Ebtables cleanup patches

All of lore.kernel.org
 help / color / mirror / Atom feed

* Ebtables cleanup patches
@ 2010-10-21 15:06 Jan Engelhardt
  2010-10-21 15:06 ` [PATCH 1/5] netfilter: ebtables: remove unused definitions Jan Engelhardt
                   ` (5 more replies)
  0 siblings, 6 replies; 7+ messages in thread
From: Jan Engelhardt @ 2010-10-21 15:06 UTC (permalink / raw)
  To: kaber; +Cc: netfilter-devel, bdschuym


The following changes since commit 093d282321daeb19c107e5f1f16d7f68484f3ade:

  tproxy: fix hash locking issue when using port redirection in __inet_inherit_port() (2010-10-21 13:06:43 +0200)

are available in the git repository at:
  git://dev.medozas.de/linux ebtables

Jan Engelhardt (5):
      netfilter: ebtables: remove unused definitions
      netfilter: xtables: add a missing pair of parentheses
      netfilter: ebtables: replace EBT_ENTRY_ITERATE macro
      netfilter: ebtables: replace EBT_MATCH_ITERATE macro
      netfilter: ebtables: replace EBT_WATCHER_ITERATE macro

 include/linux/netfilter/x_tables.h        |    2 +-
 include/linux/netfilter_bridge/ebtables.h |   80 ++++---------
 net/bridge/netfilter/ebtables.c           |  186 ++++++++++++++++++++---------
 3 files changed, 155 insertions(+), 113 deletions(-)

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH 1/5] netfilter: ebtables: remove unused definitions
  2010-10-21 15:06 Ebtables cleanup patches Jan Engelhardt
@ 2010-10-21 15:06 ` Jan Engelhardt
  2010-10-21 15:06 ` [PATCH 2/5] netfilter: xtables: add a missing pair of parentheses Jan Engelhardt
                   ` (4 subsequent siblings)
  5 siblings, 0 replies; 7+ messages in thread
From: Jan Engelhardt @ 2010-10-21 15:06 UTC (permalink / raw)
  To: kaber; +Cc: netfilter-devel, bdschuym

Userspace does not make use of the inner definitions, so we can remove
these from the header now.

v2.6.27-rc8-947-g66bff35 removed the last uses of these structs in the
kernel.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 include/linux/netfilter_bridge/ebtables.h |   52 -----------------------------
 1 files changed, 0 insertions(+), 52 deletions(-)

diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index 1c6f0c5..cbbb883 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -199,58 +199,6 @@ struct ebt_entry {
 #define EBT_MATCH 0
 #define EBT_NOMATCH 1
 
-struct ebt_match {
-	struct list_head list;
-	const char name[EBT_FUNCTION_MAXNAMELEN];
-	bool (*match)(const struct sk_buff *skb, const struct net_device *in,
-		const struct net_device *out, const struct xt_match *match,
-		const void *matchinfo, int offset, unsigned int protoff,
-		bool *hotdrop);
-	bool (*checkentry)(const char *table, const void *entry,
-		const struct xt_match *match, void *matchinfo,
-		unsigned int hook_mask);
-	void (*destroy)(const struct xt_match *match, void *matchinfo);
-	unsigned int matchsize;
-	u_int8_t revision;
-	u_int8_t family;
-	struct module *me;
-};
-
-struct ebt_watcher {
-	struct list_head list;
-	const char name[EBT_FUNCTION_MAXNAMELEN];
-	unsigned int (*target)(struct sk_buff *skb,
-		const struct net_device *in, const struct net_device *out,
-		unsigned int hook_num, const struct xt_target *target,
-		const void *targinfo);
-	bool (*checkentry)(const char *table, const void *entry,
-		const struct xt_target *target, void *targinfo,
-		unsigned int hook_mask);
-	void (*destroy)(const struct xt_target *target, void *targinfo);
-	unsigned int targetsize;
-	u_int8_t revision;
-	u_int8_t family;
-	struct module *me;
-};
-
-struct ebt_target {
-	struct list_head list;
-	const char name[EBT_FUNCTION_MAXNAMELEN];
-	/* returns one of the standard EBT_* verdicts */
-	unsigned int (*target)(struct sk_buff *skb,
-		const struct net_device *in, const struct net_device *out,
-		unsigned int hook_num, const struct xt_target *target,
-		const void *targinfo);
-	bool (*checkentry)(const char *table, const void *entry,
-		const struct xt_target *target, void *targinfo,
-		unsigned int hook_mask);
-	void (*destroy)(const struct xt_target *target, void *targinfo);
-	unsigned int targetsize;
-	u_int8_t revision;
-	u_int8_t family;
-	struct module *me;
-};
-
 /* used for jumping from and into user defined chains (udc) */
 struct ebt_chainstack {
 	struct ebt_entries *chaininfo; /* pointer to chain data */
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [PATCH 2/5] netfilter: xtables: add a missing pair of parentheses
  2010-10-21 15:06 Ebtables cleanup patches Jan Engelhardt
  2010-10-21 15:06 ` [PATCH 1/5] netfilter: ebtables: remove unused definitions Jan Engelhardt
@ 2010-10-21 15:06 ` Jan Engelhardt
  2010-10-21 15:06 ` [PATCH 3/5] netfilter: ebtables: replace EBT_ENTRY_ITERATE macro Jan Engelhardt
                   ` (3 subsequent siblings)
  5 siblings, 0 replies; 7+ messages in thread
From: Jan Engelhardt @ 2010-10-21 15:06 UTC (permalink / raw)
  To: kaber; +Cc: netfilter-devel, bdschuym

