfo
;
struct
nf_loginfo
li
;
...
...
This diff is collapsed.
Click to expand it.
net/ipv4/netfilter/ipt_MASQUERADE.c
浏览文件 @
cba7a98a
...
...
@@ -44,7 +44,7 @@ static int masquerade_tg_check(const struct xt_tgchk_param *par)
}
static
unsigned
int
masquerade_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
masquerade_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
struct
nf_conn
*
ct
;
struct
nf_conn_nat
*
nat
;
...
...
This diff is collapsed.
Click to expand it.
net/ipv4/netfilter/ipt_NETMAP.c
浏览文件 @
cba7a98a
...
...
@@ -38,7 +38,7 @@ static int netmap_tg_check(const struct xt_tgchk_param *par)
}
static
unsigned
int
netmap_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
netmap_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
struct
nf_conn
*
ct
;
enum
ip_conntrack_info
ctinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/ipv4/netfilter/ipt_REDIRECT.c
浏览文件 @
cba7a98a
...
...
@@ -42,7 +42,7 @@ static int redirect_tg_check(const struct xt_tgchk_param *par)
}
static
unsigned
int
redirect_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
redirect_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
struct
nf_conn
*
ct
;
enum
ip_conntrack_info
ctinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/ipv4/netfilter/ipt_REJECT.c
浏览文件 @
cba7a98a
...
...
@@ -136,7 +136,7 @@ static inline void send_unreach(struct sk_buff *skb_in, int code)
}
static
unsigned
int
reject_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
reject_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
ipt_reject_info
*
reject
=
par
->
targinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/ipv4/netfilter/ipt_ULOG.c
浏览文件 @
cba7a98a
...
...
@@ -276,7 +276,7 @@ static void ipt_ulog_packet(unsigned int hooknum,
}
static
unsigned
int
ulog_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
ulog_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
ipt_ulog_packet
(
par
->
hooknum
,
skb
,
par
->
in
,
par
->
out
,
par
->
targinfo
,
NULL
);
...
...
This diff is collapsed.
Click to expand it.
net/ipv4/netfilter/ipt_addrtype.c
浏览文件 @
cba7a98a
...
...
@@ -30,7 +30,7 @@ static inline bool match_type(struct net *net, const struct net_device *dev,
}
static
bool
addrtype_mt_v0
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
addrtype_mt_v0
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
struct
net
*
net
=
dev_net
(
par
->
in
?
par
->
in
:
par
->
out
);
const
struct
ipt_addrtype_info
*
info
=
par
->
matchinfo
;
...
...
@@ -48,7 +48,7 @@ addrtype_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par)
}
static
bool
addrtype_mt_v1
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
addrtype_mt_v1
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
struct
net
*
net
=
dev_net
(
par
->
in
?
par
->
in
:
par
->
out
);
const
struct
ipt_addrtype_info_v1
*
info
=
par
->
matchinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/ipv4/netfilter/ipt_ah.c
浏览文件 @
cba7a98a
...
...
@@ -30,7 +30,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
return
r
;
}
static
bool
ah_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
static
bool
ah_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
struct
ip_auth_hdr
_ahdr
;
const
struct
ip_auth_hdr
*
ah
;
...
...
@@ -46,7 +46,7 @@ static bool ah_mt(const struct sk_buff *skb, const struct xt_match_param *par)
* can't. Hence, no choice but to drop.
*/
pr_debug
(
"Dropping evil AH tinygram.
\n
"
);
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
0
;
}
...
...
This diff is collapsed.
Click to expand it.
net/ipv4/netfilter/ipt_ecn.c
浏览文件 @
cba7a98a
...
...
@@ -67,7 +67,7 @@ static inline bool match_tcp(const struct sk_buff *skb,
return
true
;
}
static
bool
ecn_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
static
bool
ecn_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
ipt_ecn_info
*
info
=
par
->
matchinfo
;
...
...
@@ -78,7 +78,7 @@ static bool ecn_mt(const struct sk_buff *skb, const struct xt_match_param *par)
if
(
info
->
operation
&
(
IPT_ECN_OP_MATCH_ECE
|
IPT_ECN_OP_MATCH_CWR
))
{
if
(
ip_hdr
(
skb
)
->
protocol
!=
IPPROTO_TCP
)
return
false
;
if
(
!
match_tcp
(
skb
,
info
,
par
->
hotdrop
))
if
(
!
match_tcp
(
skb
,
info
,
&
par
->
hotdrop
))
return
false
;
}
...
...
This diff is collapsed.
Click to expand it.
net/ipv4/netfilter/nf_nat_rule.c
浏览文件 @
cba7a98a
...
...
@@ -39,7 +39,7 @@ static const struct xt_table nat_table = {
/* Source NAT */
static
unsigned
int
ipt_snat_target
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
ipt_snat_target
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
struct
nf_conn
*
ct
;
enum
ip_conntrack_info
ctinfo
;
...
...
@@ -58,7 +58,7 @@ ipt_snat_target(struct sk_buff *skb, const struct xt_target_param *par)
}
static
unsigned
int
ipt_dnat_target
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
ipt_dnat_target
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
struct
nf_conn
*
ct
;
enum
ip_conntrack_info
ctinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/ipv6/netfilter/ip6_tables.c
浏览文件 @
cba7a98a
...
...
@@ -197,7 +197,7 @@ ip6_checkentry(const struct ip6t_ip6 *ipv6)
}
static
unsigned
int
ip6t_error
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
ip6t_error
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
if
(
net_ratelimit
())
pr_info
(
"error: `%s'
\n
"
,
(
const
char
*
)
par
->
targinfo
);
...
...
@@ -205,21 +205,6 @@ ip6t_error(struct sk_buff *skb, const struct xt_target_param *par)
return
NF_DROP
;
}
/* Performance critical - called for every packet */
static
inline
bool
do_match
(
const
struct
ip6t_entry_match
*
m
,
const
struct
sk_buff
*
skb
,
struct
xt_match_param
*
par
)
{
par
->
match
=
m
->
u
.
kernel
.
match
;
par
->
matchinfo
=
m
->
data
;
/* Stop iteration if it doesn't match */
if
(
!
m
->
u
.
kernel
.
match
->
match
(
skb
,
par
))
return
true
;
else
return
false
;
}
static
inline
struct
ip6t_entry
*
get_entry
(
const
void
*
base
,
unsigned
int
offset
)
{
...
...
@@ -352,7 +337,6 @@ ip6t_do_table(struct sk_buff *skb,
struct
xt_table
*
table
)
{
static
const
char
nulldevname
[
IFNAMSIZ
]
__attribute__
((
aligned
(
sizeof
(
long
))));
bool
hotdrop
=
false
;
/* Initializing verdict to NF_DROP keeps gcc happy. */
unsigned
int
verdict
=
NF_DROP
;
const
char
*
indev
,
*
outdev
;
...
...
