aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2009-07-09 13:14:18 -0400
committerJan Engelhardt <jengelh@medozas.de>2010-05-02 08:13:03 -0400
commitef53d702c3614fb919e8a8291033e3dbccfd1aea (patch)
treed237976bdef0ab6a863e3a3b82d13d6c302b6178
parentc29c949288d343be0d5c4f3091bc87ac047e1a09 (diff)
netfilter: xtables: dissolve do_match function
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-rw-r--r--net/ipv4/netfilter/ip_tables.c22
-rw-r--r--net/ipv6/netfilter/ip6_tables.c22
2 files changed, 10 insertions, 34 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index f92818f76671..265cedf88660 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -173,21 +173,6 @@ ipt_error(struct sk_buff *skb, const struct xt_target_param *par)
173 return NF_DROP; 173 return NF_DROP;
174} 174}
175 175
176/* Performance critical - called for every packet */
177static inline bool
178do_match(const struct ipt_entry_match *m, const struct sk_buff *skb,
179 struct xt_match_param *par)
180{
181 par->match = m->u.kernel.match;
182 par->matchinfo = m->data;
183
184 /* Stop iteration if it doesn't match */
185 if (!m->u.kernel.match->match(skb, par))
186 return true;
187 else
188 return false;
189}
190
191/* Performance critical */ 176/* Performance critical */
192static inline struct ipt_entry * 177static inline struct ipt_entry *
193get_entry(const void *base, unsigned int offset) 178get_entry(const void *base, unsigned int offset)
@@ -379,9 +364,12 @@ ipt_do_table(struct sk_buff *skb,
379 continue; 364 continue;
380 } 365 }
381 366
382 xt_ematch_foreach(ematch, e) 367 xt_ematch_foreach(ematch, e) {
383 if (do_match(ematch, skb, &mtpar) != 0) 368 mtpar.match = ematch->u.kernel.match;
369 mtpar.matchinfo = ematch->data;
370 if (!mtpar.match->match(skb, &mtpar))
384 goto no_match; 371 goto no_match;
372 }
385 373
386 ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1); 374 ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1);
387 375
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 7afa11773164..f8ac4a0b5899 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -205,21 +205,6 @@ ip6t_error(struct sk_buff *skb, const struct xt_target_param *par)
205 return NF_DROP; 205 return NF_DROP;
206} 206}
207 207
208/* Performance critical - called for every packet */
209static inline bool
210do_match(const struct ip6t_entry_match *m, const struct sk_buff *skb,
211 struct xt_match_param *par)
212{
213 par->match = m->u.kernel.match;
214 par->matchinfo = m->data;
215
216 /* Stop iteration if it doesn't match */
217 if (!m->u.kernel.match->match(skb, par))
218 return true;
219 else
220 return false;
221}
222
223static inline struct ip6t_entry * 208static inline struct ip6t_entry *
224get_entry(const void *base, unsigned int offset) 209get_entry(const void *base, unsigned int offset)
225{ 210{
@@ -402,9 +387,12 @@ ip6t_do_table(struct sk_buff *skb,
402 continue; 387 continue;
403 } 388 }
404 389
405 xt_ematch_foreach(ematch, e) 390 xt_ematch_foreach(ematch, e) {
406 if (do_match(ematch, skb, &mtpar) != 0) 391 mtpar.match = ematch->u.kernel.match;
392 mtpar.matchinfo = ematch->data;
393 if (!mtpar.match->match(skb, &mtpar))
407 goto no_match; 394 goto no_match;
395 }
408 396
409 ADD_COUNTER(e->counters, 397 ADD_COUNTER(e->counters,
410 ntohs(ipv6_hdr(skb)->payload_len) + 398 ntohs(ipv6_hdr(skb)->payload_len) +