Skip to content

L
linux
Commit 3c2ad469 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files
Options

[NETFILTER]: Clean up table initialization 

- move arp_tables initial table structure definitions to arp_tables.h
  similar to ip_tables and ip6_tables

- use C99 initializers

- use initializer macros where possible
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 41a23b07
Hide whitespace changes
Inline Side-by-side
Showing with 238 additions and 510 deletions
include/linux/netfilter/x_tables.h
View file @ 3c2ad469
...@@ -54,6 +54,14 @@ struct xt_entry_target ...@@ -54,6 +54,14 @@ struct xt_entry_target
unsigned char data[0]; unsigned char data[0];
}; };
#define XT_TARGET_INIT(__name, __size) \
{ \
.target.u.user = { \
.target_size = XT_ALIGN(__size), \
.name = __name, \
}, \
}
struct xt_standard_target struct xt_standard_target
{ {
struct xt_entry_target target; struct xt_entry_target target;
......
include/linux/netfilter_arp/arp_tables.h
View file @ 3c2ad469
...@@ -238,6 +238,47 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e ...@@ -238,6 +238,47 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e
*/ */
#ifdef __KERNEL__ #ifdef __KERNEL__
/* Standard entry. */
struct arpt_standard
{
struct arpt_entry entry;
struct arpt_standard_target target;
};
struct arpt_error_target
{
struct arpt_entry_target target;
char errorname[ARPT_FUNCTION_MAXNAMELEN];
};
struct arpt_error
{
struct arpt_entry entry;
struct arpt_error_target target;
};
#define ARPT_ENTRY_INIT(__size) \
{ \
.target_offset = sizeof(struct arpt_entry), \
.next_offset = (__size), \
}
#define ARPT_STANDARD_INIT(__verdict) \
{ \
.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \
.target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \
sizeof(struct arpt_standard_target)), \
.target.verdict = -(__verdict) - 1, \
}
#define ARPT_ERROR_INIT \
{ \
.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_error)), \
.target = XT_TARGET_INIT(ARPT_ERROR_TARGET, \
sizeof(struct arpt_error_target)), \
.target.errorname = "ERROR", \
}
#define arpt_register_target(tgt) \ #define arpt_register_target(tgt) \
({ (tgt)->family = NF_ARP; \ ({ (tgt)->family = NF_ARP; \
xt_register_target(tgt); }) xt_register_target(tgt); })
......
include/linux/netfilter_ipv4/ip_tables.h
View file @ 3c2ad469
...@@ -295,6 +295,28 @@ struct ipt_error ...@@ -295,6 +295,28 @@ struct ipt_error
struct ipt_error_target target; struct ipt_error_target target;
}; };
#define IPT_ENTRY_INIT(__size) \
{ \
.target_offset = sizeof(struct ipt_entry), \
.next_offset = (__size), \
}
#define IPT_STANDARD_INIT(__verdict) \
{ \
.entry = IPT_ENTRY_INIT(sizeof(struct ipt_standard)), \
.target = XT_TARGET_INIT(IPT_STANDARD_TARGET, \
sizeof(struct xt_standard_target)), \
.target.verdict = -(__verdict) - 1, \
}
#define IPT_ERROR_INIT \
{ \
.entry = IPT_ENTRY_INIT(sizeof(struct ipt_error)), \
.target = XT_TARGET_INIT(IPT_ERROR_TARGET, \
sizeof(struct ipt_error_target)), \
.target.errorname = "ERROR", \
}
extern unsigned int ipt_do_table(struct sk_buff **pskb, extern unsigned int ipt_do_table(struct sk_buff **pskb,
unsigned int hook, unsigned int hook,
const struct net_device *in, const struct net_device *in,
......
include/linux/netfilter_ipv6/ip6_tables.h
View file @ 3c2ad469
...@@ -123,6 +123,28 @@ struct ip6t_error ...@@ -123,6 +123,28 @@ struct ip6t_error
struct ip6t_error_target target; struct ip6t_error_target target;
}; };
#define IP6T_ENTRY_INIT(__size) \
{ \
.target_offset = sizeof(struct ip6t_entry), \
.next_offset = (__size), \
}
#define IP6T_STANDARD_INIT(__verdict) \
{ \
.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
.target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \
sizeof(struct ip6t_standard_target)), \
.target.verdict = -(__verdict) - 1, \
}
#define IP6T_ERROR_INIT \
{ \
.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \
.target = XT_TARGET_INIT(IP6T_ERROR_TARGET, \
sizeof(struct ip6t_error_target)), \
.target.errorname = "ERROR", \
}
/* /*
* New IP firewall options for [gs]etsockopt at the RAW IP level. * New IP firewall options for [gs]etsockopt at the RAW IP level.
