netfilter: xtables: combine built-in extension structs
Prepare the arrays for use with the multiregister function. The future layer-3 xt matches can then be easily added to it without needing more (un)register code. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
This commit is contained in:
parent
b4ba26119b
commit
4538506be3
@ -1828,22 +1828,23 @@ void arpt_unregister_table(struct xt_table *table)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* The built-in targets: standard (NULL) and error. */
|
/* The built-in targets: standard (NULL) and error. */
|
||||||
static struct xt_target arpt_standard_target __read_mostly = {
|
static struct xt_target arpt_builtin_tg[] __read_mostly = {
|
||||||
.name = ARPT_STANDARD_TARGET,
|
{
|
||||||
.targetsize = sizeof(int),
|
.name = ARPT_STANDARD_TARGET,
|
||||||
.family = NFPROTO_ARP,
|
.targetsize = sizeof(int),
|
||||||
|
.family = NFPROTO_ARP,
|
||||||
#ifdef CONFIG_COMPAT
|
#ifdef CONFIG_COMPAT
|
||||||
.compatsize = sizeof(compat_int_t),
|
.compatsize = sizeof(compat_int_t),
|
||||||
.compat_from_user = compat_standard_from_user,
|
.compat_from_user = compat_standard_from_user,
|
||||||
.compat_to_user = compat_standard_to_user,
|
.compat_to_user = compat_standard_to_user,
|
||||||
#endif
|
#endif
|
||||||
};
|
},
|
||||||
|
{
|
||||||
static struct xt_target arpt_error_target __read_mostly = {
|
.name = ARPT_ERROR_TARGET,
|
||||||
.name = ARPT_ERROR_TARGET,
|
.target = arpt_error,
|
||||||
.target = arpt_error,
|
.targetsize = ARPT_FUNCTION_MAXNAMELEN,
|
||||||
.targetsize = ARPT_FUNCTION_MAXNAMELEN,
|
.family = NFPROTO_ARP,
|
||||||
.family = NFPROTO_ARP,
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
static struct nf_sockopt_ops arpt_sockopts = {
|
static struct nf_sockopt_ops arpt_sockopts = {
|
||||||
@ -1887,12 +1888,9 @@ static int __init arp_tables_init(void)
|
|||||||
goto err1;
|
goto err1;
|
||||||
|
|
||||||
/* Noone else will be downing sem now, so we won't sleep */
|
/* Noone else will be downing sem now, so we won't sleep */
|
||||||
ret = xt_register_target(&arpt_standard_target);
|
ret = xt_register_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto err2;
|
goto err2;
|
||||||
ret = xt_register_target(&arpt_error_target);
|
|
||||||
if (ret < 0)
|
|
||||||
goto err3;
|
|
||||||
|
|
||||||
/* Register setsockopt */
|
/* Register setsockopt */
|
||||||
ret = nf_register_sockopt(&arpt_sockopts);
|
ret = nf_register_sockopt(&arpt_sockopts);
|
||||||
@ -1903,9 +1901,7 @@ static int __init arp_tables_init(void)
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
err4:
|
err4:
|
||||||
xt_unregister_target(&arpt_error_target);
|
xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
|
||||||
err3:
|
|
||||||
xt_unregister_target(&arpt_standard_target);
|
|
||||||
err2:
|
err2:
|
||||||
unregister_pernet_subsys(&arp_tables_net_ops);
|
unregister_pernet_subsys(&arp_tables_net_ops);
|
||||||
err1:
|
err1:
|
||||||
@ -1915,8 +1911,7 @@ err1:
|
|||||||
static void __exit arp_tables_fini(void)
|
static void __exit arp_tables_fini(void)
|
||||||
{
|
{
|
||||||
nf_unregister_sockopt(&arpt_sockopts);
|
nf_unregister_sockopt(&arpt_sockopts);
|
||||||
xt_unregister_target(&arpt_error_target);
|
xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
|
||||||
xt_unregister_target(&arpt_standard_target);
|
|
||||||
unregister_pernet_subsys(&arp_tables_net_ops);
|
unregister_pernet_subsys(&arp_tables_net_ops);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2172,23 +2172,23 @@ static int icmp_checkentry(const struct xt_mtchk_param *par)
|
|||||||
return (icmpinfo->invflags & ~IPT_ICMP_INV) ? -EINVAL : 0;
|
return (icmpinfo->invflags & ~IPT_ICMP_INV) ? -EINVAL : 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* The built-in targets: standard (NULL) and error. */
|
static struct xt_target ipt_builtin_tg[] __read_mostly = {
|
||||||
static struct xt_target ipt_standard_target __read_mostly = {
|
{
|
||||||
.name = IPT_STANDARD_TARGET,
|
.name = IPT_STANDARD_TARGET,
|
||||||
.targetsize = sizeof(int),
|
.targetsize = sizeof(int),
|
||||||
.family = NFPROTO_IPV4,
|
