X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fnetfilter%2Fxt_mac.c;h=0461dcb5fc7a41a86655014c8892802ef92e2cac;hb=987b0145d94eecf292d8b301228356f44611ab7c;hp=356290ffe386e789148306e117c3c4dd07264488;hpb=f7ed79d23a47594e7834d66a8f14449796d4f3e6;p=linux-2.6.git

diff --git a/net/netfilter/xt_mac.c b/net/netfilter/xt_mac.c
index 356290ffe..0461dcb5f 100644
--- a/net/netfilter/xt_mac.c
+++ b/net/netfilter/xt_mac.c
@@ -27,7 +27,6 @@ static int
 match(const struct sk_buff *skb,
       const struct net_device *in,
       const struct net_device *out,
-      const struct xt_match *match,
       const void *matchinfo,
       int offset,
       unsigned int protoff,
@@ -43,44 +42,59 @@ match(const struct sk_buff *skb,
 		^ info->invert));
 }
 
+static int
+ipt_mac_checkentry(const char *tablename,
+		   const void *inf,
+		   void *matchinfo,
+		   unsigned int matchsize,
+		   unsigned int hook_mask)
+{
+	/* FORWARD isn't always valid, but it's nice to be able to do --RR */
+	if (hook_mask
+	    & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN)
+		| (1 << NF_IP_FORWARD))) {
+		printk("xt_mac: only valid for PRE_ROUTING, LOCAL_IN or FORWARD.\n");
+		return 0;
+	}
+
+	if (matchsize != XT_ALIGN(sizeof(struct xt_mac_info)))
+		return 0;
+
+	return 1;
+}
+
 static struct xt_match mac_match = {
 	.name		= "mac",
-	.match		= match,
-	.matchsize	= sizeof(struct xt_mac_info),
-	.hooks		= (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN) |
-			  (1 << NF_IP_FORWARD),
-	.family		= AF_INET,
+	.match		= &match,
+	.checkentry	= &ipt_mac_checkentry,
 	.me		= THIS_MODULE,
 };
 static struct xt_match mac6_match = {
 	.name		= "mac",
-	.match		= match,
-	.matchsize	= sizeof(struct xt_mac_info),
-	.hooks		= (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN) |
-			  (1 << NF_IP_FORWARD),
-	.family		= AF_INET6,
+	.match		= &match,
+	.checkentry	= &ipt_mac_checkentry,
 	.me		= THIS_MODULE,
 };
 
-static int __init xt_mac_init(void)
+static int __init init(void)
 {
 	int ret;
-	ret = xt_register_match(&mac_match);
+	ret = xt_register_match(AF_INET, &mac_match);
 	if (ret)
 		return ret;
 
-	ret = xt_register_match(&mac6_match);
+	ret = xt_register_match(AF_INET6, &mac6_match);
 	if (ret)
-		xt_unregister_match(&mac_match);
+		xt_unregister_match(AF_INET, &mac_match);
 
 	return ret;
 }
 
-static void __exit xt_mac_fini(void)
+static void __exit fini(void)
 {
-	xt_unregister_match(&mac_match);
-	xt_unregister_match(&mac6_match);
+	xt_unregister_match(AF_INET, &mac_match);
+	xt_unregister_match(AF_INET6, &mac6_match);
 }
 
-module_init(xt_mac_init);
-module_exit(xt_mac_fini);
+module_init(init);
+module_exit(fini);