X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fipv6%2Fnetfilter%2Fip6t_REJECT.c;h=0e6d1d4bbd5c406e6db2a5558f10f6dd1818f82d;hb=987b0145d94eecf292d8b301228356f44611ab7c;hp=de1175c27f6dfde1d4639d6ac8f5251cf9bf9c57;hpb=4544ac5ae436e5ca8ac99f4296c50a5b880e349e;p=linux-2.6.git

diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index de1175c27..0e6d1d4bb 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -179,7 +179,6 @@ static unsigned int reject6_target(struct sk_buff **pskb,
 			   const struct net_device *in,
 			   const struct net_device *out,
 			   unsigned int hooknum,
-			   const struct xt_target *target,
 			   const void *targinfo,
 			   void *userinfo)
 {
@@ -222,7 +221,6 @@ static unsigned int reject6_target(struct sk_buff **pskb,
 
 static int check(const char *tablename,
 		 const void *entry,
-		 const struct xt_target *target,
 		 void *targinfo,
 		 unsigned int targinfosize,
 		 unsigned int hook_mask)
@@ -230,6 +228,24 @@ static int check(const char *tablename,
  	const struct ip6t_reject_info *rejinfo = targinfo;
 	const struct ip6t_entry *e = entry;
 
+ 	if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_reject_info))) {
+  		DEBUGP("ip6t_REJECT: targinfosize %u != 0\n", targinfosize);
+  		return 0;
+  	}
+
+	/* Only allow these for packet filtering. */
+	if (strcmp(tablename, "filter") != 0) {
+		DEBUGP("ip6t_REJECT: bad table `%s'.\n", tablename);
+		return 0;
+	}
+
+	if ((hook_mask & ~((1 << NF_IP6_LOCAL_IN)
+			   | (1 << NF_IP6_FORWARD)
+			   | (1 << NF_IP6_LOCAL_OUT))) != 0) {
+		DEBUGP("ip6t_REJECT: bad hook mask %X\n", hook_mask);
+		return 0;
+	}
+
 	if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) {
 		printk("ip6t_REJECT: ECHOREPLY is not supported.\n");
 		return 0;
@@ -241,31 +257,28 @@ static int check(const char *tablename,
 			return 0;
 		}
 	}
+
 	return 1;
 }
 
 static struct ip6t_target ip6t_reject_reg = {
 	.name		= "REJECT",
 	.target		= reject6_target,
-	.targetsize	= sizeof(struct ip6t_reject_info),
-	.table		= "filter",
-	.hooks		= (1 << NF_IP6_LOCAL_IN) | (1 << NF_IP6_FORWARD) |
-			  (1 << NF_IP6_LOCAL_OUT),
 	.checkentry	= check,
 	.me		= THIS_MODULE
 };
 
-static int __init ip6t_reject_init(void)
+static int __init init(void)
 {
 	if (ip6t_register_target(&ip6t_reject_reg))
 		return -EINVAL;
 	return 0;
 }
 
-static void __exit ip6t_reject_fini(void)
+static void __exit fini(void)
 {
 	ip6t_unregister_target(&ip6t_reject_reg);
 }
 
-module_init(ip6t_reject_init);
-module_exit(ip6t_reject_fini);
+module_init(init);
+module_exit(fini);