[EBTABLES]: Pull the loop doing __ebt_verify_pointers() into a separate function.
Al Viro [Fri, 1 Dec 2006 03:26:14 +0000 (19:26 -0800)]
It's easier to expand the iterator here *and* we'll be able to move all
uses of ebt_replace from translate_table() into this one.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/bridge/netfilter/ebtables.c

index e79c0fb..2eba40f 100644 (file)
@@ -393,48 +393,54 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
        return 0;
 }
 
-static inline int
-__ebt_verify_pointers(struct ebt_entry *e,
-   struct ebt_table_info *newinfo, char *base, char *limit,
-   struct ebt_entries **hook_entries,
-   unsigned int valid_hooks)
+static int ebt_verify_pointers(struct ebt_replace *repl,
+                              struct ebt_table_info *newinfo)
 {
-       unsigned int offset = (char *)e - newinfo->entries;
-       size_t left = (limit - base) - offset;
+       unsigned int limit = repl->entries_size;
+       unsigned int valid_hooks = repl->valid_hooks;
+       unsigned int offset = 0;
        int i;
 
-       if (left < sizeof(unsigned int))
-               goto Esmall;
+       while (offset < limit) {
+               size_t left = limit - offset;
+               struct ebt_entry *e = (void *)newinfo->entries + offset;
 
-       for (i = 0; i < NF_BR_NUMHOOKS; i++) {
-               if ((valid_hooks & (1 << i)) == 0)
-                       continue;
-               if ((char *)hook_entries[i] == base + offset)
+               if (left < sizeof(unsigned int))
                        break;
-       }
-       if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
-               if (e->bitmask != 0) {
-                       /* we make userspace set this right,
-                          so there is no misunderstanding */
-                       BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
-                                "in distinguisher\n");
-                       return -EINVAL;
+
+               for (i = 0; i < NF_BR_NUMHOOKS; i++) {
+                       if ((valid_hooks & (1 << i)) == 0)
+                               continue;
+                       if ((char *)repl->hook_entry[i] == repl->entries + offset)
+                               break;
                }
-               if (left < sizeof(struct ebt_entries))
-                       goto Esmall;
-               if (i != NF_BR_NUMHOOKS)
-                       newinfo->hook_entry[i] = (struct ebt_entries *)e;
-               return 0;
+
+               if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) {
+                       if (e->bitmask != 0) {
+                               /* we make userspace set this right,
+                                  so there is no misunderstanding */
+                               BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
+                                        "in distinguisher\n");
+                               return -EINVAL;
+                       }
+                       if (i != NF_BR_NUMHOOKS)
+                               newinfo->hook_entry[i] = (struct ebt_entries *)e;
+                       if (left < sizeof(struct ebt_entries))
+                               break;
+                       offset += sizeof(struct ebt_entries);
+               } else {
+                       if (left < sizeof(struct ebt_entry))
+                               break;
+                       if (left < e->next_offset)
+                               break;
+                       offset += e->next_offset;
+               }
+       }
+       if (offset != limit) {
+               BUGPRINT("entries_size too small\n");
+               return -EINVAL;
        }
-       if (left < sizeof(struct ebt_entry))
-               goto Esmall;
-       if (left < e->next_offset)
-               goto Esmall;
        return 0;
-
-Esmall:
-       BUGPRINT("entries_size too small\n");
-       return -EINVAL;
 }
 
 /*
@@ -795,9 +801,7 @@ static int translate_table(struct ebt_replace *repl,
        newinfo->entries_size = repl->entries_size;
        newinfo->nentries = repl->nentries;
 
-       ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
-          __ebt_verify_pointers, newinfo, repl->entries,
-          repl->entries + repl->entries_size, repl->hook_entry, repl->valid_hooks);
+       ret = ebt_verify_pointers(repl, newinfo);
        if (ret != 0)
                return ret;