aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2010-02-24 12:32:59 -0500
committerPatrick McHardy <kaber@trash.net>2010-02-24 12:32:59 -0500
commit72b2b1dd77e8feb0b7c0b26dee58f2a1e2c9828c (patch)
tree4289fef5441a1664f60a17cb473d657f77cf1112 /net/ipv6
parent8ccb92ad41cb311e52ad1b1fe77992c7f47a3b63 (diff)
netfilter: xtables: replace XT_ENTRY_ITERATE macro
The macro is replaced by a list.h-like foreach loop. This makes the code much more inspectable. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/netfilter/ip6_tables.c160
1 files changed, 104 insertions, 56 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 4185099c2943..23926e38d36b 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -318,6 +318,7 @@ static void trace_packet(const struct sk_buff *skb,
318 const void *table_base; 318 const void *table_base;
319 const struct ip6t_entry *root; 319 const struct ip6t_entry *root;
320 const char *hookname, *chainname, *comment; 320 const char *hookname, *chainname, *comment;
321 const struct ip6t_entry *iter;
321 unsigned int rulenum = 0; 322 unsigned int rulenum = 0;
322 323
323 table_base = private->entries[smp_processor_id()]; 324 table_base = private->entries[smp_processor_id()];
@@ -326,10 +327,10 @@ static void trace_packet(const struct sk_buff *skb,
326 hookname = chainname = hooknames[hook]; 327 hookname = chainname = hooknames[hook];
327 comment = comments[NF_IP6_TRACE_COMMENT_RULE]; 328 comment = comments[NF_IP6_TRACE_COMMENT_RULE];
328 329
329 IP6T_ENTRY_ITERATE(root, 330 xt_entry_foreach(iter, root, private->size - private->hook_entry[hook])
330 private->size - private->hook_entry[hook], 331 if (get_chainname_rulenum(iter, e, hookname,
331 get_chainname_rulenum, 332 &chainname, &comment, &rulenum) != 0)
332 e, hookname, &chainname, &comment, &rulenum); 333 break;
333 334
334 nf_log_packet(AF_INET6, hook, skb, in, out, &trace_loginfo, 335 nf_log_packet(AF_INET6, hook, skb, in, out, &trace_loginfo,
335 "TRACE: %s:%s:%s:%u ", 336 "TRACE: %s:%s:%s:%u ",
@@ -857,8 +858,9 @@ translate_table(struct net *net,
857 const unsigned int *hook_entries, 858 const unsigned int *hook_entries,
858 const unsigned int *underflows) 859 const unsigned int *underflows)
859{ 860{
861 struct ip6t_entry *iter;
860 unsigned int i; 862 unsigned int i;
861 int ret; 863 int ret = 0;
862 864
863 newinfo->size = size; 865 newinfo->size = size;
864 newinfo->number = number; 866 newinfo->number = number;
@@ -872,12 +874,13 @@ translate_table(struct net *net,
872 duprintf("translate_table: size %u\n", newinfo->size); 874 duprintf("translate_table: size %u\n", newinfo->size);
873 i = 0; 875 i = 0;
874 /* Walk through entries, checking offsets. */ 876 /* Walk through entries, checking offsets. */
875 ret = IP6T_ENTRY_ITERATE(entry0, newinfo->size, 877 xt_entry_foreach(iter, entry0, newinfo->size) {
876 check_entry_size_and_hooks, 878 ret = check_entry_size_and_hooks(iter, newinfo, entry0,
877 newinfo, 879 entry0 + size, hook_entries, underflows,
878 entry0, 880 valid_hooks, &i);
879 entry0 + size, 881 if (ret != 0)
880 hook_entries, underflows, valid_hooks, &i); 882 break;
883 }
