Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c37a2dfa authored by Joe Perches's avatar Joe Perches Committed by Pablo Neira Ayuso
Browse files

netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF 



netfilter uses multiple FWINV #defines with identical form that hide a
specific structure variable and dereference it with a invflags member.

$ git grep "#define FWINV"
include/linux/netfilter_bridge/ebtables.h:#define FWINV(bool,invflg) ((bool) ^ !!(info->invflags & invflg))
net/bridge/netfilter/ebtables.c:#define FWINV2(bool, invflg) ((bool) ^ !!(e->invflags & invflg))
net/ipv4/netfilter/arp_tables.c:#define FWINV(bool, invflg) ((bool) ^ !!(arpinfo->invflags & (invflg)))
net/ipv4/netfilter/ip_tables.c:#define FWINV(bool, invflg) ((bool) ^ !!(ipinfo->invflags & (invflg)))
net/ipv6/netfilter/ip6_tables.c:#define FWINV(bool, invflg) ((bool) ^ !!(ip6info->invflags & (invflg)))
net/netfilter/xt_tcpudp.c:#define FWINVTCP(bool, invflg) ((bool) ^ !!(tcpinfo->invflags & (invflg)))

Consolidate these macros into a single NF_INVF macro.

Miscellanea:

o Neaten the alignment around these uses
o A few lines are > 80 columns for intelligibility

Signed-off-by: default avatarJoe Perches <joe@perches.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent f1504307

include/linux/netfilter/x_tables.h

+4 −0
Original line number Diff line number Diff line
@@ -6,6 +6,10 @@ 
#include <linux/static_key.h>

#include <uapi/linux/netfilter/x_tables.h>



/* Test a struct->invflags and a boolean for inequality */

#define NF_INVF(ptr, flag, boolean)					\

	((boolean) ^ !!((ptr)->invflags & (flag)))



/**

 * struct xt_action_param - parameters for matches/targets

 *

include/linux/netfilter_bridge/ebtables.h

+0 −2
Original line number Diff line number Diff line
@@ -115,8 +115,6 @@ extern unsigned int ebt_do_table(struct sk_buff *skb, 
				 const struct nf_hook_state *state,

				 struct ebt_table *table);



/* Used in the kernel match() functions */

#define FWINV(bool,invflg) ((bool) ^ !!(info->invflags & invflg))

/* True if the hook mask denotes that the rule is in a base chain,

 * used in the check() functions */

#define BASE_CHAIN (par->hook_mask & (1 << NF_BR_NUMHOOKS))

net/bridge/netfilter/ebt_802_3.c

+3 −3
Original line number Diff line number Diff line
@@ -20,16 +20,16 @@ ebt_802_3_mt(const struct sk_buff *skb, struct xt_action_param *par) 
	__be16 type = hdr->llc.ui.ctrl & IS_UI ? hdr->llc.ui.type : hdr->llc.ni.type;



	if (info->bitmask & EBT_802_3_SAP) {

		if (FWINV(info->sap != hdr->llc.ui.ssap, EBT_802_3_SAP))

		if (NF_INVF(info, EBT_802_3_SAP, info->sap != hdr->llc.ui.ssap))

			return false;

		if (FWINV(info->sap != hdr->llc.ui.dsap, EBT_802_3_SAP))

		if (NF_INVF(info, EBT_802_3_SAP, info->sap != hdr->llc.ui.dsap))

			return false;

	}



	if (info->bitmask & EBT_802_3_TYPE) {

		if (!(hdr->llc.ui.dsap == CHECK_TYPE && hdr->llc.ui.ssap == CHECK_TYPE))

			return false;

		if (FWINV(info->type != type, EBT_802_3_TYPE))

		if (NF_INVF(info, EBT_802_3_TYPE, info->type != type))

			return false;

	}

net/bridge/netfilter/ebt_arp.c

+20 −18
Original line number Diff line number Diff line
@@ -25,14 +25,14 @@ ebt_arp_mt(const struct sk_buff *skb, struct xt_action_param *par) 
	ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph);

	if (ah == NULL)

		return false;

	if (info->bitmask & EBT_ARP_OPCODE && FWINV(info->opcode !=

	   ah->ar_op, EBT_ARP_OPCODE))

	if ((info->bitmask & EBT_ARP_OPCODE) &&

	    NF_INVF(info, EBT_ARP_OPCODE, info->opcode != ah->ar_op))

		return false;

	if (info->bitmask & EBT_ARP_HTYPE && FWINV(info->htype !=

	   ah->ar_hrd, EBT_ARP_HTYPE))

	if ((info->bitmask & EBT_ARP_HTYPE) &&

	    NF_INVF(info, EBT_ARP_HTYPE, info->htype != ah->ar_hrd))

		return false;

	if (info->bitmask & EBT_ARP_PTYPE && FWINV(info->ptype !=

	   ah->ar_pro, EBT_ARP_PTYPE))

	if ((info->bitmask & EBT_ARP_PTYPE) &&

	    NF_INVF(info, EBT_ARP_PTYPE, info->ptype != ah->ar_pro))

