aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2010-02-24 12:36:04 -0500
committerPatrick McHardy <kaber@trash.net>2010-02-24 12:36:04 -0500
commit0f234214d15fa914436d304ecf5c3e43449e79f9 (patch)
treee31b2fd40b14530c5b49413070495eabd082eb1f /net
parent6bdb331bc6910d1ccb74dc9852fc858c5916c927 (diff)
netfilter: xtables: reduce arguments to translate_table
Just pass in the entire repl struct. In case of a new table (e.g. ip6t_register_table), the repldata has been previously filled with table->name and table->size already (in ip6t_alloc_initial_table). Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/netfilter/arp_tables.c42
-rw-r--r--net/ipv4/netfilter/ip_tables.c42
-rw-r--r--net/ipv6/netfilter/ip6_tables.c42
3 files changed, 45 insertions, 81 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 5fdedeb46218..57098dcda294 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -622,21 +622,15 @@ static inline void cleanup_entry(struct arpt_entry *e)
622/* Checks and translates the user-supplied table segment (held in 622/* Checks and translates the user-supplied table segment (held in
623 * newinfo). 623 * newinfo).
624 */ 624 */
625static int translate_table(const char *name, 625static int translate_table(struct xt_table_info *newinfo, void *entry0,
626 unsigned int valid_hooks, 626 const struct arpt_replace *repl)
627 struct xt_table_info *newinfo,
628 void *entry0,
629 unsigned int size,
630 unsigned int number,
631 const unsigned int *hook_entries,
632 const unsigned int *underflows)
633{ 627{
634 struct arpt_entry *iter; 628 struct arpt_entry *iter;
635 unsigned int i; 629 unsigned int i;
636 int ret = 0; 630 int ret = 0;
637 631
638 newinfo->size = size; 632 newinfo->size = repl->size;
639 newinfo->number = number; 633 newinfo->number = repl->num_entries;
640 634
641 /* Init all hooks to impossible value. */ 635 /* Init all hooks to impossible value. */
642 for (i = 0; i < NF_ARP_NUMHOOKS; i++) { 636 for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
@@ -650,7 +644,8 @@ static int translate_table(const char *name,
650 /* Walk through entries, checking offsets. */ 644 /* Walk through entries, checking offsets. */
651 xt_entry_foreach(iter, entry0, newinfo->size) { 645 xt_entry_foreach(iter, entry0, newinfo->size) {
652 ret = check_entry_size_and_hooks(iter, newinfo, entry0, 646 ret = check_entry_size_and_hooks(iter, newinfo, entry0,
653 entry0 + size, hook_entries, underflows, valid_hooks); 647 entry0 + repl->size, repl->hook_entry, repl->underflow,
648 repl->valid_hooks);
654 if (ret != 0) 649 if (ret != 0)
655 break; 650 break;
656 ++i; 651 ++i;
@@ -659,30 +654,30 @@ static int translate_table(const char *name,
659 if (ret != 0) 654 if (ret != 0)
660 return ret; 655 return ret;
661 656
662 if (i != number) { 657 if (i != repl->num_entries) {
663 duprintf("translate_table: %u not %u entries\n", 658 duprintf("translate_table: %u not %u entries\n",
664 i, number); 659 i, repl->num_entries);
665 return -EINVAL; 660 return -EINVAL;
666 } 661 }
667 662
668 /* Check hooks all assigned */ 663 /* Check hooks all assigned */
669 for (i = 0; i < NF_ARP_NUMHOOKS; i++) { 664 for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
670 /* Only hooks which are valid */ 665 /* Only hooks which are valid */
671 if (!(valid_hooks & (1 << i))) 666 if (!(repl->valid_hooks & (1 << i)))
672 continue; 667 continue;
673 if (newinfo->hook_entry[i] == 0xFFFFFFFF) { 668 if (newinfo->hook_entry[i] == 0xFFFFFFFF) {
674 duprintf("Invalid hook entry %u %u\n", 669 duprintf("Invalid hook entry %u %u\n",
675 i, hook_entries[i]); 670 i, repl->hook_entry[i]);
676 return -EINVAL; 671 return -EINVAL;
677 } 672 }
678 if (newinfo->underflow[i] == 0xFFFFFFFF) { 673 if (newinfo->underflow[i] == 0xFFFFFFFF) {
679 duprintf("Invalid underflow %u %u\n", 674 duprintf("Invalid underflow %u %u\n",
