[NETFILTER]: Convert x_tables matches/targets to centralized error checking
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c
index 669c811..9d01f07 100644
--- a/net/netfilter/xt_tcpudp.c
+++ b/net/netfilter/xt_tcpudp.c
@@ -142,35 +142,12 @@
unsigned int matchsize,
unsigned int hook_mask)
{
- const struct ipt_ip *ip = info;
const struct xt_tcp *tcpinfo = matchinfo;
- /* Must specify proto == TCP, and no unknown invflags */
- return ip->proto == IPPROTO_TCP
- && !(ip->invflags & XT_INV_PROTO)
- && matchsize == XT_ALIGN(sizeof(struct xt_tcp))
- && !(tcpinfo->invflags & ~XT_TCP_INV_MASK);
+ /* Must specify no unknown invflags */
+ return !(tcpinfo->invflags & ~XT_TCP_INV_MASK);
}
-/* Called when user tries to insert an entry of this type. */
-static int
-tcp6_checkentry(const char *tablename,
- const void *entry,
- void *matchinfo,
- unsigned int matchsize,
- unsigned int hook_mask)
-{
- const struct ip6t_ip6 *ipv6 = entry;
- const struct xt_tcp *tcpinfo = matchinfo;
-
- /* Must specify proto == TCP, and no unknown invflags */
- return ipv6->proto == IPPROTO_TCP
- && !(ipv6->invflags & XT_INV_PROTO)
- && matchsize == XT_ALIGN(sizeof(struct xt_tcp))
- && !(tcpinfo->invflags & ~XT_TCP_INV_MASK);
-}
-
-
static int
udp_match(const struct sk_buff *skb,
const struct net_device *in,
@@ -209,86 +186,47 @@
udp_checkentry(const char *tablename,
const void *info,
void *matchinfo,
- unsigned int matchinfosize,
+ unsigned int matchsize,
unsigned int hook_mask)
{
- const struct ipt_ip *ip = info;
- const struct xt_udp *udpinfo = matchinfo;
+ const struct xt_tcp *udpinfo = matchinfo;
- /* Must specify proto == UDP, and no unknown invflags */
- if (ip->proto != IPPROTO_UDP || (ip->invflags & XT_INV_PROTO)) {
- duprintf("ipt_udp: Protocol %u != %u\n", ip->proto,
- IPPROTO_UDP);
- return 0;
- }
- if (matchinfosize != XT_ALIGN(sizeof(struct xt_udp))) {
- duprintf("ipt_udp: matchsize %u != %u\n",
- matchinfosize, XT_ALIGN(sizeof(struct xt_udp)));
- return 0;
- }
- if (udpinfo->invflags & ~XT_UDP_INV_MASK) {
- duprintf("ipt_udp: unknown flags %X\n",
- udpinfo->invflags);
- return 0;
- }
-
- return 1;
-}
-
-/* Called when user tries to insert an entry of this type. */
-static int
-udp6_checkentry(const char *tablename,
- const void *entry,
- void *matchinfo,
- unsigned int matchinfosize,
- unsigned int hook_mask)
-{
- const struct ip6t_ip6 *ipv6 = entry;
- const struct xt_udp *udpinfo = matchinfo;
-
- /* Must specify proto == UDP, and no unknown invflags */
- if (ipv6->proto != IPPROTO_UDP || (ipv6->invflags & XT_INV_PROTO)) {
- duprintf("ip6t_udp: Protocol %u != %u\n", ipv6->proto,
- IPPROTO_UDP);
- return 0;
- }
- if (matchinfosize != XT_ALIGN(sizeof(struct xt_udp))) {
- duprintf("ip6t_udp: matchsize %u != %u\n",
- matchinfosize, XT_ALIGN(sizeof(struct xt_udp)));
- return 0;
- }
- if (udpinfo->invflags & ~XT_UDP_INV_MASK) {
- duprintf("ip6t_udp: unknown flags %X\n",
- udpinfo->invflags);
- return 0;
- }
-
- return 1;
+ /* Must specify no unknown invflags */
+ return !(udpinfo->invflags & ~XT_UDP_INV_MASK);
}
static struct xt_match tcp_matchstruct = {
.name = "tcp",
- .match = &tcp_match,
- .checkentry = &tcp_checkentry,
+ .match = tcp_match,
+ .matchsize = sizeof(struct xt_tcp),
+ .proto = IPPROTO_TCP,
+ .checkentry = tcp_checkentry,
.me = THIS_MODULE,
};
+
static struct xt_match tcp6_matchstruct = {
.name = "tcp",
- .match = &tcp_match,
- .checkentry = &tcp6_checkentry,
+ .match = tcp_match,
+ .matchsize = sizeof(struct xt_tcp),
+ .proto = IPPROTO_TCP,
+ .checkentry = tcp_checkentry,
.me = THIS_MODULE,
};
static struct xt_match udp_matchstruct = {
.name = "udp",
- .match = &udp_match,
- .checkentry = &udp_checkentry,
+ .match = udp_match,
+ .matchsize = sizeof(struct xt_udp),
+ .proto = IPPROTO_UDP,
+ .checkentry = udp_checkentry,
.me = THIS_MODULE,
};
static struct xt_match udp6_matchstruct = {
.name = "udp",
- .match = &udp_match,
- .checkentry = &udp6_checkentry,
+ .match = udp_match,
+ .matchsize = sizeof(struct xt_udp),
+ .proto = IPPROTO_UDP,
+ .checkentry = udp_checkentry,
.me = THIS_MODULE,
};