		return false;



	if (info->bitmask & (EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_GRAT)) {
@@ -51,14 +51,16 @@ ebt_arp_mt(const struct sk_buff *skb, struct xt_action_param *par) 
					sizeof(daddr), &daddr);

		if (dap == NULL)

			return false;

		if (info->bitmask & EBT_ARP_SRC_IP &&

		    FWINV(info->saddr != (*sap & info->smsk), EBT_ARP_SRC_IP))

		if ((info->bitmask & EBT_ARP_SRC_IP) &&

		    NF_INVF(info, EBT_ARP_SRC_IP,

			    info->saddr != (*sap & info->smsk)))

			return false;

		if (info->bitmask & EBT_ARP_DST_IP &&

		    FWINV(info->daddr != (*dap & info->dmsk), EBT_ARP_DST_IP))

		if ((info->bitmask & EBT_ARP_DST_IP) &&

		    NF_INVF(info, EBT_ARP_DST_IP,

			    info->daddr != (*dap & info->dmsk)))

			return false;

		if (info->bitmask & EBT_ARP_GRAT &&

		    FWINV(*dap != *sap, EBT_ARP_GRAT))

		if ((info->bitmask & EBT_ARP_GRAT) &&

		    NF_INVF(info, EBT_ARP_GRAT, *dap != *sap))

			return false;

	}
@@ -73,9 +75,9 @@ ebt_arp_mt(const struct sk_buff *skb, struct xt_action_param *par) 
						sizeof(_mac), &_mac);

			if (mp == NULL)

				return false;

			if (FWINV(!ether_addr_equal_masked(mp, info->smaddr,

							   info->smmsk),

				  EBT_ARP_SRC_MAC))

			if (NF_INVF(info, EBT_ARP_SRC_MAC,

				    !ether_addr_equal_masked(mp, info->smaddr,

							     info->smmsk)))

				return false;

		}
@@ -85,9 +87,9 @@ ebt_arp_mt(const struct sk_buff *skb, struct xt_action_param *par) 
						sizeof(_mac), &_mac);

			if (mp == NULL)

				return false;

			if (FWINV(!ether_addr_equal_masked(mp, info->dmaddr,

							   info->dmmsk),

				  EBT_ARP_DST_MAC))

			if (NF_INVF(info, EBT_ARP_DST_MAC,

				    !ether_addr_equal_masked(mp, info->dmaddr,

							     info->dmmsk)))

				return false;

		}

	}

net/bridge/netfilter/ebt_ip.c

+14 −14
Original line number Diff line number Diff line
@@ -36,19 +36,19 @@ ebt_ip_mt(const struct sk_buff *skb, struct xt_action_param *par) 
	ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph);

	if (ih == NULL)

		return false;

	if (info->bitmask & EBT_IP_TOS &&

	   FWINV(info->tos != ih->tos, EBT_IP_TOS))

	if ((info->bitmask & EBT_IP_TOS) &&

	    NF_INVF(info, EBT_IP_TOS, info->tos != ih->tos))

		return false;

	if (info->bitmask & EBT_IP_SOURCE &&

	   FWINV((ih->saddr & info->smsk) !=

	   info->saddr, EBT_IP_SOURCE))

	if ((info->bitmask & EBT_IP_SOURCE) &&

	    NF_INVF(info, EBT_IP_SOURCE,

		    (ih->saddr & info->smsk) != info->saddr))

		return false;

	if ((info->bitmask & EBT_IP_DEST) &&

	   FWINV((ih->daddr & info->dmsk) !=

	   info->daddr, EBT_IP_DEST))

	    NF_INVF(info, EBT_IP_DEST,

		    (ih->daddr & info->dmsk) != info->daddr))

		return false;

	if (info->bitmask & EBT_IP_PROTO) {

		if (FWINV(info->protocol != ih->protocol, EBT_IP_PROTO))

		if (NF_INVF(info, EBT_IP_PROTO, info->protocol != ih->protocol))

			return false;

		if (!(info->bitmask & EBT_IP_DPORT) &&

		    !(info->bitmask & EBT_IP_SPORT))
@@ -61,16 +61,16 @@ ebt_ip_mt(const struct sk_buff *skb, struct xt_action_param *par) 
			return false;

		if (info->bitmask & EBT_IP_DPORT) {

			u32 dst = ntohs(pptr->dst);

			if (FWINV(dst < info->dport[0] ||

				  dst > info->dport[1],

				  EBT_IP_DPORT))

			if (NF_INVF(info, EBT_IP_DPORT,

				    dst < info->dport[0] ||

				    dst > info->dport[1]))

			return false;

		}

		if (info->bitmask & EBT_IP_SPORT) {

			u32 src = ntohs(pptr->src);

			if (FWINV(src < info->sport[0] ||

				  src > info->sport[1],

				  EBT_IP_SPORT))

			if (NF_INVF(info, EBT_IP_SPORT,

				    src < info->sport[0] ||

				    src > info->sport[1]))

			return false;

		}

	}