* Unlike BSD Linux inherits IP options so you don't have to use * Unlike BSD Linux inherits IP options so you don't have to use
......
net/ipv4/netfilter/arptable_filter.c
View file @ 3c2ad469
...@@ -15,128 +15,34 @@ MODULE_DESCRIPTION("arptables filter table"); ...@@ -15,128 +15,34 @@ MODULE_DESCRIPTION("arptables filter table");
#define FILTER_VALID_HOOKS ((1 << NF_ARP_IN) | (1 << NF_ARP_OUT) | \ #define FILTER_VALID_HOOKS ((1 << NF_ARP_IN) | (1 << NF_ARP_OUT) | \
(1 << NF_ARP_FORWARD)) (1 << NF_ARP_FORWARD))
/* Standard entry. */
struct arpt_standard
{
struct arpt_entry entry;
struct arpt_standard_target target;
};
struct arpt_error_target
{
struct arpt_entry_target target;
char errorname[ARPT_FUNCTION_MAXNAMELEN];
};
struct arpt_error
{
struct arpt_entry entry;
struct arpt_error_target target;
};
static struct static struct
{ {
struct arpt_replace repl; struct arpt_replace repl;
struct arpt_standard entries[3]; struct arpt_standard entries[3];
struct arpt_error term; struct arpt_error term;
} initial_table __initdata } initial_table __initdata = {
= { { "filter", FILTER_VALID_HOOKS, 4, .repl = {
sizeof(struct arpt_standard) * 3 + sizeof(struct arpt_error), .name = "filter",
{ [NF_ARP_IN] = 0, .valid_hooks = FILTER_VALID_HOOKS,
[NF_ARP_OUT] = sizeof(struct arpt_standard), .num_entries = 4,
[NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard), }, .size = sizeof(struct arpt_standard) * 3 + sizeof(struct arpt_error),
{ [NF_ARP_IN] = 0, .hook_entry = {
[NF_ARP_OUT] = sizeof(struct arpt_standard), [NF_ARP_IN] = 0,
[NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard), }, [NF_ARP_OUT] = sizeof(struct arpt_standard),
0, NULL, { } }, [NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard),
{ },
/* ARP_IN */ .underflow = {
{ [NF_ARP_IN] = 0,
{ [NF_ARP_OUT] = sizeof(struct arpt_standard),
{ [NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard),
{ 0 }, { 0 }, { 0 }, { 0 }, },
0, 0, },
{ { 0, }, { 0, } }, .entries = {
{ { 0, }, { 0, } }, ARPT_STANDARD_INIT(NF_ACCEPT), /* ARP_IN */
0, 0, ARPT_STANDARD_INIT(NF_ACCEPT), /* ARP_OUT */
0, 0, ARPT_STANDARD_INIT(NF_ACCEPT), /* ARP_FORWARD */
0, 0, },
"", "", { 0 }, { 0 }, .term = ARPT_ERROR_INIT,
0, 0
},
sizeof(struct arpt_entry),
sizeof(struct arpt_standard),
0,
{ 0, 0 }, { } },
{ { { { ARPT_ALIGN(sizeof(struct arpt_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 }
},
/* ARP_OUT */
{
{
{
{ 0 }, { 0 }, { 0 }, { 0 },
0, 0,
{ { 0, }, { 0, } },
{ { 0, }, { 0, } },
0, 0,
0, 0,
0, 0,
"", "", { 0 }, { 0 },
0, 0
},
sizeof(struct arpt_entry),
sizeof(struct arpt_standard),
0,
{ 0, 0 }, { } },
{ { { { ARPT_ALIGN(sizeof(struct arpt_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 }
},
/* ARP_FORWARD */
{
{
{
{ 0 }, { 0 }, { 0 }, { 0 },
0, 0,
{ { 0, }, { 0, } },
{ { 0, }, { 0, } },
0, 0,
0, 0,
0, 0,
"", "", { 0 }, { 0 },
0, 0
},
sizeof(struct arpt_entry),
sizeof(struct arpt_standard),
0,
{ 0, 0 }, { } },
{ { { { ARPT_ALIGN(sizeof(struct arpt_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 }
}
},
/* ERROR */
{
{
{
{ 0 }, { 0 }, { 0 }, { 0 },
0, 0,
{ { 0, }, { 0, } },
{ { 0, }, { 0, } },
0, 0,
0, 0,
0, 0,
"", "", { 0 }, { 0 },
0, 0
},
sizeof(struct arpt_entry),
sizeof(struct arpt_error),
0,
{ 0, 0 }, { } },
{ { { { ARPT_ALIGN(sizeof(struct arpt_error_target)), ARPT_ERROR_TARGET } },
{ } },
"ERROR"
}
}
}; };
static struct arpt_table packet_filter = { static struct arpt_table packet_filter = {
......
