netfilter: xtables: resolve indirect macros 3/3

Jan Engelhardt
1 parent 87a2e70db6
Showing 8 changed files with 94 additions and 131 deletions Side-by-side Diff
include/linux/netfilter_arp/arp_tables.h
include/linux/netfilter_ipv4/ip_tables.h
include/linux/netfilter_ipv6/ip6_tables.h
net/ipv4/netfilter/arp_tables.c
net/ipv4/netfilter/arpt_mangle.c
net/ipv4/netfilter/ip_tables.c
net/ipv6/netfilter/ip6_tables.c
net/sched/act_ipt.c
@@ -26,6 +26,14 @@
 #define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
 #define arpt_entry_target xt_entry_target
 #define arpt_standard_target xt_standard_target
+#define ARPT_CONTINUE XT_CONTINUE
+#define ARPT_RETURN XT_RETURN
+#define arpt_counters_info xt_counters_info
+#define arpt_counters xt_counters
+#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
+#define ARPT_ERROR_TARGET XT_ERROR_TARGET
+#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
+	XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
 #endif
  
 #define ARPT_DEV_ADDR_LEN_MAX 16
@@ -126,12 +134,6 @@
 #define ARPT_SO_GET_REVISION_TARGET	(ARPT_BASE_CTL + 3)
 #define ARPT_SO_GET_MAX			(ARPT_SO_GET_REVISION_TARGET)
  
-/* CONTINUE verdict for targets */
-#define ARPT_CONTINUE XT_CONTINUE
-
-/* For standard target */
-#define ARPT_RETURN XT_RETURN
-
 /* The argument to ARPT_SO_GET_INFO */
 struct arpt_getinfo {
 	/* Which table: caller fills this in. */
@@ -185,10 +187,6 @@
 	struct arpt_entry entries[0];
 };
  
-/* The argument to ARPT_SO_ADD_COUNTERS. */
-#define arpt_counters_info xt_counters_info
-#define arpt_counters xt_counters
-
 /* The argument to ARPT_SO_GET_ENTRIES. */
 struct arpt_get_entries {
 	/* Which table: user fills this in. */
  
@@ -201,23 +199,12 @@
 	struct arpt_entry entrytable[0];
 };
  
-/* Standard return verdict, or do jump. */
-#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
-/* Error verdict. */
-#define ARPT_ERROR_TARGET XT_ERROR_TARGET
-
 /* Helper functions */
 static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e)
 {
 	return (void *)e + e->target_offset;
 }
  
-#ifndef __KERNEL__
-/* fn returns 0 to continue iteration */
-#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
-	XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
-#endif
-
 /*
  *	Main firewall chains definitions and global var's definitions.
  */
@@ -248,7 +235,7 @@
 #define ARPT_STANDARD_INIT(__verdict)					       \
 {									       \
 	.entry		= ARPT_ENTRY_INIT(sizeof(struct arpt_standard)),       \
-	.target		= XT_TARGET_INIT(ARPT_STANDARD_TARGET,		       \
+	.target		= XT_TARGET_INIT(XT_STANDARD_TARGET,		       \
 					 sizeof(struct xt_standard_target)), \
 	.target.verdict	= -(__verdict) - 1,				       \
 }
@@ -256,7 +243,7 @@
 #define ARPT_ERROR_INIT							       \
 {									       \
 	.entry		= ARPT_ENTRY_INIT(sizeof(struct arpt_error)),	       \
-	.target		= XT_TARGET_INIT(ARPT_ERROR_TARGET,		       \
+	.target		= XT_TARGET_INIT(XT_ERROR_TARGET,		       \
 					 sizeof(struct arpt_error_target)),    \
 	.target.errorname = "ERROR",					       \
 }
@@ -38,6 +38,36 @@
 #define ipt_entry_target xt_entry_target
 #define ipt_standard_target xt_standard_target
 #define ipt_counters xt_counters
+#define IPT_CONTINUE XT_CONTINUE
+#define IPT_RETURN XT_RETURN
+
+/* This group is older than old (iptables < v1.4.0-rc1~89) */
+#include <linux/netfilter/xt_tcpudp.h>
+#define ipt_udp xt_udp
+#define ipt_tcp xt_tcp
+#define IPT_TCP_INV_SRCPT	XT_TCP_INV_SRCPT
+#define IPT_TCP_INV_DSTPT	XT_TCP_INV_DSTPT
+#define IPT_TCP_INV_FLAGS	XT_TCP_INV_FLAGS
+#define IPT_TCP_INV_OPTION	XT_TCP_INV_OPTION
+#define IPT_TCP_INV_MASK	XT_TCP_INV_MASK
+#define IPT_UDP_INV_SRCPT	XT_UDP_INV_SRCPT
+#define IPT_UDP_INV_DSTPT	XT_UDP_INV_DSTPT
+#define IPT_UDP_INV_MASK	XT_UDP_INV_MASK
+
+/* The argument to IPT_SO_ADD_COUNTERS. */
+#define ipt_counters_info xt_counters_info
+/* Standard return verdict, or do jump. */
+#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
+/* Error verdict. */
+#define IPT_ERROR_TARGET XT_ERROR_TARGET
+
+/* fn returns 0 to continue iteration */
+#define IPT_MATCH_ITERATE(e, fn, args...) \
+	XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
+
+/* fn returns 0 to continue iteration */
+#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
+	XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
 #endif
  
 /* Yes, Virginia, you have to zero the padding. */
@@ -116,23 +146,6 @@
 #define IPT_SO_GET_REVISION_TARGET	(IPT_BASE_CTL + 3)
 #define IPT_SO_GET_MAX			IPT_SO_GET_REVISION_TARGET
  
