aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-12-18 00:52:00 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:58:39 -0500
commit9c54795950d198e77144a18c94e7ed52ea0f3c77 (patch)
tree106595d0f391857ddcbaf6061481f83ea82237fc /net/ipv4
parent1fe5723773656a8ee7a981caf7fee9adb0ac6259 (diff)
[NETFILTER]: {ip,ip6}_tables: reformat to eliminate differences
Reformat ip_tables.c and ip6_tables.c in order to eliminate non-functional differences and minimize diff output. This allows to get a view of the real differences using: sed -e 's/IP6T/IPT/g' \ -e 's/IP6/IP/g' \ -e 's/INET6/INET/g' \ -e 's/ip6t/ipt/g' \ -e 's/ip6/ip/g' \ -e 's/ipv6/ip/g' \ -e 's/icmp6/icmp/g' \ net/ipv6/netfilter/ip6_tables.c | \ diff -wup /dev/stdin net/ipv4/netfilter/ip_tables.c Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/netfilter/ip_tables.c66
1 files changed, 30 insertions, 36 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 07be12cc3fe3..231f5d290755 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -74,7 +74,7 @@ do { \
74 Hence the start of any table is given by get_table() below. */ 74 Hence the start of any table is given by get_table() below. */
75 75
76/* Returns whether matches rule or not. */ 76/* Returns whether matches rule or not. */
77static inline int 77static inline bool
78ip_packet_match(const struct iphdr *ip, 78ip_packet_match(const struct iphdr *ip,
79 const char *indev, 79 const char *indev,
80 const char *outdev, 80 const char *outdev,
@@ -102,7 +102,7 @@ ip_packet_match(const struct iphdr *ip,
102 NIPQUAD(ipinfo->dmsk.s_addr), 102 NIPQUAD(ipinfo->dmsk.s_addr),
103 NIPQUAD(ipinfo->dst.s_addr), 103 NIPQUAD(ipinfo->dst.s_addr),
104 ipinfo->invflags & IPT_INV_DSTIP ? " (INV)" : ""); 104 ipinfo->invflags & IPT_INV_DSTIP ? " (INV)" : "");
105 return 0; 105 return false;
106 } 106 }
107 107
108 /* Look for ifname matches; this should unroll nicely. */ 108 /* Look for ifname matches; this should unroll nicely. */
@@ -116,7 +116,7 @@ ip_packet_match(const struct iphdr *ip,
116 dprintf("VIA in mismatch (%s vs %s).%s\n", 116 dprintf("VIA in mismatch (%s vs %s).%s\n",
117 indev, ipinfo->iniface, 117 indev, ipinfo->iniface,
118 ipinfo->invflags&IPT_INV_VIA_IN ?" (INV)":""); 118 ipinfo->invflags&IPT_INV_VIA_IN ?" (INV)":"");
119 return 0; 119 return false;
120 } 120 }
121 121
122 for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { 122 for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) {
@@ -129,7 +129,7 @@ ip_packet_match(const struct iphdr *ip,
129 dprintf("VIA out mismatch (%s vs %s).%s\n", 129 dprintf("VIA out mismatch (%s vs %s).%s\n",
130 outdev, ipinfo->outiface, 130 outdev, ipinfo->outiface,
131 ipinfo->invflags&IPT_INV_VIA_OUT ?" (INV)":""); 131 ipinfo->invflags&IPT_INV_VIA_OUT ?" (INV)":"");
132 return 0; 132 return false;
133 } 133 }
134 134
135 /* Check specific protocol */ 135 /* Check specific protocol */
@@ -138,7 +138,7 @@ ip_packet_match(const struct iphdr *ip,
138 dprintf("Packet protocol %hi does not match %hi.%s\n", 138 dprintf("Packet protocol %hi does not match %hi.%s\n",
139 ip->protocol, ipinfo->proto, 139 ip->protocol, ipinfo->proto,
140 ipinfo->invflags&IPT_INV_PROTO ? " (INV)":""); 140 ipinfo->invflags&IPT_INV_PROTO ? " (INV)":"");
141 return 0; 141 return false;
142 } 142 }
143 143
144 /* If we have a fragment rule but the packet is not a fragment 144 /* If we have a fragment rule but the packet is not a fragment
@@ -146,10 +146,10 @@ ip_packet_match(const struct iphdr *ip,
146 if (FWINV((ipinfo->flags&IPT_F_FRAG) && !isfrag, IPT_INV_FRAG)) { 146 if (FWINV((ipinfo->flags&IPT_F_FRAG) && !isfrag, IPT_INV_FRAG)) {