net/ipv4/netfilter/iptable_filter.c
View file @ 3c2ad469
...@@ -26,53 +26,29 @@ static struct ...@@ -26,53 +26,29 @@ static struct
struct ipt_replace repl; struct ipt_replace repl;
struct ipt_standard entries[3]; struct ipt_standard entries[3];
struct ipt_error term; struct ipt_error term;
} initial_table __initdata } initial_table __initdata = {
= { { "filter", FILTER_VALID_HOOKS, 4, .repl = {
sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), .name = "filter",
{ [NF_IP_LOCAL_IN] = 0, .valid_hooks = FILTER_VALID_HOOKS,
[NF_IP_FORWARD] = sizeof(struct ipt_standard), .num_entries = 4,
[NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 }, .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error),
{ [NF_IP_LOCAL_IN] = 0, .hook_entry = {
[NF_IP_FORWARD] = sizeof(struct ipt_standard), [NF_IP_LOCAL_IN] = 0,
[NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 }, [NF_IP_FORWARD] = sizeof(struct ipt_standard),
0, NULL, { } }, [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2,
{ },
/* LOCAL_IN */ .underflow = {
{ { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, [NF_IP_LOCAL_IN] = 0,
0, [NF_IP_FORWARD] = sizeof(struct ipt_standard),
sizeof(struct ipt_entry), [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2,
sizeof(struct ipt_standard), },
0, { 0, 0 }, { } }, },
{ { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, .entries = {
-NF_ACCEPT - 1 } }, IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_IN */
/* FORWARD */ IPT_STANDARD_INIT(NF_ACCEPT), /* FORWARD */
{ { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */
0, },
sizeof(struct ipt_entry), .term = IPT_ERROR_INIT, /* ERROR */
sizeof(struct ipt_standard),
0, { 0, 0 }, { } },
{ { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 } },
/* LOCAL_OUT */
{ { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0,
sizeof(struct ipt_entry),
sizeof(struct ipt_standard),
0, { 0, 0 }, { } },
{ { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 } }
},
/* ERROR */
{ { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0,
sizeof(struct ipt_entry),
sizeof(struct ipt_error),
0, { 0, 0 }, { } },
{ { { { IPT_ALIGN(sizeof(struct ipt_error_target)), IPT_ERROR_TARGET } },
{ } },
"ERROR"
}
}
}; };
static struct xt_table packet_filter = { static struct xt_table packet_filter = {
......
net/ipv4/netfilter/iptable_mangle.c
View file @ 3c2ad469
...@@ -33,73 +33,35 @@ static struct ...@@ -33,73 +33,35 @@ static struct
struct ipt_replace repl; struct ipt_replace repl;
struct ipt_standard entries[5]; struct ipt_standard entries[5];
struct ipt_error term; struct ipt_error term;
} initial_table __initdata } initial_table __initdata = {
= { { "mangle", MANGLE_VALID_HOOKS, 6, .repl = {
sizeof(struct ipt_standard) * 5 + sizeof(struct ipt_error), .name = "mangle",
{ [NF_IP_PRE_ROUTING] = 0, .valid_hooks = MANGLE_VALID_HOOKS,
[NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), .num_entries = 6,
[NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, .size = sizeof(struct ipt_standard) * 5 + sizeof(struct ipt_error),
[NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, .hook_entry = {
[NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4 }, [NF_IP_PRE_ROUTING] = 0,
{ [NF_IP_PRE_ROUTING] = 0, [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard),
[NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2,
[NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3,
[NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4,
[NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4 }, },
0, NULL, { } }, .underflow = {
{ [NF_IP_PRE_ROUTING] = 0,
/* PRE_ROUTING */ [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard),
{ { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2,
0, [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3,
sizeof(struct ipt_entry), [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4,
sizeof(struct ipt_standard), },
0, { 0, 0 }, { } }, },
{ { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, .entries = {
-NF_ACCEPT - 1 } }, IPT_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */
/* LOCAL_IN */ IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_IN */
{ { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, IPT_STANDARD_INIT(NF_ACCEPT), /* FORWARD */
0, IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */
sizeof(struct ipt_entry), IPT_STANDARD_INIT(NF_ACCEPT), /* POST_ROUTING */
sizeof(struct ipt_standard), },
0, { 0, 0 }, { } }, .term = IPT_ERROR_INIT, /* ERROR */
{ { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 } },
/* FORWARD */
{ { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0,
sizeof(struct ipt_entry),
sizeof(struct ipt_standard),
0, { 0, 0 }, { } },
{ { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 } },
/* LOCAL_OUT */
{ { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0,
sizeof(struct ipt_entry),
sizeof(struct ipt_standard),
0, { 0, 0 }, { } },
{ { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 } },
/* POST_ROUTING */
{ { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0,
sizeof(struct ipt_entry),
sizeof(struct ipt_standard),
0, { 0, 0 }, { } },
{ { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 } },
},
/* ERROR */
{ { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0,
sizeof(struct ipt_entry),
sizeof(struct ipt_error),
0, { 0, 0 }, { } },
{ { { { IPT_ALIGN(sizeof(struct ipt_error_target)), IPT_ERROR_TARGET } },
{ } },
"ERROR"
}
}
}; };
static struct xt_table packet_mangler = { static struct xt_table packet_mangler = {
......
