diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2009-06-13 00:57:10 -0400 |
---|---|---|
committer | Jan Engelhardt <jengelh@medozas.de> | 2010-02-10 11:03:53 -0500 |
commit | 2b21e051472fdb4680076278b2ccf63ebc1cc3bc (patch) | |
tree | 284c85824fcc2de0016451be071f4dd2b377e9cb | |
parent | 737535c5cf3524e4bfaa91e22edefd52eccabbce (diff) |
netfilter: xtables: compact table hook functions (2/2)
The calls to ip6t_do_table only show minimal differences, so it seems
like a good cleanup to merge them to a single one too.
Space saving obtained by both patches: 6807725->6807373
("Total" column from `size -A`.)
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-rw-r--r-- | net/ipv4/netfilter/arptable_filter.c | 8 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_filter.c | 21 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_raw.c | 19 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_security.c | 23 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_filter.c | 8 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_raw.c | 8 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_security.c | 8 |
7 files changed, 36 insertions, 59 deletions
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c index e9d823b149cd..deeda9b2cf05 100644 --- a/net/ipv4/netfilter/arptable_filter.c +++ b/net/ipv4/netfilter/arptable_filter.c | |||
@@ -58,13 +58,9 @@ arptable_filter_hook(unsigned int hook, struct sk_buff *skb, | |||
58 | const struct net_device *in, const struct net_device *out, | 58 | const struct net_device *in, const struct net_device *out, |
59 | int (*okfn)(struct sk_buff *)) | 59 | int (*okfn)(struct sk_buff *)) |
60 | { | 60 | { |
61 | if (hook == NF_ARP_OUT) | 61 | const struct net *net = dev_net((in != NULL) ? in : out); |
62 | return arpt_do_table(skb, hook, in, out, | ||
63 | dev_net(out)->ipv4.arptable_filter); | ||
64 | 62 | ||
65 | /* INPUT/FORWARD: */ | 63 | return arpt_do_table(skb, hook, in, out, net->ipv4.arptable_filter); |
66 | return arpt_do_table(skb, hook, in, out, | ||
67 | dev_net(in)->ipv4.arptable_filter); | ||
68 | } | 64 | } |
69 | 65 | ||
70 | static struct nf_hook_ops arpt_ops[] __read_mostly = { | 66 | static struct nf_hook_ops arpt_ops[] __read_mostly = { |
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index 5369833ad56a..1bfeaae6f624 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c | |||
@@ -65,19 +65,16 @@ iptable_filter_hook(unsigned int hook, struct sk_buff *skb, | |||
65 | const struct net_device *in, const struct net_device *out, | 65 | const struct net_device *in, const struct net_device *out, |
66 | int (*okfn)(struct sk_buff *)) | 66 | int (*okfn)(struct sk_buff *)) |
67 | { | 67 | { |
68 | if (hook == NF_INET_LOCAL_OUT) { | 68 | const struct net *net; |
69 | if (skb->len < sizeof(struct iphdr) || | 69 | |
70 | ip_hdrlen(skb) < sizeof(struct iphdr)) | 70 | if (hook == NF_INET_LOCAL_OUT && |
71 | /* root is playing with raw sockets. */ | 71 | (skb->len < sizeof(struct iphdr) || |
72 | return NF_ACCEPT; | 72 | ip_hdrlen(skb) < sizeof(struct iphdr))) |
73 | 73 | /* root is playing with raw sockets. */ | |
74 | return ipt_do_table(skb, hook, in, out, | 74 | return NF_ACCEPT; |