680 i, underflows[i]); 675 i, repl->underflow[i]);
681 return -EINVAL; 676 return -EINVAL;
682 } 677 }
683 } 678 }
684 679
685 if (!mark_source_chains(newinfo, valid_hooks, entry0)) { 680 if (!mark_source_chains(newinfo, repl->valid_hooks, entry0)) {
686 duprintf("Looping hook\n"); 681 duprintf("Looping hook\n");
687 return -ELOOP; 682 return -ELOOP;
688 } 683 }
@@ -690,7 +685,7 @@ static int translate_table(const char *name,
690 /* Finally, each sanity check must pass */ 685 /* Finally, each sanity check must pass */
691 i = 0; 686 i = 0;
692 xt_entry_foreach(iter, entry0, newinfo->size) { 687 xt_entry_foreach(iter, entry0, newinfo->size) {
693 ret = find_check_entry(iter, name, size); 688 ret = find_check_entry(iter, repl->name, repl->size);
694 if (ret != 0) 689 if (ret != 0)
695 break; 690 break;
696 ++i; 691 ++i;
@@ -1101,9 +1096,7 @@ static int do_replace(struct net *net, const void __user *user,
1101 goto free_newinfo; 1096 goto free_newinfo;
1102 } 1097 }
1103 1098
1104 ret = translate_table(tmp.name, tmp.valid_hooks, 1099 ret = translate_table(newinfo, loc_cpu_entry, &tmp);
1105 newinfo, loc_cpu_entry, tmp.size, tmp.num_entries,
1106 tmp.hook_entry, tmp.underflow);
1107 if (ret != 0) 1100 if (ret != 0)
1108 goto free_newinfo; 1101 goto free_newinfo;
1109 1102
@@ -1795,12 +1788,7 @@ struct xt_table *arpt_register_table(struct net *net,
1795 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; 1788 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
1796 memcpy(loc_cpu_entry, repl->entries, repl->size); 1789 memcpy(loc_cpu_entry, repl->entries, repl->size);
1797 1790
1798 ret = translate_table(table->name, table->valid_hooks, 1791 ret = translate_table(newinfo, loc_cpu_entry, repl);
1799 newinfo, loc_cpu_entry, repl->size,
1800 repl->num_entries,
1801 repl->hook_entry,
1802 repl->underflow);
1803
1804 duprintf("arpt_register_table: translate table gives %d\n", ret); 1792 duprintf("arpt_register_table: translate table gives %d\n", ret);
1805 if (ret != 0) 1793 if (ret != 0)
1806 goto out_free; 1794 goto out_free;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 36edc7d5f284..c92f4e541cf6 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -815,22 +815,15 @@ cleanup_entry(struct ipt_entry *e, struct net *net)
815/* Checks and translates the user-supplied table segment (held in 815/* Checks and translates the user-supplied table segment (held in
816 newinfo) */ 816 newinfo) */
817static int 817static int
818translate_table(struct net *net, 818translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0,
819 const char *name, 819 const struct ipt_replace *repl)
820 unsigned int valid_hooks,
821 struct xt_table_info *newinfo,
822 void *entry0,
823 unsigned int size,
824 unsigned int number,
825 const unsigned int *hook_entries,
826 const unsigned int *underflows)
827{ 820{
828 struct ipt_entry *iter; 821 struct ipt_entry *iter;
829 unsigned int i; 822 unsigned int i;
830 int ret = 0; 823 int ret = 0;
831 824
832 newinfo->size = size; 825 newinfo->size = repl->size;
833 newinfo->number = number; 826 newinfo->number = repl->num_entries;
834 827
835 /* Init all hooks to impossible value. */ 828 /* Init all hooks to impossible value. */
836 for (i = 0; i < NF_INET_NUMHOOKS; i++) { 829 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
@@ -843,42 +836,43 @@ translate_table(struct net *net,
843 /* Walk through entries, checking offsets. */ 836 /* Walk through entries, checking offsets. */
844 xt_entry_foreach(iter, entry0, newinfo->size) { 837 xt_entry_foreach(iter, entry0, newinfo->size) {
845 ret = check_entry_size_and_hooks(iter, newinfo, entry0, 838 ret = check_entry_size_and_hooks(iter, newinfo, entry0,
846 entry0 + size, hook_entries, underflows, valid_hooks); 839 entry0 + repl->size, repl->hook_entry, repl->underflow,
840 repl->valid_hooks);
847 if (ret != 0) 841 if (ret != 0)
848 return ret; 842 return ret;
