Skip to content

Commit

Permalink
netfilter: ebtables: use generic table checking
Browse files Browse the repository at this point in the history 
Ebtables ORs (1 << NF_BR_NUMHOOKS) into the hook mask to indicate that
the extension was called from a base chain. So this also needs to be
present in the extensions' ->hooks.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
  • Loading branch information
Jan Engelhardt authored and Patrick McHardy committed Oct 8, 2008
1 parent 102befa commit f2ff525
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 6 deletions.
4 changes: 2 additions & 2 deletions net/bridge/netfilter/ebt_arpreply.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,15 +73,15 @@ ebt_arpreply_tg_check(const char *tablename, const void *entry,
e->invflags & EBT_IPROTO)
return false;
CLEAR_BASE_CHAIN_BIT;
if (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING))
return false;
return true;
}

static struct xt_target ebt_arpreply_tg_reg __read_mostly = {
.name = "arpreply",
.revision = 0,
.family = NFPROTO_BRIDGE,
.table = "nat",
.hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING),
.target = ebt_arpreply_tg,
.checkentry = ebt_arpreply_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_arpreply_info)),
Expand Down
2 changes: 2 additions & 0 deletions net/bridge/netfilter/ebt_dnat.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,8 @@ static struct xt_target ebt_dnat_tg_reg __read_mostly = {
.name = "dnat",
.revision = 0,
.family = NFPROTO_BRIDGE,
.hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING) |
(1 << NF_BR_LOCAL_OUT) | (1 << NF_BR_BROUTING),
.target = ebt_dnat_tg,
.checkentry = ebt_dnat_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
Expand Down
2 changes: 2 additions & 0 deletions net/bridge/netfilter/ebt_redirect.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,8 @@ static struct xt_target ebt_redirect_tg_reg __read_mostly = {
.name = "redirect",
.revision = 0,
.family = NFPROTO_BRIDGE,
.hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_PRE_ROUTING) |
(1 << NF_BR_BROUTING),
.target = ebt_redirect_tg,
.checkentry = ebt_redirect_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_redirect_info)),
Expand Down
6 changes: 2 additions & 4 deletions net/bridge/netfilter/ebt_snat.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,10 +56,6 @@ ebt_snat_tg_check(const char *tablename, const void *e,
if (BASE_CHAIN && tmp == EBT_RETURN)
return false;
CLEAR_BASE_CHAIN_BIT;
if (strcmp(tablename, "nat"))
return false;
if (hookmask & ~(1 << NF_BR_POST_ROUTING))
return false;

if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0)
return false;
Expand All @@ -73,6 +69,8 @@ static struct xt_target ebt_snat_tg_reg __read_mostly = {
.name = "snat",
.revision = 0,
.family = NFPROTO_BRIDGE,
.table = "nat",
.hooks = (1 << NF_BR_NUMHOOKS) | (1 << NF_BR_POST_ROUTING),
.target = ebt_snat_tg,
.checkentry = ebt_snat_tg_check,
.targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)),
Expand Down

0 comments on commit f2ff525

Please sign in to comment.