xtables: extend matches and targets with .usersize
In matches and targets that define a kernel-only tail to their xt_match and xt_target data structs, add a field .usersize that specifies up to where data is to be shared with userspace. Performed a search for comment "Used internally by the kernel" to find relevant matches and targets. Manually inspected the structs to derive a valid offsetof. Signed-off-by: Willem de Bruijn <willemb@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Родитель
4915f7bbc4
Коммит
ec23189049
|
@ -105,6 +105,7 @@ static struct xt_match ebt_limit_mt_reg __read_mostly = {
|
||||||
.match = ebt_limit_mt,
|
.match = ebt_limit_mt,
|
||||||
.checkentry = ebt_limit_mt_check,
|
.checkentry = ebt_limit_mt_check,
|
||||||
.matchsize = sizeof(struct ebt_limit_info),
|
.matchsize = sizeof(struct ebt_limit_info),
|
||||||
|
.usersize = offsetof(struct ebt_limit_info, prev),
|
||||||
#ifdef CONFIG_COMPAT
|
#ifdef CONFIG_COMPAT
|
||||||
.compatsize = sizeof(struct ebt_compat_limit_info),
|
.compatsize = sizeof(struct ebt_compat_limit_info),
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -468,6 +468,7 @@ static struct xt_target clusterip_tg_reg __read_mostly = {
|
||||||
.checkentry = clusterip_tg_check,
|
.checkentry = clusterip_tg_check,
|
||||||
.destroy = clusterip_tg_destroy,
|
.destroy = clusterip_tg_destroy,
|
||||||
.targetsize = sizeof(struct ipt_clusterip_tgt_info),
|
.targetsize = sizeof(struct ipt_clusterip_tgt_info),
|
||||||
|
.usersize = offsetof(struct ipt_clusterip_tgt_info, config),
|
||||||
#ifdef CONFIG_COMPAT
|
#ifdef CONFIG_COMPAT
|
||||||
.compatsize = sizeof(struct compat_ipt_clusterip_tgt_info),
|
.compatsize = sizeof(struct compat_ipt_clusterip_tgt_info),
|
||||||
#endif /* CONFIG_COMPAT */
|
#endif /* CONFIG_COMPAT */
|
||||||
|
|
|
@ -112,6 +112,7 @@ static struct xt_target ip6t_npt_target_reg[] __read_mostly = {
|
||||||
.table = "mangle",
|
.table = "mangle",
|
||||||
.target = ip6t_snpt_tg,
|
.target = ip6t_snpt_tg,
|
||||||
.targetsize = sizeof(struct ip6t_npt_tginfo),
|
.targetsize = sizeof(struct ip6t_npt_tginfo),
|
||||||
|
.usersize = offsetof(struct ip6t_npt_tginfo, adjustment),
|
||||||
.checkentry = ip6t_npt_checkentry,
|
.checkentry = ip6t_npt_checkentry,
|
||||||
.family = NFPROTO_IPV6,
|
.family = NFPROTO_IPV6,
|
||||||
.hooks = (1 << NF_INET_LOCAL_IN) |
|
.hooks = (1 << NF_INET_LOCAL_IN) |
|
||||||
|
@ -123,6 +124,7 @@ static struct xt_target ip6t_npt_target_reg[] __read_mostly = {
|
||||||
.table = "mangle",
|
.table = "mangle",
|
||||||
.target = ip6t_dnpt_tg,
|
.target = ip6t_dnpt_tg,
|
||||||
.targetsize = sizeof(struct ip6t_npt_tginfo),
|
.targetsize = sizeof(struct ip6t_npt_tginfo),
|
||||||
|
.usersize = offsetof(struct ip6t_npt_tginfo, adjustment),
|
||||||
.checkentry = ip6t_npt_checkentry,
|
.checkentry = ip6t_npt_checkentry,
|
||||||
.family = NFPROTO_IPV6,
|
.family = NFPROTO_IPV6,
|
||||||
.hooks = (1 << NF_INET_PRE_ROUTING) |
|
.hooks = (1 << NF_INET_PRE_ROUTING) |
|
||||||
|
|
|
@ -373,6 +373,7 @@ static struct xt_target xt_ct_tg_reg[] __read_mostly = {
|
||||||
.name = "CT",
|
.name = "CT",
|
