- patches.arch/x86_mce_intel_decode_physical_address.patch:

[linux-flexiantxendom0-3.2.10.git] / net / ipv4 / netfilter / arp_tables.c

diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index f07d77f..1ac01b1 100644 (file)
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -49,12 +49,7 @@ MODULE_DESCRIPTION("arptables core");
 #endif
 
 #ifdef CONFIG_NETFILTER_DEBUG
-#define ARP_NF_ASSERT(x)                                       \
-do {                                                           \
-       if (!(x))                                               \
-               printk("ARP_NF_ASSERT: %s:%s:%u\n",             \
-                      __func__, __FILE__, __LINE__);   \
-} while(0)
+#define ARP_NF_ASSERT(x)       WARN_ON(!(x))
 #else
 #define ARP_NF_ASSERT(x)
 #endif
@@ -224,10 +219,10 @@ static inline int arp_checkentry(const struct arpt_arp *arp)
 }
 
 static unsigned int
-arpt_error(struct sk_buff *skb, const struct xt_target_param *par)
+arpt_error(struct sk_buff *skb, const struct xt_action_param *par)
 {
        if (net_ratelimit())
-               printk("arp_tables: error: '%s'\n",
+               pr_err("arp_tables: error: '%s'\n",
                       (const char *)par->targinfo);
 
        return NF_DROP;
@@ -260,12 +255,11 @@ unsigned int arpt_do_table(struct sk_buff *skb,
        static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));
        unsigned int verdict = NF_DROP;
        const struct arphdr *arp;
-       bool hotdrop = false;
        struct arpt_entry *e, *back;
        const char *indev, *outdev;
        void *table_base;
        const struct xt_table_info *private;
-       struct xt_target_param tgpar;
+       struct xt_action_param acpar;
 
        if (!pskb_may_pull(skb, arp_hdr_len(skb->dev)))
                return NF_DROP;
@@ -280,10 +274,11 @@ unsigned int arpt_do_table(struct sk_buff *skb,
        e = get_entry(table_base, private->hook_entry[hook]);
        back = get_entry(table_base, private->underflow[hook]);
 
-       tgpar.in      = in;
-       tgpar.out     = out;
-       tgpar.hooknum = hook;
-       tgpar.family  = NFPROTO_ARP;
+       acpar.in      = in;
+       acpar.out     = out;
+       acpar.hooknum = hook;
+       acpar.family  = NFPROTO_ARP;
+       acpar.hotdrop = false;
 
        arp = arp_hdr(skb);
        do {
@@ -333,9 +328,9 @@ unsigned int arpt_do_table(struct sk_buff *skb,
                /* Targets which reenter must return
                 * abs. verdicts
                 */
-               tgpar.target   = t->u.kernel.target;
-               tgpar.targinfo = t->data;
-               verdict = t->u.kernel.target->target(skb, &tgpar);
+               acpar.target   = t->u.kernel.target;
+               acpar.targinfo = t->data;
+               verdict = t->u.kernel.target->target(skb, &acpar);
 
                /* Target might have changed stuff. */
                arp = arp_hdr(skb);
@@ -345,10 +340,10 @@ unsigned int arpt_do_table(struct sk_buff *skb,
                else
                        /* Verdict */
                        break;
-       } while (!hotdrop);
+       } while (!acpar.hotdrop);
        xt_info_rdunlock_bh();
 
-       if (hotdrop)
+       if (acpar.hotdrop)
                return NF_DROP;
        else
                return verdict;
@@ -390,7 +385,7 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
                        int visited = e->comefrom & (1 << hook);
 
                        if (e->comefrom & (1 << NF_ARP_NUMHOOKS)) {
-                               printk("arptables: loop hook %u pos %u %08X.\n",
+                               pr_notice("arptables: loop hook %u pos %u %08X.\n",
                                       hook, pos, e->comefrom);
                                return 0;
                        }
@@ -523,13 +518,11 @@ find_check_entry(struct arpt_entry *e, const char *name, unsigned int size)
                return ret;
 
