netfilter: xtables: replace XT_ENTRY_ITERATE macro

	__ret;							\

	__ret;							\

})

})

#ifndef __KERNEL__

/* fn returns 0 to continue iteration */

/* fn returns 0 to continue iteration */

#define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \

#define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \

({								\

({								\

#define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \

#define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \

	XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args)

	XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args)

#endif /* !__KERNEL__ */

/* pos is normally a struct ipt_entry/ip6t_entry/etc. */

#define xt_entry_foreach(pos, ehead, esize) \

	for ((pos) = (typeof(pos))(ehead); \

	     (pos) < (typeof(pos))((char *)(ehead) + (esize)); \

	     (pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset))

#ifdef __KERNEL__

#ifdef __KERNEL__

#include <linux/netdevice.h>

#include <linux/netdevice.h>

	return (void *)e + e->target_offset;

	return (void *)e + e->target_offset;

}

}

#ifndef __KERNEL__

/* fn returns 0 to continue iteration */

/* fn returns 0 to continue iteration */

#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \

#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \

	XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)

	XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)

#endif

/*

/*

 *	Main firewall chains definitions and global var's definitions.

 *	Main firewall chains definitions and global var's definitions.

#define COMPAT_ARPT_ALIGN(s)	COMPAT_XT_ALIGN(s)

#define COMPAT_ARPT_ALIGN(s)	COMPAT_XT_ALIGN(s)

/* fn returns 0 to continue iteration */

#define COMPAT_ARPT_ENTRY_ITERATE(entries, size, fn, args...) \

	XT_ENTRY_ITERATE(struct compat_arpt_entry, entries, size, fn, ## args)

#define COMPAT_ARPT_ENTRY_ITERATE_CONTINUE(entries, size, n, fn, args...) \

	XT_ENTRY_ITERATE_CONTINUE(struct compat_arpt_entry, entries, size, n, \

				  fn, ## args)

#endif /* CONFIG_COMPAT */

#endif /* CONFIG_COMPAT */

#endif /*__KERNEL__*/

#endif /*__KERNEL__*/

#endif /* _ARPTABLES_H */

#endif /* _ARPTABLES_H */

#define IPT_MATCH_ITERATE(e, fn, args...) \

#define IPT_MATCH_ITERATE(e, fn, args...) \

	XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)

	XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)

#ifndef __KERNEL__

/* fn returns 0 to continue iteration */

/* fn returns 0 to continue iteration */

#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \

#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \

	XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)

	XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)

#endif

/*

/*

 *	Main firewall chains definitions and global var's definitions.

 *	Main firewall chains definitions and global var's definitions.

#define COMPAT_IPT_MATCH_ITERATE(e, fn, args...) \

#define COMPAT_IPT_MATCH_ITERATE(e, fn, args...) \

	XT_MATCH_ITERATE(struct compat_ipt_entry, e, fn, ## args)

	XT_MATCH_ITERATE(struct compat_ipt_entry, e, fn, ## args)

/* fn returns 0 to continue iteration */

#define COMPAT_IPT_ENTRY_ITERATE(entries, size, fn, args...) \

	XT_ENTRY_ITERATE(struct compat_ipt_entry, entries, size, fn, ## args)

/* fn returns 0 to continue iteration */

#define COMPAT_IPT_ENTRY_ITERATE_CONTINUE(entries, size, n, fn, args...) \

	XT_ENTRY_ITERATE_CONTINUE(struct compat_ipt_entry, entries, size, n, \

				  fn, ## args)

#endif /* CONFIG_COMPAT */

#endif /* CONFIG_COMPAT */

#endif /*__KERNEL__*/

#endif /*__KERNEL__*/

#endif /* _IPTABLES_H */

#endif /* _IPTABLES_H */

#define IP6T_MATCH_ITERATE(e, fn, args...) \

#define IP6T_MATCH_ITERATE(e, fn, args...) \

	XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)

	XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)

#ifndef __KERNEL__

/* fn returns 0 to continue iteration */

/* fn returns 0 to continue iteration */

#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \

#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \

	XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)

	XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)

#endif

/*

/*

 *	Main firewall chains definitions and global var's definitions.

