diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2010-02-24 12:36:04 -0500 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-02-24 12:36:04 -0500 |
commit | 0f234214d15fa914436d304ecf5c3e43449e79f9 (patch) | |
tree | e31b2fd40b14530c5b49413070495eabd082eb1f /net | |
parent | 6bdb331bc6910d1ccb74dc9852fc858c5916c927 (diff) |
netfilter: xtables: reduce arguments to translate_table
Just pass in the entire repl struct. In case of a new table (e.g.
ip6t_register_table), the repldata has been previously filled with
table->name and table->size already (in ip6t_alloc_initial_table).
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 42 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 42 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 42 |
3 files changed, 45 insertions, 81 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 5fdedeb46218..57098dcda294 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -622,21 +622,15 @@ static inline void cleanup_entry(struct arpt_entry *e) | |||
622 | /* Checks and translates the user-supplied table segment (held in | 622 | /* Checks and translates the user-supplied table segment (held in |
623 | * newinfo). | 623 | * newinfo). |
624 | */ | 624 | */ |
625 | static int translate_table(const char *name, | 625 | static int translate_table(struct xt_table_info *newinfo, void *entry0, |
626 | unsigned int valid_hooks, | 626 | const struct arpt_replace *repl) |
627 | struct xt_table_info *newinfo, | ||
628 | void *entry0, | ||
629 | unsigned int size, | ||
630 | unsigned int number, | ||
631 | const unsigned int *hook_entries, | ||
632 | const unsigned int *underflows) | ||
633 | { | 627 | { |
634 | struct arpt_entry *iter; | 628 | struct arpt_entry *iter; |
635 | unsigned int i; | 629 | unsigned int i; |
636 | int ret = 0; | 630 | int ret = 0; |
637 | 631 | ||
638 | newinfo->size = size; | 632 | newinfo->size = repl->size; |
639 | newinfo->number = number; | 633 | newinfo->number = repl->num_entries; |
640 | 634 | ||
641 | /* Init all hooks to impossible value. */ | 635 | /* Init all hooks to impossible value. */ |
642 | for (i = 0; i < NF_ARP_NUMHOOKS; i++) { | 636 | for (i = 0; i < NF_ARP_NUMHOOKS; i++) { |
@@ -650,7 +644,8 @@ static int translate_table(const char *name, | |||
650 | /* Walk through entries, checking offsets. */ | 644 | /* Walk through entries, checking offsets. */ |
651 | xt_entry_foreach(iter, entry0, newinfo->size) { | 645 | xt_entry_foreach(iter, entry0, newinfo->size) { |
652 | ret = check_entry_size_and_hooks(iter, newinfo, entry0, | 646 | ret = check_entry_size_and_hooks(iter, newinfo, entry0, |
653 | entry0 + size, hook_entries, underflows, valid_hooks); | 647 | entry0 + repl->size, repl->hook_entry, repl->underflow, |
648 | repl->valid_hooks); | ||
654 | if (ret != 0) | 649 | if (ret != 0) |
655 | break; | 650 | break; |
656 | ++i; | 651 | ++i; |
@@ -659,30 +654,30 @@ static int translate_table(const char *name, | |||
659 | if (ret != 0) | 654 | if (ret != 0) |
660 | return ret; | 655 | return ret; |
661 | 656 | ||
662 | if (i != number) { | 657 | if (i != repl->num_entries) { |
663 | duprintf("translate_table: %u not %u entries\n", | 658 | duprintf("translate_table: %u not %u entries\n", |
664 | i, number); | 659 | i, repl->num_entries); |
665 | return -EINVAL; | 660 | return -EINVAL; |
666 | } | 661 | } |
667 | 662 | ||
668 | /* Check hooks all assigned */ | 663 | /* Check hooks all assigned */ |
669 | for (i = 0; i < NF_ARP_NUMHOOKS; i++) { | 664 | for (i = 0; i < NF_ARP_NUMHOOKS; i++) { |
