From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752245AbcFPGEK (ORCPT ); Thu, 16 Jun 2016 02:04:10 -0400 Received: from smtprelay0174.hostedemail.com ([216.40.44.174]:41626 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751252AbcFPGEI (ORCPT ); Thu, 16 Jun 2016 02:04:08 -0400 X-Session-Marker: 6A6F6540706572636865732E636F6D X-Spam-Summary: 2,0,0,,d41d8cd98f00b204,joe@perches.com,:::::::::::::::::::,RULES_HIT:2:41:69:355:379:541:599:800:960:973:988:989:1260:1277:1311:1313:1314:1345:1359:1373:1437:1515:1516:1518:1535:1593:1594:1605:1730:1747:1777:1792:2393:2553:2559:2562:2828:3138:3139:3140:3141:3142:3622:3834:3865:3866:3867:3868:3870:3871:3872:4052:4120:4250:4321:4560:5007:6238:7576:7875:7914:9545:10004:10848:10967:11026:11232:11473:11658:11783:11914:12043:12114:12262:12296:12438:12517:12519:12555:12679:12683:12698:12737:12740:13161:13181:13229:13255:13439:13894:14659:21080:21433:30003:30012:30054:30075:30090:30091,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fn,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:1,LUA_SUMMARY:none X-HE-Tag: park71_697929113259 X-Filterd-Recvd-Size: 9960 Message-ID: <1466057044.19647.42.camel@perches.com> Subject: Re: [PATCH] bridge: netfilter: spanning tree: Add masked_ether_addr_equal and neatening From: Joe Perches To: Pablo Neira Ayuso , Patrick McHardy , Jozsef Kadlecsik Cc: Stephen Hemminger , "David S. Miller" , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux-foundation.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 15 Jun 2016 23:04:04 -0700 In-Reply-To: References: Content-Type: text/plain; charset="ISO-8859-1" X-Mailer: Evolution 3.18.5.2-0ubuntu3 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2016-06-15 at 13:58 -0700, Joe Perches wrote: > There is code duplication of a masked ethernet address comparison here > so make it a separate function instead. > > Miscellanea: > > o Neaten alignment of FWINV macro uses to make it clearer for the reader > > Signed-off-by: Joe Perches > --- > > This masked_ether_addr_equal function could go into etherdevice.h, > but I don't see another use like it in kernel code.  Is there one? Turns out there are at least a few more uses in bridge/netfilter  net/bridge/netfilter/ebt_arp.c  net/bridge/netfilter/ebtables.c Maybe this? --- >>From 770261c682a745b8de663a5756a66cd00bb5b79b Mon Sep 17 00:00:00 2001 Message-Id: <770261c682a745b8de663a5756a66cd00bb5b79b.1466056695.git.joe@perches.com> From: Joe Perches Date: Wed, 15 Jun 2016 13:45:54 -0700 Subject: [PATCH] etherdevice.h & bridge: netfilter: Add and use  ether_addr_equal_masked There are code duplications of a masked ethernet address comparison here so make it a separate function instead. Miscellanea: o Neaten alignment of FWINV macro uses to make it clearer for the reader Signed-off-by: Joe Perches ---  include/linux/etherdevice.h     | 22 ++++++++++++++++++  net/bridge/netfilter/ebt_arp.c  | 17 +++++---------  net/bridge/netfilter/ebt_stp.c  | 49 ++++++++++++++++++-----------------------  net/bridge/netfilter/ebtables.c | 17 +++++---------  4 files changed, 56 insertions(+), 49 deletions(-) diff --git a/include/linux/etherdevice.h b/include/linux/etherdevice.h index 37ff4a6..942a24c 100644 --- a/include/linux/etherdevice.h +++ b/include/linux/etherdevice.h @@ -374,6 +374,28 @@ static inline bool ether_addr_equal_unaligned(const u8 *addr1, const u8 *addr2)  }    /** + * ether_addr_equal_masked - Compare two Ethernet addresses with a mask + * @addr1: Pointer to a six-byte array containing the 1st Ethernet address + * @addr2: Pointer to a six-byte array containing the 2nd Ethernet address + * @mask: Pointer to a six-byte array containing the Ethernet address bitmask + * + * Compare two Ethernet addresses with a mask, returns true if for every bit + * set in the bitmask the equivalent bits in the ethernet addresses are equal. + */ +static inline bool ether_addr_equal_masked(const u8 *addr1, const u8 *addr2, +    const u8 *mask) +{ + int i; + + for (i = 0; i < ETH_ALEN; i++) { + if ((addr1[i] ^ addr2[i]) & mask[i]) + return false; + } + + return true; +} + +/**   * is_etherdev_addr - Tell if given Ethernet address belongs to the device.   * @dev: Pointer to a device structure   * @addr: Pointer to a six-byte array containing the Ethernet address diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c index cd457b8..cca0a89 100644 --- a/net/bridge/netfilter/ebt_arp.c +++ b/net/bridge/netfilter/ebt_arp.c @@ -65,7 +65,6 @@ ebt_arp_mt(const struct sk_buff *skb, struct xt_action_param *par)   if (info->bitmask & (EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC)) {   const unsigned char *mp;   unsigned char _mac[ETH_ALEN]; - uint8_t verdict, i;     if (ah->ar_hln != ETH_ALEN || ah->ar_hrd != htons(ARPHRD_ETHER))   return false; @@ -74,11 +73,9 @@ ebt_arp_mt(const struct sk_buff *skb, struct xt_action_param *par)   sizeof(_mac), &_mac);   if (mp == NULL)   return false; - verdict = 0; - for (i = 0; i < 6; i++) - verdict |= (mp[i] ^ info->smaddr[i]) & -        info->smmsk[i]; - if (FWINV(verdict != 0, EBT_ARP_SRC_MAC)) + if (FWINV(!ether_addr_equal_masked(mp, info->smaddr, +    info->smmsk), +   EBT_ARP_SRC_MAC))   return false;   }   @@ -88,11 +85,9 @@ ebt_arp_mt(const struct sk_buff *skb, struct xt_action_param *par)   sizeof(_mac), &_mac);   if (mp == NULL)   return false; - verdict = 0; - for (i = 0; i < 6; i++) - verdict |= (mp[i] ^ info->dmaddr[i]) & - info->dmmsk[i]; - if (FWINV(verdict != 0, EBT_ARP_DST_MAC)) + if (FWINV(!ether_addr_equal_masked(mp, info->dmaddr, +    info->dmmsk), +   EBT_ARP_DST_MAC))   return false;   }   } diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c index e77f90b..45f73d5 100644 --- a/net/bridge/netfilter/ebt_stp.c +++ b/net/bridge/netfilter/ebt_stp.c @@ -46,7 +46,6 @@ static bool ebt_filter_config(const struct ebt_stp_info *info,   const struct ebt_stp_config_info *c;   u16 v16;   u32 v32; - int verdict, i;     c = &info->config;   if ((info->bitmask & EBT_STP_FLAGS) && @@ -54,66 +53,62 @@ static bool ebt_filter_config(const struct ebt_stp_info *info,   return false;   if (info->bitmask & EBT_STP_ROOTPRIO) {   v16 = NR16(stpc->root); - if (FWINV(v16 < c->root_priol || -     v16 > c->root_priou, EBT_STP_ROOTPRIO)) + if (FWINV(v16 < c->root_priol || v16 > c->root_priou, +   EBT_STP_ROOTPRIO))   return false;   }   if (info->bitmask & EBT_STP_ROOTADDR) { - verdict = 0; - for (i = 0; i < 6; i++) - verdict |= (stpc->root[2+i] ^ c->root_addr[i]) & -    c->root_addrmsk[i]; - if (FWINV(verdict != 0, EBT_STP_ROOTADDR)) + if (FWINV(!ether_addr_equal_masked(&stpc->root[2], c->root_addr, +    