netfilter: xtables: combine struct xt_match_param and xt_target_param

The structures carried - besides match/target - almost the same data. It is possible to combine them, as extensions are evaluated serially, and so, the callers end up a little smaller. text data bss filename -15318 740 104 net/ipv4/netfilter/ip_tables.o +15286 740 104 net/ipv4/netfilter/ip_tables.o -15333 540 152 net/ipv6/netfilter/ip6_tables.o +15269 540 152 net/ipv6/netfilter/ip6_tables.o Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2009-07-05 12:26:37 -0400
committer: Jan Engelhardt <jengelh@medozas.de> 2010-05-11 12:23:43 -0400
commit: de74c16996287250f0d947663127f80c6beebd3c (patch)
tree: c7e77e254c5812c8561516dd668eaec732a89a0d /net/ipv4
parent: ef53d702c3614fb919e8a8291033e3dbccfd1aea (diff)
2 files changed, 23 insertions, 25 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 07a699059390..73d924b88f89 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -265,7 +265,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
        const char *indev, *outdev;
        void *table_base;
        const struct xt_table_info *private;
-        struct xt_target_param tgpar;
+        struct xt_action_param acpar;
        if (!pskb_may_pull(skb, arp_hdr_len(skb->dev)))
                return NF_DROP;
@@ -280,10 +280,10 @@ unsigned int arpt_do_table(struct sk_buff *skb,
        e = get_entry(table_base, private->hook_entry[hook]);
        back = get_entry(table_base, private->underflow[hook]);
-        tgpar.in      = in;
+        acpar.in      = in;
-        tgpar.out     = out;
+        acpar.out     = out;
-        tgpar.hooknum = hook;
+        acpar.hooknum = hook;
-        tgpar.family  = NFPROTO_ARP;
+        acpar.family  = NFPROTO_ARP;
        arp = arp_hdr(skb);
        do {
@@ -333,9 +333,9 @@ unsigned int arpt_do_table(struct sk_buff *skb,
                /* Targets which reenter must return
                 * abs. verdicts
                 */
-                tgpar.target   = t->u.kernel.target;
+                acpar.target   = t->u.kernel.target;
-                tgpar.targinfo = t->data;
+                acpar.targinfo = t->data;
-                verdict = t->u.kernel.target->target(skb, &tgpar);
+                verdict = t->u.kernel.target->target(skb, &acpar);
                /* Target might have changed stuff. */
                arp = arp_hdr(skb);
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 265cedf88660..e1a53c2da032 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -316,8 +316,7 @@ ipt_do_table(struct sk_buff *skb,
        struct ipt_entry *e, **jumpstack;
        unsigned int *stackptr, origptr, cpu;
        const struct xt_table_info *private;
-        struct xt_match_param mtpar;
+        struct xt_action_param acpar;
-        struct xt_target_param tgpar;
        /* Initialization */
        ip = ip_hdr(skb);
@@ -329,13 +328,13 @@ ipt_do_table(struct sk_buff *skb,
         * things we don't know, ie. tcp syn flag or ports).  If the
         * rule is also a fragment-specific rule, non-fragments won't
         * match it. */
-        mtpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET;
+        acpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET;
-        mtpar.thoff   = ip_hdrlen(skb);
+        acpar.thoff   = ip_hdrlen(skb);
-        mtpar.hotdrop = &hotdrop;
+        acpar.hotdrop = &hotdrop;
-        mtpar.in      = tgpar.in  = in;