75 | dev_net(out)->ipv4.iptable_filter); | ||
76 | } | ||
77 | 75 | ||
78 | /* LOCAL_IN/FORWARD: */ | 76 | net = dev_net((in != NULL) ? in : out); |
79 | return ipt_do_table(skb, hook, in, out, | 77 | return ipt_do_table(skb, hook, in, out, net->ipv4.iptable_filter); |
80 | dev_net(in)->ipv4.iptable_filter); | ||
81 | } | 78 | } |
82 | 79 | ||
83 | static struct nf_hook_ops ipt_ops[] __read_mostly = { | 80 | static struct nf_hook_ops ipt_ops[] __read_mostly = { |
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c index 2c55575e89f5..d16e43777c31 100644 --- a/net/ipv4/netfilter/iptable_raw.c +++ b/net/ipv4/netfilter/iptable_raw.c | |||
@@ -49,17 +49,16 @@ iptable_raw_hook(unsigned int hook, struct sk_buff *skb, | |||
49 | const struct net_device *in, const struct net_device *out, | 49 | const struct net_device *in, const struct net_device *out, |
50 | int (*okfn)(struct sk_buff *)) | 50 | int (*okfn)(struct sk_buff *)) |
51 | { | 51 | { |
52 | if (hook == NF_INET_PRE_ROUTING) | 52 | const struct net *net; |
53 | return ipt_do_table(skb, hook, in, out, | 53 | |
54 | dev_net(in)->ipv4.iptable_raw); | 54 | if (hook == NF_INET_LOCAL_OUT && |
55 | 55 | (skb->len < sizeof(struct iphdr) || | |
56 | /* OUTPUT: */ | 56 | ip_hdrlen(skb) < sizeof(struct iphdr))) |
57 | /* root is playing with raw sockets. */ | 57 | /* root is playing with raw sockets. */ |
58 | if (skb->len < sizeof(struct iphdr) || | ||
59 | ip_hdrlen(skb) < sizeof(struct iphdr)) | ||
60 | return NF_ACCEPT; | 58 | return NF_ACCEPT; |
61 | return ipt_do_table(skb, hook, in, out, | 59 | |
62 | dev_net(out)->ipv4.iptable_raw); | 60 | net = dev_net((in != NULL) ? in : out); |
61 | return ipt_do_table(skb, hook, in, out, net->ipv4.iptable_raw); | ||
63 | } | 62 | } |
64 | 63 | ||
65 | /* 'raw' is the very first table. */ | 64 | /* 'raw' is the very first table. */ |
diff --git a/net/ipv4/netfilter/iptable_security.c b/net/ipv4/netfilter/iptable_security.c index 1c666bab3269..324505aaaa73 100644 --- a/net/ipv4/netfilter/iptable_security.c +++ b/net/ipv4/netfilter/iptable_security.c | |||
@@ -70,19 +70,16 @@ iptable_security_hook(unsigned int hook, struct sk_buff *skb, | |||
70 | const struct net_device *out, | 70 | const struct net_device *out, |
71 | int (*okfn)(struct sk_buff *)) | 71 | int (*okfn)(struct sk_buff *)) |
72 | { | 72 | { |
73 | if (hook == NF_INET_LOCAL_OUT) { | 73 | const struct net *net; |
74 | if (skb->len < sizeof(struct iphdr) || | 74 | |
75 | ip_hdrlen(skb) < sizeof(struct iphdr)) | 75 | if (hook == NF_INET_LOCAL_OUT && |
76 | /* Somebody is playing with raw sockets. */ | 76 | (skb->len < sizeof(struct iphdr) || |
77 | return NF_ACCEPT; | 77 | ip_hdrlen(skb) < sizeof(struct iphdr))) |
78 | 78 | /* Somebody is playing with raw sockets. */ | |
79 | return ipt_do_table(skb, hook, in, out, | 79 | return NF_ACCEPT; |
80 | dev_net(out)->ipv4.iptable_security); | 80 | |
81 | } | 81 | net = dev_net((in != NULL) ? in : out); |
82 | 82 | return ipt_do_table(skb, hook, in, out, net->ipv4.iptable_security); | |
83 | /* INPUT/FORWARD: */ | ||
84 | return ipt_do_table(skb, hook, in, out, | ||
85 | dev_net(in)->ipv4.iptable_security); | ||
86 | } | 83 | } |
87 | 84 | ||
