* Code cleanups
@ 2010-02-10 17:39 Jan Engelhardt
2010-02-10 17:39 ` [PATCH 1/6] netfilter: iptables: remove unused function arguments Jan Engelhardt
` (6 more replies)
0 siblings, 7 replies; 20+ messages in thread
From: Jan Engelhardt @ 2010-02-10 17:39 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
Hi,
the next patch pack is mostly about cleanups, and there is one
commit for improving debug a little.
Pull URL will be posted once the previous request has been
merged, but I am already posting them now for review.
The following changes since commit e3eaa9910b380530cfd2c0670fcd3f627674da8a:
Jan Engelhardt (1):
netfilter: xtables: generate initial table on-demand
are available in the git repository at:
. master2
Jan Engelhardt (6):
netfilter: iptables: remove unused function arguments
netfilter: reduce NF_HOOK by one argument
netfilter: get rid of the grossness in netfilter.h
netfilter: xtables: print details on size mismatch
netfilter: xtables: constify args in compat copying functions
netfilter: xtables: add const qualifiers
include/linux/netfilter.h | 55 +++++++++++---------
include/linux/netfilter/x_tables.h | 12 ++--
net/bridge/netfilter/ebtables.c | 59 ++++++++++++----------
net/ipv4/netfilter/arp_tables.c | 73 +++++++++++++++------------
net/ipv4/netfilter/ip_tables.c | 92 +++++++++++++++++++---------------
net/ipv4/netfilter/ipt_ULOG.c | 4 +-
net/ipv4/netfilter/iptable_mangle.c | 10 +---
net/ipv6/netfilter/ip6_tables.c | 92 ++++++++++++++++++---------------
net/ipv6/netfilter/ip6table_mangle.c | 10 +---
net/netfilter/x_tables.c | 16 ++++--
net/netfilter/xt_hashlimit.c | 4 +-
net/netfilter/xt_limit.c | 4 +-
12 files changed, 233 insertions(+), 198 deletions(-)
^ permalink raw reply [flat|nested] 20+ messages in thread* [PATCH 1/6] netfilter: iptables: remove unused function arguments 2010-02-10 17:39 Code cleanups Jan Engelhardt @ 2010-02-10 17:39 ` Jan Engelhardt 2010-02-10 17:39 ` [PATCH 2/6] netfilter: reduce NF_HOOK by one argument Jan Engelhardt ` (5 subsequent siblings) 6 siblings, 0 replies; 20+ messages in thread From: Jan Engelhardt @ 2010-02-10 17:39 UTC (permalink / raw) To: kaber; +Cc: netfilter-devel Signed-off-by: Jan Engelhardt <jengelh@medozas.de> --- net/ipv4/netfilter/iptable_mangle.c | 10 +++------- net/ipv6/netfilter/ip6table_mangle.c | 10 +++------- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index 58d7097..78c62c8 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c @@ -36,11 +36,7 @@ static const struct xt_table packet_mangler = { }; static unsigned int -ipt_local_hook(unsigned int hook, - struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)) +ipt_mangle_out(struct sk_buff *skb, const struct net_device *out) { unsigned int ret; const struct iphdr *iph; @@ -60,7 +56,7 @@ ipt_local_hook(unsigned int hook, daddr = iph->daddr; tos = iph->tos; - ret = ipt_do_table(skb, hook, in, out, + ret = ipt_do_table(skb, NF_INET_LOCAL_OUT, NULL, out, dev_net(out)->ipv4.iptable_mangle); /* Reroute for ANY change. */ if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) { @@ -86,7 +82,7 @@ iptable_mangle_hook(unsigned int hook, int (*okfn)(struct sk_buff *)) { if (hook == NF_INET_LOCAL_OUT) - return ipt_local_hook(hook, skb, in, out, okfn); + return ipt_mangle_out(skb, out); /* PREROUTING/INPUT/FORWARD: */ return ipt_do_table(skb, hook, in, out, diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index dc803b7..e530038 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c @@ -30,12 +30,8 @@ static const struct xt_table packet_mangler = { }; static unsigned int -ip6t_local_out_hook(unsigned int hook, - struct sk_buff *skb, - const struct net_device *out, - int (*okfn)(struct sk_buff *)) +ip6t_mangle_out(struct sk_buff *skb, const struct net_device *out) { - unsigned int ret; struct in6_addr saddr, daddr; u_int8_t hop_limit; @@ -60,7 +56,7 @@ ip6t_local_out_hook(unsigned int hook, /* flowlabel and prio (includes version, which shouldn't change either */ flowlabel = *((u_int32_t *)ipv6_hdr(skb)); - ret = ip6t_do_table(skb, hook, NULL, out, + ret = ip6t_do_table(skb, NF_INET_LOCAL_OUT, NULL, out, dev_net(out)->ipv6.ip6table_mangle); if (ret != NF_DROP && ret != NF_STOLEN && @@ -80,7 +76,7 @@ ip6table_mangle_hook(unsigned int hook, struct sk_buff *skb, int (*okfn)(struct sk_buff *)) { if (hook == NF_INET_LOCAL_OUT) - return ip6t_local_out_hook(hook, skb, out, okfn); + return ip6t_mangle_out(skb, out); /* INPUT/FORWARD */ return ip6t_do_table(skb, hook, in, out, -- 1.6.6.1 ^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH 2/6] netfilter: reduce NF_HOOK by one argument 2010-02-10 17:39 Code cleanups Jan Engelhardt 2010-02-10 17:39 ` [PATCH 1/6] netfilter: iptables: remove unused function arguments Jan Engelhardt @ 2010-02-10 17:39 ` Jan Engelhardt 2010-02-10 17:39 ` [PATCH 3/6] netfilter: get rid of the grossness in netfilter.h Jan Engelhardt ` (4 subsequent siblings) 6 siblings, 0 replies; 20+ messages in thread From: Jan Engelhardt @ 2010-02-10 17:39 UTC (permalink / raw) To: kaber; +Cc: netfilter-devel No changes in vmlinux filesize. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> --- include/linux/netfilter.h | 14 +++++--------- 1 files changed, 5 insertions(+), 9 deletions(-) diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 78f33d2..2f22816 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -163,11 +163,8 @@ static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook, struct sk_buff *skb, struct net_device *indev, struct net_device *outdev, - int (*okfn)(struct sk_buff *), int thresh, - int cond) + int (*okfn)(struct sk_buff *), int thresh) { - if (!cond) - return 1; #ifndef CONFIG_NETFILTER_DEBUG if (list_empty(&nf_hooks[pf][hook])) return 1; @@ -179,7 +176,7 @@ static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sk_buff *skb, struct net_device *indev, struct net_device *outdev, int (*okfn)(struct sk_buff *)) { - return nf_hook_thresh(pf, hook, skb, indev, outdev, okfn, INT_MIN, 1); + return nf_hook_thresh(pf, hook, skb, indev, outdev, okfn, INT_MIN); } /* Activate hook; either okfn or kfree_skb called, unless a hook @@ -206,13 +203,13 @@ static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sk_buff *skb, #define NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, thresh) \ ({int __ret; \ -if ((__ret=nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, thresh, 1)) == 1)\ +if ((__ret=nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, thresh)) == 1)\ __ret = (okfn)(skb); \ __ret;}) #define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) \ ({int __ret; \ -if ((__ret=nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, INT_MIN, cond)) == 1)\ +if ((cond) || (__ret = nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, INT_MIN)) == 1)\ __ret = (okfn)(skb); \ __ret;}) @@ -328,8 +325,7 @@ static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook, struct sk_buff *skb, struct net_device *indev, struct net_device *outdev, - int (*okfn)(struct sk_buff *), int thresh, - int cond) + int (*okfn)(struct sk_buff *), int thresh) { return okfn(skb); } -- 1.6.6.1 ^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH 3/6] netfilter: get rid of the grossness in netfilter.h 2010-02-10 17:39 Code cleanups Jan Engelhardt 2010-02-10 17:39 ` [PATCH 1/6] netfilter: iptables: remove unused function arguments Jan Engelhardt 2010-02-10 17:39 ` [PATCH 2/6] netfilter: reduce NF_HOOK by one argument Jan Engelhardt @ 2010-02-10 17:39 ` Jan Engelhardt 2010-02-10 17:44 ` Patrick McHardy 2010-02-10 17:39 ` [PATCH 4/6] netfilter: xtables: print details on size mismatch Jan Engelhardt ` (3 subsequent siblings) 6 siblings, 1 reply; 20+ messages in thread From: Jan Engelhardt @ 2010-02-10 17:39 UTC (permalink / raw) To: kaber; +Cc: netfilter-devel GCC is now smart enough to follow the inline trail correctly. vmlinux size remain the same. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> --- include/linux/netfilter.h | 45 ++++++++++++++++++++++++++++----------------- 1 files changed, 28 insertions(+), 17 deletions(-) diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 2f22816..7007945 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -196,25 +196,36 @@ static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sk_buff *skb, coders :) */ -/* This is gross, but inline doesn't cut it for avoiding the function - call in fast path: gcc doesn't inline (needs value tracking?). --RR */ - -/* HX: It's slightly less gross now. */ - -#define NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, thresh) \ -({int __ret; \ -if ((__ret=nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, thresh)) == 1)\ - __ret = (okfn)(skb); \ -__ret;}) +static inline int +NF_HOOK_THRESH(uint8_t pf, unsigned int hook, struct sk_buff *skb, + struct net_device *in, struct net_device *out, + int (*okfn)(struct sk_buff *), int thresh) +{ + int ret = nf_hook_thresh(pf, hook, skb, in, out, okfn, thresh); + if (ret == 1) + ret = okfn(skb); + return ret; +} -#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) \ -({int __ret; \ -if ((cond) || (__ret = nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, INT_MIN)) == 1)\ - __ret = (okfn)(skb); \ -__ret;}) +static inline int +NF_HOOK_COND(uint8_t pf, unsigned int hook, struct sk_buff *skb, + struct net_device *in, struct net_device *out, + int (*okfn)(struct sk_buff *), bool cond) +{ + int ret = 1; + if (cond || + (ret = nf_hook_thresh(pf, hook, skb, in, out, okfn, INT_MIN) == 1)) + ret = okfn(skb); + return ret; +} -#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \ - NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, INT_MIN) +static inline int +NF_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb, + struct net_device *in, struct net_device *out, + int (*okfn)(struct sk_buff *)) +{ + return NF_HOOK_THRESH(pf, hook, skb, in, out, okfn, INT_MIN); +} /* Call setsockopt() */ int nf_setsockopt(struct sock *sk, u_int8_t pf, int optval, char __user *opt, -- 1.6.6.1 ^ permalink raw reply related [flat|nested] 20+ messages in thread
