diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2010-02-24 12:34:48 -0500 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-02-24 12:34:48 -0500 |
commit | dcea992aca82cb08b4674c4c783e325835408d1e (patch) | |
tree | b3490bbbf49931f1405a7ebeb2f2f9d2b136cd9a /net/ipv4 | |
parent | 0559518b5b99c591226460c0bbf8e6a570c518a8 (diff) |
netfilter: xtables: replace XT_MATCH_ITERATE macro
The macro is replaced by a list.h-like foreach loop. This makes
the code more inspectable.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 78 |
1 files changed, 61 insertions, 17 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 9c8aa394c51c..3a7fc732b918 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -366,16 +366,21 @@ ipt_do_table(struct sk_buff *skb, | |||
366 | 366 | ||
367 | do { | 367 | do { |
368 | const struct ipt_entry_target *t; | 368 | const struct ipt_entry_target *t; |
369 | const struct xt_entry_match *ematch; | ||
369 | 370 | ||
370 | IP_NF_ASSERT(e); | 371 | IP_NF_ASSERT(e); |
371 | IP_NF_ASSERT(back); | 372 | IP_NF_ASSERT(back); |
372 | if (!ip_packet_match(ip, indev, outdev, | 373 | if (!ip_packet_match(ip, indev, outdev, |
373 | &e->ip, mtpar.fragoff) || | 374 | &e->ip, mtpar.fragoff)) { |
374 | IPT_MATCH_ITERATE(e, do_match, skb, &mtpar) != 0) { | 375 | no_match: |
375 | e = ipt_next_entry(e); | 376 | e = ipt_next_entry(e); |
376 | continue; | 377 | continue; |
377 | } | 378 | } |
378 | 379 | ||
380 | xt_ematch_foreach(ematch, e) | ||
381 | if (do_match(ematch, skb, &mtpar) != 0) | ||
382 | goto no_match; | ||
383 | |||
379 | ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1); | 384 | ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1); |
380 | 385 | ||
381 | t = ipt_get_target(e); | 386 | t = ipt_get_target(e); |
@@ -686,6 +691,7 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name, | |||
686 | int ret; | 691 | int ret; |
687 | unsigned int j; | 692 | unsigned int j; |
688 | struct xt_mtchk_param mtpar; | 693 | struct xt_mtchk_param mtpar; |
694 | struct xt_entry_match *ematch; | ||
689 | 695 | ||
690 | ret = check_entry(e, name); | 696 | ret = check_entry(e, name); |
691 | if (ret) | 697 | if (ret) |
@@ -697,7 +703,11 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name, | |||
697 | mtpar.entryinfo = &e->ip; | 703 | mtpar.entryinfo = &e->ip; |
698 | mtpar.hook_mask = e->comefrom; | 704 | mtpar.hook_mask = e->comefrom; |
699 | mtpar.family = NFPROTO_IPV4; | 705 | mtpar.family = NFPROTO_IPV4; |
700 | ret = IPT_MATCH_ITERATE(e, find_check_match, &mtpar, &j); | 706 | xt_ematch_foreach(ematch, e) { |
707 | ret = find_check_match(ematch, &mtpar, &j); | ||
708 | if (ret != 0) | ||
709 | break; | ||
710 | } | ||
701 | if (ret != 0) | 711 | if (ret != 0) |
702 | goto cleanup_matches; | 712 | goto cleanup_matches; |
703 | 713 | ||
@@ -720,7 +730,9 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name, | |||
720 | err: | 730 | err: |
721 | module_put(t->u.kernel.target->me); | 731 | module_put(t->u.kernel.target->me); |
722 | cleanup_matches: | 732 | cleanup_matches: |
723 | IPT_MATCH_ITERATE(e, cleanup_match, net, &j); | 733 | xt_ematch_foreach(ematch, e) |
734 | if (cleanup_match(ematch, net, &j) != 0) | ||
735 | break; | ||
724 | return ret; | 736 | return ret; |
725 | } | 737 | } |
726 | 738 | ||
@@ -791,9 +803,12 @@ cleanup_entry(struct ipt_entry *e, struct net *net) | |||
791 | { | 803 | { |
792 | struct xt_tgdtor_param par; | 804 | struct xt_tgdtor_param par; |
793 | struct ipt_entry_target *t; | 805 | struct ipt_entry_target *t; |
806 | struct xt_entry_match *ematch; | ||
794 | 807 | ||
795 | /* Cleanup all matches */ | 808 | /* Cleanup all matches */ |
796 | IPT_MATCH_ITERATE(e, cleanup_match, net, NULL); | 809 | xt_ematch_foreach(ematch, e) |
810 | if (cleanup_match(ematch, net, NULL) != 0) | ||
811 | break; | ||
797 | t = ipt_get_target(e); | 812 | t = ipt_get_target(e); |
798 | 813 | ||
799 | par.net = net; | 814 | par.net = net; |
@@ -1060,13 +1075,16 @@ static int compat_calc_entry(const struct ipt_entry *e, | |||
