diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2009-04-15 15:06:05 -0400 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@medozas.de> | 2009-05-08 04:30:48 -0400 |
| commit | 98e86403162d08a30b03426c54c2a8fca1f695d1 (patch) | |
| tree | 0b610ebf8ce2978a9de090435607617f545252ae | |
| parent | 4f2f6f236af484ada595ff37d0ee1902aa56221f (diff) | |
netfilter: xtables: consolidate open-coded logic
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| -rw-r--r-- | net/bridge/netfilter/ebtables.c | 16 | ||||
| -rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 14 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 14 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 14 |
4 files changed, 40 insertions, 18 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 820252aee81f..24555834d431 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
| @@ -142,6 +142,12 @@ static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, | |||
| 142 | return 0; | 142 | return 0; |
| 143 | } | 143 | } |
| 144 | 144 | ||
| 145 | static inline __pure | ||
| 146 | struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry) | ||
| 147 | { | ||
| 148 | return (void *)entry + entry->next_offset; | ||
| 149 | } | ||
| 150 | |||
| 145 | /* Do some firewalling */ | 151 | /* Do some firewalling */ |
| 146 | unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, | 152 | unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, |
| 147 | const struct net_device *in, const struct net_device *out, | 153 | const struct net_device *in, const struct net_device *out, |
| @@ -249,8 +255,7 @@ letsreturn: | |||
| 249 | /* jump to a udc */ | 255 | /* jump to a udc */ |
| 250 | cs[sp].n = i + 1; | 256 | cs[sp].n = i + 1; |
| 251 | cs[sp].chaininfo = chaininfo; | 257 | cs[sp].chaininfo = chaininfo; |
| 252 | cs[sp].e = (struct ebt_entry *) | 258 | cs[sp].e = ebt_next_entry(point); |
| 253 | (((char *)point) + point->next_offset); | ||
| 254 | i = 0; | 259 | i = 0; |
| 255 | chaininfo = (struct ebt_entries *) (base + verdict); | 260 | chaininfo = (struct ebt_entries *) (base + verdict); |
| 256 | #ifdef CONFIG_NETFILTER_DEBUG | 261 | #ifdef CONFIG_NETFILTER_DEBUG |
| @@ -266,8 +271,7 @@ letsreturn: | |||
| 266 | sp++; | 271 | sp++; |
| 267 | continue; | 272 | continue; |
| 268 | letscontinue: | 273 | letscontinue: |
| 269 | point = (struct ebt_entry *) | 274 | point = ebt_next_entry(point); |
| 270 | (((char *)point) + point->next_offset); | ||
| 271 | i++; | 275 | i++; |
| 272 | } | 276 | } |
| 273 | 277 | ||
| @@ -787,7 +791,7 @@ static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s | |||
| 787 | /* this can't be 0, so the loop test is correct */ | 791 | /* this can't be 0, so the loop test is correct */ |
| 788 | cl_s[i].cs.n = pos + 1; | 792 | cl_s[i].cs.n = pos + 1; |
| 789 | pos = 0; | 793 | pos = 0; |
| 790 | cl_s[i].cs.e = ((void *)e + e->next_offset); | 794 | cl_s[i].cs.e = ebt_next_entry(e); |
| 791 | e = (struct ebt_entry *)(hlp2->data); | 795 | e = (struct ebt_entry *)(hlp2->data); |
| 792 | nentries = hlp2->nentries; | 796 | nentries = hlp2->nentries; |
| 793 | cl_s[i].from = chain_nr; | 797 | cl_s[i].from = chain_nr; |
| @@ -797,7 +801,7 @@ static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s | |||
| 797 | continue; | 801 | continue; |
| 798 | } | 802 | } |
| 799 | letscontinue: | 803 | letscontinue: |
| 800 | e = (void *)e + e->next_offset; | 804 | e = ebt_next_entry(e); |
| 801 | pos++; | 805 | pos++; |