-#define IPT_CONTINUE XT_CONTINUE
-#define IPT_RETURN XT_RETURN
-
-#include <linux/netfilter/xt_tcpudp.h>
-#define ipt_udp xt_udp
-#define ipt_tcp xt_tcp
-
-#define IPT_TCP_INV_SRCPT	XT_TCP_INV_SRCPT
-#define IPT_TCP_INV_DSTPT	XT_TCP_INV_DSTPT
-#define IPT_TCP_INV_FLAGS	XT_TCP_INV_FLAGS
-#define IPT_TCP_INV_OPTION	XT_TCP_INV_OPTION
-#define IPT_TCP_INV_MASK	XT_TCP_INV_MASK
-
-#define IPT_UDP_INV_SRCPT	XT_UDP_INV_SRCPT
-#define IPT_UDP_INV_DSTPT	XT_UDP_INV_DSTPT
-#define IPT_UDP_INV_MASK	XT_UDP_INV_MASK
-
 /* ICMP matching stuff */
 struct ipt_icmp {
 	u_int8_t type;				/* type to match */
@@ -196,9 +209,6 @@
 	struct ipt_entry entries[0];
 };
  
-/* The argument to IPT_SO_ADD_COUNTERS. */
-#define ipt_counters_info xt_counters_info
-
 /* The argument to IPT_SO_GET_ENTRIES. */
 struct ipt_get_entries {
 	/* Which table: user fills this in. */
@@ -211,11 +221,6 @@
 	struct ipt_entry entrytable[0];
 };
  
-/* Standard return verdict, or do jump. */
-#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
-/* Error verdict. */
-#define IPT_ERROR_TARGET XT_ERROR_TARGET
-
 /* Helper functions */
 static __inline__ struct xt_entry_target *
 ipt_get_target(struct ipt_entry *e)
@@ -223,16 +228,6 @@
 	return (void *)e + e->target_offset;
 }
  
-#ifndef __KERNEL__
-/* fn returns 0 to continue iteration */
-#define IPT_MATCH_ITERATE(e, fn, args...) \
-	XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
-
-/* fn returns 0 to continue iteration */
-#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
-	XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
-#endif
-
 /*
  *	Main firewall chains definitions and global var's definitions.
  */
@@ -271,7 +266,7 @@
 #define IPT_STANDARD_INIT(__verdict)					       \
 {									       \
 	.entry		= IPT_ENTRY_INIT(sizeof(struct ipt_standard)),	       \
-	.target		= XT_TARGET_INIT(IPT_STANDARD_TARGET,		       \
+	.target		= XT_TARGET_INIT(XT_STANDARD_TARGET,		       \
 					 sizeof(struct xt_standard_target)),   \
 	.target.verdict	= -(__verdict) - 1,				       \
 }
@@ -279,7 +274,7 @@
 #define IPT_ERROR_INIT							       \
 {									       \
 	.entry		= IPT_ENTRY_INIT(sizeof(struct ipt_error)),	       \
-	.target		= XT_TARGET_INIT(IPT_ERROR_TARGET,		       \
+	.target		= XT_TARGET_INIT(XT_ERROR_TARGET,		       \
 					 sizeof(struct ipt_error_target)),     \
 	.target.errorname = "ERROR",					       \
 }
@@ -38,6 +38,29 @@
 #define ip6t_entry_target xt_entry_target
 #define ip6t_standard_target xt_standard_target
 #define ip6t_counters xt_counters
+#define IP6T_CONTINUE XT_CONTINUE
+#define IP6T_RETURN XT_RETURN
+
+/* Pre-iptables-1.4.0 */
+#include <linux/netfilter/xt_tcpudp.h>
+#define ip6t_tcp xt_tcp
+#define ip6t_udp xt_udp
+#define IP6T_TCP_INV_SRCPT	XT_TCP_INV_SRCPT
+#define IP6T_TCP_INV_DSTPT	XT_TCP_INV_DSTPT
+#define IP6T_TCP_INV_FLAGS	XT_TCP_INV_FLAGS
+#define IP6T_TCP_INV_OPTION	XT_TCP_INV_OPTION
+#define IP6T_TCP_INV_MASK	XT_TCP_INV_MASK
+#define IP6T_UDP_INV_SRCPT	XT_UDP_INV_SRCPT
+#define IP6T_UDP_INV_DSTPT	XT_UDP_INV_DSTPT
+#define IP6T_UDP_INV_MASK	XT_UDP_INV_MASK
+
+#define ip6t_counters_info xt_counters_info
+#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
+#define IP6T_ERROR_TARGET XT_ERROR_TARGET
+#define IP6T_MATCH_ITERATE(e, fn, args...) \
+	XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
+#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
+	XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
 #endif
  
 /* Yes, Virginia, you have to zero the padding. */
@@ -133,7 +156,7 @@
 #define IP6T_STANDARD_INIT(__verdict)					       \
 {									       \
 	.entry		= IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)),       \
-	.target		= XT_TARGET_INIT(IP6T_STANDARD_TARGET,		       \
+	.target		= XT_TARGET_INIT(XT_STANDARD_TARGET,		       \
 					 sizeof(struct xt_standard_target)),   \
 	.target.verdict	= -(__verdict) - 1,				       \
 }
@@ -141,7 +164,7 @@
 #define IP6T_ERROR_INIT							       \
 {									       \
 	.entry		= IP6T_ENTRY_INIT(sizeof(struct ip6t_error)),	       \
-	.target		= XT_TARGET_INIT(IP6T_ERROR_TARGET,		       \
+	.target		= XT_TARGET_INIT(XT_ERROR_TARGET,		       \
 					 sizeof(struct ip6t_error_target)),    \
 	.target.errorname = "ERROR",					       \
 }
@@ -165,30 +188,6 @@
 #define IP6T_SO_GET_REVISION_TARGET	(IP6T_BASE_CTL + 5)
 #define IP6T_SO_GET_MAX			IP6T_SO_GET_REVISION_TARGET
  
