diff options
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 42 |
1 files changed, 23 insertions, 19 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 4ed16d254b98..dd7860fea61f 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -90,6 +90,7 @@ ip6t_ext_hdr(u8 nexthdr) | |||
90 | } | 90 | } |
91 | 91 | ||
92 | /* Returns whether matches rule or not. */ | 92 | /* Returns whether matches rule or not. */ |
93 | /* Performance critical - called for every packet */ | ||
93 | static inline bool | 94 | static inline bool |
94 | ip6_packet_match(const struct sk_buff *skb, | 95 | ip6_packet_match(const struct sk_buff *skb, |
95 | const char *indev, | 96 | const char *indev, |
@@ -182,7 +183,7 @@ ip6_packet_match(const struct sk_buff *skb, | |||
182 | } | 183 | } |
183 | 184 | ||
184 | /* should be ip6 safe */ | 185 | /* should be ip6 safe */ |
185 | static inline bool | 186 | static bool |
186 | ip6_checkentry(const struct ip6t_ip6 *ipv6) | 187 | ip6_checkentry(const struct ip6t_ip6 *ipv6) |
187 | { | 188 | { |
188 | if (ipv6->flags & ~IP6T_F_MASK) { | 189 | if (ipv6->flags & ~IP6T_F_MASK) { |
@@ -212,8 +213,9 @@ ip6t_error(struct sk_buff *skb, | |||
212 | return NF_DROP; | 213 | return NF_DROP; |
213 | } | 214 | } |
214 | 215 | ||
215 | static inline | 216 | /* Performance critical - called for every packet */ |
216 | bool do_match(struct ip6t_entry_match *m, | 217 | static inline bool |
218 | do_match(struct ip6t_entry_match *m, | ||
217 | const struct sk_buff *skb, | 219 | const struct sk_buff *skb, |
218 | const struct net_device *in, | 220 | const struct net_device *in, |
219 | const struct net_device *out, | 221 | const struct net_device *out, |
@@ -236,6 +238,7 @@ get_entry(void *base, unsigned int offset) | |||
236 | } | 238 | } |
237 | 239 | ||
238 | /* All zeroes == unconditional rule. */ | 240 | /* All zeroes == unconditional rule. */ |
241 | /* Mildly perf critical (only if packet tracing is on) */ | ||
239 | static inline int | 242 | static inline int |
240 | unconditional(const struct ip6t_ip6 *ipv6) | 243 | unconditional(const struct ip6t_ip6 *ipv6) |
241 | { | 244 | { |
@@ -251,7 +254,7 @@ unconditional(const struct ip6t_ip6 *ipv6) | |||
251 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ | 254 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ |
252 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) | 255 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) |
253 | /* This cries for unification! */ | 256 | /* This cries for unification! */ |
254 | static const char *hooknames[] = { | 257 | static const char *const hooknames[] = { |
255 | [NF_INET_PRE_ROUTING] = "PREROUTING", | 258 | [NF_INET_PRE_ROUTING] = "PREROUTING", |
256 | [NF_INET_LOCAL_IN] = "INPUT", | 259 | [NF_INET_LOCAL_IN] = "INPUT", |
257 | [NF_INET_FORWARD] = "FORWARD", | 260 | [NF_INET_FORWARD] = "FORWARD", |
@@ -265,7 +268,7 @@ enum nf_ip_trace_comments { | |||
265 | NF_IP6_TRACE_COMMENT_POLICY, | 268 | NF_IP6_TRACE_COMMENT_POLICY, |
266 | }; | 269 | }; |
267 | 270 | ||
268 | static const char *comments[] = { | 271 | static const char *const comments[] = { |
269 | [NF_IP6_TRACE_COMMENT_RULE] = "rule", | 272 | [NF_IP6_TRACE_COMMENT_RULE] = "rule", |
270 | [NF_IP6_TRACE_COMMENT_RETURN] = "return", | 273 | [NF_IP6_TRACE_COMMENT_RETURN] = "return", |
271 | [NF_IP6_TRACE_COMMENT_POLICY] = "policy", | 274 | [NF_IP6_TRACE_COMMENT_POLICY] = "policy", |
