netfilter: xtables: do centralized checkentry call (1/2)
It used to be that {ip,ip6,etc}_tables called extension->checkentry
themselves, but this can be moved into the xtables core.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 7d8ead5..7ee72b7 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -340,15 +340,11 @@
m->u.match = match;
ret = xt_check_match(match, NFPROTO_BRIDGE, m->match_size,
- name, hookmask, e->ethproto, e->invflags & EBT_IPROTO);
+ name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
+ e, m->data);
if (ret < 0) {
module_put(match->me);
return ret;
- } else if (match->checkentry != NULL &&
- !match->checkentry(name, e, NULL, m->data, hookmask)) {
- module_put(match->me);
- BUGPRINT("match->check failed\n");
- return -EINVAL;
}
(*cnt)++;
@@ -377,15 +373,11 @@
w->u.watcher = watcher;
ret = xt_check_target(watcher, NFPROTO_BRIDGE, w->watcher_size,
- name, hookmask, e->ethproto, e->invflags & EBT_IPROTO);
+ name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
+ e, w->data);
if (ret < 0) {
module_put(watcher->me);
return ret;
- } else if (watcher->checkentry != NULL &&
- !watcher->checkentry(name, e, NULL, w->data, hookmask)) {
- module_put(watcher->me);
- BUGPRINT("watcher->check failed\n");
- return -EINVAL;
}
(*cnt)++;
@@ -692,15 +684,11 @@
}
ret = xt_check_target(target, NFPROTO_BRIDGE, t->target_size,
- name, hookmask, e->ethproto, e->invflags & EBT_IPROTO);
+ name, hookmask, e->ethproto, e->invflags & EBT_IPROTO,
+ e, t->data);
if (ret < 0) {
module_put(target->me);
goto cleanup_watchers;
- } else if (t->u.target->checkentry &&
- !t->u.target->checkentry(name, e, NULL, t->data, hookmask)) {
- module_put(t->u.target->me);
- ret = -EINVAL;
- goto cleanup_watchers;
}
(*cnt)++;
return 0;