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 include/linux/netfilter/x_tables.h |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 742bec0..9f69599 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -177,7 +177,7 @@ struct xt_counters_info {
 
 /* can only be xt_entry_match, so no use of typeof here */
 #define xt_ematch_foreach(pos, entry) \
-	for ((pos) = (struct xt_entry_match *)entry->elems; \
+	for ((pos) = (struct xt_entry_match *)(entry)->elems; \
 	     (pos) < (struct xt_entry_match *)((char *)(entry) + \
 	             (entry)->target_offset); \
 	     (pos) = (struct xt_entry_match *)((char *)(pos) + \
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [PATCH 3/5] netfilter: ebtables: replace EBT_ENTRY_ITERATE macro
  2010-10-21 15:06 Ebtables cleanup patches Jan Engelhardt
  2010-10-21 15:06 ` [PATCH 1/5] netfilter: ebtables: remove unused definitions Jan Engelhardt
  2010-10-21 15:06 ` [PATCH 2/5] netfilter: xtables: add a missing pair of parentheses Jan Engelhardt
@ 2010-10-21 15:06 ` Jan Engelhardt
  2010-10-21 15:06 ` [PATCH 4/5] netfilter: ebtables: replace EBT_MATCH_ITERATE macro Jan Engelhardt
                   ` (2 subsequent siblings)
  5 siblings, 0 replies; 7+ messages in thread
From: Jan Engelhardt @ 2010-10-21 15:06 UTC (permalink / raw)
  To: kaber; +Cc: netfilter-devel, bdschuym

The macro is replaced by a list.h-like foreach loop. This makes the

This is similar to v2.6.33-rc8-1212-g72b2b1d.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 include/linux/netfilter_bridge/ebtables.h |   14 ++++-
 net/bridge/netfilter/ebtables.c           |   93 +++++++++++++++++++----------
 2 files changed, 74 insertions(+), 33 deletions(-)

diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index cbbb883..af0b721 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -254,8 +254,15 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
 
 #endif /* __KERNEL__ */
 
-/* blatently stolen from ip_tables.h
+/* blatantly stolen from ip_tables.h
  * fn returns 0 to continue iteration */
+#define ebt_entry_foreach(pos, ehead, esize) \
+	for ((pos) = (struct ebt_entry *)(ehead); \
+	     (pos) < (struct ebt_entry *)((char *)(ehead) + (esize)); \
+	     (pos) = (struct ebt_entry *)((char *)(pos) + \
+	             ((pos)->bitmask == 0 ? sizeof(struct ebt_entries) : \
+	             (pos)->next_offset)))
+
 #define EBT_MATCH_ITERATE(e, fn, args...)                   \
 ({                                                          \
 	unsigned int __i;                                   \
@@ -302,6 +309,7 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
 	__ret;                                              \
 })
 
+#ifndef __KERNEL__
 #define EBT_ENTRY_ITERATE(entries, size, fn, args...)       \
 ({                                                          \
 	unsigned int __i;                                   \
@@ -324,5 +332,7 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
 	}                                                   \
 	__ret;                                              \
 })
+#endif /* __KERNEL__ */
+
+#endif /* __LINUX_BRIDGE_EFF_H */
 