-/* CONTINUE verdict for targets */
-#define IP6T_CONTINUE XT_CONTINUE
-
-/* For standard target */
-#define IP6T_RETURN XT_RETURN
-
-/* TCP/UDP matching stuff */
-#include <linux/netfilter/xt_tcpudp.h>
-
-#define ip6t_tcp xt_tcp
-#define ip6t_udp xt_udp
-
-/* Values for "inv" field in struct ipt_tcp. */
-#define IP6T_TCP_INV_SRCPT	XT_TCP_INV_SRCPT
-#define IP6T_TCP_INV_DSTPT	XT_TCP_INV_DSTPT
-#define IP6T_TCP_INV_FLAGS	XT_TCP_INV_FLAGS
-#define IP6T_TCP_INV_OPTION	XT_TCP_INV_OPTION
-#define IP6T_TCP_INV_MASK	XT_TCP_INV_MASK
-
-/* Values for "invflags" field in struct ipt_udp. */
-#define IP6T_UDP_INV_SRCPT	XT_UDP_INV_SRCPT
-#define IP6T_UDP_INV_DSTPT	XT_UDP_INV_DSTPT
-#define IP6T_UDP_INV_MASK	XT_UDP_INV_MASK
-
 /* ICMP matching stuff */
 struct ip6t_icmp {
 	u_int8_t type;				/* type to match */
@@ -252,9 +251,6 @@
 	struct ip6t_entry entries[0];
 };
  
-/* The argument to IP6T_SO_ADD_COUNTERS. */
-#define ip6t_counters_info xt_counters_info
-
 /* The argument to IP6T_SO_GET_ENTRIES. */
 struct ip6t_get_entries {
 	/* Which table: user fills this in. */
  
@@ -267,27 +263,12 @@
 	struct ip6t_entry entrytable[0];
 };
  
-/* Standard return verdict, or do jump. */
-#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
-/* Error verdict. */
-#define IP6T_ERROR_TARGET XT_ERROR_TARGET
-
 /* Helper functions */
 static __inline__ struct xt_entry_target *
 ip6t_get_target(struct ip6t_entry *e)
 {
 	return (void *)e + e->target_offset;
 }
-
-#ifndef __KERNEL__
-/* fn returns 0 to continue iteration */
-#define IP6T_MATCH_ITERATE(e, fn, args...) \
-	XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
-
-/* fn returns 0 to continue iteration */
-#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
-	XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
-#endif
  
 /*
  *	Main firewall chains definitions and global var's definitions.
@@ -300,7 +300,7 @@
 			v = ((struct xt_standard_target *)t)->verdict;
 			if (v < 0) {
 				/* Pop from stack? */
-				if (v != ARPT_RETURN) {
+				if (v != XT_RETURN) {
 					verdict = (unsigned)(-v) - 1;
 					break;
 				}
@@ -332,7 +332,7 @@
 		/* Target might have changed stuff. */
 		arp = arp_hdr(skb);
  
-		if (verdict == ARPT_CONTINUE)
+		if (verdict == XT_CONTINUE)
 			e = arpt_next_entry(e);
 		else
 			/* Verdict */
  
@@ -392,13 +392,13 @@
 			/* Unconditional return/END. */
 			if ((e->target_offset == sizeof(struct arpt_entry) &&
 			     (strcmp(t->target.u.user.name,
-				     ARPT_STANDARD_TARGET) == 0) &&
+				     XT_STANDARD_TARGET) == 0) &&
 			     t->verdict < 0 && unconditional(&e->arp)) ||
 			    visited) {
 				unsigned int oldpos, size;
  
 				if ((strcmp(t->target.u.user.name,
-					    ARPT_STANDARD_TARGET) == 0) &&
+					    XT_STANDARD_TARGET) == 0) &&
 				    t->verdict < -NF_MAX_VERDICT - 1) {
 					duprintf("mark_source_chains: bad "
 						"negative verdict (%i)\n",
@@ -433,7 +433,7 @@
 				int newpos = t->verdict;
  
 				if (strcmp(t->target.u.user.name,
-					   ARPT_STANDARD_TARGET) == 0 &&
+					   XT_STANDARD_TARGET) == 0 &&
 				    newpos >= 0) {
 					if (newpos > newinfo->size -
 						sizeof(struct arpt_entry)) {
@@ -1828,7 +1828,7 @@
 /* The built-in targets: standard (NULL) and error. */
 static struct xt_target arpt_builtin_tg[] __read_mostly = {
 	{
-		.name             = ARPT_STANDARD_TARGET,
+		.name             = XT_STANDARD_TARGET,
 		.targetsize       = sizeof(int),
 		.family           = NFPROTO_ARP,
 #ifdef CONFIG_COMPAT
@@ -1838,7 +1838,7 @@
 #endif
 	},
 	{
-		.name             = ARPT_ERROR_TARGET,
+		.name             = XT_ERROR_TARGET,
 		.target           = arpt_error,
 		.targetsize       = XT_FUNCTION_MAXNAMELEN,
 		.family           = NFPROTO_ARP,
@@ -63,7 +63,7 @@
 		return false;
  
 	if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT &&
-	   mangle->target != ARPT_CONTINUE)
+	   mangle->target != XT_CONTINUE)
 		return false;
 	return true;
 }
@@ -232,7 +232,7 @@
 {
 	const struct xt_standard_target *t = (void *)ipt_get_target_c(s);
  
-	if (strcmp(t->target.u.kernel.target->name, IPT_ERROR_TARGET) == 0) {
+	if (strcmp(t->target.u.kernel.target->name, XT_ERROR_TARGET) == 0) {
 		/* Head of user chain: ERROR target with chainname */
 		*chainname = t->target.data;
 		(*rulenum) = 0;
@@ -241,7 +241,7 @@
  
 		if (s->target_offset == sizeof(struct ipt_entry) &&
 		    strcmp(t->target.u.kernel.target->name,
-			   IPT_STANDARD_TARGET) == 0 &&
+			   XT_STANDARD_TARGET) == 0 &&
 		   t->verdict < 0 &&
 		   unconditional(&s->ip)) {
 			/* Tail of chains: STANDARD target (return/policy) */
@@ -383,7 +383,7 @@
 			v = ((struct xt_standard_target *)t)->verdict;
 			if (v < 0) {
 				/* Pop from stack? */
-				if (v != IPT_RETURN) {
+				if (v != XT_RETURN) {
 					verdict = (unsigned)(-v) - 1;
 					break;
 				}
@@ -421,7 +421,7 @@
 		verdict = t->u.kernel.target->target(skb, &acpar);
 		/* Target might have changed stuff. */
 		ip = ip_hdr(skb);
-		if (verdict == IPT_CONTINUE)
+		if (verdict == XT_CONTINUE)
 			e = ipt_next_entry(e);
 		else
 			/* Verdict */
  
