git://ftp.safe.ca
/
safe
/
jmp
/
linux-2.6
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
netfilter: xtables: add struct xt_mtchk_param::net
[safe/jmp/linux-2.6]
/
net
/
ipv4
/
netfilter
/
ipt_ecn.c
diff --git
a/net/ipv4/netfilter/ipt_ecn.c
b/net/ipv4/netfilter/ipt_ecn.c
index
ba3a17e
..
2a1e56b
100644
(file)
--- a/
net/ipv4/netfilter/ipt_ecn.c
+++ b/
net/ipv4/netfilter/ipt_ecn.c
@@
-19,7
+19,7
@@
#include <linux/netfilter_ipv4/ipt_ecn.h>
MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
#include <linux/netfilter_ipv4/ipt_ecn.h>
MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
-MODULE_DESCRIPTION("
iptables ECN matching module
");
+MODULE_DESCRIPTION("
Xtables: Explicit Congestion Notification (ECN) flag match for IPv4
");
MODULE_LICENSE("GPL");
static inline bool match_ip(const struct sk_buff *skb,
MODULE_LICENSE("GPL");
static inline bool match_ip(const struct sk_buff *skb,
@@
-32,7
+32,8
@@
static inline bool match_tcp(const struct sk_buff *skb,
const struct ipt_ecn_info *einfo,
bool *hotdrop)
{
const struct ipt_ecn_info *einfo,
bool *hotdrop)
{
- struct tcphdr _tcph, *th;
+ struct tcphdr _tcph;
+ const struct tcphdr *th;
/* In practice, TCP match does this, so can't fail. But let's
* be good citizens.
/* In practice, TCP match does this, so can't fail. But let's
* be good citizens.
@@
-66,12
+67,9
@@
static inline bool match_tcp(const struct sk_buff *skb,
return true;
}
return true;
}
-static bool match(const struct sk_buff *skb,
- const struct net_device *in, const struct net_device *out,
- const struct xt_match *match, const void *matchinfo,
- int offset, unsigned int protoff, bool *hotdrop)
+static bool ecn_mt(const struct sk_buff *skb, const struct xt_match_param *par)
{
{
- const struct ipt_ecn_info *info = matchinfo;
+ const struct ipt_ecn_info *info =
par->
matchinfo;
if (info->operation & IPT_ECN_OP_MATCH_IP)
if (!match_ip(skb, info))
if (info->operation & IPT_ECN_OP_MATCH_IP)
if (!match_ip(skb, info))
@@
-80,54
+78,52
@@
static bool match(const struct sk_buff *skb,
if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) {
if (ip_hdr(skb)->protocol != IPPROTO_TCP)
return false;
if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) {
if (ip_hdr(skb)->protocol != IPPROTO_TCP)
return false;
- if (!match_tcp(skb, info, hotdrop))
+ if (!match_tcp(skb, info,
par->
hotdrop))
return false;
}
return true;
}
return false;
}
return true;
}
-static int checkentry(const char *tablename, const void *ip_void,
- const struct xt_match *match,
- void *matchinfo, unsigned int hook_mask)
+static bool ecn_mt_check(const struct xt_mtchk_param *par)
{
{
- const struct ipt_ecn_info *info = matchinfo;
- const struct ipt_ip *ip =
ip_void
;
+ const struct ipt_ecn_info *info =
par->
matchinfo;
+ const struct ipt_ip *ip =
par->entryinfo
;
if (info->operation & IPT_ECN_OP_MATCH_MASK)
if (info->operation & IPT_ECN_OP_MATCH_MASK)
- return
0
;
+ return
false
;
if (info->invert & IPT_ECN_OP_MATCH_MASK)
if (info->invert & IPT_ECN_OP_MATCH_MASK)
- return
0
;
+ return
false
;
- if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)
-
&&
ip->proto != IPPROTO_TCP) {
+ if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)
&&
+ ip->proto != IPPROTO_TCP) {
printk(KERN_WARNING "ipt_ecn: can't match TCP bits in rule for"
" non-tcp packets\n");
printk(KERN_WARNING "ipt_ecn: can't match TCP bits in rule for"
" non-tcp packets\n");
- return
0
;
+ return
false
;
}
}
- return
1
;
+ return
true
;
}
}
-static struct xt_match ecn_m
atch
= {
+static struct xt_match ecn_m
t_reg __read_mostly
= {
.name = "ecn",
.name = "ecn",
- .family =
AF_INET
,
- .match =
match
,
+ .family =
NFPROTO_IPV4
,
+ .match =
ecn_mt
,
.matchsize = sizeof(struct ipt_ecn_info),
.matchsize = sizeof(struct ipt_ecn_info),
- .checkentry =
checkentry
,
+ .checkentry =
ecn_mt_check
,
.me = THIS_MODULE,
};
.me = THIS_MODULE,
};
-static int __init
ipt_ecn
_init(void)
+static int __init
ecn_mt
_init(void)
{
{
- return xt_register_match(&ecn_m
atch
);
+ return xt_register_match(&ecn_m
t_reg
);
}
}
-static void __exit
ipt_ecn_fini
(void)
+static void __exit
ecn_mt_exit
(void)
{
{
- xt_unregister_match(&ecn_m
atch
);
+ xt_unregister_match(&ecn_m
t_reg
);
}
}
-module_init(
ipt_ecn
_init);
-module_exit(
ipt_ecn_fini
);
+module_init(
ecn_mt
_init);
+module_exit(
ecn_mt_exit
);