Re: [PATCH 3/6] netfilter: get rid of the grossness in netfilter.h

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Changli Gao <xiaosuo@gmail.com>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: kaber@trash.net, netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 3/6] netfilter: get rid of the grossness in netfilter.h
Date: Wed, 4 Nov 2009 15:59:44 +0800	[thread overview]
Message-ID: <412e6f7f0911032359w74eef716r9cc9db97ada0f046@mail.gmail.com> (raw)
In-Reply-To: <1257271483-26772-4-git-send-email-jengelh@medozas.de>

On Wed, Nov 4, 2009 at 2:04 AM, Jan Engelhardt <jengelh@medozas.de> wrote:
>
> -#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond)                \
> -({int __ret;                                                                  \
> -if ((cond) || (__ret = nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, INT_MIN)) == 1)\
> -       __ret = (okfn)(skb);                                                   \
> -__ret;})
This code isn't the same as the linus tree's. And has a risk about
uninitialized variable __ret.

#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond)                 \
({int __ret;                                                                   \
if ((__ret=nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn,
INT_MIN, cond)) == 1)\
        __ret = (okfn)(skb);                                                   \
__ret;})

/**
 *      nf_hook_thresh - call a netfilter hook
 *
 *      Returns 1 if the hook has allowed the packet to pass.  The function
 *      okfn must be invoked by the caller in this case.  Any other return
 *      value indicates the packet has been consumed by the hook.
 */
static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook,
                                 struct sk_buff *skb,
                                 struct net_device *indev,
                                 struct net_device *outdev,
                                 int (*okfn)(struct sk_buff *), int thresh,
                                 int cond)
{
        if (!cond)
                return 1;
#ifndef CONFIG_NETFILTER_DEBUG
        if (list_empty(&nf_hooks[pf][hook]))
                return 1;
#endif
        return nf_hook_slow(pf, hook, skb, indev, outdev, okfn, thresh);
}


> +static inline int
> +NF_HOOK_COND(uint8_t pf, unsigned int hook, struct sk_buff *skb,
> +            struct net_device *in, struct net_device *out,
> +            int (*okfn)(struct sk_buff *), bool cond)
> +{
> +       int ret = 1;
> +       if (cond ||
> +           (ret = nf_hook_thresh(pf, hook, skb, in, out, okfn, INT_MIN) == 1))
> +               ret = okfn(skb);
> +       return ret;
> +}

The fact is: no matter the cond value, okfn(skb) should always be
called, and hf_hook_thresh() should be called only when cond is true.
So the code will be.

if (cond) {
   if (ret = nf_hook_thresh(pf, hook, skb, in, out, okfn, INT_MIN)) == 1)
       ret = okfn(skb);
} else {
    ret = okfn(skb);
}

-- 
Regards，
Changli Gao(xiaosuo@gmail.com)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2009-11-04  7:59 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-11-03 18:04 Xtables cleanup patches Jan Engelhardt
2009-11-03 18:04 ` [PATCH 1/6] netfilter: iptables: remove unused function arguments Jan Engelhardt
2009-11-03 18:04 ` [PATCH 2/6] netfilter: reduce NF_HOOK by one argument Jan Engelhardt
2009-11-03 18:04 ` [PATCH 3/6] netfilter: get rid of the grossness in netfilter.h Jan Engelhardt
2009-11-04  7:59   ` Changli Gao [this message]
2009-11-04 12:28     ` Jan Engelhardt
2009-11-03 18:04 ` [PATCH 4/6] netfilter: xtables: print details on size mismatch Jan Engelhardt
2009-11-03 18:04 ` [PATCH 5/6] netfilter: xtables: constify args in compat copying functions Jan Engelhardt
2009-11-03 18:04 ` [PATCH 6/6] netfilter: xtables: add const qualifiers Jan Engelhardt
2009-11-03 18:27 ` Xtables cleanup patches Patrick McHardy
2009-11-04 22:35   ` Jan Engelhardt
  -- strict thread matches above, loose matches on Subject: below --
2010-02-10 17:39 Code cleanups Jan Engelhardt
2010-02-10 17:39 ` [PATCH 3/6] netfilter: get rid of the grossness in netfilter.h Jan Engelhardt
2010-02-10 17:44   ` Patrick McHardy
2010-02-10 21:07     ` Jan Engelhardt
2010-02-11  9:02       ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=412e6f7f0911032359w74eef716r9cc9db97ada0f046@mail.gmail.com \
    --to=xiaosuo@gmail.com \
    --cc=jengelh@medozas.de \
    --cc=kaber@trash.net \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).