@@ -475,13 +475,13 @@
 			/* Unconditional return/END. */
 			if ((e->target_offset == sizeof(struct ipt_entry) &&
 			     (strcmp(t->target.u.user.name,
-				     IPT_STANDARD_TARGET) == 0) &&
+				     XT_STANDARD_TARGET) == 0) &&
 			     t->verdict < 0 && unconditional(&e->ip)) ||
 			    visited) {
 				unsigned int oldpos, size;
  
 				if ((strcmp(t->target.u.user.name,
-			    		    IPT_STANDARD_TARGET) == 0) &&
+			    		    XT_STANDARD_TARGET) == 0) &&
 				    t->verdict < -NF_MAX_VERDICT - 1) {
 					duprintf("mark_source_chains: bad "
 						"negative verdict (%i)\n",
@@ -524,7 +524,7 @@
 				int newpos = t->verdict;
  
 				if (strcmp(t->target.u.user.name,
-					   IPT_STANDARD_TARGET) == 0 &&
+					   XT_STANDARD_TARGET) == 0 &&
 				    newpos >= 0) {
 					if (newpos > newinfo->size -
 						sizeof(struct ipt_entry)) {
@@ -2176,7 +2176,7 @@
  
 static struct xt_target ipt_builtin_tg[] __read_mostly = {
 	{
-		.name             = IPT_STANDARD_TARGET,
+		.name             = XT_STANDARD_TARGET,
 		.targetsize       = sizeof(int),
 		.family           = NFPROTO_IPV4,
 #ifdef CONFIG_COMPAT
@@ -2186,7 +2186,7 @@
 #endif
 	},
 	{
-		.name             = IPT_ERROR_TARGET,
+		.name             = XT_ERROR_TARGET,
 		.target           = ipt_error,
 		.targetsize       = XT_FUNCTION_MAXNAMELEN,
 		.family           = NFPROTO_IPV4,
@@ -262,7 +262,7 @@
 {
 	const struct xt_standard_target *t = (void *)ip6t_get_target_c(s);
  
-	if (strcmp(t->target.u.kernel.target->name, IP6T_ERROR_TARGET) == 0) {
+	if (strcmp(t->target.u.kernel.target->name, XT_ERROR_TARGET) == 0) {
 		/* Head of user chain: ERROR target with chainname */
 		*chainname = t->target.data;
 		(*rulenum) = 0;
@@ -271,7 +271,7 @@
  
 		if (s->target_offset == sizeof(struct ip6t_entry) &&
 		    strcmp(t->target.u.kernel.target->name,
-			   IP6T_STANDARD_TARGET) == 0 &&
+			   XT_STANDARD_TARGET) == 0 &&
 		    t->verdict < 0 &&
 		    unconditional(&s->ipv6)) {
 			/* Tail of chains: STANDARD target (return/policy) */
@@ -406,7 +406,7 @@
 			v = ((struct xt_standard_target *)t)->verdict;
 			if (v < 0) {
 				/* Pop from stack? */
-				if (v != IP6T_RETURN) {
+				if (v != XT_RETURN) {
 					verdict = (unsigned)(-v) - 1;
 					break;
 				}
@@ -434,7 +434,7 @@
 		acpar.targinfo = t->data;
  
 		verdict = t->u.kernel.target->target(skb, &acpar);
-		if (verdict == IP6T_CONTINUE)
+		if (verdict == XT_CONTINUE)
 			e = ip6t_next_entry(e);
 		else
 			/* Verdict */
  
@@ -488,13 +488,13 @@
 			/* Unconditional return/END. */
 			if ((e->target_offset == sizeof(struct ip6t_entry) &&
 			     (strcmp(t->target.u.user.name,
-				     IP6T_STANDARD_TARGET) == 0) &&
+				     XT_STANDARD_TARGET) == 0) &&
 			     t->verdict < 0 &&
 			     unconditional(&e->ipv6)) || visited) {
 				unsigned int oldpos, size;
  
 				if ((strcmp(t->target.u.user.name,
-					    IP6T_STANDARD_TARGET) == 0) &&
+					    XT_STANDARD_TARGET) == 0) &&
 				    t->verdict < -NF_MAX_VERDICT - 1) {
 					duprintf("mark_source_chains: bad "
 						"negative verdict (%i)\n",
@@ -537,7 +537,7 @@
 				int newpos = t->verdict;
  