147 dprintf("Fragment rule but not fragment.%s\n", 147 dprintf("Fragment rule but not fragment.%s\n",
148 ipinfo->invflags & IPT_INV_FRAG ? " (INV)" : ""); 148 ipinfo->invflags & IPT_INV_FRAG ? " (INV)" : "");
149 return 0; 149 return false;
150 } 150 }
151 151
152 return 1; 152 return true;
153} 153}
154 154
155static inline bool 155static inline bool
@@ -222,7 +222,7 @@ unconditional(const struct ipt_ip *ip)
222static const char *hooknames[] = { 222static const char *hooknames[] = {
223 [NF_INET_PRE_ROUTING] = "PREROUTING", 223 [NF_INET_PRE_ROUTING] = "PREROUTING",
224 [NF_INET_LOCAL_IN] = "INPUT", 224 [NF_INET_LOCAL_IN] = "INPUT",
225 [NF_INET_FORWARD] = "FORWARD", 225 [NF_INET_FORWARD] = "FORWARD",
226 [NF_INET_LOCAL_OUT] = "OUTPUT", 226 [NF_INET_LOCAL_OUT] = "OUTPUT",
227 [NF_INET_POST_ROUTING] = "POSTROUTING", 227 [NF_INET_POST_ROUTING] = "POSTROUTING",
228}; 228};
@@ -467,8 +467,7 @@ mark_source_chains(struct xt_table_info *newinfo,
467 to 0 as we leave), and comefrom to save source hook bitmask */ 467 to 0 as we leave), and comefrom to save source hook bitmask */
468 for (hook = 0; hook < NF_INET_NUMHOOKS; hook++) { 468 for (hook = 0; hook < NF_INET_NUMHOOKS; hook++) {
469 unsigned int pos = newinfo->hook_entry[hook]; 469 unsigned int pos = newinfo->hook_entry[hook];
470 struct ipt_entry *e 470 struct ipt_entry *e = (struct ipt_entry *)(entry0 + pos);
471 = (struct ipt_entry *)(entry0 + pos);
472 471
473 if (!(valid_hooks & (1 << hook))) 472 if (!(valid_hooks & (1 << hook)))
474 continue; 473 continue;
@@ -486,8 +485,7 @@ mark_source_chains(struct xt_table_info *newinfo,
486 hook, pos, e->comefrom); 485 hook, pos, e->comefrom);
487 return 0; 486 return 0;
488 } 487 }
489 e->comefrom 488 e->comefrom |= ((1 << hook) | (1 << NF_INET_NUMHOOKS));
490 |= ((1 << hook) | (1 << NF_INET_NUMHOOKS));
491 489
492 /* Unconditional return/END. */ 490 /* Unconditional return/END. */
493 if ((e->target_offset == sizeof(struct ipt_entry) 491 if ((e->target_offset == sizeof(struct ipt_entry)
@@ -589,7 +587,8 @@ check_entry(struct ipt_entry *e, const char *name)
589 return -EINVAL; 587 return -EINVAL;
590 } 588 }
591 589
592 if (e->target_offset + sizeof(struct ipt_entry_target) > e->next_offset) 590 if (e->target_offset + sizeof(struct ipt_entry_target) >
591 e->next_offset)
593 return -EINVAL; 592 return -EINVAL;
594 593
595 t = ipt_get_target(e); 594 t = ipt_get_target(e);
@@ -633,7 +632,7 @@ find_check_match(struct ipt_entry_match *m,
633 int ret; 632 int ret;
634 633
635 match = try_then_request_module(xt_find_match(AF_INET, m->u.user.name, 634 match = try_then_request_module(xt_find_match(AF_INET, m->u.user.name,
636 m->u.user.revision), 635 m->u.user.revision),
637 "ipt_%s", m->u.user.name); 636 "ipt_%s", m->u.user.name);
638 if (IS_ERR(match) || !match) { 637 if (IS_ERR(match) || !match) {
639 duprintf("find_check_match: `%s' not found\n", m->u.user.name); 638 duprintf("find_check_match: `%s' not found\n", m->u.user.name);
@@ -959,7 +958,6 @@ copy_entries_to_user(unsigned int total_size,
959 * allowed to migrate to another cpu) 958 * allowed to migrate to another cpu)
960 */ 959 */
961 loc_cpu_entry = private->entries[raw_smp_processor_id()]; 960 loc_cpu_entry = private->entries[raw_smp_processor_id()];
962 /* ... then copy entire thing ... */
963 if (copy_to_user(userptr, loc_cpu_entry, total_size) != 0) { 961 if (copy_to_user(userptr, loc_cpu_entry, total_size) != 0) {
964 ret = -EFAULT; 962 ret = -EFAULT;
965 goto free_counters; 963 goto free_counters;
