Commit 55b69e91040c685a064198bd76e59885b7ad26c6

Authored by Jan Engelhardt
Committed by Patrick McHardy
1 parent ee999d8b95

netfilter: implement NFPROTO_UNSPEC as a wildcard for extensions

When a match or target is looked up using xt_find_{match,target},
Xtables will also search the NFPROTO_UNSPEC module list. This allows
for protocol-independent extensions (like xt_time) to be reused from
other components (e.g. arptables, ebtables).

Extensions that take different codepaths depending on match->family
or target->family of course cannot use NFPROTO_UNSPEC within the
registration structure (e.g. xt_pkttype).

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>

Showing 14 changed files with 124 additions and 269 deletions Side-by-side Diff

net/netfilter/x_tables.c
... ... @@ -209,6 +209,11 @@
209 209 }
210 210 }
211 211 mutex_unlock(&xt[af].mutex);
  212 +
  213 + if (af != NFPROTO_UNSPEC)
  214 + /* Try searching again in the family-independent list */
  215 + return xt_find_match(NFPROTO_UNSPEC, name, revision);
  216 +
212 217 return ERR_PTR(err);
213 218 }
214 219 EXPORT_SYMBOL(xt_find_match);
... ... @@ -234,6 +239,11 @@
234 239 }
235 240 }
236 241 mutex_unlock(&xt[af].mutex);
  242 +
  243 + if (af != NFPROTO_UNSPEC)
  244 + /* Try searching again in the family-independent list */
  245 + return xt_find_target(NFPROTO_UNSPEC, name, revision);
  246 +
237 247 return ERR_PTR(err);
238 248 }
239 249 EXPORT_SYMBOL(xt_find_target);
net/netfilter/xt_CLASSIFY.c
... ... @@ -37,40 +37,26 @@
37 37 return XT_CONTINUE;
38 38 }
39 39  
40   -static struct xt_target classify_tg_reg[] __read_mostly = {
41   - {
42   - .family = NFPROTO_IPV4,
43   - .name = "CLASSIFY",
44   - .target = classify_tg,
45   - .targetsize = sizeof(struct xt_classify_target_info),
46   - .table = "mangle",
47   - .hooks = (1 << NF_INET_LOCAL_OUT) |
48   - (1 << NF_INET_FORWARD) |
49   - (1 << NF_INET_POST_ROUTING),
50   - .me = THIS_MODULE,
51   - },
52   - {
53   - .name = "CLASSIFY",
54   - .family = NFPROTO_IPV6,
55   - .target = classify_tg,
56   - .targetsize = sizeof(struct xt_classify_target_info),
57   - .table = "mangle",
58   - .hooks = (1 << NF_INET_LOCAL_OUT) |
59   - (1 << NF_INET_FORWARD) |
60   - (1 << NF_INET_POST_ROUTING),
61   - .me = THIS_MODULE,
62   - },
  40 +static struct xt_target classify_tg_reg __read_mostly = {
  41 + .name = "CLASSIFY",
  42 + .revision = 0,
  43 + .family = NFPROTO_UNSPEC,
  44 + .table = "mangle",
  45 + .hooks = (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_FORWARD) |
  46 + (1 << NF_INET_POST_ROUTING),
  47 + .target = classify_tg,
  48 + .targetsize = sizeof(struct xt_classify_target_info),
  49 + .me = THIS_MODULE,
63 50 };
64 51  
65 52 static int __init classify_tg_init(void)
66 53 {
67   - return xt_register_targets(classify_tg_reg,
68   - ARRAY_SIZE(classify_tg_reg));
  54 + return xt_register_target(&classify_tg_reg);
69 55 }
70 56  
71 57 static void __exit classify_tg_exit(void)
72 58 {
73   - xt_unregister_targets(classify_tg_reg, ARRAY_SIZE(classify_tg_reg));
  59 + xt_unregister_target(&classify_tg_reg);
74 60 }
75 61  
76 62 module_init(classify_tg_init);
net/netfilter/xt_MARK.c
... ... @@ -222,15 +222,7 @@
222 222 {
223 223 .name = "MARK",
224 224 .revision = 2,
225   - .family = NFPROTO_IPV4,
226   - .target = mark_tg,
