diff options
| author | Julian Anastasov <ja@ssi.bg> | 2013-03-21 05:58:01 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-04-01 18:23:39 -0400 |
| commit | b8abdf098487fe56dfcbeda029bb662effd57ac5 (patch) | |
| tree | 02f23b9aa576731aba10067a7d80db387180e93a | |
| parent | 313eae637f0ce2a37fc1e591f5ac930ec7301b8f (diff) | |
ipvs: convert the IP_VS_XMIT macros to functions
It was a bad idea to hide return statements in macros.
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off by: Hans Schillstrom <hans@schillstrom.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_xmit.c | 134 |
1 files changed, 72 insertions, 62 deletions
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c index 4b0bd15ad7c1..7cd7c61692ac 100644 --- a/net/netfilter/ipvs/ip_vs_xmit.c +++ b/net/netfilter/ipvs/ip_vs_xmit.c | |||
| @@ -376,45 +376,59 @@ ip_vs_dst_reset(struct ip_vs_dest *dest) | |||
| 376 | dest->dst_saddr.ip = 0; | 376 | dest->dst_saddr.ip = 0; |
| 377 | } | 377 | } |
| 378 | 378 | ||
| 379 | #define IP_VS_XMIT_TUNNEL(skb, cp) \ | 379 | /* return NF_ACCEPT to allow forwarding or other NF_xxx on error */ |
| 380 | ({ \ | 380 | static inline int ip_vs_tunnel_xmit_prepare(struct sk_buff *skb, |
| 381 | int __ret = NF_ACCEPT; \ | 381 | struct ip_vs_conn *cp) |
| 382 | \ | 382 | { |
| 383 | (skb)->ipvs_property = 1; \ | 383 | int ret = NF_ACCEPT; |
| 384 | if (unlikely((cp)->flags & IP_VS_CONN_F_NFCT)) \ | 384 | |
| 385 | __ret = ip_vs_confirm_conntrack(skb); \ | 385 | skb->ipvs_property = 1; |
| 386 | if (__ret == NF_ACCEPT) { \ | 386 | if (unlikely(cp->flags & IP_VS_CONN_F_NFCT)) |
| 387 | nf_reset(skb); \ | 387 | ret = ip_vs_confirm_conntrack(skb); |
| 388 | skb_forward_csum(skb); \ | 388 | if (ret == NF_ACCEPT) { |
| 389 | } \ | 389 | nf_reset(skb); |
| 390 | __ret; \ | 390 | skb_forward_csum(skb); |
| 391 | }) | 391 | } |
| 392 | 392 | return ret; | |
| 393 | #define IP_VS_XMIT_NAT(pf, skb, cp, local) \ | 393 | } |
| 394 | do { \ | 394 | |
| 395 | (skb)->ipvs_property = 1; \ | 395 | /* return NF_STOLEN (sent) or NF_ACCEPT if local=1 (not sent) */ |
| 396 | if (likely(!((cp)->flags & IP_VS_CONN_F_NFCT))) \ | 396 | static inline int ip_vs_nat_send_or_cont(int pf, struct sk_buff *skb, |
| 397 | ip_vs_notrack(skb); \ | 397 | struct ip_vs_conn *cp, int local) |
| 398 | else \ | 398 | { |
| 399 | ip_vs_update_conntrack(skb, cp, 1); \ | 399 | int ret = NF_STOLEN; |
| 400 | if (local) \ | 400 | |
| 401 | return NF_ACCEPT; \ | 401 | skb->ipvs_property = 1; |
| 402 | skb_forward_csum(skb); \ | 402 | if (likely(!(cp->flags & IP_VS_CONN_F_NFCT))) |
| 403 | NF_HOOK(pf, NF_INET_LOCAL_OUT, (skb), NULL, \ | 403 | ip_vs_notrack(skb); |
| 404 | skb_dst(skb)->dev, dst_output); \ | 404 | else |
| 405 | } while (0) | 405 | ip_vs_update_conntrack(skb, cp, 1); |
| 406 | 406 | if (!local) { | |
| 407 | #define IP_VS_XMIT(pf, skb, cp, local) \ | 407 | skb_forward_csum(skb); |
| 408 | do { \ | 408 | NF_HOOK(pf, NF_INET_LOCAL_OUT, skb, NULL, skb_dst(skb)->dev, |
| 409 | (skb)->ipvs_property = 1; \ | 409 | dst_output); |
| 410 | if (likely(!((cp)->flags & IP_VS_CONN_F_NFCT))) \ | 410 | } else |
| 411 | ip_vs_notrack(skb); \ | 411 | ret = NF_ACCEPT; |
| 412 | if (local) \ | 412 | return ret; |
| 413 | return NF_ACCEPT; \ | 413 | } |