 				if (strcmp(t->target.u.user.name,
-					   IP6T_STANDARD_TARGET) == 0 &&
+					   XT_STANDARD_TARGET) == 0 &&
 				    newpos >= 0) {
 					if (newpos > newinfo->size -
 						sizeof(struct ip6t_entry)) {
@@ -2191,7 +2191,7 @@
 /* The built-in targets: standard (NULL) and error. */
 static struct xt_target ip6t_builtin_tg[] __read_mostly = {
 	{
-		.name             = IP6T_STANDARD_TARGET,
+		.name             = XT_STANDARD_TARGET,
 		.targetsize       = sizeof(int),
 		.family           = NFPROTO_IPV6,
 #ifdef CONFIG_COMPAT
@@ -2201,7 +2201,7 @@
 #endif
 	},
 	{
-		.name             = IP6T_ERROR_TARGET,
+		.name             = XT_ERROR_TARGET,
 		.target           = ip6t_error,
 		.targetsize       = XT_FUNCTION_MAXNAMELEN,
 		.family           = NFPROTO_IPV6,
@@ -230,7 +230,7 @@
 		result = TC_ACT_SHOT;
 		ipt->tcf_qstats.drops++;
 		break;
-	case IPT_CONTINUE:
+	case XT_CONTINUE:
 		result = TC_ACT_PIPE;
 		break;
 	default:
...	...	@@ -26,6 +26,14 @@
26	26	#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
27	27	#define arpt_entry_target xt_entry_target
28	28	#define arpt_standard_target xt_standard_target
	29	+#define ARPT_CONTINUE XT_CONTINUE
	30	+#define ARPT_RETURN XT_RETURN
	31	+#define arpt_counters_info xt_counters_info
	32	+#define arpt_counters xt_counters
	33	+#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
	34	+#define ARPT_ERROR_TARGET XT_ERROR_TARGET
	35	+#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
	36	+ XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
29	37	#endif
30	38
31	39	#define ARPT_DEV_ADDR_LEN_MAX 16
...	...	@@ -126,12 +134,6 @@
126	134	#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3)
127	135	#define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET)
128	136
129		-/* CONTINUE verdict for targets */
130		-#define ARPT_CONTINUE XT_CONTINUE
131		-
132		-/* For standard target */
133		-#define ARPT_RETURN XT_RETURN
134		-
135	137	/* The argument to ARPT_SO_GET_INFO */
136	138	struct arpt_getinfo {
137	139	/* Which table: caller fills this in. */
...	...	@@ -185,10 +187,6 @@
185	187	struct arpt_entry entries[0];
186	188	};
187	189
188		-/* The argument to ARPT_SO_ADD_COUNTERS. */
189		-#define arpt_counters_info xt_counters_info
190		-#define arpt_counters xt_counters
191		-
192	190	/* The argument to ARPT_SO_GET_ENTRIES. */
193	191	struct arpt_get_entries {
194	192	/* Which table: user fills this in. */
195	193
...	...	@@ -201,23 +199,12 @@
201	199	struct arpt_entry entrytable[0];
202	200	};
203	201
204		-/* Standard return verdict, or do jump. */
205		-#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
206		-/* Error verdict. */
207		-#define ARPT_ERROR_TARGET XT_ERROR_TARGET
208		-
209	202	/* Helper functions */
210	203	static __inline__ struct xt_entry_target arpt_get_target(struct arpt_entry e)
211	204	{
212	205	return (void *)e + e->target_offset;
213	206	}
214	207
215		-#ifndef __KERNEL__
216		-/* fn returns 0 to continue iteration */
217		-#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
218		- XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
219		-#endif
220		-
221	208	/*
222	209	* Main firewall chains definitions and global var's definitions.
223	210	*/
...	...	@@ -248,7 +235,7 @@
248	235	#define ARPT_STANDARD_INIT(__verdict) \
249	236	{ \
250	237	.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \
251		- .target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \
	238	+ .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \
252	239	sizeof(struct xt_standard_target)), \
253	240	.target.verdict = -(__verdict) - 1, \
254	241	}
...	...	@@ -256,7 +243,7 @@
256	243	#define ARPT_ERROR_INIT \
257	244	{ \
258	245	.entry = ARPT_ENTRY_INIT(sizeof(struct arpt_error)), \
259		- .target = XT_TARGET_INIT(ARPT_ERROR_TARGET, \
	246	+ .target = XT_TARGET_INIT(XT_ERROR_TARGET, \
260	247	sizeof(struct arpt_error_target)), \
261	248	.target.errorname = "ERROR", \
262	249	}
...	...	@@ -38,6 +38,36 @@
38	38	#define ipt_entry_target xt_entry_target
39	39	#define ipt_standard_target xt_standard_target
40	40	#define ipt_counters xt_counters
	41	+#define IPT_CONTINUE XT_CONTINUE
	42	+#define IPT_RETURN XT_RETURN
	43	+
	44	+/* This group is older than old (iptables < v1.4.0-rc1~89) */
	45	+#include <linux/netfilter/xt_tcpudp.h>
	46	+#define ipt_udp xt_udp
	47	+#define ipt_tcp xt_tcp
	48	+#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
	49	+#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
	50	+#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
	51	+#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
	52	+#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
	53	+#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
	54	+#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
	55	+#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
	56	+
	57	+/* The argument to IPT_SO_ADD_COUNTERS. */
	58	+#define ipt_counters_info xt_counters_info
	59	+/* Standard return verdict, or do jump. */
	60	+#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
	61	+/* Error verdict. */
	62	+#define IPT_ERROR_TARGET XT_ERROR_TARGET
	63	+
	64	+/* fn returns 0 to continue iteration */
	65	+#define IPT_MATCH_ITERATE(e, fn, args...) \
	66	+ XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