-#endif
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index bcc102e..ef4ca1b 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -834,6 +834,7 @@ static int translate_table(struct net *net, const char *name,
 	unsigned int i, j, k, udc_cnt;
 	int ret;
 	struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */
+	struct ebt_entry *entry;
 
 	i = 0;
 	while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
@@ -864,12 +865,12 @@ static int translate_table(struct net *net, const char *name,
 	k = 0; /* holds the total nr. of entries, should equal
 		  newinfo->nentries afterwards */
 	udc_cnt = 0; /* will hold the nr. of user defined chains (udc) */
-	ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
-	   ebt_check_entry_size_and_hooks, newinfo,
-	   &i, &j, &k, &udc_cnt);
-
-	if (ret != 0)
-		return ret;
+	ebt_entry_foreach(entry, newinfo->entries, newinfo->entries_size) {
+		ret = ebt_check_entry_size_and_hooks(entry, newinfo,
+						     &i, &j, &k, &udc_cnt);
+		if (ret != 0)
+			return ret;
+	}
 
 	if (i != j) {
 		BUGPRINT("nentries does not equal the nr of entries in the "
@@ -906,8 +907,10 @@ static int translate_table(struct net *net, const char *name,
 		if (!cl_s)
 			return -ENOMEM;
 		i = 0; /* the i'th udc */
-		EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
-		   ebt_get_udc_positions, newinfo, &i, cl_s);
+		ebt_entry_foreach(entry, newinfo->entries,
+		    newinfo->entries_size)
+			if (ebt_get_udc_positions(entry, newinfo, &i, cl_s) < 0)
+				break;
 		/* sanity check */
 		if (i != udc_cnt) {
 			BUGPRINT("i != udc_cnt\n");
@@ -937,12 +940,18 @@ static int translate_table(struct net *net, const char *name,
 
 	/* used to know what we need to clean up if something goes wrong */
 	i = 0;
-	ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
-	   ebt_check_entry, net, newinfo, name, &i, cl_s, udc_cnt);
-	if (ret != 0) {
-		EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
-				  ebt_cleanup_entry, net, &i);
+	ret = 0;
+	ebt_entry_foreach(entry, newinfo->entries, newinfo->entries_size) {
+		ret = ebt_check_entry(entry, net, newinfo, name, &i,
+				      cl_s, udc_cnt);
+		if (ret != 0)
+			break;
 	}
+	if (ret != 0)
+		ebt_entry_foreach(entry, newinfo->entries,
+		    newinfo->entries_size)
+			if (ebt_cleanup_entry(entry, net, &i) != 0)
+				break;
 	vfree(cl_s);
 	return ret;
 }
@@ -978,6 +987,7 @@ static int do_replace_finish(struct net *net, struct ebt_replace *repl,
 	/* used to be able to unlock earlier */
 	struct ebt_table_info *table;
 	struct ebt_table *t;
+	struct ebt_entry *entry;
 
 	/* the user wants counters back
 	   the check on the size is done later, when we have the lock */
@@ -1044,8 +1054,9 @@ static int do_replace_finish(struct net *net, struct ebt_replace *repl,
 		ret = 0;
 
 	/* decrease module count and free resources */
-	EBT_ENTRY_ITERATE(table->entries, table->entries_size,
-			  ebt_cleanup_entry, net, NULL);
+	ebt_entry_foreach(entry, table->entries, table->entries_size)
+		if (ebt_cleanup_entry(entry, net, NULL) != 0)
+			break;
 
 	vfree(table->entries);
 	if (table->chainstack) {
@@ -1061,8 +1072,9 @@ static int do_replace_finish(struct net *net, struct ebt_replace *repl,
 free_unlock:
 	mutex_unlock(&ebt_mutex);
 free_iterate:
-	EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
-			  ebt_cleanup_entry, net, NULL);
+	ebt_entry_foreach(entry, newinfo->entries, newinfo->entries_size)
+		if (ebt_cleanup_entry(entry, net, NULL) != 0)
+			break;
 free_counterstmp:
 	vfree(counterstmp);
 	/* can be initialized in translate_table() */
@@ -1234,6 +1246,7 @@ out:
 