        t = arpt_get_target(e);
-       target = try_then_request_module(xt_find_target(NFPROTO_ARP,
-                                                       t->u.user.name,
-                                                       t->u.user.revision),
-                                        "arpt_%s", t->u.user.name);
-       if (IS_ERR(target) || !target) {
+       target = xt_request_find_target(NFPROTO_ARP, t->u.user.name,
+                                       t->u.user.revision);
+       if (IS_ERR(target)) {
                duprintf("find_check_entry: `%s' not found\n", t->u.user.name);
-               ret = target ? PTR_ERR(target) : -ENOENT;
+               ret = PTR_ERR(target);
                goto out;
        }
        t->u.kernel.target = target;
@@ -651,6 +644,9 @@ static int translate_table(struct xt_table_info *newinfo, void *entry0,
                if (ret != 0)
                        break;
                ++i;
+               if (strcmp(arpt_get_target(iter)->u.user.name,
+                   XT_ERROR_TARGET) == 0)
+                       ++newinfo->stacksize;
        }
        duprintf("translate_table: ARPT_ENTRY_ITERATE gives %d\n", ret);
        if (ret != 0)
@@ -1252,14 +1248,12 @@ check_compat_entry_size_and_hooks(struct compat_arpt_entry *e,
        entry_offset = (void *)e - (void *)base;
 
        t = compat_arpt_get_target(e);
-       target = try_then_request_module(xt_find_target(NFPROTO_ARP,
-                                                       t->u.user.name,
-                                                       t->u.user.revision),
-                                        "arpt_%s", t->u.user.name);
-       if (IS_ERR(target) || !target) {
+       target = xt_request_find_target(NFPROTO_ARP, t->u.user.name,
+                                       t->u.user.revision);
+       if (IS_ERR(target)) {
                duprintf("check_compat_entry_size_and_hooks: `%s' not found\n",
                         t->u.user.name);
-               ret = target ? PTR_ERR(target) : -ENOENT;
+               ret = PTR_ERR(target);
                goto out;
        }
        t->u.kernel.target = target;
@@ -1778,8 +1772,7 @@ struct xt_table *arpt_register_table(struct net *net,
 {
        int ret;
        struct xt_table_info *newinfo;
-       struct xt_table_info bootstrap
-               = { 0, 0, 0, { 0 }, { 0 }, { } };
+       struct xt_table_info bootstrap = {0};
        void *loc_cpu_entry;
        struct xt_table *new_table;
 
@@ -1830,22 +1823,23 @@ void arpt_unregister_table(struct xt_table *table)
 }
 
 /* The built-in targets: standard (NULL) and error. */
-static struct xt_target arpt_standard_target __read_mostly = {
-       .name           = ARPT_STANDARD_TARGET,
-       .targetsize     = sizeof(int),
-       .family         = NFPROTO_ARP,
+static struct xt_target arpt_builtin_tg[] __read_mostly = {
+       {
+               .name             = ARPT_STANDARD_TARGET,
+               .targetsize       = sizeof(int),
+               .family           = NFPROTO_ARP,
 #ifdef CONFIG_COMPAT
-       .compatsize     = sizeof(compat_int_t),
-       .compat_from_user = compat_standard_from_user,
-       .compat_to_user = compat_standard_to_user,
+               .compatsize       = sizeof(compat_int_t),
+               .compat_from_user = compat_standard_from_user,
+               .compat_to_user   = compat_standard_to_user,
 #endif
-};
-
-static struct xt_target arpt_error_target __read_mostly = {
-       .name           = ARPT_ERROR_TARGET,
-       .target         = arpt_error,
-       .targetsize     = ARPT_FUNCTION_MAXNAMELEN,
-       .family         = NFPROTO_ARP,
+       },
+       {
+               .name             = ARPT_ERROR_TARGET,
+               .target           = arpt_error,
+               .targetsize       = ARPT_FUNCTION_MAXNAMELEN,
+               .family           = NFPROTO_ARP,
+       },
 };
 
 static struct nf_sockopt_ops arpt_sockopts = {
@@ -1889,12 +1883,9 @@ static int __init arp_tables_init(void)
                goto err1;
 
        /* Noone else will be downing sem now, so we won't sleep */
-       ret = xt_register_target(&arpt_standard_target);
+       ret = xt_register_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
        if (ret < 0)
                goto err2;
-       ret = xt_register_target(&arpt_error_target);
-       if (ret < 0)
-               goto err3;
 
        /* Register setsockopt */
        ret = nf_register_sockopt(&arpt_sockopts);
@@ -1905,9 +1896,7 @@ static int __init arp_tables_init(void)
        return 0;
 
 err4:
-       xt_unregister_target(&arpt_error_target);
-err3:
-       xt_unregister_target(&arpt_standard_target);
+       xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
 err2:
        unregister_pernet_subsys(&arp_tables_net_ops);
 err1:
@@ -1917,8 +1906,7 @@ err1:
 static void __exit arp_tables_fini(void)
 {
        nf_unregister_sockopt(&arpt_sockopts);
-       xt_unregister_target(&arpt_error_target);
-       xt_unregister_target(&arpt_standard_target);
+       xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
        unregister_pernet_subsys(&arp_tables_net_ops);
 }