@@ -1169,15 +1167,13 @@ get_entries(struct ipt_get_entries __user *uptr, int *len)
1169 t = xt_find_table_lock(AF_INET, get.name); 1167 t = xt_find_table_lock(AF_INET, get.name);
1170 if (t && !IS_ERR(t)) { 1168 if (t && !IS_ERR(t)) {
1171 struct xt_table_info *private = t->private; 1169 struct xt_table_info *private = t->private;
1172 duprintf("t->private->number = %u\n", 1170 duprintf("t->private->number = %u\n", private->number);
1173 private->number);
1174 if (get.size == private->size) 1171 if (get.size == private->size)
1175 ret = copy_entries_to_user(private->size, 1172 ret = copy_entries_to_user(private->size,
1176 t, uptr->entrytable); 1173 t, uptr->entrytable);
1177 else { 1174 else {
1178 duprintf("get_entries: I've got %u not %u!\n", 1175 duprintf("get_entries: I've got %u not %u!\n",
1179 private->size, 1176 private->size, get.size);
1180 get.size);
1181 ret = -EINVAL; 1177 ret = -EINVAL;
1182 } 1178 }
1183 module_put(t->me); 1179 module_put(t->me);
@@ -1281,7 +1277,7 @@ do_replace(void __user *user, unsigned int len)
1281 if (!newinfo) 1277 if (!newinfo)
1282 return -ENOMEM; 1278 return -ENOMEM;
1283 1279
1284 /* choose the copy that is our node/cpu */ 1280 /* choose the copy that is on our node/cpu */
1285 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; 1281 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
1286 if (copy_from_user(loc_cpu_entry, user + sizeof(tmp), 1282 if (copy_from_user(loc_cpu_entry, user + sizeof(tmp),
1287 tmp.size) != 0) { 1283 tmp.size) != 0) {
@@ -1304,7 +1300,7 @@ do_replace(void __user *user, unsigned int len)
1304 return 0; 1300 return 0;
1305 1301
1306 free_newinfo_untrans: 1302 free_newinfo_untrans:
1307 IPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry,NULL); 1303 IPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL);
1308 free_newinfo: 1304 free_newinfo:
1309 xt_free_table_info(newinfo); 1305 xt_free_table_info(newinfo);
1310 return ret; 1306 return ret;
@@ -1651,7 +1647,8 @@ static inline int compat_check_entry(struct ipt_entry *e, const char *name,
1651 int j, ret; 1647 int j, ret;
1652 1648
1653 j = 0; 1649 j = 0;
1654 ret = IPT_MATCH_ITERATE(e, check_match, name, &e->ip, e->comefrom, &j); 1650 ret = IPT_MATCH_ITERATE(e, check_match, name, &e->ip,
1651 e->comefrom, &j);
1655 if (ret) 1652 if (ret)
1656 goto cleanup_matches; 1653 goto cleanup_matches;
1657 1654
@@ -1744,8 +1741,8 @@ translate_compat_table(const char *name,
1744 pos = entry1; 1741 pos = entry1;
1745 size = total_size; 1742 size = total_size;
1746 ret = COMPAT_IPT_ENTRY_ITERATE(entry0, total_size, 1743 ret = COMPAT_IPT_ENTRY_ITERATE(entry0, total_size,
1747 compat_copy_entry_from_user, &pos, &size, 1744 compat_copy_entry_from_user,
1748 name, newinfo, entry1); 1745 &pos, &size, name, newinfo, entry1);
1749 xt_compat_flush_offsets(AF_INET); 1746 xt_compat_flush_offsets(AF_INET);
1750 xt_compat_unlock(AF_INET); 1747 xt_compat_unlock(AF_INET);
1751 if (ret) 1748 if (ret)
@@ -1813,7 +1810,7 @@ compat_do_replace(void __user *user, unsigned int len)
1813 if (!newinfo) 1810 if (!newinfo)
1814 return -ENOMEM; 1811 return -ENOMEM;
1815 1812
1816 /* choose the copy that is our node/cpu */ 1813 /* choose the copy that is on our node/cpu */
1817 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; 1814 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
1818 if (copy_from_user(loc_cpu_entry, user + sizeof(tmp), 1815 if (copy_from_user(loc_cpu_entry, user + sizeof(tmp),
1819 tmp.size) != 0) { 1816 tmp.size) != 0) {
@@ -1934,16 +1931,14 @@ compat_get_entries(struct compat_ipt_get_entries __user *uptr, int *len)