227   - .targetsize = sizeof(struct xt_mark_tginfo2),
228   - .me = THIS_MODULE,
229   - },
230   - {
231   - .name = "MARK",
232   - .revision = 2,
233   - .family = NFPROTO_IPV6,
  225 + .family = NFPROTO_UNSPEC,
234 226 .target = mark_tg,
235 227 .targetsize = sizeof(struct xt_mark_tginfo2),
236 228 .me = THIS_MODULE,
net/netfilter/xt_RATEEST.c
... ... @@ -157,25 +157,15 @@
157 157 xt_rateest_put(info->est);
158 158 }
159 159  
160   -static struct xt_target xt_rateest_target[] __read_mostly = {
161   - {
162   - .family = NFPROTO_IPV4,
163   - .name = "RATEEST",
164   - .target = xt_rateest_tg,
165   - .checkentry = xt_rateest_tg_checkentry,
166   - .destroy = xt_rateest_tg_destroy,
167   - .targetsize = sizeof(struct xt_rateest_target_info),
168   - .me = THIS_MODULE,
169   - },
170   - {
171   - .family = NFPROTO_IPV6,
172   - .name = "RATEEST",
173   - .target = xt_rateest_tg,
174   - .checkentry = xt_rateest_tg_checkentry,
175   - .destroy = xt_rateest_tg_destroy,
176   - .targetsize = sizeof(struct xt_rateest_target_info),
177   - .me = THIS_MODULE,
178   - },
  160 +static struct xt_target xt_rateest_tg_reg __read_mostly = {
  161 + .name = "RATEEST",
  162 + .revision = 0,
  163 + .family = NFPROTO_UNSPEC,
  164 + .target = xt_rateest_tg,
  165 + .checkentry = xt_rateest_tg_checkentry,
  166 + .destroy = xt_rateest_tg_destroy,
  167 + .targetsize = sizeof(struct xt_rateest_target_info),
  168 + .me = THIS_MODULE,
179 169 };
180 170  
181 171 static int __init xt_rateest_tg_init(void)
182 172  
... ... @@ -186,13 +176,12 @@
186 176 INIT_HLIST_HEAD(&rateest_hash[i]);
187 177  
188 178 get_random_bytes(&jhash_rnd, sizeof(jhash_rnd));
189   - return xt_register_targets(xt_rateest_target,
190   - ARRAY_SIZE(xt_rateest_target));
  179 + return xt_register_target(&xt_rateest_tg_reg);
191 180 }
192 181  
193 182 static void __exit xt_rateest_tg_fini(void)
194 183 {
195   - xt_unregister_targets(xt_rateest_target, ARRAY_SIZE(xt_rateest_target));
  184 + xt_unregister_target(&xt_rateest_tg_reg);
196 185 }
197 186  
198 187  
net/netfilter/xt_SECMARK.c
... ... @@ -125,35 +125,25 @@
125 125 }
126 126 }
127 127  
128   -static struct xt_target secmark_tg_reg[] __read_mostly = {
129   - {
130   - .name = "SECMARK",
131   - .family = NFPROTO_IPV4,
132   - .checkentry = secmark_tg_check,
133   - .destroy = secmark_tg_destroy,
134   - .target = secmark_tg,
135   - .targetsize = sizeof(struct xt_secmark_target_info),
136   - .me = THIS_MODULE,
137   - },
138   - {
139   - .name = "SECMARK",
140   - .family = NFPROTO_IPV6,
141   - .checkentry = secmark_tg_check,
142   - .destroy = secmark_tg_destroy,
143   - .target = secmark_tg,
144   - .targetsize = sizeof(struct xt_secmark_target_info),
145   - .me = THIS_MODULE,
146   - },
  128 +static struct xt_target secmark_tg_reg __read_mostly = {
  129 + .name = "SECMARK",
  130 + .revision = 0,
  131 + .family = NFPROTO_UNSPEC,
  132 + .checkentry = secmark_tg_check,
  133 + .destroy = secmark_tg_destroy,
  134 + .target = secmark_tg,
  135 + .targetsize = sizeof(struct xt_secmark_target_info),
  136 + .me = THIS_MODULE,
147 137 };
148 138  
149 139 static int __init secmark_tg_init(void)
150 140 {
151   - return xt_register_targets(secmark_tg_reg, ARRAY_SIZE(secmark_tg_reg));
  141 + return xt_register_target(&secmark_tg_reg);
