diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2010-02-24 12:34:48 -0500 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-02-24 12:34:48 -0500 |
| commit | dcea992aca82cb08b4674c4c783e325835408d1e (patch) | |
| tree | b3490bbbf49931f1405a7ebeb2f2f9d2b136cd9a /net/ipv6 | |
| parent | 0559518b5b99c591226460c0bbf8e6a570c518a8 (diff) | |
netfilter: xtables: replace XT_MATCH_ITERATE macro
The macro is replaced by a list.h-like foreach loop. This makes
the code more inspectable.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 78 |
1 files changed, 61 insertions, 17 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index b7e27c19c7ab..1537e6bad5d9 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -393,16 +393,21 @@ ip6t_do_table(struct sk_buff *skb, | |||
| 393 | 393 | ||
| 394 | do { | 394 | do { |
| 395 | const struct ip6t_entry_target *t; | 395 | const struct ip6t_entry_target *t; |
| 396 | const struct xt_entry_match *ematch; | ||
| 396 | 397 | ||
| 397 | IP_NF_ASSERT(e); | 398 | IP_NF_ASSERT(e); |
| 398 | IP_NF_ASSERT(back); | 399 | IP_NF_ASSERT(back); |
| 399 | if (!ip6_packet_match(skb, indev, outdev, &e->ipv6, | 400 | if (!ip6_packet_match(skb, indev, outdev, &e->ipv6, |
| 400 | &mtpar.thoff, &mtpar.fragoff, &hotdrop) || | 401 | &mtpar.thoff, &mtpar.fragoff, &hotdrop)) { |
| 401 | IP6T_MATCH_ITERATE(e, do_match, skb, &mtpar) != 0) { | 402 | no_match: |
| 402 | e = ip6t_next_entry(e); | 403 | e = ip6t_next_entry(e); |
| 403 | continue; | 404 | continue; |
| 404 | } | 405 | } |
| 405 | 406 | ||
| 407 | xt_ematch_foreach(ematch, e) | ||
| 408 | if (do_match(ematch, skb, &mtpar) != 0) | ||
| 409 | goto no_match; | ||
| 410 | |||
| 406 | ADD_COUNTER(e->counters, | 411 | ADD_COUNTER(e->counters, |
| 407 | ntohs(ipv6_hdr(skb)->payload_len) + | 412 | ntohs(ipv6_hdr(skb)->payload_len) + |
| 408 | sizeof(struct ipv6hdr), 1); | 413 | sizeof(struct ipv6hdr), 1); |
| @@ -717,6 +722,7 @@ find_check_entry(struct ip6t_entry *e, struct net *net, const char *name, | |||
| 717 | int ret; | 722 | int ret; |
| 718 | unsigned int j; | 723 | unsigned int j; |
| 719 | struct xt_mtchk_param mtpar; | 724 | struct xt_mtchk_param mtpar; |
| 725 | struct xt_entry_match *ematch; | ||
| 720 | 726 | ||
| 721 | ret = check_entry(e, name); | 727 | ret = check_entry(e, name); |
| 722 | if (ret) | 728 | if (ret) |
| @@ -728,7 +734,11 @@ find_check_entry(struct ip6t_entry *e, struct net *net, const char *name, | |||
| 728 | mtpar.entryinfo = &e->ipv6; | 734 | mtpar.entryinfo = &e->ipv6; |
| 729 | mtpar.hook_mask = e->comefrom; | 735 | mtpar.hook_mask = e->comefrom; |
| 730 | mtpar.family = NFPROTO_IPV6; | 736 | mtpar.family = NFPROTO_IPV6; |
| 731 | ret = IP6T_MATCH_ITERATE(e, find_check_match, &mtpar, &j); | 737 | xt_ematch_foreach(ematch, e) { |
| 738 | ret = find_check_match(ematch, &mtpar, &j); | ||
| 739 | if (ret != 0) | ||
| 740 | break; | ||
| 741 | } | ||
| 732 | if (ret != 0) | 742 | if (ret != 0) |
| 733 | goto cleanup_matches; | 743 | goto cleanup_matches; |
| 734 | 744 | ||
| @@ -751,7 +761,9 @@ find_check_entry(struct ip6t_entry *e, struct net *net, const char *name, | |||
| 751 | err: | 761 | err: |
