[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
/*
|
|
|
|
* x_tables core - Backend for {ip,ip6,arp}_tables
|
|
|
|
*
|
|
|
|
* Copyright (C) 2006-2006 Harald Welte <laforge@netfilter.org>
|
|
|
|
*
|
|
|
|
* Based on existing ip_tables code which is
|
|
|
|
* Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
|
|
|
|
* Copyright (C) 2000-2005 Netfilter Core Team <coreteam@netfilter.org>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
*/
|
2010-03-18 01:22:32 +00:00
|
|
|
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
#include <linux/kernel.h>
|
|
|
|
#include <linux/socket.h>
|
|
|
|
#include <linux/net.h>
|
|
|
|
#include <linux/proc_fs.h>
|
|
|
|
#include <linux/seq_file.h>
|
|
|
|
#include <linux/string.h>
|
|
|
|
#include <linux/vmalloc.h>
|
2006-03-25 09:41:10 +00:00
|
|
|
#include <linux/mutex.h>
|
2006-12-04 04:15:30 +00:00
|
|
|
#include <linux/mm.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 08:04:11 +00:00
|
|
|
#include <linux/slab.h>
|
2011-01-16 17:12:59 +00:00
|
|
|
#include <linux/audit.h>
|
2007-09-12 10:01:34 +00:00
|
|
|
#include <net/net_namespace.h>
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
|
|
|
#include <linux/netfilter/x_tables.h>
|
|
|
|
#include <linux/netfilter_arp.h>
|
2009-06-17 20:14:54 +00:00
|
|
|
#include <linux/netfilter_ipv4/ip_tables.h>
|
|
|
|
#include <linux/netfilter_ipv6/ip6_tables.h>
|
|
|
|
#include <linux/netfilter_arp/arp_tables.h>
|
2006-03-25 09:41:10 +00:00
|
|
|
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
MODULE_LICENSE("GPL");
|
|
|
|
MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
|
2008-10-08 09:35:15 +00:00
|
|
|
MODULE_DESCRIPTION("{ip,ip6,arp,eb}_tables backend module");
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
|
|
|
#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
|
|
|
|
|
2007-12-18 05:47:48 +00:00
|
|
|
struct compat_delta {
|
2010-12-18 17:35:15 +00:00
|
|
|
unsigned int offset; /* offset in kernel */
|
|
|
|
int delta; /* delta in 32bit user land */
|
2007-12-18 05:47:48 +00:00
|
|
|
};
|
|
|
|
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
struct xt_af {
|
2006-03-25 09:41:10 +00:00
|
|
|
struct mutex mutex;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
struct list_head match;
|
|
|
|
struct list_head target;
|
2007-12-18 05:47:48 +00:00
|
|
|
#ifdef CONFIG_COMPAT
|
2006-04-01 10:25:19 +00:00
|
|
|
struct mutex compat_mutex;
|
2010-12-18 17:35:15 +00:00
|
|
|
struct compat_delta *compat_tab;
|
|
|
|
unsigned int number; /* number of slots in compat_tab[] */
|
|
|
|
unsigned int cur; /* number of used slots in compat_tab[] */
|
2007-12-18 05:47:48 +00:00
|
|
|
#endif
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static struct xt_af *xt;
|
|
|
|
|
2008-10-08 09:35:00 +00:00
|
|
|
static const char *const xt_prefix[NFPROTO_NUMPROTO] = {
|
|
|
|
[NFPROTO_UNSPEC] = "x",
|
|
|
|
[NFPROTO_IPV4] = "ip",
|
|
|
|
[NFPROTO_ARP] = "arp",
|
|
|
|
[NFPROTO_BRIDGE] = "eb",
|
|
|
|
[NFPROTO_IPV6] = "ip6",
|
2006-03-21 01:59:06 +00:00
|
|
|
};
|
|
|
|
|
2010-04-19 14:05:10 +00:00
|
|
|
/* Allow this many total (re)entries. */
|
|
|
|
static const unsigned int xt_jumpstack_multiplier = 2;
|
|
|
|
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
/* Registration hooks for targets. */
|
|
|
|
int
|
2006-03-22 21:55:40 +00:00
|
|
|
xt_register_target(struct xt_target *target)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
2008-10-08 09:35:00 +00:00
|
|
|
u_int8_t af = target->family;
|
|
|
|
int ret;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2006-03-25 09:41:10 +00:00
|
|
|
ret = mutex_lock_interruptible(&xt[af].mutex);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
if (ret != 0)
|
|
|
|
return ret;
|
|
|
|
list_add(&target->list, &xt[af].target);
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_unlock(&xt[af].mutex);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(xt_register_target);
|
|
|
|
|
|
|
|
void
|
2006-03-22 21:55:40 +00:00
|
|
|
xt_unregister_target(struct xt_target *target)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
2008-10-08 09:35:00 +00:00
|
|
|
u_int8_t af = target->family;
|
2006-03-22 21:55:40 +00:00
|
|
|
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_lock(&xt[af].mutex);
|
2006-09-20 18:57:53 +00:00
|
|
|
list_del(&target->list);
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_unlock(&xt[af].mutex);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(xt_unregister_target);
|
|
|
|
|
2006-08-22 07:33:45 +00:00
|
|
|
int
|
|
|
|
xt_register_targets(struct xt_target *target, unsigned int n)
|
|
|
|
{
|
|
|
|
unsigned int i;
|
|
|
|
int err = 0;
|
|
|
|
|
|
|
|
for (i = 0; i < n; i++) {
|
|
|
|
err = xt_register_target(&target[i]);
|
|
|
|
if (err)
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
return err;
|
|
|
|
|
|
|
|
err:
|
|
|
|
if (i > 0)
|
|
|
|
xt_unregister_targets(target, i);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(xt_register_targets);
|
|
|
|
|
|
|
|
void
|
|
|
|
xt_unregister_targets(struct xt_target *target, unsigned int n)
|
|
|
|
{
|
2010-10-04 20:24:12 +00:00
|
|
|
while (n-- > 0)
|
|
|
|
xt_unregister_target(&target[n]);
|
2006-08-22 07:33:45 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(xt_unregister_targets);
|
|
|
|
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
int
|
2006-03-22 21:55:40 +00:00
|
|
|
xt_register_match(struct xt_match *match)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
2008-10-08 09:35:00 +00:00
|
|
|
u_int8_t af = match->family;
|
|
|
|
int ret;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2006-03-25 09:41:10 +00:00
|
|
|
ret = mutex_lock_interruptible(&xt[af].mutex);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
if (ret != 0)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
list_add(&match->list, &xt[af].match);
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_unlock(&xt[af].mutex);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(xt_register_match);
|
|
|
|
|
|
|
|
void
|
2006-03-22 21:55:40 +00:00
|
|
|
xt_unregister_match(struct xt_match *match)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
2008-10-08 09:35:00 +00:00
|
|
|
u_int8_t af = match->family;
|
2006-03-22 21:55:40 +00:00
|
|
|
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_lock(&xt[af].mutex);
|
2006-09-20 18:57:53 +00:00
|
|
|
list_del(&match->list);
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_unlock(&xt[af].mutex);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(xt_unregister_match);
|
|
|
|
|
2006-08-22 07:33:45 +00:00
|
|
|
int
|
|
|
|
xt_register_matches(struct xt_match *match, unsigned int n)
|
|
|
|
{
|
|
|
|
unsigned int i;
|
|
|
|
int err = 0;
|
|
|
|
|
|
|
|
for (i = 0; i < n; i++) {
|
|
|
|
err = xt_register_match(&match[i]);
|
|
|
|
if (err)
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
return err;
|
|
|
|
|
|
|
|
err:
|
|
|
|
if (i > 0)
|
|
|
|
xt_unregister_matches(match, i);
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(xt_register_matches);
|
|
|
|
|
|
|
|
void
|
|
|
|
xt_unregister_matches(struct xt_match *match, unsigned int n)
|
|
|
|
{
|
2010-10-04 20:24:12 +00:00
|
|
|
while (n-- > 0)
|
|
|
|
xt_unregister_match(&match[n]);
|
2006-08-22 07:33:45 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(xt_unregister_matches);
|
|
|
|
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* These are weird, but module loading must not be done with mutex
|
|
|
|
* held (since they will register), and we have to have a single
|
2011-03-09 13:14:26 +00:00
|
|
|
* function to use.