| 414 | skb_forward_csum(skb); \ | 414 | |
| 415 | NF_HOOK(pf, NF_INET_LOCAL_OUT, (skb), NULL, \ | 415 | /* return NF_STOLEN (sent) or NF_ACCEPT if local=1 (not sent) */ |
| 416 | skb_dst(skb)->dev, dst_output); \ | 416 | static inline int ip_vs_send_or_cont(int pf, struct sk_buff *skb, |
| 417 | } while (0) | 417 | struct ip_vs_conn *cp, int local) |
| 418 | { | ||
| 419 | int ret = NF_STOLEN; | ||
| 420 | |||
| 421 | skb->ipvs_property = 1; | ||
| 422 | if (likely(!(cp->flags & IP_VS_CONN_F_NFCT))) | ||
| 423 | ip_vs_notrack(skb); | ||
| 424 | if (!local) { | ||
| 425 | skb_forward_csum(skb); | ||
| 426 | NF_HOOK(pf, NF_INET_LOCAL_OUT, skb, NULL, skb_dst(skb)->dev, | ||
| 427 | dst_output); | ||
| 428 | } else | ||
| 429 | ret = NF_ACCEPT; | ||
| 430 | return ret; | ||
| 431 | } | ||
| 418 | 432 | ||
| 419 | 433 | ||
| 420 | /* | 434 | /* |
| @@ -425,7 +439,7 @@ ip_vs_null_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 425 | struct ip_vs_protocol *pp, struct ip_vs_iphdr *ipvsh) | 439 | struct ip_vs_protocol *pp, struct ip_vs_iphdr *ipvsh) |
| 426 | { | 440 | { |
| 427 | /* we do not touch skb and do not need pskb ptr */ | 441 | /* we do not touch skb and do not need pskb ptr */ |
| 428 | IP_VS_XMIT(NFPROTO_IPV4, skb, cp, 1); | 442 | return ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 1); |
| 429 | } | 443 | } |
| 430 | 444 | ||
| 431 | 445 | ||
| @@ -476,7 +490,7 @@ ip_vs_bypass_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 476 | /* Another hack: avoid icmp_send in ip_fragment */ | 490 | /* Another hack: avoid icmp_send in ip_fragment */ |
| 477 | skb->local_df = 1; | 491 | skb->local_df = 1; |
| 478 | 492 | ||
| 479 | IP_VS_XMIT(NFPROTO_IPV4, skb, cp, 0); | 493 | ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 0); |
| 480 | 494 | ||
| 481 | LeaveFunction(10); | 495 | LeaveFunction(10); |
| 482 | return NF_STOLEN; | 496 | return NF_STOLEN; |
| @@ -537,7 +551,7 @@ ip_vs_bypass_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 537 | /* Another hack: avoid icmp_send in ip_fragment */ | 551 | /* Another hack: avoid icmp_send in ip_fragment */ |
| 538 | skb->local_df = 1; | 552 | skb->local_df = 1; |
| 539 | 553 | ||
| 540 | IP_VS_XMIT(NFPROTO_IPV6, skb, cp, 0); | 554 | ip_vs_send_or_cont(NFPROTO_IPV6, skb, cp, 0); |
| 541 | 555 | ||
| 542 | LeaveFunction(10); | 556 | LeaveFunction(10); |
| 543 | return NF_STOLEN; | 557 | return NF_STOLEN; |
| @@ -562,7 +576,7 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 562 | struct rtable *rt; /* Route to the other host */ | 576 | struct rtable *rt; /* Route to the other host */ |
| 563 | int mtu; | 577 | int mtu; |
| 564 | struct iphdr *iph = ip_hdr(skb); | 578 | struct iphdr *iph = ip_hdr(skb); |
| 565 | int local; | 579 | int local, rc; |
| 566 | 580 | ||
| 567 | EnterFunction(10); | 581 | EnterFunction(10); |
| 568 | 582 | ||
| @@ -655,10 +669,10 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 655 | /* Another hack: avoid icmp_send in ip_fragment */ | 669 | /* Another hack: avoid icmp_send in ip_fragment */ |
| 656 | skb->local_df = 1; | 670 | skb->local_df = 1; |
| 657 | 671 | ||
| 658 | IP_VS_XMIT_NAT(NFPROTO_IPV4, skb, cp, local); | 672 | rc = ip_vs_nat_send_or_cont(NFPROTO_IPV4, skb, cp, local); |
