aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2009-06-13 00:57:10 -0400
committerJan Engelhardt <jengelh@medozas.de>2010-02-10 11:03:53 -0500
commit2b21e051472fdb4680076278b2ccf63ebc1cc3bc (patch)
tree284c85824fcc2de0016451be071f4dd2b377e9cb
parent737535c5cf3524e4bfaa91e22edefd52eccabbce (diff)
netfilter: xtables: compact table hook functions (2/2)
The calls to ip6t_do_table only show minimal differences, so it seems like a good cleanup to merge them to a single one too. Space saving obtained by both patches: 6807725->6807373 ("Total" column from `size -A`.) Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-rw-r--r--net/ipv4/netfilter/arptable_filter.c8
-rw-r--r--net/ipv4/netfilter/iptable_filter.c21
-rw-r--r--net/ipv4/netfilter/iptable_raw.c19
-rw-r--r--net/ipv4/netfilter/iptable_security.c23
-rw-r--r--net/ipv6/netfilter/ip6table_filter.c8
-rw-r--r--net/ipv6/netfilter/ip6table_raw.c8
-rw-r--r--net/ipv6/netfilter/ip6table_security.c8
7 files changed, 36 insertions, 59 deletions
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c
index e9d823b149cd..deeda9b2cf05 100644
--- a/net/ipv4/netfilter/arptable_filter.c
+++ b/net/ipv4/netfilter/arptable_filter.c
@@ -58,13 +58,9 @@ arptable_filter_hook(unsigned int hook, struct sk_buff *skb,
58 const struct net_device *in, const struct net_device *out, 58 const struct net_device *in, const struct net_device *out,
59 int (*okfn)(struct sk_buff *)) 59 int (*okfn)(struct sk_buff *))
60{ 60{
61 if (hook == NF_ARP_OUT) 61 const struct net *net = dev_net((in != NULL) ? in : out);
62 return arpt_do_table(skb, hook, in, out,
63 dev_net(out)->ipv4.arptable_filter);
64 62
65 /* INPUT/FORWARD: */ 63 return arpt_do_table(skb, hook, in, out, net->ipv4.arptable_filter);
66 return arpt_do_table(skb, hook, in, out,
67 dev_net(in)->ipv4.arptable_filter);
68} 64}
69 65
70static struct nf_hook_ops arpt_ops[] __read_mostly = { 66static struct nf_hook_ops arpt_ops[] __read_mostly = {
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index 5369833ad56a..1bfeaae6f624 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -65,19 +65,16 @@ iptable_filter_hook(unsigned int hook, struct sk_buff *skb,
65 const struct net_device *in, const struct net_device *out, 65 const struct net_device *in, const struct net_device *out,
66 int (*okfn)(struct sk_buff *)) 66 int (*okfn)(struct sk_buff *))
67{ 67{
68 if (hook == NF_INET_LOCAL_OUT) { 68 const struct net *net;
69 if (skb->len < sizeof(struct iphdr) || 69
70 ip_hdrlen(skb) < sizeof(struct iphdr)) 70 if (hook == NF_INET_LOCAL_OUT &&
71 /* root is playing with raw sockets. */ 71 (skb->len < sizeof(struct iphdr) ||
72 return NF_ACCEPT; 72 ip_hdrlen(skb) < sizeof(struct iphdr)))
73 73 /* root is playing with raw sockets. */
74 return ipt_do_table(skb, hook, in, out, 74 return NF_ACCEPT;
75 dev_net(out)->ipv4.iptable_filter);
76 }
77 75
78 /* LOCAL_IN/FORWARD: */ 76 net = dev_net((in != NULL) ? in : out);
79 return ipt_do_table(skb, hook, in, out, 77 return ipt_do_table(skb, hook, in, out, net->ipv4.iptable_filter);
80 dev_net(in)->ipv4.iptable_filter);
81} 78}
82 79
83static struct nf_hook_ops ipt_ops[] __read_mostly = { 80static struct nf_hook_ops ipt_ops[] __read_mostly = {
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c
index 2c55575e89f5..d16e43777c31 100644
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -49,17 +49,16 @@ iptable_raw_hook(unsigned int hook, struct sk_buff *skb,
49 const struct net_device *in, const struct net_device *out, 49 const struct net_device *in, const struct net_device *out,
50 int (*okfn)(struct sk_buff *)) 50 int (*okfn)(struct sk_buff *))
51{ 51{
52 if (hook == NF_INET_PRE_ROUTING) 52 const struct net *net;
53 return ipt_do_table(skb, hook, in, out, 53
54 dev_net(in)->ipv4.iptable_raw); 54 if (hook == NF_INET_LOCAL_OUT &&
55 55 (skb->len < sizeof(struct iphdr) ||
56 /* OUTPUT: */ 56 ip_hdrlen(skb) < sizeof(struct iphdr)))
57 /* root is playing with raw sockets. */ 57 /* root is playing with raw sockets. */
58 if (skb->len < sizeof(struct iphdr) ||
59 ip_hdrlen(skb) < sizeof(struct iphdr))
60 return NF_ACCEPT; 58 return NF_ACCEPT;
61 return ipt_do_table(skb, hook, in, out, 59
62 dev_net(out)->ipv4.iptable_raw); 60 net = dev_net((in != NULL) ? in : out);