@@ -360,8 +344,7 @@ ip6t_do_table(struct sk_buff *skb,
struct
ip6t_entry
*
e
,
**
jumpstack
;
unsigned
int
*
stackptr
,
origptr
,
cpu
;
const
struct
xt_table_info
*
private
;
struct
xt_match_param
mtpar
;
struct
xt_target_param
tgpar
;
struct
xt_action_param
acpar
;
/* Initialization */
indev
=
in
?
in
->
name
:
nulldevname
;
...
...
@@ -372,11 +355,11 @@ ip6t_do_table(struct sk_buff *skb,
* things we don't know, ie. tcp syn flag or ports). If the
* rule is also a fragment-specific rule, non-fragments won't
* match it. */
mtpar
.
hotdrop
=
&
hotdrop
;
mtpar
.
in
=
tgpar
.
in
=
in
;
mtpar
.
out
=
tgpar
.
out
=
out
;
mtpar
.
family
=
tgpar
.
family
=
NFPROTO_IPV6
;
mtpar
.
hooknum
=
tg
par
.
hooknum
=
hook
;
acpar
.
hotdrop
=
false
;
acpar
.
in
=
in
;
acpar
.
out
=
out
;
acpar
.
family
=
NFPROTO_IPV6
;
ac
par
.
hooknum
=
hook
;
IP_NF_ASSERT
(
table
->
valid_hooks
&
(
1
<<
hook
));
...
...
@@ -396,15 +379,18 @@ ip6t_do_table(struct sk_buff *skb,
IP_NF_ASSERT
(
e
);
if
(
!
ip6_packet_match
(
skb
,
indev
,
outdev
,
&
e
->
ipv6
,
&
mtpar
.
thoff
,
&
mtpar
.
fragoff
,
&
hotdrop
))
{
&
acpar
.
thoff
,
&
acpar
.
fragoff
,
&
acpar
.
hotdrop
))
{
no_match:
e
=
ip6t_next_entry
(
e
);
continue
;
}
xt_ematch_foreach
(
ematch
,
e
)
if
(
do_match
(
ematch
,
skb
,
&
mtpar
)
!=
0
)
xt_ematch_foreach
(
ematch
,
e
)
{
acpar
.
match
=
ematch
->
u
.
kernel
.
match
;
acpar
.
matchinfo
=
ematch
->
data
;
if
(
!
acpar
.
match
->
match
(
skb
,
&
acpar
))
goto
no_match
;
}
ADD_COUNTER
(
e
->
counters
,
ntohs
(
ipv6_hdr
(
skb
)
->
payload_len
)
+
...
...
@@ -451,16 +437,16 @@ ip6t_do_table(struct sk_buff *skb,
continue
;
}
tg
par
.
target
=
t
->
u
.
kernel
.
target
;
tg
par
.
targinfo
=
t
->
data
;
ac
par
.
target
=
t
->
u
.
kernel
.
target
;
ac
par
.
targinfo
=
t
->
data
;
verdict
=
t
->
u
.
kernel
.
target
->
target
(
skb
,
&
tg
par
);
verdict
=
t
->
u
.
kernel
.
target
->
target
(
skb
,
&
ac
par
);
if
(
verdict
==
IP6T_CONTINUE
)
e
=
ip6t_next_entry
(
e
);
else
/* Verdict */
break
;
}
while
(
!
hotdrop
);
}
while
(
!
acpar
.
hotdrop
);
xt_info_rdunlock_bh
();
*
stackptr
=
origptr
;
...
...
@@ -468,7 +454,7 @@ ip6t_do_table(struct sk_buff *skb,
#ifdef DEBUG_ALLOW_ALL
return
NF_ACCEPT
;
#else
if
(
hotdrop
)
if
(
acpar
.
hotdrop
)
return
NF_DROP
;
else
return
verdict
;
#endif
...
...
@@ -2167,7 +2153,7 @@ icmp6_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code,
}
static
bool
icmp6_match
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
icmp6_match
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
icmp6hdr
*
ic
;
struct
icmp6hdr
_icmph
;
...
...
@@ -2183,7 +2169,7 @@ icmp6_match(const struct sk_buff *skb, const struct xt_match_param *par)
* can't. Hence, no choice but to drop.
*/
duprintf
(
"Dropping evil ICMP tinygram.
\n
"
);
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
...
...
@@ -2204,22 +2190,23 @@ static int icmp6_checkentry(const struct xt_mtchk_param *par)
}
/* The built-in targets: standard (NULL) and error. */
static
struct
xt_target
ip6t_standard_target
__read_mostly
=
{
.
name
=
IP6T_STANDARD_TARGET
,
.
targetsize
=
sizeof
(
int
),
.
family
=
NFPROTO_IPV6
,
static
struct
xt_target
ip6t_builtin_tg
[]
__read_mostly
=
{
{
.
name
=
IP6T_STANDARD_TARGET
,
.
targetsize
=
sizeof
(
int
),
.
family
=
NFPROTO_IPV6
,
#ifdef CONFIG_COMPAT
.
compatsize
=
sizeof
(
compat_int_t
),
.
compat_from_user
=
compat_standard_from_user
,
.
compat_to_user
=
compat_standard_to_user
,
.
compatsize
=
sizeof
(
compat_int_t
),
.
compat_from_user
=
compat_standard_from_user
,
.
compat_to_user
=
compat_standard_to_user
,
#endif
};
static
struct
xt_target
ip6t_error_target
__read_mostly
=
{
.
name
=
IP6T_ERROR_TARGET
,
.
target
=
ip6t_error
,
.
targetsize
=
IP6T_FUNCTION_MAXNAMELEN
,
.
family
=
NFPROTO_IPV6
,
},
{
.
name
=
IP6T_ERROR_TARGET
,
.
target
=
ip6t_error
,
.
targetsize
=
IP6T_FUNCTION_MAXNAMELEN
,
.
family
=
NFPROTO_IPV6
,
}
,
};
static
struct
nf_sockopt_ops
ip6t_sockopts
=
{
...
...
@@ -2239,13 +2226,15 @@ static struct nf_sockopt_ops ip6t_sockopts = {
.
owner
=
THIS_MODULE
,
};
static
struct
xt_match
icmp6_matchstruct
__read_mostly
=
{
.
name
=
"icmp6"
,
.
match
=
icmp6_match
,
.
matchsize
=
sizeof
(
struct
ip6t_icmp
),
.
checkentry
=
icmp6_checkentry
,
.
proto
=
IPPROTO_ICMPV6
,
.
family
=
NFPROTO_IPV6
,
static
struct
xt_match
ip6t_builtin_mt
[]
__read_mostly
=
{
{
.
name
=
"icmp6"
,
.
match
=
icmp6_match
,
.
matchsize
=
sizeof
(
struct
ip6t_icmp
),
.
checkentry
=
icmp6_checkentry
,
.
proto
=
IPPROTO_ICMPV6
,
.
family
=
NFPROTO_IPV6
,
},
};
static
int
__net_init
ip6_tables_net_init
(
struct
net
*
net
)
...
