Eric Lee / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 2b21e051472fdb4680076278b2ccf63ebc1cc3bc

Authored by Jan Engelhardt
1 parent 737535c5cf
Exists in master and in 39 other branches 8mp-imx_5.4.70_2.3.0, 8qm-imx_5.4.70_2.3.0, emb_imx_lf-5.15.y, emb_lf-6.1.y, imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, imx_4.1.15_1.0.0_ga, pitx_8mp_lf-5.10.y, rt-smarc-imx_4.1.15_1.0.0_ga, rt_linux_5.15.71, smarc-8m-android-11.0.0_2.0.0, smarc-imx6_4.14.98_2.0.0_ga, smarc-imx6_4.9.88_2.0.0_ga, smarc-imx7_4.14.98_2.0.0_ga, smarc-imx7_4.9.11_1.0.0_ga, smarc-imx7_4.9.88_2.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-imx_4.1.15_1.0.0_ga, smarc-imx_4.9.11_1.0.0_ga, smarc-imx_4.9.51_imx8m_ga, smarc-imx_4.9.88_2.0.0_ga, smarc-m6.0.1_2.1.0-ga, smarc-n7.1.2_2.0.0-ga, smarc-rel_imx_4.1.15_1.2.0_ga, smarc_8m_00d0_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.14.78_1.0.0_ga, smarc_8m_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.19.35_1.1.0, smarc_8mm_imx_4.14.78_1.0.0_ga, smarc_8mm_imx_4.14.98_2.0.0_ga, smarc_8mm_imx_4.19.35_1.1.0, smarc_8mm_imx_5.4.24_2.1.0, smarc_8mp_lf-5.10.y, smarc_8mq_imx_5.4.24_2.1.0, smarc_8mq_lf-5.10.y, smarc_imx_lf-5.15.y

netfilter: xtables: compact table hook functions (2/2) 

The calls to ip6t_do_table only show minimal differences, so it seems
like a good cleanup to merge them to a single one too.
Space saving obtained by both patches: 6807725->6807373
("Total" column from `size -A`.)

