summaryrefslogtreecommitdiffstats
path: root/net/ipv6/netfilter
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2009-07-05 18:26:37 +0200
committerJan Engelhardt <jengelh@medozas.de>2010-05-11 18:23:43 +0200
commitde74c16996287250f0d947663127f80c6beebd3c (patch)
treec7e77e254c5812c8561516dd668eaec732a89a0d /net/ipv6/netfilter
parentef53d702c3614fb919e8a8291033e3dbccfd1aea (diff)
downloadlinux-de74c16996287250f0d947663127f80c6beebd3c.tar.bz2
netfilter: xtables: combine struct xt_match_param and xt_target_param
The structures carried - besides match/target - almost the same data. It is possible to combine them, as extensions are evaluated serially, and so, the callers end up a little smaller. text data bss filename -15318 740 104 net/ipv4/netfilter/ip_tables.o +15286 740 104 net/ipv4/netfilter/ip_tables.o -15333 540 152 net/ipv6/netfilter/ip6_tables.o +15269 540 152 net/ipv6/netfilter/ip6_tables.o Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'net/ipv6/netfilter')
-rw-r--r--net/ipv6/netfilter/ip6_tables.c27
1 files changed, 13 insertions, 14 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index f8ac4a0b5899..076308c1acd7 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -345,8 +345,7 @@ ip6t_do_table(struct sk_buff *skb,
struct ip6t_entry *e, **jumpstack;
unsigned int *stackptr, origptr, cpu;
const struct xt_table_info *private;
- struct xt_match_param mtpar;
- struct xt_target_param tgpar;
+ struct xt_action_param acpar;
/* Initialization */
indev = in ? in->name : nulldevname;
@@ -357,11 +356,11 @@ ip6t_do_table(struct sk_buff *skb,
* things we don't know, ie. tcp syn flag or ports). If the
* rule is also a fragment-specific rule, non-fragments won't
* match it. */
- mtpar.hotdrop = &hotdrop;
- mtpar.in = tgpar.in = in;
- mtpar.out = tgpar.out = out;
- mtpar.family = tgpar.family = NFPROTO_IPV6;
- mtpar.hooknum = tgpar.hooknum = hook;
+ acpar.hotdrop = &hotdrop;
+ acpar.in = in;
+ acpar.out = out;
+ acpar.family = NFPROTO_IPV6;
+ acpar.hooknum = hook;
IP_NF_ASSERT(table->valid_hooks & (1 << hook));
@@ -381,16 +380,16 @@ ip6t_do_table(struct sk_buff *skb,
IP_NF_ASSERT(e);
if (!ip6_packet_match(skb, indev, outdev, &e->ipv6,
- &mtpar.thoff, &mtpar.fragoff, &hotdrop)) {
+ &acpar.thoff, &acpar.fragoff, &hotdrop)) {
no_match:
e = ip6t_next_entry(e);
continue;
}
xt_ematch_foreach(ematch, e) {
- mtpar.match = ematch->u.kernel.match;
- mtpar.matchinfo = ematch->data;
- if (!mtpar.match->match(skb, &mtpar))
+ acpar.match = ematch->u.kernel.match;
+ acpar.matchinfo = ematch->data;
+ if (!acpar.match->match(skb, &acpar))
goto no_match;
}
@@ -439,10 +438,10 @@ ip6t_do_table(struct sk_buff *skb,
continue;
}
- tgpar.target = t->u.kernel.target;
- tgpar.targinfo = t->data;
+ acpar.target = t->u.kernel.target;
+ acpar.targinfo = t->data;
- verdict = t->u.kernel.target->target(skb, &tgpar);
+ verdict = t->u.kernel.target->target(skb, &acpar);
if (verdict == IP6T_CONTINUE)
e = ip6t_next_entry(e);
else