diff options
author | Patrick McHardy <kaber@trash.net> | 2007-12-18 00:52:00 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-28 17:58:39 -0500 |
commit | 9c54795950d198e77144a18c94e7ed52ea0f3c77 (patch) | |
tree | 106595d0f391857ddcbaf6061481f83ea82237fc /net/ipv6 | |
parent | 1fe5723773656a8ee7a981caf7fee9adb0ac6259 (diff) |
[NETFILTER]: {ip,ip6}_tables: reformat to eliminate differences
Reformat ip_tables.c and ip6_tables.c in order to eliminate non-functional
differences and minimize diff output.
This allows to get a view of the real differences using:
sed -e 's/IP6T/IPT/g' \
-e 's/IP6/IP/g' \
-e 's/INET6/INET/g' \
-e 's/ip6t/ipt/g' \
-e 's/ip6/ip/g' \
-e 's/ipv6/ip/g' \
-e 's/icmp6/icmp/g' \
net/ipv6/netfilter/ip6_tables.c | \
diff -wup /dev/stdin net/ipv4/netfilter/ip_tables.c
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 46 |
1 files changed, 23 insertions, 23 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index db0dc96be55c..0a2ec4b346fb 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -371,8 +371,8 @@ ip6t_do_table(struct sk_buff *skb, | |||
371 | * match it. */ | 371 | * match it. */ |
372 | 372 | ||
373 | read_lock_bh(&table->lock); | 373 | read_lock_bh(&table->lock); |
374 | private = table->private; | ||
375 | IP_NF_ASSERT(table->valid_hooks & (1 << hook)); | 374 | IP_NF_ASSERT(table->valid_hooks & (1 << hook)); |
375 | private = table->private; | ||
376 | table_base = (void *)private->entries[smp_processor_id()]; | 376 | table_base = (void *)private->entries[smp_processor_id()]; |
377 | e = get_entry(table_base, private->hook_entry[hook]); | 377 | e = get_entry(table_base, private->hook_entry[hook]); |
378 | 378 | ||
@@ -496,9 +496,7 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
496 | to 0 as we leave), and comefrom to save source hook bitmask */ | 496 | to 0 as we leave), and comefrom to save source hook bitmask */ |
497 | for (hook = 0; hook < NF_INET_NUMHOOKS; hook++) { | 497 | for (hook = 0; hook < NF_INET_NUMHOOKS; hook++) { |
498 | unsigned int pos = newinfo->hook_entry[hook]; | 498 | unsigned int pos = newinfo->hook_entry[hook]; |
499 | struct ip6t_entry *e | 499 | struct ip6t_entry *e = (struct ip6t_entry *)(entry0 + pos); |
500 | = (struct ip6t_entry *)(entry0 + pos); | ||
501 | int visited = e->comefrom & (1 << hook); | ||
502 | 500 | ||
503 | if (!(valid_hooks & (1 << hook))) | 501 | if (!(valid_hooks & (1 << hook))) |
504 | continue; | 502 | continue; |
@@ -509,14 +507,14 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
509 | for (;;) { | 507 | for (;;) { |
510 | struct ip6t_standard_target *t | 508 | struct ip6t_standard_target *t |
511 | = (void *)ip6t_get_target(e); | 509 | = (void *)ip6t_get_target(e); |
510 | int visited = e->comefrom & (1 << hook); | ||
512 | 511 | ||
513 | if (e->comefrom & (1 << NF_INET_NUMHOOKS)) { | 512 | if (e->comefrom & (1 << NF_INET_NUMHOOKS)) { |
514 | printk("iptables: loop hook %u pos %u %08X.\n", | 513 | printk("iptables: loop hook %u pos %u %08X.\n", |
515 | hook, pos, e->comefrom); | 514 | hook, pos, e->comefrom); |
516 | return 0; | 515 | return 0; |
517 | } | 516 | } |
518 | e->comefrom | 517 | e->comefrom |= ((1 << hook) | (1 << NF_INET_NUMHOOKS)); |
519 | |= ((1 << hook) | (1 << NF_INET_NUMHOOKS)); | ||
520 | 518 | ||
521 | /* Unconditional return/END. */ | 519 | /* Unconditional return/END. */ |
522 | if ((e->target_offset == sizeof(struct ip6t_entry) | 520 | if ((e->target_offset == sizeof(struct ip6t_entry) |
@@ -663,7 +661,7 @@ find_check_match(struct ip6t_entry_match *m, | |||
663 | int ret; | 661 | int ret; |
664 | 662 | ||
665 | match = try_then_request_module(xt_find_match(AF_INET6, m->u.user.name, | 663 | match = try_then_request_module(xt_find_match(AF_INET6, m->u.user.name, |
666 | m->u.user.revision), | 664 | m->u.user.revision), |
667 | "ip6t_%s", m->u.user.name); | 665 | "ip6t_%s", m->u.user.name); |
