Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6

[safe/jmp/linux-2.6] / net / netfilter / xt_connbytes.c

diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c
index 7d4940a..ff738a5 100644 (file)
--- a/net/netfilter/xt_connbytes.c
+++ b/net/netfilter/xt_connbytes.c
@@ -1,39 +1,40 @@
 /* Kernel module to match connection tracking byte counter.
  * GPL (C) 2002 Martin Devera (devik@cdi.cz).
  */
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 #include <linux/module.h>
 #include <linux/bitops.h>
 #include <linux/skbuff.h>
+#include <linux/math64.h>
 #include <linux/netfilter/x_tables.h>
 #include <linux/netfilter/xt_connbytes.h>
 #include <net/netfilter/nf_conntrack.h>
-
-#include <asm/div64.h>
+#include <net/netfilter/nf_conntrack_acct.h>
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
-MODULE_DESCRIPTION("iptables match for matching number of pkts/bytes per connection");
+MODULE_DESCRIPTION("Xtables: Number of packets/bytes per connection matching");
 MODULE_ALIAS("ipt_connbytes");
 MODULE_ALIAS("ip6t_connbytes");
 
 static bool
-connbytes_mt(const struct sk_buff *skb, const struct net_device *in,
-             const struct net_device *out, const struct xt_match *match,
-             const void *matchinfo, int offset, unsigned int protoff,
-             bool *hotdrop)
+connbytes_mt(const struct sk_buff *skb, const struct xt_match_param *par)
 {
-       const struct xt_connbytes_info *sinfo = matchinfo;
+       const struct xt_connbytes_info *sinfo = par->matchinfo;
        const struct nf_conn *ct;
        enum ip_conntrack_info ctinfo;
        u_int64_t what = 0;     /* initialize to make gcc happy */
        u_int64_t bytes = 0;
        u_int64_t pkts = 0;
-       const struct ip_conntrack_counter *counters;
+       const struct nf_conn_counter *counters;
 
        ct = nf_ct_get(skb, &ctinfo);
        if (!ct)
                return false;
-       counters = ct->counters;
+
+       counters = nf_conn_acct_find(ct);
+       if (!counters)
+               return false;
 
        switch (sinfo->what) {
        case XT_CONNBYTES_PKTS:
@@ -82,7 +83,7 @@ connbytes_mt(const struct sk_buff *skb, const struct net_device *in,
                        break;
                }
                if (pkts != 0)
-                       what = div64_64(bytes, pkts);
+                       what = div64_u64(bytes, pkts);
                break;
        }
 
@@ -92,68 +93,52 @@ connbytes_mt(const struct sk_buff *skb, const struct net_device *in,
                return what >= sinfo->count.from;
 }
 
-static bool
-connbytes_mt_check(const char *tablename, const void *ip,
-                   const struct xt_match *match, void *matchinfo,
-                   unsigned int hook_mask)
+static int connbytes_mt_check(const struct xt_mtchk_param *par)
 {
-       const struct xt_connbytes_info *sinfo = matchinfo;
+       const struct xt_connbytes_info *sinfo = par->matchinfo;
+       int ret;
 
        if (sinfo->what != XT_CONNBYTES_PKTS &&
            sinfo->what != XT_CONNBYTES_BYTES &&
            sinfo->what != XT_CONNBYTES_AVGPKT)
-               return false;
+               return -EINVAL;
 
        if (sinfo->direction != XT_CONNBYTES_DIR_ORIGINAL &&
            sinfo->direction != XT_CONNBYTES_DIR_REPLY &&
            sinfo->direction != XT_CONNBYTES_DIR_BOTH)
-               return false;
-
-       if (nf_ct_l3proto_try_module_get(match->family) < 0) {
-               printk(KERN_WARNING "can't load conntrack support for "
-                                   "proto=%u\n", match->family);
-               return false;
-       }
+               return -EINVAL;
 
-       return true;
+       ret = nf_ct_l3proto_try_module_get(par->family);
+       if (ret < 0)
+               pr_info("cannot load conntrack support for proto=%u\n",
+                       par->family);
+       return ret;
 }
 
-static void
-connbytes_mt_destroy(const struct xt_match *match, void *matchinfo)
+static void connbytes_mt_destroy(const struct xt_mtdtor_param *par)
 {
-       nf_ct_l3proto_module_put(match->family);
+       nf_ct_l3proto_module_put(par->family);
 }
 
-static struct xt_match connbytes_mt_reg[] __read_mostly = {
-       {
-               .name           = "connbytes",
-               .family         = AF_INET,
-               .checkentry     = connbytes_mt_check,
-               .match          = connbytes_mt,
-               .destroy        = connbytes_mt_destroy,
-               .matchsize      = sizeof(struct xt_connbytes_info),
-               .me             = THIS_MODULE
-       },
-       {
-               .name           = "connbytes",
-               .family         = AF_INET6,
-               .checkentry     = connbytes_mt_check,
-               .match          = connbytes_mt,
-               .destroy        = connbytes_mt_destroy,
-               .matchsize      = sizeof(struct xt_connbytes_info),
-               .me             = THIS_MODULE
-       },
+static struct xt_match connbytes_mt_reg __read_mostly = {
+       .name       = "connbytes",
+       .revision   = 0,
+       .family     = NFPROTO_UNSPEC,
+       .checkentry = connbytes_mt_check,
+       .match      = connbytes_mt,
+       .destroy    = connbytes_mt_destroy,
+       .matchsize  = sizeof(struct xt_connbytes_info),
+       .me         = THIS_MODULE,
 };
 
 static int __init connbytes_mt_init(void)
 {
-       return xt_register_matches(connbytes_mt_reg,
-              ARRAY_SIZE(connbytes_mt_reg));
+       return xt_register_match(&connbytes_mt_reg);
 }
 
 static void __exit connbytes_mt_exit(void)
 {
-       xt_unregister_matches(connbytes_mt_reg, ARRAY_SIZE(connbytes_mt_reg));
+       xt_unregister_match(&connbytes_mt_reg);
 }
 
 module_init(connbytes_mt_init);