+        acpar.in      = in;
-        mtpar.out     = tgpar.out = out;
+        acpar.out     = out;
-        mtpar.family  = tgpar.family = NFPROTO_IPV4;
+        acpar.family  = NFPROTO_IPV4;
-        mtpar.hooknum = tgpar.hooknum = hook;
+        acpar.hooknum = hook;
        IP_NF_ASSERT(table->valid_hooks & (1 << hook));
        xt_info_rdlock_bh();
@@ -358,16 +357,16 @@ ipt_do_table(struct sk_buff *skb,
                IP_NF_ASSERT(e);
                if (!ip_packet_match(ip, indev, outdev,
-                    &e->ip, mtpar.fragoff)) {
+                    &e->ip, acpar.fragoff)) {
 no_match:
                        e = ipt_next_entry(e);
                        continue;
                }
                xt_ematch_foreach(ematch, e) {
-                        mtpar.match     = ematch->u.kernel.match;
+                        acpar.match     = ematch->u.kernel.match;
-                        mtpar.matchinfo = ematch->data;
+                        acpar.matchinfo = ematch->data;
-                        if (!mtpar.match->match(skb, &mtpar))
+                        if (!acpar.match->match(skb, &acpar))
                                goto no_match;
                }
@@ -422,11 +421,10 @@ ipt_do_table(struct sk_buff *skb,
                        continue;
                }
-                tgpar.target   = t->u.kernel.target;
+                acpar.target   = t->u.kernel.target;
-                tgpar.targinfo = t->data;
+                acpar.targinfo = t->data;
+                verdict = t->u.kernel.target->target(skb, &acpar);
-                verdict = t->u.kernel.target->target(skb, &tgpar);
                /* Target might have changed stuff. */
                ip = ip_hdr(skb);
                if (verdict == IPT_CONTINUE)
author	Jan Engelhardt <jengelh@medozas.de>	2009-07-05 12:26:37 -0400
committer	Jan Engelhardt <jengelh@medozas.de>	2010-05-11 12:23:43 -0400
commit	de74c16996287250f0d947663127f80c6beebd3c (patch)
tree	c7e77e254c5812c8561516dd668eaec732a89a0d /net/ipv4
parent	ef53d702c3614fb919e8a8291033e3dbccfd1aea (diff)

diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 07a699059390..73d924b88f89 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c
@@ -265,7 +265,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
265	const char indev, outdev;	265	const char indev, outdev;
266	void *table_base;	266	void *table_base;
267	const struct xt_table_info *private;	267	const struct xt_table_info *private;
268	struct xt_target_param tgpar;	268	struct xt_action_param acpar;
269		269
270	if (!pskb_may_pull(skb, arp_hdr_len(skb->dev)))	270	if (!pskb_may_pull(skb, arp_hdr_len(skb->dev)))
271	return NF_DROP;	271	return NF_DROP;
@@ -280,10 +280,10 @@ unsigned int arpt_do_table(struct sk_buff *skb,
280	e = get_entry(table_base, private->hook_entry[hook]);	280	e = get_entry(table_base, private->hook_entry[hook]);
281	back = get_entry(table_base, private->underflow[hook]);	281	back = get_entry(table_base, private->underflow[hook]);
282		282
283	tgpar.in = in;	283	acpar.in = in;
284	tgpar.out = out;	284	acpar.out = out;
285	tgpar.hooknum = hook;	285	acpar.hooknum = hook;
286	tgpar.family = NFPROTO_ARP;	286	acpar.family = NFPROTO_ARP;
287		287
288	arp = arp_hdr(skb);	288	arp = arp_hdr(skb);
289	do {	289	do {
@@ -333,9 +333,9 @@ unsigned int arpt_do_table(struct sk_buff *skb,
333	/* Targets which reenter must return	333	/* Targets which reenter must return
