lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

netfilter: xtables: consolidate open-coded logic

Browse Source 
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
This commit is contained in:
Jan Engelhardt
2009-04-15 21:06:05 +02:00
parent 4f2f6f236a
commit 98e8640316
4 changed files with 40 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
net/ipv4/netfilter/arp_tables.c
View File

@@ -231,6 +231,12 @@ static inline struct arpt_entry *get_entry(void *base, unsigned int offset)
return (struct arpt_entry *)(base + offset);
}
static inline __pure
struct arpt_entry *arpt_next_entry(const struct arpt_entry *entry)
{
return (void *)entry + entry->next_offset;
}
unsigned int arpt_do_table(struct sk_buff *skb,
unsigned int hook,
const struct net_device *in,
@@ -295,10 +301,10 @@ unsigned int arpt_do_table(struct sk_buff *skb,
continue;
}
if (table_base + v
!= (void *)e + e->next_offset) {
!= arpt_next_entry(e)) {
/* Save old back ptr in next entry */
struct arpt_entry *next
= (void *)e + e->next_offset;
= arpt_next_entry(e);
next->comefrom =
(void *)back - table_base;
@@ -320,13 +326,13 @@ unsigned int arpt_do_table(struct sk_buff *skb,
arp = arp_hdr(skb);
if (verdict == ARPT_CONTINUE)
e = (void *)e + e->next_offset;
e = arpt_next_entry(e);
else
/* Verdict */
break;
}
} else {
e = (void *)e + e->next_offset;
e = arpt_next_entry(e);
}
} while (!hotdrop);
xt_info_rdunlock_bh();

14
net/ipv4/netfilter/ip_tables.c
View File

@@ -297,6 +297,12 @@ static void trace_packet(struct sk_buff *skb,
}
#endif
static inline __pure
struct ipt_entry *ipt_next_entry(const struct ipt_entry *entry)
{
return (void *)entry + entry->next_offset;
}
/* Returns one of the generic firewall policies, like NF_ACCEPT. */
unsigned int
ipt_do_table(struct sk_buff *skb,
@@ -385,11 +391,11 @@ ipt_do_table(struct sk_buff *skb,
back->comefrom);
continue;
}
if (table_base + v != (void *)e + e->next_offset
if (table_base + v != ipt_next_entry(e)
&& !(e->ip.flags & IPT_F_GOTO)) {
/* Save old back ptr in next entry */
struct ipt_entry *next
= (void *)e + e->next_offset;
= ipt_next_entry(e);
next->comefrom
= (void *)back - table_base;
/* set back pointer to next entry */
@@ -424,7 +430,7 @@ ipt_do_table(struct sk_buff *skb,
datalen = skb->len - ip->ihl * 4;
if (verdict == IPT_CONTINUE)
e = (void *)e + e->next_offset;
e = ipt_next_entry(e);
else
/* Verdict */
break;
@@ -432,7 +438,7 @@ ipt_do_table(struct sk_buff *skb,
} else {
no_match:
e = (void *)e + e->next_offset;
e = ipt_next_entry(e);
}
} while (!hotdrop);
xt_info_rdunlock_bh();