[NETFILTER]: Convert ip_tables matches/targets to centralized error checking

[safe/jmp/linux-2.6] / net / ipv4 / netfilter / ipt_owner.c

diff --git a/net/ipv4/netfilter/ipt_owner.c b/net/ipv4/netfilter/ipt_owner.c
index 4843d0c..18adc1d 100644 (file)
--- a/net/ipv4/netfilter/ipt_owner.c
+++ b/net/ipv4/netfilter/ipt_owner.c
@@ -59,31 +59,20 @@ checkentry(const char *tablename,
 {
        const struct ipt_owner_info *info = matchinfo;
 
-        if (hook_mask
-            & ~((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING))) {
-                printk("ipt_owner: only valid for LOCAL_OUT or POST_ROUTING.\n");
-                return 0;
-        }
-
-       if (matchsize != IPT_ALIGN(sizeof(struct ipt_owner_info))) {
-               printk("Matchsize %u != %Zu\n", matchsize,
-                      IPT_ALIGN(sizeof(struct ipt_owner_info)));
-               return 0;
-       }
-
        if (info->match & (IPT_OWNER_PID|IPT_OWNER_SID|IPT_OWNER_COMM)) {
                printk("ipt_owner: pid, sid and command matching "
                       "not supported anymore\n");
                return 0;
        }
-
        return 1;
 }
 
 static struct ipt_match owner_match = {
        .name           = "owner",
-       .match          = &match,
-       .checkentry     = &checkentry,
+       .match          = match,
+       .matchsize      = sizeof(struct ipt_owner_info),
+       .hooks          = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING),
+       .checkentry     = checkentry,
        .me             = THIS_MODULE,
 };