 *	Main firewall chains definitions and global var's definitions.

#define COMPAT_IP6T_MATCH_ITERATE(e, fn, args...) \

#define COMPAT_IP6T_MATCH_ITERATE(e, fn, args...) \

	XT_MATCH_ITERATE(struct compat_ip6t_entry, e, fn, ## args)

	XT_MATCH_ITERATE(struct compat_ip6t_entry, e, fn, ## args)

/* fn returns 0 to continue iteration */

#define COMPAT_IP6T_ENTRY_ITERATE(entries, size, fn, args...) \

	XT_ENTRY_ITERATE(struct compat_ip6t_entry, entries, size, fn, ## args)

#define COMPAT_IP6T_ENTRY_ITERATE_CONTINUE(entries, size, n, fn, args...) \

	XT_ENTRY_ITERATE_CONTINUE(struct compat_ip6t_entry, entries, size, n, \

				  fn, ## args)

#endif /* CONFIG_COMPAT */

#endif /* CONFIG_COMPAT */

#endif /*__KERNEL__*/

#endif /*__KERNEL__*/

#endif /* _IP6_TABLES_H */

#endif /* _IP6_TABLES_H */

			   const unsigned int *hook_entries,

			   const unsigned int *hook_entries,

			   const unsigned int *underflows)

			   const unsigned int *underflows)

{

{

	struct arpt_entry *iter;

	unsigned int i;

	unsigned int i;

	int ret;

	int ret = 0;

	newinfo->size = size;

	newinfo->size = size;

	newinfo->number = number;

	newinfo->number = number;

	i = 0;

	i = 0;

	/* Walk through entries, checking offsets. */

	/* Walk through entries, checking offsets. */

	ret = ARPT_ENTRY_ITERATE(entry0, newinfo->size,

	xt_entry_foreach(iter, entry0, newinfo->size) {

				 check_entry_size_and_hooks,

		ret = check_entry_size_and_hooks(iter, newinfo, entry0,

				 newinfo,

		      entry0 + size, hook_entries, underflows,

				 entry0,

		      valid_hooks, &i);

				 entry0 + size,

		if (ret != 0)

				 hook_entries, underflows, valid_hooks, &i);

			break;

	}

	duprintf("translate_table: ARPT_ENTRY_ITERATE gives %d\n", ret);

	duprintf("translate_table: ARPT_ENTRY_ITERATE gives %d\n", ret);

	if (ret != 0)

	if (ret != 0)

		return ret;

		return ret;

	/* Finally, each sanity check must pass */

	/* Finally, each sanity check must pass */

	i = 0;

	i = 0;

	ret = ARPT_ENTRY_ITERATE(entry0, newinfo->size,

	xt_entry_foreach(iter, entry0, newinfo->size) {

				 find_check_entry, name, size, &i);

		ret = find_check_entry(iter, name, size, &i);

		if (ret != 0)

			break;

	}

	if (ret != 0) {

	if (ret != 0) {

		ARPT_ENTRY_ITERATE(entry0, newinfo->size,

		xt_entry_foreach(iter, entry0, newinfo->size)

				cleanup_entry, &i);

			if (cleanup_entry(iter, &i) != 0)

				break;

		return ret;

		return ret;

	}

	}

static void get_counters(const struct xt_table_info *t,

static void get_counters(const struct xt_table_info *t,

			 struct xt_counters counters[])

			 struct xt_counters counters[])

{

{

	struct arpt_entry *iter;

	unsigned int cpu;

	unsigned int cpu;

	unsigned int i;

	unsigned int i;

	unsigned int curcpu;

	unsigned int curcpu;

	curcpu = smp_processor_id();

	curcpu = smp_processor_id();

	i = 0;

	i = 0;

