X-Git-Url: http://pilppa.org/gitweb/gitweb.cgi?a=blobdiff_plain;f=net%2Fnetfilter%2Fxt_esp.c;h=609439967c2c67579d299e9e43218a7c362da8a8;hb=d450b5a0196b6442cf3f29fc611d9c8daa56b559;hp=b11378e001b6acb639873491606a62e16de8217d;hpb=e8b495fe09bc793ae26774e7b2667f7f658d56e2;p=linux-2.6-omap-h63xx.git diff --git a/net/netfilter/xt_esp.c b/net/netfilter/xt_esp.c index b11378e001b..609439967c2 100644 --- a/net/netfilter/xt_esp.c +++ b/net/netfilter/xt_esp.c @@ -20,7 +20,7 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Yon Uriarte "); -MODULE_DESCRIPTION("x_tables ESP SPI match module"); +MODULE_DESCRIPTION("Xtables: IPsec-ESP packet match"); MODULE_ALIAS("ipt_esp"); MODULE_ALIAS("ip6t_esp"); @@ -42,30 +42,23 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert) return r; } -static bool -match(const struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - const struct xt_match *match, - const void *matchinfo, - int offset, - unsigned int protoff, - bool *hotdrop) +static bool esp_mt(const struct sk_buff *skb, const struct xt_match_param *par) { - struct ip_esp_hdr _esp, *eh; - const struct xt_esp *espinfo = matchinfo; + const struct ip_esp_hdr *eh; + struct ip_esp_hdr _esp; + const struct xt_esp *espinfo = par->matchinfo; /* Must not be a fragment. */ - if (offset) + if (par->fragoff != 0) return false; - eh = skb_header_pointer(skb, protoff, sizeof(_esp), &_esp); + eh = skb_header_pointer(skb, par->thoff, sizeof(_esp), &_esp); if (eh == NULL) { /* We've been asked to examine this packet, and we * can't. Hence, no choice but to drop. */ duprintf("Dropping evil ESP tinygram.\n"); - *hotdrop = true; + *par->hotdrop = true; return false; } @@ -73,15 +66,9 @@ match(const struct sk_buff *skb, !!(espinfo->invflags & XT_ESP_INV_SPI)); } -/* Called when user tries to insert an entry of this type. */ -static bool -checkentry(const char *tablename, - const void *ip_void, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mask) +static bool esp_mt_check(const struct xt_mtchk_param *par) { - const struct xt_esp *espinfo = matchinfo; + const struct xt_esp *espinfo = par->matchinfo; if (espinfo->invflags & ~XT_ESP_INV_MASK) { duprintf("xt_esp: unknown flags %X\n", espinfo->invflags); @@ -91,36 +78,36 @@ checkentry(const char *tablename, return true; } -static struct xt_match xt_esp_match[] __read_mostly = { +static struct xt_match esp_mt_reg[] __read_mostly = { { .name = "esp", - .family = AF_INET, - .checkentry = checkentry, - .match = match, + .family = NFPROTO_IPV4, + .checkentry = esp_mt_check, + .match = esp_mt, .matchsize = sizeof(struct xt_esp), .proto = IPPROTO_ESP, .me = THIS_MODULE, }, { .name = "esp", - .family = AF_INET6, - .checkentry = checkentry, - .match = match, + .family = NFPROTO_IPV6, + .checkentry = esp_mt_check, + .match = esp_mt, .matchsize = sizeof(struct xt_esp), .proto = IPPROTO_ESP, .me = THIS_MODULE, }, }; -static int __init xt_esp_init(void) +static int __init esp_mt_init(void) { - return xt_register_matches(xt_esp_match, ARRAY_SIZE(xt_esp_match)); + return xt_register_matches(esp_mt_reg, ARRAY_SIZE(esp_mt_reg)); } -static void __exit xt_esp_cleanup(void) +static void __exit esp_mt_exit(void) { - xt_unregister_matches(xt_esp_match, ARRAY_SIZE(xt_esp_match)); + xt_unregister_matches(esp_mt_reg, ARRAY_SIZE(esp_mt_reg)); } -module_init(xt_esp_init); -module_exit(xt_esp_cleanup); +module_init(esp_mt_init); +module_exit(esp_mt_exit);