netfilter: xtables: change hotdrop pointer to direct modification

Since xt_action_param is writable, let's use it. The pointer to 'bool hotdrop' always worried (8 bytes (64-bit) to write 1 byte!). Surprisingly results in a reduction in size: text data bss filename 5457066 692730 357892 vmlinux.o-prev 5456554 692730 357892 vmlinux.o Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2009-07-07 14:54:30 -0400
committer: Jan Engelhardt <jengelh@medozas.de> 2010-05-11 12:35:27 -0400
commit: b4ba26119b06052888696491f614201817491a0d (patch)
tree: d6dc2a4e0f78641b5b64a1728322c81cbad09974 /net/netfilter
parent: 62fc8051083a334578c3f4b3488808f210b4565f (diff)
9 files changed, 16 insertions, 16 deletions
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index f130fd9817be..5c5b6b921b84 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -206,14 +206,14 @@ connlimit_mt(const struct sk_buff *skb, struct xt_action_param *par)
        if (connections < 0) {
                /* kmalloc failed, drop it entirely */
-                *par->hotdrop = true;
+                par->hotdrop = true;
                return false;
        }
        return (connections > info->limit) ^ info->inverse;
 hotdrop:
-        *par->hotdrop = true;
+        par->hotdrop = true;
        return false;
 }
diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c
index cc2c2919439f..b63d2a3d80ba 100644
--- a/net/netfilter/xt_dccp.c
+++ b/net/netfilter/xt_dccp.c
@@ -107,7 +107,7 @@ dccp_mt(const struct sk_buff *skb, struct xt_action_param *par)
        dh = skb_header_pointer(skb, par->thoff, sizeof(_dh), &_dh);
        if (dh == NULL) {
-                *par->hotdrop = true;
+                par->hotdrop = true;
                return false;
        }
@@ -120,7 +120,7 @@ dccp_mt(const struct sk_buff *skb, struct xt_action_param *par)
                && DCCHECK(match_types(dh, info->typemask),
                           XT_DCCP_TYPE, info->flags, info->invflags)
                && DCCHECK(match_option(info->option, skb, par->thoff, dh,
-                                        par->hotdrop),
+                                        &par->hotdrop),
                           XT_DCCP_OPTION, info->flags, info->invflags);
 }
diff --git a/net/netfilter/xt_esp.c b/net/netfilter/xt_esp.c
index 7c2d80020554..171ba82b5902 100644
--- a/net/netfilter/xt_esp.c
+++ b/net/netfilter/xt_esp.c
@@ -52,7 +52,7 @@ static bool esp_mt(const struct sk_buff *skb, struct xt_action_param *par)
                 * can't.  Hence, no choice but to drop.
                 */
                pr_debug("Dropping evil ESP tinygram.\n");
-                *par->hotdrop = true;
+                par->hotdrop = true;
                return false;
        }
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index 25a6e548ec27..b46a8390896d 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -562,7 +562,7 @@ hashlimit_mt(const struct sk_buff *skb, struct xt_action_param *par)
        return info->cfg.mode & XT_HASHLIMIT_INVERT;
 hotdrop:
-        *par->hotdrop = true;
+        par->hotdrop = true;
        return false;
 }
diff --git a/net/netfilter/xt_multiport.c b/net/netfilter/xt_multiport.c
index 52beb68256c8..ac1d3c3d09e7 100644
--- a/net/netfilter/xt_multiport.c
+++ b/net/netfilter/xt_multiport.c
@@ -87,7 +87,7 @@ multiport_mt(const struct sk_buff *skb, struct xt_action_param *par)
                 * can't.  Hence, no choice but to drop.
                 */
                pr_debug("Dropping evil offset=0 tinygram.\n");
-                *par->hotdrop = true;
+                par->hotdrop = true;
                return false;
        }
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index 2808a7e33947..76aec6a44762 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -268,7 +268,7 @@ recent_mt(const struct sk_buff *skb, struct xt_action_param *par)
                        goto out;
                e = recent_entry_init(t, &addr, par->family, ttl);
                if (e == NULL)
