From: Jan Engelhardt <jengelh@medozas.de>
To: kaber@trash.net
Cc: netfilter-devel@vger.kernel.org
Subject: [PATCH 4/8] iptables: reduce indentation of parse loop (3/3)
Date: Fri, 4 Feb 2011 14:08:50 +0100 [thread overview]
Message-ID: <1296824935-4606-5-git-send-email-jengelh@medozas.de> (raw)
In-Reply-To: <1296824935-4606-1-git-send-email-jengelh@medozas.de>
Put the default case into its own function. Essentially, 5 levels of
indentation have been stripped, and this is surely a result that looks
a lot better than it did before.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
ip6tables.c | 190 ++++++++++++++++++++++++++-------------------------------
iptables.c | 196 ++++++++++++++++++++++++++--------------------------------
2 files changed, 176 insertions(+), 210 deletions(-)
diff --git a/ip6tables.c b/ip6tables.c
index caee730..fb3b320 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1288,6 +1288,88 @@ static void clear_rule_matches(struct xtables_rule_match **matches)
*matches = NULL;
}
+static void
+command_default(int c, char **argv, bool invert, struct ip6t_entry *fw,
+ const char *protocol, bool *proto_used, unsigned int options,
+ struct xtables_target *target,
+ struct xtables_rule_match **matches)
+{
+ struct xtables_rule_match *matchp;
+ struct xtables_match *m;
+
+ if (target != NULL && target->parse != NULL &&
+ c >= target->option_offset &&
+ c < target->option_offset + XT_OPTION_OFFSET_SCALE)
+ if (target->parse(c - target->option_offset, argv, invert,
+ &target->tflags, fw, &target->t))
+ return;
+
+ for (matchp = *matches; matchp != NULL; matchp = matchp->next) {
+ m = matchp->match;
+
+ if (matchp->completed || m->parse == NULL)
+ continue;
+ if (c < m->option_offset ||
+ c >= m->option_offset + XT_OPTION_OFFSET_SCALE)
+ continue;
+ if (m->parse(c - matchp->match->option_offset,
+ argv, invert, &matchp->match->mflags, fw,
+ &matchp->match->m))
+ return;
+ }
+
+ /*
+ * If you listen carefully, you can actually hear this code suck.
+ *
+ * Some explanations (after four different bugs in 3 different
+ * releases): If we encounter a parameter, that has not been parsed
+ * yet, it's not an option of an explicitly loaded match or a target.
+ * However, we support implicit loading of the protocol match
+ * extension. '-p tcp' means 'l4 proto 6' and at the same time 'load
+ * tcp protocol match on demand if we specify --dport'.
+ *
+ * To make this work, we need to make sure:
+ * - the parameter has not been parsed by a match (m above)
+ * - a protocol has been specified
+ * - the protocol extension has not been loaded yet, or is loaded and
+ * unused [think of iptables-restore!]
+ * - the protocol extension can be successively loaded
+ */
+ if (m == NULL && protocol != NULL &&
+ (!find_proto(protocol, XTF_DONT_LOAD, options & OPT_NUMERIC, NULL) ||
+ (find_proto(protocol, XTF_DONT_LOAD, options & OPT_NUMERIC, NULL) && !*proto_used)) &&
+ (m = find_proto(protocol, XTF_TRY_LOAD, options & OPT_NUMERIC, matches))) {
+ /* Try loading protocol */
+ size_t size;
+
+ *proto_used = true;
+ size = IP6T_ALIGN(sizeof(struct ip6t_entry_match)) + m->size;
+
+ m->m = xtables_calloc(1, size);
+ m->m->u.match_size = size;
+ strcpy(m->m->u.user.name, m->name);
+ m->m->u.user.revision = m->revision;
+ if (m->init != NULL)
+ m->init(m->m);
+
+ opts = xtables_merge_options(ip6tables_globals.orig_opts, opts,
+ m->extra_opts, &m->option_offset);
+ if (opts == NULL)
+ xtables_error(OTHER_PROBLEM, "can't alloc memory!");
+ optind--;
+ return;
+ }
+ if (c == '?') {
+ if (optopt)
+ xtables_error(PARAMETER_PROBLEM, "option \"%s\" "
+ "requires an argument", argv[optind-1]);
+ else
+ xtables_error(PARAMETER_PROBLEM, "unknown option "
+ "\"%s\"", optarg);
+ }
+ xtables_error(PARAMETER_PROBLEM, "Unknown arg \"%s\"", argv[optind-1]);
+}
+
int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **handle)
{
struct ip6t_entry fw, *e = NULL;
@@ -1310,7 +1392,7 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
struct xtables_target *t;
const char *jumpto = "";
char *protocol = NULL;
- int proto_used = 0;