...
@@ -2272,13 +2261,10 @@ static int __init ip6_tables_init(void)
goto
err1
;
/* Noone else will be downing sem now, so we won't sleep */
ret
=
xt_register_target
(
&
ip6t_standard_target
);
ret
=
xt_register_target
s
(
ip6t_builtin_tg
,
ARRAY_SIZE
(
ip6t_builtin_tg
)
);
if
(
ret
<
0
)
goto
err2
;
ret
=
xt_register_target
(
&
ip6t_error_target
);
if
(
ret
<
0
)
goto
err3
;
ret
=
xt_register_match
(
&
icmp6_matchstruct
);
ret
=
xt_register_matches
(
ip6t_builtin_mt
,
ARRAY_SIZE
(
ip6t_builtin_mt
));
if
(
ret
<
0
)
goto
err4
;
...
...
@@ -2291,11 +2277,9 @@ static int __init ip6_tables_init(void)
return
0
;
err5:
xt_unregister_match
(
&
icmp6_matchstruct
);
xt_unregister_match
es
(
ip6t_builtin_mt
,
ARRAY_SIZE
(
ip6t_builtin_mt
)
);
err4:
xt_unregister_target
(
&
ip6t_error_target
);
err3:
xt_unregister_target
(
&
ip6t_standard_target
);
xt_unregister_targets
(
ip6t_builtin_tg
,
ARRAY_SIZE
(
ip6t_builtin_tg
));
err2:
unregister_pernet_subsys
(
&
ip6_tables_net_ops
);
err1:
...
...
@@ -2306,10 +2290,8 @@ static void __exit ip6_tables_fini(void)
{
nf_unregister_sockopt
(
&
ip6t_sockopts
);
xt_unregister_match
(
&
icmp6_matchstruct
);
xt_unregister_target
(
&
ip6t_error_target
);
xt_unregister_target
(
&
ip6t_standard_target
);
xt_unregister_matches
(
ip6t_builtin_mt
,
ARRAY_SIZE
(
ip6t_builtin_mt
));
xt_unregister_targets
(
ip6t_builtin_tg
,
ARRAY_SIZE
(
ip6t_builtin_tg
));
unregister_pernet_subsys
(
&
ip6_tables_net_ops
);
}
...
...
This diff is collapsed.
Click to expand it.
net/ipv6/netfilter/ip6t_LOG.c
浏览文件 @
cba7a98a
...
...
@@ -436,7 +436,7 @@ ip6t_log_packet(u_int8_t pf,
}
static
unsigned
int
log_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
log_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
ip6t_log_info
*
loginfo
=
par
->
targinfo
;
struct
nf_loginfo
li
;
...
...
This diff is collapsed.
Click to expand it.
net/ipv6/netfilter/ip6t_REJECT.c
浏览文件 @
cba7a98a
...
...
@@ -175,7 +175,7 @@ send_unreach(struct net *net, struct sk_buff *skb_in, unsigned char code,
}
static
unsigned
int
reject_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
reject_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
ip6t_reject_info
*
reject
=
par
->
targinfo
;
struct
net
*
net
=
dev_net
((
par
->
in
!=
NULL
)
?
par
->
in
:
par
->
out
);
...
...
This diff is collapsed.
Click to expand it.
net/ipv6/netfilter/ip6t_ah.c
浏览文件 @
cba7a98a
...
...
@@ -36,7 +36,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
return
r
;
}
static
bool
ah_mt6
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
static
bool
ah_mt6
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
struct
ip_auth_hdr
_ah
;
const
struct
ip_auth_hdr
*
ah
;
...
...
@@ -48,13 +48,13 @@ static bool ah_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
err
=
ipv6_find_hdr
(
skb
,
&
ptr
,
NEXTHDR_AUTH
,
NULL
);
if
(
err
<
0
)
{
if
(
err
!=
-
ENOENT
)
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
ah
=
skb_header_pointer
(
skb
,
ptr
,
sizeof
(
_ah
),
&
_ah
);
if
(
ah
==
NULL
)
{
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
...
...
This diff is collapsed.
Click to expand it.
net/ipv6/netfilter/ip6t_eui64.c
浏览文件 @
cba7a98a
...
...
@@ -20,14 +20,14 @@ MODULE_LICENSE("GPL");
MODULE_AUTHOR
(
"Andras Kis-Szabo <kisza@sch.bme.hu>"
);
static
bool
eui64_mt6
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
eui64_mt6
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
unsigned
char
eui64
[
8
];
if
(
!
(
skb_mac_header
(
skb
)
>=
skb
->
head
&&
skb_mac_header
(
skb
)
+
ETH_HLEN
<=
skb
->
data
)
&&
par
->
fragoff
!=
0
)
{
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
...
...
This diff is collapsed.
Click to expand it.
net/ipv6/netfilter/ip6t_frag.c
浏览文件 @
cba7a98a
...
...
@@ -35,7 +35,7 @@ id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
}
static
bool
frag_mt6
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
frag_mt6
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
struct
frag_hdr
_frag
;
const
struct
frag_hdr
*
fh
;
...
...
@@ -46,13 +46,13 @@ frag_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
err
=
ipv6_find_hdr
(
skb
,
&
ptr
,
NEXTHDR_FRAGMENT
,
NULL
);
if
(
err
<
0
)
{
if
(
err
!=
-
ENOENT
)
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
fh
=
skb_header_pointer
(
skb
,
ptr
,
sizeof
(
_frag
),
&
_frag
);
if
(
fh
==
NULL
)
{
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
...
...
This diff is collapsed.
Click to expand it.
net/ipv6/netfilter/ip6t_hbh.c
浏览文件 @
cba7a98a
...
...
@@ -44,7 +44,7 @@ MODULE_ALIAS("ip6t_dst");
static
struct
xt_match
hbh_mt6_reg
[]
__read_mostly
;
static
bool
hbh_mt6
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
hbh_mt6
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
struct
ipv6_opt_hdr
_optsh
;
const
struct
ipv6_opt_hdr
*
oh
;
...
...
@@ -65,13 +65,13 @@ hbh_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
NEXTHDR_HOP
:
NEXTHDR_DEST
,
NULL
);
if
(
err
<
0
)
{
if
(
err
!=
-
ENOENT
)
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
oh
=
skb_header_pointer
(
skb
,
ptr
,
sizeof
(
_optsh
),
&
_optsh
);
if
(
oh
==
NULL
)
{
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
...
...
This diff is collapsed.
Click to expand it.
net/ipv6/netfilter/ip6t_ipv6header.c
浏览文件 @
cba7a98a
...
...