	67	+
	68	+/* fn returns 0 to continue iteration */
	69	+#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
	70	+ XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
41	71	#endif
42	72
43	73	/* Yes, Virginia, you have to zero the padding. */
...	...	@@ -116,23 +146,6 @@
116	146	#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
117	147	#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET
118	148
119		-#define IPT_CONTINUE XT_CONTINUE
120		-#define IPT_RETURN XT_RETURN
121		-
122		-#include <linux/netfilter/xt_tcpudp.h>
123		-#define ipt_udp xt_udp
124		-#define ipt_tcp xt_tcp
125		-
126		-#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
127		-#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
128		-#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
129		-#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
130		-#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
131		-
132		-#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
133		-#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
134		-#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
135		-
136	149	/* ICMP matching stuff */
137	150	struct ipt_icmp {
138	151	u_int8_t type; /* type to match */
...	...	@@ -196,9 +209,6 @@
196	209	struct ipt_entry entries[0];
197	210	};
198	211
199		-/* The argument to IPT_SO_ADD_COUNTERS. */
200		-#define ipt_counters_info xt_counters_info
201		-
202	212	/* The argument to IPT_SO_GET_ENTRIES. */
203	213	struct ipt_get_entries {
204	214	/* Which table: user fills this in. */
...	...	@@ -211,11 +221,6 @@
211	221	struct ipt_entry entrytable[0];
212	222	};
213	223
214		-/* Standard return verdict, or do jump. */
215		-#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
216		-/* Error verdict. */
217		-#define IPT_ERROR_TARGET XT_ERROR_TARGET
218		-
219	224	/* Helper functions */
220	225	static __inline__ struct xt_entry_target *
221	226	ipt_get_target(struct ipt_entry *e)
...	...	@@ -223,16 +228,6 @@
223	228	return (void *)e + e->target_offset;
224	229	}
225	230
226		-#ifndef __KERNEL__
227		-/* fn returns 0 to continue iteration */
228		-#define IPT_MATCH_ITERATE(e, fn, args...) \
229		- XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
230		-
231		-/* fn returns 0 to continue iteration */
232		-#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
233		- XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
234		-#endif
235		-
236	231	/*
237	232	* Main firewall chains definitions and global var's definitions.
238	233	*/
...	...	@@ -271,7 +266,7 @@
271	266	#define IPT_STANDARD_INIT(__verdict) \
272	267	{ \
273	268	.entry = IPT_ENTRY_INIT(sizeof(struct ipt_standard)), \
274		- .target = XT_TARGET_INIT(IPT_STANDARD_TARGET, \
	269	+ .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \
275	270	sizeof(struct xt_standard_target)), \
276	271	.target.verdict = -(__verdict) - 1, \
277	272	}
...	...	@@ -279,7 +274,7 @@
279	274	#define IPT_ERROR_INIT \
280	275	{ \
281	276	.entry = IPT_ENTRY_INIT(sizeof(struct ipt_error)), \
282		- .target = XT_TARGET_INIT(IPT_ERROR_TARGET, \
	277	+ .target = XT_TARGET_INIT(XT_ERROR_TARGET, \
283	278	sizeof(struct ipt_error_target)), \
284	279	.target.errorname = "ERROR", \
285	280	}
...	...	@@ -38,6 +38,29 @@
38	38	#define ip6t_entry_target xt_entry_target
39	39	#define ip6t_standard_target xt_standard_target
40	40	#define ip6t_counters xt_counters
	41	+#define IP6T_CONTINUE XT_CONTINUE
	42	+#define IP6T_RETURN XT_RETURN
	43	+
	44	+/* Pre-iptables-1.4.0 */
	45	+#include <linux/netfilter/xt_tcpudp.h>
	46	+#define ip6t_tcp xt_tcp
	47	+#define ip6t_udp xt_udp
	48	+#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
	49	+#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
	50	+#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
	51	+#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
	52	+#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
	53	+#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
	54	+#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
	55	+#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
	56	+
	57	+#define ip6t_counters_info xt_counters_info
	58	+#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
	59	+#define IP6T_ERROR_TARGET XT_ERROR_TARGET
	60	+#define IP6T_MATCH_ITERATE(e, fn, args...) \
	61	+ XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
	62	+#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
	63	+ XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
41	64	#endif
42	65
43	66	/* Yes, Virginia, you have to zero the padding. */
...	...	@@ -133,7 +156,7 @@
133	156	#define IP6T_STANDARD_INIT(__verdict) \
134	157	{ \
135	158	.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
136		- .target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \
	159	+ .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \
137	160	sizeof(struct xt_standard_target)), \
138	161	.target.verdict = -(__verdict) - 1, \
139	162	}
...	...	@@ -141,7 +164,7 @@
141	164	#define IP6T_ERROR_INIT \
142	165	{ \
143	166	.entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \
144		- .target = XT_TARGET_INIT(IP6T_ERROR_TARGET, \
	167	+ .target = XT_TARGET_INIT(XT_ERROR_TARGET, \
145	168	sizeof(struct ip6t_error_target)), \