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
/* Find match, grabs ref. Returns ERR_PTR() on error. */
|
2008-10-08 09:35:00 +00:00
|
|
|
struct xt_match *xt_find_match(u8 af, const char *name, u8 revision)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
|
|
|
struct xt_match *m;
|
2011-03-14 18:11:44 +00:00
|
|
|
int err = -ENOENT;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2006-03-25 09:41:10 +00:00
|
|
|
if (mutex_lock_interruptible(&xt[af].mutex) != 0)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
return ERR_PTR(-EINTR);
|
|
|
|
|
|
|
|
list_for_each_entry(m, &xt[af].match, list) {
|
|
|
|
if (strcmp(m->name, name) == 0) {
|
|
|
|
if (m->revision == revision) {
|
|
|
|
if (try_module_get(m->me)) {
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_unlock(&xt[af].mutex);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
return m;
|
|
|
|
}
|
|
|
|
} else
|
|
|
|
err = -EPROTOTYPE; /* Found something. */
|
|
|
|
}
|
|
|
|
}
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_unlock(&xt[af].mutex);
|
2008-10-08 09:35:01 +00:00
|
|
|
|
|
|
|
if (af != NFPROTO_UNSPEC)
|
|
|
|
/* Try searching again in the family-independent list */
|
|
|
|
return xt_find_match(NFPROTO_UNSPEC, name, revision);
|
|
|
|
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
return ERR_PTR(err);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(xt_find_match);
|
|
|
|
|
2009-07-10 17:27:47 +00:00
|
|
|
struct xt_match *
|
|
|
|
xt_request_find_match(uint8_t nfproto, const char *name, uint8_t revision)
|
|
|
|
{
|
|
|
|
struct xt_match *match;
|
|
|
|
|
2011-03-09 13:14:26 +00:00
|
|
|
match = xt_find_match(nfproto, name, revision);
|
|
|
|
if (IS_ERR(match)) {
|
|
|
|
request_module("%st_%s", xt_prefix[nfproto], name);
|
|
|
|
match = xt_find_match(nfproto, name, revision);
|
|
|
|
}
|
|
|
|
|
|
|
|
return match;
|
2009-07-10 17:27:47 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_request_find_match);
|
|
|
|
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
/* Find target, grabs ref. Returns ERR_PTR() on error. */
|
2008-10-08 09:35:00 +00:00
|
|
|
struct xt_target *xt_find_target(u8 af, const char *name, u8 revision)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
|
|
|
struct xt_target *t;
|
2011-03-14 18:11:44 +00:00
|
|
|
int err = -ENOENT;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2006-03-25 09:41:10 +00:00
|
|
|
if (mutex_lock_interruptible(&xt[af].mutex) != 0)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
return ERR_PTR(-EINTR);
|
|
|
|
|
|
|
|
list_for_each_entry(t, &xt[af].target, list) {
|
|
|
|
if (strcmp(t->name, name) == 0) {
|
|
|
|
if (t->revision == revision) {
|
|
|
|
if (try_module_get(t->me)) {
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_unlock(&xt[af].mutex);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
return t;
|
|
|
|
}
|
|
|
|
} else
|
|
|
|
err = -EPROTOTYPE; /* Found something. */
|
|
|
|
}
|
|
|
|
}
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_unlock(&xt[af].mutex);
|
2008-10-08 09:35:01 +00:00
|
|
|
|
|
|
|
if (af != NFPROTO_UNSPEC)
|
|
|
|
/* Try searching again in the family-independent list */
|
|
|
|
return xt_find_target(NFPROTO_UNSPEC, name, revision);
|
|
|
|
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
return ERR_PTR(err);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(xt_find_target);
|
|
|
|
|
2008-10-08 09:35:00 +00:00
|
|
|
struct xt_target *xt_request_find_target(u8 af, const char *name, u8 revision)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
|
|
|
struct xt_target *target;
|
|
|
|
|
2011-03-09 13:14:26 +00:00
|
|
|
target = xt_find_target(af, name, revision);
|
|
|
|
if (IS_ERR(target)) {
|
|
|
|
request_module("%st_%s", xt_prefix[af], name);
|
|
|
|
target = xt_find_target(af, name, revision);
|
|
|
|
}
|
|
|
|
|
|
|
|
return target;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_request_find_target);
|
|
|
|
|
2008-10-08 09:35:00 +00:00
|
|
|
static int match_revfn(u8 af, const char *name, u8 revision, int *bestp)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
2008-04-14 09:15:35 +00:00
|
|
|
const struct xt_match *m;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
int have_rev = 0;
|
|
|
|
|
|
|
|
list_for_each_entry(m, &xt[af].match, list) {
|
|
|
|
if (strcmp(m->name, name) == 0) {
|
|
|
|
if (m->revision > *bestp)
|
|
|
|
*bestp = m->revision;
|
|
|
|
if (m->revision == revision)
|
|
|
|
have_rev = 1;
|
|
|
|
}
|
|
|
|
}
|
2009-01-12 00:06:04 +00:00
|
|
|
|
|
|
|
if (af != NFPROTO_UNSPEC && !have_rev)
|
|
|
|
return match_revfn(NFPROTO_UNSPEC, name, revision, bestp);
|
|
|
|
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
return have_rev;
|
|
|
|
}
|
|
|
|
|
2008-10-08 09:35:00 +00:00
|
|
|
static int target_revfn(u8 af, const char *name, u8 revision, int *bestp)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
2008-04-14 09:15:35 +00:00
|
|
|
const struct xt_target *t;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
int have_rev = 0;
|
|
|
|
|
|
|
|
list_for_each_entry(t, &xt[af].target, list) {
|
|
|
|
if (strcmp(t->name, name) == 0) {
|
|
|
|
if (t->revision > *bestp)
|
|
|
|
*bestp = t->revision;
|
|
|
|
if (t->revision == revision)
|
|
|
|
have_rev = 1;
|
|
|
|
}
|
|
|
|
}
|
2009-01-12 00:06:04 +00:00
|
|
|
|
|
|
|
if (af != NFPROTO_UNSPEC && !have_rev)
|
|
|
|
return target_revfn(NFPROTO_UNSPEC, name, revision, bestp);
|
|
|
|
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
return have_rev;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Returns true or false (if no such extension at all) */
|
2008-10-08 09:35:00 +00:00
|
|
|
int xt_find_revision(u8 af, const char *name, u8 revision, int target,
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
int *err)
|
|
|
|
{
|
|
|
|
int have_rev, best = -1;
|
|
|
|
|
2006-03-25 09:41:10 +00:00
|
|
|
if (mutex_lock_interruptible(&xt[af].mutex) != 0) {
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
*err = -EINTR;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
if (target == 1)
|
|
|
|
have_rev = target_revfn(af, name, revision, &best);
|
|
|
|
else
|
|
|
|
have_rev = match_revfn(af, name, revision, &best);
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_unlock(&xt[af].mutex);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
|
|
|
/* Nothing at all? Return 0 to try loading module. */
|
|
|
|
if (best == -1) {
|
|
|
|
*err = -ENOENT;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
*err = best;
|
|
|
|
if (!have_rev)
|
|
|
|
*err = -EPROTONOSUPPORT;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_find_revision);
|
|
|
|
|
2009-04-05 08:43:09 +00:00
|
|
|
static char *textify_hooks(char *buf, size_t size, unsigned int mask)
|
|
|
|
{
|
|
|
|
static const char *const names[] = {
|
|
|
|
"PREROUTING", "INPUT", "FORWARD",
|
|
|
|
"OUTPUT", "POSTROUTING", "BROUTING",
|
|
|
|
};
|
|
|
|
unsigned int i;
|
|
|
|
char *p = buf;
|
|
|
|
bool np = false;
|
|
|
|
int res;
|
|
|
|
|
|
|
|
*p = '\0';
|
|
|
|
for (i = 0; i < ARRAY_SIZE(names); ++i) {
|
|
|
|
if (!(mask & (1 << i)))
|
|
|
|
continue;
|
|
|
|
res = snprintf(p, size, "%s%s", np ? "/" : "", names[i]);
|
|
|
|
if (res > 0) {
|
|
|
|
size -= res;
|
|
|
|
p += res;
|
|
|
|
}
|
|
|
|
np = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
2008-10-08 09:35:20 +00:00
|
|
|
int xt_check_match(struct xt_mtchk_param *par,
|
2008-10-08 09:35:18 +00:00
|
|
|
unsigned int size, u_int8_t proto, bool inv_proto)
|
2006-03-21 01:59:06 +00:00
|
|
|
{
|
2010-03-23 15:35:56 +00:00
|
|
|
int ret;
|
|
|
|
|
2008-10-08 09:35:18 +00:00
|
|
|
if (XT_ALIGN(par->match->matchsize) != size &&
|
|
|
|
par->match->matchsize != -1) {
|
2008-10-08 09:35:15 +00:00
|
|
|
/*
|
|
|
|
* ebt_among is exempt from centralized matchsize checking
|
|
|
|
* because it uses a dynamic-size data set.