+ bool proto_used = false;
unsigned long long cnt;
memset(&fw, 0, sizeof(fw));
@@ -1702,107 +1784,11 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
fprintf(stderr, "Bad argument `%s'\n", optarg);
exit_tryhelp(2);
- default: {
- bool stop = false;
-
- if (target != NULL && target->parse != NULL &&
- c >= target->option_offset &&
- c < target->option_offset + XT_OPTION_OFFSET_SCALE &&
- target->parse(c - target->option_offset,
- argv, invert,
- &target->tflags,
- &fw, &target->t))
- break;
- for (matchp = matches; matchp; matchp = matchp->next) {
- m = matchp->match;
-
- if (matchp->completed || m->parse == NULL)
- continue;
- if (c < m->option_offset ||
- c >= m->option_offset + XT_OPTION_OFFSET_SCALE)
- continue;
- if (m->parse(c - matchp->match->option_offset,
- argv, invert, &m->mflags, &fw,
- &m->m)) {
- stop = true;
- break;
- }
- }
- if (stop)
- break;
-
- /* If you listen carefully, you can
- actually hear this code suck. */
-
- /* some explanations (after four different bugs
- * in 3 different releases): If we encounter a
- * parameter, that has not been parsed yet,
- * it's not an option of an explicitly loaded
- * match or a target. However, we support
- * implicit loading of the protocol match
- * extension. '-p tcp' means 'l4 proto 6' and
- * at the same time 'load tcp protocol match on
- * demand if we specify --dport'.
- *
- * To make this work, we need to make sure:
- * - the parameter has not been parsed by
- * a match (m above)
- * - a protocol has been specified
- * - the protocol extension has not been
- * loaded yet, or is loaded and unused
- * [think of ip6tables-restore!]
- * - the protocol extension can be successively
- * loaded
- */
- if (protocol != NULL
- && (!find_proto(protocol, XTF_DONT_LOAD,
- options&OPT_NUMERIC, NULL)
- || (find_proto(protocol, XTF_DONT_LOAD,
- options&OPT_NUMERIC, NULL)
- && (proto_used == 0))
- )
- && (m = find_proto(protocol, XTF_TRY_LOAD,
- options&OPT_NUMERIC, &matches))) {
- /* Try loading protocol */
- size_t size;
-
- proto_used = 1;
-
- size = IP6T_ALIGN(sizeof(struct ip6t_entry_match))
- + m->size;
-
- m->m = xtables_calloc(1, size);
- m->m->u.match_size = size;
- strcpy(m->m->u.user.name, m->name);
- m->m->u.user.revision = m->revision;
- if (m->init != NULL)
- m->init(m->m);
-
- opts = xtables_merge_options(ip6tables_globals.orig_opts, opts,
- m->extra_opts, &m->option_offset);
-
- optind--;
- continue;
- }
- if (c == '?') {
- if (optopt) {
- xtables_error(
- PARAMETER_PROBLEM,
- "option `%s' "
- "requires an "
- "argument",
- argv[optind-1]);
- } else {
- xtables_error(
- PARAMETER_PROBLEM,
- "unknown option "
- "`%s'",
- argv[optind-1]);
- }
- }
- xtables_error(PARAMETER_PROBLEM,
- "Unknown arg `%s'", optarg);
- } /* default */
+ default:
+ command_default(c, argv, invert, &fw, protocol,
+ &proto_used, options,
+ target, &matches);
+ break;
}
invert = FALSE;
}
diff --git a/iptables.c b/iptables.c
index db8e136..9977634 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1311,6 +1311,88 @@ get_kernel_version(void) {
kernel_version = LINUX_VERSION(x, y, z);
}
+static void
+command_default(int c, char **argv, bool invert, struct ipt_entry *fw,
+ const char *protocol, bool *proto_used, unsigned int options,
+ struct xtables_target *target,
+ struct xtables_rule_match **matches)
+{
+ struct xtables_rule_match *matchp;
+ struct xtables_match *m;
+
+ if (target != NULL && target->parse != NULL &&
+ c >= target->option_offset &&
+ c < target->option_offset + XT_OPTION_OFFSET_SCALE)
+ if (target->parse(c - target->option_offset, argv, invert,
+ &target->tflags, fw, &target->t))
+ return;
+
+ for (matchp = *matches; matchp != NULL; matchp = matchp->next) {
+ m = matchp->match;
+
+ if (matchp->completed || m->parse == NULL)
+ continue;
+ if (c < m->option_offset ||
+ c >= m->option_offset + XT_OPTION_OFFSET_SCALE)
+ continue;
+ if (m->parse(c - matchp->match->option_offset,
+ argv, invert, &matchp->match->mflags, fw,
+ &matchp->match->m))
+ return;
+ }
+
+ /*
+ * If you listen carefully, you can actually hear this code suck.