670 | /* Only hooks which are valid */ | 665 | /* Only hooks which are valid */ |
671 | if (!(valid_hooks & (1 << i))) | 666 | if (!(repl->valid_hooks & (1 << i))) |
672 | continue; | 667 | continue; |
673 | if (newinfo->hook_entry[i] == 0xFFFFFFFF) { | 668 | if (newinfo->hook_entry[i] == 0xFFFFFFFF) { |
674 | duprintf("Invalid hook entry %u %u\n", | 669 | duprintf("Invalid hook entry %u %u\n", |
675 | i, hook_entries[i]); | 670 | i, repl->hook_entry[i]); |
676 | return -EINVAL; | 671 | return -EINVAL; |
677 | } | 672 | } |
678 | if (newinfo->underflow[i] == 0xFFFFFFFF) { | 673 | if (newinfo->underflow[i] == 0xFFFFFFFF) { |
679 | duprintf("Invalid underflow %u %u\n", | 674 | duprintf("Invalid underflow %u %u\n", |
680 | i, underflows[i]); | 675 | i, repl->underflow[i]); |
681 | return -EINVAL; | 676 | return -EINVAL; |
682 | } | 677 | } |
683 | } | 678 | } |
684 | 679 | ||
685 | if (!mark_source_chains(newinfo, valid_hooks, entry0)) { | 680 | if (!mark_source_chains(newinfo, repl->valid_hooks, entry0)) { |
686 | duprintf("Looping hook\n"); | 681 | duprintf("Looping hook\n"); |
687 | return -ELOOP; | 682 | return -ELOOP; |
688 | } | 683 | } |
@@ -690,7 +685,7 @@ static int translate_table(const char *name, | |||
690 | /* Finally, each sanity check must pass */ | 685 | /* Finally, each sanity check must pass */ |
691 | i = 0; | 686 | i = 0; |
692 | xt_entry_foreach(iter, entry0, newinfo->size) { | 687 | xt_entry_foreach(iter, entry0, newinfo->size) { |
693 | ret = find_check_entry(iter, name, size); | 688 | ret = find_check_entry(iter, repl->name, repl->size); |
694 | if (ret != 0) | 689 | if (ret != 0) |
695 | break; | 690 | break; |
696 | ++i; | 691 | ++i; |
@@ -1101,9 +1096,7 @@ static int do_replace(struct net *net, const void __user *user, | |||
1101 | goto free_newinfo; | 1096 | goto free_newinfo; |
1102 | } | 1097 | } |
1103 | 1098 | ||
1104 | ret = translate_table(tmp.name, tmp.valid_hooks, | 1099 | ret = translate_table(newinfo, loc_cpu_entry, &tmp); |
1105 | newinfo, loc_cpu_entry, tmp.size, tmp.num_entries, | ||
1106 | tmp.hook_entry, tmp.underflow); | ||
1107 | if (ret != 0) | 1100 | if (ret != 0) |
1108 | goto free_newinfo; | 1101 | goto free_newinfo; |
1109 | 1102 | ||
@@ -1795,12 +1788,7 @@ struct xt_table *arpt_register_table(struct net *net, | |||
1795 | loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; | 1788 | loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; |
1796 | memcpy(loc_cpu_entry, repl->entries, repl->size); | 1789 | memcpy(loc_cpu_entry, repl->entries, repl->size); |
1797 | 1790 | ||
1798 | ret = translate_table(table->name, table->valid_hooks, | 1791 | ret = translate_table(newinfo, loc_cpu_entry, repl); |
1799 | newinfo, loc_cpu_entry, repl->size, | ||
1800 | repl->num_entries, | ||
1801 | repl->hook_entry, | ||
1802 | repl->underflow); | ||
1803 | |||
1804 | duprintf("arpt_register_table: translate table gives %d\n", ret); | 1792 | duprintf("arpt_register_table: translate table gives %d\n", ret); |
1805 | if (ret != 0) | 1793 | if (ret != 0) |
1806 | goto out_free; | 1794 | goto out_free; |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 36edc7d5f284..c92f4e541cf6 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -815,22 +815,15 @@ cleanup_entry(struct ipt_entry *e, struct net *net) | |||
815 | /* Checks and translates the user-supplied table segment (held in | 815 | /* Checks and translates the user-supplied table segment (held in |
816 | newinfo) */ | 816 | newinfo) */ |
817 | static int | 817 | static int |