152 142 }
153 143  
154 144 static void __exit secmark_tg_exit(void)
155 145 {
156   - xt_unregister_targets(secmark_tg_reg, ARRAY_SIZE(secmark_tg_reg));
  146 + xt_unregister_target(&secmark_tg_reg);
157 147 }
158 148  
159 149 module_init(secmark_tg_init);
net/netfilter/xt_TRACE.c
... ... @@ -19,31 +19,23 @@
19 19 return XT_CONTINUE;
20 20 }
21 21  
22   -static struct xt_target trace_tg_reg[] __read_mostly = {
23   - {
24   - .name = "TRACE",
25   - .family = NFPROTO_IPV4,
26   - .target = trace_tg,
27   - .table = "raw",
28   - .me = THIS_MODULE,
29   - },
30   - {
31   - .name = "TRACE",
32   - .family = NFPROTO_IPV6,
33   - .target = trace_tg,
34   - .table = "raw",
35   - .me = THIS_MODULE,
36   - },
  22 +static struct xt_target trace_tg_reg __read_mostly = {
  23 + .name = "TRACE",
  24 + .revision = 0,
  25 + .family = NFPROTO_UNSPEC,
  26 + .table = "raw",
  27 + .target = trace_tg,
  28 + .me = THIS_MODULE,
37 29 };
38 30  
39 31 static int __init trace_tg_init(void)
40 32 {
41   - return xt_register_targets(trace_tg_reg, ARRAY_SIZE(trace_tg_reg));
  33 + return xt_register_target(&trace_tg_reg);
42 34 }
43 35  
44 36 static void __exit trace_tg_exit(void)
45 37 {
46   - xt_unregister_targets(trace_tg_reg, ARRAY_SIZE(trace_tg_reg));
  38 + xt_unregister_target(&trace_tg_reg);
47 39 }
48 40  
49 41 module_init(trace_tg_init);
net/netfilter/xt_limit.c
... ... @@ -167,43 +167,29 @@
167 167 }
168 168 #endif /* CONFIG_COMPAT */
169 169  
170   -static struct xt_match limit_mt_reg[] __read_mostly = {
171   - {
172   - .name = "limit",
173   - .family = NFPROTO_IPV4,
174   - .checkentry = limit_mt_check,
175   - .match = limit_mt,
176   - .matchsize = sizeof(struct xt_rateinfo),
  170 +static struct xt_match limit_mt_reg __read_mostly = {
  171 + .name = "limit",
  172 + .revision = 0,
  173 + .family = NFPROTO_UNSPEC,
  174 + .match = limit_mt,
  175 + .checkentry = limit_mt_check,
  176 + .matchsize = sizeof(struct xt_rateinfo),
177 177 #ifdef CONFIG_COMPAT
178   - .compatsize = sizeof(struct compat_xt_rateinfo),
179   - .compat_from_user = limit_mt_compat_from_user,
180   - .compat_to_user = limit_mt_compat_to_user,
  178 + .compatsize = sizeof(struct compat_xt_rateinfo),
  179 + .compat_from_user = limit_mt_compat_from_user,
  180 + .compat_to_user = limit_mt_compat_to_user,
181 181 #endif
182   - .me = THIS_MODULE,
183   - },
184   - {
185   - .name = "limit",
186   - .family = NFPROTO_IPV6,
187   - .checkentry = limit_mt_check,
188   - .match = limit_mt,
189   - .matchsize = sizeof(struct xt_rateinfo),
190   -#ifdef CONFIG_COMPAT
191   - .compatsize = sizeof(struct compat_xt_rateinfo),
192   - .compat_from_user = limit_mt_compat_from_user,
193   - .compat_to_user = limit_mt_compat_to_user,
194   -#endif
195   - .me = THIS_MODULE,
196   - },
  182 + .me = THIS_MODULE,
197 183 };
198 184  
199 185 static int __init limit_mt_init(void)
200 186 {
201   - return xt_register_matches(limit_mt_reg, ARRAY_SIZE(limit_mt_reg));
  187 + return xt_register_match(&limit_mt_reg);
202 188 }
203 189  
204 190 static void __exit limit_mt_exit(void)
205 191 {
206   - xt_unregister_matches(limit_mt_reg, ARRAY_SIZE(limit_mt_reg));
  192 + xt_unregister_match(&limit_mt_reg);
207 193 }
208 194  
209 195 module_init(limit_mt_init);
net/netfilter/xt_mark.c
