projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4f2f6f2)
netfilter: xtables: consolidate open-coded logic
authorJan Engelhardt <jengelh@medozas.de>
Wed, 15 Apr 2009 19:06:05 +0000 (21:06 +0200)
committerJan Engelhardt <jengelh@medozas.de>
Fri, 8 May 2009 08:30:48 +0000 (10:30 +0200)
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
net/bridge/netfilter/ebtables.c patch | blob | blame | history
net/ipv4/netfilter/arp_tables.c patch | blob | blame | history
net/ipv4/netfilter/ip_tables.c patch | blob | blame | history
net/ipv6/netfilter/ip6_tables.c patch | blob | blame | history

diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 820252aee81f1c1f59bba3cf3e666c2e494b5812..24555834d4315d049f03bb59092daf77ecbb4647 100644 (file)
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -142,6 +142,12 @@ static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
        return 0;
 }
 
+static inline __pure
+struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry)
+{
+       return (void *)entry + entry->next_offset;
+}
+
 /* Do some firewalling */
 unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
    const struct net_device *in, const struct net_device *out,
@@ -249,8 +255,7 @@ letsreturn:
                /* jump to a udc */
                cs[sp].n = i + 1;
                cs[sp].chaininfo = chaininfo;
-               cs[sp].e = (struct ebt_entry *)
-                  (((char *)point) + point->next_offset);
+               cs[sp].e = ebt_next_entry(point);
                i = 0;
                chaininfo = (struct ebt_entries *) (base + verdict);
 #ifdef CONFIG_NETFILTER_DEBUG
@@ -266,8 +271,7 @@ letsreturn:
                sp++;
                continue;
 letscontinue:
-               point = (struct ebt_entry *)
-                  (((char *)point) + point->next_offset);
+               point = ebt_next_entry(point);
                i++;
        }
 
@@ -787,7 +791,7 @@ static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s
                        /* this can't be 0, so the loop test is correct */
                        cl_s[i].cs.n = pos + 1;
                        pos = 0;
-                       cl_s[i].cs.e = ((void *)e + e->next_offset);
+                       cl_s[i].cs.e = ebt_next_entry(e);
                        e = (struct ebt_entry *)(hlp2->data);
                        nentries = hlp2->nentries;
                        cl_s[i].from = chain_nr;
@@ -797,7 +801,7 @@ static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s
                        continue;
                }
 letscontinue:
-               e = (void *)e + e->next_offset;
+               e = ebt_next_entry(e);
                pos++;
        }
        return 0;
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 831fe1879dc07dfacdb8eff3970829140f748e16..940e54ba21b3ed0bb51155b03ddddd31e091c4bf 100644 (file)
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -231,6 +231,12 @@ static inline struct arpt_entry *get_entry(void *base, unsigned int offset)
        return (struct arpt_entry *)(base + offset);
 }
 
+static inline __pure
+struct arpt_entry *arpt_next_entry(const struct arpt_entry *entry)
+{
+       return (void *)entry + entry->next_offset;
+}
+
 unsigned int arpt_do_table(struct sk_buff *skb,
                           unsigned int hook,
                           const struct net_device *in,
@@ -295,10 +301,10 @@ unsigned int arpt_do_table(struct sk_buff *skb,
                                        continue;
                                }
                                if (table_base + v
-                                   != (void *)e + e->next_offset) {
+                                   != arpt_next_entry(e)) {
                                        /* Save old back ptr in next entry */
                                        struct arpt_entry *next
-                                               = (void *)e + e->next_offset;
+                                               = arpt_next_entry(e);
                                        next->comefrom =
                                                (void *)back - table_base;
 
@@ -320,13 +326,13 @@ unsigned int arpt_do_table(struct sk_buff *skb,
                                arp = arp_hdr(skb);
 