@@ -27,7 +27,7 @@ MODULE_DESCRIPTION("Xtables: IPv6 header types match");
MODULE_AUTHOR
(
"Andras Kis-Szabo <kisza@sch.bme.hu>"
);
static
bool
ipv6header_mt6
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
ipv6header_mt6
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
ip6t_ipv6header_info
*
info
=
par
->
matchinfo
;
unsigned
int
temp
;
...
...
This diff is collapsed.
Click to expand it.
net/ipv6/netfilter/ip6t_mh.c
浏览文件 @
cba7a98a
...
...
@@ -32,7 +32,7 @@ type_match(u_int8_t min, u_int8_t max, u_int8_t type, bool invert)
return
(
type
>=
min
&&
type
<=
max
)
^
invert
;
}
static
bool
mh_mt6
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
static
bool
mh_mt6
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
struct
ip6_mh
_mh
;
const
struct
ip6_mh
*
mh
;
...
...
@@ -47,14 +47,14 @@ static bool mh_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
/* We've been asked to examine this packet, and we
can't. Hence, no choice but to drop. */
pr_debug
(
"Dropping evil MH tinygram.
\n
"
);
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
if
(
mh
->
ip6mh_proto
!=
IPPROTO_NONE
)
{
pr_debug
(
"Dropping invalid MH Payload Proto: %u
\n
"
,
mh
->
ip6mh_proto
);
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
...
...
This diff is collapsed.
Click to expand it.
net/ipv6/netfilter/ip6t_rt.c
浏览文件 @
cba7a98a
...
...
@@ -36,7 +36,7 @@ segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
return
r
;
}
static
bool
rt_mt6
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
static
bool
rt_mt6
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
struct
ipv6_rt_hdr
_route
;
const
struct
ipv6_rt_hdr
*
rh
;
...
...
@@ -52,13 +52,13 @@ static bool rt_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
err
=
ipv6_find_hdr
(
skb
,
&
ptr
,
NEXTHDR_ROUTING
,
NULL
);
if
(
err
<
0
)
{
if
(
err
!=
-
ENOENT
)
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
rh
=
skb_header_pointer
(
skb
,
ptr
,
sizeof
(
_route
),
&
_route
);
if
(
rh
==
NULL
)
{
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_CLASSIFY.c
浏览文件 @
cba7a98a
...
...
@@ -27,7 +27,7 @@ MODULE_ALIAS("ipt_CLASSIFY");
MODULE_ALIAS
(
"ip6t_CLASSIFY"
);
static
unsigned
int
classify_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
classify_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
xt_classify_target_info
*
clinfo
=
par
->
targinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_CONNSECMARK.c
浏览文件 @
cba7a98a
...
...
@@ -64,7 +64,7 @@ static void secmark_restore(struct sk_buff *skb)
}
static
unsigned
int
connsecmark_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
connsecmark_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
xt_connsecmark_target_info
*
info
=
par
->
targinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_CT.c
浏览文件 @
cba7a98a
...
...
@@ -20,7 +20,7 @@
#include <net/netfilter/nf_conntrack_zones.h>
static
unsigned
int
xt_ct_target
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
const
struct
xt_
action
_param
*
par
)
{
const
struct
xt_ct_target_info
*
info
=
par
->
targinfo
;
struct
nf_conn
*
ct
=
info
->
ct
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_DSCP.c
浏览文件 @
cba7a98a
...
...
@@ -28,7 +28,7 @@ MODULE_ALIAS("ipt_TOS");
MODULE_ALIAS
(
"ip6t_TOS"
);
static
unsigned
int
dscp_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
dscp_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
xt_DSCP_info
*
dinfo
=
par
->
targinfo
;
u_int8_t
dscp
=
ipv4_get_dsfield
(
ip_hdr
(
skb
))
>>
XT_DSCP_SHIFT
;
...
...
@@ -45,7 +45,7 @@ dscp_tg(struct sk_buff *skb, const struct xt_target_param *par)
}
static
unsigned
int
dscp_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
dscp_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
xt_DSCP_info
*
dinfo
=
par
->
targinfo
;
u_int8_t
dscp
=
ipv6_get_dsfield
(
ipv6_hdr
(
skb
))
>>
XT_DSCP_SHIFT
;
...
...
@@ -72,7 +72,7 @@ static int dscp_tg_check(const struct xt_tgchk_param *par)
}
static
unsigned
int
tos_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
tos_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
xt_tos_target_info
*
info
=
par
->
targinfo
;
struct
iphdr
*
iph
=
ip_hdr
(
skb
);
...
...
@@ -92,7 +92,7 @@ tos_tg(struct sk_buff *skb, const struct xt_target_param *par)
}
static
unsigned
int
tos_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
tos_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
xt_tos_target_info
*
info
=
par
->
targinfo
;
struct
ipv6hdr
*
iph
=
ipv6_hdr
(
skb
);
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_HL.c
浏览文件 @
cba7a98a
...
...
@@ -26,7 +26,7 @@ MODULE_DESCRIPTION("Xtables: Hoplimit/TTL Limit field modification target");
MODULE_LICENSE
(
"GPL"
);
static
unsigned
int
ttl_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
ttl_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
struct
iphdr
*
iph
;
const
struct
ipt_TTL_info
*
info
=
par
->
targinfo
;
...
...
@@ -66,7 +66,7 @@ ttl_tg(struct sk_buff *skb, const struct xt_target_param *par)
}
static
unsigned
int
hl_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
hl_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
struct
ipv6hdr
*
ip6h
;
const
struct
ip6t_HL_info
*
info
=
par
->
targinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_LED.c
浏览文件 @
cba7a98a
...
...
@@ -49,7 +49,7 @@ struct xt_led_info_internal {
};
static
unsigned
int
led_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
led_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
xt_led_info
*
ledinfo
=
par
->
targinfo
;
struct
xt_led_info_internal
*
ledinternal
=
ledinfo
->
internal_data
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_NFLOG.c
浏览文件 @
cba7a98a
...
...
@@ -22,7 +22,7 @@ MODULE_ALIAS("ipt_NFLOG");
MODULE_ALIAS
(
"ip6t_NFLOG"
);
static
unsigned
int
nflog_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
nflog_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
xt_nflog_info
*
info
=
par
->
targinfo
;
struct
nf_loginfo
li
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_NFQUEUE.c
浏览文件 @
cba7a98a
...
...
@@ -31,7 +31,7 @@ static u32 jhash_initval __read_mostly;
static
bool
rnd_inited
__read_mostly
;
static
unsigned
int
nfqueue_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
nfqueue_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
xt_NFQ_info
*
tinfo
=
par
->
targinfo
;
...
...
@@ -65,7 +65,7 @@ static u32 hash_v6(const struct sk_buff *skb)
#endif
static
unsigned
int
nfqueue_tg_v1
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
nfqueue_tg_v1
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
xt_NFQ_info_v1
*
info
=
par
->
targinfo
;
u32
queue
=
info
->
queuenum
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_NOTRACK.c
浏览文件 @
cba7a98a
...