668 | if (IS_ERR(match) || !match) { | 666 | if (IS_ERR(match) || !match) { |
669 | duprintf("find_check_match: `%s' not found\n", m->u.user.name); | 667 | duprintf("find_check_match: `%s' not found\n", m->u.user.name); |
@@ -885,7 +883,7 @@ translate_table(const char *name, | |||
885 | memcpy(newinfo->entries[i], entry0, newinfo->size); | 883 | memcpy(newinfo->entries[i], entry0, newinfo->size); |
886 | } | 884 | } |
887 | 885 | ||
888 | return 0; | 886 | return ret; |
889 | } | 887 | } |
890 | 888 | ||
891 | /* Gets counters. */ | 889 | /* Gets counters. */ |
@@ -984,7 +982,10 @@ copy_entries_to_user(unsigned int total_size, | |||
984 | if (IS_ERR(counters)) | 982 | if (IS_ERR(counters)) |
985 | return PTR_ERR(counters); | 983 | return PTR_ERR(counters); |
986 | 984 | ||
987 | /* choose the copy that is on ourc node/cpu */ | 985 | /* choose the copy that is on our node/cpu, ... |
986 | * This choice is lazy (because current thread is | ||
987 | * allowed to migrate to another cpu) | ||
988 | */ | ||
988 | loc_cpu_entry = private->entries[raw_smp_processor_id()]; | 989 | loc_cpu_entry = private->entries[raw_smp_processor_id()]; |
989 | if (copy_to_user(userptr, loc_cpu_entry, total_size) != 0) { | 990 | if (copy_to_user(userptr, loc_cpu_entry, total_size) != 0) { |
990 | ret = -EFAULT; | 991 | ret = -EFAULT; |
@@ -1199,7 +1200,7 @@ get_entries(struct ip6t_get_entries __user *uptr, int *len) | |||
1199 | t, uptr->entrytable); | 1200 | t, uptr->entrytable); |
1200 | else { | 1201 | else { |
1201 | duprintf("get_entries: I've got %u not %u!\n", | 1202 | duprintf("get_entries: I've got %u not %u!\n", |
1202 | private->size, entries->size); | 1203 | private->size, get.size); |
1203 | ret = -EINVAL; | 1204 | ret = -EINVAL; |
1204 | } | 1205 | } |
1205 | module_put(t->me); | 1206 | module_put(t->me); |
@@ -1361,8 +1362,8 @@ do_add_counters(void __user *user, unsigned int len, int compat) | |||
1361 | char *name; | 1362 | char *name; |
1362 | int size; | 1363 | int size; |
1363 | void *ptmp; | 1364 | void *ptmp; |
1364 | struct xt_table_info *private; | ||
1365 | struct xt_table *t; | 1365 | struct xt_table *t; |
1366 | struct xt_table_info *private; | ||
1366 | int ret = 0; | 1367 | int ret = 0; |
1367 | void *loc_cpu_entry; | 1368 | void *loc_cpu_entry; |
1368 | #ifdef CONFIG_COMPAT | 1369 | #ifdef CONFIG_COMPAT |
@@ -1829,7 +1830,7 @@ compat_do_replace(void __user *user, unsigned int len) | |||
1829 | if (!newinfo) | 1830 | if (!newinfo) |
1830 | return -ENOMEM; | 1831 | return -ENOMEM; |
1831 | 1832 | ||
1832 | /* choose the copy that is our node/cpu */ | 1833 | /* choose the copy that is on our node/cpu */ |
1833 | loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; | 1834 | loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; |
1834 | if (copy_from_user(loc_cpu_entry, user + sizeof(tmp), | 1835 | if (copy_from_user(loc_cpu_entry, user + sizeof(tmp), |
1835 | tmp.size) != 0) { | 1836 | tmp.size) != 0) { |
@@ -1950,16 +1951,14 @@ compat_get_entries(struct compat_ip6t_get_entries __user *uptr, int *len) | |||
1950 | if (t && !IS_ERR(t)) { | 1951 | if (t && !IS_ERR(t)) { |
1951 | struct xt_table_info *private = t->private; | 1952 | struct xt_table_info *private = t->private; |
1952 | struct xt_table_info info; | 1953 | struct xt_table_info info; |
1953 | duprintf("t->private->number = %u\n", | 1954 | duprintf("t->private->number = %u\n", private->number); |
1954 | private->number); | ||
1955 | ret = compat_table_info(private, &info); | 1955 | ret = compat_table_info(private, &info); |
1956 | if (!ret && get.size == info.size) { | 1956 | if (!ret && get.size == info.size) { |
1957 | ret = compat_copy_entries_to_user(private->size, | 1957 | ret = compat_copy_entries_to_user(private->size, |
1958 | t, uptr->entrytable); | 1958 | t, uptr->entrytable); |