+ *
+ * Some explanations (after four different bugs in 3 different
+ * releases): If we encounter a parameter, that has not been parsed
+ * yet, it's not an option of an explicitly loaded match or a target.
+ * However, we support implicit loading of the protocol match
+ * extension. '-p tcp' means 'l4 proto 6' and at the same time 'load
+ * tcp protocol match on demand if we specify --dport'.
+ *
+ * To make this work, we need to make sure:
+ * - the parameter has not been parsed by a match (m above)
+ * - a protocol has been specified
+ * - the protocol extension has not been loaded yet, or is loaded and
+ * unused [think of iptables-restore!]
+ * - the protocol extension can be successively loaded
+ */
+ if (m == NULL && protocol != NULL &&
+ (!find_proto(protocol, XTF_DONT_LOAD, options & OPT_NUMERIC, NULL) ||
+ (find_proto(protocol, XTF_DONT_LOAD, options & OPT_NUMERIC, NULL) && !*proto_used)) &&
+ (m = find_proto(protocol, XTF_TRY_LOAD, options & OPT_NUMERIC, matches))) {
+ /* Try loading protocol */
+ size_t size;
+
+ *proto_used = true;
+ size = IPT_ALIGN(sizeof(struct ipt_entry_match)) + m->size;
+
+ m->m = xtables_calloc(1, size);
+ m->m->u.match_size = size;
+ strcpy(m->m->u.user.name, m->name);
+ m->m->u.user.revision = m->revision;
+ if (m->init != NULL)
+ m->init(m->m);
+
+ opts = xtables_merge_options(iptables_globals.orig_opts, opts,
+ m->extra_opts, &m->option_offset);
+ if (opts == NULL)
+ xtables_error(OTHER_PROBLEM, "can't alloc memory!");
+ optind--;
+ return;
+ }
+ if (c == '?') {
+ if (optopt)
+ xtables_error(PARAMETER_PROBLEM, "option \"%s\" "
+ "requires an argument", argv[optind-1]);
+ else
+ xtables_error(PARAMETER_PROBLEM, "unknown option "
+ "\"%s\"", argv[optind-1]);
+ }
+ xtables_error(PARAMETER_PROBLEM, "Unknown arg \"%s\"", optarg);
+}
+
int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle)
{
struct ipt_entry fw, *e = NULL;
@@ -1333,7 +1415,7 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
struct xtables_target *t;
const char *jumpto = "";
char *protocol = NULL;
- int proto_used = 0;
+ bool proto_used = false;
unsigned long long cnt;
memset(&fw, 0, sizeof(fw));
@@ -1734,113 +1816,11 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
fprintf(stderr, "Bad argument `%s'\n", optarg);
exit_tryhelp(2);
- default: {
- bool stop = false;
-
- if (target != NULL && target->parse != NULL &&
- c >= target->option_offset &&
- c < target->option_offset + XT_OPTION_OFFSET_SCALE &&
- target->parse(c - target->option_offset,
- argv, invert,
- &target->tflags,
- &fw, &target->t))
- break;
- for (matchp = matches; matchp; matchp = matchp->next) {
- m = matchp->match;
-
- if (matchp->completed || m->parse == NULL)
- continue;
- if (c < m->option_offset ||
- c >= m->option_offset + XT_OPTION_OFFSET_SCALE)
- continue;
- if (m->parse(c - matchp->match->option_offset,
- argv, invert, &m->mflags, &fw,
- &m->m)) {
- stop = true;
- break;
- }
- }
- if (stop)
- break;
-
- /* If you listen carefully, you can
- actually hear this code suck. */
-
- /* some explanations (after four different bugs
- * in 3 different releases): If we encounter a
- * parameter, that has not been parsed yet,
- * it's not an option of an explicitly loaded
- * match or a target. However, we support
- * implicit loading of the protocol match
- * extension. '-p tcp' means 'l4 proto 6' and
- * at the same time 'load tcp protocol match on
- * demand if we specify --dport'.