881 if (ret != 0) 884 if (ret != 0)
882 return ret; 885 return ret;
883 886
@@ -909,12 +912,16 @@ translate_table(struct net *net,
909 912
910 /* Finally, each sanity check must pass */ 913 /* Finally, each sanity check must pass */
911 i = 0; 914 i = 0;
912 ret = IP6T_ENTRY_ITERATE(entry0, newinfo->size, 915 xt_entry_foreach(iter, entry0, newinfo->size) {
913 find_check_entry, net, name, size, &i); 916 ret = find_check_entry(iter, net, name, size, &i);
917 if (ret != 0)
918 break;
919 }
914 920
915 if (ret != 0) { 921 if (ret != 0) {
916 IP6T_ENTRY_ITERATE(entry0, newinfo->size, 922 xt_entry_foreach(iter, entry0, newinfo->size)
917 cleanup_entry, net, &i); 923 if (cleanup_entry(iter, net, &i) != 0)
924 break;
918 return ret; 925 return ret;
919 } 926 }
920 927
@@ -954,6 +961,7 @@ static void
954get_counters(const struct xt_table_info *t, 961get_counters(const struct xt_table_info *t,
955 struct xt_counters counters[]) 962 struct xt_counters counters[])
956{ 963{
964 struct ip6t_entry *iter;
957 unsigned int cpu; 965 unsigned int cpu;
958 unsigned int i; 966 unsigned int i;
959 unsigned int curcpu; 967 unsigned int curcpu;
@@ -969,22 +977,18 @@ get_counters(const struct xt_table_info *t,
969 curcpu = smp_processor_id(); 977 curcpu = smp_processor_id();
970 978
971 i = 0; 979 i = 0;
972 IP6T_ENTRY_ITERATE(t->entries[curcpu], 980 xt_entry_foreach(iter, t->entries[curcpu], t->size)
973 t->size, 981 if (set_entry_to_counter(iter, counters, &i) != 0)
974 set_entry_to_counter, 982 break;
975 counters,
976 &i);
977 983
978 for_each_possible_cpu(cpu) { 984 for_each_possible_cpu(cpu) {
979 if (cpu == curcpu) 985 if (cpu == curcpu)
980 continue; 986 continue;
981 i = 0; 987 i = 0;
982 xt_info_wrlock(cpu); 988 xt_info_wrlock(cpu);
983 IP6T_ENTRY_ITERATE(t->entries[cpu], 989 xt_entry_foreach(iter, t->entries[cpu], t->size)
984 t->size, 990 if (add_entry_to_counter(iter, counters, &i) != 0)
985 add_entry_to_counter, 991 break;
986 counters,
987 &i);
988 xt_info_wrunlock(cpu); 992 xt_info_wrunlock(cpu);
989 } 993 }
990 local_bh_enable(); 994 local_bh_enable();
@@ -1142,7 +1146,9 @@ static int compat_calc_entry(const struct ip6t_entry *e,
1142static int compat_table_info(const struct xt_table_info *info, 1146static int compat_table_info(const struct xt_table_info *info,
1143 struct xt_table_info *newinfo) 1147 struct xt_table_info *newinfo)
1144{ 1148{
1149 struct ip6t_entry *iter;
1145 void *loc_cpu_entry; 1150 void *loc_cpu_entry;
1151 int ret = 0;
1146 1152
1147 if (!newinfo || !info) 1153 if (!newinfo || !info)
1148 return -EINVAL; 1154 return -EINVAL;
@@ -1151,9 +1157,12 @@ static int compat_table_info(const struct xt_table_info *info,
1151 memcpy(newinfo, info, offsetof(struct xt_table_info, entries)); 1157 memcpy(newinfo, info, offsetof(struct xt_table_info, entries));
1152 newinfo->initial_entries = 0; 1158 newinfo->initial_entries = 0;
1153 loc_cpu_entry = info->entries[raw_smp_processor_id()]; 1159 loc_cpu_entry = info->entries[raw_smp_processor_id()];
1154 return IP6T_ENTRY_ITERATE(loc_cpu_entry, info->size, 1160 xt_entry_foreach(iter, loc_cpu_entry, info->size) {
