*
*/
+#include <linux/config.h>
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/netdevice.h>
&& unconditional(&e->arp)) {
unsigned int oldpos, size;
- if (t->verdict < -NF_MAX_VERDICT - 1) {
- duprintf("mark_source_chains: bad "
- "negative verdict (%i)\n",
- t->verdict);
- return 0;
- }
-
/* Return: backtrack through the last
* big jump.
*/
if (strcmp(t->target.u.user.name,
ARPT_STANDARD_TARGET) == 0
&& newpos >= 0) {
- if (newpos > newinfo->size -
- sizeof(struct arpt_entry)) {
- duprintf("mark_source_chains: "
- "bad verdict (%i)\n",
- newpos);
- return 0;
- }
-
/* This a jump; chase it. */
duprintf("Jump rule %u -> %u\n",
pos, newpos);
static inline int standard_check(const struct arpt_entry_target *t,
unsigned int max_offset)
{
+ struct arpt_standard_target *targ = (void *)t;
+
/* Check standard info. */
if (t->u.target_size
!= ARPT_ALIGN(sizeof(struct arpt_standard_target))) {
return 0;
}
+ if (targ->verdict >= 0
+ && targ->verdict > max_offset - sizeof(struct arpt_entry)) {
+ duprintf("arpt_standard_check: bad verdict (%i)\n",
+ targ->verdict);
+ return 0;
+ }
+
+ if (targ->verdict < -NF_MAX_VERDICT - 1) {
+ duprintf("arpt_standard_check: bad negative verdict (%i)\n",
+ targ->verdict);
+ return 0;
+ }
return 1;
}
return -EINVAL;
}
- if (e->target_offset + sizeof(struct arpt_entry_target) > e->next_offset)
- return -EINVAL;
-
t = arpt_get_target(e);
- if (e->target_offset + t->u.target_size > e->next_offset)
- return -EINVAL;
-
target = try_then_request_module(xt_find_target(NF_ARP, t->u.user.name,
t->u.user.revision),
"arpt_%s", t->u.user.name);
if (ret != 0) {
ARPT_ENTRY_ITERATE(entry0, newinfo->size,
- cleanup_entry, &i);
+ cleanup_entry, &i);
return ret;
}
return ret;
}
- ret = xt_register_table(table, &bootstrap, newinfo);
- if (ret != 0) {
+ if (xt_register_table(table, &bootstrap, newinfo) != 0) {
xt_free_table_info(newinfo);
return ret;
}
{
int ret;
- ret = xt_proto_init(NF_ARP);
- if (ret < 0)
- goto err1;
+ xt_proto_init(NF_ARP);
/* Noone else will be downing sem now, so we won't sleep */
- ret = xt_register_target(&arpt_standard_target);
- if (ret < 0)
- goto err2;
- ret = xt_register_target(&arpt_error_target);
- if (ret < 0)
- goto err3;
+ xt_register_target(&arpt_standard_target);
+ xt_register_target(&arpt_error_target);
/* Register setsockopt */
ret = nf_register_sockopt(&arpt_sockopts);
- if (ret < 0)
- goto err4;
+ if (ret < 0) {
+ duprintf("Unable to register sockopts.\n");
+ return ret;
+ }
printk("arp_tables: (C) 2002 David S. Miller\n");
return 0;
-
-err4:
- xt_unregister_target(&arpt_error_target);
-err3:
- xt_unregister_target(&arpt_standard_target);
-err2:
- xt_proto_fini(NF_ARP);
-err1:
- return ret;
}
static void __exit arp_tables_fini(void)
{
nf_unregister_sockopt(&arpt_sockopts);
- xt_unregister_target(&arpt_error_target);
- xt_unregister_target(&arpt_standard_target);
xt_proto_fini(NF_ARP);
}