| 802 | } | 806 | } |
| 803 | return 0; | 807 | return 0; |
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 831fe1879dc0..940e54ba21b3 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
| @@ -231,6 +231,12 @@ static inline struct arpt_entry *get_entry(void *base, unsigned int offset) | |||
| 231 | return (struct arpt_entry *)(base + offset); | 231 | return (struct arpt_entry *)(base + offset); |
| 232 | } | 232 | } |
| 233 | 233 | ||
| 234 | static inline __pure | ||
| 235 | struct arpt_entry *arpt_next_entry(const struct arpt_entry *entry) | ||
| 236 | { | ||
| 237 | return (void *)entry + entry->next_offset; | ||
| 238 | } | ||
| 239 | |||
| 234 | unsigned int arpt_do_table(struct sk_buff *skb, | 240 | unsigned int arpt_do_table(struct sk_buff *skb, |
| 235 | unsigned int hook, | 241 | unsigned int hook, |
| 236 | const struct net_device *in, | 242 | const struct net_device *in, |
| @@ -295,10 +301,10 @@ unsigned int arpt_do_table(struct sk_buff *skb, | |||
| 295 | continue; | 301 | continue; |
| 296 | } | 302 | } |
| 297 | if (table_base + v | 303 | if (table_base + v |
| 298 | != (void *)e + e->next_offset) { | 304 | != arpt_next_entry(e)) { |
| 299 | /* Save old back ptr in next entry */ | 305 | /* Save old back ptr in next entry */ |
| 300 | struct arpt_entry *next | 306 | struct arpt_entry *next |
| 301 | = (void *)e + e->next_offset; | 307 | = arpt_next_entry(e); |
| 302 | next->comefrom = | 308 | next->comefrom = |
| 303 | (void *)back - table_base; | 309 | (void *)back - table_base; |
| 304 | 310 | ||
| @@ -320,13 +326,13 @@ unsigned int arpt_do_table(struct sk_buff *skb, | |||
| 320 | arp = arp_hdr(skb); | 326 | arp = arp_hdr(skb); |
| 321 | 327 | ||
| 322 | if (verdict == ARPT_CONTINUE) | 328 | if (verdict == ARPT_CONTINUE) |
| 323 | e = (void *)e + e->next_offset; | 329 | e = arpt_next_entry(e); |
| 324 | else | 330 | else |
| 325 | /* Verdict */ | 331 | /* Verdict */ |
| 326 | break; | 332 | break; |
| 327 | } | 333 | } |
| 328 | } else { | 334 | } else { |
| 329 | e = (void *)e + e->next_offset; | 335 | e = arpt_next_entry(e); |
| 330 | } | 336 | } |
| 331 | } while (!hotdrop); | 337 | } while (!hotdrop); |
| 332 | xt_info_rdunlock_bh(); | 338 | xt_info_rdunlock_bh(); |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 16b7c09c0366..7ec4e4092755 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -297,6 +297,12 @@ static void trace_packet(struct sk_buff *skb, | |||
| 297 | } | 297 | } |
| 298 | #endif | 298 | #endif |
| 299 | 299 | ||
| 300 | static inline __pure | ||
| 301 | struct ipt_entry *ipt_next_entry(const struct ipt_entry *entry) | ||
| 302 | { | ||
| 303 | return (void *)entry + entry->next_offset; | ||
| 304 | } | ||
| 305 | |||
| 300 | /* Returns one of the generic firewall policies, like NF_ACCEPT. */ | 306 | /* Returns one of the generic firewall policies, like NF_ACCEPT. */ |
| 301 | unsigned int | 307 | unsigned int |
| 302 | ipt_do_table(struct sk_buff *skb, | 308 | ipt_do_table(struct sk_buff *skb, |
| @@ -385,11 +391,11 @@ ipt_do_table(struct sk_buff *skb, | |||
| 385 | back->comefrom); | 391 | back->comefrom); |
| 386 | continue; | 392 | continue; |
| 387 | } | 393 | } |
| 388 | if (table_base + v != (void *)e + e->next_offset | 394 | if (table_base + v != ipt_next_entry(e) |
| 389 | && !(e->ip.flags & IPT_F_GOTO)) { | 395 | && !(e->ip.flags & IPT_F_GOTO)) { |
| 390 | /* Save old back ptr in next entry */ | 396 | /* Save old back ptr in next entry */ |