.family = NFPROTO_IPV4,
|
||||||
#ifdef CONFIG_COMPAT
|
#ifdef CONFIG_COMPAT
|
||||||
.compatsize = sizeof(compat_int_t),
|
.compatsize = sizeof(compat_int_t),
|
||||||
.compat_from_user = compat_standard_from_user,
|
.compat_from_user = compat_standard_from_user,
|
||||||
.compat_to_user = compat_standard_to_user,
|
.compat_to_user = compat_standard_to_user,
|
||||||
#endif
|
#endif
|
||||||
};
|
},
|
||||||
|
{
|
||||||
static struct xt_target ipt_error_target __read_mostly = {
|
.name = IPT_ERROR_TARGET,
|
||||||
.name = IPT_ERROR_TARGET,
|
.target = ipt_error,
|
||||||
.target = ipt_error,
|
.targetsize = IPT_FUNCTION_MAXNAMELEN,
|
||||||
.targetsize = IPT_FUNCTION_MAXNAMELEN,
|
.family = NFPROTO_IPV4,
|
||||||
.family = NFPROTO_IPV4,
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
static struct nf_sockopt_ops ipt_sockopts = {
|
static struct nf_sockopt_ops ipt_sockopts = {
|
||||||
@ -2208,13 +2208,15 @@ static struct nf_sockopt_ops ipt_sockopts = {
|
|||||||
.owner = THIS_MODULE,
|
.owner = THIS_MODULE,
|
||||||
};
|
};
|
||||||
|
|
||||||
static struct xt_match icmp_matchstruct __read_mostly = {
|
static struct xt_match ipt_builtin_mt[] __read_mostly = {
|
||||||
.name = "icmp",
|
{
|
||||||
.match = icmp_match,
|
.name = "icmp",
|
||||||
.matchsize = sizeof(struct ipt_icmp),
|
.match = icmp_match,
|
||||||
.checkentry = icmp_checkentry,
|
.matchsize = sizeof(struct ipt_icmp),
|
||||||
.proto = IPPROTO_ICMP,
|
.checkentry = icmp_checkentry,
|
||||||
.family = NFPROTO_IPV4,
|
.proto = IPPROTO_ICMP,
|
||||||
|
.family = NFPROTO_IPV4,
|
||||||
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
static int __net_init ip_tables_net_init(struct net *net)
|
static int __net_init ip_tables_net_init(struct net *net)
|
||||||
@ -2241,13 +2243,10 @@ static int __init ip_tables_init(void)
|
|||||||
goto err1;
|
goto err1;
|
||||||
|
|
||||||
/* Noone else will be downing sem now, so we won't sleep */
|
/* Noone else will be downing sem now, so we won't sleep */
|
||||||
ret = xt_register_target(&ipt_standard_target);
|
ret = xt_register_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg));
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto err2;
|
goto err2;
|
||||||
ret = xt_register_target(&ipt_error_target);
|
ret = xt_register_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt));
|
||||||
if (ret < 0)
|
|
||||||
goto err3;
|
|
||||||
ret = xt_register_match(&icmp_matchstruct);
|
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto err4;
|
goto err4;
|
||||||
|
|
||||||
@ -2260,11 +2259,9 @@ static int __init ip_tables_init(void)
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
err5:
|
err5:
|
||||||
xt_unregister_match(&icmp_matchstruct);
|
xt_unregister_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt));
|
||||||
err4:
|
err4:
|
||||||
xt_unregister_target(&ipt_error_target);
|
xt_unregister_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg));
|
||||||
err3:
|
|
||||||
xt_unregister_target(&ipt_standard_target);
|
|
||||||
err2:
|
err2:
|
||||||
unregister_pernet_subsys(&ip_tables_net_ops);
|
unregister_pernet_subsys(&ip_tables_net_ops);
|
||||||
err1:
|
err1:
|
||||||
@ -2275,10 +2272,8 @@ static void __exit ip_tables_fini(void)
|
|||||||
{
|
{
|
||||||
nf_unregister_sockopt(&ipt_sockopts);
|
nf_unregister_sockopt(&ipt_sockopts);
|
||||||
|
|
||||||
xt_unregister_match(&icmp_matchstruct);
|
xt_unregister_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt));
|
||||||
xt_unregister_target(&ipt_error_target);
|
xt_unregister_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg));
|
||||||
xt_unregister_target(&ipt_standard_target);
|
|
||||||
|
|
||||||
unregister_pernet_subsys(&ip_tables_net_ops);
|
unregister_pernet_subsys(&ip_tables_net_ops);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2190,22 +2190,23 @@ static int icmp6_checkentry(const struct xt_mtchk_param *par)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* The built-in targets: standard (NULL) and error. */
|
/* The built-in targets: standard (NULL) and error. */
|
||||||
static struct xt_target ip6t_standard_target __read_mostly = {