 void ebt_unregister_table(struct net *net, struct ebt_table *table)
 {
+	struct ebt_entry *entry;
 	int i;
 
 	if (!table) {
@@ -1243,8 +1256,10 @@ void ebt_unregister_table(struct net *net, struct ebt_table *table)
 	mutex_lock(&ebt_mutex);
 	list_del(&table->list);
 	mutex_unlock(&ebt_mutex);
-	EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,
-			  ebt_cleanup_entry, net, NULL);
+	ebt_entry_foreach(entry, table->private->entries,
+	    table->private->entries_size)
+		if (ebt_cleanup_entry(entry, net, NULL) != 0)
+			break;
 	if (table->private->nentries)
 		module_put(table->me);
 	vfree(table->private->entries);
@@ -1403,6 +1418,7 @@ static int copy_everything_to_user(struct ebt_table *t, void __user *user,
 	struct ebt_replace tmp;
 	const struct ebt_counter *oldcounters;
 	unsigned int entries_size, nentries;
+	struct ebt_entry *entry;
 	int ret;
 	char *entries;
 
@@ -1445,8 +1461,12 @@ static int copy_everything_to_user(struct ebt_table *t, void __user *user,
 		return -EFAULT;
 	}
 	/* set the match/watcher/target names right */
-	return EBT_ENTRY_ITERATE(entries, entries_size,
-	   ebt_make_names, entries, tmp.entries);
+	ebt_entry_foreach(entry, entries, entries_size) {
+		ret = ebt_make_names(entry, entries, tmp.entries);
+		if (ret != 0)
+			return ret;
+	}
+	return 0;
 }
 
 static int do_ebt_set_ctl(struct sock *sk,
@@ -1755,11 +1775,16 @@ static int compat_table_info(const struct ebt_table_info *info,
 {
 	unsigned int size = info->entries_size;
 	const void *entries = info->entries;
+	struct ebt_entry *entry;
+	int ret;
 
 	newinfo->entries_size = size;
-
-	return EBT_ENTRY_ITERATE(entries, size, compat_calc_entry, info,
-							entries, newinfo);
+	ebt_entry_foreach(entry, entries, size) {
+		ret = compat_calc_entry(entry, info, entries, newinfo);
+		if (ret != 0)
+			return ret;
+	}
+	return 0;
 }
 
 static int compat_copy_everything_to_user(struct ebt_table *t,
@@ -1768,6 +1793,7 @@ static int compat_copy_everything_to_user(struct ebt_table *t,
 	struct compat_ebt_replace repl, tmp;
 	struct ebt_counter *oldcounters;
 	struct ebt_table_info tinfo;
+	struct ebt_entry *entry;
 	int ret;
 	void __user *pos;
 
@@ -1814,8 +1840,12 @@ static int compat_copy_everything_to_user(struct ebt_table *t,
 		return ret;
 
 	pos = compat_ptr(tmp.entries);
-	return EBT_ENTRY_ITERATE(tinfo.entries, tinfo.entries_size,
-			compat_copy_entry_to_user, &pos, &tmp.entries_size);
+	ebt_entry_foreach(entry, tinfo.entries, tinfo.entries_size) {
+		ret = compat_copy_entry_to_user(entry, &pos, &tmp.entries_size);
+		if (ret != 0)
+			return ret;
+	}
+	return 0;
 }
 
 struct ebt_entries_buf_state {
@@ -2141,13 +2171,14 @@ static int compat_copy_entries(unsigned char *data, unsigned int size_user,
 				struct ebt_entries_buf_state *state)
 {
 	unsigned int size_remaining = size_user;
+	struct ebt_entry *entry;
 	int ret;
 
-	ret = EBT_ENTRY_ITERATE(data, size_user, size_entry_mwt, data,
-					&size_remaining, state);
-	if (ret < 0)
-		return ret;
-
+	ebt_entry_foreach(entry, data, size_user) {
+		ret = size_entry_mwt(entry, data, &size_remaining, state);
+		if (ret != 0)
+			return ret;
+	}
 	WARN_ON(size_remaining);
 	return state->buf_kern_offset;
 }
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [PATCH 4/5] netfilter: ebtables: replace EBT_MATCH_ITERATE macro
  2010-10-21 15:06 Ebtables cleanup patches Jan Engelhardt
                   ` (2 preceding siblings ...)
  2010-10-21 15:06 ` [PATCH 3/5] netfilter: ebtables: replace EBT_ENTRY_ITERATE macro Jan Engelhardt
@ 2010-10-21 15:06 ` Jan Engelhardt
  2010-10-21 15:06 ` [PATCH 5/5] netfilter: ebtables: replace EBT_WATCHER_ITERATE macro Jan Engelhardt
  2010-10-21 15:13 ` Ebtables cleanup patches Patrick McHardy
  5 siblings, 0 replies; 7+ messages in thread
From: Jan Engelhardt @ 2010-10-21 15:06 UTC (permalink / raw)
  To: kaber; +Cc: netfilter-devel, bdschuym

