[NETFILTER]: Convert x_tables matches/targets to centralized error checking

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 8 insertions, 25 deletions

diff --git a/net/netfilter/xt_mac.c b/net/netfilter/xt_mac.c
index 0461dcb5fc7a..e20772616f55 100644
--- a/net/netfilter/xt_mac.c
+++ b/net/netfilter/xt_mac.c
@@ -42,37 +42,20 @@ match(const struct sk_buff *skb,
 		^ info->invert));
 }
 
-static int
-ipt_mac_checkentry(const char *tablename,
-		   const void *inf,
-		   void *matchinfo,
-		   unsigned int matchsize,
-		   unsigned int hook_mask)
-{
-	/* FORWARD isn't always valid, but it's nice to be able to do --RR */
-	if (hook_mask
-	    & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN)
-		| (1 << NF_IP_FORWARD))) {
-		printk("xt_mac: only valid for PRE_ROUTING, LOCAL_IN or FORWARD.\n");
-		return 0;
-	}
-
-	if (matchsize != XT_ALIGN(sizeof(struct xt_mac_info)))
-		return 0;
-
-	return 1;
-}
-
 static struct xt_match mac_match = {
 	.name		= "mac",
-	.match		= &match,
-	.checkentry	= &ipt_mac_checkentry,
+	.match		= match,
+	.matchsize	= sizeof(struct xt_mac_info),
+	.hooks		= (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN) |
+			  (1 << NF_IP_FORWARD),
 	.me		= THIS_MODULE,
 };
 static struct xt_match mac6_match = {
 	.name		= "mac",
-	.match		= &match,
-	.checkentry	= &ipt_mac_checkentry,
+	.match		= match,
+	.matchsize	= sizeof(struct xt_mac_info),
+	.hooks		= (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN) |
+			  (1 << NF_IP_FORWARD),
 	.me		= THIS_MODULE,
 };