1155 compat_calc_entry, info, loc_cpu_entry, 1161 ret = compat_calc_entry(iter, info, loc_cpu_entry, newinfo);
1156 newinfo); 1162 if (ret != 0)
1163 break;
1164 }
1165 return ret;
1157} 1166}
1158#endif 1167#endif
1159 1168
@@ -1267,6 +1276,7 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks,
1267 struct xt_table_info *oldinfo; 1276 struct xt_table_info *oldinfo;
1268 struct xt_counters *counters; 1277 struct xt_counters *counters;
1269 const void *loc_cpu_old_entry; 1278 const void *loc_cpu_old_entry;
1279 struct ip6t_entry *iter;
1270 1280
1271 ret = 0; 1281 ret = 0;
1272 counters = vmalloc_node(num_counters * sizeof(struct xt_counters), 1282 counters = vmalloc_node(num_counters * sizeof(struct xt_counters),
@@ -1310,8 +1320,10 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks,
1310 1320
1311 /* Decrease module usage counts and free resource */ 1321 /* Decrease module usage counts and free resource */
1312 loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()]; 1322 loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()];
1313 IP6T_ENTRY_ITERATE(loc_cpu_old_entry, oldinfo->size, cleanup_entry, 1323 xt_entry_foreach(iter, loc_cpu_old_entry, oldinfo->size)
1314 net, NULL); 1324 if (cleanup_entry(iter, net, NULL) != 0)
1325 break;
1326
1315 xt_free_table_info(oldinfo); 1327 xt_free_table_info(oldinfo);
1316 if (copy_to_user(counters_ptr, counters, 1328 if (copy_to_user(counters_ptr, counters,
1317 sizeof(struct xt_counters) * num_counters) != 0) 1329 sizeof(struct xt_counters) * num_counters) != 0)
@@ -1336,6 +1348,7 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
1336 struct ip6t_replace tmp; 1348 struct ip6t_replace tmp;
1337 struct xt_table_info *newinfo; 1349 struct xt_table_info *newinfo;
1338 void *loc_cpu_entry; 1350 void *loc_cpu_entry;
1351 struct ip6t_entry *iter;
1339 1352
1340 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) 1353 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
1341 return -EFAULT; 1354 return -EFAULT;
@@ -1371,7 +1384,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
1371 return 0; 1384 return 0;
1372 1385
1373 free_newinfo_untrans: 1386 free_newinfo_untrans:
1374 IP6T_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, net, NULL); 1387 xt_entry_foreach(iter, loc_cpu_entry, newinfo->size)
1388 if (cleanup_entry(iter, net, NULL) != 0)
1389 break;
1375 free_newinfo: 1390 free_newinfo:
1376 xt_free_table_info(newinfo); 1391 xt_free_table_info(newinfo);
1377 return ret; 1392 return ret;
@@ -1405,6 +1420,7 @@ do_add_counters(struct net *net, const void __user *user, unsigned int len,
1405 const struct xt_table_info *private; 1420 const struct xt_table_info *private;
1406 int ret = 0; 1421 int ret = 0;
1407 const void *loc_cpu_entry; 1422 const void *loc_cpu_entry;
1423 struct ip6t_entry *iter;
1408#ifdef CONFIG_COMPAT 1424#ifdef CONFIG_COMPAT
1409 struct compat_xt_counters_info compat_tmp; 1425 struct compat_xt_counters_info compat_tmp;
1410 1426
@@ -1463,11 +1479,9 @@ do_add_counters(struct net *net, const void __user *user, unsigned int len,
1463 curcpu = smp_processor_id(); 1479 curcpu = smp_processor_id();