146	169	.target.errorname = "ERROR", \
147	170	}
...	...	@@ -165,30 +188,6 @@
165	188	#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5)
166	189	#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET
167	190
168		-/* CONTINUE verdict for targets */
169		-#define IP6T_CONTINUE XT_CONTINUE
170		-
171		-/* For standard target */
172		-#define IP6T_RETURN XT_RETURN
173		-
174		-/* TCP/UDP matching stuff */
175		-#include <linux/netfilter/xt_tcpudp.h>
176		-
177		-#define ip6t_tcp xt_tcp
178		-#define ip6t_udp xt_udp
179		-
180		-/* Values for "inv" field in struct ipt_tcp. */
181		-#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
182		-#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
183		-#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
184		-#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
185		-#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
186		-
187		-/* Values for "invflags" field in struct ipt_udp. */
188		-#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
189		-#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
190		-#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
191		-
192	191	/* ICMP matching stuff */
193	192	struct ip6t_icmp {
194	193	u_int8_t type; /* type to match */
...	...	@@ -252,9 +251,6 @@
252	251	struct ip6t_entry entries[0];
253	252	};
254	253
255		-/* The argument to IP6T_SO_ADD_COUNTERS. */
256		-#define ip6t_counters_info xt_counters_info
257		-
258	254	/* The argument to IP6T_SO_GET_ENTRIES. */
259	255	struct ip6t_get_entries {
260	256	/* Which table: user fills this in. */
261	257
...	...	@@ -267,27 +263,12 @@
267	263	struct ip6t_entry entrytable[0];
268	264	};
269	265
270		-/* Standard return verdict, or do jump. */
271		-#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
272		-/* Error verdict. */
273		-#define IP6T_ERROR_TARGET XT_ERROR_TARGET
274		-
275	266	/* Helper functions */
276	267	static __inline__ struct xt_entry_target *
277	268	ip6t_get_target(struct ip6t_entry *e)
278	269	{
279	270	return (void *)e + e->target_offset;
280	271	}
281		-
282		-#ifndef __KERNEL__
283		-/* fn returns 0 to continue iteration */
284		-#define IP6T_MATCH_ITERATE(e, fn, args...) \
285		- XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
286		-
287		-/* fn returns 0 to continue iteration */
288		-#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
289		- XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
290		-#endif
291	272
292	273	/*
293	274	* Main firewall chains definitions and global var's definitions.
...	...	@@ -300,7 +300,7 @@
300	300	v = ((struct xt_standard_target *)t)->verdict;
301	301	if (v < 0) {
302	302	/* Pop from stack? */
303		- if (v != ARPT_RETURN) {
	303	+ if (v != XT_RETURN) {
304	304	verdict = (unsigned)(-v) - 1;
305	305	break;
306	306	}
...	...	@@ -332,7 +332,7 @@
332	332	/* Target might have changed stuff. */
333	333	arp = arp_hdr(skb);
334	334
335		- if (verdict == ARPT_CONTINUE)
	335	+ if (verdict == XT_CONTINUE)
336	336	e = arpt_next_entry(e);
337	337	else
338	338	/* Verdict */
339	339
...	...	@@ -392,13 +392,13 @@
392	392	/* Unconditional return/END. */
393	393	if ((e->target_offset == sizeof(struct arpt_entry) &&
394	394	(strcmp(t->target.u.user.name,
395		- ARPT_STANDARD_TARGET) == 0) &&
	395	+ XT_STANDARD_TARGET) == 0) &&
396	396	t->verdict < 0 && unconditional(&e->arp)) \|\|
397	397	visited) {
398	398	unsigned int oldpos, size;
399	399
400	400	if ((strcmp(t->target.u.user.name,
401		- ARPT_STANDARD_TARGET) == 0) &&
	401	+ XT_STANDARD_TARGET) == 0) &&
402	402	t->verdict < -NF_MAX_VERDICT - 1) {
403	403	duprintf("mark_source_chains: bad "
404	404	"negative verdict (%i)\n",
...	...	@@ -433,7 +433,7 @@
433	433	int newpos = t->verdict;
434	434
435	435	if (strcmp(t->target.u.user.name,
436		- ARPT_STANDARD_TARGET) == 0 &&
	436	+ XT_STANDARD_TARGET) == 0 &&
437	437	newpos >= 0) {
438	438	if (newpos > newinfo->size -
439	439	sizeof(struct arpt_entry)) {
...	...	@@ -1828,7 +1828,7 @@
1828	1828	/* The built-in targets: standard (NULL) and error. */
1829	1829	static struct xt_target arpt_builtin_tg[] __read_mostly = {
1830	1830	{
1831		- .name = ARPT_STANDARD_TARGET,
	1831	+ .name = XT_STANDARD_TARGET,
1832	1832	.targetsize = sizeof(int),
1833	1833	.family = NFPROTO_ARP,
1834	1834	#ifdef CONFIG_COMPAT
...	...	@@ -1838,7 +1838,7 @@
1838	1838	#endif
1839	1839	},
1840	1840	{
1841		- .name = ARPT_ERROR_TARGET,
	1841	+ .name = XT_ERROR_TARGET,
1842	1842	.target = arpt_error,
1843	1843	.targetsize = XT_FUNCTION_MAXNAMELEN,
1844	1844	.family = NFPROTO_ARP,
...	...	@@ -63,7 +63,7 @@
63	63	return false;
64	64
65	65	if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT &&
66		- mangle->target != ARPT_CONTINUE)
	66	+ mangle->target != XT_CONTINUE)
67	67	return false;
68	68	return true;
69	69	}
...	...	@@ -232,7 +232,7 @@
232	232	{
233	233	const struct xt_standard_target t = (void )ipt_get_target_c(s);
234	234
235		- if (strcmp(t->target.u.kernel.target->name, IPT_ERROR_TARGET) == 0) {
	235	+ if (strcmp(t->target.u.kernel.target->name, XT_ERROR_TARGET) == 0) {
236	236	/* Head of user chain: ERROR target with chainname */
237	237	*chainname = t->target.data;
238	238	(*rulenum) = 0;
...	...	@@ -241,7 +241,7 @@
241	241
