lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

netfilter: xtables: combine struct xt_match_param and xt_target_param

Browse Source 
The structures carried - besides match/target - almost the same data.
It is possible to combine them, as extensions are evaluated serially,
and so, the callers end up a little smaller.

  text  data  bss  filename
-15318   740  104  net/ipv4/netfilter/ip_tables.o
+15286   740  104  net/ipv4/netfilter/ip_tables.o
-15333   540  152  net/ipv6/netfilter/ip6_tables.o
+15269   540  152  net/ipv6/netfilter/ip6_tables.o

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
This commit is contained in:
Jan Engelhardt
2009-07-05 18:26:37 +02:00
parent ef53d702c3
commit de74c16996
5 changed files with 68 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
net/ipv6/netfilter/ip6_tables.c
View File

@@ -345,8 +345,7 @@ ip6t_do_table(struct sk_buff *skb,
struct ip6t_entry *e, **jumpstack;
unsigned int *stackptr, origptr, cpu;
const struct xt_table_info *private;
struct xt_match_param mtpar;
struct xt_target_param tgpar;
struct xt_action_param acpar;
/* Initialization */
indev = in ? in->name : nulldevname;
@@ -357,11 +356,11 @@ ip6t_do_table(struct sk_buff *skb,
* things we don't know, ie. tcp syn flag or ports). If the
* rule is also a fragment-specific rule, non-fragments won't
* match it. */
mtpar.hotdrop = &hotdrop;
mtpar.in = tgpar.in = in;
mtpar.out = tgpar.out = out;
mtpar.family = tgpar.family = NFPROTO_IPV6;
mtpar.hooknum = tgpar.hooknum = hook;
acpar.hotdrop = &hotdrop;
acpar.in = in;
acpar.out = out;
acpar.family = NFPROTO_IPV6;
acpar.hooknum = hook;
IP_NF_ASSERT(table->valid_hooks & (1 << hook));
@@ -381,16 +380,16 @@ ip6t_do_table(struct sk_buff *skb,
IP_NF_ASSERT(e);
if (!ip6_packet_match(skb, indev, outdev, &e->ipv6,
&mtpar.thoff, &mtpar.fragoff, &hotdrop)) {
&acpar.thoff, &acpar.fragoff, &hotdrop)) {
no_match:
e = ip6t_next_entry(e);
continue;
}
xt_ematch_foreach(ematch, e) {
mtpar.match = ematch->u.kernel.match;
mtpar.matchinfo = ematch->data;
if (!mtpar.match->match(skb, &mtpar))
acpar.match = ematch->u.kernel.match;
acpar.matchinfo = ematch->data;
if (!acpar.match->match(skb, &acpar))
goto no_match;
}
@@ -439,10 +438,10 @@ ip6t_do_table(struct sk_buff *skb,
continue;
}
tgpar.target = t->u.kernel.target;
tgpar.targinfo = t->data;
acpar.target = t->u.kernel.target;
acpar.targinfo = t->data;
verdict = t->u.kernel.target->target(skb, &tgpar);
verdict = t->u.kernel.target->target(skb, &acpar);
if (verdict == IP6T_CONTINUE)
e = ip6t_next_entry(e);
else