| 391 | struct ipt_entry *next | 397 | struct ipt_entry *next |
| 392 | = (void *)e + e->next_offset; | 398 | = ipt_next_entry(e); |
| 393 | next->comefrom | 399 | next->comefrom |
| 394 | = (void *)back - table_base; | 400 | = (void *)back - table_base; |
| 395 | /* set back pointer to next entry */ | 401 | /* set back pointer to next entry */ |
| @@ -424,7 +430,7 @@ ipt_do_table(struct sk_buff *skb, | |||
| 424 | datalen = skb->len - ip->ihl * 4; | 430 | datalen = skb->len - ip->ihl * 4; |
| 425 | 431 | ||
| 426 | if (verdict == IPT_CONTINUE) | 432 | if (verdict == IPT_CONTINUE) |
| 427 | e = (void *)e + e->next_offset; | 433 | e = ipt_next_entry(e); |
| 428 | else | 434 | else |
| 429 | /* Verdict */ | 435 | /* Verdict */ |
| 430 | break; | 436 | break; |
| @@ -432,7 +438,7 @@ ipt_do_table(struct sk_buff *skb, | |||
| 432 | } else { | 438 | } else { |
| 433 | 439 | ||
| 434 | no_match: | 440 | no_match: |
| 435 | e = (void *)e + e->next_offset; | 441 | e = ipt_next_entry(e); |
| 436 | } | 442 | } |
| 437 | } while (!hotdrop); | 443 | } while (!hotdrop); |
| 438 | xt_info_rdunlock_bh(); | 444 | xt_info_rdunlock_bh(); |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 4853a3d542b7..9176e98ace7a 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -329,6 +329,12 @@ static void trace_packet(struct sk_buff *skb, | |||
| 329 | } | 329 | } |
| 330 | #endif | 330 | #endif |
| 331 | 331 | ||
| 332 | static inline __pure struct ip6t_entry * | ||
| 333 | ip6t_next_entry(const struct ip6t_entry *entry) | ||
| 334 | { | ||
| 335 | return (void *)entry + entry->next_offset; | ||
| 336 | } | ||
| 337 | |||
| 332 | /* Returns one of the generic firewall policies, like NF_ACCEPT. */ | 338 | /* Returns one of the generic firewall policies, like NF_ACCEPT. */ |
| 333 | unsigned int | 339 | unsigned int |
| 334 | ip6t_do_table(struct sk_buff *skb, | 340 | ip6t_do_table(struct sk_buff *skb, |
| @@ -414,11 +420,11 @@ ip6t_do_table(struct sk_buff *skb, | |||
| 414 | back->comefrom); | 420 | back->comefrom); |
| 415 | continue; | 421 | continue; |
| 416 | } | 422 | } |
| 417 | if (table_base + v != (void *)e + e->next_offset | 423 | if (table_base + v != ip6t_next_entry(e) |
| 418 | && !(e->ipv6.flags & IP6T_F_GOTO)) { | 424 | && !(e->ipv6.flags & IP6T_F_GOTO)) { |
| 419 | /* Save old back ptr in next entry */ | 425 | /* Save old back ptr in next entry */ |
| 420 | struct ip6t_entry *next | 426 | struct ip6t_entry *next |
| 421 | = (void *)e + e->next_offset; | 427 | = ip6t_next_entry(e); |
| 422 | next->comefrom | 428 | next->comefrom |
| 423 | = (void *)back - table_base; | 429 | = (void *)back - table_base; |
| 424 | /* set back pointer to next entry */ | 430 | /* set back pointer to next entry */ |
| @@ -451,7 +457,7 @@ ip6t_do_table(struct sk_buff *skb, | |||
| 451 | = 0x57acc001; | 457 | = 0x57acc001; |
| 452 | #endif | 458 | #endif |
| 453 | if (verdict == IP6T_CONTINUE) | 459 | if (verdict == IP6T_CONTINUE) |
| 454 | e = (void *)e + e->next_offset; | 460 | e = ip6t_next_entry(e); |
| 455 | else | 461 | else |
| 456 | /* Verdict */ | 462 | /* Verdict */ |
| 457 | break; | 463 | break; |
| @@ -459,7 +465,7 @@ ip6t_do_table(struct sk_buff *skb, | |||
| 459 | } else { | 465 | } else { |
| 460 | 466 | ||
| 461 | no_match: | 467 | no_match: |
| 462 | e = (void *)e + e->next_offset; | 468 | e = ip6t_next_entry(e); |
| 463 | } | 469 | } |
| 464 | } while (!hotdrop); | 470 | } while (!hotdrop); |
| 465 | 471 | ||