1934 if (t && !IS_ERR(t)) { 1931 if (t && !IS_ERR(t)) {
1935 struct xt_table_info *private = t->private; 1932 struct xt_table_info *private = t->private;
1936 struct xt_table_info info; 1933 struct xt_table_info info;
1937 duprintf("t->private->number = %u\n", 1934 duprintf("t->private->number = %u\n", private->number);
1938 private->number);
1939 ret = compat_table_info(private, &info); 1935 ret = compat_table_info(private, &info);
1940 if (!ret && get.size == info.size) { 1936 if (!ret && get.size == info.size) {
1941 ret = compat_copy_entries_to_user(private->size, 1937 ret = compat_copy_entries_to_user(private->size,
1942 t, uptr->entrytable); 1938 t, uptr->entrytable);
1943 } else if (!ret) { 1939 } else if (!ret) {
1944 duprintf("compat_get_entries: I've got %u not %u!\n", 1940 duprintf("compat_get_entries: I've got %u not %u!\n",
1945 private->size, 1941 private->size, get.size);
1946 get.size);
1947 ret = -EINVAL; 1942 ret = -EINVAL;
1948 } 1943 }
1949 xt_compat_flush_offsets(AF_INET); 1944 xt_compat_flush_offsets(AF_INET);
@@ -1981,7 +1976,7 @@ compat_do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1981#endif 1976#endif
1982 1977
1983static int 1978static int
1984do_ipt_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) 1979do_ipt_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
1985{ 1980{
1986 int ret; 1981 int ret;
1987 1982
@@ -2068,9 +2063,7 @@ int ipt_register_table(struct xt_table *table, const struct ipt_replace *repl)
2068 if (!newinfo) 2063 if (!newinfo)
2069 return -ENOMEM; 2064 return -ENOMEM;
2070 2065
2071 /* choose the copy on our node/cpu 2066 /* choose the copy on our node/cpu, but dont care about preemption */
2072 * but dont care of preemption
2073 */
2074 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; 2067 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
2075 memcpy(loc_cpu_entry, repl->entries, repl->size); 2068 memcpy(loc_cpu_entry, repl->entries, repl->size);
2076 2069
@@ -2112,7 +2105,8 @@ icmp_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code,
2112 u_int8_t type, u_int8_t code, 2105 u_int8_t type, u_int8_t code,
2113 bool invert) 2106 bool invert)
2114{ 2107{
2115 return ((test_type == 0xFF) || (type == test_type && code >= min_code && code <= max_code)) 2108 return ((test_type == 0xFF) ||
2109 (type == test_type && code >= min_code && code <= max_code))
2116 ^ invert; 2110 ^ invert;
2117} 2111}
2118 2112
@@ -2153,7 +2147,7 @@ icmp_match(const struct sk_buff *skb,
2153/* Called when user tries to insert an entry of this type. */ 2147/* Called when user tries to insert an entry of this type. */
2154static bool 2148static bool
2155icmp_checkentry(const char *tablename, 2149icmp_checkentry(const char *tablename,
2156 const void *info, 2150 const void *entry,
2157 const struct xt_match *match, 2151 const struct xt_match *match,
2158 void *matchinfo, 2152 void *matchinfo,
2159 unsigned int hook_mask) 2153 unsigned int hook_mask)
@@ -2204,9 +2198,9 @@ static struct xt_match icmp_matchstruct __read_mostly = {
2204 .name = "icmp", 2198 .name = "icmp",
2205 .match = icmp_match, 2199 .match = icmp_match,
2206 .matchsize = sizeof(struct ipt_icmp), 2200 .matchsize = sizeof(struct ipt_icmp),
2201 .checkentry = icmp_checkentry,
2207 .proto = IPPROTO_ICMP, 2202 .proto = IPPROTO_ICMP,
2208 .family = AF_INET, 2203 .family = AF_INET,
2209 .checkentry = icmp_checkentry,
2210}; 2204};
2211 2205
2212static int __init ip_tables_init(void) 2206static int __init ip_tables_init(void)
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-10 07:16:17 -0500