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 include/linux/netfilter_bridge/ebtables.h |    9 +++++
 net/bridge/netfilter/ebtables.c           |   47 ++++++++++++++++++++--------
 2 files changed, 42 insertions(+), 14 deletions(-)

diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index af0b721..1c33b9e 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -263,6 +263,14 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
 	             ((pos)->bitmask == 0 ? sizeof(struct ebt_entries) : \
 	             (pos)->next_offset)))
 
+#define ebt_ematch_foreach(pos, entry) \
+	for ((pos) = (struct ebt_entry_match *)(entry)->elems; \
+	     (pos) < (struct ebt_entry_match *)((char *)(entry) + \
+	             (entry)->watchers_offset); \
+	     (pos) = (struct ebt_entry_match *)((char *)((pos)->data) + \
+	             (pos)->match_size))
+
+#ifndef __KERNEL__
 #define EBT_MATCH_ITERATE(e, fn, args...)                   \
 ({                                                          \
 	unsigned int __i;                                   \
@@ -285,6 +293,7 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
 	}                                                   \
 	__ret;                                              \
 })
+#endif
 
 #define EBT_WATCHER_ITERATE(e, fn, args...)                 \
 ({                                                          \
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index ef4ca1b..1960c68 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -190,6 +190,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
 	const char *base;
 	const struct ebt_table_info *private;
 	struct xt_action_param acpar;
+	struct ebt_entry_match *ematch;
 
 	acpar.family  = NFPROTO_BRIDGE;
 	acpar.in      = in;
@@ -216,8 +217,9 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
 		if (ebt_basic_match(point, eth_hdr(skb), in, out))
 			goto letscontinue;
 
-		if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &acpar) != 0)
-			goto letscontinue;
+		ebt_ematch_foreach(ematch, point)
+			if (ebt_do_match(ematch, skb, &acpar) != 0)
+				goto letscontinue;
 		if (acpar.hotdrop) {
 			read_unlock_bh(&table->lock);
 			return NF_DROP;
@@ -621,6 +623,7 @@ ebt_cleanup_entry(struct ebt_entry *e, struct net *net, unsigned int *cnt)
 {
 	struct xt_tgdtor_param par;
 	struct ebt_entry_target *t;
+	struct ebt_entry_match *ematch;
 
 	if (e->bitmask == 0)
 		return 0;
@@ -628,7 +631,9 @@ ebt_cleanup_entry(struct ebt_entry *e, struct net *net, unsigned int *cnt)
 	if (cnt && (*cnt)-- == 0)
 		return 1;
 	EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, NULL);
-	EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, NULL);
+	ebt_ematch_foreach(ematch, e)
+		if (ebt_cleanup_match(ematch, net, NULL) != 0)
+			break;
 	t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
 
 	par.net      = net;
@@ -654,6 +659,7 @@ ebt_check_entry(struct ebt_entry *e, struct net *net,
 	int ret;
 	struct xt_mtchk_param mtpar;
 	struct xt_tgchk_param tgpar;
+	struct ebt_entry_match *ematch;
 
 	/* don't mess with the struct ebt_entries */
 	if (e->bitmask == 0)
@@ -700,9 +706,11 @@ ebt_check_entry(struct ebt_entry *e, struct net *net,
 	mtpar.entryinfo = tgpar.entryinfo = e;
 	mtpar.hook_mask = tgpar.hook_mask = hookmask;
 	mtpar.family    = tgpar.family    = NFPROTO_BRIDGE;
-	ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i);
-	if (ret != 0)
-		goto cleanup_matches;
+	ebt_ematch_foreach(ematch, e) {
+		ret = ebt_check_match(ematch, &mtpar, &i);
+		if (ret != 0)
+			goto cleanup_matches;
+	}
 	j = 0;
 	ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
 	if (ret != 0)
@@ -748,7 +756,9 @@ ebt_check_entry(struct ebt_entry *e, struct net *net,
 cleanup_watchers:
 	EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, &j);
 cleanup_matches:
-	EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, &i);
+	ebt_ematch_foreach(ematch, e)
+		if (ebt_cleanup_match(ematch, net, &i) != 0)
+			break;
 	return ret;
 }
 