||||||
.family = NFPROTO_UNSPEC,
|
.family = NFPROTO_UNSPEC,
|
||||||
.targetsize = sizeof(struct xt_ct_target_info),
|
.targetsize = sizeof(struct xt_ct_target_info),
|
||||||
|
.usersize = offsetof(struct xt_ct_target_info, ct),
|
||||||
.checkentry = xt_ct_tg_check_v0,
|
.checkentry = xt_ct_tg_check_v0,
|
||||||
.destroy = xt_ct_tg_destroy_v0,
|
.destroy = xt_ct_tg_destroy_v0,
|
||||||
.target = xt_ct_target_v0,
|
.target = xt_ct_target_v0,
|
||||||
|
@ -384,6 +385,7 @@ static struct xt_target xt_ct_tg_reg[] __read_mostly = {
|
||||||
.family = NFPROTO_UNSPEC,
|
.family = NFPROTO_UNSPEC,
|
||||||
.revision = 1,
|
.revision = 1,
|
||||||
.targetsize = sizeof(struct xt_ct_target_info_v1),
|
.targetsize = sizeof(struct xt_ct_target_info_v1),
|
||||||
|
.usersize = offsetof(struct xt_ct_target_info, ct),
|
||||||
.checkentry = xt_ct_tg_check_v1,
|
.checkentry = xt_ct_tg_check_v1,
|
||||||
.destroy = xt_ct_tg_destroy_v1,
|
.destroy = xt_ct_tg_destroy_v1,
|
||||||
.target = xt_ct_target_v1,
|
.target = xt_ct_target_v1,
|
||||||
|
@ -395,6 +397,7 @@ static struct xt_target xt_ct_tg_reg[] __read_mostly = {
|
||||||
.family = NFPROTO_UNSPEC,
|
.family = NFPROTO_UNSPEC,
|
||||||
.revision = 2,
|
.revision = 2,
|
||||||
.targetsize = sizeof(struct xt_ct_target_info_v1),
|
.targetsize = sizeof(struct xt_ct_target_info_v1),
|
||||||
|
.usersize = offsetof(struct xt_ct_target_info, ct),
|
||||||
.checkentry = xt_ct_tg_check_v2,
|
.checkentry = xt_ct_tg_check_v2,
|
||||||
.destroy = xt_ct_tg_destroy_v1,
|
.destroy = xt_ct_tg_destroy_v1,
|
||||||
.target = xt_ct_target_v1,
|
.target = xt_ct_target_v1,
|
||||||
|
|
|
@ -162,6 +162,7 @@ static struct xt_target xt_rateest_tg_reg __read_mostly = {
|
||||||
.checkentry = xt_rateest_tg_checkentry,
|
.checkentry = xt_rateest_tg_checkentry,
|
||||||
.destroy = xt_rateest_tg_destroy,
|
.destroy = xt_rateest_tg_destroy,
|
||||||
.targetsize = sizeof(struct xt_rateest_target_info),
|
.targetsize = sizeof(struct xt_rateest_target_info),
|
||||||
|
.usersize = offsetof(struct xt_rateest_target_info, est),
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -133,6 +133,7 @@ static struct xt_target tee_tg_reg[] __read_mostly = {
|
||||||
.family = NFPROTO_IPV4,
|
.family = NFPROTO_IPV4,
|
||||||
.target = tee_tg4,
|
.target = tee_tg4,
|
||||||
.targetsize = sizeof(struct xt_tee_tginfo),
|
.targetsize = sizeof(struct xt_tee_tginfo),
|
||||||
|
.usersize = offsetof(struct xt_tee_tginfo, priv),
|
||||||
.checkentry = tee_tg_check,
|
.checkentry = tee_tg_check,
|
||||||
.destroy = tee_tg_destroy,
|
.destroy = tee_tg_destroy,
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
|
@ -144,6 +145,7 @@ static struct xt_target tee_tg_reg[] __read_mostly = {
|
||||||
.family = NFPROTO_IPV6,
|
.family = NFPROTO_IPV6,
|
||||||
.target = tee_tg6,
|
.target = tee_tg6,
|
||||||
.targetsize = sizeof(struct xt_tee_tginfo),
|
.targetsize = sizeof(struct xt_tee_tginfo),
|
||||||
|
.usersize = offsetof(struct xt_tee_tginfo, priv),
|
||||||
.checkentry = tee_tg_check,
|
.checkentry = tee_tg_check,
|
||||||
.destroy = tee_tg_destroy,
|
.destroy = tee_tg_destroy,
