diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2008-10-08 11:35:15 +0200 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 11:35:15 +0200 |
commit | f2ff525c8dae57b3cda51d76443f60f764f34202 (patch) | |
tree | b28a6ed575375014dc14fc5b758e3d6da64977c2 /net | |
parent | netfilter: x_tables: output bad hook mask in hexadecimal (diff) | |
download | linux-f2ff525c8dae57b3cda51d76443f60f764f34202.tar.xz linux-f2ff525c8dae57b3cda51d76443f60f764f34202.zip |
netfilter: ebtables: use generic table checking
Ebtables ORs (1 << NF_BR_NUMHOOKS) into the hook mask to indicate that
the extension was called from a base chain. So this also needs to be
present in the extensions' ->hooks.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/bridge/netfilter/ebt_arpreply.c | 4 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_dnat.c | 2 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_redirect.c | 2 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_snat.c | 6 |
4 files changed, 8 insertions, 6 deletions
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c index 8071b64af46f..0e51c8d7e5f2 100644 --- a/net/bridge/netfilter/ebt_arpreply.c +++ b/net/bridge/netfilter/ebt_arpreply.c @@ -73,8 +73,6 @@ ebt_arpreply_tg_check(const char *tablename, const void *entry, e->invflags & EBT_IPROTO) return false; CLEAR_BASE_CHAIN_BIT; - if (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING)) - return false; return true; } @@ -82,6 +80,8 @@ static struct xt_target ebt_arpreply_tg_reg __read_mostly = { .name = "arpreply", .revision = 0, .family = NFPROTO_BRIDGE, + .table = "nat", + .hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING), .target = ebt_arpreply_tg, .checkentry = ebt_arpreply_tg_check, .targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)), diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c index d2211c4a477e..cb80101e412c 100644 --- a/net/bridge/netfilter/ebt_dnat.c +++ b/net/bridge/netfilter/ebt_dnat.c @@ -51,6 +51,8 @@ static struct xt_target ebt_dnat_tg_reg __read_mostly = { .name = "dnat", .revision = 0, .family = NFPROTO_BRIDGE, + .hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING) | + (1 << NF_BR_LOCAL_OUT) | (1 << NF_BR_BROUTING), .target = ebt_dnat_tg, .checkentry = ebt_dnat_tg_check, .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c index 1b7684ffe404..a50ffbe0e4fb 100644 --- a/net/bridge/netfilter/ebt_redirect.c +++ b/net/bridge/netfilter/ebt_redirect.c @@ -56,6 +56,8 @@ static struct xt_target ebt_redirect_tg_reg __read_mostly = { .name = "redirect", .revision = 0, .family = NFPROTO_BRIDGE, + .hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING) | + (1 << NF_BR_BROUTING), .target = ebt_redirect_tg, .checkentry = ebt_redirect_tg_check, .targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)), diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c index c90217a4f9e1..8a55c7d49b55 100644 --- a/net/bridge/netfilter/ebt_snat.c +++ b/net/bridge/netfilter/ebt_snat.c @@ -56,10 +56,6 @@ ebt_snat_tg_check(const char *tablename, const void *e, if (BASE_CHAIN && tmp == EBT_RETURN) return false; CLEAR_BASE_CHAIN_BIT; - if (strcmp(tablename, "nat")) - return false; - if (hookmask & ~(1 << NF_BR_POST_ROUTING)) - return false; if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) return false; @@ -73,6 +69,8 @@ static struct xt_target ebt_snat_tg_reg __read_mostly = { .name = "snat", .revision = 0, .family = NFPROTO_BRIDGE, + .table = "nat", + .hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_POST_ROUTING), .target = ebt_snat_tg, .checkentry = ebt_snat_tg_check, .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), |