|
|
|
|
*/
|
2009-06-25 16:32:12 +00:00
|
|
|
pr_err("%s_tables: %s.%u match: invalid size "
|
|
|
|
"%u (kernel) != (user) %u\n",
|
2008-10-08 09:35:20 +00:00
|
|
|
xt_prefix[par->family], par->match->name,
|
2009-06-25 16:32:12 +00:00
|
|
|
par->match->revision,
|
2008-10-08 09:35:18 +00:00
|
|
|
XT_ALIGN(par->match->matchsize), size);
|
2006-03-21 01:59:06 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
2008-10-08 09:35:18 +00:00
|
|
|
if (par->match->table != NULL &&
|
|
|
|
strcmp(par->match->table, par->table) != 0) {
|
2009-06-13 10:32:39 +00:00
|
|
|
pr_err("%s_tables: %s match: only valid in %s table, not %s\n",
|
2008-10-08 09:35:20 +00:00
|
|
|
xt_prefix[par->family], par->match->name,
|
2008-10-08 09:35:18 +00:00
|
|
|
par->match->table, par->table);
|
2006-03-21 01:59:06 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
2008-10-08 09:35:18 +00:00
|
|
|
if (par->match->hooks && (par->hook_mask & ~par->match->hooks) != 0) {
|
2009-04-05 08:43:09 +00:00
|
|
|
char used[64], allow[64];
|
|
|
|
|
2009-06-13 10:32:39 +00:00
|
|
|
pr_err("%s_tables: %s match: used from hooks %s, but only "
|
2009-04-05 08:43:09 +00:00
|
|
|
"valid from %s\n",
|
2008-10-08 09:35:20 +00:00
|
|
|
xt_prefix[par->family], par->match->name,
|
2009-04-05 08:43:09 +00:00
|
|
|
textify_hooks(used, sizeof(used), par->hook_mask),
|
|
|
|
textify_hooks(allow, sizeof(allow), par->match->hooks));
|
2006-03-21 01:59:06 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
2008-10-08 09:35:18 +00:00
|
|
|
if (par->match->proto && (par->match->proto != proto || inv_proto)) {
|
2009-06-13 10:32:39 +00:00
|
|
|
pr_err("%s_tables: %s match: only valid for protocol %u\n",
|
2008-10-08 09:35:20 +00:00
|
|
|
xt_prefix[par->family], par->match->name,
|
|
|
|
par->match->proto);
|
2006-03-21 01:59:06 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
2010-03-23 15:35:56 +00:00
|
|
|
if (par->match->checkentry != NULL) {
|
|
|
|
ret = par->match->checkentry(par);
|
|
|
|
if (ret < 0)
|
|
|
|
return ret;
|
|
|
|
else if (ret > 0)
|
|
|
|
/* Flag up potential errors. */
|
|
|
|
return -EIO;
|
|
|
|
}
|
2006-03-21 01:59:06 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_check_match);
|
|
|
|
|
2006-04-01 10:25:19 +00:00
|
|
|
#ifdef CONFIG_COMPAT
|
2010-12-18 17:35:15 +00:00
|
|
|
int xt_compat_add_offset(u_int8_t af, unsigned int offset, int delta)
|
2007-12-18 05:47:48 +00:00
|
|
|
{
|
2010-12-18 17:35:15 +00:00
|
|
|
struct xt_af *xp = &xt[af];
|
2007-12-18 05:47:48 +00:00
|
|
|
|
2010-12-18 17:35:15 +00:00
|
|
|
if (!xp->compat_tab) {
|
|
|
|
if (!xp->number)
|
|
|
|
return -EINVAL;
|
|
|
|
xp->compat_tab = vmalloc(sizeof(struct compat_delta) * xp->number);
|
|
|
|
if (!xp->compat_tab)
|
|
|
|
return -ENOMEM;
|
|
|
|
xp->cur = 0;
|
|
|
|
}
|
2007-12-18 05:47:48 +00:00
|
|
|
|
2010-12-18 17:35:15 +00:00
|
|
|
if (xp->cur >= xp->number)
|
|
|
|
return -EINVAL;
|
2007-12-18 05:47:48 +00:00
|
|
|
|
2010-12-18 17:35:15 +00:00
|
|
|
if (xp->cur)
|
|
|
|
delta += xp->compat_tab[xp->cur - 1].delta;
|
|
|
|
xp->compat_tab[xp->cur].offset = offset;
|
|
|
|
xp->compat_tab[xp->cur].delta = delta;
|
|
|
|
xp->cur++;
|
2007-12-18 05:47:48 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_compat_add_offset);
|
|
|
|
|
2008-10-08 09:35:00 +00:00
|
|
|
void xt_compat_flush_offsets(u_int8_t af)
|
2007-12-18 05:47:48 +00:00
|
|
|
{
|
2010-12-18 17:35:15 +00:00
|
|
|
if (xt[af].compat_tab) {
|
|
|
|
vfree(xt[af].compat_tab);
|
|
|
|
xt[af].compat_tab = NULL;
|
|
|
|
xt[af].number = 0;
|
2011-04-21 08:57:21 +00:00
|
|
|
xt[af].cur = 0;
|
2007-12-18 05:47:48 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_compat_flush_offsets);
|
|
|
|
|
2010-02-15 17:17:10 +00:00
|
|
|
int xt_compat_calc_jump(u_int8_t af, unsigned int offset)
|
2007-12-18 05:47:48 +00:00
|
|
|
{
|
2010-12-18 17:35:15 +00:00
|
|
|
struct compat_delta *tmp = xt[af].compat_tab;
|
|
|
|
int mid, left = 0, right = xt[af].cur - 1;
|
|
|
|
|
|
|
|
while (left <= right) {
|
|
|
|
mid = (left + right) >> 1;
|
|
|
|
if (offset > tmp[mid].offset)
|
|
|
|
left = mid + 1;
|
|
|
|
else if (offset < tmp[mid].offset)
|
|
|
|
right = mid - 1;
|
|
|
|
else
|
|
|
|
return mid ? tmp[mid - 1].delta : 0;
|
|
|
|
}
|
2011-04-21 08:57:21 +00:00
|
|
|
return left ? tmp[left - 1].delta : 0;
|
2007-12-18 05:47:48 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_compat_calc_jump);
|
|
|
|
|
2010-12-18 17:35:15 +00:00
|
|
|
void xt_compat_init_offsets(u_int8_t af, unsigned int number)
|
|
|
|
{
|
|
|
|
xt[af].number = number;
|
|
|
|
xt[af].cur = 0;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(xt_compat_init_offsets);
|
|
|
|
|
2008-04-14 09:15:35 +00:00
|
|
|
int xt_compat_match_offset(const struct xt_match *match)
|
2006-04-01 10:25:19 +00:00
|
|
|
{
|
2006-09-20 19:05:37 +00:00
|
|
|
u_int16_t csize = match->compatsize ? : match->matchsize;
|
|
|
|
return XT_ALIGN(match->matchsize) - COMPAT_XT_ALIGN(csize);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_compat_match_offset);
|
|
|
|
|
2007-12-18 05:46:40 +00:00
|
|
|
int xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr,
|
2008-01-31 12:10:18 +00:00
|
|
|
unsigned int *size)
|
2006-09-20 19:05:37 +00:00
|
|
|
{
|
2008-04-14 09:15:35 +00:00
|
|
|
const struct xt_match *match = m->u.kernel.match;
|
2006-09-20 19:05:37 +00:00
|
|
|
struct compat_xt_entry_match *cm = (struct compat_xt_entry_match *)m;
|
|
|
|
int pad, off = xt_compat_match_offset(match);
|
|
|
|
u_int16_t msize = cm->u.user.match_size;
|
|
|
|
|
|
|
|
m = *dstptr;
|
|
|
|
memcpy(m, cm, sizeof(*cm));
|
|
|
|
if (match->compat_from_user)
|
|
|
|
match->compat_from_user(m->data, cm->data);
|
|
|
|
else
|
|
|
|
memcpy(m->data, cm->data, msize - sizeof(*cm));
|
|
|
|
pad = XT_ALIGN(match->matchsize) - match->matchsize;
|
|
|
|
if (pad > 0)
|
|
|
|
memset(m->data + match->matchsize, 0, pad);
|
|
|
|
|
|
|
|
msize += off;
|
|
|
|
m->u.user.match_size = msize;
|
|
|
|
|
|
|
|
*size += off;
|
|
|
|
*dstptr += msize;
|
2007-12-18 05:46:40 +00:00
|
|
|
return 0;
|
2006-09-20 19:05:37 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_compat_match_from_user);
|
|
|
|
|
2009-06-26 06:23:19 +00:00
|
|
|
int xt_compat_match_to_user(const struct xt_entry_match *m,
|
|
|
|
void __user **dstptr, unsigned int *size)
|
2006-09-20 19:05:37 +00:00
|
|
|
{
|
2008-04-14 09:15:35 +00:00
|
|
|
const struct xt_match *match = m->u.kernel.match;
|
2006-09-20 19:05:37 +00:00
|
|
|
struct compat_xt_entry_match __user *cm = *dstptr;
|
|
|
|
int off = xt_compat_match_offset(match);
|
|
|
|
u_int16_t msize = m->u.user.match_size - off;
|
|
|
|
|
|
|
|
if (copy_to_user(cm, m, sizeof(*cm)) ||