| 752 | module_put(t->u.kernel.target->me); | 762 | module_put(t->u.kernel.target->me); |
| 753 | cleanup_matches: | 763 | cleanup_matches: |
| 754 | IP6T_MATCH_ITERATE(e, cleanup_match, net, &j); | 764 | xt_ematch_foreach(ematch, e) |
| 765 | if (cleanup_match(ematch, net, &j) != 0) | ||
| 766 | break; | ||
| 755 | return ret; | 767 | return ret; |
| 756 | } | 768 | } |
| 757 | 769 | ||
| @@ -821,9 +833,12 @@ static void cleanup_entry(struct ip6t_entry *e, struct net *net) | |||
| 821 | { | 833 | { |
| 822 | struct xt_tgdtor_param par; | 834 | struct xt_tgdtor_param par; |
| 823 | struct ip6t_entry_target *t; | 835 | struct ip6t_entry_target *t; |
| 836 | struct xt_entry_match *ematch; | ||
| 824 | 837 | ||
| 825 | /* Cleanup all matches */ | 838 | /* Cleanup all matches */ |
| 826 | IP6T_MATCH_ITERATE(e, cleanup_match, net, NULL); | 839 | xt_ematch_foreach(ematch, e) |
| 840 | if (cleanup_match(ematch, net, NULL) != 0) | ||
| 841 | break; | ||
| 827 | t = ip6t_get_target(e); | 842 | t = ip6t_get_target(e); |
| 828 | 843 | ||
| 829 | par.net = net; | 844 | par.net = net; |
| @@ -1090,13 +1105,16 @@ static int compat_calc_entry(const struct ip6t_entry *e, | |||
| 1090 | const struct xt_table_info *info, | 1105 | const struct xt_table_info *info, |
| 1091 | const void *base, struct xt_table_info *newinfo) | 1106 | const void *base, struct xt_table_info *newinfo) |
| 1092 | { | 1107 | { |
| 1108 | const struct xt_entry_match *ematch; | ||
| 1093 | const struct ip6t_entry_target *t; | 1109 | const struct ip6t_entry_target *t; |
| 1094 | unsigned int entry_offset; | 1110 | unsigned int entry_offset; |
| 1095 | int off, i, ret; | 1111 | int off, i, ret; |
| 1096 | 1112 | ||
| 1097 | off = sizeof(struct ip6t_entry) - sizeof(struct compat_ip6t_entry); | 1113 | off = sizeof(struct ip6t_entry) - sizeof(struct compat_ip6t_entry); |
| 1098 | entry_offset = (void *)e - base; | 1114 | entry_offset = (void *)e - base; |
| 1099 | IP6T_MATCH_ITERATE(e, compat_calc_match, &off); | 1115 | xt_ematch_foreach(ematch, e) |
| 1116 | if (compat_calc_match(ematch, &off) != 0) | ||
| 1117 | break; | ||
| 1100 | t = ip6t_get_target_c(e); | 1118 | t = ip6t_get_target_c(e); |
| 1101 | off += xt_compat_target_offset(t->u.kernel.target); | 1119 | off += xt_compat_target_offset(t->u.kernel.target); |
| 1102 | newinfo->size -= off; | 1120 | newinfo->size -= off; |
| @@ -1474,7 +1492,8 @@ compat_copy_entry_to_user(struct ip6t_entry *e, void __user **dstptr, | |||
| 1474 | struct compat_ip6t_entry __user *ce; | 1492 | struct compat_ip6t_entry __user *ce; |
| 1475 | u_int16_t target_offset, next_offset; | 1493 | u_int16_t target_offset, next_offset; |
| 1476 | compat_uint_t origsize; | 1494 | compat_uint_t origsize; |
| 1477 | int ret; | 1495 | const struct xt_entry_match *ematch; |
| 1496 | int ret = 0; | ||
| 1478 | 1497 | ||
| 1479 | origsize = *size; | 1498 | origsize = *size; |
| 1480 | ce = (struct compat_ip6t_entry __user *)*dstptr; | 1499 | ce = (struct compat_ip6t_entry __user *)*dstptr; |
| @@ -1486,7 +1505,11 @@ compat_copy_entry_to_user(struct ip6t_entry *e, void __user **dstptr, | |||
| 1486 | *dstptr += sizeof(struct compat_ip6t_entry); | 1505 | *dstptr += sizeof(struct compat_ip6t_entry); |