* Re: [PATCH 3/6] netfilter: get rid of the grossness in netfilter.h 2010-02-10 17:39 ` [PATCH 3/6] netfilter: get rid of the grossness in netfilter.h Jan Engelhardt @ 2010-02-10 17:44 ` Patrick McHardy 2010-02-10 21:07 ` Jan Engelhardt 0 siblings, 1 reply; 20+ messages in thread From: Patrick McHardy @ 2010-02-10 17:44 UTC (permalink / raw) To: Jan Engelhardt; +Cc: netfilter-devel Jan Engelhardt wrote: > GCC is now smart enough to follow the inline trail correctly. > vmlinux size remain the same. Which one? The kernel currently supports 3.2+. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH 3/6] netfilter: get rid of the grossness in netfilter.h 2010-02-10 17:44 ` Patrick McHardy @ 2010-02-10 21:07 ` Jan Engelhardt 2010-02-11 9:02 ` Patrick McHardy 0 siblings, 1 reply; 20+ messages in thread From: Jan Engelhardt @ 2010-02-10 21:07 UTC (permalink / raw) To: Patrick McHardy; +Cc: netfilter-devel On Wednesday 2010-02-10 18:44, Patrick McHardy wrote: >Jan Engelhardt wrote: >> GCC is now smart enough to follow the inline trail correctly. >> vmlinux size remain the same. > >Which one? The kernel currently supports 3.2+. -rw-r--r-- 1 jengelh users 12659677 Feb 10 21:58 linux-gcc33/vmlinux.o.before -rw-r--r-- 1 jengelh users 12659557 Feb 10 22:00 linux-gcc33/vmlinux.o -rw-r--r-- 1 jengelh users 12874092 Feb 10 21:58 linux-gcc41/vmlinux.o.before -rw-r--r-- 1 jengelh users 12874005 Feb 10 22:01 linux-gcc41/vmlinux.o -rw-r--r-- 1 jengelh users 12986285 Feb 10 21:58 linux-gcc43/vmlinux.o.before -rw-r--r-- 1 jengelh users 12986236 Feb 10 22:02 linux-gcc43/vmlinux.o -rw-r--r-- 1 jengelh users 12915901 Feb 10 21:58 linux-gcc44/vmlinux.o.before -rw-r--r-- 1 jengelh users 12915884 Feb 10 22:03 linux-gcc44/vmlinux.o -rw-r--r-- 1 jengelh users 12946544 Feb 10 21:58 linux-gcc45/vmlinux.o.before -rw-r--r-- 1 jengelh users 12946520 Feb 10 22:04 linux-gcc45/vmlinux.o ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH 3/6] netfilter: get rid of the grossness in netfilter.h 2010-02-10 21:07 ` Jan Engelhardt @ 2010-02-11 9:02 ` Patrick McHardy 0 siblings, 0 replies; 20+ messages in thread From: Patrick McHardy @ 2010-02-11 9:02 UTC (permalink / raw) To: Jan Engelhardt; +Cc: netfilter-devel Jan Engelhardt wrote: > On Wednesday 2010-02-10 18:44, Patrick McHardy wrote: > >> Jan Engelhardt wrote: >>> GCC is now smart enough to follow the inline trail correctly. >>> vmlinux size remain the same. >> Which one? The kernel currently supports 3.2+. > > -rw-r--r-- 1 jengelh users 12659677 Feb 10 21:58 linux-gcc33/vmlinux.o.before > -rw-r--r-- 1 jengelh users 12659557 Feb 10 22:00 linux-gcc33/vmlinux.o > -rw-r--r-- 1 jengelh users 12874092 Feb 10 21:58 linux-gcc41/vmlinux.o.before > -rw-r--r-- 1 jengelh users 12874005 Feb 10 22:01 linux-gcc41/vmlinux.o > -rw-r--r-- 1 jengelh users 12986285 Feb 10 21:58 linux-gcc43/vmlinux.o.before > -rw-r--r-- 1 jengelh users 12986236 Feb 10 22:02 linux-gcc43/vmlinux.o > -rw-r--r-- 1 jengelh users 12915901 Feb 10 21:58 linux-gcc44/vmlinux.o.before > -rw-r--r-- 1 jengelh users 12915884 Feb 10 22:03 linux-gcc44/vmlinux.o > -rw-r--r-- 1 jengelh users 12946544 Feb 10 21:58 linux-gcc45/vmlinux.o.before > -rw-r--r-- 1 jengelh users 12946520 Feb 10 22:04 linux-gcc45/vmlinux.o > Thanks, this looks fine. ^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH 4/6] netfilter: xtables: print details on size mismatch 2010-02-10 17:39 Code cleanups Jan Engelhardt ` (2 preceding siblings ...) 2010-02-10 17:39 ` [PATCH 3/6] netfilter: get rid of the grossness in netfilter.h Jan Engelhardt @ 2010-02-10 17:39 ` Jan Engelhardt 2010-02-10 17:39 ` [PATCH 5/6] netfilter: xtables: constify args in compat copying functions Jan Engelhardt ` (2 subsequent siblings) 6 siblings, 0 replies; 20+ messages in thread From: Jan Engelhardt @ 2010-02-10 17:39 UTC (permalink / raw) To: kaber; +Cc: netfilter-devel Print which revision has been used and which size are which (kernel/user) for easier debugging. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> --- net/netfilter/x_tables.c | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index dc2e05c..760ea3e 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -366,8 +366,10 @@ int xt_check_match(struct xt_mtchk_param *par, * ebt_among is exempt from centralized matchsize checking * because it uses a dynamic-size data set. */ - pr_err("%s_tables: %s match: invalid size %Zu != %u\n", + pr_err("%s_tables: %s.%u match: invalid size " + "(kernel) %zu != (user) %u\n", xt_prefix[par->family], par->match->name, + par->match->revision, XT_ALIGN(par->match->matchsize), size); return -EINVAL; } @@ -516,8 +518,10 @@ int xt_check_target(struct xt_tgchk_param *par, unsigned int size, u_int8_t proto, bool inv_proto) { if (XT_ALIGN(par->target->targetsize) != size) { - pr_err("%s_tables: %s target: invalid size %Zu != %u\n", + pr_err("%s_tables: %s.%u target: invalid size " + "(kernel) %zu != (user) %u\n", xt_prefix[par->family], par->target->name, + par->target->revision, XT_ALIGN(par->target->targetsize), size); return -EINVAL; } -- 1.6.6.1 ^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH 5/6] netfilter: xtables: constify args in compat copying functions 2010-02-10 17:39 Code cleanups Jan Engelhardt ` (3 preceding siblings ...) 2010-02-10 17:39 ` [PATCH 4/6] netfilter: xtables: print details on size mismatch Jan Engelhardt @ 2010-02-10 17:39 ` Jan Engelhardt 2010-02-10 17:39 ` [PATCH 6/6] netfilter: xtables: add const qualifiers Jan Engelhardt 2010-02-10 21:10 ` Code cleanups Jan Engelhardt 6 siblings, 0 replies; 20+ messages in thread From: Jan Engelhardt @ 2010-02-10 17:39 UTC (permalink / raw) To: kaber; +Cc: netfilter-devel Signed-off-by: Jan Engelhardt <jengelh@medozas.de> --- include/linux/netfilter/x_tables.h | 12 ++++++------ net/ipv4/netfilter/arp_tables.c | 4 ++-- net/ipv4/netfilter/ip_tables.c | 4 ++-- net/ipv4/netfilter/ipt_ULOG.c | 4 ++-- net/ipv6/netfilter/ip6_tables.c | 4 ++-- net/netfilter/x_tables.c | 8 ++++---- net/netfilter/xt_hashlimit.c | 4 ++-- net/netfilter/xt_limit.c | 4 ++-- 8 files changed, 22 insertions(+), 22 deletions(-) diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index fdd3342..3d39e6e 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h @@ -287,8 +287,8 @@ struct xt_match { void (*destroy)(const struct xt_mtdtor_param *); #ifdef CONFIG_COMPAT /* Called when userspace align differs from kernel space one */ - void (*compat_from_user)(void *dst, void *src); - int (*compat_to_user)(void __user *dst, void *src); + void (*compat_from_user)(void *dst, const void *src); + int (*compat_to_user)(void __user *dst, const void *src); #endif /* Set this to THIS_MODULE if you are a module, otherwise NULL */ struct module *me; @@ -329,8 +329,8 @@ struct xt_target { void (*destroy)(const struct xt_tgdtor_param *); #ifdef CONFIG_COMPAT /* Called when userspace align differs from kernel space one */ - void (*compat_from_user)(void *dst, void *src); - int (*compat_to_user)(void __user *dst, void *src); + void (*compat_from_user)(void *dst, const void *src); + int (*compat_to_user)(void __user *dst, const void *src); #endif /* Set this to THIS_MODULE if you are a module, otherwise NULL */ struct module *me; @@ -592,13 +592,13 @@ extern short xt_compat_calc_jump(u_int8_t af, unsigned int offset); extern int xt_compat_match_offset(const struct xt_match *match); extern int xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr, unsigned int *size); -extern int xt_compat_match_to_user(struct xt_entry_match *m, +extern int xt_compat_match_to_user(const struct xt_entry_match *m, void __user **dstptr, unsigned int *size); extern int xt_compat_target_offset(const struct xt_target *target); extern void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr, unsigned int *size); -extern int xt_compat_target_to_user(struct xt_entry_target *t, +extern int xt_compat_target_to_user(const struct xt_entry_target *t, void __user **dstptr, unsigned int *size); #endif /* CONFIG_COMPAT */ diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 72723ea..2303dc9 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -842,7 +842,7 @@ static int copy_entries_to_user(unsigned int total_size, } #ifdef CONFIG_COMPAT -static void compat_standard_from_user(void *dst, void *src) +static void compat_standard_from_user(void *dst, const void *src) { int v = *(compat_int_t *)src; @@ -851,7 +851,7 @@ static void compat_standard_from_user(void *dst, void *src) memcpy(dst, &v, sizeof(v)); } -static int compat_standard_to_user(void __user *dst, void *src) +static int compat_standard_to_user(void __user *dst, const void *src) { compat_int_t cv = *(int *)src; diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 2057b1b..2a4f745 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -1047,7 +1047,7 @@ copy_entries_to_user(unsigned int total_size, } #ifdef CONFIG_COMPAT -static void compat_standard_from_user(void *dst, void *src) +static void compat_standard_from_user(void *dst, const void *src) { int v = *(compat_int_t *)src; @@ -1056,7 +1056,7 @@ static void compat_standard_from_user(void *dst, void *src) memcpy(dst, &v, sizeof(v)); } -static int compat_standard_to_user(void __user *dst, void *src) +static int compat_standard_to_user(void __user *dst, const void *src) { compat_int_t cv = *(int *)src; diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index 399061c..09a5d3f 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c @@ -338,7 +338,7 @@ struct compat_ipt_ulog_info { char prefix[ULOG_PREFIX_LEN]; }; -static void ulog_tg_compat_from_user(void *dst, void *src) +static void ulog_tg_compat_from_user(void *dst, const void *src) { const struct compat_ipt_ulog_info *cl = src; struct ipt_ulog_info l = { @@ -351,7 +351,7 @@ static void ulog_tg_compat_from_user(void *dst, void *src) memcpy(dst, &l, sizeof(l)); } -static int ulog_tg_compat_to_user(void __user *dst, void *src) +static int ulog_tg_compat_to_user(void __user *dst, const void *src) { const struct ipt_ulog_info *l = src; struct compat_ipt_ulog_info cl = { diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index dcd7825..3ff4fd5 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -1079,7 +1079,7 @@ copy_entries_to_user(unsigned int total_size, } #ifdef CONFIG_COMPAT -static void compat_standard_from_user(void *dst, void *src) +static void compat_standard_from_user(void *dst, const void *src) { int v = *(compat_int_t *)src; @@ -1088,7 +1088,7 @@ static void compat_standard_from_user(void *dst, void *src) memcpy(dst, &v, sizeof(v)); } -static int compat_standard_to_user(void __user *dst, void *src) +static int compat_standard_to_user(void __user *dst, const void *src) { compat_int_t cv = *(int *)src; diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 760ea3e..2120ab7 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -485,8 +485,8 @@ int xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr, } EXPORT_SYMBOL_GPL(xt_compat_match_from_user); -int xt_compat_match_to_user(struct xt_entry_match *m, void __user **dstptr, - unsigned int *size) +int xt_compat_match_to_user(const struct xt_entry_match *m, + void __user **dstptr, unsigned int *size) { const struct xt_match *match = m->u.kernel.match; struct compat_xt_entry_match __user *cm = *dstptr; @@ -588,8 +588,8 @@ void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr, } EXPORT_SYMBOL_GPL(xt_compat_target_from_user); -int xt_compat_target_to_user(struct xt_entry_target *t, void __user **dstptr, - unsigned int *size) +int xt_compat_target_to_user(const struct xt_entry_target *t, + void __user **dstptr, unsigned int *size) { const struct xt_target *target = t->u.kernel.target; struct compat_xt_entry_target __user *ct = *dstptr; diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index 017c959..e47fb80 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c @@ -775,7 +775,7 @@ struct compat_xt_hashlimit_info { compat_uptr_t master; }; -static void hashlimit_mt_compat_from_user(void *dst, void *src) +static void hashlimit_mt_compat_from_user(void *dst, const void *src) { int off = offsetof(struct compat_xt_hashlimit_info, hinfo); @@ -783,7 +783,7 @@ static void hashlimit_mt_compat_from_user(void *dst, void *src) memset(dst + off, 0, sizeof(struct compat_xt_hashlimit_info) - off); } -static int hashlimit_mt_compat_to_user(void __user *dst, void *src) +static int hashlimit_mt_compat_to_user(void __user *dst, const void *src) { int off = offsetof(struct compat_xt_hashlimit_info, hinfo); diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c index 2773be6..a0ca533 100644 --- a/net/netfilter/xt_limit.c +++ b/net/netfilter/xt_limit.c @@ -148,7 +148,7 @@ struct compat_xt_rateinfo { /* To keep the full "prev" timestamp, the upper 32 bits are stored in the * master pointer, which does not need to be preserved. */ -static void limit_mt_compat_from_user(void *dst, void *src) +static void limit_mt_compat_from_user(void *dst, const void *src) { const struct compat_xt_rateinfo *cm = src; struct xt_rateinfo m = { @@ -162,7 +162,7 @@ static void limit_mt_compat_from_user(void *dst, void *src) memcpy(dst, &m, sizeof(m)); } -static int limit_mt_compat_to_user(void __user *dst, void *src) +static int limit_mt_compat_to_user(void __user *dst, const void *src) { const struct xt_rateinfo *m = src; struct compat_xt_rateinfo cm = { -- 1.6.6.1 ^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH 6/6] netfilter: xtables: add const qualifiers 2010-02-10 17:39 Code cleanups Jan Engelhardt ` (4 preceding siblings ...) 2010-02-10 17:39 ` [PATCH 5/6] netfilter: xtables: constify args in compat copying functions Jan Engelhardt @ 2010-02-10 17:39 ` Jan Engelhardt 2010-02-11 9:00 ` Patrick McHardy 2010-02-10 21:10 ` Code cleanups Jan Engelhardt 6 siblings, 1 reply; 20+ messages in thread From: Jan Engelhardt @ 2010-02-10 17:39 UTC (permalink / raw) To: kaber; +Cc: netfilter-devel This should make it easier to remove redundant arguments later. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> --- net/bridge/netfilter/ebtables.c | 59 ++++++++++++++------------ net/ipv4/netfilter/arp_tables.c | 69 +++++++++++++++++------------- net/ipv4/netfilter/ip_tables.c | 88 +++++++++++++++++++++----------------- net/ipv6/netfilter/ip6_tables.c | 88 +++++++++++++++++++++------------------ 4 files changed, 168 insertions(+), 136 deletions(-) diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 208f4e3..bcdf02d 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -82,7 +82,8 @@ static inline int ebt_do_match (struct ebt_entry_match *m, return m->u.match->match(skb, par) ? EBT_MATCH : EBT_NOMATCH; } -static inline int ebt_dev_check(char *entry, const struct net_device *device) +static inline int +ebt_dev_check(const char *entry, const struct net_device *device) { int i = 0; const char *devname; @@ -100,8 +101,9 @@ static inline int ebt_dev_check(char *entry, const struct net_device *device) #define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg)) /* process standard matches */ -static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, - const struct net_device *in, const struct net_device *out) +static inline int +ebt_basic_match(const struct ebt_entry *e, const struct ethhdr *h, + const struct net_device *in, const struct net_device *out) { int verdict, i; @@ -156,12 +158,12 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, int i, nentries; struct ebt_entry *point; struct ebt_counter *counter_base, *cb_base; - struct ebt_entry_target *t; + const struct ebt_entry_target *t; int verdict, sp = 0; struct ebt_chainstack *cs; struct ebt_entries *chaininfo; - char *base; - struct ebt_table_info *private; + const char *base; + const struct ebt_table_info *private; bool hotdrop = false; struct xt_match_param mtpar; struct xt_target_param tgpar; @@ -395,7 +397,7 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par, return 0; } -static int ebt_verify_pointers(struct ebt_replace *repl, +static int ebt_verify_pointers(const struct ebt_replace *repl, struct ebt_table_info *newinfo) { unsigned int limit = repl->entries_size; @@ -466,8 +468,8 @@ static int ebt_verify_pointers(struct ebt_replace *repl, * to parse the userspace data */ static inline int -ebt_check_entry_size_and_hooks(struct ebt_entry *e, - struct ebt_table_info *newinfo, +ebt_check_entry_size_and_hooks(const struct ebt_entry *e, + const struct ebt_table_info *newinfo, unsigned int *n, unsigned int *cnt, unsigned int *totalcnt, unsigned int *udc_cnt) { @@ -622,9 +624,8 @@ ebt_cleanup_entry(struct ebt_entry *e, struct net *net, unsigned int *cnt) } static inline int -ebt_check_entry(struct ebt_entry *e, - struct net *net, - struct ebt_table_info *newinfo, +ebt_check_entry(struct ebt_entry *e, struct net *net, + const struct ebt_table_info *newinfo, const char *name, unsigned int *cnt, struct ebt_cl_stack *cl_s, unsigned int udc_cnt) { @@ -743,12 +744,12 @@ cleanup_matches: * the hook mask for udc tells us from which base chains the udc can be * accessed. This mask is a parameter to the check() functions of the extensions */ -static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s, +static int check_chainloops(const struct ebt_entries *chain, struct ebt_cl_stack *cl_s, unsigned int udc_cnt, unsigned int hooknr, char *base) { int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict; - struct ebt_entry *e = (struct ebt_entry *)chain->data; - struct ebt_entry_target *t; + const struct ebt_entry *e = (struct ebt_entry *)chain->data; + const struct ebt_entry_target *t; while (pos < nentries || chain_nr != -1) { /* end of udc, go back one 'recursion' step */ @@ -814,7 +815,7 @@ letscontinue: } /* do the parsing of the table/chains/entries/matches/watchers/targets, heh */ -static int translate_table(struct net *net, char *name, +static int translate_table(struct net *net, const char *name, struct ebt_table_info *newinfo) { unsigned int i, j, k, udc_cnt; @@ -934,7 +935,7 @@ static int translate_table(struct net *net, char *name, } /* called under write_lock */ -static void get_counters(struct ebt_counter *oldcounters, +static void get_counters(const struct ebt_counter *oldcounters, struct ebt_counter *counters, unsigned int nentries) { int i, cpu; @@ -957,7 +958,8 @@ static void get_counters(struct ebt_counter *oldcounters, } /* replace the table */ -static int do_replace(struct net *net, void __user *user, unsigned int len) +static int do_replace(struct net *net, const void __user *user, + unsigned int len) { int ret, i, countersize; struct ebt_table_info *newinfo; @@ -1237,7 +1239,8 @@ void ebt_unregister_table(struct net *net, struct ebt_table *table) } /* userspace just supplied us with counters */ -static int update_counters(struct net *net, void __user *user, unsigned int len) +static int update_counters(struct net *net, const void __user *user, + unsigned int len) { int i, ret; struct ebt_counter *tmp; @@ -1292,8 +1295,8 @@ free_tmp: return ret; } -static inline int ebt_make_matchname(struct ebt_entry_match *m, - char *base, char __user *ubase) +static inline int ebt_make_matchname(const struct ebt_entry_match *m, + const char *base, char __user *ubase) { char __user *hlp = ubase + ((char *)m - base); if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN)) @@ -1301,8 +1304,8 @@ static inline int ebt_make_matchname(struct ebt_entry_match *m, return 0; } -static inline int ebt_make_watchername(struct ebt_entry_watcher *w, - char *base, char __user *ubase) +static inline int ebt_make_watchername(const struct ebt_entry_watcher *w, + const char *base, char __user *ubase) { char __user *hlp = ubase + ((char *)w - base); if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN)) @@ -1310,11 +1313,12 @@ static inline int ebt_make_watchername(struct ebt_entry_watcher *w, return 0; } -static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase) +static inline int +ebt_make_names(struct ebt_entry *e, const char *base, char __user *ubase) { int ret; char __user *hlp; - struct ebt_entry_target *t; + const struct ebt_entry_target *t; if (e->bitmask == 0) return 0; @@ -1335,10 +1339,11 @@ static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *u /* called with ebt_mutex locked */ static int copy_everything_to_user(struct ebt_table *t, void __user *user, - int *len, int cmd) + const int *len, int cmd) { struct ebt_replace tmp; - struct ebt_counter *counterstmp, *oldcounters; + struct ebt_counter *counterstmp; + const struct ebt_counter *oldcounters; unsigned int entries_size, nentries; char *entries; diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 2303dc9..4db5c1e 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -233,7 +233,14 @@ arpt_error(struct sk_buff *skb, const struct xt_target_param *par) return NF_DROP; } -static inline struct arpt_entry *get_entry(void *base, unsigned int offset) +static inline const struct arpt_entry_target * +arpt_get_target_c(const struct arpt_entry *e) +{ + return arpt_get_target((struct arpt_entry *)e); +} + +static inline struct arpt_entry * +get_entry(const void *base, unsigned int offset) { return (struct arpt_entry *)(base + offset); } @@ -280,7 +287,7 @@ unsigned int arpt_do_table(struct sk_buff *skb, arp = arp_hdr(skb); do { - struct arpt_entry_target *t; + const struct arpt_entry_target *t; int hdr_len; if (!arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) { @@ -292,7 +299,7 @@ unsigned int arpt_do_table(struct sk_buff *skb, (2 * skb->dev->addr_len); ADD_COUNTER(e->counters, hdr_len, 1); - t = arpt_get_target(e); + t = arpt_get_target_c(e); /* Standard target? */ if (!t->u.kernel.target->target) { @@ -358,7 +365,7 @@ static inline bool unconditional(const struct arpt_arp *arp) /* Figures out from what hook each rule can be called: returns 0 if * there are loops. Puts hook bitmask in comefrom. */ -static int mark_source_chains(struct xt_table_info *newinfo, +static int mark_source_chains(const struct xt_table_info *newinfo, unsigned int valid_hooks, void *entry0) { unsigned int hook; @@ -379,7 +386,7 @@ static int mark_source_chains(struct xt_table_info *newinfo, for (;;) { const struct arpt_standard_target *t - = (void *)arpt_get_target(e); + = (void *)arpt_get_target_c(e); int visited = e->comefrom & (1 << hook); if (e->comefrom & (1 << NF_ARP_NUMHOOKS)) { @@ -463,7 +470,7 @@ static int mark_source_chains(struct xt_table_info *newinfo, return 1; } -static inline int check_entry(struct arpt_entry *e, const char *name) +static inline int check_entry(const struct arpt_entry *e, const char *name) { const struct arpt_entry_target *t; @@ -475,7 +482,7 @@ static inline int check_entry(struct arpt_entry *e, const char *name) if (e->target_offset + sizeof(struct arpt_entry_target) > e->next_offset) return -EINVAL; - t = arpt_get_target(e); + t = arpt_get_target_c(e); if (e->target_offset + t->u.target_size > e->next_offset) return -EINVAL; @@ -540,14 +547,14 @@ out: return ret; } -static bool check_underflow(struct arpt_entry *e) +static bool check_underflow(const struct arpt_entry *e) { const struct arpt_entry_target *t; unsigned int verdict; if (!unconditional(&e->arp)) return false; - t = arpt_get_target(e); + t = arpt_get_target_c(e); if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0) return false; verdict = ((struct arpt_standard_target *)t)->verdict; @@ -557,8 +564,8 @@ static bool check_underflow(struct arpt_entry *e) static inline int check_entry_size_and_hooks(struct arpt_entry *e, struct xt_table_info *newinfo, - unsigned char *base, - unsigned char *limit, + const unsigned char *base, + const unsigned char *limit, const unsigned int *hook_entries, const unsigned int *underflows, unsigned int valid_hooks, @@ -768,11 +775,11 @@ static void get_counters(const struct xt_table_info *t, local_bh_enable(); } -static struct xt_counters *alloc_counters(struct xt_table *table) +static struct xt_counters *alloc_counters(const struct xt_table *table) { unsigned int countersize; struct xt_counters *counters; - struct xt_table_info *private = table->private; + const struct xt_table_info *private = table->private; /* We need atomic snapshot of counters: rest doesn't change * (other than comefrom, which userspace doesn't care @@ -790,11 +797,11 @@ static struct xt_counters *alloc_counters(struct xt_table *table) } static int copy_entries_to_user(unsigned int total_size, - struct xt_table *table, + const struct xt_table *table, void __user *userptr) { unsigned int off, num; - struct arpt_entry *e; + const struct arpt_entry *e; struct xt_counters *counters; struct xt_table_info *private = table->private; int ret = 0; @@ -814,7 +821,7 @@ static int copy_entries_to_user(unsigned int total_size, /* FIXME: use iterator macros --RR */ /* ... then go back and fix counters and names */ for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){ - struct arpt_entry_target *t; + const struct arpt_entry_target *t; e = (struct arpt_entry *)(loc_cpu_entry + off); if (copy_to_user(userptr + off @@ -825,7 +832,7 @@ static int copy_entries_to_user(unsigned int total_size, goto free_counters; } - t = arpt_get_target(e); + t = arpt_get_target_c(e); if (copy_to_user(userptr + off + e->target_offset + offsetof(struct arpt_entry_target, u.user.name), @@ -860,18 +867,18 @@ static int compat_standard_to_user(void __user *dst, const void *src) return copy_to_user(dst, &cv, sizeof(cv)) ? -EFAULT : 0; } -static int compat_calc_entry(struct arpt_entry *e, +static int compat_calc_entry(const struct arpt_entry *e, const struct xt_table_info *info, - void *base, struct xt_table_info *newinfo) + const void *base, struct xt_table_info *newinfo) { - struct arpt_entry_target *t; + const struct arpt_entry_target *t; unsigned int entry_offset; int off, i, ret; off = sizeof(struct arpt_entry) - sizeof(struct compat_arpt_entry); entry_offset = (void *)e - base; - t = arpt_get_target(e); + t = arpt_get_target_c(e); off += xt_compat_target_offset(t->u.kernel.target); newinfo->size -= off; ret = xt_compat_add_offset(NFPROTO_ARP, entry_offset, off); @@ -907,7 +914,8 @@ static int compat_table_info(const struct xt_table_info *info, } #endif -static int get_info(struct net *net, void __user *user, int *len, int compat) +static int get_info(struct net *net, void __user *user, + const int *len, int compat) { char name[ARPT_TABLE_MAXNAMELEN]; struct xt_table *t; @@ -966,7 +974,7 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) } static int get_entries(struct net *net, struct arpt_get_entries __user *uptr, - int *len) + const int *len) { int ret; struct arpt_get_entries get; @@ -1080,7 +1088,8 @@ static int __do_replace(struct net *net, const char *name, return ret; } -static int do_replace(struct net *net, void __user *user, unsigned int len) +static int do_replace(struct net *net, const void __user *user, + unsigned int len) { int ret; struct arpt_replace tmp; @@ -1140,8 +1149,8 @@ add_counter_to_entry(struct arpt_entry *e, return 0; } -static int do_add_counters(struct net *net, void __user *user, unsigned int len, - int compat) +static int do_add_counters(struct net *net, const void __user *user, + unsigned int len, int compat) { unsigned int i, curcpu; struct xt_counters_info tmp; @@ -1245,10 +1254,10 @@ static inline int check_compat_entry_size_and_hooks(struct compat_arpt_entry *e, struct xt_table_info *newinfo, unsigned int *size, - unsigned char *base, - unsigned char *limit, - unsigned int *hook_entries, - unsigned int *underflows, + const unsigned char *base, + const unsigned char *limit, + const unsigned int *hook_entries, + const unsigned int *underflows, unsigned int *i, const char *name) { diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 2a4f745..e94c18b 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -176,7 +176,7 @@ ipt_error(struct sk_buff *skb, const struct xt_target_param *par) /* Performance critical - called for every packet */ static inline bool -do_match(struct ipt_entry_match *m, const struct sk_buff *skb, +do_match(const struct ipt_entry_match *m, const struct sk_buff *skb, struct xt_match_param *par) { par->match = m->u.kernel.match; @@ -191,7 +191,7 @@ do_match(struct ipt_entry_match *m, const struct sk_buff *skb, /* Performance critical */ static inline struct ipt_entry * -get_entry(void *base, unsigned int offset) +get_entry(const void *base, unsigned int offset) { return (struct ipt_entry *)(base + offset); } @@ -206,6 +206,13 @@ static inline bool unconditional(const struct ipt_ip *ip) #undef FWINV } +/* for const-correctness */ +static inline const struct ipt_entry_target * +ipt_get_target_c(const struct ipt_entry *e) +{ + return ipt_get_target((struct ipt_entry *)e); +} + #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) static const char *const hooknames[] = { @@ -240,11 +247,11 @@ static struct nf_loginfo trace_loginfo = { /* Mildly perf critical (only if packet tracing is on) */ static inline int -get_chainname_rulenum(struct ipt_entry *s, struct ipt_entry *e, +get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e, const char *hookname, const char **chainname, const char **comment, unsigned int *rulenum) { - struct ipt_standard_target *t = (void *)ipt_get_target(s); + const struct ipt_standard_target *t = (void *)ipt_get_target_c(s); if (strcmp(t->target.u.kernel.target->name, IPT_ERROR_TARGET) == 0) { /* Head of user chain: ERROR target with chainname */ @@ -270,15 +277,15 @@ get_chainname_rulenum(struct ipt_entry *s, struct ipt_entry *e, return 0; } -static void trace_packet(struct sk_buff *skb, +static void trace_packet(const struct sk_buff *skb, unsigned int hook, const struct net_device *in, const struct net_device *out, const char *tablename, - struct xt_table_info *private, - struct ipt_entry *e) + const struct xt_table_info *private, + const struct ipt_entry *e) { - void *table_base; + const void *table_base; const struct ipt_entry *root; const char *hookname, *chainname, *comment; unsigned int rulenum = 0; @@ -322,9 +329,9 @@ ipt_do_table(struct sk_buff *skb, /* Initializing verdict to NF_DROP keeps gcc happy. */ unsigned int verdict = NF_DROP; const char *indev, *outdev; - void *table_base; + const void *table_base; struct ipt_entry *e, *back; - struct xt_table_info *private; + const struct xt_table_info *private; struct xt_match_param mtpar; struct xt_target_param tgpar; @@ -357,7 +364,7 @@ ipt_do_table(struct sk_buff *skb, back = get_entry(table_base, private->underflow[hook]); do { - struct ipt_entry_target *t; + const struct ipt_entry_target *t; IP_NF_ASSERT(e); IP_NF_ASSERT(back); @@ -450,7 +457,7 @@ ipt_do_table(struct sk_buff *skb, /* Figures out from what hook each rule can be called: returns 0 if there are loops. Puts hook bitmask in comefrom. */ static int -mark_source_chains(struct xt_table_info *newinfo, +mark_source_chains(const struct xt_table_info *newinfo, unsigned int valid_hooks, void *entry0) { unsigned int hook; @@ -468,8 +475,8 @@ mark_source_chains(struct xt_table_info *newinfo, e->counters.pcnt = pos; for (;;) { - struct ipt_standard_target *t - = (void *)ipt_get_target(e); + const struct ipt_standard_target *t + = (void *)ipt_get_target_c(e); int visited = e->comefrom & (1 << hook); if (e->comefrom & (1 << NF_INET_NUMHOOKS)) { @@ -578,9 +585,9 @@ cleanup_match(struct ipt_entry_match *m, struct net *net, unsigned int *i) } static int -check_entry(struct ipt_entry *e, const char *name) +check_entry(const struct ipt_entry *e, const char *name) { - struct ipt_entry_target *t; + const struct ipt_entry_target *t; if (!ip_checkentry(&e->ip)) { duprintf("ip_tables: ip check failed %p %s.\n", e, name); @@ -591,7 +598,7 @@ check_entry(struct ipt_entry *e, const char *name) e->next_offset) return -EINVAL; - t = ipt_get_target(e); + t = ipt_get_target_c(e); if (e->target_offset + t->u.target_size > e->next_offset) return -EINVAL; @@ -718,14 +725,14 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name, return ret; } -static bool check_underflow(struct ipt_entry *e) +static bool check_underflow(const struct ipt_entry *e) { const struct ipt_entry_target *t; unsigned int verdict; if (!unconditional(&e->ip)) return false; - t = ipt_get_target(e); + t = ipt_get_target_c(e); if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0) return false; verdict = ((struct ipt_standard_target *)t)->verdict; @@ -736,8 +743,8 @@ static bool check_underflow(struct ipt_entry *e) static int check_entry_size_and_hooks(struct ipt_entry *e, struct xt_table_info *newinfo, - unsigned char *base, - unsigned char *limit, + const unsigned char *base, + const unsigned char *limit, const unsigned int *hook_entries, const unsigned int *underflows, unsigned int valid_hooks, @@ -952,11 +959,11 @@ get_counters(const struct xt_table_info *t, local_bh_enable(); } -static struct xt_counters * alloc_counters(struct xt_table *table) +static struct xt_counters *alloc_counters(const struct xt_table *table) { unsigned int countersize; struct xt_counters *counters; - struct xt_table_info *private = table->private; + const struct xt_table_info *private = table->private; /* We need atomic snapshot of counters: rest doesn't change (other than comefrom, which userspace doesn't care @@ -974,11 +981,11 @@ static struct xt_counters * alloc_counters(struct xt_table *table) static int copy_entries_to_user(unsigned int total_size, - struct xt_table *table, + const struct xt_table *table, void __user *userptr) { unsigned int off, num; - struct ipt_entry *e; + const struct ipt_entry *e; struct xt_counters *counters; const struct xt_table_info *private = table->private; int ret = 0; @@ -1030,7 +1037,7 @@ copy_entries_to_user(unsigned int total_size, } } - t = ipt_get_target(e); + t = ipt_get_target_c(e); if (copy_to_user(userptr + off + e->target_offset + offsetof(struct ipt_entry_target, u.user.name), @@ -1066,24 +1073,24 @@ static int compat_standard_to_user(void __user *dst, const void *src) } static inline int -compat_calc_match(struct ipt_entry_match *m, int *size) +compat_calc_match(const struct ipt_entry_match *m, int *size) { *size += xt_compat_match_offset(m->u.kernel.match); return 0; } -static int compat_calc_entry(struct ipt_entry *e, +static int compat_calc_entry(const struct ipt_entry *e, const struct xt_table_info *info, - void *base, struct xt_table_info *newinfo) + const void *base, struct xt_table_info *newinfo) { - struct ipt_entry_target *t; + const struct ipt_entry_target *t; unsigned int entry_offset; int off, i, ret; off = sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); entry_offset = (void *)e - base; IPT_MATCH_ITERATE(e, compat_calc_match, &off); - t = ipt_get_target(e); + t = ipt_get_target_c(e); off += xt_compat_target_offset(t->u.kernel.target); newinfo->size -= off; ret = xt_compat_add_offset(AF_INET, entry_offset, off); @@ -1119,7 +1126,8 @@ static int compat_table_info(const struct xt_table_info *info, } #endif -static int get_info(struct net *net, void __user *user, int *len, int compat) +static int get_info(struct net *net, void __user *user, + const int *len, int compat) { char name[IPT_TABLE_MAXNAMELEN]; struct xt_table *t; @@ -1179,7 +1187,8 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) } static int -get_entries(struct net *net, struct ipt_get_entries __user *uptr, int *len) +get_entries(struct net *net, struct ipt_get_entries __user *uptr, + const int *len) { int ret; struct ipt_get_entries get; @@ -1289,7 +1298,7 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks, } static int -do_replace(struct net *net, void __user *user, unsigned int len) +do_replace(struct net *net, const void __user *user, unsigned int len) { int ret; struct ipt_replace tmp; @@ -1350,7 +1359,8 @@ add_counter_to_entry(struct ipt_entry *e, } static int -do_add_counters(struct net *net, void __user *user, unsigned int len, int compat) +do_add_counters(struct net *net, const void __user *user, + unsigned int len, int compat) { unsigned int i, curcpu; struct xt_counters_info tmp; @@ -1546,10 +1556,10 @@ static int check_compat_entry_size_and_hooks(struct compat_ipt_entry *e, struct xt_table_info *newinfo, unsigned int *size, - unsigned char *base, - unsigned char *limit, - unsigned int *hook_entries, - unsigned int *underflows, + const unsigned char *base, + const unsigned char *limit, + const unsigned int *hook_entries, + const unsigned int *underflows, unsigned int *i, const char *name) { diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 3ff4fd5..4185099 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -208,7 +208,7 @@ ip6t_error(struct sk_buff *skb, const struct xt_target_param *par) /* Performance critical - called for every packet */ static inline bool -do_match(struct ip6t_entry_match *m, const struct sk_buff *skb, +do_match(const struct ip6t_entry_match *m, const struct sk_buff *skb, struct xt_match_param *par) { par->match = m->u.kernel.match; @@ -222,7 +222,7 @@ do_match(struct ip6t_entry_match *m, const struct sk_buff *skb, } static inline struct ip6t_entry * -get_entry(void *base, unsigned int offset) +get_entry(const void *base, unsigned int offset) { return (struct ip6t_entry *)(base + offset); } @@ -236,6 +236,12 @@ static inline bool unconditional(const struct ip6t_ip6 *ipv6) return memcmp(ipv6, &uncond, sizeof(uncond)) == 0; } +static inline const struct ip6t_entry_target * +ip6t_get_target_c(const struct ip6t_entry *e) +{ + return ip6t_get_target((struct ip6t_entry *)e); +} + #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) /* This cries for unification! */ @@ -271,11 +277,11 @@ static struct nf_loginfo trace_loginfo = { /* Mildly perf critical (only if packet tracing is on) */ static inline int -get_chainname_rulenum(struct ip6t_entry *s, struct ip6t_entry *e, +get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e, const char *hookname, const char **chainname, const char **comment, unsigned int *rulenum) { - struct ip6t_standard_target *t = (void *)ip6t_get_target(s); + const struct ip6t_standard_target *t = (void *)ip6t_get_target_c(s); if (strcmp(t->target.u.kernel.target->name, IP6T_ERROR_TARGET) == 0) { /* Head of user chain: ERROR target with chainname */ @@ -301,15 +307,15 @@ get_chainname_rulenum(struct ip6t_entry *s, struct ip6t_entry *e, return 0; } -static void trace_packet(struct sk_buff *skb, +static void trace_packet(const struct sk_buff *skb, unsigned int hook, const struct net_device *in, const struct net_device *out, const char *tablename, - struct xt_table_info *private, - struct ip6t_entry *e) + const struct xt_table_info *private, + const struct ip6t_entry *e) { - void *table_base; + const void *table_base; const struct ip6t_entry *root; const char *hookname, *chainname, *comment; unsigned int rulenum = 0; @@ -352,9 +358,9 @@ ip6t_do_table(struct sk_buff *skb, /* Initializing verdict to NF_DROP keeps gcc happy. */ unsigned int verdict = NF_DROP; const char *indev, *outdev; - void *table_base; + const void *table_base; struct ip6t_entry *e, *back; - struct xt_table_info *private; + const struct xt_table_info *private; struct xt_match_param mtpar; struct xt_target_param tgpar; @@ -385,7 +391,7 @@ ip6t_do_table(struct sk_buff *skb, back = get_entry(table_base, private->underflow[hook]); do { - struct ip6t_entry_target *t; + const struct ip6t_entry_target *t; IP_NF_ASSERT(e); IP_NF_ASSERT(back); @@ -400,7 +406,7 @@ ip6t_do_table(struct sk_buff *skb, ntohs(ipv6_hdr(skb)->payload_len) + sizeof(struct ipv6hdr), 1); - t = ip6t_get_target(e); + t = ip6t_get_target_c(e); IP_NF_ASSERT(t->u.kernel.target); #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ @@ -482,7 +488,7 @@ ip6t_do_table(struct sk_buff *skb, /* Figures out from what hook each rule can be called: returns 0 if there are loops. Puts hook bitmask in comefrom. */ static int -mark_source_chains(struct xt_table_info *newinfo, +mark_source_chains(const struct xt_table_info *newinfo, unsigned int valid_hooks, void *entry0) { unsigned int hook; @@ -500,8 +506,8 @@ mark_source_chains(struct xt_table_info *newinfo, e->counters.pcnt = pos; for (;;) { - struct ip6t_standard_target *t - = (void *)ip6t_get_target(e); + const struct ip6t_standard_target *t + = (void *)ip6t_get_target_c(e); int visited = e->comefrom & (1 << hook); if (e->comefrom & (1 << NF_INET_NUMHOOKS)) { @@ -610,9 +616,9 @@ cleanup_match(struct ip6t_entry_match *m, struct net *net, unsigned int *i) } static int -check_entry(struct ip6t_entry *e, const char *name) +check_entry(const struct ip6t_entry *e, const char *name) { - struct ip6t_entry_target *t; + const struct ip6t_entry_target *t; if (!ip6_checkentry(&e->ipv6)) { duprintf("ip_tables: ip check failed %p %s.\n", e, name); @@ -623,7 +629,7 @@ check_entry(struct ip6t_entry *e, const char *name) e->next_offset) return -EINVAL; - t = ip6t_get_target(e); + t = ip6t_get_target_c(e); if (e->target_offset + t->u.target_size > e->next_offset) return -EINVAL; @@ -750,14 +756,14 @@ find_check_entry(struct ip6t_entry *e, struct net *net, const char *name, return ret; } -static bool check_underflow(struct ip6t_entry *e) +static bool check_underflow(const struct ip6t_entry *e) { const struct ip6t_entry_target *t; unsigned int verdict; if (!unconditional(&e->ipv6)) return false; - t = ip6t_get_target(e); + t = ip6t_get_target_c(e); if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0) return false; verdict = ((struct ip6t_standard_target *)t)->verdict; @@ -768,8 +774,8 @@ static bool check_underflow(struct ip6t_entry *e) static int check_entry_size_and_hooks(struct ip6t_entry *e, struct xt_table_info *newinfo, - unsigned char *base, - unsigned char *limit, + const unsigned char *base, + const unsigned char *limit, const unsigned int *hook_entries, const unsigned int *underflows, unsigned int valid_hooks, @@ -984,11 +990,11 @@ get_counters(const struct xt_table_info *t, local_bh_enable(); } -static struct xt_counters *alloc_counters(struct xt_table *table) +static struct xt_counters *alloc_counters(const struct xt_table *table) { unsigned int countersize; struct xt_counters *counters; - struct xt_table_info *private = table->private; + const struct xt_table_info *private = table->private; /* We need atomic snapshot of counters: rest doesn't change (other than comefrom, which userspace doesn't care @@ -1006,11 +1012,11 @@ static struct xt_counters *alloc_counters(struct xt_table *table) static int copy_entries_to_user(unsigned int total_size, - struct xt_table *table, + const struct xt_table *table, void __user *userptr) { unsigned int off, num; - struct ip6t_entry *e; + const struct ip6t_entry *e; struct xt_counters *counters; const struct xt_table_info *private = table->private; int ret = 0; @@ -1062,7 +1068,7 @@ copy_entries_to_user(unsigned int total_size, } } - t = ip6t_get_target(e); + t = ip6t_get_target_c(e); if (copy_to_user(userptr + off + e->target_offset + offsetof(struct ip6t_entry_target, u.user.name), @@ -1098,24 +1104,24 @@ static int compat_standard_to_user(void __user *dst, const void *src) } static inline int -compat_calc_match(struct ip6t_entry_match *m, int *size) +compat_calc_match(const struct ip6t_entry_match *m, int *size) { *size += xt_compat_match_offset(m->u.kernel.match); return 0; } -static int compat_calc_entry(struct ip6t_entry *e, +static int compat_calc_entry(const struct ip6t_entry *e, const struct xt_table_info *info, - void *base, struct xt_table_info *newinfo) + const void *base, struct xt_table_info *newinfo) { - struct ip6t_entry_target *t; + const struct ip6t_entry_target *t; unsigned int entry_offset; int off, i, ret; off = sizeof(struct ip6t_entry) - sizeof(struct compat_ip6t_entry); entry_offset = (void *)e - base; IP6T_MATCH_ITERATE(e, compat_calc_match, &off); - t = ip6t_get_target(e); + t = ip6t_get_target_c(e); off += xt_compat_target_offset(t->u.kernel.target); newinfo->size -= off; ret = xt_compat_add_offset(AF_INET6, entry_offset, off); @@ -1151,7 +1157,8 @@ static int compat_table_info(const struct xt_table_info *info, } #endif -static int get_info(struct net *net, void __user *user, int *len, int compat) +static int get_info(struct net *net, void __user *user, + const int *len, int compat) { char name[IP6T_TABLE_MAXNAMELEN]; struct xt_table *t; @@ -1211,7 +1218,8 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) } static int -get_entries(struct net *net, struct ip6t_get_entries __user *uptr, int *len) +get_entries(struct net *net, struct ip6t_get_entries __user *uptr, + const int *len) { int ret; struct ip6t_get_entries get; @@ -1322,7 +1330,7 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks, } static int -do_replace(struct net *net, void __user *user, unsigned int len) +do_replace(struct net *net, const void __user *user, unsigned int len) { int ret; struct ip6t_replace tmp; @@ -1383,7 +1391,7 @@ add_counter_to_entry(struct ip6t_entry *e, } static int -do_add_counters(struct net *net, void __user *user, unsigned int len, +do_add_counters(struct net *net, const void __user *user, unsigned int len, int compat) { unsigned int i, curcpu; @@ -1582,10 +1590,10 @@ static int check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e, struct xt_table_info *newinfo, unsigned int *size, - unsigned char *base, - unsigned char *limit, - unsigned int *hook_entries, - unsigned int *underflows, + const unsigned char *base, + const unsigned char *limit, + const unsigned int *hook_entries, + const unsigned int *underflows, unsigned int *i, const char *name) { -- 1.6.6.1 ^ permalink raw reply related [flat|nested] 20+ messages in thread
* Re: [PATCH 6/6] netfilter: xtables: add const qualifiers 2010-02-10 17:39 ` [PATCH 6/6] netfilter: xtables: add const qualifiers Jan Engelhardt @ 2010-02-11 9:00 ` Patrick McHardy 2010-02-11 13:27 ` Jan Engelhardt 0 siblings, 1 reply; 20+ messages in thread From: Patrick McHardy @ 2010-02-11 9:00 UTC (permalink / raw) To: Jan Engelhardt; +Cc: netfilter-devel Jan Engelhardt wrote: > +static inline const struct ip6t_entry_target * > +ip6t_get_target_c(const struct ip6t_entry *e) > +{ > + return ip6t_get_target((struct ip6t_entry *)e); > +} > + I would prefer a macro over these get_target_c functions. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH 6/6] netfilter: xtables: add const qualifiers 2010-02-11 9:00 ` Patrick McHardy @ 2010-02-11 13:27 ` Jan Engelhardt 2010-02-11 16:06 ` Patrick McHardy 0 siblings, 1 reply; 20+ messages in thread From: Jan Engelhardt @ 2010-02-11 13:27 UTC (permalink / raw) To: Patrick McHardy; +Cc: netfilter-devel On Thursday 2010-02-11 10:00, Patrick McHardy wrote: >Jan Engelhardt wrote: >> +static inline const struct ip6t_entry_target * >> +ip6t_get_target_c(const struct ip6t_entry *e) >> +{ >> + return ip6t_get_target((struct ip6t_entry *)e); >> +} >> + > >I would prefer a macro over these get_target_c functions. Why so? ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH 6/6] netfilter: xtables: add const qualifiers 2010-02-11 13:27 ` Jan Engelhardt @ 2010-02-11 16:06 ` Patrick McHardy 2010-02-11 16:22 ` Jan Engelhardt 0 siblings, 1 reply; 20+ messages in thread From: Patrick McHardy @ 2010-02-11 16:06 UTC (permalink / raw) To: Jan Engelhardt; +Cc: netfilter-devel Jan Engelhardt wrote: > On Thursday 2010-02-11 10:00, Patrick McHardy wrote: > >> Jan Engelhardt wrote: >>> +static inline const struct ip6t_entry_target * >>> +ip6t_get_target_c(const struct ip6t_entry *e) >>> +{ >>> + return ip6t_get_target((struct ip6t_entry *)e); >>> +} >>> + >> I would prefer a macro over these get_target_c functions. > > Why so? Because it avoids having a function for const and one for non-const. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH 6/6] netfilter: xtables: add const qualifiers 2010-02-11 16:06 ` Patrick McHardy @ 2010-02-11 16:22 ` Jan Engelhardt 2010-02-11 16:27 ` Patrick McHardy 0 siblings, 1 reply; 20+ messages in thread From: Jan Engelhardt @ 2010-02-11 16:22 UTC (permalink / raw) To: Patrick McHardy; +Cc: netfilter-devel On Thursday 2010-02-11 17:06, Patrick McHardy wrote: >Jan Engelhardt wrote: >> On Thursday 2010-02-11 10:00, Patrick McHardy wrote: >> >>> Jan Engelhardt wrote: >>>> +static inline const struct ip6t_entry_target * >>>> +ip6t_get_target_c(const struct ip6t_entry *e) >>>> +{ >>>> + return ip6t_get_target((struct ip6t_entry *)e); >>>> +} >>>> + >>> I would prefer a macro over these get_target_c functions. >> >> Why so? > >Because it avoids having a function for const and one for non-const. Well, I need two. One that returns const and one that does not; ip6t_get_target_c is signaturally-incompatible with ip6t_get_target. FWIW, the function is removed later on anyway ("remove remaining xt1 code"). ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH 6/6] netfilter: xtables: add const qualifiers 2010-02-11 16:22 ` Jan Engelhardt @ 2010-02-11 16:27 ` Patrick McHardy 2010-02-11 17:04 ` Jan Engelhardt 0 siblings, 1 reply; 20+ messages in thread From: Patrick McHardy @ 2010-02-11 16:27 UTC (permalink / raw) To: Jan Engelhardt; +Cc: netfilter-devel Jan Engelhardt wrote: > On Thursday 2010-02-11 17:06, Patrick McHardy wrote: > >> Jan Engelhardt wrote: >>> On Thursday 2010-02-11 10:00, Patrick McHardy wrote: >>> >>>> Jan Engelhardt wrote: >>>>> +static inline const struct ip6t_entry_target * >>>>> +ip6t_get_target_c(const struct ip6t_entry *e) >>>>> +{ >>>>> + return ip6t_get_target((struct ip6t_entry *)e); >>>>> +} >>>>> + >>>> I would prefer a macro over these get_target_c functions. >>> Why so? >> Because it avoids having a function for const and one for non-const. > > Well, I need two. One that returns const and one that does not; > ip6t_get_target_c is signaturally-incompatible with ip6t_get_target. Yes, but you wouldn't if you'd use a macro. #define ip6t_get_target(e) ((void *)e + e->target_offset) > FWIW, the function is removed later on anyway ("remove remaining xt1 > code"). This is patch 6/6, what do you mean with "later"? ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH 6/6] netfilter: xtables: add const qualifiers 2010-02-11 16:27 ` Patrick McHardy @ 2010-02-11 17:04 ` Jan Engelhardt 0 siblings, 0 replies; 20+ messages in thread From: Jan Engelhardt @ 2010-02-11 17:04 UTC (permalink / raw) To: Patrick McHardy; +Cc: netfilter-devel On Thursday 2010-02-11 17:27, Patrick McHardy wrote: >>>>> I would prefer a macro over these get_target_c functions. >>>> Why so? >>> Because it avoids having a function for const and one for non-const. >> >> Well, I need two. One that returns const and one that does not; >> ip6t_get_target_c is signaturally-incompatible with ip6t_get_target. > >Yes, but you wouldn't if you'd use a macro. > >#define ip6t_get_target(e) ((void *)e + e->target_offset) That would remove the const from a const e, which is what I expressly wanted to avoid because it's already a little hairy. >> FWIW, the function is removed later on anyway ("remove remaining xt1 >> code"). > >This is patch 6/6, what do you mean with "later"? Patch 094/103 from the original submission http://markmail.org/browse/org.kernel.vger.netfilter-devel/2009-08 that I am trying to push to you all the time :) ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Code cleanups 2010-02-10 17:39 Code cleanups Jan Engelhardt ` (5 preceding siblings ...) 