...
@@ -13,7 +13,7 @@ MODULE_ALIAS("ipt_NOTRACK");
MODULE_ALIAS
(
"ip6t_NOTRACK"
);
static
unsigned
int
notrack_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
notrack_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
/* Previously seen (loopback)? Ignore. */
if
(
skb
->
nfct
!=
NULL
)
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_RATEEST.c
浏览文件 @
cba7a98a
...
...
@@ -73,7 +73,7 @@ void xt_rateest_put(struct xt_rateest *est)
EXPORT_SYMBOL_GPL
(
xt_rateest_put
);
static
unsigned
int
xt_rateest_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
xt_rateest_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
xt_rateest_target_info
*
info
=
par
->
targinfo
;
struct
gnet_stats_basic_packed
*
stats
=
&
info
->
est
->
bstats
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_SECMARK.c
浏览文件 @
cba7a98a
...
...
@@ -30,7 +30,7 @@ MODULE_ALIAS("ip6t_SECMARK");
static
u8
mode
;
static
unsigned
int
secmark_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
secmark_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
u32
secmark
=
0
;
const
struct
xt_secmark_target_info
*
info
=
par
->
targinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_TCPMSS.c
浏览文件 @
cba7a98a
...
...
@@ -172,7 +172,7 @@ static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
}
static
unsigned
int
tcpmss_tg4
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
tcpmss_tg4
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
struct
iphdr
*
iph
=
ip_hdr
(
skb
);
__be16
newlen
;
...
...
@@ -195,7 +195,7 @@ tcpmss_tg4(struct sk_buff *skb, const struct xt_target_param *par)
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
static
unsigned
int
tcpmss_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
tcpmss_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
struct
ipv6hdr
*
ipv6h
=
ipv6_hdr
(
skb
);
u8
nexthdr
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_TCPOPTSTRIP.c
浏览文件 @
cba7a98a
...
...
@@ -74,7 +74,7 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb,
}
static
unsigned
int
tcpoptstrip_tg4
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
tcpoptstrip_tg4
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
return
tcpoptstrip_mangle_packet
(
skb
,
par
->
targinfo
,
ip_hdrlen
(
skb
),
sizeof
(
struct
iphdr
)
+
sizeof
(
struct
tcphdr
));
...
...
@@ -82,7 +82,7 @@ tcpoptstrip_tg4(struct sk_buff *skb, const struct xt_target_param *par)
#if defined(CONFIG_IP6_NF_MANGLE) || defined(CONFIG_IP6_NF_MANGLE_MODULE)
static
unsigned
int
tcpoptstrip_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
tcpoptstrip_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
struct
ipv6hdr
*
ipv6h
=
ipv6_hdr
(
skb
);
int
tcphoff
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_TEE.c
浏览文件 @
cba7a98a
...
...
@@ -84,7 +84,7 @@ tee_tg_route4(struct sk_buff *skb, const struct xt_tee_tginfo *info)
}
static
unsigned
int
tee_tg4
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
tee_tg4
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
xt_tee_tginfo
*
info
=
par
->
targinfo
;
struct
iphdr
*
iph
;
...
...
@@ -165,7 +165,7 @@ tee_tg_route6(struct sk_buff *skb, const struct xt_tee_tginfo *info)
}
static
unsigned
int
tee_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
tee_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
xt_tee_tginfo
*
info
=
par
->
targinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_TPROXY.c
浏览文件 @
cba7a98a
...
...
@@ -25,7 +25,7 @@
#include <net/netfilter/nf_tproxy_core.h>
static
unsigned
int
tproxy_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
tproxy_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
iphdr
*
iph
=
ip_hdr
(
skb
);
const
struct
xt_tproxy_target_info
*
tgi
=
par
->
targinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_TRACE.c
浏览文件 @
cba7a98a
...
...
@@ -11,7 +11,7 @@ MODULE_ALIAS("ipt_TRACE");
MODULE_ALIAS
(
"ip6t_TRACE"
);
static
unsigned
int
trace_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
trace_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
skb
->
nf_trace
=
1
;
return
XT_CONTINUE
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_cluster.c
浏览文件 @
cba7a98a
...
...
@@ -86,7 +86,7 @@ xt_cluster_is_multicast_addr(const struct sk_buff *skb, u_int8_t family)
}
static
bool
xt_cluster_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
xt_cluster_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
struct
sk_buff
*
pskb
=
(
struct
sk_buff
*
)
skb
;
const
struct
xt_cluster_match_info
*
info
=
par
->
matchinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_comment.c
浏览文件 @
cba7a98a
...
...
@@ -16,7 +16,7 @@ MODULE_ALIAS("ipt_comment");
MODULE_ALIAS
(
"ip6t_comment"
);
static
bool
comment_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
comment_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
/* We always match */
return
true
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_connbytes.c
浏览文件 @
cba7a98a
...
...
@@ -18,7 +18,7 @@ MODULE_ALIAS("ipt_connbytes");
MODULE_ALIAS
(
"ip6t_connbytes"
);
static
bool
connbytes_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
connbytes_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_connbytes_info
*
sinfo
=
par
->
matchinfo
;
const
struct
nf_conn
*
ct
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_connlimit.c
浏览文件 @
cba7a98a
...
...
@@ -173,7 +173,7 @@ static int count_them(struct net *net,
}
static
bool
connlimit_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
connlimit_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
struct
net
*
net
=
dev_net
(
par
->
in
?
par
->
in
:
par
->
out
);
const
struct
xt_connlimit_info
*
info
=
par
->
matchinfo
;
...
...
@@ -206,14 +206,14 @@ connlimit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
if
(
connections
<
0
)
{
/* kmalloc failed, drop it entirely */
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
return
(
connections
>
info
->
limit
)
^
info
->
inverse
;
hotdrop:
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_connmark.c
浏览文件 @
cba7a98a
...
...
@@ -37,7 +37,7 @@ MODULE_ALIAS("ipt_connmark");
MODULE_ALIAS
(
"ip6t_connmark"
);
static
unsigned
int
connmark_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
connmark_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
xt_connmark_tginfo1
*
info
=
par
->
targinfo
;
enum
ip_conntrack_info
ctinfo
;
...
...
@@ -91,7 +91,7 @@ static void connmark_tg_destroy(const struct xt_tgdtor_param *par)
}
static
bool
connmark_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
connmark_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_connmark_mtinfo1
*
info
=
par
->
matchinfo
;
enum
ip_conntrack_info
ctinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_conntrack.c
浏览文件 @
cba7a98a
...
...
@@ -113,7 +113,7 @@ ct_proto_port_check(const struct xt_conntrack_mtinfo2 *info,
}
static
bool
conntrack_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
,
conntrack_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
,
u16
state_mask
,
u16
status_mask
)
{
const
struct
xt_conntrack_mtinfo2
*
info
=
par
->
matchinfo
;
...