1464 xt_info_wrlock(curcpu); 1480 xt_info_wrlock(curcpu);
1465 loc_cpu_entry = private->entries[curcpu]; 1481 loc_cpu_entry = private->entries[curcpu];
1466 IP6T_ENTRY_ITERATE(loc_cpu_entry, 1482 xt_entry_foreach(iter, loc_cpu_entry, private->size)
1467 private->size, 1483 if (add_counter_to_entry(iter, paddc, &i) != 0)
1468 add_counter_to_entry, 1484 break;
1469 paddc,
1470 &i);
1471 xt_info_wrunlock(curcpu); 1485 xt_info_wrunlock(curcpu);
1472 1486
1473 unlock_up_free: 1487 unlock_up_free:
@@ -1753,8 +1767,10 @@ translate_compat_table(struct net *net,
1753 unsigned int i, j; 1767 unsigned int i, j;
1754 struct xt_table_info *newinfo, *info; 1768 struct xt_table_info *newinfo, *info;
1755 void *pos, *entry0, *entry1; 1769 void *pos, *entry0, *entry1;
1770 struct compat_ip6t_entry *iter0;
1771 struct ip6t_entry *iter1;
1756 unsigned int size; 1772 unsigned int size;
1757 int ret; 1773 int ret = 0;
1758 1774
1759 info = *pinfo; 1775 info = *pinfo;
1760 entry0 = *pentry0; 1776 entry0 = *pentry0;
@@ -1771,11 +1787,13 @@ translate_compat_table(struct net *net,
1771 j = 0; 1787 j = 0;
1772 xt_compat_lock(AF_INET6); 1788 xt_compat_lock(AF_INET6);
1773 /* Walk through entries, checking offsets. */ 1789 /* Walk through entries, checking offsets. */
1774 ret = COMPAT_IP6T_ENTRY_ITERATE(entry0, total_size, 1790 xt_entry_foreach(iter0, entry0, total_size) {
1775 check_compat_entry_size_and_hooks, 1791 ret = check_compat_entry_size_and_hooks(iter0, info, &size,
1776 info, &size, entry0, 1792 entry0, entry0 + total_size, hook_entries, underflows,
1777 entry0 + total_size, 1793 &j, name);
1778 hook_entries, underflows, &j, name); 1794 if (ret != 0)
1795 break;
1796 }
1779 if (ret != 0) 1797 if (ret != 0)
1780 goto out_unlock; 1798 goto out_unlock;
1781 1799
@@ -1816,9 +1834,12 @@ translate_compat_table(struct net *net,
1816 entry1 = newinfo->entries[raw_smp_processor_id()]; 1834 entry1 = newinfo->entries[raw_smp_processor_id()];
1817 pos = entry1; 1835 pos = entry1;
1818 size = total_size; 1836 size = total_size;
1819 ret = COMPAT_IP6T_ENTRY_ITERATE(entry0, total_size, 1837 xt_entry_foreach(iter0, entry0, total_size) {
1820 compat_copy_entry_from_user, 1838 ret = compat_copy_entry_from_user(iter0, &pos,
1821 &pos, &size, name, newinfo, entry1); 1839 &size, name, newinfo, entry1);
1840 if (ret != 0)
1841 break;
1842 }
1822 xt_compat_flush_offsets(AF_INET6); 1843 xt_compat_flush_offsets(AF_INET6);
1823 xt_compat_unlock(AF_INET6); 1844 xt_compat_unlock(AF_INET6);
1824 if (ret) 1845 if (ret)
@@ -1829,13 +1850,28 @@ translate_compat_table(struct net *net,
1829 goto free_newinfo; 1850 goto free_newinfo;
1830 1851
1831 i = 0; 1852 i = 0;
1832 ret = IP6T_ENTRY_ITERATE(entry1, newinfo->size, compat_check_entry, 1853 xt_entry_foreach(iter1, entry1, newinfo->size) {
1833 net, name, &i); 1854 ret = compat_check_entry(iter1, net, name, &i);
1855 if (ret != 0)
1856 break;
1857 }
1834 if (ret) { 1858 if (ret) {
1859 /*
1860 * The first i matches need cleanup_entry (calls ->destroy)
1861 * because they had called ->check already. The other j-i
1862 * entries need only release.