2010-02-10 17:39 ` [PATCH 6/6] netfilter: xtables: add const qualifiers Jan Engelhardt @ 2010-02-10 21:10 ` Jan Engelhardt 2010-02-15 15:34 ` Patrick McHardy 6 siblings, 1 reply; 20+ messages in thread From: Jan Engelhardt @ 2010-02-10 21:10 UTC (permalink / raw) To: kaber; +Cc: netfilter-devel On Wednesday 2010-02-10 18:39, Jan Engelhardt wrote: >the next patch pack is mostly about cleanups, and there is one >commit for improving debug a little. >Pull URL will be posted once the previous request has been >merged, but I am already posting them now for review. > >The following changes since commit e3eaa9910b380530cfd2c0670fcd3f627674da8a: >are available in the git repository at: git://dev.medozas.de/linux master > include/linux/netfilter.h | 55 +++++++++++--------- > include/linux/netfilter/x_tables.h | 12 ++-- > net/bridge/netfilter/ebtables.c | 59 ++++++++++++---------- > net/ipv4/netfilter/arp_tables.c | 73 +++++++++++++++------------ > net/ipv4/netfilter/ip_tables.c | 92 +++++++++++++++++++--------------- > net/ipv4/netfilter/ipt_ULOG.c | 4 +- > net/ipv4/netfilter/iptable_mangle.c | 10 +--- > net/ipv6/netfilter/ip6_tables.c | 92 ++++++++++++++++++--------------- > net/ipv6/netfilter/ip6table_mangle.c | 10 +--- > net/netfilter/x_tables.c | 16 ++++-- > net/netfilter/xt_hashlimit.c | 4 +- > net/netfilter/xt_limit.c | 4 +- > 12 files changed, 233 insertions(+), 198 deletions(-) ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Code cleanups 2010-02-10 21:10 ` Code cleanups Jan Engelhardt @ 2010-02-15 15:34 ` Patrick McHardy 2010-02-15 16:07 ` Jan Engelhardt 0 siblings, 1 reply; 20+ messages in thread From: Patrick McHardy @ 2010-02-15 15:34 UTC (permalink / raw) To: Jan Engelhardt; +Cc: netfilter-devel Jan Engelhardt wrote: > On Wednesday 2010-02-10 18:39, Jan Engelhardt wrote: > >> the next patch pack is mostly about cleanups, and there is one >> commit for improving debug a little. >> Pull URL will be posted once the previous request has been >> merged, but I am already posting them now for review. >> >> The following changes since commit e3eaa9910b380530cfd2c0670fcd3f627674da8a: >> are available in the git repository at: > > > git://dev.medozas.de/linux master This doesn't apply cleanly anymore due to the mangle table fixes from Alexey. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Code cleanups 2010-02-15 15:34 ` Patrick McHardy @ 2010-02-15 16:07 ` Jan Engelhardt 2010-02-15 16:23 ` Patrick McHardy 0 siblings, 1 reply; 20+ messages in thread From: Jan Engelhardt @ 2010-02-15 16:07 UTC (permalink / raw) To: Patrick McHardy; +Cc: netfilter-devel On Monday 2010-02-15 16:34, Patrick McHardy wrote: >> >>> the next patch pack is mostly about cleanups, and there is one >>> commit for improving debug a little. >>> Pull URL will be posted once the previous request has been >>> merged, but I am already posting them now for review. >>> >>> The following changes since commit e3eaa9910b380530cfd2c0670fcd3f627674da8a: >>> are available in the git repository at: >> >> git://dev.medozas.de/linux master > >This doesn't apply cleanly anymore due to the mangle table >fixes from Alexey. Rebased, see below. The following changes since commit 98e6d2d5ee26bf56850a10eb64139c68fb09ba19: Jan Engelhardt (1): netfilter: xt_recent: inform user when hitcount is too large are available in the git repository at: git://dev.medozas.de/linux master-d5d1baa Jan Engelhardt (6): netfilter: iptables: remove unused function arguments netfilter: reduce NF_HOOK by one argument netfilter: get rid of the grossness in netfilter.h netfilter: xtables: print details on size mismatch netfilter: xtables: constify args in compat copying functions netfilter: xtables: add const qualifiers include/linux/netfilter.h | 55 +++++++++++--------- include/linux/netfilter/x_tables.h | 12 ++-- net/bridge/netfilter/ebtables.c | 59 ++++++++++++---------- net/ipv4/netfilter/arp_tables.c | 73 +++++++++++++++------------ net/ipv4/netfilter/ip_tables.c | 92 +++++++++++++++++++--------------- net/ipv4/netfilter/ipt_ULOG.c | 4 +- net/ipv4/netfilter/iptable_mangle.c | 10 +--- net/ipv6/netfilter/ip6_tables.c | 92 ++++++++++++++++++--------------- net/ipv6/netfilter/ip6table_mangle.c | 10 +--- net/netfilter/x_tables.c | 16 ++++-- net/netfilter/xt_hashlimit.c | 4 +- net/netfilter/xt_limit.c | 4 +- 12 files changed, 233 insertions(+), 198 deletions(-) And the second run would be The following changes since commit d5d1baa15f5b05e9110403724d5dc72d6d541e04: Jan Engelhardt (1): netfilter: xtables: add const qualifiers are available in the git repository at: git://dev.medozas.de/linux master Jan Engelhardt (6): netfilter: xtables: replace XT_ENTRY_ITERATE macro netfilter: xtables: optimize call flow around xt_entry_foreach netfilter: xtables: replace XT_MATCH_ITERATE macro netfilter: xtables: optimize call flow around xt_ematch_foreach netfilter: xtables: reduce arguments to translate_table netfilter: xtables2: make ip_tables reentrant include/linux/netfilter/x_tables.h | 24 ++ include/linux/netfilter_arp/arp_tables.h | 10 +- include/linux/netfilter_ipv4/ip_tables.h | 15 +- include/linux/netfilter_ipv6/ip6_tables.h | 14 +- net/ipv4/netfilter/arp_tables.c | 307 ++++++++---------- net/ipv4/netfilter/ip_tables.c | 501 ++++++++++++++--------------- net/ipv6/netfilter/ip6_tables.c | 492 ++++++++++++++--------------- net/netfilter/x_tables.c | 79 +++++ net/netfilter/xt_TCPMSS.c | 12 +- 9 files changed, 741 insertions(+), 713 deletions(-) ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: Code cleanups 2010-02-15 16:07 ` Jan Engelhardt @ 2010-02-15 16:23 ` Patrick McHardy 0 siblings, 0 replies; 20+ messages in thread From: Patrick McHardy @ 2010-02-15 16:23 UTC (permalink / raw) To: Jan Engelhardt; +Cc: netfilter-devel Jan Engelhardt wrote: > On Monday 2010-02-15 16:34, Patrick McHardy wrote: >>>> the next patch pack is mostly about cleanups, and there is one >>>> commit for improving debug a little. >>>> Pull URL will be posted once the previous request has been >>>> merged, but I am already posting them now for review. >>>> >>>> The following changes since commit e3eaa9910b380530cfd2c0670fcd3f627674da8a: >>>> are available in the git repository at: >>> git://dev.medozas.de/linux master >> This doesn't apply cleanly anymore due to the mangle table >> fixes from Alexey. > > > Rebased, see below. > > > The following changes since commit 98e6d2d5ee26bf56850a10eb64139c68fb09ba19: > Jan Engelhardt (1): > netfilter: xt_recent: inform user when hitcount is too large > > are available in the git repository at: > > git://dev.medozas.de/linux master-d5d1baa > > Jan Engelhardt (6): > netfilter: iptables: remove unused function arguments > netfilter: reduce NF_HOOK by one argument > netfilter: get rid of the grossness in netfilter.h > netfilter: xtables: print details on size mismatch > netfilter: xtables: constify args in compat copying functions > netfilter: xtables: add const qualifiers Pulled and pushed out again, thanks. > And the second run would be > > > The following changes since commit d5d1baa15f5b05e9110403724d5dc72d6d541e04: > Jan Engelhardt (1): > netfilter: xtables: add const qualifiers > > are available in the git repository at: > > git://dev.medozas.de/linux master > > Jan Engelhardt (6): > netfilter: xtables: replace XT_ENTRY_ITERATE macro > netfilter: xtables: optimize call flow around xt_entry_foreach > netfilter: xtables: replace XT_MATCH_ITERATE macro > netfilter: xtables: optimize call flow around xt_ematch_foreach > netfilter: xtables: reduce arguments to translate_table > netfilter: xtables2: make ip_tables reentrant These will have to wait until I can review them. This won't happen today since I want to get the first batch of patches out previously. ^ permalink raw reply [flat|nested] 20+ messages in thread
end of thread, other threads:[~2010-02-15 16:23 UTC | newest] Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2010-02-10 17:39 Code cleanups Jan Engelhardt 2010-02-10 17:39 ` [PATCH 1/6] netfilter: iptables: remove unused function arguments Jan Engelhardt 2010-02-10 17:39 ` [PATCH 2/6] netfilter: reduce NF_HOOK by one argument Jan Engelhardt 2010-02-10 17:39 ` [PATCH 3/6] netfilter: get rid of the grossness in netfilter.h Jan Engelhardt 2010-02-10 17:44 ` Patrick McHardy 2010-02-10 21:07 ` Jan Engelhardt 2010-02-11 9:02 ` Patrick McHardy 2010-02-10 17:39 ` [PATCH 4/6] netfilter: xtables: print details on size mismatch Jan Engelhardt 2010-02-10 17:39 ` [PATCH 5/6] netfilter: xtables: constify args in compat copying functions Jan Engelhardt 2010-02-10 17:39 ` [PATCH 6/6] netfilter: xtables: add const qualifiers Jan Engelhardt 2010-02-11 9:00 ` Patrick McHardy 2010-02-11 13:27 ` Jan Engelhardt 2010-02-11 16:06 ` Patrick McHardy 2010-02-11 16:22 ` Jan Engelhardt 2010-02-11 16:27 ` Patrick McHardy 2010-02-11 17:04 ` Jan Engelhardt 2010-02-10 21:10 ` Code cleanups Jan Engelhardt 2010-02-15 15:34 ` Patrick McHardy 2010-02-15 16:07 ` Jan Engelhardt 2010-02-15 16:23 ` Patrick McHardy
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.