818 | translate_table(struct net *net, | 818 | translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0, |
819 | const char *name, | 819 | const struct ipt_replace *repl) |
820 | unsigned int valid_hooks, | ||
821 | struct xt_table_info *newinfo, | ||
822 | void *entry0, | ||
823 | unsigned int size, | ||
824 | unsigned int number, | ||
825 | const unsigned int *hook_entries, | ||
826 | const unsigned int *underflows) | ||
827 | { | 820 | { |
828 | struct ipt_entry *iter; | 821 | struct ipt_entry *iter; |
829 | unsigned int i; | 822 | unsigned int i; |
830 | int ret = 0; | 823 | int ret = 0; |
831 | 824 | ||
832 | newinfo->size = size; | 825 | newinfo->size = repl->size; |
833 | newinfo->number = number; | 826 | newinfo->number = repl->num_entries; |
834 | 827 | ||
835 | /* Init all hooks to impossible value. */ | 828 | /* Init all hooks to impossible value. */ |
836 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { | 829 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
@@ -843,42 +836,43 @@ translate_table(struct net *net, | |||
843 | /* Walk through entries, checking offsets. */ | 836 | /* Walk through entries, checking offsets. */ |
844 | xt_entry_foreach(iter, entry0, newinfo->size) { | 837 | xt_entry_foreach(iter, entry0, newinfo->size) { |
845 | ret = check_entry_size_and_hooks(iter, newinfo, entry0, | 838 | ret = check_entry_size_and_hooks(iter, newinfo, entry0, |
846 | entry0 + size, hook_entries, underflows, valid_hooks); | 839 | entry0 + repl->size, repl->hook_entry, repl->underflow, |
840 | repl->valid_hooks); | ||
847 | if (ret != 0) | 841 | if (ret != 0) |
848 | return ret; | 842 | return ret; |
849 | ++i; | 843 | ++i; |
850 | } | 844 | } |
851 | 845 | ||
852 | if (i != number) { | 846 | if (i != repl->num_entries) { |
853 | duprintf("translate_table: %u not %u entries\n", | 847 | duprintf("translate_table: %u not %u entries\n", |
854 | i, number); | 848 | i, repl->num_entries); |
855 | return -EINVAL; | 849 | return -EINVAL; |
856 | } | 850 | } |
857 | 851 | ||
858 | /* Check hooks all assigned */ | 852 | /* Check hooks all assigned */ |
859 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { | 853 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
860 | /* Only hooks which are valid */ | 854 | /* Only hooks which are valid */ |
861 | if (!(valid_hooks & (1 << i))) | 855 | if (!(repl->valid_hooks & (1 << i))) |
862 | continue; | 856 | continue; |
863 | if (newinfo->hook_entry[i] == 0xFFFFFFFF) { | 857 | if (newinfo->hook_entry[i] == 0xFFFFFFFF) { |
864 | duprintf("Invalid hook entry %u %u\n", | 858 | duprintf("Invalid hook entry %u %u\n", |
865 | i, hook_entries[i]); | 859 | i, repl->hook_entry[i]); |
866 | return -EINVAL; | 860 | return -EINVAL; |
867 | } | 861 | } |
868 | if (newinfo->underflow[i] == 0xFFFFFFFF) { | 862 | if (newinfo->underflow[i] == 0xFFFFFFFF) { |
869 | duprintf("Invalid underflow %u %u\n", | 863 | duprintf("Invalid underflow %u %u\n", |
870 | i, underflows[i]); | 864 | i, repl->underflow[i]); |
871 | return -EINVAL; | 865 | return -EINVAL; |
872 | } | 866 | } |
873 | } | 867 | } |
874 | 868 | ||
875 | if (!mark_source_chains(newinfo, valid_hooks, entry0)) | 869 | if (!mark_source_chains(newinfo, repl->valid_hooks, entry0)) |
876 | return -ELOOP; | 870 | return -ELOOP; |
877 | 871 | ||
878 | /* Finally, each sanity check must pass */ | 872 | /* Finally, each sanity check must pass */ |
879 | i = 0; | 873 | i = 0; |
880 | xt_entry_foreach(iter, entry0, newinfo->size) { | 874 | xt_entry_foreach(iter, entry0, newinfo->size) { |