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

Showing 7 changed files with 36 additions and 59 deletions Side-by-side Diff

net/ipv4/netfilter/arptable_filter.c
Diff comments   View file @ 2b21e05
... ... @@ -58,13 +58,9 @@
58 58 const struct net_device *in, const struct net_device *out,
59 59 int (*okfn)(struct sk_buff *))
60 60 {
61   - if (hook == NF_ARP_OUT)
62   - return arpt_do_table(skb, hook, in, out,
63   - dev_net(out)->ipv4.arptable_filter);
  61 + const struct net *net = dev_net((in != NULL) ? in : out);
64 62  
65   - /* INPUT/FORWARD: */
66   - return arpt_do_table(skb, hook, in, out,
67   - dev_net(in)->ipv4.arptable_filter);
  63 + return arpt_do_table(skb, hook, in, out, net->ipv4.arptable_filter);
68 64 }
69 65  
70 66 static struct nf_hook_ops arpt_ops[] __read_mostly = {
net/ipv4/netfilter/iptable_filter.c
Diff comments   View file @ 2b21e05
... ... @@ -65,19 +65,16 @@
65 65 const struct net_device *in, const struct net_device *out,
66 66 int (*okfn)(struct sk_buff *))
67 67 {
68   - if (hook == NF_INET_LOCAL_OUT) {
69   - if (skb->len < sizeof(struct iphdr) ||
70   - ip_hdrlen(skb) < sizeof(struct iphdr))
71   - /* root is playing with raw sockets. */
72   - return NF_ACCEPT;
  68 + const struct net *net;
73 69  
74   - return ipt_do_table(skb, hook, in, out,
75   - dev_net(out)->ipv4.iptable_filter);
76   - }
  70 + if (hook == NF_INET_LOCAL_OUT &&
  71 + (skb->len < sizeof(struct iphdr) ||
  72 + ip_hdrlen(skb) < sizeof(struct iphdr)))
  73 + /* root is playing with raw sockets. */
  74 + return NF_ACCEPT;
77 75  
78   - /* LOCAL_IN/FORWARD: */
79   - return ipt_do_table(skb, hook, in, out,
80   - dev_net(in)->ipv4.iptable_filter);
  76 + net = dev_net((in != NULL) ? in : out);
  77 + return ipt_do_table(skb, hook, in, out, net->ipv4.iptable_filter);
81 78 }
82 79  
83 80 static struct nf_hook_ops ipt_ops[] __read_mostly = {
net/ipv4/netfilter/iptable_raw.c
Diff comments   View file @ 2b21e05
... ... @@ -49,17 +49,16 @@
49 49 const struct net_device *in, const struct net_device *out,
50 50 int (*okfn)(struct sk_buff *))
51 51 {
52   - if (hook == NF_INET_PRE_ROUTING)
53   - return ipt_do_table(skb, hook, in, out,
54   - dev_net(in)->ipv4.iptable_raw);
  52 + const struct net *net;
55 53  
56   - /* OUTPUT: */
57   - /* root is playing with raw sockets. */
58   - if (skb->len < sizeof(struct iphdr) ||
59   - ip_hdrlen(skb) < sizeof(struct iphdr))
  54 + if (hook == NF_INET_LOCAL_OUT &&
  55 + (skb->len < sizeof(struct iphdr) ||
  56 + ip_hdrlen(skb) < sizeof(struct iphdr)))
  57 + /* root is playing with raw sockets. */
60 58 return NF_ACCEPT;
61   - return ipt_do_table(skb, hook, in, out,
62   - dev_net(out)->ipv4.iptable_raw);
  59 +
  60 + net = dev_net((in != NULL) ? in : out);
  61 + return ipt_do_table(skb, hook, in, out, net->ipv4.iptable_raw);
63 62 }
64 63  
65 64 /* 'raw' is the very first table. */
net/ipv4/netfilter/iptable_security.c
Diff comments   View file @ 2b21e05
... ... @@ -70,19 +70,16 @@
70 70 const struct net_device *out,
71 71 int (*okfn)(struct sk_buff *))
72 72 {
73   - if (hook == NF_INET_LOCAL_OUT) {
74   - if (skb->len < sizeof(struct iphdr) ||
75   - ip_hdrlen(skb) < sizeof(struct iphdr))
76   - /* Somebody is playing with raw sockets. */
77   - return NF_ACCEPT;
  73 + const struct net *net;
78 74  
79   - return ipt_do_table(skb, hook, in, out,
80   - dev_net(out)->ipv4.iptable_security);
81   - }
  75 + if (hook == NF_INET_LOCAL_OUT &&
  76 + (skb->len < sizeof(struct iphdr) ||
  77 + ip_hdrlen(skb) < sizeof(struct iphdr)))
  78 + /* Somebody is playing with raw sockets. */
  79 + return NF_ACCEPT;
82 80  
83   - /* INPUT/FORWARD: */
84   - return ipt_do_table(skb, hook, in, out,
85   - dev_net(in)->ipv4.iptable_security);
  81 + net = dev_net((in != NULL) ? in : out);
  82 + return ipt_do_table(skb, hook, in, out, net->ipv4.iptable_security);
86 83 }
87 84  
88 85 static struct nf_hook_ops ipt_ops[] __read_mostly = {
net/ipv6/netfilter/ip6table_filter.c
Diff comments   View file @ 2b21e05
... ... @@ -64,13 +64,9 @@
64 64 const struct net_device *in, const struct net_device *out,
65 65 int (*okfn)(struct sk_buff *))
66 66 {
67   - if (hook == NF_INET_LOCAL_OUT)
68   - return ip6t_do_table(skb, hook, in, out,
69   - dev_net(out)->ipv6.ip6table_filter);
  67 + const struct net *net = dev_net((in != NULL) ? in : out);
70 68  
71   - /* INPUT/FORWARD: */
72   - return ip6t_do_table(skb, hook, in, out,
73   - dev_net(in)->ipv6.ip6table_filter);
  69 + return ip6t_do_table(skb, hook, in, out, net->ipv6.ip6table_filter);
74 70 }
75 71  
76 72 static struct nf_hook_ops ip6t_ops[] __read_mostly = {
net/ipv6/netfilter/ip6table_raw.c
Diff comments   View file @ 2b21e05
... ... @@ -48,13 +48,9 @@
48 48 const struct net_device *in, const struct net_device *out,
49 49 int (*okfn)(struct sk_buff *))
50 50 {
51   - if (hook == NF_INET_PRE_ROUTING)
52   - return ip6t_do_table(skb, hook, in, out,
53   - dev_net(in)->ipv6.ip6table_raw);
  51 + const struct net *net = dev_net((in != NULL) ? in : out);
54 52  
55   - /* OUTPUT: */
56   - return ip6t_do_table(skb, hook, in, out,
57   - dev_net(out)->ipv6.ip6table_raw);
  53 + return ip6t_do_table(skb, hook, in, out, net->ipv6.ip6table_raw);
58 54 }
59 55  
60 56 static struct nf_hook_ops ip6t_ops[] __read_mostly = {
net/ipv6/netfilter/ip6table_security.c
Diff comments   View file @ 2b21e05
... ... @@ -69,13 +69,9 @@
69 69 const struct net_device *out,
70 70 int (*okfn)(struct sk_buff *))
71 71 {
72   - if (hook == NF_INET_LOCAL_OUT)
73   - return ip6t_do_table(skb, hook, in, out,
74   - dev_net(out)->ipv6.ip6table_security);
  72 + const struct net *net = dev_net((in != NULL) ? in : out);
75 73  
76   - /* INPUT/FORWARD: */
77   - return ip6t_do_table(skb, hook, in, out,
78   - dev_net(in)->ipv6.ip6table_security);
  74 + return ip6t_do_table(skb, hook, in, out, net->ipv6.ip6table_security);
79 75 }
80 76  
81 77 static struct nf_hook_ops ip6t_ops[] __read_mostly = {