diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2008-10-08 05:35:18 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:18 -0400 |
commit | f7108a20dee44e5bb037f9e48f6a207b42e6ae1c (patch) | |
tree | bfc741548cdf416a59a89d89a20ba2cbdc8e988e /net/bridge | |
parent | c2df73de246ae75705af8ceed4f385b261dea108 (diff) |
netfilter: xtables: move extension arguments into compound structure (1/6)
The function signatures for Xtables extensions have grown over time.
It involves a lot of typing/replication, and also a bit of stack space
even if they are not used. Realize an NFWS2008 idea and pack them into
structs. The skb remains outside of the struct so gcc can continue to
apply its optimizations.
This patch does this for match extensions' match functions.
A few ambiguities have also been addressed. The "offset" parameter for
example has been renamed to "fragoff" (there are so many different
offsets already) and "protoff" to "thoff" (there is more than just one
protocol here, so clarify).
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/bridge')
-rw-r--r-- | net/bridge/netfilter/ebt_802_3.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_among.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_arp.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ip.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ip6.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_limit.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_mark_m.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_pkttype.c | 7 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_stp.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_vlan.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebtables.c | 16 |
11 files changed, 30 insertions, 47 deletions
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c index 6fc2a59e09a1..c9e1bc149513 100644 --- a/net/bridge/netfilter/ebt_802_3.c +++ b/net/bridge/netfilter/ebt_802_3.c | |||
@@ -13,11 +13,9 @@ | |||
13 | #include <linux/netfilter_bridge/ebt_802_3.h> | 13 | #include <linux/netfilter_bridge/ebt_802_3.h> |
14 | 14 | ||
15 | static bool | 15 | static bool |
16 | ebt_802_3_mt(const struct sk_buff *skb, const struct net_device *in, | 16 | ebt_802_3_mt(const struct sk_buff *skb, const struct xt_match_param *par) |
17 | const struct net_device *out, const struct xt_match *match, | ||
18 | const void *data, int offset, unsigned int protoff, bool *hotdrop) | ||
19 | { | 17 | { |
20 | const struct ebt_802_3_info *info = data; | 18 | const struct ebt_802_3_info *info = par->matchinfo; |
21 | const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb); | 19 | const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb); |
22 | __be16 type = hdr->llc.ui.ctrl & IS_UI ? hdr->llc.ui.type : hdr->llc.ni.type; | 20 | __be16 type = hdr->llc.ui.ctrl & IS_UI ? hdr->llc.ui.type : hdr->llc.ni.type; |
23 | 21 | ||
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c index 084559e1840f..0ad0db3e815d 100644 --- a/net/bridge/netfilter/ebt_among.c +++ b/net/bridge/netfilter/ebt_among.c | |||
@@ -128,11 +128,9 @@ static int get_ip_src(const struct sk_buff *skb, __be32 *addr) | |||
128 | } | 128 | } |
129 | 129 | ||
130 | static bool | 130 | static bool |
131 | ebt_among_mt(const struct sk_buff *skb, const struct net_device *in, | 131 | ebt_among_mt(const struct sk_buff *skb, const struct xt_match_param *par) |
132 | const struct net_device *out, const struct xt_match *match, | ||