...
@@ -191,7 +191,7 @@ conntrack_mt(const struct sk_buff *skb, const struct xt_match_param *par,
}
static
bool
conntrack_mt_v1
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
conntrack_mt_v1
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_conntrack_mtinfo1
*
info
=
par
->
matchinfo
;
...
...
@@ -199,7 +199,7 @@ conntrack_mt_v1(const struct sk_buff *skb, const struct xt_match_param *par)
}
static
bool
conntrack_mt_v2
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
conntrack_mt_v2
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_conntrack_mtinfo2
*
info
=
par
->
matchinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_dccp.c
浏览文件 @
cba7a98a
...
...
@@ -96,7 +96,7 @@ match_option(u_int8_t option, const struct sk_buff *skb, unsigned int protoff,
}
static
bool
dccp_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
dccp_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_dccp_info
*
info
=
par
->
matchinfo
;
const
struct
dccp_hdr
*
dh
;
...
...
@@ -107,7 +107,7 @@ dccp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
dh
=
skb_header_pointer
(
skb
,
par
->
thoff
,
sizeof
(
_dh
),
&
_dh
);
if
(
dh
==
NULL
)
{
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
...
...
@@ -120,7 +120,7 @@ dccp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
&&
DCCHECK
(
match_types
(
dh
,
info
->
typemask
),
XT_DCCP_TYPE
,
info
->
flags
,
info
->
invflags
)
&&
DCCHECK
(
match_option
(
info
->
option
,
skb
,
par
->
thoff
,
dh
,
par
->
hotdrop
),
&
par
->
hotdrop
),
XT_DCCP_OPTION
,
info
->
flags
,
info
->
invflags
);
}
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_dscp.c
浏览文件 @
cba7a98a
...
...
@@ -25,7 +25,7 @@ MODULE_ALIAS("ipt_tos");
MODULE_ALIAS
(
"ip6t_tos"
);
static
bool
dscp_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
dscp_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_dscp_info
*
info
=
par
->
matchinfo
;
u_int8_t
dscp
=
ipv4_get_dsfield
(
ip_hdr
(
skb
))
>>
XT_DSCP_SHIFT
;
...
...
@@ -34,7 +34,7 @@ dscp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
}
static
bool
dscp_mt6
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
dscp_mt6
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_dscp_info
*
info
=
par
->
matchinfo
;
u_int8_t
dscp
=
ipv6_get_dsfield
(
ipv6_hdr
(
skb
))
>>
XT_DSCP_SHIFT
;
...
...
@@ -54,7 +54,7 @@ static int dscp_mt_check(const struct xt_mtchk_param *par)
return
0
;
}
static
bool
tos_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
static
bool
tos_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_tos_match_info
*
info
=
par
->
matchinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_esp.c
浏览文件 @
cba7a98a
...
...
@@ -36,7 +36,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
return
r
;
}
static
bool
esp_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
static
bool
esp_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
ip_esp_hdr
*
eh
;
struct
ip_esp_hdr
_esp
;
...
...
@@ -52,7 +52,7 @@ static bool esp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
* can't. Hence, no choice but to drop.
*/
pr_debug
(
"Dropping evil ESP tinygram.
\n
"
);
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_hashlimit.c
浏览文件 @
cba7a98a
...
...
@@ -516,7 +516,7 @@ hashlimit_init_dst(const struct xt_hashlimit_htable *hinfo,
}
static
bool
hashlimit_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
hashlimit_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_hashlimit_mtinfo1
*
info
=
par
->
matchinfo
;
struct
xt_hashlimit_htable
*
hinfo
=
info
->
hinfo
;
...
...
@@ -562,7 +562,7 @@ hashlimit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
return
info
->
cfg
.
mode
&
XT_HASHLIMIT_INVERT
;
hotdrop:
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_helper.c
浏览文件 @
cba7a98a
...
...
@@ -24,7 +24,7 @@ MODULE_ALIAS("ip6t_helper");
static
bool
helper_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
helper_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_helper_info
*
info
=
par
->
matchinfo
;
const
struct
nf_conn
*
ct
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_hl.c
浏览文件 @
cba7a98a
...
...
@@ -25,7 +25,7 @@ MODULE_LICENSE("GPL");
MODULE_ALIAS
(
"ipt_ttl"
);
MODULE_ALIAS
(
"ip6t_hl"
);
static
bool
ttl_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
static
bool
ttl_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
ipt_ttl_info
*
info
=
par
->
matchinfo
;
const
u8
ttl
=
ip_hdr
(
skb
)
->
ttl
;
...
...
@@ -44,7 +44,7 @@ static bool ttl_mt(const struct sk_buff *skb, const struct xt_match_param *par)
return
false
;
}
static
bool
hl_mt6
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
static
bool
hl_mt6
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
ip6t_hl_info
*
info
=
par
->
matchinfo
;
const
struct
ipv6hdr
*
ip6h
=
ipv6_hdr
(
skb
);
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_iprange.c
浏览文件 @
cba7a98a
...
...
@@ -17,7 +17,7 @@
#include <linux/netfilter/xt_iprange.h>
static
bool
iprange_mt4
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
iprange_mt4
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_iprange_mtinfo
*
info
=
par
->
matchinfo
;
const
struct
iphdr
*
iph
=
ip_hdr
(
skb
);
...
...
@@ -68,7 +68,7 @@ iprange_ipv6_sub(const struct in6_addr *a, const struct in6_addr *b)
}
static
bool
iprange_mt6
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
iprange_mt6
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_iprange_mtinfo
*
info
=
par
->
matchinfo
;
const
struct
ipv6hdr
*
iph
=
ipv6_hdr
(
skb
);
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_length.c
浏览文件 @
cba7a98a
...
...
@@ -21,7 +21,7 @@ MODULE_ALIAS("ipt_length");
MODULE_ALIAS
(
"ip6t_length"
);
static
bool
length_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
length_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_length_info
*
info
=
par
->
matchinfo
;
u_int16_t
pktlen
=
ntohs
(
ip_hdr
(
skb
)
->
tot_len
);
...
...
@@ -30,7 +30,7 @@ length_mt(const struct sk_buff *skb, const struct xt_match_param *par)
}
static
bool
length_mt6
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
length_mt6
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_length_info
*
info
=
par
->
matchinfo
;
const
u_int16_t
pktlen
=
ntohs
(
ipv6_hdr
(
skb
)
->
payload_len
)
+
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_limit.c
浏览文件 @
cba7a98a
...
...
@@ -65,7 +65,7 @@ static DEFINE_SPINLOCK(limit_lock);
#define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ)
static
bool
limit_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
limit_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_rateinfo
*
r
=
par
->
matchinfo
;
struct
xt_limit_priv
*
priv
=
r
->
master
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_mac.c
浏览文件 @
cba7a98a
...
...