	ARPT_ENTRY_ITERATE(t->entries[curcpu],

	xt_entry_foreach(iter, t->entries[curcpu], t->size)

			   t->size,

		if (set_entry_to_counter(iter, counters, &i) != 0)

			   set_entry_to_counter,

			break;

			   counters,

			   &i);

	for_each_possible_cpu(cpu) {

	for_each_possible_cpu(cpu) {

		if (cpu == curcpu)

		if (cpu == curcpu)

			continue;

			continue;

		i = 0;

		i = 0;

		xt_info_wrlock(cpu);

		xt_info_wrlock(cpu);

		ARPT_ENTRY_ITERATE(t->entries[cpu],

		xt_entry_foreach(iter, t->entries[cpu], t->size)

				   t->size,

			if (add_entry_to_counter(iter, counters, &i) != 0)

				   add_entry_to_counter,

				break;

				   counters,

				   &i);

		xt_info_wrunlock(cpu);

		xt_info_wrunlock(cpu);

	}

	}

	local_bh_enable();

	local_bh_enable();

static int compat_table_info(const struct xt_table_info *info,

static int compat_table_info(const struct xt_table_info *info,

			     struct xt_table_info *newinfo)

			     struct xt_table_info *newinfo)

{

{

	struct arpt_entry *iter;

	void *loc_cpu_entry;

	void *loc_cpu_entry;

	int ret = 0;

	if (!newinfo || !info)

	if (!newinfo || !info)

		return -EINVAL;

		return -EINVAL;

	memcpy(newinfo, info, offsetof(struct xt_table_info, entries));

	memcpy(newinfo, info, offsetof(struct xt_table_info, entries));

	newinfo->initial_entries = 0;

	newinfo->initial_entries = 0;

	loc_cpu_entry = info->entries[raw_smp_processor_id()];

	loc_cpu_entry = info->entries[raw_smp_processor_id()];

	return ARPT_ENTRY_ITERATE(loc_cpu_entry, info->size,

	xt_entry_foreach(iter, loc_cpu_entry, info->size) {

				  compat_calc_entry, info, loc_cpu_entry,

		ret = compat_calc_entry(iter, info, loc_cpu_entry, newinfo);

				  newinfo);

		if (ret != 0)

			break;

	}

	return ret;

}

}

#endif

#endif

	struct xt_table_info *oldinfo;

	struct xt_table_info *oldinfo;

	struct xt_counters *counters;

	struct xt_counters *counters;

	void *loc_cpu_old_entry;

	void *loc_cpu_old_entry;

	struct arpt_entry *iter;

	ret = 0;

	ret = 0;

	counters = vmalloc_node(num_counters * sizeof(struct xt_counters),

	counters = vmalloc_node(num_counters * sizeof(struct xt_counters),

	/* Decrease module usage counts and free resource */

	/* Decrease module usage counts and free resource */

	loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()];

	loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()];

	ARPT_ENTRY_ITERATE(loc_cpu_old_entry, oldinfo->size, cleanup_entry,

	xt_entry_foreach(iter, loc_cpu_old_entry, oldinfo->size)

			   NULL);

		if (cleanup_entry(iter, NULL) != 0)

			break;

	xt_free_table_info(oldinfo);

	xt_free_table_info(oldinfo);

	if (copy_to_user(counters_ptr, counters,

	if (copy_to_user(counters_ptr, counters,

	struct arpt_replace tmp;

	struct arpt_replace tmp;

	struct xt_table_info *newinfo;

	struct xt_table_info *newinfo;

	void *loc_cpu_entry;

	void *loc_cpu_entry;

	struct arpt_entry *iter;

	if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)

	if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)

		return -EFAULT;

		return -EFAULT;

	return 0;

	return 0;

 free_newinfo_untrans:

 free_newinfo_untrans:

	ARPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL);

	xt_entry_foreach(iter, loc_cpu_entry, newinfo->size)

		if (cleanup_entry(iter, NULL) != 0)

			break;

 free_newinfo:

 free_newinfo:

	xt_free_table_info(newinfo);

	xt_free_table_info(newinfo);

	return ret;

	return ret;

	const struct xt_table_info *private;

	const struct xt_table_info *private;

	int ret = 0;

	int ret = 0;

	void *loc_cpu_entry;

	void *loc_cpu_entry;

	struct arpt_entry *iter;

