netfilter: xtables: add struct xt_mtchk_param::net

[safe/jmp/linux-2.6] / net / ipv4 / netfilter / ipt_addrtype.c

diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c
index 8763902..3b216be 100644 (file)
--- a/net/ipv4/netfilter/ipt_addrtype.c
+++ b/net/ipv4/netfilter/ipt_addrtype.c
@@ -21,65 +21,58 @@
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
-MODULE_DESCRIPTION("iptables addrtype match");
+MODULE_DESCRIPTION("Xtables: address type match for IPv4");
 
-static inline bool match_type(const struct net_device *dev, __be32 addr,
-                             u_int16_t mask)
+static inline bool match_type(struct net *net, const struct net_device *dev,
+                             __be32 addr, u_int16_t mask)
 {
-       return !!(mask & (1 << inet_dev_addr_type(&init_net, dev, addr)));
+       return !!(mask & (1 << inet_dev_addr_type(net, dev, addr)));
 }
 
 static bool
-addrtype_mt_v0(const struct sk_buff *skb, const struct net_device *in,
-              const struct net_device *out, const struct xt_match *match,
-              const void *matchinfo, int offset, unsigned int protoff,
-              bool *hotdrop)
+addrtype_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par)
 {
-       const struct ipt_addrtype_info *info = matchinfo;
+       struct net *net = dev_net(par->in ? par->in : par->out);
+       const struct ipt_addrtype_info *info = par->matchinfo;
        const struct iphdr *iph = ip_hdr(skb);
        bool ret = true;
 
        if (info->source)
-               ret &= match_type(NULL, iph->saddr, info->source) ^
+               ret &= match_type(net, NULL, iph->saddr, info->source) ^
                       info->invert_source;
        if (info->dest)
-               ret &= match_type(NULL, iph->daddr, info->dest) ^
+               ret &= match_type(net, NULL, iph->daddr, info->dest) ^
                       info->invert_dest;
 
        return ret;
 }
 
 static bool
-addrtype_mt_v1(const struct sk_buff *skb, const struct net_device *in,
-              const struct net_device *out, const struct xt_match *match,
-              const void *matchinfo, int offset, unsigned int protoff,
-              bool *hotdrop)
+addrtype_mt_v1(const struct sk_buff *skb, const struct xt_match_param *par)
 {
-       const struct ipt_addrtype_info_v1 *info = matchinfo;
+       struct net *net = dev_net(par->in ? par->in : par->out);
+       const struct ipt_addrtype_info_v1 *info = par->matchinfo;
        const struct iphdr *iph = ip_hdr(skb);
        const struct net_device *dev = NULL;
        bool ret = true;
 
        if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN)
-               dev = in;
+               dev = par->in;
        else if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT)
-               dev = out;
+               dev = par->out;
 
        if (info->source)
-               ret &= match_type(dev, iph->saddr, info->source) ^
+               ret &= match_type(net, dev, iph->saddr, info->source) ^
                       (info->flags & IPT_ADDRTYPE_INVERT_SOURCE);
        if (ret && info->dest)
-               ret &= match_type(dev, iph->daddr, info->dest) ^
-                      (info->flags & IPT_ADDRTYPE_INVERT_DEST);
+               ret &= match_type(net, dev, iph->daddr, info->dest) ^
+                      !!(info->flags & IPT_ADDRTYPE_INVERT_DEST);
        return ret;
 }
 
-static bool
-addrtype_mt_checkentry_v1(const char *tablename, const void *ip_void,
-                         const struct xt_match *match, void *matchinfo,
-                         unsigned int hook_mask)
+static bool addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par)
 {
-       struct ipt_addrtype_info_v1 *info = matchinfo;
+       struct ipt_addrtype_info_v1 *info = par->matchinfo;
 
        if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN &&
            info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
@@ -88,14 +81,16 @@ addrtype_mt_checkentry_v1(const char *tablename, const void *ip_void,
                return false;
        }
 
-       if (hook_mask & (1 << NF_INET_PRE_ROUTING | 1 << NF_INET_LOCAL_IN) &&
+       if (par->hook_mask & ((1 << NF_INET_PRE_ROUTING) |
+           (1 << NF_INET_LOCAL_IN)) &&
            info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
                printk(KERN_ERR "ipt_addrtype: output interface limitation "
                                "not valid in PRE_ROUTING and INPUT\n");
                return false;
        }
 
-       if (hook_mask & (1 << NF_INET_POST_ROUTING | 1 << NF_INET_LOCAL_OUT) &&
+       if (par->hook_mask & ((1 << NF_INET_POST_ROUTING) |
+           (1 << NF_INET_LOCAL_OUT)) &&
            info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) {
                printk(KERN_ERR "ipt_addrtype: input interface limitation "
                                "not valid in POST_ROUTING and OUTPUT\n");
@@ -108,14 +103,14 @@ addrtype_mt_checkentry_v1(const char *tablename, const void *ip_void,
 static struct xt_match addrtype_mt_reg[] __read_mostly = {
        {
                .name           = "addrtype",
-               .family         = AF_INET,
+               .family         = NFPROTO_IPV4,
                .match          = addrtype_mt_v0,
                .matchsize      = sizeof(struct ipt_addrtype_info),
                .me             = THIS_MODULE
        },
        {
                .name           = "addrtype",
-               .family         = AF_INET,
+               .family         = NFPROTO_IPV4,
                .revision       = 1,
                .match          = addrtype_mt_v1,
                .checkentry     = addrtype_mt_checkentry_v1,