net/ipv4/netfilter/iptable_raw.c
View file @ 3c2ad469
...@@ -21,62 +21,18 @@ static struct ...@@ -21,62 +21,18 @@ static struct
.size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error), .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error),
.hook_entry = { .hook_entry = {
[NF_IP_PRE_ROUTING] = 0, [NF_IP_PRE_ROUTING] = 0,
[NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) }, [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard)
},
.underflow = { .underflow = {
[NF_IP_PRE_ROUTING] = 0, [NF_IP_PRE_ROUTING] = 0,
[NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) }, [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard)
},
}, },
.entries = { .entries = {
/* PRE_ROUTING */ IPT_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */
{ IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */
.entry = {
.target_offset = sizeof(struct ipt_entry),
.next_offset = sizeof(struct ipt_standard),
},
.target = {
.target = {
.u = {
.target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)),
},
},
.verdict = -NF_ACCEPT - 1,
},
},
/* LOCAL_OUT */
{
.entry = {
.target_offset = sizeof(struct ipt_entry),
.next_offset = sizeof(struct ipt_standard),
},
.target = {
.target = {
.u = {
.target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)),
},
},
.verdict = -NF_ACCEPT - 1,
},
},
}, },
/* ERROR */ .term = IPT_ERROR_INIT, /* ERROR */
.term = {
.entry = {
.target_offset = sizeof(struct ipt_entry),
.next_offset = sizeof(struct ipt_error),
},
.target = {
.target = {
.u = {
.user = {
.target_size = IPT_ALIGN(sizeof(struct ipt_error_target)),
.name = IPT_ERROR_TARGET,
},
},
},
.errorname = "ERROR",
},
}
}; };
static struct xt_table packet_raw = { static struct xt_table packet_raw = {
......
net/ipv4/netfilter/nf_nat_rule.c
View file @ 3c2ad469
...@@ -46,77 +46,20 @@ static struct ...@@ -46,77 +46,20 @@ static struct
.hook_entry = { .hook_entry = {
[NF_IP_PRE_ROUTING] = 0, [NF_IP_PRE_ROUTING] = 0,
[NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard),
[NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 }, [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2
},
.underflow = { .underflow = {
[NF_IP_PRE_ROUTING] = 0, [NF_IP_PRE_ROUTING] = 0,
[NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard),
[NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 }, [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2
},
}, },
.entries = { .entries = {
/* PRE_ROUTING */ IPT_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */
{ IPT_STANDARD_INIT(NF_ACCEPT), /* POST_ROUTING */
.entry = { IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */
.target_offset = sizeof(struct ipt_entry),
.next_offset = sizeof(struct ipt_standard),
},
.target = {
.target = {
.u = {
.target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)),
},
},
.verdict = -NF_ACCEPT - 1,
},
},
/* POST_ROUTING */
{
.entry = {
.target_offset = sizeof(struct ipt_entry),
.next_offset = sizeof(struct ipt_standard),
},
.target = {
.target = {
.u = {
.target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)),
},
},
.verdict = -NF_ACCEPT - 1,
},
},
/* LOCAL_OUT */
{
.entry = {
.target_offset = sizeof(struct ipt_entry),
.next_offset = sizeof(struct ipt_standard),
},
.target = {
.target = {
.u = {
.target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)),
},
},
.verdict = -NF_ACCEPT - 1,
},
},
}, },
/* ERROR */ .term = IPT_ERROR_INIT, /* ERROR */
.term = {
.entry = {
.target_offset = sizeof(struct ipt_entry),
.next_offset = sizeof(struct ipt_error),
},
.target = {
.target = {
.u = {
.user = {
.target_size = IPT_ALIGN(sizeof(struct ipt_error_target)),
.name = IPT_ERROR_TARGET,
},
},
},
.errorname = "ERROR",
},
}
}; };
static struct xt_table nat_table = { static struct xt_table nat_table = {
......