#ifdef CONFIG_COMPAT

#ifdef CONFIG_COMPAT

	struct compat_xt_counters_info compat_tmp;

	struct compat_xt_counters_info compat_tmp;

	curcpu = smp_processor_id();

	curcpu = smp_processor_id();

	loc_cpu_entry = private->entries[curcpu];

	loc_cpu_entry = private->entries[curcpu];

	xt_info_wrlock(curcpu);

	xt_info_wrlock(curcpu);

	ARPT_ENTRY_ITERATE(loc_cpu_entry,

	xt_entry_foreach(iter, loc_cpu_entry, private->size)

			   private->size,

		if (add_counter_to_entry(iter, paddc, &i) != 0)

			   add_counter_to_entry,

			break;

			   paddc,

			   &i);

	xt_info_wrunlock(curcpu);

	xt_info_wrunlock(curcpu);

 unlock_up_free:

 unlock_up_free:

	local_bh_enable();

	local_bh_enable();

	unsigned int i, j;

	unsigned int i, j;

	struct xt_table_info *newinfo, *info;

	struct xt_table_info *newinfo, *info;

	void *pos, *entry0, *entry1;

	void *pos, *entry0, *entry1;

	struct compat_arpt_entry *iter0;

	struct arpt_entry *iter1;

	unsigned int size;

	unsigned int size;

	int ret;

	int ret = 0;

	info = *pinfo;

	info = *pinfo;

	entry0 = *pentry0;

	entry0 = *pentry0;

	j = 0;

	j = 0;

	xt_compat_lock(NFPROTO_ARP);

	xt_compat_lock(NFPROTO_ARP);

	/* Walk through entries, checking offsets. */

	/* Walk through entries, checking offsets. */

	ret = COMPAT_ARPT_ENTRY_ITERATE(entry0, total_size,

	xt_entry_foreach(iter0, entry0, total_size) {

					check_compat_entry_size_and_hooks,

		ret = check_compat_entry_size_and_hooks(iter0, info, &size,

					info, &size, entry0,

		      entry0, entry0 + total_size, hook_entries, underflows,

					entry0 + total_size,

		      &j, name);

					hook_entries, underflows, &j, name);

		if (ret != 0)

			break;

	}

	if (ret != 0)

	if (ret != 0)

		goto out_unlock;

		goto out_unlock;

	entry1 = newinfo->entries[raw_smp_processor_id()];

	entry1 = newinfo->entries[raw_smp_processor_id()];

	pos = entry1;

	pos = entry1;

	size = total_size;

	size = total_size;

	ret = COMPAT_ARPT_ENTRY_ITERATE(entry0, total_size,

	xt_entry_foreach(iter0, entry0, total_size) {

					compat_copy_entry_from_user,

		ret = compat_copy_entry_from_user(iter0, &pos,

					&pos, &size, name, newinfo, entry1);

		      &size, name, newinfo, entry1);

		if (ret != 0)

			break;

	}

	xt_compat_flush_offsets(NFPROTO_ARP);

	xt_compat_flush_offsets(NFPROTO_ARP);

	xt_compat_unlock(NFPROTO_ARP);

	xt_compat_unlock(NFPROTO_ARP);

	if (ret)

	if (ret)

		goto free_newinfo;

		goto free_newinfo;

	i = 0;

	i = 0;

	ret = ARPT_ENTRY_ITERATE(entry1, newinfo->size, compat_check_entry,

	xt_entry_foreach(iter1, entry1, newinfo->size) {

				 name, &i);

		ret = compat_check_entry(iter1, name, &i);

		if (ret != 0)

			break;

	}

	if (ret) {

	if (ret) {

		/*

		 * The first i matches need cleanup_entry (calls ->destroy)

		 * because they had called ->check already. The other j-i

		 * entries need only release.