881 | ret = find_check_entry(iter, net, name, size); | 875 | ret = find_check_entry(iter, net, repl->name, repl->size); |
882 | if (ret != 0) | 876 | if (ret != 0) |
883 | break; | 877 | break; |
884 | ++i; | 878 | ++i; |
@@ -1311,9 +1305,7 @@ do_replace(struct net *net, const void __user *user, unsigned int len) | |||
1311 | goto free_newinfo; | 1305 | goto free_newinfo; |
1312 | } | 1306 | } |
1313 | 1307 | ||
1314 | ret = translate_table(net, tmp.name, tmp.valid_hooks, | 1308 | ret = translate_table(net, newinfo, loc_cpu_entry, &tmp); |
1315 | newinfo, loc_cpu_entry, tmp.size, tmp.num_entries, | ||
1316 | tmp.hook_entry, tmp.underflow); | ||
1317 | if (ret != 0) | 1309 | if (ret != 0) |
1318 | goto free_newinfo; | 1310 | goto free_newinfo; |
1319 | 1311 | ||
@@ -2112,11 +2104,7 @@ struct xt_table *ipt_register_table(struct net *net, | |||
2112 | loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; | 2104 | loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; |
2113 | memcpy(loc_cpu_entry, repl->entries, repl->size); | 2105 | memcpy(loc_cpu_entry, repl->entries, repl->size); |
2114 | 2106 | ||
2115 | ret = translate_table(net, table->name, table->valid_hooks, | 2107 | ret = translate_table(net, newinfo, loc_cpu_entry, repl); |
2116 | newinfo, loc_cpu_entry, repl->size, | ||
2117 | repl->num_entries, | ||
2118 | repl->hook_entry, | ||
2119 | repl->underflow); | ||
2120 | if (ret != 0) | 2108 | if (ret != 0) |
2121 | goto out_free; | 2109 | goto out_free; |
2122 | 2110 | ||
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index c5a963e4b545..f7042869198e 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -845,22 +845,15 @@ static void cleanup_entry(struct ip6t_entry *e, struct net *net) | |||
845 | /* Checks and translates the user-supplied table segment (held in | 845 | /* Checks and translates the user-supplied table segment (held in |
846 | newinfo) */ | 846 | newinfo) */ |
847 | static int | 847 | static int |
848 | translate_table(struct net *net, | 848 | translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0, |
849 | const char *name, | 849 | const struct ip6t_replace *repl) |
850 | unsigned int valid_hooks, | ||
851 | struct xt_table_info *newinfo, | ||
852 | void *entry0, | ||
853 | unsigned int size, | ||
854 | unsigned int number, | ||
855 | const unsigned int *hook_entries, | ||
856 | const unsigned int *underflows) | ||
857 | { | 850 | { |
858 | struct ip6t_entry *iter; | 851 | struct ip6t_entry *iter; |
859 | unsigned int i; | 852 | unsigned int i; |
860 | int ret = 0; | 853 | int ret = 0; |
861 | 854 | ||
862 | newinfo->size = size; | 855 | newinfo->size = repl->size; |
863 | newinfo->number = number; | 856 | newinfo->number = repl->num_entries; |
864 | 857 | ||
865 | /* Init all hooks to impossible value. */ | 858 | /* Init all hooks to impossible value. */ |
866 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { | 859 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
@@ -873,42 +866,43 @@ translate_table(struct net *net, | |||
873 | /* Walk through entries, checking offsets. */ | 866 | /* Walk through entries, checking offsets. */ |
874 | xt_entry_foreach(iter, entry0, newinfo->size) { | 867 | xt_entry_foreach(iter, entry0, newinfo->size) { |
875 | ret = check_entry_size_and_hooks(iter, newinfo, entry0, | 868 | ret = check_entry_size_and_hooks(iter, newinfo, entry0, |
876 | entry0 + size, hook_entries, underflows, valid_hooks); | 869 | entry0 + repl->size, repl->hook_entry, repl->underflow, |