|
2007-12-12 18:35:16 +00:00
|
|
|
put_user(msize, &cm->u.user.match_size) ||
|
|
|
|
copy_to_user(cm->u.user.name, m->u.kernel.match->name,
|
|
|
|
strlen(m->u.kernel.match->name) + 1))
|
2007-02-12 19:15:49 +00:00
|
|
|
return -EFAULT;
|
2006-09-20 19:05:37 +00:00
|
|
|
|
|
|
|
if (match->compat_to_user) {
|
|
|
|
if (match->compat_to_user((void __user *)cm->data, m->data))
|
|
|
|
return -EFAULT;
|
|
|
|
} else {
|
|
|
|
if (copy_to_user(cm->data, m->data, msize - sizeof(*cm)))
|
|
|
|
return -EFAULT;
|
2006-04-01 10:25:19 +00:00
|
|
|
}
|
2006-09-20 19:05:37 +00:00
|
|
|
|
|
|
|
*size -= off;
|
|
|
|
*dstptr += msize;
|
|
|
|
return 0;
|
2006-04-01 10:25:19 +00:00
|
|
|
}
|
2006-09-20 19:05:37 +00:00
|
|
|
EXPORT_SYMBOL_GPL(xt_compat_match_to_user);
|
|
|
|
#endif /* CONFIG_COMPAT */
|
2006-04-01 10:25:19 +00:00
|
|
|
|
2008-10-08 09:35:20 +00:00
|
|
|
int xt_check_target(struct xt_tgchk_param *par,
|
2008-10-08 09:35:19 +00:00
|
|
|
unsigned int size, u_int8_t proto, bool inv_proto)
|
2006-03-21 01:59:06 +00:00
|
|
|
{
|
2010-03-25 15:34:45 +00:00
|
|
|
int ret;
|
|
|
|
|
2008-10-08 09:35:19 +00:00
|
|
|
if (XT_ALIGN(par->target->targetsize) != size) {
|
2009-06-25 16:32:12 +00:00
|
|
|
pr_err("%s_tables: %s.%u target: invalid size "
|
|
|
|
"%u (kernel) != (user) %u\n",
|
2008-10-08 09:35:20 +00:00
|
|
|
xt_prefix[par->family], par->target->name,
|
2009-06-25 16:32:12 +00:00
|
|
|
par->target->revision,
|
2008-10-08 09:35:19 +00:00
|
|
|
XT_ALIGN(par->target->targetsize), size);
|
2006-03-21 01:59:06 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
2008-10-08 09:35:19 +00:00
|
|
|
if (par->target->table != NULL &&
|
|
|
|
strcmp(par->target->table, par->table) != 0) {
|
2009-06-13 10:32:39 +00:00
|
|
|
pr_err("%s_tables: %s target: only valid in %s table, not %s\n",
|
2008-10-08 09:35:20 +00:00
|
|
|
xt_prefix[par->family], par->target->name,
|
2008-10-08 09:35:19 +00:00
|
|
|
par->target->table, par->table);
|
2006-03-21 01:59:06 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
2008-10-08 09:35:19 +00:00
|
|
|
if (par->target->hooks && (par->hook_mask & ~par->target->hooks) != 0) {
|
2009-04-05 08:43:09 +00:00
|
|
|
char used[64], allow[64];
|
|
|
|
|
2009-06-13 10:32:39 +00:00
|
|
|
pr_err("%s_tables: %s target: used from hooks %s, but only "
|
2009-04-05 08:43:09 +00:00
|
|
|
"usable from %s\n",
|
2008-10-08 09:35:20 +00:00
|
|
|
xt_prefix[par->family], par->target->name,
|
2009-04-05 08:43:09 +00:00
|
|
|
textify_hooks(used, sizeof(used), par->hook_mask),
|
|
|
|
textify_hooks(allow, sizeof(allow), par->target->hooks));
|
2006-03-21 01:59:06 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
2008-10-08 09:35:19 +00:00
|
|
|
if (par->target->proto && (par->target->proto != proto || inv_proto)) {
|
2009-06-13 10:32:39 +00:00
|
|
|
pr_err("%s_tables: %s target: only valid for protocol %u\n",
|
2008-10-08 09:35:20 +00:00
|
|
|
xt_prefix[par->family], par->target->name,
|
2008-10-08 09:35:19 +00:00
|
|
|
par->target->proto);
|
2006-03-21 01:59:06 +00:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
2010-03-25 15:34:45 +00:00
|
|
|
if (par->target->checkentry != NULL) {
|
|
|
|
ret = par->target->checkentry(par);
|
|
|
|
if (ret < 0)
|
|
|
|
return ret;
|
|
|
|
else if (ret > 0)
|
|
|
|
/* Flag up potential errors. */
|
|
|
|
return -EIO;
|
|
|
|
}
|
2006-03-21 01:59:06 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_check_target);
|
|
|
|
|
2006-04-01 10:25:19 +00:00
|
|
|
#ifdef CONFIG_COMPAT
|
2008-04-14 09:15:35 +00:00
|
|
|
int xt_compat_target_offset(const struct xt_target *target)
|
2006-04-01 10:25:19 +00:00
|
|
|
{
|
2006-09-20 19:05:37 +00:00
|
|
|
u_int16_t csize = target->compatsize ? : target->targetsize;
|
|
|
|
return XT_ALIGN(target->targetsize) - COMPAT_XT_ALIGN(csize);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_compat_target_offset);
|
|
|
|
|
|
|
|
void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr,
|
2008-01-31 12:10:18 +00:00
|
|
|
unsigned int *size)
|
2006-09-20 19:05:37 +00:00
|
|
|
{
|
2008-04-14 09:15:35 +00:00
|
|
|
const struct xt_target *target = t->u.kernel.target;
|
2006-09-20 19:05:37 +00:00
|
|
|
struct compat_xt_entry_target *ct = (struct compat_xt_entry_target *)t;
|
|
|
|
int pad, off = xt_compat_target_offset(target);
|
|
|
|
u_int16_t tsize = ct->u.user.target_size;
|
|
|
|
|
|
|
|
t = *dstptr;
|
|
|
|
memcpy(t, ct, sizeof(*ct));
|
|
|
|
if (target->compat_from_user)
|
|
|
|
target->compat_from_user(t->data, ct->data);
|
|
|
|
else
|
|
|
|
memcpy(t->data, ct->data, tsize - sizeof(*ct));
|
|
|
|
pad = XT_ALIGN(target->targetsize) - target->targetsize;
|
|
|
|
if (pad > 0)
|
|
|
|
memset(t->data + target->targetsize, 0, pad);
|
|
|
|
|
|
|
|
tsize += off;
|
|
|
|
t->u.user.target_size = tsize;
|
|
|
|
|
|
|
|
*size += off;
|
|
|
|
*dstptr += tsize;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_compat_target_from_user);
|
|
|
|
|
2009-06-26 06:23:19 +00:00
|
|
|
int xt_compat_target_to_user(const struct xt_entry_target *t,
|
|
|
|
void __user **dstptr, unsigned int *size)
|
2006-09-20 19:05:37 +00:00
|
|
|
{
|
2008-04-14 09:15:35 +00:00
|
|
|
const struct xt_target *target = t->u.kernel.target;
|
2006-09-20 19:05:37 +00:00
|
|
|
struct compat_xt_entry_target __user *ct = *dstptr;
|
|
|
|
int off = xt_compat_target_offset(target);
|
|
|
|
u_int16_t tsize = t->u.user.target_size - off;
|
|
|
|
|
|
|
|
if (copy_to_user(ct, t, sizeof(*ct)) ||
|
2007-12-12 18:35:16 +00:00
|
|
|
put_user(tsize, &ct->u.user.target_size) ||
|
|
|
|
copy_to_user(ct->u.user.name, t->u.kernel.target->name,
|
|
|
|
strlen(t->u.kernel.target->name) + 1))
|
2007-02-12 19:15:49 +00:00
|
|
|
return -EFAULT;
|
2006-09-20 19:05:37 +00:00
|
|
|
|
|
|
|
if (target->compat_to_user) {
|
|
|
|
if (target->compat_to_user((void __user *)ct->data, t->data))
|
|
|
|
return -EFAULT;
|
|
|
|
} else {
|
|
|
|
if (copy_to_user(ct->data, t->data, tsize - sizeof(*ct)))
|
|
|
|
return -EFAULT;
|
2006-04-01 10:25:19 +00:00
|
|
|
}
|
2006-09-20 19:05:37 +00:00
|
|
|
|
|
|
|
*size -= off;
|
|
|
|
*dstptr += tsize;
|
|
|
|
return 0;
|
2006-04-01 10:25:19 +00:00
|
|
|
}
|
2006-09-20 19:05:37 +00:00
|
|
|
EXPORT_SYMBOL_GPL(xt_compat_target_to_user);
|
2006-04-01 10:25:19 +00:00
|
|
|
#endif
|
|
|
|
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
struct xt_table_info *xt_alloc_table_info(unsigned int size)
|
|
|
|
{
|
|
|
|
struct xt_table_info *newinfo;
|
|
|
|
int cpu;
|
|
|
|
|
|
|
|
/* Pedantry: prevent them from hitting BUG() in vmalloc.c --RR */
|
2009-09-22 00:03:05 +00:00
|
|
|
if ((SMP_ALIGN(size) >> PAGE_SHIFT) + 2 > totalram_pages)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
