linux 2.6.16.38 w/ vs2.0.3-rc1

[linux-2.6.git] / net / netfilter / xt_CLASSIFY.c

diff --git a/net/netfilter/xt_CLASSIFY.c b/net/netfilter/xt_CLASSIFY.c
index e54e577..78ee266 100644 (file)
--- a/net/netfilter/xt_CLASSIFY.c
+++ b/net/netfilter/xt_CLASSIFY.c
@@ -28,7 +28,6 @@ target(struct sk_buff **pskb,
        const struct net_device *in,
        const struct net_device *out,
        unsigned int hooknum,
-       const struct xt_target *target,
        const void *targinfo,
        void *userinfo)
 {
@@ -40,48 +39,71 @@ target(struct sk_buff **pskb,
        return XT_CONTINUE;
 }
 
+static int
+checkentry(const char *tablename,
+           const void *e,
+           void *targinfo,
+           unsigned int targinfosize,
+           unsigned int hook_mask)
+{
+       if (targinfosize != XT_ALIGN(sizeof(struct xt_classify_target_info))){
+               printk(KERN_ERR "CLASSIFY: invalid size (%u != %Zu).\n",
+                      targinfosize,
+                      XT_ALIGN(sizeof(struct xt_classify_target_info)));
+               return 0;
+       }
+       
+       if (hook_mask & ~((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |
+                         (1 << NF_IP_POST_ROUTING))) {
+               printk(KERN_ERR "CLASSIFY: only valid in LOCAL_OUT, FORWARD "
+                               "and POST_ROUTING.\n");
+               return 0;
+       }
+
+       if (strcmp(tablename, "mangle") != 0) {
+               printk(KERN_ERR "CLASSIFY: can only be called from "
+                               "\"mangle\" table, not \"%s\".\n",
+                               tablename);
+               return 0;
+       }
+
+       return 1;
+}
+
 static struct xt_target classify_reg = { 
        .name           = "CLASSIFY", 
        .target         = target,
-       .targetsize     = sizeof(struct xt_classify_target_info),
-       .table          = "mangle",
-       .hooks          = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |
-                         (1 << NF_IP_POST_ROUTING),
-       .family         = AF_INET,
+       .checkentry     = checkentry,
        .me             = THIS_MODULE,
 };
 static struct xt_target classify6_reg = { 
        .name           = "CLASSIFY", 
        .target         = target,
-       .targetsize     = sizeof(struct xt_classify_target_info),
-       .table          = "mangle",
-       .hooks          = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |
-                         (1 << NF_IP_POST_ROUTING),
-       .family         = AF_INET6,
+       .checkentry     = checkentry,
        .me             = THIS_MODULE,
 };
 
 
-static int __init xt_classify_init(void)
+static int __init init(void)
 {
        int ret;
 
-       ret = xt_register_target(&classify_reg);
+       ret = xt_register_target(AF_INET, &classify_reg);
        if (ret)
                return ret;
 
-       ret = xt_register_target(&classify6_reg);
+       ret = xt_register_target(AF_INET6, &classify6_reg);
        if (ret)
-               xt_unregister_target(&classify_reg);
+               xt_unregister_target(AF_INET, &classify_reg);
 
        return ret;
 }
 
-static void __exit xt_classify_fini(void)
+static void __exit fini(void)
 {
-       xt_unregister_target(&classify_reg);
-       xt_unregister_target(&classify6_reg);
+       xt_unregister_target(AF_INET, &classify_reg);
+       xt_unregister_target(AF_INET6, &classify6_reg);
 }
 
-module_init(xt_classify_init);
-module_exit(xt_classify_fini);
+module_init(init);
+module_exit(fini);