870 | repl->valid_hooks); | ||
877 | if (ret != 0) | 871 | if (ret != 0) |
878 | return ret; | 872 | return ret; |
879 | ++i; | 873 | ++i; |
880 | } | 874 | } |
881 | 875 | ||
882 | if (i != number) { | 876 | if (i != repl->num_entries) { |
883 | duprintf("translate_table: %u not %u entries\n", | 877 | duprintf("translate_table: %u not %u entries\n", |
884 | i, number); | 878 | i, repl->num_entries); |
885 | return -EINVAL; | 879 | return -EINVAL; |
886 | } | 880 | } |
887 | 881 | ||
888 | /* Check hooks all assigned */ | 882 | /* Check hooks all assigned */ |
889 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { | 883 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
890 | /* Only hooks which are valid */ | 884 | /* Only hooks which are valid */ |
891 | if (!(valid_hooks & (1 << i))) | 885 | if (!(repl->valid_hooks & (1 << i))) |
892 | continue; | 886 | continue; |
893 | if (newinfo->hook_entry[i] == 0xFFFFFFFF) { | 887 | if (newinfo->hook_entry[i] == 0xFFFFFFFF) { |
894 | duprintf("Invalid hook entry %u %u\n", | 888 | duprintf("Invalid hook entry %u %u\n", |
895 | i, hook_entries[i]); | 889 | i, repl->hook_entry[i]); |
896 | return -EINVAL; | 890 | return -EINVAL; |
897 | } | 891 | } |
898 | if (newinfo->underflow[i] == 0xFFFFFFFF) { | 892 | if (newinfo->underflow[i] == 0xFFFFFFFF) { |
899 | duprintf("Invalid underflow %u %u\n", | 893 | duprintf("Invalid underflow %u %u\n", |
900 | i, underflows[i]); | 894 | i, repl->underflow[i]); |
901 | return -EINVAL; | 895 | return -EINVAL; |
902 | } | 896 | } |
903 | } | 897 | } |
904 | 898 | ||
905 | if (!mark_source_chains(newinfo, valid_hooks, entry0)) | 899 | if (!mark_source_chains(newinfo, repl->valid_hooks, entry0)) |
906 | return -ELOOP; | 900 | return -ELOOP; |
907 | 901 | ||
908 | /* Finally, each sanity check must pass */ | 902 | /* Finally, each sanity check must pass */ |
909 | i = 0; | 903 | i = 0; |
910 | xt_entry_foreach(iter, entry0, newinfo->size) { | 904 | xt_entry_foreach(iter, entry0, newinfo->size) { |
911 | ret = find_check_entry(iter, net, name, size); | 905 | ret = find_check_entry(iter, net, repl->name, repl->size); |
912 | if (ret != 0) | 906 | if (ret != 0) |
913 | break; | 907 | break; |
914 | ++i; | 908 | ++i; |
@@ -1342,9 +1336,7 @@ do_replace(struct net *net, const void __user *user, unsigned int len) | |||
1342 | goto free_newinfo; | 1336 | goto free_newinfo; |
1343 | } | 1337 | } |
1344 | 1338 | ||
1345 | ret = translate_table(net, tmp.name, tmp.valid_hooks, | 1339 | ret = translate_table(net, newinfo, loc_cpu_entry, &tmp); |
1346 | newinfo, loc_cpu_entry, tmp.size, tmp.num_entries, | ||
1347 | tmp.hook_entry, tmp.underflow); | ||
1348 | if (ret != 0) | 1340 | if (ret != 0) |
1349 | goto free_newinfo; | 1341 | goto free_newinfo; |
1350 | 1342 | ||
@@ -2145,11 +2137,7 @@ struct xt_table *ip6t_register_table(struct net *net, | |||
2145 | loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; | 2137 | loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; |
2146 | memcpy(loc_cpu_entry, repl->entries, repl->size); | 2138 | memcpy(loc_cpu_entry, repl->entries, repl->size); |
2147 | 2139 | ||
2148 | ret = translate_table(net, table->name, table->valid_hooks, | 2140 | ret = translate_table(net, newinfo, loc_cpu_entry, repl); |
2149 | newinfo, loc_cpu_entry, repl->size, | ||
2150 | repl->num_entries, | ||
2151 | repl->hook_entry, | ||
2152 | repl->underflow); | ||
2153 | if (ret != 0) | 2141 | if (ret != 0) |
2154 | goto out_free; | 2142 | goto out_free; |
2155 | 2143 | ||