|
static struct xt_target ip6t_builtin_tg[] __read_mostly = {
|
||||||
.name = IP6T_STANDARD_TARGET,
|
{
|
||||||
.targetsize = sizeof(int),
|
.name = IP6T_STANDARD_TARGET,
|
||||||
.family = NFPROTO_IPV6,
|
.targetsize = sizeof(int),
|
||||||
|
.family = NFPROTO_IPV6,
|
||||||
#ifdef CONFIG_COMPAT
|
#ifdef CONFIG_COMPAT
|
||||||
.compatsize = sizeof(compat_int_t),
|
.compatsize = sizeof(compat_int_t),
|
||||||
.compat_from_user = compat_standard_from_user,
|
.compat_from_user = compat_standard_from_user,
|
||||||
.compat_to_user = compat_standard_to_user,
|
.compat_to_user = compat_standard_to_user,
|
||||||
#endif
|
#endif
|
||||||
};
|
},
|
||||||
|
{
|
||||||
static struct xt_target ip6t_error_target __read_mostly = {
|
.name = IP6T_ERROR_TARGET,
|
||||||
.name = IP6T_ERROR_TARGET,
|
.target = ip6t_error,
|
||||||
.target = ip6t_error,
|
.targetsize = IP6T_FUNCTION_MAXNAMELEN,
|
||||||
.targetsize = IP6T_FUNCTION_MAXNAMELEN,
|
.family = NFPROTO_IPV6,
|
||||||
.family = NFPROTO_IPV6,
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
static struct nf_sockopt_ops ip6t_sockopts = {
|
static struct nf_sockopt_ops ip6t_sockopts = {
|
||||||
@ -2225,13 +2226,15 @@ static struct nf_sockopt_ops ip6t_sockopts = {
|
|||||||
.owner = THIS_MODULE,
|
.owner = THIS_MODULE,
|
||||||
};
|
};
|
||||||
|
|
||||||
static struct xt_match icmp6_matchstruct __read_mostly = {
|
static struct xt_match ip6t_builtin_mt[] __read_mostly = {
|
||||||
.name = "icmp6",
|
{
|
||||||
.match = icmp6_match,
|
.name = "icmp6",
|
||||||
.matchsize = sizeof(struct ip6t_icmp),
|
.match = icmp6_match,
|
||||||
.checkentry = icmp6_checkentry,
|
.matchsize = sizeof(struct ip6t_icmp),
|
||||||
.proto = IPPROTO_ICMPV6,
|
.checkentry = icmp6_checkentry,
|
||||||
.family = NFPROTO_IPV6,
|
.proto = IPPROTO_ICMPV6,
|
||||||
|
.family = NFPROTO_IPV6,
|
||||||
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
static int __net_init ip6_tables_net_init(struct net *net)
|
static int __net_init ip6_tables_net_init(struct net *net)
|
||||||
@ -2258,13 +2261,10 @@ static int __init ip6_tables_init(void)
|
|||||||
goto err1;
|
goto err1;
|
||||||
|
|
||||||
/* Noone else will be downing sem now, so we won't sleep */
|
/* Noone else will be downing sem now, so we won't sleep */
|
||||||
ret = xt_register_target(&ip6t_standard_target);
|
ret = xt_register_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg));
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto err2;
|
goto err2;
|
||||||
ret = xt_register_target(&ip6t_error_target);
|
ret = xt_register_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt));
|
||||||
if (ret < 0)
|
|
||||||
goto err3;
|
|
||||||
ret = xt_register_match(&icmp6_matchstruct);
|
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto err4;
|
goto err4;
|
||||||
|
|
||||||
@ -2277,11 +2277,9 @@ static int __init ip6_tables_init(void)
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
err5:
|
err5:
|
||||||
xt_unregister_match(&icmp6_matchstruct);
|
xt_unregister_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt));
|
||||||
err4:
|
err4:
|
||||||
xt_unregister_target(&ip6t_error_target);
|
xt_unregister_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg));
|
||||||
err3:
|
|
||||||
xt_unregister_target(&ip6t_standard_target);
|
|
||||||
err2:
|
err2:
|
||||||
unregister_pernet_subsys(&ip6_tables_net_ops);
|
unregister_pernet_subsys(&ip6_tables_net_ops);
|
||||||
err1:
|
err1:
|
||||||
@ -2292,10 +2290,8 @@ static void __exit ip6_tables_fini(void)
|
|||||||
{
|
{
|
||||||
nf_unregister_sockopt(&ip6t_sockopts);
|
nf_unregister_sockopt(&ip6t_sockopts);
|
||||||
|
|
||||||
xt_unregister_match(&icmp6_matchstruct);
|
xt_unregister_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt));
|
||||||
xt_unregister_target(&ip6t_error_target);
|
xt_unregister_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg));
|
||||||
xt_unregister_target(&ip6t_standard_target);
|
|
||||||
|
|
||||||
unregister_pernet_subsys(&ip6_tables_net_ops);
|
unregister_pernet_subsys(&ip6_tables_net_ops);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user