Commit 5d04bff0 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

[NETFILTER]: Convert x_tables matches/targets to centralized error checking 



Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 7f939713

net/netfilter/xt_CLASSIFY.c

+8 −33
Original line number Diff line number Diff line
@@ -39,47 +39,22 @@ target(struct sk_buff **pskb, 
	return XT_CONTINUE;

}



static int

checkentry(const char *tablename,

           const void *e,

           void *targinfo,

           unsigned int targinfosize,

           unsigned int hook_mask)

{

	if (targinfosize != XT_ALIGN(sizeof(struct xt_classify_target_info))){

		printk(KERN_ERR "CLASSIFY: invalid size (%u != %Zu).\n",

		       targinfosize,

		       XT_ALIGN(sizeof(struct xt_classify_target_info)));

		return 0;

	}

	

	if (hook_mask & ~((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |

	                  (1 << NF_IP_POST_ROUTING))) {

		printk(KERN_ERR "CLASSIFY: only valid in LOCAL_OUT, FORWARD "

		                "and POST_ROUTING.\n");

		return 0;

	}



	if (strcmp(tablename, "mangle") != 0) {

		printk(KERN_ERR "CLASSIFY: can only be called from "

		                "\"mangle\" table, not \"%s\".\n",

		                tablename);

		return 0;

	}



	return 1;

}



static struct xt_target classify_reg = { 

	.name 		= "CLASSIFY", 

	.target 	= target,

	.checkentry	= checkentry,

	.targetsize	= sizeof(struct xt_classify_target_info),

	.table		= "mangle",

	.hooks		= (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |

		          (1 << NF_IP_POST_ROUTING),

	.me 		= THIS_MODULE,

};

static struct xt_target classify6_reg = { 

	.name 		= "CLASSIFY", 

	.target 	= target,

	.checkentry	= checkentry,

	.targetsize	= sizeof(struct xt_classify_target_info),

	.table		= "mangle",

	.hooks		= (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |

		          (1 << NF_IP_POST_ROUTING),

	.me 		= THIS_MODULE,

};

net/netfilter/xt_CONNMARK.c

+11 −14
Original line number Diff line number Diff line
@@ -79,12 +79,6 @@ checkentry(const char *tablename, 
	   unsigned int hook_mask)

{

	struct xt_connmark_target_info *matchinfo = targinfo;

	if (targinfosize != XT_ALIGN(sizeof(struct xt_connmark_target_info))) {

		printk(KERN_WARNING "CONNMARK: targinfosize %u != %Zu\n",

		       targinfosize,

		       XT_ALIGN(sizeof(struct xt_connmark_target_info)));

		return 0;

	}



	if (matchinfo->mode == XT_CONNMARK_RESTORE) {

	    if (strcmp(tablename, "mangle") != 0) {
@@ -103,14 +97,17 @@ checkentry(const char *tablename, 


static struct xt_target connmark_reg = {

	.name		= "CONNMARK",

	.target = &target,

	.checkentry = &checkentry,

	.target		= target,

	.targetsize	= sizeof(struct xt_connmark_target_info),

	.checkentry	= checkentry,

	.me		= THIS_MODULE

};



static struct xt_target connmark6_reg = {

	.name		= "CONNMARK",

	.target = &target,

	.checkentry = &checkentry,

	.target		= target,

	.targetsize	= sizeof(struct xt_connmark_target_info),

	.checkentry	= checkentry,

	.me		= THIS_MODULE

};

net/netfilter/xt_MARK.c

+6 −27
Original line number Diff line number Diff line
@@ -78,23 +78,10 @@ checkentry_v0(const char *tablename, 
{

	struct xt_mark_target_info *markinfo = targinfo;



	if (targinfosize != XT_ALIGN(sizeof(struct xt_mark_target_info))) {

		printk(KERN_WARNING "MARK: targinfosize %u != %Zu\n",

		       targinfosize,

		       XT_ALIGN(sizeof(struct xt_mark_target_info)));

		return 0;

	}



	if (strcmp(tablename, "mangle") != 0) {

		printk(KERN_WARNING "MARK: can only be called from \"mangle\" table, not \"%s\"\n", tablename);

		return 0;

	}



	if (markinfo->mark > 0xffffffff) {

		printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n");

		return 0;

	}



	return 1;

}
@@ -107,18 +94,6 @@ checkentry_v1(const char *tablename, 
{

	struct xt_mark_target_info_v1 *markinfo = targinfo;



	if (targinfosize != XT_ALIGN(sizeof(struct xt_mark_target_info_v1))){

		printk(KERN_WARNING "MARK: targinfosize %u != %Zu\n",

		       targinfosize,

		       XT_ALIGN(sizeof(struct xt_mark_target_info_v1)));

		return 0;