133 | const void *data, int offset, unsigned int protoff, bool *hotdrop) | ||
134 | { | 132 | { |
135 | const struct ebt_among_info *info = data; | 133 | const struct ebt_among_info *info = par->matchinfo; |
136 | const char *dmac, *smac; | 134 | const char *dmac, *smac; |
137 | const struct ebt_mac_wormhash *wh_dst, *wh_src; | 135 | const struct ebt_mac_wormhash *wh_dst, *wh_src; |
138 | __be32 dip = 0, sip = 0; | 136 | __be32 dip = 0, sip = 0; |
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c index a073dffe7a11..1ff8fa3a9e7b 100644 --- a/net/bridge/netfilter/ebt_arp.c +++ b/net/bridge/netfilter/ebt_arp.c | |||
@@ -16,11 +16,9 @@ | |||
16 | #include <linux/netfilter_bridge/ebt_arp.h> | 16 | #include <linux/netfilter_bridge/ebt_arp.h> |
17 | 17 | ||
18 | static bool | 18 | static bool |
19 | ebt_arp_mt(const struct sk_buff *skb, const struct net_device *in, | 19 | ebt_arp_mt(const struct sk_buff *skb, const struct xt_match_param *par) |
20 | const struct net_device *out, const struct xt_match *match, | ||
21 | const void *data, int offset, unsigned int protoff, bool *hotdrop) | ||
22 | { | 20 | { |
23 | const struct ebt_arp_info *info = data; | 21 | const struct ebt_arp_info *info = par->matchinfo; |
24 | const struct arphdr *ah; | 22 | const struct arphdr *ah; |
25 | struct arphdr _arph; | 23 | struct arphdr _arph; |
26 | 24 | ||
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c index b42c7ce799b3..c70ea39840b7 100644 --- a/net/bridge/netfilter/ebt_ip.c +++ b/net/bridge/netfilter/ebt_ip.c | |||
@@ -25,11 +25,9 @@ struct tcpudphdr { | |||
25 | }; | 25 | }; |
26 | 26 | ||
27 | static bool | 27 | static bool |
28 | ebt_ip_mt(const struct sk_buff *skb, const struct net_device *in, | 28 | ebt_ip_mt(const struct sk_buff *skb, const struct xt_match_param *par) |
29 | const struct net_device *out, const struct xt_match *match, | ||
30 | const void *data, int offset, unsigned int protoff, bool *hotdrop) | ||
31 | { | 29 | { |
32 | const struct ebt_ip_info *info = data; | 30 | const struct ebt_ip_info *info = par->matchinfo; |
33 | const struct iphdr *ih; | 31 | const struct iphdr *ih; |
34 | struct iphdr _iph; | 32 | struct iphdr _iph; |
35 | const struct tcpudphdr *pptr; | 33 | const struct tcpudphdr *pptr; |
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c index 7bd983129674..5acee02de723 100644 --- a/net/bridge/netfilter/ebt_ip6.c +++ b/net/bridge/netfilter/ebt_ip6.c | |||
@@ -28,11 +28,9 @@ struct tcpudphdr { | |||
28 | }; | 28 | }; |
29 | 29 | ||
30 | static bool | 30 | static bool |
31 | ebt_ip6_mt(const struct sk_buff *skb, const struct net_device *in, | 31 | ebt_ip6_mt(const struct sk_buff *skb, const struct xt_match_param *par) |
32 | const struct net_device *out, const struct xt_match *match, | ||
33 | const void *data, int offset, unsigned int protoff, bool *hotdrop) | ||
34 | { | 32 | { |
35 | const struct ebt_ip6_info *info = data; | 33 | const struct ebt_ip6_info *info = par->matchinfo; |
36 | const struct ipv6hdr *ih6; | 34 | const struct ipv6hdr *ih6; |
37 | struct ipv6hdr _ip6h; | 35 | struct ipv6hdr _ip6h; |
38 | const struct tcpudphdr *pptr; | 36 | const struct tcpudphdr *pptr; |
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c index 58aaaa149068..9a3ec8cadaa4 100644 --- a/net/bridge/netfilter/ebt_limit.c +++ b/net/bridge/netfilter/ebt_limit.c | |||
@@ -31,11 +31,9 @@ static DEFINE_SPINLOCK(limit_lock); | |||
