git://git.onelab.eu / linux-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
linux 2.6.16.38 w/ vs2.0.3-rc1
[linux-2.6.git] / net / ipv4 / netfilter / ip_nat_rule.c
diff --git a/net/ipv4/netfilter/ip_nat_rule.c b/net/ipv4/netfilter/ip_nat_rule.c
index 1aba926..1de8628 100644 (file)
--- a/net/ipv4/netfilter/ip_nat_rule.c
+++ b/net/ipv4/netfilter/ip_nat_rule.c
@@ -103,7 +103,6 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb,
                                    const struct net_device *in,
                                    const struct net_device *out,
                                    unsigned int hooknum,
-                                   const struct ipt_target *target,
                                    const void *targinfo,
                                    void *userinfo)
 {
@@ -146,7 +145,6 @@ static unsigned int ipt_dnat_target(struct sk_buff **pskb,
                                    const struct net_device *in,
                                    const struct net_device *out,
                                    unsigned int hooknum,
-                                   const struct ipt_target *target,
                                    const void *targinfo,
                                    void *userinfo)
 {
@@ -172,7 +170,6 @@ static unsigned int ipt_dnat_target(struct sk_buff **pskb,
 
 static int ipt_snat_checkentry(const char *tablename,
                               const void *entry,
-                              const struct ipt_target *target,
                               void *targinfo,
                               unsigned int targinfosize,
                               unsigned int hook_mask)
@@ -184,12 +181,28 @@ static int ipt_snat_checkentry(const char *tablename,
                printk("SNAT: multiple ranges no longer supported\n");
                return 0;
        }
+
+       if (targinfosize != IPT_ALIGN(sizeof(struct ip_nat_multi_range_compat))) {
+               DEBUGP("SNAT: Target size %u wrong for %u ranges\n",
+                      targinfosize, mr->rangesize);
+               return 0;
+       }
+
+       /* Only allow these for NAT. */
+       if (strcmp(tablename, "nat") != 0) {
+               DEBUGP("SNAT: wrong table %s\n", tablename);
+               return 0;
+       }
+
+       if (hook_mask & ~(1 << NF_IP_POST_ROUTING)) {
+               DEBUGP("SNAT: hook mask 0x%x bad\n", hook_mask);
+               return 0;
+       }
        return 1;
 }
 
 static int ipt_dnat_checkentry(const char *tablename,
                               const void *entry,
-                              const struct ipt_target *target,
                               void *targinfo,
                               unsigned int targinfosize,
                               unsigned int hook_mask)
@@ -201,6 +214,24 @@ static int ipt_dnat_checkentry(const char *tablename,
                printk("DNAT: multiple ranges no longer supported\n");
                return 0;
        }
+
+       if (targinfosize != IPT_ALIGN(sizeof(struct ip_nat_multi_range_compat))) {
+               DEBUGP("DNAT: Target size %u wrong for %u ranges\n",
+                      targinfosize, mr->rangesize);
+               return 0;
+       }
+
+       /* Only allow these for NAT. */
+       if (strcmp(tablename, "nat") != 0) {
+               DEBUGP("DNAT: wrong table %s\n", tablename);
+               return 0;
+       }
+
+       if (hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT))) {
+               DEBUGP("DNAT: hook mask 0x%x bad\n", hook_mask);
+               return 0;
+       }
+       
        return 1;
 }
 
@@ -268,18 +299,12 @@ int ip_nat_rule_find(struct sk_buff **pskb,
 static struct ipt_target ipt_snat_reg = {
        .name           = "SNAT",
        .target         = ipt_snat_target,
-       .targetsize     = sizeof(struct ip_nat_multi_range_compat),
-       .table          = "nat",
-       .hooks          = 1 << NF_IP_POST_ROUTING,
        .checkentry     = ipt_snat_checkentry,
 };
 
 static struct ipt_target ipt_dnat_reg = {
        .name           = "DNAT",
        .target         = ipt_dnat_target,
-       .targetsize     = sizeof(struct ip_nat_multi_range_compat),
-       .table          = "nat",
-       .hooks          = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT),
        .checkentry     = ipt_dnat_checkentry,
 };
 
linux-2.6