| 659 | 673 | ||
| 660 | LeaveFunction(10); | 674 | LeaveFunction(10); |
| 661 | return NF_STOLEN; | 675 | return rc; |
| 662 | 676 | ||
| 663 | tx_error_icmp: | 677 | tx_error_icmp: |
| 664 | dst_link_failure(skb); | 678 | dst_link_failure(skb); |
| @@ -678,7 +692,7 @@ ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 678 | { | 692 | { |
| 679 | struct rt6_info *rt; /* Route to the other host */ | 693 | struct rt6_info *rt; /* Route to the other host */ |
| 680 | int mtu; | 694 | int mtu; |
| 681 | int local; | 695 | int local, rc; |
| 682 | 696 | ||
| 683 | EnterFunction(10); | 697 | EnterFunction(10); |
| 684 | 698 | ||
| @@ -771,10 +785,10 @@ ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 771 | /* Another hack: avoid icmp_send in ip_fragment */ | 785 | /* Another hack: avoid icmp_send in ip_fragment */ |
| 772 | skb->local_df = 1; | 786 | skb->local_df = 1; |
| 773 | 787 | ||
| 774 | IP_VS_XMIT_NAT(NFPROTO_IPV6, skb, cp, local); | 788 | rc = ip_vs_nat_send_or_cont(NFPROTO_IPV6, skb, cp, local); |
| 775 | 789 | ||
| 776 | LeaveFunction(10); | 790 | LeaveFunction(10); |
| 777 | return NF_STOLEN; | 791 | return rc; |
| 778 | 792 | ||
| 779 | tx_error_icmp: | 793 | tx_error_icmp: |
| 780 | dst_link_failure(skb); | 794 | dst_link_failure(skb); |
| @@ -833,7 +847,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 833 | goto tx_error_icmp; | 847 | goto tx_error_icmp; |
| 834 | if (rt->rt_flags & RTCF_LOCAL) { | 848 | if (rt->rt_flags & RTCF_LOCAL) { |
| 835 | ip_rt_put(rt); | 849 | ip_rt_put(rt); |
| 836 | IP_VS_XMIT(NFPROTO_IPV4, skb, cp, 1); | 850 | return ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 1); |
| 837 | } | 851 | } |
| 838 | 852 | ||
| 839 | tdev = rt->dst.dev; | 853 | tdev = rt->dst.dev; |
| @@ -905,7 +919,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 905 | /* Another hack: avoid icmp_send in ip_fragment */ | 919 | /* Another hack: avoid icmp_send in ip_fragment */ |
| 906 | skb->local_df = 1; | 920 | skb->local_df = 1; |
| 907 | 921 | ||
| 908 | ret = IP_VS_XMIT_TUNNEL(skb, cp); | 922 | ret = ip_vs_tunnel_xmit_prepare(skb, cp); |
| 909 | if (ret == NF_ACCEPT) | 923 | if (ret == NF_ACCEPT) |
| 910 | ip_local_out(skb); | 924 | ip_local_out(skb); |
| 911 | else if (ret == NF_DROP) | 925 | else if (ret == NF_DROP) |
| @@ -948,7 +962,7 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 948 | goto tx_error_icmp; | 962 | goto tx_error_icmp; |
| 949 | if (__ip_vs_is_local_route6(rt)) { | 963 | if (__ip_vs_is_local_route6(rt)) { |
| 950 | dst_release(&rt->dst); | 964 | dst_release(&rt->dst); |
| 951 | IP_VS_XMIT(NFPROTO_IPV6, skb, cp, 1); | 965 | return ip_vs_send_or_cont(NFPROTO_IPV6, skb, cp, 1); |
| 952 | } | 966 | } |
| 953 | 967 | ||
| 954 | tdev = rt->dst.dev; | 968 | tdev = rt->dst.dev; |
| @@ -1023,7 +1037,7 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 1023 | /* Another hack: avoid icmp_send in ip_fragment */ | 1037 | /* Another hack: avoid icmp_send in ip_fragment */ |
| 1024 | skb->local_df = 1; | 1038 | skb->local_df = 1; |
| 1025 | 1039 | ||
| 1026 | ret = IP_VS_XMIT_TUNNEL(skb, cp); | 1040 | ret = ip_vs_tunnel_xmit_prepare(skb, cp); |
| 1027 | if (ret == NF_ACCEPT) | 1041 | if (ret == NF_ACCEPT) |