- *
- * To make this work, we need to make sure:
- * - the parameter has not been parsed by
- * a match (m above)
- * - a protocol has been specified
- * - the protocol extension has not been
- * loaded yet, or is loaded and unused
- * [think of iptables-restore!]
- * - the protocol extension can be successively
- * loaded
- */
- if (protocol != NULL
- && (!find_proto(protocol, XTF_DONT_LOAD,
- options&OPT_NUMERIC, NULL)
- || (find_proto(protocol, XTF_DONT_LOAD,
- options&OPT_NUMERIC, NULL)
- && (proto_used == 0))
- )
- && (m = find_proto(protocol, XTF_TRY_LOAD,
- options&OPT_NUMERIC, &matches))) {
- /* Try loading protocol */
- size_t size;
-
- proto_used = 1;
-
- size = IPT_ALIGN(sizeof(struct ipt_entry_match))
- + m->size;
-
- m->m = xtables_calloc(1, size);
- m->m->u.match_size = size;
- strcpy(m->m->u.user.name, m->name);
- m->m->u.user.revision = m->revision;
- if (m->init != NULL)
- m->init(m->m);
-
- opts = xtables_merge_options(
- iptables_globals.orig_opts,
- opts,
- m->extra_opts,
- &m->option_offset);
- if (opts == NULL)
- xtables_error(OTHER_PROBLEM,
- "can't alloc memory!");
-
- optind--;
- continue;
- }
- if (c == '?') {
- if (optopt) {
- xtables_error(
- PARAMETER_PROBLEM,
- "option `%s' "
- "requires an "
- "argument",
- argv[optind-1]);
- } else {
- xtables_error(
- PARAMETER_PROBLEM,
- "unknown option "
- "`%s'",
- argv[optind-1]);
- }
- }
- xtables_error(PARAMETER_PROBLEM,
- "Unknown arg `%s'", optarg);
- } /* default */
+ default:
+ command_default(c, argv, invert, &fw, protocol,
+ &proto_used, options,
+ target, &matches);
+ break;
}
invert = FALSE;
}
--
1.7.1
next prev parent reply other threads:[~2011-02-04 13:09 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-04 13:08 iptables: mainloop cleanup, symbol vis+versioning Jan Engelhardt
2011-02-04 13:08 ` [PATCH 1/8] iptables: reduce indentation of parse loop (1/3) Jan Engelhardt
2011-02-04 13:08 ` [PATCH 2/8] iptables: reduce indentation of parse loop (2/3) Jan Engelhardt
2011-02-04 13:08 ` [PATCH 3/8] iptables: use variable as shortcut in parse loop Jan Engelhardt
2011-02-04 13:08 ` Jan Engelhardt [this message]
2011-02-04 13:08 ` [PATCH 5/8] iptables: fix error message for unknown options Jan Engelhardt
2011-02-04 13:08 ` [PATCH 6/8] build: directly use config.h in internal.h Jan Engelhardt
2011-02-04 13:08 ` [PATCH 7/8] libxtables: symbol visibility Jan Engelhardt
2011-02-04 13:13 ` Patrick McHardy
2011-02-04 13:22 ` Jan Engelhardt
2011-02-04 13:30 ` Patrick McHardy
2011-02-04 13:08 ` [PATCH 8/8] libxtables: symbol versioning Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1296824935-4606-5-git-send-email-jengelh@medozas.de \
--to=jengelh@medozas.de \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).