1060 | const struct xt_table_info *info, | 1075 | const struct xt_table_info *info, |
1061 | const void *base, struct xt_table_info *newinfo) | 1076 | const void *base, struct xt_table_info *newinfo) |
1062 | { | 1077 | { |
1078 | const struct xt_entry_match *ematch; | ||
1063 | const struct ipt_entry_target *t; | 1079 | const struct ipt_entry_target *t; |
1064 | unsigned int entry_offset; | 1080 | unsigned int entry_offset; |
1065 | int off, i, ret; | 1081 | int off, i, ret; |
1066 | 1082 | ||
1067 | off = sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); | 1083 | off = sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); |
1068 | entry_offset = (void *)e - base; | 1084 | entry_offset = (void *)e - base; |
1069 | IPT_MATCH_ITERATE(e, compat_calc_match, &off); | 1085 | xt_ematch_foreach(ematch, e) |
1086 | if (compat_calc_match(ematch, &off) != 0) | ||
1087 | break; | ||
1070 | t = ipt_get_target_c(e); | 1088 | t = ipt_get_target_c(e); |
1071 | off += xt_compat_target_offset(t->u.kernel.target); | 1089 | off += xt_compat_target_offset(t->u.kernel.target); |
1072 | newinfo->size -= off; | 1090 | newinfo->size -= off; |
@@ -1441,7 +1459,8 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr, | |||
1441 | struct compat_ipt_entry __user *ce; | 1459 | struct compat_ipt_entry __user *ce; |
1442 | u_int16_t target_offset, next_offset; | 1460 | u_int16_t target_offset, next_offset; |
1443 | compat_uint_t origsize; | 1461 | compat_uint_t origsize; |
1444 | int ret; | 1462 | const struct xt_entry_match *ematch; |
1463 | int ret = 0; | ||
1445 | 1464 | ||
1446 | origsize = *size; | 1465 | origsize = *size; |
1447 | ce = (struct compat_ipt_entry __user *)*dstptr; | 1466 | ce = (struct compat_ipt_entry __user *)*dstptr; |
@@ -1453,7 +1472,11 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr, | |||
1453 | *dstptr += sizeof(struct compat_ipt_entry); | 1472 | *dstptr += sizeof(struct compat_ipt_entry); |
1454 | *size -= sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); | 1473 | *size -= sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); |
1455 | 1474 | ||
1456 | ret = IPT_MATCH_ITERATE(e, xt_compat_match_to_user, dstptr, size); | 1475 | xt_ematch_foreach(ematch, e) { |
1476 | ret = xt_compat_match_to_user(ematch, dstptr, size); | ||
1477 | if (ret != 0) | ||
1478 | break; | ||
1479 | } | ||
1457 | target_offset = e->target_offset - (origsize - *size); | 1480 | target_offset = e->target_offset - (origsize - *size); |
1458 | if (ret) | 1481 | if (ret) |
1459 | return ret; | 1482 | return ret; |
@@ -1505,9 +1528,12 @@ compat_release_match(struct ipt_entry_match *m, unsigned int *i) | |||
1505 | static void compat_release_entry(struct compat_ipt_entry *e) | 1528 | static void compat_release_entry(struct compat_ipt_entry *e) |
1506 | { | 1529 | { |
1507 | struct ipt_entry_target *t; | 1530 | struct ipt_entry_target *t; |
1531 | struct xt_entry_match *ematch; | ||
1508 | 1532 | ||
1509 | /* Cleanup all matches */ | 1533 | /* Cleanup all matches */ |
1510 | COMPAT_IPT_MATCH_ITERATE(e, compat_release_match, NULL); | 1534 | xt_ematch_foreach(ematch, e) |
1535 | if (compat_release_match(ematch, NULL) != 0) | ||
1536 | break; | ||
1511 | t = compat_ipt_get_target(e); | 1537 | t = compat_ipt_get_target(e); |
1512 | module_put(t->u.kernel.target->me); | 1538 | module_put(t->u.kernel.target->me); |
1513 | } | 1539 | } |
@@ -1522,6 +1548,7 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e, | |||
1522 | const unsigned int *underflows, | 1548 | const unsigned int *underflows, |
1523 | const char *name) | 1549 | const char *name) |
1524 | { | 1550 | { |
1551 | struct xt_entry_match *ematch; | ||
1525 | struct ipt_entry_target *t; | 1552 | struct ipt_entry_target *t; |
1526 | struct xt_target *target; | 1553 | struct xt_target *target; |
1527 | unsigned int entry_offset; | 1554 | unsigned int entry_offset; |
@@ -1550,8 +1577,12 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e, | |||
1550 | off = sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); | 1577 | off = sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); |