@@ -1361,6 +1371,7 @@ ebt_make_names(struct ebt_entry *e, const char *base, char __user *ubase)
 	int ret;
 	char __user *hlp;
 	const struct ebt_entry_target *t;
+	struct ebt_entry_match *ematch;
 
 	if (e->bitmask == 0)
 		return 0;
@@ -1368,9 +1379,11 @@ ebt_make_names(struct ebt_entry *e, const char *base, char __user *ubase)
 	hlp = ubase + (((char *)e + e->target_offset) - base);
 	t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
 
-	ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase);
-	if (ret != 0)
-		return ret;
+	ebt_ematch_foreach(ematch, e) {
+		ret = ebt_make_matchname(ematch, base, ubase);
+		if (ret != 0)
+			return ret;
+	}
 	ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
 	if (ret != 0)
 		return ret;
@@ -1663,6 +1676,7 @@ static int compat_copy_entry_to_user(struct ebt_entry *e, void __user **dstptr,
 	struct ebt_entry __user *ce;
 	u32 watchers_offset, target_offset, next_offset;
 	compat_uint_t origsize;
+	struct ebt_entry_match *ematch;
 	int ret;
 
 	if (e->bitmask == 0) {
@@ -1686,9 +1700,11 @@ static int compat_copy_entry_to_user(struct ebt_entry *e, void __user **dstptr,
 	origsize = *size;
 	*dstptr += sizeof(*ce);
 
-	ret = EBT_MATCH_ITERATE(e, compat_match_to_user, dstptr, size);
-	if (ret)
-		return ret;
+	ebt_ematch_foreach(ematch, e) {
+		ret = compat_match_to_user(ematch, dstptr, size);
+		if (ret != 0)
+			return ret;
+	}
 	watchers_offset = e->watchers_offset - (origsize - *size);
 
 	ret = EBT_WATCHER_ITERATE(e, compat_watcher_to_user, dstptr, size);
@@ -1733,6 +1749,7 @@ static int compat_calc_entry(const struct ebt_entry *e,
 {
 	const struct ebt_entry_target *t;
 	unsigned int entry_offset;
+	struct ebt_entry_match *ematch;
 	int off, ret, i;
 
 	if (e->bitmask == 0)
@@ -1741,7 +1758,9 @@ static int compat_calc_entry(const struct ebt_entry *e,
 	off = 0;
 	entry_offset = (void *)e - base;
 
-	EBT_MATCH_ITERATE(e, compat_calc_match, &off);
+	ebt_ematch_foreach(ematch, e)
+		if (compat_calc_match(ematch, &off) != 0)
+			break;
 	EBT_WATCHER_ITERATE(e, compat_calc_watcher, &off);
 
 	t = (const struct ebt_entry_target *) ((char *) e + e->target_offset);
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [PATCH 5/5] netfilter: ebtables: replace EBT_WATCHER_ITERATE macro
  2010-10-21 15:06 Ebtables cleanup patches Jan Engelhardt
                   ` (3 preceding siblings ...)
  2010-10-21 15:06 ` [PATCH 4/5] netfilter: ebtables: replace EBT_MATCH_ITERATE macro Jan Engelhardt
@ 2010-10-21 15:06 ` Jan Engelhardt
  2010-10-21 15:13 ` Ebtables cleanup patches Patrick McHardy
  5 siblings, 0 replies; 7+ messages in thread
From: Jan Engelhardt @ 2010-10-21 15:06 UTC (permalink / raw)
  To: kaber; +Cc: netfilter-devel, bdschuym

