X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fnetfilter%2Fxt_physdev.c;fp=net%2Fnetfilter%2Fxt_physdev.c;h=19bb57c14dfe956c8b9fb1bffb883480f2e3c663;hb=64ba3f394c830ec48a1c31b53dcae312c56f1604;hp=63a96546746575979e2200b87d9a557c774e6970;hpb=be1e6109ac94a859551f8e1774eb9a8469fe055c;p=linux-2.6.git

diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c
index 63a965467..19bb57c14 100644
--- a/net/netfilter/xt_physdev.c
+++ b/net/netfilter/xt_physdev.c
@@ -10,7 +10,6 @@
 
 #include <linux/module.h>
 #include <linux/skbuff.h>
-#include <linux/netfilter_bridge.h>
 #include <linux/netfilter/xt_physdev.h>
 #include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_bridge.h>
@@ -27,7 +26,6 @@ static int
 match(const struct sk_buff *skb,
       const struct net_device *in,
       const struct net_device *out,
-      const struct xt_match *match,
       const void *matchinfo,
       int offset,
       unsigned int protoff,
@@ -104,72 +102,54 @@ match_outdev:
 static int
 checkentry(const char *tablename,
 		       const void *ip,
-		       const struct xt_match *match,
 		       void *matchinfo,
 		       unsigned int matchsize,
 		       unsigned int hook_mask)
 {
 	const struct xt_physdev_info *info = matchinfo;
 
+	if (matchsize != XT_ALIGN(sizeof(struct xt_physdev_info)))
+		return 0;
 	if (!(info->bitmask & XT_PHYSDEV_OP_MASK) ||
 	    info->bitmask & ~XT_PHYSDEV_OP_MASK)
 		return 0;
-	if (brnf_deferred_hooks == 0 &&
-	    info->bitmask & XT_PHYSDEV_OP_OUT &&
-	    (!(info->bitmask & XT_PHYSDEV_OP_BRIDGED) ||
-	     info->invert & XT_PHYSDEV_OP_BRIDGED) &&
-	    hook_mask & ((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |
-	                 (1 << NF_IP_POST_ROUTING))) {
-		printk(KERN_WARNING "physdev match: using --physdev-out in the "
-		       "OUTPUT, FORWARD and POSTROUTING chains for non-bridged "
-		       "traffic is deprecated and breaks other things, it will "
-		       "be removed in January 2007. See Documentation/"
-		       "feature-removal-schedule.txt for details. This doesn't "
-		       "affect you in case you're using it for purely bridged "
-		       "traffic.\n");
-		brnf_deferred_hooks = 1;
-	}
 	return 1;
 }
 
 static struct xt_match physdev_match = {
 	.name		= "physdev",
-	.match		= match,
-	.matchsize	= sizeof(struct xt_physdev_info),
-	.checkentry	= checkentry,
-	.family		= AF_INET,
+	.match		= &match,
+	.checkentry	= &checkentry,
 	.me		= THIS_MODULE,
 };
 
 static struct xt_match physdev6_match = {
 	.name		= "physdev",
-	.match		= match,
-	.matchsize	= sizeof(struct xt_physdev_info),
-	.checkentry	= checkentry,
-	.family		= AF_INET6,
+	.match		= &match,
+	.checkentry	= &checkentry,
 	.me		= THIS_MODULE,
 };
 
-static int __init xt_physdev_init(void)
+static int __init init(void)
 {
 	int ret;
 
-	ret = xt_register_match(&physdev_match);
+	ret = xt_register_match(AF_INET, &physdev_match);
 	if (ret < 0)
 		return ret;
 
-	ret = xt_register_match(&physdev6_match);
+	ret = xt_register_match(AF_INET6, &physdev6_match);
 	if (ret < 0)
-		xt_unregister_match(&physdev_match);
+		xt_unregister_match(AF_INET, &physdev_match);
 
 	return ret;
 }
 
-static void __exit xt_physdev_fini(void)
+static void __exit fini(void)
 {
-	xt_unregister_match(&physdev_match);
-	xt_unregister_match(&physdev6_match);
+	xt_unregister_match(AF_INET, &physdev_match);
+	xt_unregister_match(AF_INET6, &physdev6_match);
 }
 
-module_init(xt_physdev_init);
-module_exit(xt_physdev_fini);
+module_init(init);
+module_exit(fini);