diff options
| author |   Jan Engelhardt <jengelh@computergmbh.de> | 2008-10-08 11:35:01 +0200 |
|---|---|---|
| committer |   Patrick McHardy <kaber@trash.net> | 2008-10-08 11:35:01 +0200 |
| commit | 55b69e91040c685a064198bd76e59885b7ad26c6 (patch) | |
| tree | f106ca5825afdda752b89cae7e7d384ba55a7d44 /net/netfilter/xt_string.c | |
| parent | netfilter: x_tables: use NFPROTO_* in extensions (diff) | |
| download | linux-dev-55b69e91040c685a064198bd76e59885b7ad26c6.tar.xz linux-dev-55b69e91040c685a064198bd76e59885b7ad26c6.zip | |
netfilter: implement NFPROTO_UNSPEC as a wildcard for extensions
When a match or target is looked up using xt_find_{match,target},
Xtables will also search the NFPROTO_UNSPEC module list. This allows
for protocol-independent extensions (like xt_time) to be reused from
other components (e.g. arptables, ebtables).
Extensions that take different codepaths depending on match->family
or target->family of course cannot use NFPROTO_UNSPEC within the
registration structure (e.g. xt_pkttype).
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter/xt_string.c')
| -rw-r--r-- | net/netfilter/xt_string.c | 31 |
1 files changed, 6 insertions, 25 deletions
diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c index 501697183774..18d8884e7370 100644 --- a/net/netfilter/xt_string.c +++ b/net/netfilter/xt_string.c @@ -81,11 +81,11 @@ static void string_mt_destroy(const struct xt_match *match, void *matchinfo) textsearch_destroy(STRING_TEXT_PRIV(matchinfo)->config); } -static struct xt_match string_mt_reg[] __read_mostly = { +static struct xt_match xt_string_mt_reg[] __read_mostly = { { .name = "string", .revision = 0, - .family = NFPROTO_IPV4, + .family = NFPROTO_UNSPEC, .checkentry = string_mt_check, .match = string_mt, .destroy = string_mt_destroy, @@ -95,27 +95,7 @@ static struct xt_match string_mt_reg[] __read_mostly = { { .name = "string", .revision = 1, - .family = NFPROTO_IPV4, - .checkentry = string_mt_check, - .match = string_mt, - .destroy = string_mt_destroy, - .matchsize = sizeof(struct xt_string_info), - .me = THIS_MODULE - }, - { - .name = "string", - .revision = 0, - .family = NFPROTO_IPV6, - .checkentry = string_mt_check, - .match = string_mt, - .destroy = string_mt_destroy, - .matchsize = sizeof(struct xt_string_info), - .me = THIS_MODULE - }, - { - .name = "string", - .revision = 1, - .family = NFPROTO_IPV6, + .family = NFPROTO_UNSPEC, .checkentry = string_mt_check, .match = string_mt, .destroy = string_mt_destroy, @@ -126,12 +106,13 @@ static struct xt_match string_mt_reg[] __read_mostly = { static int __init string_mt_init(void) { - return xt_register_matches(string_mt_reg, ARRAY_SIZE(string_mt_reg)); + return xt_register_matches(xt_string_mt_reg, + ARRAY_SIZE(xt_string_mt_reg)); } static void __exit string_mt_exit(void) { - xt_unregister_matches(string_mt_reg, ARRAY_SIZE(string_mt_reg)); + xt_unregister_matches(xt_string_mt_reg, ARRAY_SIZE(xt_string_mt_reg)); } module_init(string_mt_init); |