diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2009-04-15 15:06:05 -0400 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@medozas.de> | 2009-05-08 04:30:48 -0400 |
| commit | 98e86403162d08a30b03426c54c2a8fca1f695d1 (patch) | |
| tree | 0b610ebf8ce2978a9de090435607617f545252ae /net/ipv4 | |
| parent | 4f2f6f236af484ada595ff37d0ee1902aa56221f (diff) | |
netfilter: xtables: consolidate open-coded logic
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 14 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 14 |
2 files changed, 20 insertions, 8 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 831fe1879dc0..940e54ba21b3 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
| @@ -231,6 +231,12 @@ static inline struct arpt_entry *get_entry(void *base, unsigned int offset) | |||
| 231 | return (struct arpt_entry *)(base + offset); | 231 | return (struct arpt_entry *)(base + offset); |
| 232 | } | 232 | } |
| 233 | 233 | ||
| 234 | static inline __pure | ||
| 235 | struct arpt_entry *arpt_next_entry(const struct arpt_entry *entry) | ||
| 236 | { | ||
| 237 | return (void *)entry + entry->next_offset; | ||
| 238 | } | ||
| 239 | |||
| 234 | unsigned int arpt_do_table(struct sk_buff *skb, | 240 | unsigned int arpt_do_table(struct sk_buff *skb, |
| 235 | unsigned int hook, | 241 | unsigned int hook, |
| 236 | const struct net_device *in, | 242 | const struct net_device *in, |
| @@ -295,10 +301,10 @@ unsigned int arpt_do_table(struct sk_buff *skb, | |||
| 295 | continue; | 301 | continue; |
| 296 | } | 302 | } |
| 297 | if (table_base + v | 303 | if (table_base + v |
| 298 | != (void *)e + e->next_offset) { | 304 | != arpt_next_entry(e)) { |
| 299 | /* Save old back ptr in next entry */ | 305 | /* Save old back ptr in next entry */ |
| 300 | struct arpt_entry *next | 306 | struct arpt_entry *next |
| 301 | = (void *)e + e->next_offset; | 307 | = arpt_next_entry(e); |
| 302 | next->comefrom = | 308 | next->comefrom = |
| 303 | (void *)back - table_base; | 309 | (void *)back - table_base; |
| 304 | 310 | ||
| @@ -320,13 +326,13 @@ unsigned int arpt_do_table(struct sk_buff *skb, | |||
| 320 | arp = arp_hdr(skb); | 326 | arp = arp_hdr(skb); |
| 321 | 327 | ||
| 322 | if (verdict == ARPT_CONTINUE) | 328 | if (verdict == ARPT_CONTINUE) |
| 323 | e = (void *)e + e->next_offset; | 329 | e = arpt_next_entry(e); |
| 324 | else | 330 | else |
| 325 | /* Verdict */ | 331 | /* Verdict */ |
| 326 | break; | 332 | break; |
| 327 | } | 333 | } |
| 328 | } else { | 334 | } else { |
| 329 | e = (void *)e + e->next_offset; | 335 | e = arpt_next_entry(e); |
| 330 | } | 336 | } |
| 331 | } while (!hotdrop); | 337 | } while (!hotdrop); |
| 332 | xt_info_rdunlock_bh(); | 338 | xt_info_rdunlock_bh(); |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 16b7c09c0366..7ec4e4092755 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -297,6 +297,12 @@ static void trace_packet(struct sk_buff *skb, | |||
| 297 | } | 297 | } |
| 298 | #endif | 298 | #endif |
| 299 | 299 | ||
| 300 | static inline __pure | ||
| 301 | struct ipt_entry *ipt_next_entry(const struct ipt_entry *entry) | ||
| 302 | { | ||
| 303 | return (void *)entry + entry->next_offset; | ||
| 304 | } | ||
| 305 | |||
| 300 | /* Returns one of the generic firewall policies, like NF_ACCEPT. */ | 306 | /* Returns one of the generic firewall policies, like NF_ACCEPT. */ |
| 301 | unsigned int | 307 | unsigned int |
| 302 | ipt_do_table(struct sk_buff *skb, | 308 | ipt_do_table(struct sk_buff *skb, |
| @@ -385,11 +391,11 @@ ipt_do_table(struct sk_buff *skb, | |||
| 385 | back->comefrom); | 391 | back->comefrom); |
| 386 | continue; | 392 | continue; |
| 387 | } | 393 | } |
| 388 | if (table_base + v != (void *)e + e->next_offset | 394 | if (table_base + v != ipt_next_entry(e) |
| 389 | && !(e->ip.flags & IPT_F_GOTO)) { | 395 | && !(e->ip.flags & IPT_F_GOTO)) { |
| 390 | /* Save old back ptr in next entry */ | 396 | /* Save old back ptr in next entry */ |
| 391 | struct ipt_entry *next | 397 | struct ipt_entry *next |
| 392 | = (void *)e + e->next_offset; | 398 | = ipt_next_entry(e); |
| 393 | next->comefrom | 399 | next->comefrom |
| 394 | = (void *)back - table_base; | 400 | = (void *)back - table_base; |
| 395 | /* set back pointer to next entry */ | 401 | /* set back pointer to next entry */ |
| @@ -424,7 +430,7 @@ ipt_do_table(struct sk_buff *skb, | |||
| 424 | datalen = skb->len - ip->ihl * 4; | 430 | datalen = skb->len - ip->ihl * 4; |
| 425 | 431 | ||
| 426 | if (verdict == IPT_CONTINUE) | 432 | if (verdict == IPT_CONTINUE) |
| 427 | e = (void *)e + e->next_offset; | 433 | e = ipt_next_entry(e); |
| 428 | else | 434 | else |
| 429 | /* Verdict */ | 435 | /* Verdict */ |
| 430 | break; | 436 | break; |
| @@ -432,7 +438,7 @@ ipt_do_table(struct sk_buff *skb, | |||
| 432 | } else { | 438 | } else { |
| 433 | 439 | ||
| 434 | no_match: | 440 | no_match: |
| 435 | e = (void *)e + e->next_offset; | 441 | e = ipt_next_entry(e); |
| 436 | } | 442 | } |
| 437 | } while (!hotdrop); | 443 | } while (!hotdrop); |
| 438 | xt_info_rdunlock_bh(); | 444 | xt_info_rdunlock_bh(); |