1863 */
1864 int skip = i;
1835 j -= i; 1865 j -= i;
1836 COMPAT_IP6T_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i, 1866 xt_entry_foreach(iter0, entry0, newinfo->size) {
1837 compat_release_entry, &j); 1867 if (skip-- > 0)
1838 IP6T_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, net, &i); 1868 continue;
1869 if (compat_release_entry(iter0, &j) != 0)
1870 break;
1871 }
1872 xt_entry_foreach(iter1, entry1, newinfo->size)
1873 if (cleanup_entry(iter1, net, &i) != 0)
1874 break;
1839 xt_free_table_info(newinfo); 1875 xt_free_table_info(newinfo);
1840 return ret; 1876 return ret;
1841 } 1877 }
@@ -1853,7 +1889,9 @@ translate_compat_table(struct net *net,
1853free_newinfo: 1889free_newinfo:
1854 xt_free_table_info(newinfo); 1890 xt_free_table_info(newinfo);
1855out: 1891out:
1856 COMPAT_IP6T_ENTRY_ITERATE(entry0, total_size, compat_release_entry, &j); 1892 xt_entry_foreach(iter0, entry0, total_size)
1893 if (compat_release_entry(iter0, &j) != 0)
1894 break;
1857 return ret; 1895 return ret;
1858out_unlock: 1896out_unlock:
1859 xt_compat_flush_offsets(AF_INET6); 1897 xt_compat_flush_offsets(AF_INET6);
@@ -1868,6 +1906,7 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len)
1868 struct compat_ip6t_replace tmp; 1906 struct compat_ip6t_replace tmp;
1869 struct xt_table_info *newinfo; 1907 struct xt_table_info *newinfo;
1870 void *loc_cpu_entry; 1908 void *loc_cpu_entry;
1909 struct ip6t_entry *iter;
1871 1910
1872 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) 1911 if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
1873 return -EFAULT; 1912 return -EFAULT;
@@ -1906,7 +1945,9 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len)
1906 return 0; 1945 return 0;
1907 1946
1908 free_newinfo_untrans: 1947 free_newinfo_untrans:
1909 IP6T_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, net, NULL); 1948 xt_entry_foreach(iter, loc_cpu_entry, newinfo->size)
1949 if (cleanup_entry(iter, net, NULL) != 0)
1950 break;
1910 free_newinfo: 1951 free_newinfo:
1911 xt_free_table_info(newinfo); 1952 xt_free_table_info(newinfo);
1912 return ret; 1953 return ret;
@@ -1955,6 +1996,7 @@ compat_copy_entries_to_user(unsigned int total_size, struct xt_table *table,
1955 int ret = 0; 1996 int ret = 0;
1956 const void *loc_cpu_entry; 1997 const void *loc_cpu_entry;
1957 unsigned int i = 0; 1998 unsigned int i = 0;
1999 struct ip6t_entry *iter;
1958 2000
1959 counters = alloc_counters(table); 2001 counters = alloc_counters(table);
1960 if (IS_ERR(counters)) 2002 if (IS_ERR(counters))
@@ -1967,9 +2009,12 @@ compat_copy_entries_to_user(unsigned int total_size, struct xt_table *table,
1967 loc_cpu_entry = private->entries[raw_smp_processor_id()]; 2009 loc_cpu_entry = private->entries[raw_smp_processor_id()];
1968 pos = userptr; 2010 pos = userptr;
1969 size = total_size; 2011 size = total_size;
1970 ret = IP6T_ENTRY_ITERATE(loc_cpu_entry, total_size, 2012 xt_entry_foreach(iter, loc_cpu_entry, total_size) {
1971 compat_copy_entry_to_user, 2013 ret = compat_copy_entry_to_user(iter, &pos,
1972 &pos, &size, counters, &i); 2014 &size, counters, &i);
2015 if (ret != 0)
2016 break;
2017 }
1973 2018
1974 vfree(counters); 2019 vfree(counters);
1975 return ret; 2020 return ret;
@@ -2169,12 +2214,15 @@ void ip6t_unregister_table(struct net *net, struct xt_table *table)
2169 struct xt_table_info *private; 2214 struct xt_table_info *private;
2170 void *loc_cpu_entry; 2215 void *loc_cpu_entry;
2171 struct module *table_owner = table->me; 2216 struct module *table_owner = table->me;
2217 struct ip6t_entry *iter;
2172 2218
2173 private = xt_unregister_table(table); 2219 private = xt_unregister_table(table);
2174 2220
2175 /* Decrease module usage counts and free resources */ 2221 /* Decrease module usage counts and free resources */
2176 loc_cpu_entry = private->entries[raw_smp_processor_id()]; 2222 loc_cpu_entry = private->entries[raw_smp_processor_id()];
2177 IP6T_ENTRY_ITERATE(loc_cpu_entry, private->size, cleanup_entry, net, NULL); 2223 xt_entry_foreach(iter, loc_cpu_entry, private->size)
2224 if (cleanup_entry(iter, net, NULL) != 0)
2225 break;
2178 if (private->number > private->initial_entries) 2226 if (private->number > private->initial_entries)
2179 module_put(table_owner); 2227 module_put(table_owner);
2180 xt_free_table_info(private); 2228 xt_free_table_info(private);
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-28 16:07:09 -0500