net/ipv6/netfilter/ip6table_filter.c
View file @ 3c2ad469
...@@ -24,53 +24,29 @@ static struct ...@@ -24,53 +24,29 @@ static struct
struct ip6t_replace repl; struct ip6t_replace repl;
struct ip6t_standard entries[3]; struct ip6t_standard entries[3];
struct ip6t_error term; struct ip6t_error term;
} initial_table __initdata } initial_table __initdata = {
= { { "filter", FILTER_VALID_HOOKS, 4, .repl = {
sizeof(struct ip6t_standard) * 3 + sizeof(struct ip6t_error), .name = "filter",
{ [NF_IP6_LOCAL_IN] = 0, .valid_hooks = FILTER_VALID_HOOKS,
[NF_IP6_FORWARD] = sizeof(struct ip6t_standard), .num_entries = 4,
[NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2 }, .size = sizeof(struct ip6t_standard) * 3 + sizeof(struct ip6t_error),
{ [NF_IP6_LOCAL_IN] = 0, .hook_entry = {
[NF_IP6_FORWARD] = sizeof(struct ip6t_standard), [NF_IP6_LOCAL_IN] = 0,
[NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2 }, [NF_IP6_FORWARD] = sizeof(struct ip6t_standard),
0, NULL, { } }, [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2
{ },
/* LOCAL_IN */ .underflow = {
{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, [NF_IP6_LOCAL_IN] = 0,
0, [NF_IP6_FORWARD] = sizeof(struct ip6t_standard),
sizeof(struct ip6t_entry), [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2
sizeof(struct ip6t_standard), },
0, { 0, 0 }, { } }, },
{ { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } }, .entries = {
-NF_ACCEPT - 1 } }, IP6T_STANDARD_INIT(NF_ACCEPT), /* LOCAL_IN */
/* FORWARD */ IP6T_STANDARD_INIT(NF_ACCEPT), /* FORWARD */
{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, IP6T_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */
0, },
sizeof(struct ip6t_entry), .term = IP6T_ERROR_INIT, /* ERROR */
sizeof(struct ip6t_standard),
0, { 0, 0 }, { } },
{ { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 } },
/* LOCAL_OUT */
{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0,
sizeof(struct ip6t_entry),
sizeof(struct ip6t_standard),
0, { 0, 0 }, { } },
{ { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 } }
},
/* ERROR */
{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0,
sizeof(struct ip6t_entry),
sizeof(struct ip6t_error),
0, { 0, 0 }, { } },
{ { { { IP6T_ALIGN(sizeof(struct ip6t_error_target)), IP6T_ERROR_TARGET } },
{ } },
"ERROR"
}
}
}; };
static struct xt_table packet_filter = { static struct xt_table packet_filter = {
......