849 ++i; 843 ++i;
850 } 844 }
851 845
852 if (i != number) { 846 if (i != repl->num_entries) {
853 duprintf("translate_table: %u not %u entries\n", 847 duprintf("translate_table: %u not %u entries\n",
854 i, number); 848 i, repl->num_entries);
855 return -EINVAL; 849 return -EINVAL;
856 } 850 }
857 851
858 /* Check hooks all assigned */ 852 /* Check hooks all assigned */
859 for (i = 0; i < NF_INET_NUMHOOKS; i++) { 853 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
860 /* Only hooks which are valid */ 854 /* Only hooks which are valid */
861 if (!(valid_hooks & (1 << i))) 855 if (!(repl->valid_hooks & (1 << i)))
862 continue; 856 continue;
863 if (newinfo->hook_entry[i] == 0xFFFFFFFF) { 857 if (newinfo->hook_entry[i] == 0xFFFFFFFF) {
864 duprintf("Invalid hook entry %u %u\n", 858 duprintf("Invalid hook entry %u %u\n",
865 i, hook_entries[i]); 859 i, repl->hook_entry[i]);
866 return -EINVAL; 860 return -EINVAL;
867 } 861 }
868 if (newinfo->underflow[i] == 0xFFFFFFFF) { 862 if (newinfo->underflow[i] == 0xFFFFFFFF) {
869 duprintf("Invalid underflow %u %u\n", 863 duprintf("Invalid underflow %u %u\n",
870 i, underflows[i]); 864 i, repl->underflow[i]);
871 return -EINVAL; 865 return -EINVAL;
872 } 866 }
873 } 867 }
874 868
875 if (!mark_source_chains(newinfo, valid_hooks, entry0)) 869 if (!mark_source_chains(newinfo, repl->valid_hooks, entry0))
876 return -ELOOP; 870 return -ELOOP;
877 871
878 /* Finally, each sanity check must pass */ 872 /* Finally, each sanity check must pass */
879 i = 0; 873 i = 0;
880 xt_entry_foreach(iter, entry0, newinfo->size) { 874 xt_entry_foreach(iter, entry0, newinfo->size) {
881 ret = find_check_entry(iter, net, name, size); 875 ret = find_check_entry(iter, net, repl->name, repl->size);
882 if (ret != 0) 876 if (ret != 0)
883 break; 877 break;
884 ++i; 878 ++i;
@@ -1311,9 +1305,7 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
1311 goto free_newinfo; 1305 goto free_newinfo;
1312 } 1306 }
1313 1307
1314 ret = translate_table(net, tmp.name, tmp.valid_hooks, 1308 ret = translate_table(net, newinfo, loc_cpu_entry, &tmp);
1315 newinfo, loc_cpu_entry, tmp.size, tmp.num_entries,
1316 tmp.hook_entry, tmp.underflow);
1317 if (ret != 0) 1309 if (ret != 0)
1318 goto free_newinfo; 1310 goto free_newinfo;
1319 1311
@@ -2112,11 +2104,7 @@ struct xt_table *ipt_register_table(struct net *net,
2112 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; 2104 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
2113 memcpy(loc_cpu_entry, repl->entries, repl->size); 2105 memcpy(loc_cpu_entry, repl->entries, repl->size);
2114 2106
2115 ret = translate_table(net, table->name, table->valid_hooks, 2107 ret = translate_table(net, newinfo, loc_cpu_entry, repl);
2116 newinfo, loc_cpu_entry, repl->size,
2117 repl->num_entries,
2118 repl->hook_entry,
2119 repl->underflow);
2120 if (ret != 0) 2108 if (ret != 0)
2121 goto out_free; 2109 goto out_free;
2122 2110
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index c5a963e4b545..f7042869198e 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -845,22 +845,15 @@ static void cleanup_entry(struct ip6t_entry *e, struct net *net)
845/* Checks and translates the user-supplied table segment (held in 845/* Checks and translates the user-supplied table segment (held in
846 newinfo) */ 846 newinfo) */
847static int 847static int
848translate_table(struct net *net, 848translate_table(struct net *net, struct xt_table_info *newinfo, void *entry0,
849 const char *name, 849 const struct ip6t_replace *repl)
850 unsigned int valid_hooks,
851 struct xt_table_info *newinfo,
852 void *entry0,
853 unsigned int size,
854 unsigned int number,
855 const unsigned int *hook_entries,
856 const unsigned int *underflows)
857{ 850{
858 struct ip6t_entry *iter; 851 struct ip6t_entry *iter;
859 unsigned int i; 852 unsigned int i;
860 int ret = 0; 853 int ret = 0;