@@ -281,6 +284,7 @@ static struct nf_loginfo trace_loginfo = { | |||
281 | }, | 284 | }, |
282 | }; | 285 | }; |
283 | 286 | ||
287 | /* Mildly perf critical (only if packet tracing is on) */ | ||
284 | static inline int | 288 | static inline int |
285 | get_chainname_rulenum(struct ip6t_entry *s, struct ip6t_entry *e, | 289 | get_chainname_rulenum(struct ip6t_entry *s, struct ip6t_entry *e, |
286 | char *hookname, char **chainname, | 290 | char *hookname, char **chainname, |
@@ -595,7 +599,7 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
595 | return 1; | 599 | return 1; |
596 | } | 600 | } |
597 | 601 | ||
598 | static inline int | 602 | static int |
599 | cleanup_match(struct ip6t_entry_match *m, unsigned int *i) | 603 | cleanup_match(struct ip6t_entry_match *m, unsigned int *i) |
600 | { | 604 | { |
601 | if (i && (*i)-- == 0) | 605 | if (i && (*i)-- == 0) |
@@ -607,7 +611,7 @@ cleanup_match(struct ip6t_entry_match *m, unsigned int *i) | |||
607 | return 0; | 611 | return 0; |
608 | } | 612 | } |
609 | 613 | ||
610 | static inline int | 614 | static int |
611 | check_entry(struct ip6t_entry *e, const char *name) | 615 | check_entry(struct ip6t_entry *e, const char *name) |
612 | { | 616 | { |
613 | struct ip6t_entry_target *t; | 617 | struct ip6t_entry_target *t; |
@@ -628,7 +632,7 @@ check_entry(struct ip6t_entry *e, const char *name) | |||
628 | return 0; | 632 | return 0; |
629 | } | 633 | } |
630 | 634 | ||
631 | static inline int check_match(struct ip6t_entry_match *m, const char *name, | 635 | static int check_match(struct ip6t_entry_match *m, const char *name, |
632 | const struct ip6t_ip6 *ipv6, | 636 | const struct ip6t_ip6 *ipv6, |
633 | unsigned int hookmask, unsigned int *i) | 637 | unsigned int hookmask, unsigned int *i) |
634 | { | 638 | { |
@@ -651,7 +655,7 @@ static inline int check_match(struct ip6t_entry_match *m, const char *name, | |||
651 | return ret; | 655 | return ret; |
652 | } | 656 | } |
653 | 657 | ||
654 | static inline int | 658 | static int |
655 | find_check_match(struct ip6t_entry_match *m, | 659 | find_check_match(struct ip6t_entry_match *m, |
656 | const char *name, | 660 | const char *name, |
657 | const struct ip6t_ip6 *ipv6, | 661 | const struct ip6t_ip6 *ipv6, |
@@ -680,7 +684,7 @@ err: | |||
680 | return ret; | 684 | return ret; |
681 | } | 685 | } |
682 | 686 | ||
683 | static inline int check_target(struct ip6t_entry *e, const char *name) | 687 | static int check_target(struct ip6t_entry *e, const char *name) |
684 | { | 688 | { |
685 | struct ip6t_entry_target *t; | 689 | struct ip6t_entry_target *t; |
686 | struct xt_target *target; | 690 | struct xt_target *target; |
@@ -701,7 +705,7 @@ static inline int check_target(struct ip6t_entry *e, const char *name) | |||
701 | return ret; | 705 | return ret; |
702 | } | 706 | } |
703 | 707 | ||
704 | static inline int | 708 | static int |
705 | find_check_entry(struct ip6t_entry *e, const char *name, unsigned int size, | 709 | find_check_entry(struct ip6t_entry *e, const char *name, unsigned int size, |
706 | unsigned int *i) | 710 | unsigned int *i) |
707 | { | 711 | { |
@@ -745,7 +749,7 @@ find_check_entry(struct ip6t_entry *e, const char *name, unsigned int size, | |||
745 | return ret; | 749 | return ret; |
746 | } | 750 | } |
747 | 751 | ||
748 | static inline int | 752 | static int |
