netfilter: xtables: move extension arguments into compound structure (1/6)

The function signatures for Xtables extensions have grown over time. It involves a lot of typing/replication, and also a bit of stack space even if they are not used. Realize an NFWS2008 idea and pack them into structs. The skb remains outside of the struct so gcc can continue to apply its optimizations. This patch does this for match extensions' match functions. A few ambiguities have also been addressed. The "offset" parameter for example has been renamed to "fragoff" (there are so many different offsets already) and "protoff" to "thoff" (there is more than just one protocol here, so clarify). Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Jan Engelhardt <jengelh@medozas.de> 2008-10-08 05:35:18 -0400
committer: Patrick McHardy <kaber@trash.net> 2008-10-08 05:35:18 -0400
commit: f7108a20dee44e5bb037f9e48f6a207b42e6ae1c (patch)
tree: bfc741548cdf416a59a89d89a20ba2cbdc8e988e /net/bridge/netfilter
parent: c2df73de246ae75705af8ceed4f385b261dea108 (diff)
11 files changed, 30 insertions, 47 deletions
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c
index 6fc2a59e09a..c9e1bc14951 100644
--- a/net/bridge/netfilter/ebt_802_3.c
+++ b/net/bridge/netfilter/ebt_802_3.c
@@ -13,11 +13,9 @@
 #include <linux/netfilter_bridge/ebt_802_3.h>
 static bool
-ebt_802_3_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_802_3_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-             const struct net_device *out, const struct xt_match *match,
-             const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        const struct ebt_802_3_info *info = data;
+        const struct ebt_802_3_info *info = par->matchinfo;
        const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb);
        __be16 type = hdr->llc.ui.ctrl & IS_UI ? hdr->llc.ui.type : hdr->llc.ni.type;
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
index 084559e1840..0ad0db3e815 100644
--- a/net/bridge/netfilter/ebt_among.c
+++ b/net/bridge/netfilter/ebt_among.c
@@ -128,11 +128,9 @@ static int get_ip_src(const struct sk_buff *skb, __be32 *addr)
 }
 static bool
-ebt_among_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_among_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-             const struct net_device *out, const struct xt_match *match,
-             const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        const struct ebt_among_info *info = data;
+        const struct ebt_among_info *info = par->matchinfo;
        const char *dmac, *smac;
        const struct ebt_mac_wormhash *wh_dst, *wh_src;
        __be32 dip = 0, sip = 0;
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c
index a073dffe7a1..1ff8fa3a9e7 100644
--- a/net/bridge/netfilter/ebt_arp.c
+++ b/net/bridge/netfilter/ebt_arp.c
@@ -16,11 +16,9 @@
 #include <linux/netfilter_bridge/ebt_arp.h>
 static bool
-ebt_arp_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_arp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-           const struct net_device *out, const struct xt_match *match,
-           const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        const struct ebt_arp_info *info = data;
+        const struct ebt_arp_info *info = par->matchinfo;
        const struct arphdr *ah;
        struct arphdr _arph;
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c
index b42c7ce799b..c70ea39840b 100644
--- a/net/bridge/netfilter/ebt_ip.c
+++ b/net/bridge/netfilter/ebt_ip.c
@@ -25,11 +25,9 @@ struct tcpudphdr {
 };
 static bool
-ebt_ip_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_ip_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-          const struct net_device *out, const struct xt_match *match,
-          const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        const struct ebt_ip_info *info = data;
+        const struct ebt_ip_info *info = par->matchinfo;
        const struct iphdr *ih;
        struct iphdr _iph;
        const struct tcpudphdr *pptr;
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
index 7bd98312967..5acee02de72 100644
--- a/net/bridge/netfilter/ebt_ip6.c
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -28,11 +28,9 @@ struct tcpudphdr {
 };
 static bool
-ebt_ip6_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_ip6_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-           const struct net_device *out, const struct xt_match *match,
-           const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        const struct ebt_ip6_info *info = data;
+        const struct ebt_ip6_info *info = par->matchinfo;
        const struct ipv6hdr *ih6;
        struct ipv6hdr _ip6h;
        const struct tcpudphdr *pptr;
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
index 58aaaa14906..9a3ec8cadaa 100644
--- a/net/bridge/netfilter/ebt_limit.c
+++ b/net/bridge/netfilter/ebt_limit.c
@@ -31,11 +31,9 @@ static DEFINE_SPINLOCK(limit_lock);
 #define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ)
 static bool
-ebt_limit_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_limit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-             const struct net_device *out, const struct xt_match *match,