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
|
|
|
@ -110,6 +110,7 @@ static struct xt_match bpf_mt_reg[] __read_mostly = {
|
||||||
.match = bpf_mt,
|
.match = bpf_mt,
|
||||||
.destroy = bpf_mt_destroy,
|
.destroy = bpf_mt_destroy,
|
||||||
.matchsize = sizeof(struct xt_bpf_info),
|
.matchsize = sizeof(struct xt_bpf_info),
|
||||||
|
.usersize = offsetof(struct xt_bpf_info, filter),
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -120,6 +121,7 @@ static struct xt_match bpf_mt_reg[] __read_mostly = {
|
||||||
.match = bpf_mt_v1,
|
.match = bpf_mt_v1,
|
||||||
.destroy = bpf_mt_destroy_v1,
|
.destroy = bpf_mt_destroy_v1,
|
||||||
.matchsize = sizeof(struct xt_bpf_info_v1),
|
.matchsize = sizeof(struct xt_bpf_info_v1),
|
||||||
|
.usersize = offsetof(struct xt_bpf_info_v1, filter),
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
|
@ -122,6 +122,7 @@ static struct xt_match cgroup_mt_reg[] __read_mostly = {
|
||||||
.checkentry = cgroup_mt_check_v1,
|
.checkentry = cgroup_mt_check_v1,
|
||||||
.match = cgroup_mt_v1,
|
.match = cgroup_mt_v1,
|
||||||
.matchsize = sizeof(struct xt_cgroup_info_v1),
|
.matchsize = sizeof(struct xt_cgroup_info_v1),
|
||||||
|
.usersize = offsetof(struct xt_cgroup_info_v1, priv),
|
||||||
.destroy = cgroup_mt_destroy_v1,
|
.destroy = cgroup_mt_destroy_v1,
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
.hooks = (1 << NF_INET_LOCAL_OUT) |
|
.hooks = (1 << NF_INET_LOCAL_OUT) |
|
||||||
|
|
|
@ -431,6 +431,7 @@ static struct xt_match connlimit_mt_reg __read_mostly = {
|
||||||
.checkentry = connlimit_mt_check,
|
.checkentry = connlimit_mt_check,
|
||||||
.match = connlimit_mt,
|
.match = connlimit_mt,
|
||||||
.matchsize = sizeof(struct xt_connlimit_info),
|
.matchsize = sizeof(struct xt_connlimit_info),
|
||||||
|
.usersize = offsetof(struct xt_connlimit_info, data),
|
||||||
.destroy = connlimit_mt_destroy,
|
.destroy = connlimit_mt_destroy,
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
};
|
};
|
||||||
|
|
|
@ -838,6 +838,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = {
|
||||||
.family = NFPROTO_IPV4,
|
.family = NFPROTO_IPV4,
|
||||||
.match = hashlimit_mt_v1,
|
.match = hashlimit_mt_v1,
|
||||||
.matchsize = sizeof(struct xt_hashlimit_mtinfo1),
|
.matchsize = sizeof(struct xt_hashlimit_mtinfo1),
|
||||||
|
.usersize = offsetof(struct xt_hashlimit_mtinfo1, hinfo),
|
||||||
.checkentry = hashlimit_mt_check_v1,
|
.checkentry = hashlimit_mt_check_v1,
|
||||||
.destroy = hashlimit_mt_destroy_v1,
|
.destroy = hashlimit_mt_destroy_v1,
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
|
@ -848,6 +849,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = {
|
||||||
.family = NFPROTO_IPV4,
|
.family = NFPROTO_IPV4,
|
||||||
.match = hashlimit_mt,
|
.match = hashlimit_mt,
|
||||||
.matchsize = sizeof(struct xt_hashlimit_mtinfo2),
|
.matchsize = sizeof(struct xt_hashlimit_mtinfo2),
|
||||||
|
.usersize = offsetof(struct xt_hashlimit_mtinfo2, hinfo),
|
||||||
.checkentry = hashlimit_mt_check,
|
.checkentry = hashlimit_mt_check,
|
||||||
.destroy = hashlimit_mt_destroy,
|
.destroy = hashlimit_mt_destroy,
