Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

netfilter: ebtables: use generic table checking

Ebtables ORs (1 << NF_BR_NUMHOOKS) into the hook mask to indicate that
the extension was called from a base chain. So this also needs to be
present in the extensions' ->hooks.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Jan Engelhardt 16 years ago
parent
102befab75
commit
f2ff525c8d
4 changed files with 8 additions and 6 deletions
Split View Show Diff Stats
  1. 2 2
      net/bridge/netfilter/ebt_arpreply.c
  2. 2 0
      net/bridge/netfilter/ebt_dnat.c
  3. 2 0
      net/bridge/netfilter/ebt_redirect.c
  4. 2 4
      net/bridge/netfilter/ebt_snat.c

+ 2 - 2
net/bridge/netfilter/ebt_arpreply.c
View File 

@@ -73,8 +73,6 @@ ebt_arpreply_tg_check(const char *tablename, const void *entry,
 
 	    e->invflags & EBT_IPROTO)
 
 		return false;
 
 	CLEAR_BASE_CHAIN_BIT;
 
-	if (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING))
 
-		return false;
 
 	return true;
 
 }
 
 
@@ -82,6 +80,8 @@ static struct xt_target ebt_arpreply_tg_reg __read_mostly = {
 
 	.name		= "arpreply",
 
 	.revision	= 0,
 
 	.family		= NFPROTO_BRIDGE,
 
+	.table		= "nat",
 
+	.hooks		= (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING),
 
 	.target		= ebt_arpreply_tg,
 
 	.checkentry	= ebt_arpreply_tg_check,
 
 	.targetsize	= XT_ALIGN(sizeof(struct ebt_arpreply_info)),

+ 2 - 0
net/bridge/netfilter/ebt_dnat.c
View File 

@@ -51,6 +51,8 @@ static struct xt_target ebt_dnat_tg_reg __read_mostly = {
 
 	.name		= "dnat",
 
 	.revision	= 0,
 
 	.family		= NFPROTO_BRIDGE,
 
+	.hooks		= (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING) |
 
+			  (1 << NF_BR_LOCAL_OUT) | (1 << NF_BR_BROUTING),
 
 	.target		= ebt_dnat_tg,
 
 	.checkentry	= ebt_dnat_tg_check,
 
 	.targetsize	= XT_ALIGN(sizeof(struct ebt_nat_info)),

+ 2 - 0
net/bridge/netfilter/ebt_redirect.c
View File 

@@ -56,6 +56,8 @@ static struct xt_target ebt_redirect_tg_reg __read_mostly = {
 
 	.name		= "redirect",
 
 	.revision	= 0,
 
 	.family		= NFPROTO_BRIDGE,
 
+	.hooks		= (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING) |
 
+			  (1 << NF_BR_BROUTING),
 
 	.target		= ebt_redirect_tg,
 
 	.checkentry	= ebt_redirect_tg_check,
 
 	.targetsize	= XT_ALIGN(sizeof(struct ebt_redirect_info)),

+ 2 - 4
net/bridge/netfilter/ebt_snat.c
View File 

@@ -56,10 +56,6 @@ ebt_snat_tg_check(const char *tablename, const void *e,
 
 	if (BASE_CHAIN && tmp == EBT_RETURN)
 
 		return false;
 
 	CLEAR_BASE_CHAIN_BIT;
 
-	if (strcmp(tablename, "nat"))
 
-		return false;
 
-	if (hookmask & ~(1 << NF_BR_POST_ROUTING))
 
-		return false;
 
 
 	if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0)
 
 		return false;
 
@@ -73,6 +69,8 @@ static struct xt_target ebt_snat_tg_reg __read_mostly = {
 
 	.name		= "snat",
 
 	.revision	= 0,
 
 	.family		= NFPROTO_BRIDGE,
 
+	.table		= "nat",
 
+	.hooks		= (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_POST_ROUTING),
 
 	.target		= ebt_snat_tg,
 
 	.checkentry	= ebt_snat_tg_check,
 
 	.targetsize	= XT_ALIGN(sizeof(struct ebt_nat_info)),