... ... @@ -92,7 +92,7 @@
92 92 {
93 93 .name = "mark",
94 94 .revision = 0,
95   - .family = NFPROTO_IPV4,
  95 + .family = NFPROTO_UNSPEC,
96 96 .checkentry = mark_mt_check_v0,
97 97 .match = mark_mt_v0,
98 98 .matchsize = sizeof(struct xt_mark_info),
99 99  
... ... @@ -104,31 +104,9 @@
104 104 .me = THIS_MODULE,
105 105 },
106 106 {
107   - .name = "mark",
108   - .revision = 0,
109   - .family = NFPROTO_IPV6,
110   - .checkentry = mark_mt_check_v0,
111   - .match = mark_mt_v0,
112   - .matchsize = sizeof(struct xt_mark_info),
113   -#ifdef CONFIG_COMPAT
114   - .compatsize = sizeof(struct compat_xt_mark_info),
115   - .compat_from_user = mark_mt_compat_from_user_v0,
116   - .compat_to_user = mark_mt_compat_to_user_v0,
117   -#endif
118   - .me = THIS_MODULE,
119   - },
120   - {
121 107 .name = "mark",
122 108 .revision = 1,
123   - .family = NFPROTO_IPV4,
124   - .match = mark_mt,
125   - .matchsize = sizeof(struct xt_mark_mtinfo1),
126   - .me = THIS_MODULE,
127   - },
128   - {
129   - .name = "mark",
130   - .revision = 1,
131   - .family = NFPROTO_IPV6,
  109 + .family = NFPROTO_UNSPEC,
132 110 .match = mark_mt,
133 111 .matchsize = sizeof(struct xt_mark_mtinfo1),
134 112 .me = THIS_MODULE,
net/netfilter/xt_quota.c
... ... @@ -54,33 +54,24 @@
54 54 return true;
55 55 }
56 56  
57   -static struct xt_match quota_mt_reg[] __read_mostly = {
58   - {
59   - .name = "quota",
60   - .family = NFPROTO_IPV4,
61   - .checkentry = quota_mt_check,
62   - .match = quota_mt,
63   - .matchsize = sizeof(struct xt_quota_info),
64   - .me = THIS_MODULE
65   - },
66   - {
67   - .name = "quota",
68   - .family = NFPROTO_IPV6,
69   - .checkentry = quota_mt_check,
70   - .match = quota_mt,
71   - .matchsize = sizeof(struct xt_quota_info),
72   - .me = THIS_MODULE
73   - },
  57 +static struct xt_match quota_mt_reg __read_mostly = {
  58 + .name = "quota",
  59 + .revision = 0,
  60 + .family = NFPROTO_UNSPEC,
  61 + .match = quota_mt,
  62 + .checkentry = quota_mt_check,
  63 + .matchsize = sizeof(struct xt_quota_info),
  64 + .me = THIS_MODULE,
74 65 };
75 66  
76 67 static int __init quota_mt_init(void)
77 68 {
78   - return xt_register_matches(quota_mt_reg, ARRAY_SIZE(quota_mt_reg));
  69 + return xt_register_match(&quota_mt_reg);
79 70 }
80 71  
81 72 static void __exit quota_mt_exit(void)
82 73 {
83   - xt_unregister_matches(quota_mt_reg, ARRAY_SIZE(quota_mt_reg));
  74 + xt_unregister_match(&quota_mt_reg);
84 75 }
85 76  
86 77 module_init(quota_mt_init);
net/netfilter/xt_rateest.c
... ... @@ -137,36 +137,25 @@
137 137 xt_rateest_put(info->est2);
138 138 }
139 139  
140   -static struct xt_match xt_rateest_match[] __read_mostly = {
141   - {
142   - .family = NFPROTO_IPV4,
143   - .name = "rateest",
144   - .match = xt_rateest_mt,
145   - .checkentry = xt_rateest_mt_checkentry,
146   - .destroy = xt_rateest_mt_destroy,
147   - .matchsize = sizeof(struct xt_rateest_match_info),
148   - .me = THIS_MODULE,
149   - },
150   - {
151   - .family = NFPROTO_IPV6,
152   - .name = "rateest",
153   - .match = xt_rateest_mt,
154   - .checkentry = xt_rateest_mt_checkentry,
155   - .destroy = xt_rateest_mt_destroy,
156   - .matchsize = sizeof(struct xt_rateest_match_info),
157   - .me = THIS_MODULE,
158   - },
  140 +static struct xt_match xt_rateest_mt_reg __read_mostly = {