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 include/linux/netfilter_bridge/ebtables.h |    9 ++++-
 net/bridge/netfilter/ebtables.c           |   46 ++++++++++++++++++++--------
 2 files changed, 40 insertions(+), 15 deletions(-)

diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index 1c33b9e..39cc33f 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -269,6 +269,13 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
 	             (entry)->watchers_offset); \
 	     (pos) = (struct ebt_entry_match *)((char *)((pos)->data) + \
 	             (pos)->match_size))
+#define ebt_ewatcher_foreach(pos, entry) \
+	for ((pos) = (struct ebt_entry_watcher *)((entry)->elems + \
+	             (entry)->watchers_offset); \
+	     (pos) < (struct ebt_entry_watcher *)((char *)(entry) + \
+	             (entry)->target_offset); \
+	     (pos) = (struct ebt_entry_watcher *)((char *)((pos)->data) + \
+	             (pos)->watcher_size))
 
 #ifndef __KERNEL__
 #define EBT_MATCH_ITERATE(e, fn, args...)                   \
@@ -293,7 +300,6 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
 	}                                                   \
 	__ret;                                              \
 })
-#endif
 
 #define EBT_WATCHER_ITERATE(e, fn, args...)                 \
 ({                                                          \
@@ -318,7 +324,6 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
 	__ret;                                              \
 })
 
-#ifndef __KERNEL__
 #define EBT_ENTRY_ITERATE(entries, size, fn, args...)       \
 ({                                                          \
 	unsigned int __i;                                   \
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 1960c68..a824e9e 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -191,6 +191,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
 	const struct ebt_table_info *private;
 	struct xt_action_param acpar;
 	struct ebt_entry_match *ematch;
+	struct ebt_entry_watcher *ewatcher;
 
 	acpar.family  = NFPROTO_BRIDGE;
 	acpar.in      = in;
@@ -231,7 +232,9 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
 
 		/* these should only watch: not modify, nor tell us
 		   what to do with the packet */
-		EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &acpar);
+		ebt_ewatcher_foreach(ewatcher, point)
+			if (ebt_do_watcher(ewatcher, skb, &acpar) != 0)
+				break;
 
 		t = (struct ebt_entry_target *)
 		   (((char *)point) + point->target_offset);
@@ -624,13 +627,16 @@ ebt_cleanup_entry(struct ebt_entry *e, struct net *net, unsigned int *cnt)
 	struct xt_tgdtor_param par;
 	struct ebt_entry_target *t;
 	struct ebt_entry_match *ematch;
+	struct ebt_entry_watcher *ewatcher;
 
 	if (e->bitmask == 0)
 		return 0;
 	/* we're done */
 	if (cnt && (*cnt)-- == 0)
 		return 1;
-	EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, NULL);
+	ebt_ewatcher_foreach(ewatcher, e)
+		if (ebt_cleanup_watcher(ewatcher, net, NULL) != 0)
+			break;
 	ebt_ematch_foreach(ematch, e)
 		if (ebt_cleanup_match(ematch, net, NULL) != 0)
 			break;
@@ -660,6 +666,7 @@ ebt_check_entry(struct ebt_entry *e, struct net *net,
 	struct xt_mtchk_param mtpar;
 	struct xt_tgchk_param tgpar;
 	struct ebt_entry_match *ematch;
+	struct ebt_entry_watcher *ewatcher;
 
 	/* don't mess with the struct ebt_entries */
 	if (e->bitmask == 0)
@@ -712,9 +719,11 @@ ebt_check_entry(struct ebt_entry *e, struct net *net,
 			goto cleanup_matches;
 	}
 	j = 0;
-	ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, &tgpar, &j);
-	if (ret != 0)
-		goto cleanup_watchers;
+	ebt_ewatcher_foreach(ewatcher, e) {
+		ret = ebt_check_watcher(ewatcher, &tgpar, &j);
+		if (ret != 0)
+			goto cleanup_watchers;
+	}
 	t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
 	gap = e->next_offset - e->target_offset;
 
@@ -754,7 +763,9 @@ ebt_check_entry(struct ebt_entry *e, struct net *net,
 	(*cnt)++;
 	return 0;
 cleanup_watchers:
-	EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, &j);
+	ebt_ewatcher_foreach(ewatcher, e)
+		if (ebt_cleanup_watcher(ewatcher, net, &j) != 0)
+			break;
 cleanup_matches:
 	ebt_ematch_foreach(ematch, e)
 		if (ebt_cleanup_match(ematch, net, &i) != 0)
@@ -1372,6 +1383,7 @@ ebt_make_names(struct ebt_entry *e, const char *base, char __user *ubase)
 	char __user *hlp;
 	const struct ebt_entry_target *t;
 	struct ebt_entry_match *ematch;
+	struct ebt_entry_watcher *ewatcher;
 