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
|
@ -859,6 +861,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = {
|
||||||
.family = NFPROTO_IPV6,
|
.family = NFPROTO_IPV6,
|
||||||
.match = hashlimit_mt_v1,
|
.match = hashlimit_mt_v1,
|
||||||
.matchsize = sizeof(struct xt_hashlimit_mtinfo1),
|
.matchsize = sizeof(struct xt_hashlimit_mtinfo1),
|
||||||
|
.usersize = offsetof(struct xt_hashlimit_mtinfo1, hinfo),
|
||||||
.checkentry = hashlimit_mt_check_v1,
|
.checkentry = hashlimit_mt_check_v1,
|
||||||
.destroy = hashlimit_mt_destroy_v1,
|
.destroy = hashlimit_mt_destroy_v1,
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
|
@ -869,6 +872,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = {
|
||||||
.family = NFPROTO_IPV6,
|
.family = NFPROTO_IPV6,
|
||||||
.match = hashlimit_mt,
|
.match = hashlimit_mt,
|
||||||
.matchsize = sizeof(struct xt_hashlimit_mtinfo2),
|
.matchsize = sizeof(struct xt_hashlimit_mtinfo2),
|
||||||
|
.usersize = offsetof(struct xt_hashlimit_mtinfo2, hinfo),
|
||||||
.checkentry = hashlimit_mt_check,
|
.checkentry = hashlimit_mt_check,
|
||||||
.destroy = hashlimit_mt_destroy,
|
.destroy = hashlimit_mt_destroy,
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
|
|
|
@ -192,6 +192,8 @@ static struct xt_match limit_mt_reg __read_mostly = {
|
||||||
.compatsize = sizeof(struct compat_xt_rateinfo),
|
.compatsize = sizeof(struct compat_xt_rateinfo),
|
||||||
.compat_from_user = limit_mt_compat_from_user,
|
.compat_from_user = limit_mt_compat_from_user,
|
||||||
.compat_to_user = limit_mt_compat_to_user,
|
.compat_to_user = limit_mt_compat_to_user,
|
||||||
|
#else
|
||||||
|
.usersize = offsetof(struct xt_rateinfo, prev),
|
||||||
#endif
|
#endif
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
};
|
};
|
||||||
|
|
|
@ -73,6 +73,7 @@ static struct xt_match quota_mt_reg __read_mostly = {
|
||||||
.checkentry = quota_mt_check,
|
.checkentry = quota_mt_check,
|
||||||
.destroy = quota_mt_destroy,
|
.destroy = quota_mt_destroy,
|
||||||
.matchsize = sizeof(struct xt_quota_info),
|
.matchsize = sizeof(struct xt_quota_info),
|
||||||
|
.usersize = offsetof(struct xt_quota_info, master),
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -133,6 +133,7 @@ static struct xt_match xt_rateest_mt_reg __read_mostly = {
|
||||||
.checkentry = xt_rateest_mt_checkentry,
|
.checkentry = xt_rateest_mt_checkentry,
|
||||||
.destroy = xt_rateest_mt_destroy,
|
.destroy = xt_rateest_mt_destroy,
|
||||||
.matchsize = sizeof(struct xt_rateest_match_info),
|
.matchsize = sizeof(struct xt_rateest_match_info),
|
||||||
|
.usersize = offsetof(struct xt_rateest_match_info, est1),
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -77,6 +77,7 @@ static struct xt_match xt_string_mt_reg __read_mostly = {
|
||||||
.match = string_mt,
|
.match = string_mt,
|
||||||
.destroy = string_mt_destroy,
|
.destroy = string_mt_destroy,
|
||||||
.matchsize = sizeof(struct xt_string_info),
|
.matchsize = sizeof(struct xt_string_info),
|
||||||
|
.usersize = offsetof(struct xt_string_info, config),
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Загрузка…
Ссылка в новой задаче