                                if (verdict == ARPT_CONTINUE)
-                                       e = (void *)e + e->next_offset;
+                                       e = arpt_next_entry(e);
                                else
                                        /* Verdict */
                                        break;
                        }
                } else {
-                       e = (void *)e + e->next_offset;
+                       e = arpt_next_entry(e);
                }
        } while (!hotdrop);
        xt_info_rdunlock_bh();
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 16b7c09c0366d2cef23853d41f276d5e846ae67f..7ec4e40927555e45f715b7447b10f2f25dcf36f9 100644 (file)
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -297,6 +297,12 @@ static void trace_packet(struct sk_buff *skb,
 }
 #endif
 
+static inline __pure
+struct ipt_entry *ipt_next_entry(const struct ipt_entry *entry)
+{
+       return (void *)entry + entry->next_offset;
+}
+
 /* Returns one of the generic firewall policies, like NF_ACCEPT. */
 unsigned int
 ipt_do_table(struct sk_buff *skb,
@@ -385,11 +391,11 @@ ipt_do_table(struct sk_buff *skb,
                                                         back->comefrom);
                                        continue;
                                }
-                               if (table_base + v != (void *)e + e->next_offset
+                               if (table_base + v != ipt_next_entry(e)
                                    && !(e->ip.flags & IPT_F_GOTO)) {
                                        /* Save old back ptr in next entry */
                                        struct ipt_entry *next
-                                               = (void *)e + e->next_offset;
+                                               = ipt_next_entry(e);
                                        next->comefrom
                                                = (void *)back - table_base;
                                        /* set back pointer to next entry */
@@ -424,7 +430,7 @@ ipt_do_table(struct sk_buff *skb,
                                datalen = skb->len - ip->ihl * 4;
 
                                if (verdict == IPT_CONTINUE)
-                                       e = (void *)e + e->next_offset;
+                                       e = ipt_next_entry(e);
                                else
                                        /* Verdict */
                                        break;
@@ -432,7 +438,7 @@ ipt_do_table(struct sk_buff *skb,
                } else {
 
                no_match:
-                       e = (void *)e + e->next_offset;
+                       e = ipt_next_entry(e);
                }
        } while (!hotdrop);
        xt_info_rdunlock_bh();
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 4853a3d542b70498c093d1d21d4a3dd3ff1bd011..9176e98ace7af57d70a63e2a25edb1a5440bec8b 100644 (file)
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -329,6 +329,12 @@ static void trace_packet(struct sk_buff *skb,
 }
 #endif
 
+static inline __pure struct ip6t_entry *
+ip6t_next_entry(const struct ip6t_entry *entry)
+{
+       return (void *)entry + entry->next_offset;
+}
+
 /* Returns one of the generic firewall policies, like NF_ACCEPT. */
 unsigned int
 ip6t_do_table(struct sk_buff *skb,
@@ -414,11 +420,11 @@ ip6t_do_table(struct sk_buff *skb,
                                                         back->comefrom);
                                        continue;
                                }
-                               if (table_base + v != (void *)e + e->next_offset
+                               if (table_base + v != ip6t_next_entry(e)
                                    && !(e->ipv6.flags & IP6T_F_GOTO)) {
                                        /* Save old back ptr in next entry */
                                        struct ip6t_entry *next
-                                               = (void *)e + e->next_offset;
+                                               = ip6t_next_entry(e);
                                        next->comefrom
                                                = (void *)back - table_base;
                                        /* set back pointer to next entry */
@@ -451,7 +457,7 @@ ip6t_do_table(struct sk_buff *skb,
                                        = 0x57acc001;
 #endif
                                if (verdict == IP6T_CONTINUE)
-                                       e = (void *)e + e->next_offset;
+                                       e = ip6t_next_entry(e);
                                else
                                        /* Verdict */
                                        break;
@@ -459,7 +465,7 @@ ip6t_do_table(struct sk_buff *skb,
                } else {
 
                no_match:
-                       e = (void *)e + e->next_offset;
+                       e = ip6t_next_entry(e);
                }
        } while (!hotdrop);
 
kernel source for telekom puls (alcatel/mediatek)