61 return ipt_do_table(skb, hook, in, out, net->ipv4.iptable_raw);
63} 62}
64 63
65/* 'raw' is the very first table. */ 64/* 'raw' is the very first table. */
diff --git a/net/ipv4/netfilter/iptable_security.c b/net/ipv4/netfilter/iptable_security.c
index 1c666bab3269..324505aaaa73 100644
--- a/net/ipv4/netfilter/iptable_security.c
+++ b/net/ipv4/netfilter/iptable_security.c
@@ -70,19 +70,16 @@ iptable_security_hook(unsigned int hook, struct sk_buff *skb,
70 const struct net_device *out, 70 const struct net_device *out,
71 int (*okfn)(struct sk_buff *)) 71 int (*okfn)(struct sk_buff *))
72{ 72{
73 if (hook == NF_INET_LOCAL_OUT) { 73 const struct net *net;
74 if (skb->len < sizeof(struct iphdr) || 74
75 ip_hdrlen(skb) < sizeof(struct iphdr)) 75 if (hook == NF_INET_LOCAL_OUT &&
76 /* Somebody is playing with raw sockets. */ 76 (skb->len < sizeof(struct iphdr) ||
77 return NF_ACCEPT; 77 ip_hdrlen(skb) < sizeof(struct iphdr)))
78 78 /* Somebody is playing with raw sockets. */
79 return ipt_do_table(skb, hook, in, out, 79 return NF_ACCEPT;
80 dev_net(out)->ipv4.iptable_security); 80
81 } 81 net = dev_net((in != NULL) ? in : out);
82 82 return ipt_do_table(skb, hook, in, out, net->ipv4.iptable_security);
83 /* INPUT/FORWARD: */
84 return ipt_do_table(skb, hook, in, out,
85 dev_net(in)->ipv4.iptable_security);
86} 83}
87 84
88static struct nf_hook_ops ipt_ops[] __read_mostly = { 85static struct nf_hook_ops ipt_ops[] __read_mostly = {
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c
index 38074e933f67..866f34ae236b 100644
--- a/net/ipv6/netfilter/ip6table_filter.c
+++ b/net/ipv6/netfilter/ip6table_filter.c
@@ -64,13 +64,9 @@ ip6table_filter_hook(unsigned int hook, struct sk_buff *skb,
64 const struct net_device *in, const struct net_device *out, 64 const struct net_device *in, const struct net_device *out,
65 int (*okfn)(struct sk_buff *)) 65 int (*okfn)(struct sk_buff *))
66{ 66{
67 if (hook == NF_INET_LOCAL_OUT) 67 const struct net *net = dev_net((in != NULL) ? in : out);
68 return ip6t_do_table(skb, hook, in, out,
69 dev_net(out)->ipv6.ip6table_filter);
70 68
71 /* INPUT/FORWARD: */ 69 return ip6t_do_table(skb, hook, in, out, net->ipv6.ip6table_filter);
72 return ip6t_do_table(skb, hook, in, out,
73 dev_net(in)->ipv6.ip6table_filter);
74} 70}
75 71
76static struct nf_hook_ops ip6t_ops[] __read_mostly = { 72static struct nf_hook_ops ip6t_ops[] __read_mostly = {
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c
index 985e27cf1e0c..5451a36fbc21 100644
--- a/net/ipv6/netfilter/ip6table_raw.c
+++ b/net/ipv6/netfilter/ip6table_raw.c
@@ -48,13 +48,9 @@ ip6table_raw_hook(unsigned int hook, struct sk_buff *skb,
48 const struct net_device *in, const struct net_device *out, 48 const struct net_device *in, const struct net_device *out,
49 int (*okfn)(struct sk_buff *)) 49 int (*okfn)(struct sk_buff *))
50{ 50{
51 if (hook == NF_INET_PRE_ROUTING) 51 const struct net *net = dev_net((in != NULL) ? in : out);
52 return ip6t_do_table(skb, hook, in, out,
53 dev_net(in)->ipv6.ip6table_raw);
54 52
55 /* OUTPUT: */ 53 return ip6t_do_table(skb, hook, in, out, net->ipv6.ip6table_raw);
56 return ip6t_do_table(skb, hook, in, out,
57 dev_net(out)->ipv6.ip6table_raw);
58} 54}
59 55
60static struct nf_hook_ops ip6t_ops[] __read_mostly = { 56static struct nf_hook_ops ip6t_ops[] __read_mostly = {
diff --git a/net/ipv6/netfilter/ip6table_security.c b/net/ipv6/netfilter/ip6table_security.c
index 835858929358..841ea77f5218 100644
--- a/net/ipv6/netfilter/ip6table_security.c
+++ b/net/ipv6/netfilter/ip6table_security.c
@@ -69,13 +69,9 @@ ip6table_security_hook(unsigned int hook, struct sk_buff *skb,
69 const struct net_device *out, 69 const struct net_device *out,
70 int (*okfn)(struct sk_buff *)) 70 int (*okfn)(struct sk_buff *))
71{ 71{
72 if (hook == NF_INET_LOCAL_OUT) 72 const struct net *net = dev_net((in != NULL) ? in : out);
73 return ip6t_do_table(skb, hook, in, out,
74 dev_net(out)->ipv6.ip6table_security);
75 73
76 /* INPUT/FORWARD: */ 74 return ip6t_do_table(skb, hook, in, out, net->ipv6.ip6table_security);
77 return ip6t_do_table(skb, hook, in, out,
78 dev_net(in)->ipv6.ip6table_security);
79} 75}
80 76
81static struct nf_hook_ops ip6t_ops[] __read_mostly = { 77static struct nf_hook_ops ip6t_ops[] __read_mostly = {