| 1487 | *size -= sizeof(struct ip6t_entry) - sizeof(struct compat_ip6t_entry); | 1506 | *size -= sizeof(struct ip6t_entry) - sizeof(struct compat_ip6t_entry); |
| 1488 | 1507 | ||
| 1489 | ret = IP6T_MATCH_ITERATE(e, xt_compat_match_to_user, dstptr, size); | 1508 | xt_ematch_foreach(ematch, e) { |
| 1509 | ret = xt_compat_match_to_user(ematch, dstptr, size); | ||
| 1510 | if (ret != 0) | ||
| 1511 | break; | ||
| 1512 | } | ||
| 1490 | target_offset = e->target_offset - (origsize - *size); | 1513 | target_offset = e->target_offset - (origsize - *size); |
| 1491 | if (ret) | 1514 | if (ret) |
| 1492 | return ret; | 1515 | return ret; |
| @@ -1538,9 +1561,12 @@ compat_release_match(struct ip6t_entry_match *m, unsigned int *i) | |||
| 1538 | static void compat_release_entry(struct compat_ip6t_entry *e) | 1561 | static void compat_release_entry(struct compat_ip6t_entry *e) |
| 1539 | { | 1562 | { |
| 1540 | struct ip6t_entry_target *t; | 1563 | struct ip6t_entry_target *t; |
| 1564 | struct xt_entry_match *ematch; | ||
| 1541 | 1565 | ||
| 1542 | /* Cleanup all matches */ | 1566 | /* Cleanup all matches */ |
| 1543 | COMPAT_IP6T_MATCH_ITERATE(e, compat_release_match, NULL); | 1567 | xt_ematch_foreach(ematch, e) |
| 1568 | if (compat_release_match(ematch, NULL) != 0) | ||
| 1569 | break; | ||
| 1544 | t = compat_ip6t_get_target(e); | 1570 | t = compat_ip6t_get_target(e); |
| 1545 | module_put(t->u.kernel.target->me); | 1571 | module_put(t->u.kernel.target->me); |
| 1546 | } | 1572 | } |
| @@ -1555,6 +1581,7 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e, | |||
| 1555 | const unsigned int *underflows, | 1581 | const unsigned int *underflows, |
| 1556 | const char *name) | 1582 | const char *name) |
| 1557 | { | 1583 | { |
| 1584 | struct xt_entry_match *ematch; | ||
| 1558 | struct ip6t_entry_target *t; | 1585 | struct ip6t_entry_target *t; |
| 1559 | struct xt_target *target; | 1586 | struct xt_target *target; |
| 1560 | unsigned int entry_offset; | 1587 | unsigned int entry_offset; |
| @@ -1583,8 +1610,12 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e, | |||
| 1583 | off = sizeof(struct ip6t_entry) - sizeof(struct compat_ip6t_entry); | 1610 | off = sizeof(struct ip6t_entry) - sizeof(struct compat_ip6t_entry); |
| 1584 | entry_offset = (void *)e - (void *)base; | 1611 | entry_offset = (void *)e - (void *)base; |
| 1585 | j = 0; | 1612 | j = 0; |
| 1586 | ret = COMPAT_IP6T_MATCH_ITERATE(e, compat_find_calc_match, name, | 1613 | xt_ematch_foreach(ematch, e) { |
| 1587 | &e->ipv6, e->comefrom, &off, &j); | 1614 | ret = compat_find_calc_match(ematch, name, |
| 1615 | &e->ipv6, e->comefrom, &off, &j); | ||
| 1616 | if (ret != 0) | ||
| 1617 | break; | ||
| 1618 | } | ||
| 1588 | if (ret != 0) | 1619 | if (ret != 0) |
| 1589 | goto release_matches; | 1620 | goto release_matches; |
| 1590 | 1621 | ||
| @@ -1623,7 +1654,9 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e, | |||
| 1623 | out: | 1654 | out: |
| 1624 | module_put(t->u.kernel.target->me); | 1655 | module_put(t->u.kernel.target->me); |
| 1625 | release_matches: | 1656 | release_matches: |