return NULL;
|
|
|
|
|
2007-12-05 07:24:56 +00:00
|
|
|
newinfo = kzalloc(XT_TABLE_INFO_SZ, GFP_KERNEL);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
if (!newinfo)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
newinfo->size = size;
|
|
|
|
|
2006-04-11 05:52:50 +00:00
|
|
|
for_each_possible_cpu(cpu) {
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
if (size <= PAGE_SIZE)
|
|
|
|
newinfo->entries[cpu] = kmalloc_node(size,
|
|
|
|
GFP_KERNEL,
|
|
|
|
cpu_to_node(cpu));
|
|
|
|
else
|
|
|
|
newinfo->entries[cpu] = vmalloc_node(size,
|
|
|
|
cpu_to_node(cpu));
|
|
|
|
|
|
|
|
if (newinfo->entries[cpu] == NULL) {
|
|
|
|
xt_free_table_info(newinfo);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return newinfo;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(xt_alloc_table_info);
|
|
|
|
|
|
|
|
void xt_free_table_info(struct xt_table_info *info)
|
|
|
|
{
|
|
|
|
int cpu;
|
|
|
|
|
2006-04-11 05:52:50 +00:00
|
|
|
for_each_possible_cpu(cpu) {
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
if (info->size <= PAGE_SIZE)
|
|
|
|
kfree(info->entries[cpu]);
|
|
|
|
else
|
|
|
|
vfree(info->entries[cpu]);
|
|
|
|
}
|
2010-04-19 14:05:10 +00:00
|
|
|
|
|
|
|
if (info->jumpstack != NULL) {
|
|
|
|
if (sizeof(void *) * info->stacksize > PAGE_SIZE) {
|
|
|
|
for_each_possible_cpu(cpu)
|
|
|
|
vfree(info->jumpstack[cpu]);
|
|
|
|
} else {
|
|
|
|
for_each_possible_cpu(cpu)
|
|
|
|
kfree(info->jumpstack[cpu]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sizeof(void **) * nr_cpu_ids > PAGE_SIZE)
|
|
|
|
vfree(info->jumpstack);
|
|
|
|
else
|
|
|
|
kfree(info->jumpstack);
|
2010-05-31 14:41:35 +00:00
|
|
|
|
|
|
|
free_percpu(info->stackptr);
|
2010-04-19 14:05:10 +00:00
|
|
|
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
kfree(info);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(xt_free_table_info);
|
|
|
|
|
|
|
|
/* Find table by name, grabs mutex & ref. Returns ERR_PTR() on error. */
|
2008-10-08 09:35:00 +00:00
|
|
|
struct xt_table *xt_find_table_lock(struct net *net, u_int8_t af,
|
|
|
|
const char *name)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
|
|
|
struct xt_table *t;
|
|
|
|
|
2006-03-25 09:41:10 +00:00
|
|
|
if (mutex_lock_interruptible(&xt[af].mutex) != 0)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
return ERR_PTR(-EINTR);
|
|
|
|
|
2008-01-31 12:02:13 +00:00
|
|
|
list_for_each_entry(t, &net->xt.tables[af], list)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
if (strcmp(t->name, name) == 0 && try_module_get(t->me))
|
|
|
|
return t;
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_unlock(&xt[af].mutex);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_find_table_lock);
|
|
|
|
|
|
|
|
void xt_table_unlock(struct xt_table *table)
|
|
|
|
{
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_unlock(&xt[table->af].mutex);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_table_unlock);
|
|
|
|
|
2006-04-01 10:25:19 +00:00
|
|
|
#ifdef CONFIG_COMPAT
|
2008-10-08 09:35:00 +00:00
|
|
|
void xt_compat_lock(u_int8_t af)
|
2006-04-01 10:25:19 +00:00
|
|
|
{
|
|
|
|
mutex_lock(&xt[af].compat_mutex);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_compat_lock);
|
|
|
|
|
2008-10-08 09:35:00 +00:00
|
|
|
void xt_compat_unlock(u_int8_t af)
|
2006-04-01 10:25:19 +00:00
|
|
|
{
|
|
|
|
mutex_unlock(&xt[af].compat_mutex);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_compat_unlock);
|
|
|
|
#endif
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2011-04-04 15:04:03 +00:00
|
|
|
DEFINE_PER_CPU(seqcount_t, xt_recseq);
|
|
|
|
EXPORT_PER_CPU_SYMBOL_GPL(xt_recseq);
|
2009-04-29 05:36:33 +00:00
|
|
|
|
2010-04-19 14:05:10 +00:00
|
|
|
static int xt_jumpstack_alloc(struct xt_table_info *i)
|
|
|
|
{
|
|
|
|
unsigned int size;
|
|
|
|
int cpu;
|
|
|
|
|
2010-05-31 14:41:35 +00:00
|
|
|
i->stackptr = alloc_percpu(unsigned int);
|
2010-04-19 14:05:10 +00:00
|
|
|
if (i->stackptr == NULL)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
size = sizeof(void **) * nr_cpu_ids;
|
|
|
|
if (size > PAGE_SIZE)
|
|
|
|
i->jumpstack = vmalloc(size);
|
|
|
|
else
|
|
|
|
i->jumpstack = kmalloc(size, GFP_KERNEL);
|
|
|
|
if (i->jumpstack == NULL)
|
|
|
|
return -ENOMEM;
|
|
|
|
memset(i->jumpstack, 0, size);
|
|
|
|
|
|
|
|
i->stacksize *= xt_jumpstack_multiplier;
|
|
|
|
size = sizeof(void *) * i->stacksize;
|
|
|
|
for_each_possible_cpu(cpu) {
|
|
|
|
if (size > PAGE_SIZE)
|
|
|
|
i->jumpstack[cpu] = vmalloc_node(size,
|
|
|
|
cpu_to_node(cpu));
|
|
|
|
else
|
|
|
|
i->jumpstack[cpu] = kmalloc_node(size,
|
|
|
|
GFP_KERNEL, cpu_to_node(cpu));
|
|
|
|
if (i->jumpstack[cpu] == NULL)
|
|
|
|
/*
|
|
|
|
* Freeing will be done later on by the callers. The
|
|
|
|
* chain is: xt_replace_table -> __do_replace ->
|
|
|
|
* do_replace -> xt_free_table_info.
|
|
|
|
*/
|
|
|
|
return -ENOMEM;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2009-04-29 05:36:33 +00:00
|
|
|
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
struct xt_table_info *
|
|
|
|
xt_replace_table(struct xt_table *table,
|
|
|
|
unsigned int num_counters,
|
|
|
|
struct xt_table_info *newinfo,
|
|
|
|
int *error)
|
|
|
|
{
|
2009-04-29 05:36:33 +00:00
|
|
|
struct xt_table_info *private;
|
2010-04-19 14:05:10 +00:00
|
|
|
int ret;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2010-04-21 12:45:51 +00:00
|
|
|
ret = xt_jumpstack_alloc(newinfo);
|
|
|
|
if (ret < 0) {
|
|
|
|
*error = ret;
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
/* Do the substitution. */
|
2009-04-29 05:36:33 +00:00
|
|
|
local_bh_disable();
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
private = table->private;
|
2009-04-29 05:36:33 +00:00
|
|
|
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
/* Check inside lock: is the old number correct? */
|
|
|
|
if (num_counters != private->number) {
|
2010-03-18 01:22:32 +00:00
|
|
|
pr_debug("num_counters != table->private->number (%u/%u)\n",
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
num_counters, private->number);
|
2009-04-29 05:36:33 +00:00
|
|
|
local_bh_enable();
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
*error = -EAGAIN;
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2009-04-29 05:36:33 +00:00
|
|
|
table->private = newinfo;
|
|
|
|
newinfo->initial_entries = private->initial_entries;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Even though table entries have now been swapped, other CPU's
|
|
|
|
* may still be using the old entries. This is okay, because
|
|
|
|
* resynchronization happens because of the locking done
|
|
|
|
* during the get_counters() routine.