31 | #define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ) | 31 | #define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ) |
32 | 32 | ||
33 | static bool | 33 | static bool |
34 | ebt_limit_mt(const struct sk_buff *skb, const struct net_device *in, | 34 | ebt_limit_mt(const struct sk_buff *skb, const struct xt_match_param *par) |
35 | const struct net_device *out, const struct xt_match *match, | ||
36 | const void *data, int offset, unsigned int protoff, bool *hotdrop) | ||
37 | { | 35 | { |
38 | struct ebt_limit_info *info = (void *)data; | 36 | struct ebt_limit_info *info = (void *)par->matchinfo; |
39 | unsigned long now = jiffies; | 37 | unsigned long now = jiffies; |
40 | 38 | ||
41 | spin_lock_bh(&limit_lock); | 39 | spin_lock_bh(&limit_lock); |
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c index aa6781c7f98b..5b22ef96127c 100644 --- a/net/bridge/netfilter/ebt_mark_m.c +++ b/net/bridge/netfilter/ebt_mark_m.c | |||
@@ -13,11 +13,9 @@ | |||
13 | #include <linux/netfilter_bridge/ebt_mark_m.h> | 13 | #include <linux/netfilter_bridge/ebt_mark_m.h> |
14 | 14 | ||
15 | static bool | 15 | static bool |
16 | ebt_mark_mt(const struct sk_buff *skb, const struct net_device *in, | 16 | ebt_mark_mt(const struct sk_buff *skb, const struct xt_match_param *par) |
17 | const struct net_device *out, const struct xt_match *match, | ||
18 | const void *data, int offset, unsigned int protoff, bool *hotdrop) | ||
19 | { | 17 | { |
20 | const struct ebt_mark_m_info *info = data; | 18 | const struct ebt_mark_m_info *info = par->matchinfo; |
21 | 19 | ||
22 | if (info->bitmask & EBT_MARK_OR) | 20 | if (info->bitmask & EBT_MARK_OR) |
23 | return !!(skb->mark & info->mask) ^ info->invert; | 21 | return !!(skb->mark & info->mask) ^ info->invert; |
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c index 1c04ce5a52c7..b756f88fb10f 100644 --- a/net/bridge/netfilter/ebt_pkttype.c +++ b/net/bridge/netfilter/ebt_pkttype.c | |||
@@ -13,12 +13,9 @@ | |||
13 | #include <linux/netfilter_bridge/ebt_pkttype.h> | 13 | #include <linux/netfilter_bridge/ebt_pkttype.h> |
14 | 14 | ||
15 | static bool | 15 | static bool |
16 | ebt_pkttype_mt(const struct sk_buff *skb, const struct net_device *in, | 16 | ebt_pkttype_mt(const struct sk_buff *skb, const struct xt_match_param *par) |
17 | const struct net_device *out, const struct xt_match *match, | ||
18 | const void *data, int offset, unsigned int protoff, | ||
19 | bool *hotdrop) | ||
20 | { | 17 | { |
21 | const struct ebt_pkttype_info *info = data; | 18 | const struct ebt_pkttype_info *info = par->matchinfo; |
22 | 19 | ||
23 | return (skb->pkt_type == info->pkt_type) ^ info->invert; | 20 | return (skb->pkt_type == info->pkt_type) ^ info->invert; |
24 | } | 21 | } |
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c index 28bb48b67a80..06d777c62c32 100644 --- a/net/bridge/netfilter/ebt_stp.c +++ b/net/bridge/netfilter/ebt_stp.c | |||
@@ -120,11 +120,9 @@ static bool ebt_filter_config(const struct ebt_stp_info *info, | |||
120 | } | 120 | } |
121 | 121 | ||
122 | static bool | 122 | static bool |
123 | ebt_stp_mt(const struct sk_buff *skb, const struct net_device *in, | 123 | ebt_stp_mt(const struct sk_buff *skb, const struct xt_match_param *par) |
124 | const struct net_device *out, const struct xt_match *match, | ||
125 | const void *data, int offset, unsigned int protoff, bool *hotdrop) | ||
126 | { | 124 | { |
127 | const struct ebt_stp_info *info = data; | 125 | const struct ebt_stp_info *info = par->matchinfo; |