| 1028 | ip6_local_out(skb); | 1042 | ip6_local_out(skb); |
| 1029 | else if (ret == NF_DROP) | 1043 | else if (ret == NF_DROP) |
| @@ -1067,7 +1081,7 @@ ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 1067 | goto tx_error_icmp; | 1081 | goto tx_error_icmp; |
| 1068 | if (rt->rt_flags & RTCF_LOCAL) { | 1082 | if (rt->rt_flags & RTCF_LOCAL) { |
| 1069 | ip_rt_put(rt); | 1083 | ip_rt_put(rt); |
| 1070 | IP_VS_XMIT(NFPROTO_IPV4, skb, cp, 1); | 1084 | return ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 1); |
| 1071 | } | 1085 | } |
| 1072 | 1086 | ||
| 1073 | /* MTU checking */ | 1087 | /* MTU checking */ |
| @@ -1097,7 +1111,7 @@ ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 1097 | /* Another hack: avoid icmp_send in ip_fragment */ | 1111 | /* Another hack: avoid icmp_send in ip_fragment */ |
| 1098 | skb->local_df = 1; | 1112 | skb->local_df = 1; |
| 1099 | 1113 | ||
| 1100 | IP_VS_XMIT(NFPROTO_IPV4, skb, cp, 0); | 1114 | ip_vs_send_or_cont(NFPROTO_IPV4, skb, cp, 0); |
| 1101 | 1115 | ||
| 1102 | LeaveFunction(10); | 1116 | LeaveFunction(10); |
| 1103 | return NF_STOLEN; | 1117 | return NF_STOLEN; |
| @@ -1126,7 +1140,7 @@ ip_vs_dr_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 1126 | goto tx_error_icmp; | 1140 | goto tx_error_icmp; |
| 1127 | if (__ip_vs_is_local_route6(rt)) { | 1141 | if (__ip_vs_is_local_route6(rt)) { |
| 1128 | dst_release(&rt->dst); | 1142 | dst_release(&rt->dst); |
| 1129 | IP_VS_XMIT(NFPROTO_IPV6, skb, cp, 1); | 1143 | return ip_vs_send_or_cont(NFPROTO_IPV6, skb, cp, 1); |
| 1130 | } | 1144 | } |
| 1131 | 1145 | ||
| 1132 | /* MTU checking */ | 1146 | /* MTU checking */ |
| @@ -1162,7 +1176,7 @@ ip_vs_dr_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 1162 | /* Another hack: avoid icmp_send in ip_fragment */ | 1176 | /* Another hack: avoid icmp_send in ip_fragment */ |
| 1163 | skb->local_df = 1; | 1177 | skb->local_df = 1; |
| 1164 | 1178 | ||
| 1165 | IP_VS_XMIT(NFPROTO_IPV6, skb, cp, 0); | 1179 | ip_vs_send_or_cont(NFPROTO_IPV6, skb, cp, 0); |
| 1166 | 1180 | ||
| 1167 | LeaveFunction(10); | 1181 | LeaveFunction(10); |
| 1168 | return NF_STOLEN; | 1182 | return NF_STOLEN; |
| @@ -1283,9 +1297,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 1283 | /* Another hack: avoid icmp_send in ip_fragment */ | 1297 | /* Another hack: avoid icmp_send in ip_fragment */ |
| 1284 | skb->local_df = 1; | 1298 | skb->local_df = 1; |
| 1285 | 1299 | ||
| 1286 | IP_VS_XMIT_NAT(NFPROTO_IPV4, skb, cp, local); | 1300 | rc = ip_vs_nat_send_or_cont(NFPROTO_IPV4, skb, cp, local); |
| 1287 | |||
| 1288 | rc = NF_STOLEN; | ||
| 1289 | goto out; | 1301 | goto out; |
| 1290 | 1302 | ||
| 1291 | tx_error_icmp: | 1303 | tx_error_icmp: |
| @@ -1404,9 +1416,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 1404 | /* Another hack: avoid icmp_send in ip_fragment */ | 1416 | /* Another hack: avoid icmp_send in ip_fragment */ |
| 1405 | skb->local_df = 1; | 1417 | skb->local_df = 1; |
| 1406 | 1418 | ||
| 1407 | IP_VS_XMIT_NAT(NFPROTO_IPV6, skb, cp, local); | 1419 | rc = ip_vs_nat_send_or_cont(NFPROTO_IPV6, skb, cp, local); |
| 1408 | |||
| 1409 | rc = NF_STOLEN; | ||
| 1410 | goto out; | 1420 | goto out; |
| 1411 | 1421 | ||
| 1412 | tx_error_icmp: | 1422 | tx_error_icmp: |