88 | static struct nf_hook_ops ipt_ops[] __read_mostly = { | 85 | static struct nf_hook_ops ipt_ops[] __read_mostly = { |
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index 38074e933f67..866f34ae236b 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c | |||
@@ -64,13 +64,9 @@ ip6table_filter_hook(unsigned int hook, struct sk_buff *skb, | |||
64 | const struct net_device *in, const struct net_device *out, | 64 | const struct net_device *in, const struct net_device *out, |
65 | int (*okfn)(struct sk_buff *)) | 65 | int (*okfn)(struct sk_buff *)) |
66 | { | 66 | { |
67 | if (hook == NF_INET_LOCAL_OUT) | 67 | const struct net *net = dev_net((in != NULL) ? in : out); |
68 | return ip6t_do_table(skb, hook, in, out, | ||
69 | dev_net(out)->ipv6.ip6table_filter); | ||
70 | 68 | ||
71 | /* INPUT/FORWARD: */ | 69 | return ip6t_do_table(skb, hook, in, out, net->ipv6.ip6table_filter); |
72 | return ip6t_do_table(skb, hook, in, out, | ||
73 | dev_net(in)->ipv6.ip6table_filter); | ||
74 | } | 70 | } |
75 | 71 | ||
76 | static struct nf_hook_ops ip6t_ops[] __read_mostly = { | 72 | static struct nf_hook_ops ip6t_ops[] __read_mostly = { |
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index 985e27cf1e0c..5451a36fbc21 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c | |||
@@ -48,13 +48,9 @@ ip6table_raw_hook(unsigned int hook, struct sk_buff *skb, | |||
48 | const struct net_device *in, const struct net_device *out, | 48 | const struct net_device *in, const struct net_device *out, |
49 | int (*okfn)(struct sk_buff *)) | 49 | int (*okfn)(struct sk_buff *)) |
50 | { | 50 | { |
51 | if (hook == NF_INET_PRE_ROUTING) | 51 | const struct net *net = dev_net((in != NULL) ? in : out); |
52 | return ip6t_do_table(skb, hook, in, out, | ||
53 | dev_net(in)->ipv6.ip6table_raw); | ||
54 | 52 | ||
55 | /* OUTPUT: */ | 53 | return ip6t_do_table(skb, hook, in, out, net->ipv6.ip6table_raw); |
56 | return ip6t_do_table(skb, hook, in, out, | ||
57 | dev_net(out)->ipv6.ip6table_raw); | ||
58 | } | 54 | } |
59 | 55 | ||
60 | static struct nf_hook_ops ip6t_ops[] __read_mostly = { | 56 | static struct nf_hook_ops ip6t_ops[] __read_mostly = { |
diff --git a/net/ipv6/netfilter/ip6table_security.c b/net/ipv6/netfilter/ip6table_security.c index 835858929358..841ea77f5218 100644 --- a/net/ipv6/netfilter/ip6table_security.c +++ b/net/ipv6/netfilter/ip6table_security.c | |||
@@ -69,13 +69,9 @@ ip6table_security_hook(unsigned int hook, struct sk_buff *skb, | |||
69 | const struct net_device *out, | 69 | const struct net_device *out, |
70 | int (*okfn)(struct sk_buff *)) | 70 | int (*okfn)(struct sk_buff *)) |
71 | { | 71 | { |
72 | if (hook == NF_INET_LOCAL_OUT) | 72 | const struct net *net = dev_net((in != NULL) ? in : out); |
73 | return ip6t_do_table(skb, hook, in, out, | ||
74 | dev_net(out)->ipv6.ip6table_security); | ||
75 | 73 | ||
76 | /* INPUT/FORWARD: */ | 74 | return ip6t_do_table(skb, hook, in, out, net->ipv6.ip6table_security); |
77 | return ip6t_do_table(skb, hook, in, out, | ||
78 | dev_net(in)->ipv6.ip6table_security); | ||
79 | } | 75 | } |
80 | 76 | ||
81 | static struct nf_hook_ops ip6t_ops[] __read_mostly = { | 77 | static struct nf_hook_ops ip6t_ops[] __read_mostly = { |