-                        *par->hotdrop = true;
+                        par->hotdrop = true;
                ret = !ret;
                goto out;
        }
diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c
index 94d8b5deb2d0..c04fcf385c59 100644
--- a/net/netfilter/xt_sctp.c
+++ b/net/netfilter/xt_sctp.c
@@ -128,7 +128,7 @@ sctp_mt(const struct sk_buff *skb, struct xt_action_param *par)
        sh = skb_header_pointer(skb, par->thoff, sizeof(_sh), &_sh);
        if (sh == NULL) {
                pr_debug("Dropping evil TCP offset=0 tinygram.\n");
-                *par->hotdrop = true;
+                par->hotdrop = true;
                return false;
        }
        pr_debug("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest));
@@ -140,7 +140,7 @@ sctp_mt(const struct sk_buff *skb, struct xt_action_param *par)
                        && ntohs(sh->dest) <= info->dpts[1],
                        XT_SCTP_DEST_PORTS, info->flags, info->invflags)
                && SCCHECK(match_packet(skb, par->thoff + sizeof(sctp_sctphdr_t),
-                                        info, par->hotdrop),
+                                        info, &par->hotdrop),
                           XT_SCTP_CHUNK_TYPES, info->flags, info->invflags);
 }
diff --git a/net/netfilter/xt_tcpmss.c b/net/netfilter/xt_tcpmss.c
index f90728f6b8a4..c53d4d18eadf 100644
--- a/net/netfilter/xt_tcpmss.c
+++ b/net/netfilter/xt_tcpmss.c
@@ -73,7 +73,7 @@ out:
        return info->invert;
 dropit:
-        *par->hotdrop = true;
+        par->hotdrop = true;
        return false;
 }
diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c
index dedde33c9db6..c14d4645daa3 100644
--- a/net/netfilter/xt_tcpudp.c
+++ b/net/netfilter/xt_tcpudp.c
@@ -77,7 +77,7 @@ static bool tcp_mt(const struct sk_buff *skb, struct xt_action_param *par)
                */
                if (par->fragoff == 1) {
                        pr_debug("Dropping evil TCP offset=1 frag.\n");
-                        *par->hotdrop = true;
+                        par->hotdrop = true;
                }
                /* Must not be a fragment. */
                return false;
@@ -90,7 +90,7 @@ static bool tcp_mt(const struct sk_buff *skb, struct xt_action_param *par)
                /* We've been asked to examine this packet, and we
                   can't.  Hence, no choice but to drop. */
                pr_debug("Dropping evil TCP offset=0 tinygram.\n");
-                *par->hotdrop = true;
+                par->hotdrop = true;
                return false;
        }
@@ -108,13 +108,13 @@ static bool tcp_mt(const struct sk_buff *skb, struct xt_action_param *par)
                return false;
        if (tcpinfo->option) {
                if (th->doff * 4 < sizeof(_tcph)) {
-                        *par->hotdrop = true;
+                        par->hotdrop = true;
                        return false;
                }
                if (!tcp_find_option(tcpinfo->option, skb, par->thoff,
                                     th->doff*4 - sizeof(_tcph),
                                     tcpinfo->invflags & XT_TCP_INV_OPTION,
-                                     par->hotdrop))
+                                     &par->hotdrop))
                        return false;
        }
        return true;
@@ -143,7 +143,7 @@ static bool udp_mt(const struct sk_buff *skb, struct xt_action_param *par)
                /* We've been asked to examine this packet, and we
                   can't.  Hence, no choice but to drop. */
                pr_debug("Dropping evil UDP tinygram.\n");
-                *par->hotdrop = true;
+                par->hotdrop = true;
                return false;
        }
author	Jan Engelhardt <jengelh@medozas.de>	2009-07-07 14:54:30 -0400
committer	Jan Engelhardt <jengelh@medozas.de>	2010-05-11 12:35:27 -0400
commit	b4ba26119b06052888696491f614201817491a0d (patch)
tree	d6dc2a4e0f78641b5b64a1728322c81cbad09974 /net/netfilter
parent	62fc8051083a334578c3f4b3488808f210b4565f (diff)

diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c index f130fd9817be..5c5b6b921b84 100644 --- a/net/netfilter/xt_connlimit.c +++ b/net/netfilter/xt_connlimit.c
@@ -206,14 +206,14 @@ connlimit_mt(const struct sk_buff skb, struct xt_action_param par)
206		206
207	if (connections < 0) {	207	if (connections < 0) {
208	/* kmalloc failed, drop it entirely */	208	/* kmalloc failed, drop it entirely */
209	*par->hotdrop = true;	209	par->hotdrop = true;
210	return false;	210	return false;
211	}	211	}
212		212
213	return (connections > info->limit) ^ info->inverse;	213	return (connections > info->limit) ^ info->inverse;
214		214
215	hotdrop:	215	hotdrop:
216	*par->hotdrop = true;	216	par->hotdrop = true;
217	return false;	217	return false;
218	}	218	}
219		219


diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c index cc2c2919439f..b63d2a3d80ba 100644 --- a/net/netfilter/xt_dccp.c +++ b/net/netfilter/xt_dccp.c
@@ -107,7 +107,7 @@ dccp_mt(const struct sk_buff skb, struct xt_action_param par)
107		107
108	dh = skb_header_pointer(skb, par->thoff, sizeof(_dh), &_dh);	108	dh = skb_header_pointer(skb, par->thoff, sizeof(_dh), &_dh);
109	if (dh == NULL) {	109	if (dh == NULL) {
110	*par->hotdrop = true;	110	par->hotdrop = true;
111	return false;	111	return false;
112	}	112	}
113		113
@@ -120,7 +120,7 @@ dccp_mt(const struct sk_buff skb, struct xt_action_param par)
120	&& DCCHECK(match_types(dh, info->typemask),	120	&& DCCHECK(match_types(dh, info->typemask),
121	XT_DCCP_TYPE, info->flags, info->invflags)	121	XT_DCCP_TYPE, info->flags, info->invflags)
122	&& DCCHECK(match_option(info->option, skb, par->thoff, dh,	122	&& DCCHECK(match_option(info->option, skb, par->thoff, dh,
123	par->hotdrop),	123	&par->hotdrop),
124	XT_DCCP_OPTION, info->flags, info->invflags);	124	XT_DCCP_OPTION, info->flags, info->invflags);
125	}	125	}
126		126


diff --git a/net/netfilter/xt_esp.c b/net/netfilter/xt_esp.c index 7c2d80020554..171ba82b5902 100644 --- a/net/netfilter/xt_esp.c +++ b/net/netfilter/xt_esp.c
@@ -52,7 +52,7 @@ static bool esp_mt(const struct sk_buff skb, struct xt_action_param par)
52	* can't. Hence, no choice but to drop.	52	* can't. Hence, no choice but to drop.
53	*/	53	*/
54	pr_debug("Dropping evil ESP tinygram.\n");	54	pr_debug("Dropping evil ESP tinygram.\n");
55	*par->hotdrop = true;	55	par->hotdrop = true;
56	return false;	56	return false;
57	}	57	}
58		58


diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index 25a6e548ec27..b46a8390896d 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c
@@ -562,7 +562,7 @@ hashlimit_mt(const struct sk_buff skb, struct xt_action_param par)
562	return info->cfg.mode & XT_HASHLIMIT_INVERT;	562	return info->cfg.mode & XT_HASHLIMIT_INVERT;
563		563
564	hotdrop:	564	hotdrop:
565	*par->hotdrop = true;	565	par->hotdrop = true;
566	return false;	566	return false;
567	}	567	}
568		568


diff --git a/net/netfilter/xt_multiport.c b/net/netfilter/xt_multiport.c index 52beb68256c8..ac1d3c3d09e7 100644 --- a/net/netfilter/xt_multiport.c +++ b/net/netfilter/xt_multiport.c
@@ -87,7 +87,7 @@ multiport_mt(const struct sk_buff skb, struct xt_action_param par)
87	* can't. Hence, no choice but to drop.	87	* can't. Hence, no choice but to drop.
88	*/	88	*/
89	pr_debug("Dropping evil offset=0 tinygram.\n");	89	pr_debug("Dropping evil offset=0 tinygram.\n");
90	*par->hotdrop = true;	90	par->hotdrop = true;
91	return false;	91	return false;
92	}	92	}
93		93


diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c index 2808a7e33947..76aec6a44762 100644 --- a/net/netfilter/xt_recent.c +++ b/net/netfilter/xt_recent.c
@@ -268,7 +268,7 @@ recent_mt(const struct sk_buff skb, struct xt_action_param par)
268	goto out;	268	goto out;
269	e = recent_entry_init(t, &addr, par->family, ttl);	269	e = recent_entry_init(t, &addr, par->family, ttl);
270	if (e == NULL)	270	if (e == NULL)
271	*par->hotdrop = true;	271	par->hotdrop = true;
272	ret = !ret;	272	ret = !ret;
273	goto out;	273	goto out;
274	}	274	}


diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c index 94d8b5deb2d0..c04fcf385c59 100644 --- a/net/netfilter/xt_sctp.c +++ b/net/netfilter/xt_sctp.c
@@ -128,7 +128,7 @@ sctp_mt(const struct sk_buff skb, struct xt_action_param par)
128	sh = skb_header_pointer(skb, par->thoff, sizeof(_sh), &_sh);	128	sh = skb_header_pointer(skb, par->thoff, sizeof(_sh), &_sh);
129	if (sh == NULL) {	129	if (sh == NULL) {
130	pr_debug("Dropping evil TCP offset=0 tinygram.\n");	130	pr_debug("Dropping evil TCP offset=0 tinygram.\n");
131	*par->hotdrop = true;	131	par->hotdrop = true;
132	return false;	132	return false;
133	}	133	}
134	pr_debug("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest));	134	pr_debug("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest));
@@ -140,7 +140,7 @@ sctp_mt(const struct sk_buff skb, struct xt_action_param par)
140	&& ntohs(sh->dest) <= info->dpts[1],	140	&& ntohs(sh->dest) <= info->dpts[1],
141	XT_SCTP_DEST_PORTS, info->flags, info->invflags)	141	XT_SCTP_DEST_PORTS, info->flags, info->invflags)
142	&& SCCHECK(match_packet(skb, par->thoff + sizeof(sctp_sctphdr_t),	142	&& SCCHECK(match_packet(skb, par->thoff + sizeof(sctp_sctphdr_t),
143	info, par->hotdrop),	143	info, &par->hotdrop),
144	XT_SCTP_CHUNK_TYPES, info->flags, info->invflags);	144	XT_SCTP_CHUNK_TYPES, info->flags, info->invflags);
145	}	145	}
146		146


diff --git a/net/netfilter/xt_tcpmss.c b/net/netfilter/xt_tcpmss.c index f90728f6b8a4..c53d4d18eadf 100644 --- a/net/netfilter/xt_tcpmss.c +++ b/net/netfilter/xt_tcpmss.c
@@ -73,7 +73,7 @@ out:
73	return info->invert;	73	return info->invert;
74		74
75	dropit:	75	dropit:
76	*par->hotdrop = true;	76	par->hotdrop = true;
77	return false;	77	return false;
78	}	78	}
79		79


diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c index dedde33c9db6..c14d4645daa3 100644 --- a/net/netfilter/xt_tcpudp.c +++ b/net/netfilter/xt_tcpudp.c
@@ -77,7 +77,7 @@ static bool tcp_mt(const struct sk_buff skb, struct xt_action_param par)
77	*/	77	*/
78	if (par->fragoff == 1) {	78	if (par->fragoff == 1) {
79	pr_debug("Dropping evil TCP offset=1 frag.\n");	79	pr_debug("Dropping evil TCP offset=1 frag.\n");
80	*par->hotdrop = true;	80	par->hotdrop = true;
81	}	81	}
82	/* Must not be a fragment. */	82	/* Must not be a fragment. */
83	return false;	83	return false;
@@ -90,7 +90,7 @@ static bool tcp_mt(const struct sk_buff skb, struct xt_action_param par)
90	/* We've been asked to examine this packet, and we	90	/* We've been asked to examine this packet, and we
91	can't. Hence, no choice but to drop. */	91	can't. Hence, no choice but to drop. */
92	pr_debug("Dropping evil TCP offset=0 tinygram.\n");	92	pr_debug("Dropping evil TCP offset=0 tinygram.\n");
93	*par->hotdrop = true;	93	par->hotdrop = true;
94	return false;	94	return false;
95	}	95	}
96		96
@@ -108,13 +108,13 @@ static bool tcp_mt(const struct sk_buff skb, struct xt_action_param par)
108	return false;	108	return false;
109	if (tcpinfo->option) {	109	if (tcpinfo->option) {
110	if (th->doff * 4 < sizeof(_tcph)) {	110	if (th->doff * 4 < sizeof(_tcph)) {
111	*par->hotdrop = true;	111	par->hotdrop = true;
112	return false;	112	return false;
113	}	113	}
114	if (!tcp_find_option(tcpinfo->option, skb, par->thoff,	114	if (!tcp_find_option(tcpinfo->option, skb, par->thoff,
115	th->doff*4 - sizeof(_tcph),	115	th->doff*4 - sizeof(_tcph),
116	tcpinfo->invflags & XT_TCP_INV_OPTION,	116	tcpinfo->invflags & XT_TCP_INV_OPTION,
117	par->hotdrop))	117	&par->hotdrop))
118	return false;	118	return false;
119	}	119	}
120	return true;	120	return true;
@@ -143,7 +143,7 @@ static bool udp_mt(const struct sk_buff skb, struct xt_action_param par)
143	/* We've been asked to examine this packet, and we	143	/* We've been asked to examine this packet, and we
144	can't. Hence, no choice but to drop. */	144	can't. Hence, no choice but to drop. */
145	pr_debug("Dropping evil UDP tinygram.\n");	145	pr_debug("Dropping evil UDP tinygram.\n");
146	*par->hotdrop = true;	146	par->hotdrop = true;
147	return false;	147	return false;
148	}	148	}
149		149