1959 | } else if (!ret) { | 1959 | } else if (!ret) { |
1960 | duprintf("compat_get_entries: I've got %u not %u!\n", | 1960 | duprintf("compat_get_entries: I've got %u not %u!\n", |
1961 | private->size, | 1961 | private->size, get.size); |
1962 | get.size); | ||
1963 | ret = -EINVAL; | 1962 | ret = -EINVAL; |
1964 | } | 1963 | } |
1965 | xt_compat_flush_offsets(AF_INET6); | 1964 | xt_compat_flush_offsets(AF_INET6); |
@@ -2072,8 +2071,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) | |||
2072 | return ret; | 2071 | return ret; |
2073 | } | 2072 | } |
2074 | 2073 | ||
2075 | int ip6t_register_table(struct xt_table *table, | 2074 | int ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl) |
2076 | const struct ip6t_replace *repl) | ||
2077 | { | 2075 | { |
2078 | int ret; | 2076 | int ret; |
2079 | struct xt_table_info *newinfo; | 2077 | struct xt_table_info *newinfo; |
@@ -2085,7 +2083,7 @@ int ip6t_register_table(struct xt_table *table, | |||
2085 | if (!newinfo) | 2083 | if (!newinfo) |
2086 | return -ENOMEM; | 2084 | return -ENOMEM; |
2087 | 2085 | ||
2088 | /* choose the copy on our node/cpu */ | 2086 | /* choose the copy on our node/cpu, but dont care about preemption */ |
2089 | loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; | 2087 | loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; |
2090 | memcpy(loc_cpu_entry, repl->entries, repl->size); | 2088 | memcpy(loc_cpu_entry, repl->entries, repl->size); |
2091 | 2089 | ||
@@ -2141,17 +2139,18 @@ icmp6_match(const struct sk_buff *skb, | |||
2141 | unsigned int protoff, | 2139 | unsigned int protoff, |
2142 | bool *hotdrop) | 2140 | bool *hotdrop) |
2143 | { | 2141 | { |
2144 | struct icmp6hdr _icmp, *ic; | 2142 | struct icmp6hdr _icmph, *ic; |
2145 | const struct ip6t_icmp *icmpinfo = matchinfo; | 2143 | const struct ip6t_icmp *icmpinfo = matchinfo; |
2146 | 2144 | ||
2147 | /* Must not be a fragment. */ | 2145 | /* Must not be a fragment. */ |
2148 | if (offset) | 2146 | if (offset) |
2149 | return false; | 2147 | return false; |
2150 | 2148 | ||
2151 | ic = skb_header_pointer(skb, protoff, sizeof(_icmp), &_icmp); | 2149 | ic = skb_header_pointer(skb, protoff, sizeof(_icmph), &_icmph); |
2152 | if (ic == NULL) { | 2150 | if (ic == NULL) { |
2153 | /* We've been asked to examine this packet, and we | 2151 | /* We've been asked to examine this packet, and we |
2154 | can't. Hence, no choice but to drop. */ | 2152 | * can't. Hence, no choice but to drop. |
2153 | */ | ||
2155 | duprintf("Dropping evil ICMP tinygram.\n"); | 2154 | duprintf("Dropping evil ICMP tinygram.\n"); |
2156 | *hotdrop = true; | 2155 | *hotdrop = true; |
2157 | return false; | 2156 | return false; |
@@ -2216,7 +2215,7 @@ static struct nf_sockopt_ops ip6t_sockopts = { | |||
2216 | 2215 | ||
2217 | static struct xt_match icmp6_matchstruct __read_mostly = { | 2216 | static struct xt_match icmp6_matchstruct __read_mostly = { |
2218 | .name = "icmp6", | 2217 | .name = "icmp6", |
2219 | .match = &icmp6_match, | 2218 | .match = icmp6_match, |
2220 | .matchsize = sizeof(struct ip6t_icmp), | 2219 | .matchsize = sizeof(struct ip6t_icmp), |
2221 | .checkentry = icmp6_checkentry, | 2220 | .checkentry = icmp6_checkentry, |
2222 | .proto = IPPROTO_ICMPV6, | 2221 | .proto = IPPROTO_ICMPV6, |
@@ -2265,6 +2264,7 @@ err1: | |||
2265 | static void __exit ip6_tables_fini(void) | 2264 | static void __exit ip6_tables_fini(void) |
2266 | { | 2265 | { |
2267 | nf_unregister_sockopt(&ip6t_sockopts); | 2266 | nf_unregister_sockopt(&ip6t_sockopts); |
2267 | |||
2268 | xt_unregister_match(&icmp6_matchstruct); | 2268 | xt_unregister_match(&icmp6_matchstruct); |
2269 | xt_unregister_target(&ip6t_error_target); | 2269 | xt_unregister_target(&ip6t_error_target); |
2270 | xt_unregister_target(&ip6t_standard_target); | 2270 | xt_unregister_target(&ip6t_standard_target); |