|
|
|
|
*/
|
|
|
|
local_bh_enable();
|
|
|
|
|
2011-01-16 17:12:59 +00:00
|
|
|
#ifdef CONFIG_AUDIT
|
|
|
|
if (audit_enabled) {
|
|
|
|
struct audit_buffer *ab;
|
|
|
|
|
|
|
|
ab = audit_log_start(current->audit_context, GFP_KERNEL,
|
|
|
|
AUDIT_NETFILTER_CFG);
|
|
|
|
if (ab) {
|
|
|
|
audit_log_format(ab, "table=%s family=%u entries=%u",
|
|
|
|
table->name, table->af,
|
|
|
|
private->number);
|
|
|
|
audit_log_end(ab);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2009-04-29 05:36:33 +00:00
|
|
|
return private;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_replace_table);
|
|
|
|
|
2009-08-24 12:56:30 +00:00
|
|
|
struct xt_table *xt_register_table(struct net *net,
|
|
|
|
const struct xt_table *input_table,
|
2008-01-31 12:01:49 +00:00
|
|
|
struct xt_table_info *bootstrap,
|
|
|
|
struct xt_table_info *newinfo)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
struct xt_table_info *private;
|
2009-08-24 12:56:30 +00:00
|
|
|
struct xt_table *t, *table;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2008-01-31 12:02:44 +00:00
|
|
|
/* Don't add one object to multiple lists. */
|
2009-08-24 12:56:30 +00:00
|
|
|
table = kmemdup(input_table, sizeof(struct xt_table), GFP_KERNEL);
|
2008-01-31 12:02:44 +00:00
|
|
|
if (!table) {
|
|
|
|
ret = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2006-03-25 09:41:10 +00:00
|
|
|
ret = mutex_lock_interruptible(&xt[table->af].mutex);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
if (ret != 0)
|
2008-01-31 12:02:44 +00:00
|
|
|
goto out_free;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
|
|
|
/* Don't autoload: we'd eat our tail... */
|
2008-01-31 12:02:13 +00:00
|
|
|
list_for_each_entry(t, &net->xt.tables[table->af], list) {
|
2006-09-20 18:57:53 +00:00
|
|
|
if (strcmp(t->name, table->name) == 0) {
|
|
|
|
ret = -EEXIST;
|
|
|
|
goto unlock;
|
|
|
|
}
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Simplifies replace_table code. */
|
|
|
|
table->private = bootstrap;
|
2009-02-20 09:35:32 +00:00
|
|
|
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
if (!xt_replace_table(table, 0, newinfo, &ret))
|
|
|
|
goto unlock;
|
|
|
|
|
|
|
|
private = table->private;
|
2010-03-18 01:22:32 +00:00
|
|
|
pr_debug("table->private->number = %u\n", private->number);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
|
|
|
/* save number of initial entries */
|
|
|
|
private->initial_entries = private->number;
|
|
|
|
|
2008-01-31 12:02:13 +00:00
|
|
|
list_add(&table->list, &net->xt.tables[table->af]);
|
2008-01-31 12:01:49 +00:00
|
|
|
mutex_unlock(&xt[table->af].mutex);
|
|
|
|
return table;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
|
|
|
unlock:
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_unlock(&xt[table->af].mutex);
|
2008-01-31 12:02:44 +00:00
|
|
|
out_free:
|
|
|
|
kfree(table);
|
2008-01-31 12:01:49 +00:00
|
|
|
out:
|
|
|
|
return ERR_PTR(ret);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_register_table);
|
|
|
|
|
|
|
|
void *xt_unregister_table(struct xt_table *table)
|
|
|
|
{
|
|
|
|
struct xt_table_info *private;
|
|
|
|
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_lock(&xt[table->af].mutex);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
private = table->private;
|
2006-09-20 18:57:53 +00:00
|
|
|
list_del(&table->list);
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_unlock(&xt[table->af].mutex);
|
2008-01-31 12:02:44 +00:00
|
|
|
kfree(table);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
|
|
|
return private;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_unregister_table);
|
|
|
|
|
|
|
|
#ifdef CONFIG_PROC_FS
|
2008-01-31 12:49:16 +00:00
|
|
|
struct xt_names_priv {
|
|
|
|
struct seq_net_private p;
|
2008-10-08 09:35:00 +00:00
|
|
|
u_int8_t af;
|
2008-01-31 12:49:16 +00:00
|
|
|
};
|
2008-01-31 12:48:54 +00:00
|
|
|
static void *xt_table_seq_start(struct seq_file *seq, loff_t *pos)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
2008-01-31 12:49:16 +00:00
|
|
|
struct xt_names_priv *priv = seq->private;
|
2008-03-25 17:36:06 +00:00
|
|
|
struct net *net = seq_file_net(seq);
|
2008-10-08 09:35:00 +00:00
|
|
|
u_int8_t af = priv->af;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2008-01-31 12:48:54 +00:00
|
|
|
mutex_lock(&xt[af].mutex);
|
2008-01-31 12:49:16 +00:00
|
|
|
return seq_list_start(&net->xt.tables[af], *pos);
|
2008-01-31 12:48:54 +00:00
|
|
|
}
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2008-01-31 12:48:54 +00:00
|
|
|
static void *xt_table_seq_next(struct seq_file *seq, void *v, loff_t *pos)
|
|
|
|
{
|
2008-01-31 12:49:16 +00:00
|
|
|
struct xt_names_priv *priv = seq->private;
|
2008-03-25 17:36:06 +00:00
|
|
|
struct net *net = seq_file_net(seq);
|
2008-10-08 09:35:00 +00:00
|
|
|
u_int8_t af = priv->af;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2008-01-31 12:49:16 +00:00
|
|
|
return seq_list_next(v, &net->xt.tables[af], pos);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
}
|
|
|
|
|
2008-01-31 12:48:54 +00:00
|
|
|
static void xt_table_seq_stop(struct seq_file *seq, void *v)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
2008-01-31 12:49:16 +00:00
|
|
|
struct xt_names_priv *priv = seq->private;
|
2008-10-08 09:35:00 +00:00
|
|
|
u_int8_t af = priv->af;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2008-01-31 12:48:54 +00:00
|
|
|
mutex_unlock(&xt[af].mutex);
|
|
|
|
}
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2008-01-31 12:48:54 +00:00
|
|
|
static int xt_table_seq_show(struct seq_file *seq, void *v)
|
|
|
|
{
|
|
|
|
struct xt_table *table = list_entry(v, struct xt_table, list);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2008-01-31 12:48:54 +00:00
|
|
|
if (strlen(table->name))
|
|
|
|
return seq_printf(seq, "%s\n", table->name);
|
|
|
|
else
|
|
|
|
return 0;
|
|
|
|
}
|
2007-02-12 19:15:49 +00:00
|
|
|
|
2008-01-31 12:48:54 +00:00
|
|
|
static const struct seq_operations xt_table_seq_ops = {
|
|
|
|
.start = xt_table_seq_start,
|
|
|
|
.next = xt_table_seq_next,
|
|
|
|
.stop = xt_table_seq_stop,
|
|
|
|
.show = xt_table_seq_show,
|
|
|
|
};
|
|
|
|
|
|
|
|
static int xt_table_open(struct inode *inode, struct file *file)
|
|
|
|
{
|
|
|
|
int ret;
|
2008-01-31 12:49:16 +00:00
|
|
|
struct xt_names_priv *priv;
|
2008-01-31 12:48:54 +00:00
|
|
|
|
2008-01-31 12:49:16 +00:00
|
|
|
ret = seq_open_net(inode, file, &xt_table_seq_ops,
|
|
|
|
sizeof(struct xt_names_priv));
|
2008-01-31 12:48:54 +00:00
|
|
|
if (!ret) {
|
2008-01-31 12:49:16 +00:00
|
|
|
priv = ((struct seq_file *)file->private_data)->private;
|
|
|
|
priv->af = (unsigned long)PDE(inode)->data;
|
2008-01-31 12:48:54 +00:00
|
|
|
}
|
|
|
|
return ret;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
}
|
|
|
|
|
2008-01-31 12:48:54 +00:00
|
|
|
static const struct file_operations xt_table_ops = {
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.open = xt_table_open,
|
|
|
|
.read = seq_read,
|
|
|
|
.llseek = seq_lseek,
|
2008-04-29 10:15:35 +00:00
|
|
|
.release = seq_release_net,
|
2008-01-31 12:48:54 +00:00
|
|
|
};
|
|
|
|
|
2009-02-18 15:42:19 +00:00
|
|
|
/*
|
|
|
|
* Traverse state for ip{,6}_{tables,matches} for helping crossing
|
|
|
|
* the multi-AF mutexes.
|
|
|
|
*/
|
|
|
|
struct nf_mttg_trav {
|
|
|
|
struct list_head *head, *curr;
|
|
|
|
uint8_t class, nfproto;
|
|
|
|
};
|
|
|
|
|
|
|
|
enum {
|
|
|
|
MTTG_TRAV_INIT,
|
|
|
|
MTTG_TRAV_NFP_UNSPEC,
|
|
|
|
MTTG_TRAV_NFP_SPEC,
|
|
|
|
MTTG_TRAV_DONE,
|
|
|
|
};
|
|
|
|
|
|
|
|
static void *xt_mttg_seq_next(struct seq_file *seq, void *v, loff_t *ppos,
|
|
|
|
bool is_target)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
2009-02-18 15:42:19 +00:00
|
|
|
static const uint8_t next_class[] = {
|
|
|
|
[MTTG_TRAV_NFP_UNSPEC] = MTTG_TRAV_NFP_SPEC,
|
|
|
|
[MTTG_TRAV_NFP_SPEC] = MTTG_TRAV_DONE,
|
|
|
|
};
|
|
|
|
struct nf_mttg_trav *trav = seq->private;
|
|
|
|
|
|
|
|
switch (trav->class) {
|
|
|
|
case MTTG_TRAV_INIT:
|
|
|
|
trav->class = MTTG_TRAV_NFP_UNSPEC;
|
|
|
|
mutex_lock(&xt[NFPROTO_UNSPEC].mutex);
|
|
|
|
trav->head = trav->curr = is_target ?
|
|
|
|
&xt[NFPROTO_UNSPEC].target : &xt[NFPROTO_UNSPEC].match;
|
|
|
|
break;
|
|
|
|
case MTTG_TRAV_NFP_UNSPEC:
|
|
|
|
trav->curr = trav->curr->next;
|
|
|
|
if (trav->curr != trav->head)
|
|
|
|
break;
|
|
|
|
mutex_unlock(&xt[NFPROTO_UNSPEC].mutex);
|
|
|
|
mutex_lock(&xt[trav->nfproto].mutex);
|
|
|
|
trav->head = trav->curr = is_target ?