128 | const struct stp_header *sp; | 126 | const struct stp_header *sp; |
129 | struct stp_header _stph; | 127 | struct stp_header _stph; |
130 | const uint8_t header[6] = {0x42, 0x42, 0x03, 0x00, 0x00, 0x00}; | 128 | const uint8_t header[6] = {0x42, 0x42, 0x03, 0x00, 0x00, 0x00}; |
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c index 5addef6d62f0..b05b4a818341 100644 --- a/net/bridge/netfilter/ebt_vlan.c +++ b/net/bridge/netfilter/ebt_vlan.c | |||
@@ -41,11 +41,9 @@ MODULE_LICENSE("GPL"); | |||
41 | #define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; } | 41 | #define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; } |
42 | 42 | ||
43 | static bool | 43 | static bool |
44 | ebt_vlan_mt(const struct sk_buff *skb, const struct net_device *in, | 44 | ebt_vlan_mt(const struct sk_buff *skb, const struct xt_match_param *par) |
45 | const struct net_device *out, const struct xt_match *match, | ||
46 | const void *data, int offset, unsigned int protoff, bool *hotdrop) | ||
47 | { | 45 | { |
48 | const struct ebt_vlan_info *info = data; | 46 | const struct ebt_vlan_info *info = par->matchinfo; |
49 | const struct vlan_hdr *fp; | 47 | const struct vlan_hdr *fp; |
50 | struct vlan_hdr _frame; | 48 | struct vlan_hdr _frame; |
51 | 49 | ||
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 7ee72b71d3cb..f8e1822f38d4 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
@@ -74,11 +74,11 @@ static inline int ebt_do_watcher (struct ebt_entry_watcher *w, | |||
74 | } | 74 | } |
75 | 75 | ||
76 | static inline int ebt_do_match (struct ebt_entry_match *m, | 76 | static inline int ebt_do_match (struct ebt_entry_match *m, |
77 | const struct sk_buff *skb, const struct net_device *in, | 77 | const struct sk_buff *skb, struct xt_match_param *par) |
78 | const struct net_device *out, bool *hotdrop) | ||
79 | { | 78 | { |
80 | return m->u.match->match(skb, in, out, m->u.match, | 79 | par->match = m->u.match; |
81 | m->data, 0, 0, hotdrop); | 80 | par->matchinfo = m->data; |
81 | return m->u.match->match(skb, par); | ||
82 | } | 82 | } |
83 | 83 | ||
84 | static inline int ebt_dev_check(char *entry, const struct net_device *device) | 84 | static inline int ebt_dev_check(char *entry, const struct net_device *device) |
@@ -155,6 +155,11 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, | |||
155 | char *base; | 155 | char *base; |
156 | struct ebt_table_info *private; | 156 | struct ebt_table_info *private; |
157 | bool hotdrop = false; | 157 | bool hotdrop = false; |
158 | struct xt_match_param mtpar; | ||
159 | |||
160 | mtpar.in = in; | ||
161 | mtpar.out = out; | ||
162 | mtpar.hotdrop = &hotdrop; | ||
158 | 163 | ||
159 | read_lock_bh(&table->lock); | 164 | read_lock_bh(&table->lock); |
160 | private = table->private; | 165 | private = table->private; |
@@ -175,8 +180,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, | |||
175 | if (ebt_basic_match(point, eth_hdr(skb), in, out)) | 180 | if (ebt_basic_match(point, eth_hdr(skb), in, out)) |
176 | goto letscontinue; | 181 | goto letscontinue; |
177 | 182 | ||
178 | if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, | 183 | if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0) |
179 | in, out, &hotdrop) != 0) | ||
180 | goto letscontinue; | 184 | goto letscontinue; |
181 | if (hotdrop) { | 185 | if (hotdrop) { |
182 | read_unlock_bh(&table->lock); | 186 | read_unlock_bh(&table->lock); |