 	if (e->bitmask == 0)
 		return 0;
@@ -1384,9 +1396,11 @@ ebt_make_names(struct ebt_entry *e, const char *base, char __user *ubase)
 		if (ret != 0)
 			return ret;
 	}
-	ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
-	if (ret != 0)
-		return ret;
+	ebt_ewatcher_foreach(ewatcher, e) {
+		ret = ebt_make_watchername(ewatcher, base, ubase);
+		if (ret != 0)
+			return ret;
+	}
 	if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN))
 		return -EFAULT;
 	return 0;
@@ -1677,6 +1691,7 @@ static int compat_copy_entry_to_user(struct ebt_entry *e, void __user **dstptr,
 	u32 watchers_offset, target_offset, next_offset;
 	compat_uint_t origsize;
 	struct ebt_entry_match *ematch;
+	struct ebt_entry_watcher *ewatcher;
 	int ret;
 
 	if (e->bitmask == 0) {
@@ -1707,9 +1722,11 @@ static int compat_copy_entry_to_user(struct ebt_entry *e, void __user **dstptr,
 	}
 	watchers_offset = e->watchers_offset - (origsize - *size);
 
-	ret = EBT_WATCHER_ITERATE(e, compat_watcher_to_user, dstptr, size);
-	if (ret)
-		return ret;
+	ebt_ewatcher_foreach(ewatcher, e) {
+		ret = compat_watcher_to_user(ewatcher, dstptr, size);
+		if (ret != 0)
+			break;
+	}
 	target_offset = e->target_offset - (origsize - *size);
 
 	t = (struct ebt_entry_target *) ((char *) e + e->target_offset);
@@ -1750,6 +1767,7 @@ static int compat_calc_entry(const struct ebt_entry *e,
 	const struct ebt_entry_target *t;
 	unsigned int entry_offset;
 	struct ebt_entry_match *ematch;
+	struct ebt_entry_watcher *ewatcher;
 	int off, ret, i;
 
 	if (e->bitmask == 0)
@@ -1761,7 +1779,9 @@ static int compat_calc_entry(const struct ebt_entry *e,
 	ebt_ematch_foreach(ematch, e)
 		if (compat_calc_match(ematch, &off) != 0)
 			break;
-	EBT_WATCHER_ITERATE(e, compat_calc_watcher, &off);
+	ebt_ewatcher_foreach(ewatcher, e)
+		if (compat_calc_watcher(ewatcher, &off) != 0)
+			break;
 
 	t = (const struct ebt_entry_target *) ((char *) e + e->target_offset);
 
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: Ebtables cleanup patches
  2010-10-21 15:06 Ebtables cleanup patches Jan Engelhardt
                   ` (4 preceding siblings ...)
  2010-10-21 15:06 ` [PATCH 5/5] netfilter: ebtables: replace EBT_WATCHER_ITERATE macro Jan Engelhardt
@ 2010-10-21 15:13 ` Patrick McHardy
  5 siblings, 0 replies; 7+ messages in thread
From: Patrick McHardy @ 2010-10-21 15:13 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: netfilter-devel, bdschuym

Am 21.10.2010 17:06, schrieb Jan Engelhardt:
>   git://dev.medozas.de/linux ebtables

Looks good to me. Pulled, thanks Jan.

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2010-10-21 15:13 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-21 15:06 Ebtables cleanup patches Jan Engelhardt
2010-10-21 15:06 ` [PATCH 1/5] netfilter: ebtables: remove unused definitions Jan Engelhardt
2010-10-21 15:06 ` [PATCH 2/5] netfilter: xtables: add a missing pair of parentheses Jan Engelhardt
2010-10-21 15:06 ` [PATCH 3/5] netfilter: ebtables: replace EBT_ENTRY_ITERATE macro Jan Engelhardt
2010-10-21 15:06 ` [PATCH 4/5] netfilter: ebtables: replace EBT_MATCH_ITERATE macro Jan Engelhardt
2010-10-21 15:06 ` [PATCH 5/5] netfilter: ebtables: replace EBT_WATCHER_ITERATE macro Jan Engelhardt
2010-10-21 15:13 ` Ebtables cleanup patches Patrick McHardy

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.