-             const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        struct ebt_limit_info *info = (void *)data;
+        struct ebt_limit_info *info = (void *)par->matchinfo;
        unsigned long now = jiffies;
        spin_lock_bh(&limit_lock);
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c
index aa6781c7f98..5b22ef96127 100644
--- a/net/bridge/netfilter/ebt_mark_m.c
+++ b/net/bridge/netfilter/ebt_mark_m.c
@@ -13,11 +13,9 @@
 #include <linux/netfilter_bridge/ebt_mark_m.h>
 static bool
-ebt_mark_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_mark_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-            const struct net_device *out, const struct xt_match *match,
-            const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        const struct ebt_mark_m_info *info = data;
+        const struct ebt_mark_m_info *info = par->matchinfo;
        if (info->bitmask & EBT_MARK_OR)
                return !!(skb->mark & info->mask) ^ info->invert;
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c
index 1c04ce5a52c..b756f88fb10 100644
--- a/net/bridge/netfilter/ebt_pkttype.c
+++ b/net/bridge/netfilter/ebt_pkttype.c
@@ -13,12 +13,9 @@
 #include <linux/netfilter_bridge/ebt_pkttype.h>
 static bool
-ebt_pkttype_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_pkttype_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-               const struct net_device *out, const struct xt_match *match,
-               const void *data, int offset, unsigned int protoff,
-               bool *hotdrop)
 {
-        const struct ebt_pkttype_info *info = data;
+        const struct ebt_pkttype_info *info = par->matchinfo;
        return (skb->pkt_type == info->pkt_type) ^ info->invert;
 }
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c
index 28bb48b67a8..06d777c62c3 100644
--- a/net/bridge/netfilter/ebt_stp.c
+++ b/net/bridge/netfilter/ebt_stp.c
@@ -120,11 +120,9 @@ static bool ebt_filter_config(const struct ebt_stp_info *info,
 }
 static bool
-ebt_stp_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_stp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-           const struct net_device *out, const struct xt_match *match,
-           const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        const struct ebt_stp_info *info = data;
+        const struct ebt_stp_info *info = par->matchinfo;
        const struct stp_header *sp;
        struct stp_header _stph;
        const uint8_t header[6] = {0x42, 0x42, 0x03, 0x00, 0x00, 0x00};
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c
index 5addef6d62f..b05b4a81834 100644
--- a/net/bridge/netfilter/ebt_vlan.c
+++ b/net/bridge/netfilter/ebt_vlan.c
@@ -41,11 +41,9 @@ MODULE_LICENSE("GPL");
 #define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; }
 static bool
-ebt_vlan_mt(const struct sk_buff *skb, const struct net_device *in,
+ebt_vlan_mt(const struct sk_buff *skb, const struct xt_match_param *par)
-            const struct net_device *out, const struct xt_match *match,
-            const void *data, int offset, unsigned int protoff, bool *hotdrop)
 {
-        const struct ebt_vlan_info *info = data;
+        const struct ebt_vlan_info *info = par->matchinfo;
        const struct vlan_hdr *fp;
        struct vlan_hdr _frame;
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 7ee72b71d3c..f8e1822f38d 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -74,11 +74,11 @@ static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
 }
 static inline int ebt_do_match (struct ebt_entry_match *m,
-   const struct sk_buff *skb, const struct net_device *in,
+   const struct sk_buff *skb, struct xt_match_param *par)
-   const struct net_device *out, bool *hotdrop)
 {
-        return m->u.match->match(skb, in, out, m->u.match,
+        par->match     = m->u.match;
-               m->data, 0, 0, hotdrop);
+        par->matchinfo = m->data;
+        return m->u.match->match(skb, par);
 }
 static inline int ebt_dev_check(char *entry, const struct net_device *device)
@@ -155,6 +155,11 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
        char *base;
        struct ebt_table_info *private;
        bool hotdrop = false;
+        struct xt_match_param mtpar;
+        mtpar.in      = in;
+        mtpar.out     = out;
+        mtpar.hotdrop = &hotdrop;
        read_lock_bh(&table->lock);
        private = table->private;
@@ -175,8 +180,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
                if (ebt_basic_match(point, eth_hdr(skb), in, out))
                        goto letscontinue;
-                if (EBT_MATCH_ITERATE(point, ebt_do_match, skb,
+                if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0)
-                    in, out, &hotdrop) != 0)
                        goto letscontinue;
                if (hotdrop) {
                        read_unlock_bh(&table->lock);
author	Jan Engelhardt <jengelh@medozas.de>	2008-10-08 05:35:18 -0400
committer	Patrick McHardy <kaber@trash.net>	2008-10-08 05:35:18 -0400
commit	f7108a20dee44e5bb037f9e48f6a207b42e6ae1c (patch)
tree	bfc741548cdf416a59a89d89a20ba2cbdc8e988e /net/bridge/netfilter
parent	c2df73de246ae75705af8ceed4f385b261dea108 (diff)