|
|
|
|
&xt[trav->nfproto].target : &xt[trav->nfproto].match;
|
|
|
|
trav->class = next_class[trav->class];
|
|
|
|
break;
|
|
|
|
case MTTG_TRAV_NFP_SPEC:
|
|
|
|
trav->curr = trav->curr->next;
|
|
|
|
if (trav->curr != trav->head)
|
|
|
|
break;
|
|
|
|
/* fallthru, _stop will unlock */
|
|
|
|
default:
|
|
|
|
return NULL;
|
|
|
|
}
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2009-02-18 15:42:19 +00:00
|
|
|
if (ppos != NULL)
|
|
|
|
++*ppos;
|
|
|
|
return trav;
|
2008-01-31 12:48:54 +00:00
|
|
|
}
|
2007-02-12 19:15:49 +00:00
|
|
|
|
2009-02-18 15:42:19 +00:00
|
|
|
static void *xt_mttg_seq_start(struct seq_file *seq, loff_t *pos,
|
|
|
|
bool is_target)
|
2008-01-31 12:48:54 +00:00
|
|
|
{
|
2009-02-18 15:42:19 +00:00
|
|
|
struct nf_mttg_trav *trav = seq->private;
|
|
|
|
unsigned int j;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2009-02-18 15:42:19 +00:00
|
|
|
trav->class = MTTG_TRAV_INIT;
|
|
|
|
for (j = 0; j < *pos; ++j)
|
|
|
|
if (xt_mttg_seq_next(seq, NULL, NULL, is_target) == NULL)
|
|
|
|
return NULL;
|
|
|
|
return trav;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
}
|
|
|
|
|
2009-02-18 15:42:19 +00:00
|
|
|
static void xt_mttg_seq_stop(struct seq_file *seq, void *v)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
2009-02-18 15:42:19 +00:00
|
|
|
struct nf_mttg_trav *trav = seq->private;
|
|
|
|
|
|
|
|
switch (trav->class) {
|
|
|
|
case MTTG_TRAV_NFP_UNSPEC:
|
|
|
|
mutex_unlock(&xt[NFPROTO_UNSPEC].mutex);
|
|
|
|
break;
|
|
|
|
case MTTG_TRAV_NFP_SPEC:
|
|
|
|
mutex_unlock(&xt[trav->nfproto].mutex);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2009-02-18 15:42:19 +00:00
|
|
|
static void *xt_match_seq_start(struct seq_file *seq, loff_t *pos)
|
|
|
|
{
|
|
|
|
return xt_mttg_seq_start(seq, pos, false);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
}
|
|
|
|
|
2009-02-18 15:42:19 +00:00
|
|
|
static void *xt_match_seq_next(struct seq_file *seq, void *v, loff_t *ppos)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
2009-02-18 15:42:19 +00:00
|
|
|
return xt_mttg_seq_next(seq, v, ppos, false);
|
|
|
|
}
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2009-02-18 15:42:19 +00:00
|
|
|
static int xt_match_seq_show(struct seq_file *seq, void *v)
|
|
|
|
{
|
|
|
|
const struct nf_mttg_trav *trav = seq->private;
|
|
|
|
const struct xt_match *match;
|
|
|
|
|
|
|
|
switch (trav->class) {
|
|
|
|
case MTTG_TRAV_NFP_UNSPEC:
|
|
|
|
case MTTG_TRAV_NFP_SPEC:
|
|
|
|
if (trav->curr == trav->head)
|
|
|
|
return 0;
|
|
|
|
match = list_entry(trav->curr, struct xt_match, list);
|
|
|
|
return (*match->name == '\0') ? 0 :
|
|
|
|
seq_printf(seq, "%s\n", match->name);
|
|
|
|
}
|
|
|
|
return 0;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
}
|
|
|
|
|
2008-01-31 12:48:54 +00:00
|
|
|
static const struct seq_operations xt_match_seq_ops = {
|
|
|
|
.start = xt_match_seq_start,
|
|
|
|
.next = xt_match_seq_next,
|
2009-02-18 15:42:19 +00:00
|
|
|
.stop = xt_mttg_seq_stop,
|
2008-01-31 12:48:54 +00:00
|
|
|
.show = xt_match_seq_show,
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
};
|
|
|
|
|
2008-01-31 12:48:54 +00:00
|
|
|
static int xt_match_open(struct inode *inode, struct file *file)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
2009-02-18 15:42:19 +00:00
|
|
|
struct seq_file *seq;
|
|
|
|
struct nf_mttg_trav *trav;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
int ret;
|
|
|
|
|
2009-02-18 15:42:19 +00:00
|
|
|
trav = kmalloc(sizeof(*trav), GFP_KERNEL);
|
|
|
|
if (trav == NULL)
|
|
|
|
return -ENOMEM;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2009-02-18 15:42:19 +00:00
|
|
|
ret = seq_open(file, &xt_match_seq_ops);
|
|
|
|
if (ret < 0) {
|
|
|
|
kfree(trav);
|
|
|
|
return ret;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
}
|
2009-02-18 15:42:19 +00:00
|
|
|
|
|
|
|
seq = file->private_data;
|
|
|
|
seq->private = trav;
|
|
|
|
trav->nfproto = (unsigned long)PDE(inode)->data;
|
|
|
|
return 0;
|
2008-01-31 12:48:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static const struct file_operations xt_match_ops = {
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
.open = xt_match_open,
|
|
|
|
.read = seq_read,
|
|
|
|
.llseek = seq_lseek,
|
2009-02-18 15:42:19 +00:00
|
|
|
.release = seq_release_private,
|
2008-01-31 12:48:54 +00:00
|
|
|
};
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2008-01-31 12:48:54 +00:00
|
|
|
static void *xt_target_seq_start(struct seq_file *seq, loff_t *pos)
|
|
|
|
{
|
2009-02-18 15:42:19 +00:00
|
|
|
return xt_mttg_seq_start(seq, pos, true);
|
2008-01-31 12:48:54 +00:00
|
|
|
}
|
|
|
|
|
2009-02-18 15:42:19 +00:00
|
|
|
static void *xt_target_seq_next(struct seq_file *seq, void *v, loff_t *ppos)
|
2008-01-31 12:48:54 +00:00
|
|
|
{
|
2009-02-18 15:42:19 +00:00
|
|
|
return xt_mttg_seq_next(seq, v, ppos, true);
|
2008-01-31 12:48:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int xt_target_seq_show(struct seq_file *seq, void *v)
|
|
|
|
{
|
2009-02-18 15:42:19 +00:00
|
|
|
const struct nf_mttg_trav *trav = seq->private;
|
|
|
|
const struct xt_target *target;
|
|
|
|
|
|
|
|
switch (trav->class) {
|
|
|
|
case MTTG_TRAV_NFP_UNSPEC:
|
|
|
|
case MTTG_TRAV_NFP_SPEC:
|
|
|
|
if (trav->curr == trav->head)
|
|
|
|
return 0;
|
|
|
|
target = list_entry(trav->curr, struct xt_target, list);
|
|
|
|
return (*target->name == '\0') ? 0 :
|
|
|
|
seq_printf(seq, "%s\n", target->name);
|
|
|
|
}
|
|
|
|
return 0;
|
2008-01-31 12:48:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static const struct seq_operations xt_target_seq_ops = {
|
|
|
|
.start = xt_target_seq_start,
|
|
|
|
.next = xt_target_seq_next,
|
2009-02-18 15:42:19 +00:00
|
|
|
.stop = xt_mttg_seq_stop,
|
2008-01-31 12:48:54 +00:00
|
|
|
.show = xt_target_seq_show,
|
|
|
|
};
|
|
|
|
|
|
|
|
static int xt_target_open(struct inode *inode, struct file *file)
|
|
|
|
{
|
2009-02-18 15:42:19 +00:00
|
|
|
struct seq_file *seq;
|
|
|
|
struct nf_mttg_trav *trav;
|
2008-01-31 12:48:54 +00:00
|
|
|
int ret;
|
|
|
|
|
2009-02-18 15:42:19 +00:00
|
|
|
trav = kmalloc(sizeof(*trav), GFP_KERNEL);
|
|
|
|
if (trav == NULL)
|
|
|
|
return -ENOMEM;
|
2008-01-31 12:48:54 +00:00
|
|
|
|
2009-02-18 15:42:19 +00:00
|
|
|
ret = seq_open(file, &xt_target_seq_ops);
|
|
|
|
if (ret < 0) {
|
|
|
|
kfree(trav);
|
|
|
|
return ret;
|
2008-01-31 12:48:54 +00:00
|
|
|
}
|
2009-02-18 15:42:19 +00:00
|
|
|
|
|
|
|
seq = file->private_data;
|
|
|
|
seq->private = trav;
|
|
|
|
trav->nfproto = (unsigned long)PDE(inode)->data;
|
|
|
|
return 0;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
}
|
|
|
|
|
2008-01-31 12:48:54 +00:00
|
|
|
static const struct file_operations xt_target_ops = {
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
.owner = THIS_MODULE,
|
2008-01-31 12:48:54 +00:00
|
|
|
.open = xt_target_open,
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
.read = seq_read,
|
|
|
|
.llseek = seq_lseek,
|
2009-02-18 15:42:19 +00:00
|
|
|
.release = seq_release_private,
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
#define FORMAT_TABLES "_tables_names"
|
|
|
|
#define FORMAT_MATCHES "_tables_matches"
|
|
|
|
#define FORMAT_TARGETS "_tables_targets"
|
|
|
|
|
|
|
|
#endif /* CONFIG_PROC_FS */
|
|
|
|
|
2009-06-17 11:57:48 +00:00
|
|
|
/**
|
|
|
|
* xt_hook_link - set up hooks for a new table
|
|
|
|
* @table: table with metadata needed to set up hooks
|
|
|
|
* @fn: Hook function
|
|
|
|
*
|
|
|
|
* This function will take care of creating and registering the necessary
|
|
|
|
* Netfilter hooks for XT tables.