861 854
862 newinfo->size = size; 855 newinfo->size = repl->size;
863 newinfo->number = number; 856 newinfo->number = repl->num_entries;
864 857
865 /* Init all hooks to impossible value. */ 858 /* Init all hooks to impossible value. */
866 for (i = 0; i < NF_INET_NUMHOOKS; i++) { 859 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
@@ -873,42 +866,43 @@ translate_table(struct net *net,
873 /* Walk through entries, checking offsets. */ 866 /* Walk through entries, checking offsets. */
874 xt_entry_foreach(iter, entry0, newinfo->size) { 867 xt_entry_foreach(iter, entry0, newinfo->size) {
875 ret = check_entry_size_and_hooks(iter, newinfo, entry0, 868 ret = check_entry_size_and_hooks(iter, newinfo, entry0,
876 entry0 + size, hook_entries, underflows, valid_hooks); 869 entry0 + repl->size, repl->hook_entry, repl->underflow,
870 repl->valid_hooks);
877 if (ret != 0) 871 if (ret != 0)
878 return ret; 872 return ret;
879 ++i; 873 ++i;
880 } 874 }
881 875
882 if (i != number) { 876 if (i != repl->num_entries) {
883 duprintf("translate_table: %u not %u entries\n", 877 duprintf("translate_table: %u not %u entries\n",
884 i, number); 878 i, repl->num_entries);
885 return -EINVAL; 879 return -EINVAL;
886 } 880 }
887 881
888 /* Check hooks all assigned */ 882 /* Check hooks all assigned */
889 for (i = 0; i < NF_INET_NUMHOOKS; i++) { 883 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
890 /* Only hooks which are valid */ 884 /* Only hooks which are valid */
891 if (!(valid_hooks & (1 << i))) 885 if (!(repl->valid_hooks & (1 << i)))
892 continue; 886 continue;
893 if (newinfo->hook_entry[i] == 0xFFFFFFFF) { 887 if (newinfo->hook_entry[i] == 0xFFFFFFFF) {
894 duprintf("Invalid hook entry %u %u\n", 888 duprintf("Invalid hook entry %u %u\n",
895 i, hook_entries[i]); 889 i, repl->hook_entry[i]);
896 return -EINVAL; 890 return -EINVAL;
897 } 891 }
898 if (newinfo->underflow[i] == 0xFFFFFFFF) { 892 if (newinfo->underflow[i] == 0xFFFFFFFF) {
899 duprintf("Invalid underflow %u %u\n", 893 duprintf("Invalid underflow %u %u\n",
900 i, underflows[i]); 894 i, repl->underflow[i]);
901 return -EINVAL; 895 return -EINVAL;
902 } 896 }
903 } 897 }
904 898
905 if (!mark_source_chains(newinfo, valid_hooks, entry0)) 899 if (!mark_source_chains(newinfo, repl->valid_hooks, entry0))
906 return -ELOOP; 900 return -ELOOP;
907 901
908 /* Finally, each sanity check must pass */ 902 /* Finally, each sanity check must pass */
909 i = 0; 903 i = 0;
910 xt_entry_foreach(iter, entry0, newinfo->size) { 904 xt_entry_foreach(iter, entry0, newinfo->size) {
911 ret = find_check_entry(iter, net, name, size); 905 ret = find_check_entry(iter, net, repl->name, repl->size);
912 if (ret != 0) 906 if (ret != 0)
913 break; 907 break;
914 ++i; 908 ++i;
@@ -1342,9 +1336,7 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
1342 goto free_newinfo; 1336 goto free_newinfo;
1343 } 1337 }
1344 1338
1345 ret = translate_table(net, tmp.name, tmp.valid_hooks, 1339 ret = translate_table(net, newinfo, loc_cpu_entry, &tmp);
1346 newinfo, loc_cpu_entry, tmp.size, tmp.num_entries,
1347 tmp.hook_entry, tmp.underflow);
1348 if (ret != 0) 1340 if (ret != 0)
1349 goto free_newinfo; 1341 goto free_newinfo;
1350 1342
@@ -2145,11 +2137,7 @@ struct xt_table *ip6t_register_table(struct net *net,
2145 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; 2137 loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
2146 memcpy(loc_cpu_entry, repl->entries, repl->size); 2138 memcpy(loc_cpu_entry, repl->entries, repl->size);
2147 2139
2148 ret = translate_table(net, table->name, table->valid_hooks, 2140 ret = translate_table(net, newinfo, loc_cpu_entry, repl);
2149 newinfo, loc_cpu_entry, repl->size,
2150 repl->num_entries,
2151 repl->hook_entry,
2152 repl->underflow);
2153 if (ret != 0) 2141 if (ret != 0)
2154 goto out_free; 2142 goto out_free;
2155 2143