aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2010-02-24 12:36:04 -0500
committerPatrick McHardy <kaber@trash.net>2010-02-24 12:36:04 -0500
commit0f234214d15fa914436d304ecf5c3e43449e79f9 (patch)
treee31b2fd40b14530c5b49413070495eabd082eb1f /net/ipv6
parent6bdb331bc6910d1ccb74dc9852fc858c5916c927 (diff)
netfilter: xtables: reduce arguments to translate_table
Just pass in the entire repl struct. In case of a new table (e.g. ip6t_register_table), the repldata has been previously filled with table->name and table->size already (in ip6t_alloc_initial_table). Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/netfilter/ip6_tables.c42
1 files changed, 15 insertions, 27 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index c5a963e4b545..f7042869198e 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -845,22 +845,15 @@ static void cleanup_entry(struct ip6t_entry *e, struct net *net)
845/* Checks and translates the user-supplied table segment (held in 845/* Checks and translates the user-supplied table segment (held in
846 newinfo) */ 846 newinfo) */
847static int 847static int
848translate_table(struct net *net, 848translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0,
849 const char *name, 849 const struct ip6t_replace *repl)
850 unsigned int valid_hooks,
851 struct xt_table_info *newinfo,
852 void *entry0,
853 unsigned int size,
854 unsigned int number,
855 const unsigned int *hook_entries,
856 const unsigned int *underflows)
857{ 850{
858 struct ip6t_entry *iter; 851 struct ip6t_entry *iter;
859 unsigned int i; 852 unsigned int i;
860 int ret = 0; 853 int ret = 0;
861 854
862 newinfo->size = size; 855 newinfo->size = repl->size;
863 newinfo->number = number; 856 newinfo->number = repl->num_entries;
864 857
865 /* Init all hooks to impossible value. */ 858 /* Init all hooks to impossible value. */
866 for (i = 0; i < NF_INET_NUMHOOKS; i++) { 859 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
@@ -873,42 +866,43 @@ translate_table(struct net *net,
873 /* Walk through entries, checking offsets. */ 866 /* Walk through entries, checking offsets. */
874 xt_entry_foreach(iter, entry0, newinfo->size) { 867 xt_entry_foreach(iter, entry0, newinfo->size) {
875 ret = check_entry_size_and_hooks(iter, newinfo, entry0, 868 ret = check_entry_size_and_hooks(iter, newinfo, entry0,
876 entry0 + size, hook_entries, underflows, valid_hooks); 869 entry0 + repl->size, repl->hook_entry, repl->underflow,
870 repl->valid_hooks);
877 if (ret != 0) 871 if (ret != 0)
878 return ret; 872 return ret;
879 ++i; 873 ++i;
880 } 874 }
881 875
882 if (i != number) { 876 if (i != repl->num_entries) {
883 duprintf("translate_table: %u not %u entries\n", 877 duprintf("translate_table: %u not %u entries\n",
884 i, number); 878 i, repl->num_entries);
885 return -EINVAL; 879 return -EINVAL;
886 } 880 }
887 881
888 /* Check hooks all assigned */ 882 /* Check hooks all assigned */
889 for (i = 0; i < NF_INET_NUMHOOKS; i++) { 883 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
890 /* Only hooks which are valid */ 884 /* Only hooks which are valid */
891 if (!(valid_hooks & (1 << i))) 885 if (!(repl->valid_hooks & (1 << i)))
892 continue; 886 continue;
893 if (newinfo->hook_entry[i] == 0xFFFFFFFF) { 887 if (newinfo->hook_entry[i] == 0xFFFFFFFF) {
894 duprintf("Invalid hook entry %u %u\n", 888 duprintf("Invalid hook entry %u %u\n",
895 i, hook_entries[i]); 889 i, repl->hook_entry[i]);
896 return -EINVAL; 890 return -EINVAL;
897 } 891 }
898 if (newinfo->underflow[i] == 0xFFFFFFFF) { 892 if (newinfo->underflow[i] == 0xFFFFFFFF) {
899 duprintf("Invalid underflow %u %u\n", 893 duprintf("Invalid underflow %u %u\n",
900 i, underflows[i]); 894 i, repl->underflow[i]);
901 return -EINVAL; 895 return -EINVAL;
902 } 896 }
903 } 897 }
904 898
905 if (!mark_source_chains(newinfo, valid_hooks, entry0)) 899 if (!mark_source_chains(newinfo, repl->valid_hooks, entry0))
906 return -ELOOP; 900 return -ELOOP;
907 901
908 /* Finally, each sanity check must pass */ 902 /* Finally, each sanity check must pass */
909 i = 0; 903 i = 0;
910 xt_entry_foreach(iter, entry0, newinfo->size) { 904 xt_entry_foreach(iter, entry0, newinfo->size) {
911 ret = find_check_entry(iter, net, name, size); 905 ret = find_check_entry(iter, net, repl->name, repl->size);
912 if (ret != 0) 906 if (ret != 0)
913 break; 907 break;
914 ++i; 908 ++i;
@@ -1342,9 +1336,7 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
1342 goto free_newinfo; 1336 goto free_newinfo;
1343 } 1337 }
1344 1338
1345 ret = translate_table(net, tmp.name, tmp.valid_hooks, 1339 ret = translate_table(net, newinfo, loc_cpu_entry, &tmp);
1346 newinfo, loc_cpu_entry, tmp.size, tmp.num_entries,
1347 tmp.hook_entry, tmp.underflow);
1348 if (ret != 0) 1340 if (ret != 0)
1349 goto free_newinfo; 1341 goto free_newinfo;
1350 1342
@@ -2145,11 +2137,7 @@ struct xt_table *ip6t_register_table(struct net *net,
2145 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; 2137 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
2146 memcpy(loc_cpu_entry, repl->entries, repl->size); 2138 memcpy(loc_cpu_entry, repl->entries, repl->size);
2147 2139
2148 ret = translate_table(net, table->name, table->valid_hooks, 2140 ret = translate_table(net, newinfo, loc_cpu_entry, repl);
2149 newinfo, loc_cpu_entry, repl->size,
2150 repl->num_entries,
2151 repl->hook_entry,
2152 repl->underflow);
2153 if (ret != 0) 2141 if (ret != 0)
2154 goto out_free; 2142 goto out_free;
2155 2143
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-29 18:32:12 -0500