diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-11 09:33:18 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-11 09:33:18 -0700 |
commit | 4dd9ec4946b4651a295d3bc8df9c15ac692a8f4e (patch) | |
tree | afb300c752de7175bb2df4722d5c857e070c75d9 /net/netfilter/xt_policy.c | |
parent | 86ed5a93b8b56e4e0877b914af0e10883a196384 (diff) | |
parent | 6861ff35ec5b60fafaf8651754c9a75142bfa9a4 (diff) |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1075 commits)
myri10ge: update driver version number to 1.4.3-1.369
r8169: add shutdown handler
r8169: preliminary 8168d support
r8169: support additional 8168cp chipset
r8169: change default behavior for mildly identified 8168c chipsets
r8169: add a new 8168cp flavor
r8169: add a new 8168c flavor (bis)
r8169: add a new 8168c flavor
r8169: sync existing 8168 device hardware start sequences with vendor driver
r8169: 8168b Tx performance tweak
r8169: make room for more specific 8168 hardware start procedure
r8169: shuffle some registers handling around (8168 operation only)
r8169: new phy init parameters for the 8168b
r8169: update phy init parameters
r8169: wake up the PHY of the 8168
af_key: fix SADB_X_SPDDELETE response
ath9k: Fix return code when ath9k_hw_setpower() fails on reset
ath9k: remove nasty FAIL macro from ath9k_hw_reset()
gre: minor cleanups in netlink interface
gre: fix copy and paste error
...
Diffstat (limited to 'net/netfilter/xt_policy.c')
-rw-r--r-- | net/netfilter/xt_policy.c | 34 |
1 files changed, 14 insertions, 20 deletions
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c index d351582b2a3..328bd20ddd2 100644 --- a/net/netfilter/xt_policy.c +++ b/net/netfilter/xt_policy.c @@ -26,9 +26,9 @@ xt_addr_cmp(const union nf_inet_addr *a1, const union nf_inet_addr *m, const union nf_inet_addr *a2, unsigned short family) { switch (family) { - case AF_INET: + case NFPROTO_IPV4: return ((a1->ip ^ a2->ip) & m->ip) == 0; - case AF_INET6: + case NFPROTO_IPV6: return ipv6_masked_addr_cmp(&a1->in6, &m->in6, &a2->in6) == 0; } return false; @@ -110,18 +110,15 @@ match_policy_out(const struct sk_buff *skb, const struct xt_policy_info *info, } static bool -policy_mt(const struct sk_buff *skb, const struct net_device *in, - const struct net_device *out, const struct xt_match *match, - const void *matchinfo, int offset, unsigned int protoff, - bool *hotdrop) +policy_mt(const struct sk_buff *skb, const struct xt_match_param *par) { - const struct xt_policy_info *info = matchinfo; + const struct xt_policy_info *info = par->matchinfo; int ret; if (info->flags & XT_POLICY_MATCH_IN) - ret = match_policy_in(skb, info, match->family); + ret = match_policy_in(skb, info, par->match->family); else - ret = match_policy_out(skb, info, match->family); + ret = match_policy_out(skb, info, par->match->family); if (ret < 0) ret = info->flags & XT_POLICY_MATCH_NONE ? true : false; @@ -131,26 +128,23 @@ policy_mt(const struct sk_buff *skb, const struct net_device *in, return ret; } -static bool -policy_mt_check(const char *tablename, const void *ip_void, - const struct xt_match *match, void *matchinfo, - unsigned int hook_mask) +static bool policy_mt_check(const struct xt_mtchk_param *par) { - const struct xt_policy_info *info = matchinfo; + const struct xt_policy_info *info = par->matchinfo; if (!(info->flags & (XT_POLICY_MATCH_IN|XT_POLICY_MATCH_OUT))) { printk(KERN_ERR "xt_policy: neither incoming nor " "outgoing policy selected\n"); return false; } - if (hook_mask & (1 << NF_INET_PRE_ROUTING | 1 << NF_INET_LOCAL_IN) - && info->flags & XT_POLICY_MATCH_OUT) { + if (par->hook_mask & ((1 << NF_INET_PRE_ROUTING) | + (1 << NF_INET_LOCAL_IN)) && info->flags & XT_POLICY_MATCH_OUT) { printk(KERN_ERR "xt_policy: output policy not valid in " "PRE_ROUTING and INPUT\n"); return false; } - if (hook_mask & (1 << NF_INET_POST_ROUTING | 1 << NF_INET_LOCAL_OUT) - && info->flags & XT_POLICY_MATCH_IN) { + if (par->hook_mask & ((1 << NF_INET_POST_ROUTING) | + (1 << NF_INET_LOCAL_OUT)) && info->flags & XT_POLICY_MATCH_IN) { printk(KERN_ERR "xt_policy: input policy not valid in " "POST_ROUTING and OUTPUT\n"); return false; @@ -165,7 +159,7 @@ policy_mt_check(const char *tablename, const void *ip_void, static struct xt_match policy_mt_reg[] __read_mostly = { { .name = "policy", - .family = AF_INET, + .family = NFPROTO_IPV4, .checkentry = policy_mt_check, .match = policy_mt, .matchsize = sizeof(struct xt_policy_info), @@ -173,7 +167,7 @@ static struct xt_match policy_mt_reg[] __read_mostly = { }, { .name = "policy", - .family = AF_INET6, + .family = NFPROTO_IPV6, .checkentry = policy_mt_check, .match = policy_mt, .matchsize = sizeof(struct xt_policy_info), |