		 */

		int skip = i;

		j -= i;

		j -= i;

		COMPAT_ARPT_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i,

		xt_entry_foreach(iter0, entry0, newinfo->size) {

						   compat_release_entry, &j);

			if (skip-- > 0)

		ARPT_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, &i);

				continue;

			if (compat_release_entry(iter0, &j) != 0)

				break;

		}

		xt_entry_foreach(iter1, entry1, newinfo->size)

			if (cleanup_entry(iter1, &i) != 0)

				break;

		xt_free_table_info(newinfo);

		xt_free_table_info(newinfo);

		return ret;

		return ret;

	}

	}

free_newinfo:

free_newinfo:

	xt_free_table_info(newinfo);

	xt_free_table_info(newinfo);

out:

out:

	COMPAT_ARPT_ENTRY_ITERATE(entry0, total_size, compat_release_entry, &j);

	xt_entry_foreach(iter0, entry0, total_size)

		if (compat_release_entry(iter0, &j) != 0)

			break;

	return ret;

	return ret;

out_unlock:

out_unlock:

	xt_compat_flush_offsets(NFPROTO_ARP);

	xt_compat_flush_offsets(NFPROTO_ARP);

	struct compat_arpt_replace tmp;

	struct compat_arpt_replace tmp;

	struct xt_table_info *newinfo;

	struct xt_table_info *newinfo;

	void *loc_cpu_entry;

	void *loc_cpu_entry;

	struct arpt_entry *iter;

	if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)

	if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)

		return -EFAULT;

		return -EFAULT;

	return 0;

	return 0;

 free_newinfo_untrans:

 free_newinfo_untrans:

	ARPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL);

	xt_entry_foreach(iter, loc_cpu_entry, newinfo->size)

		if (cleanup_entry(iter, NULL) != 0)

			break;

 free_newinfo:

 free_newinfo:

	xt_free_table_info(newinfo);

	xt_free_table_info(newinfo);

	return ret;

	return ret;

	int ret = 0;

	int ret = 0;

	void *loc_cpu_entry;

	void *loc_cpu_entry;

	unsigned int i = 0;

	unsigned int i = 0;

	struct arpt_entry *iter;

	counters = alloc_counters(table);

	counters = alloc_counters(table);

	if (IS_ERR(counters))

	if (IS_ERR(counters))

	loc_cpu_entry = private->entries[raw_smp_processor_id()];

	loc_cpu_entry = private->entries[raw_smp_processor_id()];

	pos = userptr;

	pos = userptr;

	size = total_size;

	size = total_size;

	ret = ARPT_ENTRY_ITERATE(loc_cpu_entry, total_size,

	xt_entry_foreach(iter, loc_cpu_entry, total_size) {

				 compat_copy_entry_to_user,

		ret = compat_copy_entry_to_user(iter, &pos,

				 &pos, &size, counters, &i);

		      &size, counters, &i);

		if (ret != 0)

			break;

	}

	vfree(counters);

	vfree(counters);

	return ret;

	return ret;

}

}

	struct xt_table_info *private;

	struct xt_table_info *private;

	void *loc_cpu_entry;

	void *loc_cpu_entry;

	struct module *table_owner = table->me;

	struct module *table_owner = table->me;

	struct arpt_entry *iter;

	private = xt_unregister_table(table);

	private = xt_unregister_table(table);

	/* Decrease module usage counts and free resources */

	/* Decrease module usage counts and free resources */

	loc_cpu_entry = private->entries[raw_smp_processor_id()];

	loc_cpu_entry = private->entries[raw_smp_processor_id()];

	ARPT_ENTRY_ITERATE(loc_cpu_entry, private->size,

	xt_entry_foreach(iter, loc_cpu_entry, private->size)

			   cleanup_entry, NULL);

		if (cleanup_entry(iter, NULL) != 0)

			break;

	if (private->number > private->initial_entries)

	if (private->number > private->initial_entries)

		module_put(table_owner);

		module_put(table_owner);

	xt_free_table_info(private);

	xt_free_table_info(private);