| 1626 | IP6T_MATCH_ITERATE(e, compat_release_match, &j); | 1657 | xt_ematch_foreach(ematch, e) |
| 1658 | if (compat_release_match(ematch, &j) != 0) | ||
| 1659 | break; | ||
| 1627 | return ret; | 1660 | return ret; |
| 1628 | } | 1661 | } |
| 1629 | 1662 | ||
| @@ -1637,6 +1670,7 @@ compat_copy_entry_from_user(struct compat_ip6t_entry *e, void **dstptr, | |||
| 1637 | struct ip6t_entry *de; | 1670 | struct ip6t_entry *de; |
| 1638 | unsigned int origsize; | 1671 | unsigned int origsize; |
| 1639 | int ret, h; | 1672 | int ret, h; |
| 1673 | struct xt_entry_match *ematch; | ||
| 1640 | 1674 | ||
| 1641 | ret = 0; | 1675 | ret = 0; |
| 1642 | origsize = *size; | 1676 | origsize = *size; |
| @@ -1647,8 +1681,11 @@ compat_copy_entry_from_user(struct compat_ip6t_entry *e, void **dstptr, | |||
| 1647 | *dstptr += sizeof(struct ip6t_entry); | 1681 | *dstptr += sizeof(struct ip6t_entry); |
| 1648 | *size += sizeof(struct ip6t_entry) - sizeof(struct compat_ip6t_entry); | 1682 | *size += sizeof(struct ip6t_entry) - sizeof(struct compat_ip6t_entry); |
| 1649 | 1683 | ||
| 1650 | ret = COMPAT_IP6T_MATCH_ITERATE(e, xt_compat_match_from_user, | 1684 | xt_ematch_foreach(ematch, e) { |
| 1651 | dstptr, size); | 1685 | ret = xt_compat_match_from_user(ematch, dstptr, size); |
| 1686 | if (ret != 0) | ||
| 1687 | break; | ||
| 1688 | } | ||
| 1652 | if (ret) | 1689 | if (ret) |
| 1653 | return ret; | 1690 | return ret; |
| 1654 | de->target_offset = e->target_offset - (origsize - *size); | 1691 | de->target_offset = e->target_offset - (origsize - *size); |
| @@ -1670,8 +1707,9 @@ static int compat_check_entry(struct ip6t_entry *e, struct net *net, | |||
| 1670 | const char *name) | 1707 | const char *name) |
| 1671 | { | 1708 | { |
| 1672 | unsigned int j; | 1709 | unsigned int j; |
| 1673 | int ret; | 1710 | int ret = 0; |
| 1674 | struct xt_mtchk_param mtpar; | 1711 | struct xt_mtchk_param mtpar; |
| 1712 | struct xt_entry_match *ematch; | ||
| 1675 | 1713 | ||
| 1676 | j = 0; | 1714 | j = 0; |
| 1677 | mtpar.net = net; | 1715 | mtpar.net = net; |
| @@ -1679,7 +1717,11 @@ static int compat_check_entry(struct ip6t_entry *e, struct net *net, | |||
| 1679 | mtpar.entryinfo = &e->ipv6; | 1717 | mtpar.entryinfo = &e->ipv6; |
| 1680 | mtpar.hook_mask = e->comefrom; | 1718 | mtpar.hook_mask = e->comefrom; |
| 1681 | mtpar.family = NFPROTO_IPV6; | 1719 | mtpar.family = NFPROTO_IPV6; |
| 1682 | ret = IP6T_MATCH_ITERATE(e, check_match, &mtpar, &j); | 1720 | xt_ematch_foreach(ematch, e) { |
| 1721 | ret = check_match(ematch, &mtpar, &j); | ||
| 1722 | if (ret != 0) | ||
| 1723 | break; | ||
| 1724 | } | ||
| 1683 | if (ret) | 1725 | if (ret) |
| 1684 | goto cleanup_matches; | 1726 | goto cleanup_matches; |
| 1685 | 1727 | ||
| @@ -1689,7 +1731,9 @@ static int compat_check_entry(struct ip6t_entry *e, struct net *net, | |||
| 1689 | return 0; | 1731 | return 0; |
| 1690 | 1732 | ||
| 1691 | cleanup_matches: | 1733 | cleanup_matches: |
| 1692 | IP6T_MATCH_ITERATE(e, cleanup_match, net, &j); | 1734 | xt_ematch_foreach(ematch, e) |
| 1735 | if (cleanup_match(ematch, net, &j) != 0) | ||
| 1736 | break; | ||
| 1693 | return ret; | 1737 | return ret; |
| 1694 | } | 1738 | } |
| 1695 | 1739 | ||