|
|
|
|
*/
|
|
|
|
struct nf_hook_ops *xt_hook_link(const struct xt_table *table, nf_hookfn *fn)
|
|
|
|
{
|
|
|
|
unsigned int hook_mask = table->valid_hooks;
|
|
|
|
uint8_t i, num_hooks = hweight32(hook_mask);
|
|
|
|
uint8_t hooknum;
|
|
|
|
struct nf_hook_ops *ops;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
ops = kmalloc(sizeof(*ops) * num_hooks, GFP_KERNEL);
|
|
|
|
if (ops == NULL)
|
|
|
|
return ERR_PTR(-ENOMEM);
|
|
|
|
|
|
|
|
for (i = 0, hooknum = 0; i < num_hooks && hook_mask != 0;
|
|
|
|
hook_mask >>= 1, ++hooknum) {
|
|
|
|
if (!(hook_mask & 1))
|
|
|
|
continue;
|
|
|
|
ops[i].hook = fn;
|
|
|
|
ops[i].owner = table->me;
|
|
|
|
ops[i].pf = table->af;
|
|
|
|
ops[i].hooknum = hooknum;
|
|
|
|
ops[i].priority = table->priority;
|
|
|
|
++i;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = nf_register_hooks(ops, num_hooks);
|
|
|
|
if (ret < 0) {
|
|
|
|
kfree(ops);
|
|
|
|
return ERR_PTR(ret);
|
|
|
|
}
|
|
|
|
|
|
|
|
return ops;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_hook_link);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* xt_hook_unlink - remove hooks for a table
|
|
|
|
* @ops: nf_hook_ops array as returned by nf_hook_link
|
|
|
|
* @hook_mask: the very same mask that was passed to nf_hook_link
|
|
|
|
*/
|
|
|
|
void xt_hook_unlink(const struct xt_table *table, struct nf_hook_ops *ops)
|
|
|
|
{
|
|
|
|
nf_unregister_hooks(ops, hweight32(table->valid_hooks));
|
|
|
|
kfree(ops);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_hook_unlink);
|
|
|
|
|
2008-10-08 09:35:00 +00:00
|
|
|
int xt_proto_init(struct net *net, u_int8_t af)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
|
|
|
#ifdef CONFIG_PROC_FS
|
|
|
|
char buf[XT_FUNCTION_MAXNAMELEN];
|
|
|
|
struct proc_dir_entry *proc;
|
|
|
|
#endif
|
|
|
|
|
2008-10-08 09:35:00 +00:00
|
|
|
if (af >= ARRAY_SIZE(xt_prefix))
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef CONFIG_PROC_FS
|
2007-03-14 23:36:16 +00:00
|
|
|
strlcpy(buf, xt_prefix[af], sizeof(buf));
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
strlcat(buf, FORMAT_TABLES, sizeof(buf));
|
2008-05-02 11:11:52 +00:00
|
|
|
proc = proc_create_data(buf, 0440, net->proc_net, &xt_table_ops,
|
|
|
|
(void *)(unsigned long)af);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
if (!proc)
|
|
|
|
goto out;
|
|
|
|
|
2007-03-14 23:36:16 +00:00
|
|
|
strlcpy(buf, xt_prefix[af], sizeof(buf));
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
strlcat(buf, FORMAT_MATCHES, sizeof(buf));
|
2008-05-02 11:11:52 +00:00
|
|
|
proc = proc_create_data(buf, 0440, net->proc_net, &xt_match_ops,
|
|
|
|
(void *)(unsigned long)af);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
if (!proc)
|
|
|
|
goto out_remove_tables;
|
|
|
|
|
2007-03-14 23:36:16 +00:00
|
|
|
strlcpy(buf, xt_prefix[af], sizeof(buf));
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
strlcat(buf, FORMAT_TARGETS, sizeof(buf));
|
2008-05-02 11:11:52 +00:00
|
|
|
proc = proc_create_data(buf, 0440, net->proc_net, &xt_target_ops,
|
|
|
|
(void *)(unsigned long)af);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
if (!proc)
|
|
|
|
goto out_remove_matches;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
#ifdef CONFIG_PROC_FS
|
|
|
|
out_remove_matches:
|
2007-03-14 23:36:16 +00:00
|
|
|
strlcpy(buf, xt_prefix[af], sizeof(buf));
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
strlcat(buf, FORMAT_MATCHES, sizeof(buf));
|
2008-01-31 12:49:35 +00:00
|
|
|
proc_net_remove(net, buf);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
|
|
|
out_remove_tables:
|
2007-03-14 23:36:16 +00:00
|
|
|
strlcpy(buf, xt_prefix[af], sizeof(buf));
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
strlcat(buf, FORMAT_TABLES, sizeof(buf));
|
2008-01-31 12:49:35 +00:00
|
|
|
proc_net_remove(net, buf);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
out:
|
|
|
|
return -1;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_proto_init);
|
|
|
|
|
2008-10-08 09:35:00 +00:00
|
|
|
void xt_proto_fini(struct net *net, u_int8_t af)
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
{
|
|
|
|
#ifdef CONFIG_PROC_FS
|
|
|
|
char buf[XT_FUNCTION_MAXNAMELEN];
|
|
|
|
|
2007-03-14 23:36:16 +00:00
|
|
|
strlcpy(buf, xt_prefix[af], sizeof(buf));
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
strlcat(buf, FORMAT_TABLES, sizeof(buf));
|
2008-01-31 12:49:35 +00:00
|
|
|
proc_net_remove(net, buf);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2007-03-14 23:36:16 +00:00
|
|
|
strlcpy(buf, xt_prefix[af], sizeof(buf));
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
strlcat(buf, FORMAT_TARGETS, sizeof(buf));
|
2008-01-31 12:49:35 +00:00
|
|
|
proc_net_remove(net, buf);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2007-03-14 23:36:16 +00:00
|
|
|
strlcpy(buf, xt_prefix[af], sizeof(buf));
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
strlcat(buf, FORMAT_MATCHES, sizeof(buf));
|
2008-01-31 12:49:35 +00:00
|
|
|
proc_net_remove(net, buf);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
#endif /*CONFIG_PROC_FS*/
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL_GPL(xt_proto_fini);
|
|
|
|
|
2008-01-31 12:02:13 +00:00
|
|
|
static int __net_init xt_net_init(struct net *net)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
2008-10-08 09:35:00 +00:00
|
|
|
for (i = 0; i < NFPROTO_NUMPROTO; i++)
|
2008-01-31 12:02:13 +00:00
|
|
|
INIT_LIST_HEAD(&net->xt.tables[i]);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct pernet_operations xt_net_ops = {
|
|
|
|
.init = xt_net_init,
|
|
|
|
};
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
|
|
|
static int __init xt_init(void)
|
|
|
|
{
|
2009-04-29 05:36:33 +00:00
|
|
|
unsigned int i;
|
|
|
|
int rv;
|
|
|
|
|
|
|
|
for_each_possible_cpu(i) {
|
2011-04-04 15:04:03 +00:00
|
|
|
seqcount_init(&per_cpu(xt_recseq, i));
|
2009-04-29 05:36:33 +00:00
|
|
|
}
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
|
2008-10-08 09:35:00 +00:00
|
|
|
xt = kmalloc(sizeof(struct xt_af) * NFPROTO_NUMPROTO, GFP_KERNEL);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
if (!xt)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
2008-10-08 09:35:00 +00:00
|
|
|
for (i = 0; i < NFPROTO_NUMPROTO; i++) {
|
2006-03-25 09:41:10 +00:00
|
|
|
mutex_init(&xt[i].mutex);
|
2006-04-01 10:25:19 +00:00
|
|
|
#ifdef CONFIG_COMPAT
|
|
|
|
mutex_init(&xt[i].compat_mutex);
|
2010-12-18 17:35:15 +00:00
|
|
|
xt[i].compat_tab = NULL;
|
2006-04-01 10:25:19 +00:00
|
|
|
#endif
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
INIT_LIST_HEAD(&xt[i].target);
|
|
|
|
INIT_LIST_HEAD(&xt[i].match);
|
|
|
|
}
|
2008-01-31 12:02:13 +00:00
|
|
|
rv = register_pernet_subsys(&xt_net_ops);
|
|
|
|
if (rv < 0)
|
|
|
|
kfree(xt);
|
|
|
|
return rv;
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void __exit xt_fini(void)
|
|
|
|
{
|
2008-01-31 12:02:13 +00:00
|
|
|
unregister_pernet_subsys(&xt_net_ops);
|
[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.
o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headers
Based on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-12 21:30:04 +00:00
|
|
|
kfree(xt);
|
|
|
|
}
|
|
|
|
|
|
|
|
module_init(xt_init);
|
|
|
|
module_exit(xt_fini);
|
|
|
|
|