netfilter: xtables: combine struct xt_match_param and xt_target_param

The structures carried - besides match/target - almost the same data. It is possible to combine them, as extensions are evaluated serially, and so, the callers end up a little smaller. text data bss filename -15318 740 104 net/ipv4/netfilter/ip_tables.o +15286 740 104 net/ipv4/netfilter/ip_tables.o -15333 540 152 net/ipv6/netfilter/ip6_tables.o +15269 540 152 net/ipv6/netfilter/ip6_tables.o Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2009-07-05 12:26:37 -0400
committer: Jan Engelhardt <jengelh@medozas.de> 2010-05-11 12:23:43 -0400
commit: de74c16996287250f0d947663127f80c6beebd3c (patch)
tree: c7e77e254c5812c8561516dd668eaec732a89a0d /net/ipv6/netfilter
parent: ef53d702c3614fb919e8a8291033e3dbccfd1aea (diff)
1 files changed, 13 insertions, 14 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index f8ac4a0b589..076308c1acd 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -345,8 +345,7 @@ ip6t_do_table(struct sk_buff *skb,
        struct ip6t_entry *e, **jumpstack;
        unsigned int *stackptr, origptr, cpu;
        const struct xt_table_info *private;
-        struct xt_match_param mtpar;
+        struct xt_action_param acpar;
-        struct xt_target_param tgpar;
        /* Initialization */
        indev = in ? in->name : nulldevname;
@@ -357,11 +356,11 @@ ip6t_do_table(struct sk_buff *skb,
         * things we don't know, ie. tcp syn flag or ports).  If the
         * rule is also a fragment-specific rule, non-fragments won't
         * match it. */
-        mtpar.hotdrop = &hotdrop;
+        acpar.hotdrop = &hotdrop;
-        mtpar.in      = tgpar.in  = in;
+        acpar.in      = in;
-        mtpar.out     = tgpar.out = out;
+        acpar.out     = out;
-        mtpar.family  = tgpar.family = NFPROTO_IPV6;
+        acpar.family  = NFPROTO_IPV6;
-        mtpar.hooknum = tgpar.hooknum = hook;
+        acpar.hooknum = hook;
        IP_NF_ASSERT(table->valid_hooks & (1 << hook));
@@ -381,16 +380,16 @@ ip6t_do_table(struct sk_buff *skb,
                IP_NF_ASSERT(e);
                if (!ip6_packet_match(skb, indev, outdev, &e->ipv6,
-                    &mtpar.thoff, &mtpar.fragoff, &hotdrop)) {
+                    &acpar.thoff, &acpar.fragoff, &hotdrop)) {
 no_match:
                        e = ip6t_next_entry(e);
                        continue;
                }
                xt_ematch_foreach(ematch, e) {
-                        mtpar.match     = ematch->u.kernel.match;
+                        acpar.match     = ematch->u.kernel.match;
-                        mtpar.matchinfo = ematch->data;
+                        acpar.matchinfo = ematch->data;
-                        if (!mtpar.match->match(skb, &mtpar))
+                        if (!acpar.match->match(skb, &acpar))
                                goto no_match;
                }
@@ -439,10 +438,10 @@ ip6t_do_table(struct sk_buff *skb,
                        continue;
                }
-                tgpar.target   = t->u.kernel.target;
+                acpar.target   = t->u.kernel.target;
-                tgpar.targinfo = t->data;
+                acpar.targinfo = t->data;
-                verdict = t->u.kernel.target->target(skb, &tgpar);
+                verdict = t->u.kernel.target->target(skb, &acpar);
                if (verdict == IP6T_CONTINUE)
                        e = ip6t_next_entry(e);
                else
author	Jan Engelhardt <jengelh@medozas.de>	2009-07-05 12:26:37 -0400
committer	Jan Engelhardt <jengelh@medozas.de>	2010-05-11 12:23:43 -0400
commit	de74c16996287250f0d947663127f80c6beebd3c (patch)
tree	c7e77e254c5812c8561516dd668eaec732a89a0d /net/ipv6/netfilter
parent	ef53d702c3614fb919e8a8291033e3dbccfd1aea (diff)