summaryrefslogtreecommitdiff
path: root/net/ipv4/netfilter
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2009-04-15 21:06:05 +0200
committerJan Engelhardt <jengelh@medozas.de>2009-05-08 10:30:48 +0200
commit98e86403162d08a30b03426c54c2a8fca1f695d1 (patch)
tree0b610ebf8ce2978a9de090435607617f545252ae /net/ipv4/netfilter
parent4f2f6f236af484ada595ff37d0ee1902aa56221f (diff)
netfilter: xtables: consolidate open-coded logic
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'net/ipv4/netfilter')
-rw-r--r--net/ipv4/netfilter/arp_tables.c14
-rw-r--r--net/ipv4/netfilter/ip_tables.c14
2 files changed, 20 insertions, 8 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 831fe1879dc0..940e54ba21b3 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -231,6 +231,12 @@ static inline struct arpt_entry *get_entry(void *base, unsigned int offset)
return (struct arpt_entry *)(base + offset);
}
+static inline __pure
+struct arpt_entry *arpt_next_entry(const struct arpt_entry *entry)
+{
+ return (void *)entry + entry->next_offset;
+}
+
unsigned int arpt_do_table(struct sk_buff *skb,
unsigned int hook,
const struct net_device *in,
@@ -295,10 +301,10 @@ unsigned int arpt_do_table(struct sk_buff *skb,
continue;
}
if (table_base + v
- != (void *)e + e->next_offset) {
+ != arpt_next_entry(e)) {
/* Save old back ptr in next entry */
struct arpt_entry *next
- = (void *)e + e->next_offset;
+ = arpt_next_entry(e);
next->comefrom =
(void *)back - table_base;
@@ -320,13 +326,13 @@ unsigned int arpt_do_table(struct sk_buff *skb,
arp = arp_hdr(skb);
if (verdict == ARPT_CONTINUE)
- e = (void *)e + e->next_offset;
+ e = arpt_next_entry(e);
else
/* Verdict */
break;
}
} else {
- e = (void *)e + e->next_offset;
+ e = arpt_next_entry(e);
}
} while (!hotdrop);
xt_info_rdunlock_bh();
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 16b7c09c0366..7ec4e4092755 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -297,6 +297,12 @@ static void trace_packet(struct sk_buff *skb,
}
#endif
+static inline __pure
+struct ipt_entry *ipt_next_entry(const struct ipt_entry *entry)
+{
+ return (void *)entry + entry->next_offset;
+}
+
/* Returns one of the generic firewall policies, like NF_ACCEPT. */
unsigned int
ipt_do_table(struct sk_buff *skb,
@@ -385,11 +391,11 @@ ipt_do_table(struct sk_buff *skb,
back->comefrom);
continue;
}
- if (table_base + v != (void *)e + e->next_offset
+ if (table_base + v != ipt_next_entry(e)
&& !(e->ip.flags & IPT_F_GOTO)) {
/* Save old back ptr in next entry */
struct ipt_entry *next
- = (void *)e + e->next_offset;
+ = ipt_next_entry(e);
next->comefrom
= (void *)back - table_base;
/* set back pointer to next entry */
@@ -424,7 +430,7 @@ ipt_do_table(struct sk_buff *skb,
datalen = skb->len - ip->ihl * 4;
if (verdict == IPT_CONTINUE)
- e = (void *)e + e->next_offset;
+ e = ipt_next_entry(e);
else
/* Verdict */
break;
@@ -432,7 +438,7 @@ ipt_do_table(struct sk_buff *skb,
} else {
no_match:
- e = (void *)e + e->next_offset;
+ e = ipt_next_entry(e);
}
} while (!hotdrop);
xt_info_rdunlock_bh();