242	242	if (s->target_offset == sizeof(struct ipt_entry) &&
243	243	strcmp(t->target.u.kernel.target->name,
244		- IPT_STANDARD_TARGET) == 0 &&
	244	+ XT_STANDARD_TARGET) == 0 &&
245	245	t->verdict < 0 &&
246	246	unconditional(&s->ip)) {
247	247	/* Tail of chains: STANDARD target (return/policy) */
...	...	@@ -383,7 +383,7 @@
383	383	v = ((struct xt_standard_target *)t)->verdict;
384	384	if (v < 0) {
385	385	/* Pop from stack? */
386		- if (v != IPT_RETURN) {
	386	+ if (v != XT_RETURN) {
387	387	verdict = (unsigned)(-v) - 1;
388	388	break;
389	389	}
...	...	@@ -421,7 +421,7 @@
421	421	verdict = t->u.kernel.target->target(skb, &acpar);
422	422	/* Target might have changed stuff. */
423	423	ip = ip_hdr(skb);
424		- if (verdict == IPT_CONTINUE)
	424	+ if (verdict == XT_CONTINUE)
425	425	e = ipt_next_entry(e);
426	426	else
427	427	/* Verdict */
428	428
...	...	@@ -475,13 +475,13 @@
475	475	/* Unconditional return/END. */
476	476	if ((e->target_offset == sizeof(struct ipt_entry) &&
477	477	(strcmp(t->target.u.user.name,
478		- IPT_STANDARD_TARGET) == 0) &&
	478	+ XT_STANDARD_TARGET) == 0) &&
479	479	t->verdict < 0 && unconditional(&e->ip)) \|\|
480	480	visited) {
481	481	unsigned int oldpos, size;
482	482
483	483	if ((strcmp(t->target.u.user.name,
484		- IPT_STANDARD_TARGET) == 0) &&
	484	+ XT_STANDARD_TARGET) == 0) &&
485	485	t->verdict < -NF_MAX_VERDICT - 1) {
486	486	duprintf("mark_source_chains: bad "
487	487	"negative verdict (%i)\n",
...	...	@@ -524,7 +524,7 @@
524	524	int newpos = t->verdict;
525	525
526	526	if (strcmp(t->target.u.user.name,
527		- IPT_STANDARD_TARGET) == 0 &&
	527	+ XT_STANDARD_TARGET) == 0 &&
528	528	newpos >= 0) {
529	529	if (newpos > newinfo->size -
530	530	sizeof(struct ipt_entry)) {
...	...	@@ -2176,7 +2176,7 @@
2176	2176
2177	2177	static struct xt_target ipt_builtin_tg[] __read_mostly = {
2178	2178	{
2179		- .name = IPT_STANDARD_TARGET,
	2179	+ .name = XT_STANDARD_TARGET,
2180	2180	.targetsize = sizeof(int),
2181	2181	.family = NFPROTO_IPV4,
2182	2182	#ifdef CONFIG_COMPAT
...	...	@@ -2186,7 +2186,7 @@
2186	2186	#endif
2187	2187	},
2188	2188	{
2189		- .name = IPT_ERROR_TARGET,
	2189	+ .name = XT_ERROR_TARGET,
2190	2190	.target = ipt_error,
2191	2191	.targetsize = XT_FUNCTION_MAXNAMELEN,
2192	2192	.family = NFPROTO_IPV4,
...	...	@@ -262,7 +262,7 @@
262	262	{
263	263	const struct xt_standard_target t = (void )ip6t_get_target_c(s);
264	264
265		- if (strcmp(t->target.u.kernel.target->name, IP6T_ERROR_TARGET) == 0) {
	265	+ if (strcmp(t->target.u.kernel.target->name, XT_ERROR_TARGET) == 0) {
266	266	/* Head of user chain: ERROR target with chainname */
267	267	*chainname = t->target.data;
268	268	(*rulenum) = 0;
...	...	@@ -271,7 +271,7 @@
271	271
272	272	if (s->target_offset == sizeof(struct ip6t_entry) &&
273	273	strcmp(t->target.u.kernel.target->name,
274		- IP6T_STANDARD_TARGET) == 0 &&
	274	+ XT_STANDARD_TARGET) == 0 &&
275	275	t->verdict < 0 &&
276	276	unconditional(&s->ipv6)) {
277	277	/* Tail of chains: STANDARD target (return/policy) */
...	...	@@ -406,7 +406,7 @@
406	406	v = ((struct xt_standard_target *)t)->verdict;
407	407	if (v < 0) {
408	408	/* Pop from stack? */
409		- if (v != IP6T_RETURN) {
	409	+ if (v != XT_RETURN) {
410	410	verdict = (unsigned)(-v) - 1;
411	411	break;
412	412	}
...	...	@@ -434,7 +434,7 @@
434	434	acpar.targinfo = t->data;
435	435
436	436	verdict = t->u.kernel.target->target(skb, &acpar);
437		- if (verdict == IP6T_CONTINUE)
	437	+ if (verdict == XT_CONTINUE)
438	438	e = ip6t_next_entry(e);
439	439	else
440	440	/* Verdict */
441	441
...	...	@@ -488,13 +488,13 @@
488	488	/* Unconditional return/END. */
489	489	if ((e->target_offset == sizeof(struct ip6t_entry) &&
490	490	(strcmp(t->target.u.user.name,
491		- IP6T_STANDARD_TARGET) == 0) &&
	491	+ XT_STANDARD_TARGET) == 0) &&
492	492	t->verdict < 0 &&
493	493	unconditional(&e->ipv6)) \|\| visited) {
494	494	unsigned int oldpos, size;
495	495
496	496	if ((strcmp(t->target.u.user.name,
497		- IP6T_STANDARD_TARGET) == 0) &&
	497	+ XT_STANDARD_TARGET) == 0) &&
498	498	t->verdict < -NF_MAX_VERDICT - 1) {
499	499	duprintf("mark_source_chains: bad "
500	500	"negative verdict (%i)\n",
...	...	@@ -537,7 +537,7 @@
537	537	int newpos = t->verdict;
538	538
539	539	if (strcmp(t->target.u.user.name,
540		- IP6T_STANDARD_TARGET) == 0 &&
	540	+ XT_STANDARD_TARGET) == 0 &&
541	541	newpos >= 0) {
542	542	if (newpos > newinfo->size -
543	543	sizeof(struct ip6t_entry)) {
...	...	@@ -2191,7 +2191,7 @@
2191	2191	/* The built-in targets: standard (NULL) and error. */
2192	2192	static struct xt_target ip6t_builtin_tg[] __read_mostly = {
2193	2193	{
2194		- .name = IP6T_STANDARD_TARGET,
	2194	+ .name = XT_STANDARD_TARGET,
2195	2195	.targetsize = sizeof(int),
2196	2196	.family = NFPROTO_IPV6,
2197	2197	#ifdef CONFIG_COMPAT
...	...	@@ -2201,7 +2201,7 @@
2201	2201	#endif
2202	2202	},
2203	2203	{
2204		- .name = IP6T_ERROR_TARGET,
	2204	+ .name = XT_ERROR_TARGET,
2205	2205	.target = ip6t_error,
2206	2206	.targetsize = XT_FUNCTION_MAXNAMELEN,
2207	2207	.family = NFPROTO_IPV6,
...	...	@@ -230,7 +230,7 @@
230	230	result = TC_ACT_SHOT;
231	231	ipt->tcf_qstats.drops++;
232	232	break;
233		- case IPT_CONTINUE:
	233	+ case XT_CONTINUE:
234	234	result = TC_ACT_PIPE;
235	235	break;
236	236	default: