X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fnetfilter%2Fxt_CLASSIFY.c;fp=net%2Fnetfilter%2Fxt_CLASSIFY.c;h=78ee266a12ee3fa05d51c690f7885f14b95f9bd6;hb=64ba3f394c830ec48a1c31b53dcae312c56f1604;hp=e54e57730012de72a1467c1cb16f96edd9492b02;hpb=be1e6109ac94a859551f8e1774eb9a8469fe055c;p=linux-2.6.git diff --git a/net/netfilter/xt_CLASSIFY.c b/net/netfilter/xt_CLASSIFY.c index e54e57730..78ee266a1 100644 --- a/net/netfilter/xt_CLASSIFY.c +++ b/net/netfilter/xt_CLASSIFY.c @@ -28,7 +28,6 @@ target(struct sk_buff **pskb, const struct net_device *in, const struct net_device *out, unsigned int hooknum, - const struct xt_target *target, const void *targinfo, void *userinfo) { @@ -40,48 +39,71 @@ target(struct sk_buff **pskb, return XT_CONTINUE; } +static int +checkentry(const char *tablename, + const void *e, + void *targinfo, + unsigned int targinfosize, + unsigned int hook_mask) +{ + if (targinfosize != XT_ALIGN(sizeof(struct xt_classify_target_info))){ + printk(KERN_ERR "CLASSIFY: invalid size (%u != %Zu).\n", + targinfosize, + XT_ALIGN(sizeof(struct xt_classify_target_info))); + return 0; + } + + if (hook_mask & ~((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) | + (1 << NF_IP_POST_ROUTING))) { + printk(KERN_ERR "CLASSIFY: only valid in LOCAL_OUT, FORWARD " + "and POST_ROUTING.\n"); + return 0; + } + + if (strcmp(tablename, "mangle") != 0) { + printk(KERN_ERR "CLASSIFY: can only be called from " + "\"mangle\" table, not \"%s\".\n", + tablename); + return 0; + } + + return 1; +} + static struct xt_target classify_reg = { .name = "CLASSIFY", .target = target, - .targetsize = sizeof(struct xt_classify_target_info), - .table = "mangle", - .hooks = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) | - (1 << NF_IP_POST_ROUTING), - .family = AF_INET, + .checkentry = checkentry, .me = THIS_MODULE, }; static struct xt_target classify6_reg = { .name = "CLASSIFY", .target = target, - .targetsize = sizeof(struct xt_classify_target_info), - .table = "mangle", - .hooks = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) | - (1 << NF_IP_POST_ROUTING), - .family = AF_INET6, + .checkentry = checkentry, .me = THIS_MODULE, }; -static int __init xt_classify_init(void) +static int __init init(void) { int ret; - ret = xt_register_target(&classify_reg); + ret = xt_register_target(AF_INET, &classify_reg); if (ret) return ret; - ret = xt_register_target(&classify6_reg); + ret = xt_register_target(AF_INET6, &classify6_reg); if (ret) - xt_unregister_target(&classify_reg); + xt_unregister_target(AF_INET, &classify_reg); return ret; } -static void __exit xt_classify_fini(void) +static void __exit fini(void) { - xt_unregister_target(&classify_reg); - xt_unregister_target(&classify6_reg); + xt_unregister_target(AF_INET, &classify_reg); + xt_unregister_target(AF_INET6, &classify6_reg); } -module_init(xt_classify_init); -module_exit(xt_classify_fini); +module_init(init); +module_exit(fini);