[NETFILTER]: Introduce NF_INET_ hook values

[deliverable/linux.git] / net / ipv6 / netfilter / ip6t_owner.c

diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c
index 8c8a4c7ec9340cee4d778087d3e731b5649ce212..1e0dc4a972cf5cc57fe61388df2728337633131e 100644 (file)
--- a/net/ipv6/netfilter/ip6t_owner.c
+++ b/net/ipv6/netfilter/ip6t_owner.c
@@ -16,84 +16,78 @@
 
 #include <linux/netfilter_ipv6/ip6t_owner.h>
 #include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter/x_tables.h>
 
 MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
 MODULE_DESCRIPTION("IP6 tables owner matching module");
 MODULE_LICENSE("GPL");
 
 
-static int
+static bool
 match(const struct sk_buff *skb,
       const struct net_device *in,
       const struct net_device *out,
+      const struct xt_match *match,
       const void *matchinfo,
       int offset,
       unsigned int protoff,
-      int *hotdrop)
+      bool *hotdrop)
 {
        const struct ip6t_owner_info *info = matchinfo;
 
        if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file)
-               return 0;
+               return false;
 
-       if (info->match & IP6T_OWNER_UID) {
+       if (info->match & IP6T_OWNER_UID)
                if ((skb->sk->sk_socket->file->f_uid != info->uid) ^
                    !!(info->invert & IP6T_OWNER_UID))
-                       return 0;
-       }
+                       return false;
 
-       if (info->match & IP6T_OWNER_GID) {
+       if (info->match & IP6T_OWNER_GID)
                if ((skb->sk->sk_socket->file->f_gid != info->gid) ^
                    !!(info->invert & IP6T_OWNER_GID))
-                       return 0;
-       }
+                       return false;
 
-       return 1;
+       return true;
 }
 
-static int
+static bool
 checkentry(const char *tablename,
           const void *ip,
+          const struct xt_match *match,
           void *matchinfo,
-          unsigned int matchsize,
           unsigned int hook_mask)
 {
        const struct ip6t_owner_info *info = matchinfo;
 
-       if (hook_mask
-           & ~((1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING))) {
-               printk("ip6t_owner: only valid for LOCAL_OUT or POST_ROUTING.\n");
-               return 0;
-       }
-
-       if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_owner_info)))
-               return 0;
-
        if (info->match & (IP6T_OWNER_PID | IP6T_OWNER_SID)) {
                printk("ipt_owner: pid and sid matching "
                       "not supported anymore\n");
-               return 0;
+               return false;
        }
-
-       return 1;
+       return true;
 }
 
-static struct ip6t_match owner_match = {
+static struct xt_match owner_match __read_mostly = {
        .name           = "owner",
-       .match          = &match,
-       .checkentry     = &checkentry,
+       .family         = AF_INET6,
+       .match          = match,
+       .matchsize      = sizeof(struct ip6t_owner_info),
+       .hooks          = (1 << NF_INET_LOCAL_OUT) |
+                         (1 << NF_INET_POST_ROUTING),
+       .checkentry     = checkentry,
        .me             = THIS_MODULE,
 };
 
-static int __init init(void)
+static int __init ip6t_owner_init(void)
 {
-       return ip6t_register_match(&owner_match);
+       return xt_register_match(&owner_match);
 }
 
-static void __exit fini(void)
+static void __exit ip6t_owner_fini(void)
 {
-       ip6t_unregister_match(&owner_match);
+       xt_unregister_match(&owner_match);
 }
 
-module_init(init);
-module_exit(fini);
+module_init(ip6t_owner_init);
+module_exit(ip6t_owner_fini);