[NETFILTER]: arp_tables: move entry and target checks to seperate functions
authorPatrick McHardy <kaber@trash.net>
Tue, 18 Dec 2007 05:56:33 +0000 (21:56 -0800)
committerDavid S. Miller <davem@davemloft.net>
Mon, 28 Jan 2008 22:58:46 +0000 (14:58 -0800)
Resync with ip_tables.c as preparation for compat support.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/netfilter/arp_tables.c

index cafb35ae28561b505e624a54c00e1ff6b12cbc4d..b0f43315842d9fe43dac12198fc4678d71b8e89e 100644 (file)
@@ -435,12 +435,9 @@ static int mark_source_chains(struct xt_table_info *newinfo,
        return 1;
 }
 
-static inline int check_entry(struct arpt_entry *e, const char *name, unsigned int size,
-                             unsigned int *i)
+static inline int check_entry(struct arpt_entry *e, const char *name)
 {
        struct arpt_entry_target *t;
-       struct arpt_target *target;
-       int ret;
 
        if (!arp_checkentry(&e->arp)) {
                duprintf("arp_tables: arp check failed %p %s.\n", e, name);
@@ -454,30 +451,57 @@ static inline int check_entry(struct arpt_entry *e, const char *name, unsigned i
        if (e->target_offset + t->u.target_size > e->next_offset)
                return -EINVAL;
 
+       return 0;
+}
+
+static inline int check_target(struct arpt_entry *e, const char *name)
+{
+       struct arpt_entry_target *t;
+       struct arpt_target *target;
+       int ret;
+
+       t = arpt_get_target(e);
+       target = t->u.kernel.target;
+
+       ret = xt_check_target(target, NF_ARP, t->u.target_size - sizeof(*t),
+                             name, e->comefrom, 0, 0);
+       if (!ret && t->u.kernel.target->checkentry
+           && !t->u.kernel.target->checkentry(name, e, target, t->data,
+                                              e->comefrom)) {
+               duprintf("arp_tables: check failed for `%s'.\n",
+                        t->u.kernel.target->name);
+               ret = -EINVAL;
+       }
+       return ret;
+}
+
+static inline int
+find_check_entry(struct arpt_entry *e, const char *name, unsigned int size,
+                unsigned int *i)
+{
+       struct arpt_entry_target *t;
+       struct arpt_target *target;
+       int ret;
+
+       ret = check_entry(e, name);
+       if (ret)
+               return ret;
+
+       t = arpt_get_target(e);
        target = try_then_request_module(xt_find_target(NF_ARP, t->u.user.name,
                                                        t->u.user.revision),
                                         "arpt_%s", t->u.user.name);
        if (IS_ERR(target) || !target) {
-               duprintf("check_entry: `%s' not found\n", t->u.user.name);
+               duprintf("find_check_entry: `%s' not found\n", t->u.user.name);
                ret = target ? PTR_ERR(target) : -ENOENT;
                goto out;
        }
        t->u.kernel.target = target;
 
-       ret = xt_check_target(target, NF_ARP, t->u.target_size - sizeof(*t),
-                             name, e->comefrom, 0, 0);
+       ret = check_target(e, name);
        if (ret)
                goto err;
 
-       if (t->u.kernel.target->checkentry
-           && !t->u.kernel.target->checkentry(name, e, target, t->data,
-                                              e->comefrom)) {
-               duprintf("arp_tables: check failed for `%s'.\n",
-                        t->u.kernel.target->name);
-               ret = -EINVAL;
-               goto err;
-       }
-
        (*i)++;
        return 0;
 err:
@@ -611,7 +635,7 @@ static int translate_table(const char *name,
        /* Finally, each sanity check must pass */
        i = 0;
        ret = ARPT_ENTRY_ITERATE(entry0, newinfo->size,
-                                check_entry, name, size, &i);
+                                find_check_entry, name, size, &i);
 
        if (ret != 0) {
                ARPT_ENTRY_ITERATE(entry0, newinfo->size,