X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fipv6%2Fnetfilter%2Fip6t_owner.c;fp=net%2Fipv6%2Fnetfilter%2Fip6t_owner.c;h=8c8a4c7ec9340cee4d778087d3e731b5649ce212;hb=64ba3f394c830ec48a1c31b53dcae312c56f1604;hp=5d047990cd44626a14404b64ea982a60199165b5;hpb=be1e6109ac94a859551f8e1774eb9a8469fe055c;p=linux-2.6.git diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c index 5d047990c..8c8a4c7ec 100644 --- a/net/ipv6/netfilter/ip6t_owner.c +++ b/net/ipv6/netfilter/ip6t_owner.c @@ -26,7 +26,6 @@ static int match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, - const struct xt_match *match, const void *matchinfo, int offset, unsigned int protoff, @@ -55,39 +54,46 @@ match(const struct sk_buff *skb, static int checkentry(const char *tablename, const void *ip, - const struct xt_match *match, void *matchinfo, unsigned int matchsize, unsigned int hook_mask) { const struct ip6t_owner_info *info = matchinfo; + if (hook_mask + & ~((1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING))) { + printk("ip6t_owner: only valid for LOCAL_OUT or POST_ROUTING.\n"); + return 0; + } + + if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_owner_info))) + return 0; + if (info->match & (IP6T_OWNER_PID | IP6T_OWNER_SID)) { printk("ipt_owner: pid and sid matching " "not supported anymore\n"); return 0; } + return 1; } static struct ip6t_match owner_match = { .name = "owner", - .match = match, - .matchsize = sizeof(struct ip6t_owner_info), - .hooks = (1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING), - .checkentry = checkentry, + .match = &match, + .checkentry = &checkentry, .me = THIS_MODULE, }; -static int __init ip6t_owner_init(void) +static int __init init(void) { return ip6t_register_match(&owner_match); } -static void __exit ip6t_owner_fini(void) +static void __exit fini(void) { ip6t_unregister_match(&owner_match); } -module_init(ip6t_owner_init); -module_exit(ip6t_owner_fini); +module_init(init); +module_exit(fini);