1551 | entry_offset = (void *)e - (void *)base; | 1578 | entry_offset = (void *)e - (void *)base; |
1552 | j = 0; | 1579 | j = 0; |
1553 | ret = COMPAT_IPT_MATCH_ITERATE(e, compat_find_calc_match, name, | 1580 | xt_ematch_foreach(ematch, e) { |
1554 | &e->ip, e->comefrom, &off, &j); | 1581 | ret = compat_find_calc_match(ematch, name, |
1582 | &e->ip, e->comefrom, &off, &j); | ||
1583 | if (ret != 0) | ||
1584 | break; | ||
1585 | } | ||
1555 | if (ret != 0) | 1586 | if (ret != 0) |
1556 | goto release_matches; | 1587 | goto release_matches; |
1557 | 1588 | ||
@@ -1590,7 +1621,9 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e, | |||
1590 | out: | 1621 | out: |
1591 | module_put(t->u.kernel.target->me); | 1622 | module_put(t->u.kernel.target->me); |
1592 | release_matches: | 1623 | release_matches: |
1593 | IPT_MATCH_ITERATE(e, compat_release_match, &j); | 1624 | xt_ematch_foreach(ematch, e) |
1625 | if (compat_release_match(ematch, &j) != 0) | ||
1626 | break; | ||
1594 | return ret; | 1627 | return ret; |
1595 | } | 1628 | } |
1596 | 1629 | ||
@@ -1604,6 +1637,7 @@ compat_copy_entry_from_user(struct compat_ipt_entry *e, void **dstptr, | |||
1604 | struct ipt_entry *de; | 1637 | struct ipt_entry *de; |
1605 | unsigned int origsize; | 1638 | unsigned int origsize; |
1606 | int ret, h; | 1639 | int ret, h; |
1640 | struct xt_entry_match *ematch; | ||
1607 | 1641 | ||
1608 | ret = 0; | 1642 | ret = 0; |
1609 | origsize = *size; | 1643 | origsize = *size; |
@@ -1614,8 +1648,11 @@ compat_copy_entry_from_user(struct compat_ipt_entry *e, void **dstptr, | |||
1614 | *dstptr += sizeof(struct ipt_entry); | 1648 | *dstptr += sizeof(struct ipt_entry); |
1615 | *size += sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); | 1649 | *size += sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); |
1616 | 1650 | ||
1617 | ret = COMPAT_IPT_MATCH_ITERATE(e, xt_compat_match_from_user, | 1651 | xt_ematch_foreach(ematch, e) { |
1618 | dstptr, size); | 1652 | ret = xt_compat_match_from_user(ematch, dstptr, size); |
1653 | if (ret != 0) | ||
1654 | break; | ||
1655 | } | ||
1619 | if (ret) | 1656 | if (ret) |
1620 | return ret; | 1657 | return ret; |
1621 | de->target_offset = e->target_offset - (origsize - *size); | 1658 | de->target_offset = e->target_offset - (origsize - *size); |
@@ -1636,9 +1673,10 @@ compat_copy_entry_from_user(struct compat_ipt_entry *e, void **dstptr, | |||
1636 | static int | 1673 | static int |
1637 | compat_check_entry(struct ipt_entry *e, struct net *net, const char *name) | 1674 | compat_check_entry(struct ipt_entry *e, struct net *net, const char *name) |
1638 | { | 1675 | { |
1676 | struct xt_entry_match *ematch; | ||
1639 | struct xt_mtchk_param mtpar; | 1677 | struct xt_mtchk_param mtpar; |
1640 | unsigned int j; | 1678 | unsigned int j; |
1641 | int ret; | 1679 | int ret = 0; |
1642 | 1680 | ||
1643 | j = 0; | 1681 | j = 0; |
1644 | mtpar.net = net; | 1682 | mtpar.net = net; |
@@ -1646,7 +1684,11 @@ compat_check_entry(struct ipt_entry *e, struct net *net, const char *name) | |||
1646 | mtpar.entryinfo = &e->ip; | 1684 | mtpar.entryinfo = &e->ip; |
1647 | mtpar.hook_mask = e->comefrom; | 1685 | mtpar.hook_mask = e->comefrom; |
1648 | mtpar.family = NFPROTO_IPV4; | 1686 | mtpar.family = NFPROTO_IPV4; |
1649 | ret = IPT_MATCH_ITERATE(e, check_match, &mtpar, &j); | 1687 | xt_ematch_foreach(ematch, e) { |
1688 | ret = check_match(ematch, &mtpar, &j); | ||
1689 | if (ret != 0) | ||
1690 | break; | ||
1691 | } | ||
1650 | if (ret) | 1692 | if (ret) |
1651 | goto cleanup_matches; | 1693 | goto cleanup_matches; |
1652 | 1694 | ||
@@ -1656,7 +1698,9 @@ compat_check_entry(struct ipt_entry *e, struct net *net, const char *name) | |||
1656 | return 0; | 1698 | return 0; |
1657 | 1699 | ||
1658 | cleanup_matches: | 1700 | cleanup_matches: |
1659 | IPT_MATCH_ITERATE(e, cleanup_match, net, &j); | 1701 | xt_ematch_foreach(ematch, e) |
1702 | if (cleanup_match(ematch, net, &j) != 0) | ||
1703 | break; | ||
1660 | return ret; | 1704 | return ret; |
1661 | } | 1705 | } |
1662 | 1706 | ||