@@ -25,7 +25,7 @@ MODULE_DESCRIPTION("Xtables: MAC address match");
MODULE_ALIAS
(
"ipt_mac"
);
MODULE_ALIAS
(
"ip6t_mac"
);
static
bool
mac_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
static
bool
mac_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_mac_info
*
info
=
par
->
matchinfo
;
bool
ret
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_mark.c
浏览文件 @
cba7a98a
...
...
@@ -25,7 +25,7 @@ MODULE_ALIAS("ipt_MARK");
MODULE_ALIAS
(
"ip6t_MARK"
);
static
unsigned
int
mark_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
target
_param
*
par
)
mark_tg
(
struct
sk_buff
*
skb
,
const
struct
xt_
action
_param
*
par
)
{
const
struct
xt_mark_tginfo2
*
info
=
par
->
targinfo
;
...
...
@@ -34,7 +34,7 @@ mark_tg(struct sk_buff *skb, const struct xt_target_param *par)
}
static
bool
mark_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
mark_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_mark_mtinfo1
*
info
=
par
->
matchinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_multiport.c
浏览文件 @
cba7a98a
...
...
@@ -72,7 +72,7 @@ ports_match_v1(const struct xt_multiport_v1 *minfo,
}
static
bool
multiport_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
multiport_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
__be16
*
pptr
;
__be16
_ports
[
2
];
...
...
@@ -87,7 +87,7 @@ multiport_mt(const struct sk_buff *skb, const struct xt_match_param *par)
* can't. Hence, no choice but to drop.
*/
pr_debug
(
"Dropping evil offset=0 tinygram.
\n
"
);
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
...
...
@@ -117,7 +117,7 @@ static int multiport_mt_check(const struct xt_mtchk_param *par)
const
struct
xt_multiport_v1
*
multiinfo
=
par
->
matchinfo
;
return
check
(
ip
->
proto
,
ip
->
invflags
,
multiinfo
->
flags
,
multiinfo
->
count
);
multiinfo
->
count
)
?
0
:
-
EINVAL
;
}
static
int
multiport_mt6_check
(
const
struct
xt_mtchk_param
*
par
)
...
...
@@ -126,7 +126,7 @@ static int multiport_mt6_check(const struct xt_mtchk_param *par)
const
struct
xt_multiport_v1
*
multiinfo
=
par
->
matchinfo
;
return
check
(
ip
->
proto
,
ip
->
invflags
,
multiinfo
->
flags
,
multiinfo
->
count
);
multiinfo
->
count
)
?
0
:
-
EINVAL
;
}
static
struct
xt_match
multiport_mt_reg
[]
__read_mostly
=
{
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_osf.c
浏览文件 @
cba7a98a
...
...
@@ -193,8 +193,8 @@ static inline int xt_osf_ttl(const struct sk_buff *skb, const struct xt_osf_info
return
ip
->
ttl
==
f_ttl
;
}
static
bool
xt_osf_match_packet
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
p
)
static
bool
xt_osf_match_packet
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
p
)
{
const
struct
xt_osf_info
*
info
=
p
->
matchinfo
;
const
struct
iphdr
*
ip
=
ip_hdr
(
skb
);
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_owner.c
浏览文件 @
cba7a98a
...
...
@@ -18,7 +18,7 @@
#include <linux/netfilter/xt_owner.h>
static
bool
owner_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
owner_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_owner_match_info
*
info
=
par
->
matchinfo
;
const
struct
file
*
filp
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_physdev.c
浏览文件 @
cba7a98a
...
...
@@ -22,7 +22,7 @@ MODULE_ALIAS("ip6t_physdev");
static
bool
physdev_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
physdev_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
static
const
char
nulldevname
[
IFNAMSIZ
]
__attribute__
((
aligned
(
sizeof
(
long
))));
const
struct
xt_physdev_info
*
info
=
par
->
matchinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_pkttype.c
浏览文件 @
cba7a98a
...
...
@@ -23,7 +23,7 @@ MODULE_ALIAS("ipt_pkttype");
MODULE_ALIAS
(
"ip6t_pkttype"
);
static
bool
pkttype_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
pkttype_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_pkttype_info
*
info
=
par
->
matchinfo
;
u_int8_t
type
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_policy.c
浏览文件 @
cba7a98a
...
...
@@ -110,7 +110,7 @@ match_policy_out(const struct sk_buff *skb, const struct xt_policy_info *info,
}
static
bool
policy_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
policy_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_policy_info
*
info
=
par
->
matchinfo
;
int
ret
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_quota.c
浏览文件 @
cba7a98a
...
...
@@ -23,7 +23,7 @@ MODULE_ALIAS("ip6t_quota");
static
DEFINE_SPINLOCK
(
quota_lock
);
static
bool
quota_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
quota_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
struct
xt_quota_info
*
q
=
(
void
*
)
par
->
matchinfo
;
struct
xt_quota_priv
*
priv
=
q
->
master
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_rateest.c
浏览文件 @
cba7a98a
...
...
@@ -15,7 +15,7 @@
static
bool
xt_rateest_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
xt_rateest_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_rateest_match_info
*
info
=
par
->
matchinfo
;
struct
gnet_stats_rate_est
*
r
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_realm.c
浏览文件 @
cba7a98a
...
...
@@ -22,7 +22,7 @@ MODULE_DESCRIPTION("Xtables: Routing realm match");
MODULE_ALIAS
(
"ipt_realm"
);
static
bool
realm_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
realm_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_realm_info
*
info
=
par
->
matchinfo
;
const
struct
dst_entry
*
dst
=
skb_dst
(
skb
);
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_recent.c
浏览文件 @
cba7a98a
...
...
@@ -224,7 +224,7 @@ static void recent_table_flush(struct recent_table *t)
}
static
bool
recent_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
recent_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
struct
net
*
net
=
dev_net
(
par
->
in
?
par
->
in
:
par
->
out
);
struct
recent_net
*
recent_net
=
recent_pernet
(
net
);
...
...
@@ -268,7 +268,7 @@ recent_mt(const struct sk_buff *skb, const struct xt_match_param *par)
goto
out
;
e
=
recent_entry_init
(
t
,
&
addr
,
par
->
family
,
ttl
);
if
(
e
==
NULL
)
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
ret
=
!
ret
;
goto
out
;
}
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_sctp.c
浏览文件 @
cba7a98a
...
...
@@ -114,7 +114,7 @@ match_packet(const struct sk_buff *skb,
}
static
bool
sctp_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
sctp_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_sctp_info
*
info
=
par
->
matchinfo
;
const
sctp_sctphdr_t
*
sh
;
...
...
@@ -128,7 +128,7 @@ sctp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
sh
=
skb_header_pointer
(
skb
,
par
->
thoff
,
sizeof
(
_sh
),
&
_sh
);
if
(
sh
==
NULL
)
{
pr_debug
(
"Dropping evil TCP offset=0 tinygram.