  141 + .name = "rateest",
  142 + .revision = 0,
  143 + .family = NFPROTO_UNSPEC,
  144 + .match = xt_rateest_mt,
  145 + .checkentry = xt_rateest_mt_checkentry,
  146 + .destroy = xt_rateest_mt_destroy,
  147 + .matchsize = sizeof(struct xt_rateest_match_info),
  148 + .me = THIS_MODULE,
159 149 };
160 150  
161 151 static int __init xt_rateest_mt_init(void)
162 152 {
163   - return xt_register_matches(xt_rateest_match,
164   - ARRAY_SIZE(xt_rateest_match));
  153 + return xt_register_match(&xt_rateest_mt_reg);
165 154 }
166 155  
167 156 static void __exit xt_rateest_mt_fini(void)
168 157 {
169   - xt_unregister_matches(xt_rateest_match, ARRAY_SIZE(xt_rateest_match));
  158 + xt_unregister_match(&xt_rateest_mt_reg);
170 159 }
171 160  
172 161 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
net/netfilter/xt_statistic.c
... ... @@ -66,35 +66,24 @@
66 66 return true;
67 67 }
68 68  
69   -static struct xt_match statistic_mt_reg[] __read_mostly = {
70   - {
71   - .name = "statistic",
72   - .family = NFPROTO_IPV4,
73   - .checkentry = statistic_mt_check,
74   - .match = statistic_mt,
75   - .matchsize = sizeof(struct xt_statistic_info),
76   - .me = THIS_MODULE,
77   - },
78   - {
79   - .name = "statistic",
80   - .family = NFPROTO_IPV6,
81   - .checkentry = statistic_mt_check,
82   - .match = statistic_mt,
83   - .matchsize = sizeof(struct xt_statistic_info),
84   - .me = THIS_MODULE,
85   - },
  69 +static struct xt_match xt_statistic_mt_reg __read_mostly = {
  70 + .name = "statistic",
  71 + .revision = 0,
  72 + .family = NFPROTO_UNSPEC,
  73 + .match = statistic_mt,
  74 + .checkentry = statistic_mt_check,
  75 + .matchsize = sizeof(struct xt_statistic_info),
  76 + .me = THIS_MODULE,
86 77 };
87 78  
88 79 static int __init statistic_mt_init(void)
89 80 {
90   - return xt_register_matches(statistic_mt_reg,
91   - ARRAY_SIZE(statistic_mt_reg));
  81 + return xt_register_match(&xt_statistic_mt_reg);
92 82 }
93 83  
94 84 static void __exit statistic_mt_exit(void)
95 85 {
96   - xt_unregister_matches(statistic_mt_reg,
97   - ARRAY_SIZE(statistic_mt_reg));
  86 + xt_unregister_match(&xt_statistic_mt_reg);
98 87 }
99 88  
100 89 module_init(statistic_mt_init);
net/netfilter/xt_string.c
... ... @@ -81,11 +81,11 @@
81 81 textsearch_destroy(STRING_TEXT_PRIV(matchinfo)->config);
82 82 }
83 83  
84   -static struct xt_match string_mt_reg[] __read_mostly = {
  84 +static struct xt_match xt_string_mt_reg[] __read_mostly = {
85 85 {
86 86 .name = "string",
87 87 .revision = 0,
88   - .family = NFPROTO_IPV4,
  88 + .family = NFPROTO_UNSPEC,
89 89 .checkentry = string_mt_check,
90 90 .match = string_mt,
91 91 .destroy = string_mt_destroy,
92 92  
93 93  
94 94  
... ... @@ -95,43 +95,24 @@
95 95 {
96 96 .name = "string",
97 97 .revision = 1,
98   - .family = NFPROTO_IPV4,
  98 + .family = NFPROTO_UNSPEC,
99 99 .checkentry = string_mt_check,
100 100 .match = string_mt,
101 101 .destroy = string_mt_destroy,
102 102 .matchsize = sizeof(struct xt_string_info),
103 103 .me = THIS_MODULE
104 104 },
105   - {
106   - .name = "string",
107   - .revision = 0,
108   - .family = NFPROTO_IPV6,
109   - .checkentry = string_mt_check,
110   - .match = string_mt,
111   - .destroy = string_mt_destroy,
112   - .matchsize = sizeof(struct xt_string_info),
113   - .me = THIS_MODULE
