diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2009-04-15 21:06:05 +0200 |
---|---|---|
committer | Jan Engelhardt <jengelh@medozas.de> | 2009-05-08 10:30:48 +0200 |
commit | 98e86403162d08a30b03426c54c2a8fca1f695d1 (patch) | |
tree | 0b610ebf8ce2978a9de090435607617f545252ae /net/ipv4 | |
parent | 4f2f6f236af484ada595ff37d0ee1902aa56221f (diff) |
netfilter: xtables: consolidate open-coded logic
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 14 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 14 |
2 files changed, 20 insertions, 8 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 831fe1879dc..940e54ba21b 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -231,6 +231,12 @@ static inline struct arpt_entry *get_entry(void *base, unsigned int offset) return (struct arpt_entry *)(base + offset); } +static inline __pure +struct arpt_entry *arpt_next_entry(const struct arpt_entry *entry) +{ + return (void *)entry + entry->next_offset; +} + unsigned int arpt_do_table(struct sk_buff *skb, unsigned int hook, const struct net_device *in, @@ -295,10 +301,10 @@ unsigned int arpt_do_table(struct sk_buff *skb, continue; } if (table_base + v - != (void *)e + e->next_offset) { + != arpt_next_entry(e)) { /* Save old back ptr in next entry */ struct arpt_entry *next - = (void *)e + e->next_offset; + = arpt_next_entry(e); next->comefrom = (void *)back - table_base; @@ -320,13 +326,13 @@ unsigned int arpt_do_table(struct sk_buff *skb, arp = arp_hdr(skb); if (verdict == ARPT_CONTINUE) - e = (void *)e + e->next_offset; + e = arpt_next_entry(e); else /* Verdict */ break; } } else { - e = (void *)e + e->next_offset; + e = arpt_next_entry(e); } } while (!hotdrop); xt_info_rdunlock_bh(); diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 16b7c09c036..7ec4e409275 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -297,6 +297,12 @@ static void trace_packet(struct sk_buff *skb, } #endif +static inline __pure +struct ipt_entry *ipt_next_entry(const struct ipt_entry *entry) +{ + return (void *)entry + entry->next_offset; +} + /* Returns one of the generic firewall policies, like NF_ACCEPT. */ unsigned int ipt_do_table(struct sk_buff *skb, @@ -385,11 +391,11 @@ ipt_do_table(struct sk_buff *skb, back->comefrom); continue; } - if (table_base + v != (void *)e + e->next_offset + if (table_base + v != ipt_next_entry(e) && !(e->ip.flags & IPT_F_GOTO)) { /* Save old back ptr in next entry */ struct ipt_entry *next - = (void *)e + e->next_offset; + = ipt_next_entry(e); next->comefrom = (void *)back - table_base; /* set back pointer to next entry */ @@ -424,7 +430,7 @@ ipt_do_table(struct sk_buff *skb, datalen = skb->len - ip->ihl * 4; if (verdict == IPT_CONTINUE) - e = (void *)e + e->next_offset; + e = ipt_next_entry(e); else /* Verdict */ break; @@ -432,7 +438,7 @@ ipt_do_table(struct sk_buff *skb, } else { no_match: - e = (void *)e + e->next_offset; + e = ipt_next_entry(e); } } while (!hotdrop); xt_info_rdunlock_bh(); |