334	* abs. verdicts	334	* abs. verdicts
335	*/	335	*/
336	tgpar.target = t->u.kernel.target;	336	acpar.target = t->u.kernel.target;
337	tgpar.targinfo = t->data;	337	acpar.targinfo = t->data;
338	verdict = t->u.kernel.target->target(skb, &tgpar);	338	verdict = t->u.kernel.target->target(skb, &acpar);
339		339
340	/* Target might have changed stuff. */	340	/* Target might have changed stuff. */
341	arp = arp_hdr(skb);	341	arp = arp_hdr(skb);


diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 265cedf88660..e1a53c2da032 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c
@@ -316,8 +316,7 @@ ipt_do_table(struct sk_buff *skb,
316	struct ipt_entry e, *jumpstack;	316	struct ipt_entry e, *jumpstack;
317	unsigned int *stackptr, origptr, cpu;	317	unsigned int *stackptr, origptr, cpu;
318	const struct xt_table_info *private;	318	const struct xt_table_info *private;
319	struct xt_match_param mtpar;	319	struct xt_action_param acpar;
320	struct xt_target_param tgpar;
321		320
322	/* Initialization */	321	/* Initialization */
323	ip = ip_hdr(skb);	322	ip = ip_hdr(skb);
@@ -329,13 +328,13 @@ ipt_do_table(struct sk_buff *skb,
329	* things we don't know, ie. tcp syn flag or ports). If the	328	* things we don't know, ie. tcp syn flag or ports). If the
330	* rule is also a fragment-specific rule, non-fragments won't	329	* rule is also a fragment-specific rule, non-fragments won't
331	* match it. */	330	* match it. */
332	mtpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET;	331	acpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET;
333	mtpar.thoff = ip_hdrlen(skb);	332	acpar.thoff = ip_hdrlen(skb);
334	mtpar.hotdrop = &hotdrop;	333	acpar.hotdrop = &hotdrop;
335	mtpar.in = tgpar.in = in;	334	acpar.in = in;
336	mtpar.out = tgpar.out = out;	335	acpar.out = out;
337	mtpar.family = tgpar.family = NFPROTO_IPV4;	336	acpar.family = NFPROTO_IPV4;
338	mtpar.hooknum = tgpar.hooknum = hook;	337	acpar.hooknum = hook;
339		338
340	IP_NF_ASSERT(table->valid_hooks & (1 << hook));	339	IP_NF_ASSERT(table->valid_hooks & (1 << hook));
341	xt_info_rdlock_bh();	340	xt_info_rdlock_bh();
@@ -358,16 +357,16 @@ ipt_do_table(struct sk_buff *skb,
358		357
359	IP_NF_ASSERT(e);	358	IP_NF_ASSERT(e);
360	if (!ip_packet_match(ip, indev, outdev,	359	if (!ip_packet_match(ip, indev, outdev,
361	&e->ip, mtpar.fragoff)) {	360	&e->ip, acpar.fragoff)) {
362	no_match:	361	no_match:
363	e = ipt_next_entry(e);	362	e = ipt_next_entry(e);
364	continue;	363	continue;
365	}	364	}
366		365
367	xt_ematch_foreach(ematch, e) {	366	xt_ematch_foreach(ematch, e) {
368	mtpar.match = ematch->u.kernel.match;	367	acpar.match = ematch->u.kernel.match;
369	mtpar.matchinfo = ematch->data;	368	acpar.matchinfo = ematch->data;
370	if (!mtpar.match->match(skb, &mtpar))	369	if (!acpar.match->match(skb, &acpar))
371	goto no_match;	370	goto no_match;
372	}	371	}
373		372
@@ -422,11 +421,10 @@ ipt_do_table(struct sk_buff *skb,
422	continue;	421	continue;
423	}	422	}
424		423
425	tgpar.target = t->u.kernel.target;	424	acpar.target = t->u.kernel.target;
426	tgpar.targinfo = t->data;	425	acpar.targinfo = t->data;
427		426
428		427	verdict = t->u.kernel.target->target(skb, &acpar);
429	verdict = t->u.kernel.target->target(skb, &tgpar);
430	/* Target might have changed stuff. */	428	/* Target might have changed stuff. */
431	ip = ip_hdr(skb);	429	ip = ip_hdr(skb);
432	if (verdict == IPT_CONTINUE)	430	if (verdict == IPT_CONTINUE)