\n
"
);
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
pr_debug
(
"spt: %d
\t
dpt: %d
\n
"
,
ntohs
(
sh
->
source
),
ntohs
(
sh
->
dest
));
...
...
@@ -140,7 +140,7 @@ sctp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
&&
ntohs
(
sh
->
dest
)
<=
info
->
dpts
[
1
],
XT_SCTP_DEST_PORTS
,
info
->
flags
,
info
->
invflags
)
&&
SCCHECK
(
match_packet
(
skb
,
par
->
thoff
+
sizeof
(
sctp_sctphdr_t
),
info
,
par
->
hotdrop
),
info
,
&
par
->
hotdrop
),
XT_SCTP_CHUNK_TYPES
,
info
->
flags
,
info
->
invflags
);
}
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_socket.c
浏览文件 @
cba7a98a
...
...
@@ -88,7 +88,7 @@ extract_icmp_fields(const struct sk_buff *skb,
static
bool
socket_match
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
,
socket_match
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
,
const
struct
xt_socket_mtinfo1
*
info
)
{
const
struct
iphdr
*
iph
=
ip_hdr
(
skb
);
...
...
@@ -174,13 +174,13 @@ socket_match(const struct sk_buff *skb, const struct xt_match_param *par,
}
static
bool
socket_mt_v0
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
socket_mt_v0
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
return
socket_match
(
skb
,
par
,
NULL
);
}
static
bool
socket_mt_v1
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
socket_mt_v1
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
return
socket_match
(
skb
,
par
,
par
->
matchinfo
);
}
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_state.c
浏览文件 @
cba7a98a
...
...
@@ -21,7 +21,7 @@ MODULE_ALIAS("ipt_state");
MODULE_ALIAS
(
"ip6t_state"
);
static
bool
state_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
state_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_state_info
*
sinfo
=
par
->
matchinfo
;
enum
ip_conntrack_info
ctinfo
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_statistic.c
浏览文件 @
cba7a98a
...
...
@@ -30,7 +30,7 @@ MODULE_ALIAS("ip6t_statistic");
static
DEFINE_SPINLOCK
(
nth_lock
);
static
bool
statistic_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
statistic_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_statistic_info
*
info
=
par
->
matchinfo
;
bool
ret
=
info
->
flags
&
XT_STATISTIC_INVERT
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_string.c
浏览文件 @
cba7a98a
...
...
@@ -23,7 +23,7 @@ MODULE_ALIAS("ipt_string");
MODULE_ALIAS
(
"ip6t_string"
);
static
bool
string_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
string_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_string_info
*
conf
=
par
->
matchinfo
;
struct
ts_state
state
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_tcpmss.c
浏览文件 @
cba7a98a
...
...
@@ -25,7 +25,7 @@ MODULE_ALIAS("ipt_tcpmss");
MODULE_ALIAS
(
"ip6t_tcpmss"
);
static
bool
tcpmss_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
tcpmss_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_tcpmss_match_info
*
info
=
par
->
matchinfo
;
const
struct
tcphdr
*
th
;
...
...
@@ -73,7 +73,7 @@ tcpmss_mt(const struct sk_buff *skb, const struct xt_match_param *par)
return
info
->
invert
;
dropit:
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_tcpudp.c
浏览文件 @
cba7a98a
...
...
@@ -62,7 +62,7 @@ tcp_find_option(u_int8_t option,
return
invert
;
}
static
bool
tcp_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
static
bool
tcp_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
tcphdr
*
th
;
struct
tcphdr
_tcph
;
...
...
@@ -77,7 +77,7 @@ static bool tcp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
*/
if
(
par
->
fragoff
==
1
)
{
pr_debug
(
"Dropping evil TCP offset=1 frag.
\n
"
);
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
}
/* Must not be a fragment. */
return
false
;
...
...
@@ -90,7 +90,7 @@ static bool tcp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
/* We've been asked to examine this packet, and we
can't. Hence, no choice but to drop. */
pr_debug
(
"Dropping evil TCP offset=0 tinygram.
\n
"
);
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
...
...
@@ -108,13 +108,13 @@ static bool tcp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
return
false
;
if
(
tcpinfo
->
option
)
{
if
(
th
->
doff
*
4
<
sizeof
(
_tcph
))
{
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
if
(
!
tcp_find_option
(
tcpinfo
->
option
,
skb
,
par
->
thoff
,
th
->
doff
*
4
-
sizeof
(
_tcph
),
tcpinfo
->
invflags
&
XT_TCP_INV_OPTION
,
par
->
hotdrop
))
&
par
->
hotdrop
))
return
false
;
}
return
true
;
...
...
@@ -128,7 +128,7 @@ static int tcp_mt_check(const struct xt_mtchk_param *par)
return
(
tcpinfo
->
invflags
&
~
XT_TCP_INV_MASK
)
?
-
EINVAL
:
0
;
}
static
bool
udp_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
static
bool
udp_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
udphdr
*
uh
;
struct
udphdr
_udph
;
...
...
@@ -143,7 +143,7 @@ static bool udp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
/* We've been asked to examine this packet, and we
can't. Hence, no choice but to drop. */
pr_debug
(
"Dropping evil UDP tinygram.
\n
"
);
*
par
->
hotdrop
=
true
;
par
->
hotdrop
=
true
;
return
false
;
}
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_time.c
浏览文件 @
cba7a98a
...
...
@@ -152,7 +152,7 @@ static void localtime_3(struct xtm *r, time_t time)
}
static
bool
time_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
time_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_time_info
*
info
=
par
->
matchinfo
;
unsigned
int
packet_time
;
...
...
This diff is collapsed.
Click to expand it.
net/netfilter/xt_u32.c
浏览文件 @
cba7a98a
...
...
@@ -86,7 +86,7 @@ static bool u32_match_it(const struct xt_u32 *data,
return
true
;
}
static
bool
u32_mt
(
const
struct
sk_buff
*
skb
,
const
struct
xt_match
_param
*
par
)
static
bool
u32_mt
(
const
struct
sk_buff
*
skb
,
struct
xt_action
_param
*
par
)
{
const
struct
xt_u32
*
data
=
par
->
matchinfo
;
bool
ret
;
...
...
This diff is collapsed.
Click to expand it.
net/sched/act_ipt.c
浏览文件 @
cba7a98a
...
...
@@ -199,7 +199,7 @@ static int tcf_ipt(struct sk_buff *skb, struct tc_action *a,
{
int
ret
=
0
,
result
=
0
;
struct
tcf_ipt
*
ipt
=
a
->
priv
;
struct
xt_
target
_param
par
;
struct
xt_
action
_param
par
;
if
(
skb_cloned
(
skb
))
{
if
(
pskb_expand_head
(
skb
,
0
,
0
,
GFP_ATOMIC
))
...
...
This diff is collapsed.
Click to expand it.
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
新手
引导
客服
返回
顶部