749 | check_entry_size_and_hooks(struct ip6t_entry *e, | 753 | check_entry_size_and_hooks(struct ip6t_entry *e, |
750 | struct xt_table_info *newinfo, | 754 | struct xt_table_info *newinfo, |
751 | unsigned char *base, | 755 | unsigned char *base, |
@@ -788,7 +792,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e, | |||
788 | return 0; | 792 | return 0; |
789 | } | 793 | } |
790 | 794 | ||
791 | static inline int | 795 | static int |
792 | cleanup_entry(struct ip6t_entry *e, unsigned int *i) | 796 | cleanup_entry(struct ip6t_entry *e, unsigned int *i) |
793 | { | 797 | { |
794 | struct ip6t_entry_target *t; | 798 | struct ip6t_entry_target *t; |
@@ -944,7 +948,7 @@ get_counters(const struct xt_table_info *t, | |||
944 | } | 948 | } |
945 | } | 949 | } |
946 | 950 | ||
947 | static inline struct xt_counters *alloc_counters(struct xt_table *table) | 951 | static struct xt_counters *alloc_counters(struct xt_table *table) |
948 | { | 952 | { |
949 | unsigned int countersize; | 953 | unsigned int countersize; |
950 | struct xt_counters *counters; | 954 | struct xt_counters *counters; |
@@ -1494,7 +1498,7 @@ out: | |||
1494 | return ret; | 1498 | return ret; |
1495 | } | 1499 | } |
1496 | 1500 | ||
1497 | static inline int | 1501 | static int |
1498 | compat_find_calc_match(struct ip6t_entry_match *m, | 1502 | compat_find_calc_match(struct ip6t_entry_match *m, |
1499 | const char *name, | 1503 | const char *name, |
1500 | const struct ip6t_ip6 *ipv6, | 1504 | const struct ip6t_ip6 *ipv6, |
@@ -1518,7 +1522,7 @@ compat_find_calc_match(struct ip6t_entry_match *m, | |||
1518 | return 0; | 1522 | return 0; |
1519 | } | 1523 | } |
1520 | 1524 | ||
1521 | static inline int | 1525 | static int |
1522 | compat_release_match(struct ip6t_entry_match *m, unsigned int *i) | 1526 | compat_release_match(struct ip6t_entry_match *m, unsigned int *i) |
1523 | { | 1527 | { |
1524 | if (i && (*i)-- == 0) | 1528 | if (i && (*i)-- == 0) |
@@ -1528,7 +1532,7 @@ compat_release_match(struct ip6t_entry_match *m, unsigned int *i) | |||
1528 | return 0; | 1532 | return 0; |
1529 | } | 1533 | } |
1530 | 1534 | ||
1531 | static inline int | 1535 | static int |
1532 | compat_release_entry(struct compat_ip6t_entry *e, unsigned int *i) | 1536 | compat_release_entry(struct compat_ip6t_entry *e, unsigned int *i) |
1533 | { | 1537 | { |
1534 | struct ip6t_entry_target *t; | 1538 | struct ip6t_entry_target *t; |
@@ -1543,7 +1547,7 @@ compat_release_entry(struct compat_ip6t_entry *e, unsigned int *i) | |||
1543 | return 0; | 1547 | return 0; |
1544 | } | 1548 | } |
1545 | 1549 | ||
1546 | static inline int | 1550 | static int |
1547 | check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e, | 1551 | check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e, |
1548 | struct xt_table_info *newinfo, | 1552 | struct xt_table_info *newinfo, |
1549 | unsigned int *size, | 1553 | unsigned int *size, |
@@ -1666,7 +1670,7 @@ compat_copy_entry_from_user(struct compat_ip6t_entry *e, void **dstptr, | |||
1666 | return ret; | 1670 | return ret; |
1667 | } | 1671 | } |
1668 | 1672 | ||
1669 | static inline int compat_check_entry(struct ip6t_entry *e, const char *name, | 1673 | static int compat_check_entry(struct ip6t_entry *e, const char *name, |
1670 | unsigned int *i) | 1674 | unsigned int *i) |
1671 | { | 1675 | { |
1672 | int j, ret; | 1676 | int j, ret; |