net/ipv6/netfilter/ip6table_mangle.c
View file @ 3c2ad469
...@@ -32,73 +32,35 @@ static struct ...@@ -32,73 +32,35 @@ static struct
struct ip6t_replace repl; struct ip6t_replace repl;
struct ip6t_standard entries[5]; struct ip6t_standard entries[5];
struct ip6t_error term; struct ip6t_error term;
} initial_table __initdata } initial_table __initdata = {
= { { "mangle", MANGLE_VALID_HOOKS, 6, .repl = {
sizeof(struct ip6t_standard) * 5 + sizeof(struct ip6t_error), .name = "mangle",
{ [NF_IP6_PRE_ROUTING] = 0, .valid_hooks = MANGLE_VALID_HOOKS,
[NF_IP6_LOCAL_IN] = sizeof(struct ip6t_standard), .num_entries = 6,
[NF_IP6_FORWARD] = sizeof(struct ip6t_standard) * 2, .size = sizeof(struct ip6t_standard) * 5 + sizeof(struct ip6t_error),
[NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3, .hook_entry = {
[NF_IP6_POST_ROUTING] = sizeof(struct ip6t_standard) * 4}, [NF_IP6_PRE_ROUTING] = 0,
{ [NF_IP6_PRE_ROUTING] = 0, [NF_IP6_LOCAL_IN] = sizeof(struct ip6t_standard),
[NF_IP6_LOCAL_IN] = sizeof(struct ip6t_standard), [NF_IP6_FORWARD] = sizeof(struct ip6t_standard) * 2,
[NF_IP6_FORWARD] = sizeof(struct ip6t_standard) * 2, [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3,
[NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3, [NF_IP6_POST_ROUTING] = sizeof(struct ip6t_standard) * 4,
[NF_IP6_POST_ROUTING] = sizeof(struct ip6t_standard) * 4}, },
0, NULL, { } }, .underflow = {
{ [NF_IP6_PRE_ROUTING] = 0,
/* PRE_ROUTING */ [NF_IP6_LOCAL_IN] = sizeof(struct ip6t_standard),
{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, [NF_IP6_FORWARD] = sizeof(struct ip6t_standard) * 2,
0, [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3,
sizeof(struct ip6t_entry), [NF_IP6_POST_ROUTING] = sizeof(struct ip6t_standard) * 4,
sizeof(struct ip6t_standard), },
0, { 0, 0 }, { } }, },
{ { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } }, .entries = {
-NF_ACCEPT - 1 } }, IP6T_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */
/* LOCAL_IN */ IP6T_STANDARD_INIT(NF_ACCEPT), /* LOCAL_IN */
{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 }, IP6T_STANDARD_INIT(NF_ACCEPT), /* FORWARD */
0, IP6T_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */
sizeof(struct ip6t_entry), IP6T_STANDARD_INIT(NF_ACCEPT), /* POST_ROUTING */
sizeof(struct ip6t_standard), },
0, { 0, 0 }, { } }, .term = IP6T_ERROR_INIT, /* ERROR */
{ { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 } },
/* FORWARD */
{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0,
sizeof(struct ip6t_entry),
sizeof(struct ip6t_standard),
0, { 0, 0 }, { } },
{ { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 } },
/* LOCAL_OUT */
{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0,
sizeof(struct ip6t_entry),
sizeof(struct ip6t_standard),
0, { 0, 0 }, { } },
{ { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 } },
/* POST_ROUTING */
{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0,
sizeof(struct ip6t_entry),
sizeof(struct ip6t_standard),
0, { 0, 0 }, { } },
{ { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 } }
},
/* ERROR */
{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0,
sizeof(struct ip6t_entry),
sizeof(struct ip6t_error),
0, { 0, 0 }, { } },
{ { { { IP6T_ALIGN(sizeof(struct ip6t_error_target)), IP6T_ERROR_TARGET } },
{ } },
"ERROR"
}
}
}; };
static struct xt_table packet_mangler = { static struct xt_table packet_mangler = {
......
net/ipv6/netfilter/ip6table_raw.c
View file @ 3c2ad469
...@@ -35,56 +35,10 @@ static struct ...@@ -35,56 +35,10 @@ static struct
}, },
}, },
.entries = { .entries = {
/* PRE_ROUTING */ IP6T_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */
{ IP6T_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */
.entry = {
.target_offset = sizeof(struct ip6t_entry),
.next_offset = sizeof(struct ip6t_standard),
},
.target = {
.target = {
.u = {
.target_size = IP6T_ALIGN(sizeof(struct ip6t_standard_target)),
},
},
.verdict = -NF_ACCEPT - 1,
},
},
/* LOCAL_OUT */
{
.entry = {
.target_offset = sizeof(struct ip6t_entry),
.next_offset = sizeof(struct ip6t_standard),
},
.target = {
.target = {
.u = {
.target_size = IP6T_ALIGN(sizeof(struct ip6t_standard_target)),
},
},
.verdict = -NF_ACCEPT - 1,
},
},
}, },
/* ERROR */ .term = IP6T_ERROR_INIT, /* ERROR */
.term = {
.entry = {
.target_offset = sizeof(struct ip6t_entry),
.next_offset = sizeof(struct ip6t_error),
},
.target = {
.target = {
.u = {
.user = {
.target_size = IP6T_ALIGN(sizeof(struct ip6t_error_target)),
.name = IP6T_ERROR_TARGET,
},
},
},
.errorname = "ERROR",
},
}
}; };
static struct xt_table packet_raw = { static struct xt_table packet_raw = {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7