netfilter: ebtables: use generic table checking
Ebtables ORs (1 << NF_BR_NUMHOOKS) into the hook mask to indicate that the extension was called from a base chain. So this also needs to be present in the extensions' ->hooks. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
parent
102befab75
commit
f2ff525c8d
@ -73,8 +73,6 @@ ebt_arpreply_tg_check(const char *tablename, const void *entry,
|
|||||||
e->invflags & EBT_IPROTO)
|
e->invflags & EBT_IPROTO)
|
||||||
return false;
|
return false;
|
||||||
CLEAR_BASE_CHAIN_BIT;
|
CLEAR_BASE_CHAIN_BIT;
|
||||||
if (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING))
|
|
||||||
return false;
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -82,6 +80,8 @@ static struct xt_target ebt_arpreply_tg_reg __read_mostly = {
|
|||||||
.name = "arpreply",
|
.name = "arpreply",
|
||||||
.revision = 0,
|
.revision = 0,
|
||||||
.family = NFPROTO_BRIDGE,
|
.family = NFPROTO_BRIDGE,
|
||||||
|
.table = "nat",
|
||||||
|
.hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING),
|
||||||
.target = ebt_arpreply_tg,
|
.target = ebt_arpreply_tg,
|
||||||
.checkentry = ebt_arpreply_tg_check,
|
.checkentry = ebt_arpreply_tg_check,
|
||||||
.targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)),
|
.targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)),
|
||||||
|
@ -51,6 +51,8 @@ static struct xt_target ebt_dnat_tg_reg __read_mostly = {
|
|||||||
.name = "dnat",
|
.name = "dnat",
|
||||||
.revision = 0,
|
.revision = 0,
|
||||||
.family = NFPROTO_BRIDGE,
|
.family = NFPROTO_BRIDGE,
|
||||||
|
.hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING) |
|
||||||
|
(1 << NF_BR_LOCAL_OUT) | (1 << NF_BR_BROUTING),
|
||||||
.target = ebt_dnat_tg,
|
.target = ebt_dnat_tg,
|
||||||
.checkentry = ebt_dnat_tg_check,
|
.checkentry = ebt_dnat_tg_check,
|
||||||
.targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
|
.targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
|
||||||
|
@ -56,6 +56,8 @@ static struct xt_target ebt_redirect_tg_reg __read_mostly = {
|
|||||||
.name = "redirect",
|
.name = "redirect",
|
||||||
.revision = 0,
|
.revision = 0,
|
||||||
.family = NFPROTO_BRIDGE,
|
.family = NFPROTO_BRIDGE,
|
||||||
|
.hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING) |
|
||||||
|
(1 << NF_BR_BROUTING),
|
||||||
.target = ebt_redirect_tg,
|
.target = ebt_redirect_tg,
|
||||||
.checkentry = ebt_redirect_tg_check,
|
.checkentry = ebt_redirect_tg_check,
|
||||||
.targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)),
|
.targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)),
|
||||||
|
@ -56,10 +56,6 @@ ebt_snat_tg_check(const char *tablename, const void *e,
|
|||||||
if (BASE_CHAIN && tmp == EBT_RETURN)
|
if (BASE_CHAIN && tmp == EBT_RETURN)
|
||||||
return false;
|
return false;
|
||||||
CLEAR_BASE_CHAIN_BIT;
|
CLEAR_BASE_CHAIN_BIT;
|
||||||
if (strcmp(tablename, "nat"))
|
|
||||||
return false;
|
|
||||||
if (hookmask & ~(1 << NF_BR_POST_ROUTING))
|
|
||||||
return false;
|
|
||||||
|
|
||||||
if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0)
|
if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0)
|
||||||
return false;
|
return false;
|
||||||
@ -73,6 +69,8 @@ static struct xt_target ebt_snat_tg_reg __read_mostly = {
|
|||||||
.name = "snat",
|
.name = "snat",
|
||||||
.revision = 0,
|
.revision = 0,
|
||||||
.family = NFPROTO_BRIDGE,
|
.family = NFPROTO_BRIDGE,
|
||||||
|
.table = "nat",
|
||||||
|
.hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_POST_ROUTING),
|
||||||
.target = ebt_snat_tg,
|
.target = ebt_snat_tg,
|
||||||
.checkentry = ebt_snat_tg_check,
|
.checkentry = ebt_snat_tg_check,
|
||||||
.targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
|
.targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
|
||||||
|
Loading…
Reference in New Issue
Block a user