114   - },
115   - {
116   - .name = "string",
117   - .revision = 1,
118   - .family = NFPROTO_IPV6,
119   - .checkentry = string_mt_check,
120   - .match = string_mt,
121   - .destroy = string_mt_destroy,
122   - .matchsize = sizeof(struct xt_string_info),
123   - .me = THIS_MODULE
124   - },
125 105 };
126 106  
127 107 static int __init string_mt_init(void)
128 108 {
129   - return xt_register_matches(string_mt_reg, ARRAY_SIZE(string_mt_reg));
  109 + return xt_register_matches(xt_string_mt_reg,
  110 + ARRAY_SIZE(xt_string_mt_reg));
130 111 }
131 112  
132 113 static void __exit string_mt_exit(void)
133 114 {
134   - xt_unregister_matches(string_mt_reg, ARRAY_SIZE(string_mt_reg));
  115 + xt_unregister_matches(xt_string_mt_reg, ARRAY_SIZE(xt_string_mt_reg));
135 116 }
136 117  
137 118 module_init(string_mt_init);
net/netfilter/xt_time.c
... ... @@ -237,33 +237,23 @@
237 237 return true;
238 238 }
239 239  
240   -static struct xt_match time_mt_reg[] __read_mostly = {
241   - {
242   - .name = "time",
243   - .family = NFPROTO_IPV4,
244   - .match = time_mt,
245   - .matchsize = sizeof(struct xt_time_info),
246   - .checkentry = time_mt_check,
247   - .me = THIS_MODULE,
248   - },
249   - {
250   - .name = "time",
251   - .family = NFPROTO_IPV6,
252   - .match = time_mt,
253   - .matchsize = sizeof(struct xt_time_info),
254   - .checkentry = time_mt_check,
255   - .me = THIS_MODULE,
256   - },
  240 +static struct xt_match xt_time_mt_reg __read_mostly = {
  241 + .name = "time",
  242 + .family = NFPROTO_UNSPEC,
  243 + .match = time_mt,
  244 + .checkentry = time_mt_check,
  245 + .matchsize = sizeof(struct xt_time_info),
  246 + .me = THIS_MODULE,
257 247 };
258 248  
259 249 static int __init time_mt_init(void)
260 250 {
261   - return xt_register_matches(time_mt_reg, ARRAY_SIZE(time_mt_reg));
  251 + return xt_register_match(&xt_time_mt_reg);
262 252 }
263 253  
264 254 static void __exit time_mt_exit(void)
265 255 {
266   - xt_unregister_matches(time_mt_reg, ARRAY_SIZE(time_mt_reg));
  256 + xt_unregister_match(&xt_time_mt_reg);
267 257 }
268 258  
269 259 module_init(time_mt_init);
net/netfilter/xt_u32.c
... ... @@ -99,31 +99,23 @@
99 99 return ret ^ data->invert;
100 100 }
101 101  
102   -static struct xt_match u32_mt_reg[] __read_mostly = {
103   - {
104   - .name = "u32",
105   - .family = NFPROTO_IPV4,
106   - .match = u32_mt,
107   - .matchsize = sizeof(struct xt_u32),
108   - .me = THIS_MODULE,
109   - },
110   - {
111   - .name = "u32",
112   - .family = NFPROTO_IPV6,
113   - .match = u32_mt,
114   - .matchsize = sizeof(struct xt_u32),
115   - .me = THIS_MODULE,
116   - },
  102 +static struct xt_match xt_u32_mt_reg __read_mostly = {
  103 + .name = "u32",
  104 + .revision = 0,
  105 + .family = NFPROTO_UNSPEC,
  106 + .match = u32_mt,
  107 + .matchsize = sizeof(struct xt_u32),
  108 + .me = THIS_MODULE,
117 109 };
118 110  
119 111 static int __init u32_mt_init(void)
120 112 {
121   - return xt_register_matches(u32_mt_reg, ARRAY_SIZE(u32_mt_reg));
  113 + return xt_register_match(&xt_u32_mt_reg);
122 114 }
123 115  
124 116 static void __exit u32_mt_exit(void)
125 117 {
126   - xt_unregister_matches(u32_mt_reg, ARRAY_SIZE(u32_mt_reg));
  118 + xt_unregister_match(&xt_u32_mt_reg);
127 119 }
128 120  
129 121 module_init(u32_mt_init);