	}



	if (strcmp(tablename, "mangle") != 0) {

		printk(KERN_WARNING "MARK: can only be called from \"mangle\" table, not \"%s\"\n", tablename);

		return 0;

	}



	if (markinfo->mode != XT_MARK_SET

	    && markinfo->mode != XT_MARK_AND

	    && markinfo->mode != XT_MARK_OR) {
@@ -126,18 +101,18 @@ checkentry_v1(const char *tablename, 
		       markinfo->mode);

		return 0;

	}



	if (markinfo->mark > 0xffffffff) {

		printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n");

		return 0;

	}



	return 1;

}



static struct xt_target ipt_mark_reg_v0 = {

	.name		= "MARK",

	.target		= target_v0,

	.targetsize	= sizeof(struct xt_mark_target_info),

	.table		= "mangle",

	.checkentry	= checkentry_v0,

	.me		= THIS_MODULE,

	.revision	= 0,
@@ -146,6 +121,8 @@ static struct xt_target ipt_mark_reg_v0 = { 
static struct xt_target ipt_mark_reg_v1 = {

	.name		= "MARK",

	.target		= target_v1,

	.targetsize	= sizeof(struct xt_mark_target_info_v1),

	.table		= "mangle",

	.checkentry	= checkentry_v1,

	.me		= THIS_MODULE,

	.revision	= 1,
@@ -154,6 +131,8 @@ static struct xt_target ipt_mark_reg_v1 = { 
static struct xt_target ip6t_mark_reg_v0 = {

	.name		= "MARK",

	.target		= target_v0,

	.targetsize	= sizeof(struct xt_mark_target_info),

	.table		= "mangle",

	.checkentry	= checkentry_v0,

	.me		= THIS_MODULE,

	.revision	= 0,

net/netfilter/xt_NFQUEUE.c

+3 −20
Original line number Diff line number Diff line
@@ -36,41 +36,24 @@ target(struct sk_buff **pskb, 
	return NF_QUEUE_NR(tinfo->queuenum);

}



static int

checkentry(const char *tablename,

	   const void *entry,

           void *targinfo,

           unsigned int targinfosize,

           unsigned int hook_mask)

{

	if (targinfosize != XT_ALIGN(sizeof(struct xt_NFQ_info))) {

		printk(KERN_WARNING "NFQUEUE: targinfosize %u != %Zu\n",

		       targinfosize,

		       XT_ALIGN(sizeof(struct xt_NFQ_info)));

		return 0;

	}



	return 1;

}



static struct xt_target ipt_NFQ_reg = {

	.name		= "NFQUEUE",

	.target		= target,

	.checkentry	= checkentry,

	.targetsize	= sizeof(struct xt_NFQ_info),

	.me		= THIS_MODULE,

};



static struct xt_target ip6t_NFQ_reg = {

	.name		= "NFQUEUE",

	.target		= target,

	.checkentry	= checkentry,

	.targetsize	= sizeof(struct xt_NFQ_info),

	.me		= THIS_MODULE,

};



static struct xt_target arpt_NFQ_reg = {

	.name		= "NFQUEUE",

	.target		= target,

	.checkentry	= checkentry,

	.targetsize	= sizeof(struct xt_NFQ_info),

	.me		= THIS_MODULE,

};

net/netfilter/xt_NOTRACK.c

+13 −31
Original line number Diff line number Diff line
@@ -33,37 +33,19 @@ target(struct sk_buff **pskb, 
	return XT_CONTINUE;

}



static int

checkentry(const char *tablename,

	   const void *entry,

           void *targinfo,

           unsigned int targinfosize,

           unsigned int hook_mask)

{

	if (targinfosize != 0) {

		printk(KERN_WARNING "NOTRACK: targinfosize %u != 0\n",

		       targinfosize);

		return 0;

	}



	if (strcmp(tablename, "raw") != 0) {

		printk(KERN_WARNING "NOTRACK: can only be called from \"raw\" table, not \"%s\"\n", tablename);

		return 0;

	}



	return 1;

}



static struct xt_target notrack_reg = {

	.name		= "NOTRACK",

	.target		= target,

	.checkentry = checkentry,

	.targetsize	= 0,

	.table		= "raw",

	.me		= THIS_MODULE,

};



static struct xt_target notrack6_reg = {

	.name		= "NOTRACK",

	.target		= target,

	.checkentry = checkentry,

	.targetsize	= 0,

	.table		= "raw",

	.me		= THIS_MODULE,

};