c->root_addrmsk), +   EBT_STP_ROOTADDR))   return false;   }   if (info->bitmask & EBT_STP_ROOTCOST) {   v32 = NR32(stpc->root_cost); - if (FWINV(v32 < c->root_costl || -     v32 > c->root_costu, EBT_STP_ROOTCOST)) + if (FWINV(v32 < c->root_costl || v32 > c->root_costu, +   EBT_STP_ROOTCOST))   return false;   }   if (info->bitmask & EBT_STP_SENDERPRIO) {   v16 = NR16(stpc->sender); - if (FWINV(v16 < c->sender_priol || -     v16 > c->sender_priou, EBT_STP_SENDERPRIO)) + if (FWINV(v16 < c->sender_priol || v16 > c->sender_priou, +   EBT_STP_SENDERPRIO))   return false;   }   if (info->bitmask & EBT_STP_SENDERADDR) { - verdict = 0; - for (i = 0; i < 6; i++) - verdict |= (stpc->sender[2+i] ^ c->sender_addr[i]) & -    c->sender_addrmsk[i]; - if (FWINV(verdict != 0, EBT_STP_SENDERADDR)) + if (FWINV(!ether_addr_equal_masked(&stpc->sender[2], +    c->sender_addr, +    c->sender_addrmsk), +   EBT_STP_SENDERADDR))   return false;   }   if (info->bitmask & EBT_STP_PORT) {   v16 = NR16(stpc->port); - if (FWINV(v16 < c->portl || -     v16 > c->portu, EBT_STP_PORT)) + if (FWINV(v16 < c->portl || v16 > c->portu, EBT_STP_PORT))   return false;   }   if (info->bitmask & EBT_STP_MSGAGE) {   v16 = NR16(stpc->msg_age); - if (FWINV(v16 < c->msg_agel || -     v16 > c->msg_ageu, EBT_STP_MSGAGE)) + if (FWINV(v16 < c->msg_agel || v16 > c->msg_ageu, +   EBT_STP_MSGAGE))   return false;   }   if (info->bitmask & EBT_STP_MAXAGE) {   v16 = NR16(stpc->max_age); - if (FWINV(v16 < c->max_agel || -     v16 > c->max_ageu, EBT_STP_MAXAGE)) + if (FWINV(v16 < c->max_agel || v16 > c->max_ageu, +   EBT_STP_MAXAGE))   return false;   }   if (info->bitmask & EBT_STP_HELLOTIME) {   v16 = NR16(stpc->hello_time); - if (FWINV(v16 < c->hello_timel || -     v16 > c->hello_timeu, EBT_STP_HELLOTIME)) + if (FWINV(v16 < c->hello_timel || v16 > c->hello_timeu, +   EBT_STP_HELLOTIME))   return false;   }   if (info->bitmask & EBT_STP_FWDD) {   v16 = NR16(stpc->forward_delay); - if (FWINV(v16 < c->forward_delayl || -     v16 > c->forward_delayu, EBT_STP_FWDD)) + if (FWINV(v16 < c->forward_delayl || v16 > c->forward_delayu, +   EBT_STP_FWDD))   return false;   }   return true; diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 5a61f35..5721a25 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -130,7 +130,6 @@ ebt_basic_match(const struct ebt_entry *e, const struct sk_buff *skb,   const struct ethhdr *h = eth_hdr(skb);   const struct net_bridge_port *p;   __be16 ethproto; - int verdict, i;     if (skb_vlan_tag_present(skb))   ethproto = htons(ETH_P_8021Q); @@ -157,19 +156,15 @@ ebt_basic_match(const struct ebt_entry *e, const struct sk_buff *skb,   return 1;     if (e->bitmask & EBT_SOURCEMAC) { - verdict = 0; - for (i = 0; i < 6; i++) - verdict |= (h->h_source[i] ^ e->sourcemac[i]) & -    e->sourcemsk[i]; - if (FWINV2(verdict != 0, EBT_ISOURCE)) + if (FWINV2(!ether_addr_equal_masked(h->h_source, +     e->sourcemac, e->sourcemsk), +    EBT_ISOURCE))   return 1;   }   if (e->bitmask & EBT_DESTMAC) { - verdict = 0; - for (i = 0; i < 6; i++) - verdict |= (h->h_dest[i] ^ e->destmac[i]) & -    e->destmsk[i]; - if (FWINV2(verdict != 0, EBT_IDEST)) + if (FWINV2(!ether_addr_equal_masked(h->h_dest, +     e->destmac, e->destmsk), +    EBT_IDEST))   return 1;   }   return 0; --  2.8.0.rc4.16.g56331f8