X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fipv4%2Fnetfilter%2Fipt_recent.c;h=44611d6d14f5c4d95e906773b2006d7ff6e40294;hb=987b0145d94eecf292d8b301228356f44611ab7c;hp=b847ee409efbb7146987f526998ccb8ea51422fe;hpb=f7ed79d23a47594e7834d66a8f14449796d4f3e6;p=linux-2.6.git diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c index b847ee409..44611d6d1 100644 --- a/net/ipv4/netfilter/ipt_recent.c +++ b/net/ipv4/netfilter/ipt_recent.c @@ -102,7 +102,6 @@ static int match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, - const struct xt_match *match, const void *matchinfo, int offset, unsigned int protoff, @@ -319,7 +318,7 @@ static int ip_recent_ctrl(struct file *file, const char __user *input, unsigned skb->nh.iph->daddr = 0; /* Clear ttl since we have no way of knowing it */ skb->nh.iph->ttl = 0; - match(skb,NULL,NULL,NULL,info,0,0,NULL); + match(skb,NULL,NULL,info,0,0,NULL); kfree(skb->nh.iph); out_free_skb: @@ -357,7 +356,6 @@ static int match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, - const struct xt_match *match, const void *matchinfo, int offset, unsigned int protoff, @@ -659,7 +657,6 @@ match(const struct sk_buff *skb, static int checkentry(const char *tablename, const void *ip, - const struct xt_match *match, void *matchinfo, unsigned int matchsize, unsigned int hook_mask) @@ -673,6 +670,8 @@ checkentry(const char *tablename, if(debug) printk(KERN_INFO RECENT_NAME ": checkentry() entered.\n"); #endif + if (matchsize != IPT_ALIGN(sizeof(struct ipt_recent_info))) return 0; + /* seconds and hit_count only valid for CHECK/UPDATE */ if(info->check_set & IPT_RECENT_SET) { flag++; if(info->seconds || info->hit_count) return 0; } if(info->check_set & IPT_RECENT_REMOVE) { flag++; if(info->seconds || info->hit_count) return 0; } @@ -821,7 +820,6 @@ checkentry(const char *tablename, /* Create our proc 'status' entry. */ curr_table->status_proc = create_proc_entry(curr_table->name, ip_list_perms, proc_net_ipt_recent); if (!curr_table->status_proc) { - vfree(hold); printk(KERN_INFO RECENT_NAME ": checkentry: unable to allocate for /proc entry.\n"); /* Destroy the created table */ spin_lock_bh(&recent_lock); @@ -846,6 +844,7 @@ checkentry(const char *tablename, spin_unlock_bh(&recent_lock); vfree(curr_table->time_info); vfree(curr_table->hash_table); + vfree(hold); vfree(curr_table->table); vfree(curr_table); return 0; @@ -872,7 +871,7 @@ checkentry(const char *tablename, * up its memory. */ static void -destroy(const struct xt_match *match, void *matchinfo, unsigned int matchsize) +destroy(void *matchinfo, unsigned int matchsize) { const struct ipt_recent_info *info = matchinfo; struct recent_ip_tables *curr_table, *last_table; @@ -952,17 +951,16 @@ destroy(const struct xt_match *match, void *matchinfo, unsigned int matchsize) /* This is the structure we pass to ipt_register to register our * module with iptables. */ -static struct ipt_match recent_match = { - .name = "recent", - .match = match, - .matchsize = sizeof(struct ipt_recent_info), - .checkentry = checkentry, - .destroy = destroy, - .me = THIS_MODULE +static struct ipt_match recent_match = { + .name = "recent", + .match = &match, + .checkentry = &checkentry, + .destroy = &destroy, + .me = THIS_MODULE }; /* Kernel module initialization. */ -static int __init ipt_recent_init(void) +static int __init init(void) { int err, count; @@ -995,7 +993,7 @@ static int __init ipt_recent_init(void) } /* Kernel module destruction. */ -static void __exit ipt_recent_fini(void) +static void __exit fini(void) { ipt_unregister_match(&recent_match); @@ -1003,5 +1001,5 @@ static void __exit ipt_recent_fini(void) } /* Register our module with the kernel. */ -module_init(ipt_recent_init); -module_exit(ipt_recent_fini); +module_init(init); +module_exit(fini);