Loading net/bridge/netfilter/ebtables.c +10 −6 Original line number Original line Diff line number Diff line Loading @@ -142,6 +142,12 @@ static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, return 0; return 0; } } static inline __pure struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry) { return (void *)entry + entry->next_offset; } /* Do some firewalling */ /* Do some firewalling */ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out, Loading Loading @@ -249,8 +255,7 @@ letsreturn: /* jump to a udc */ /* jump to a udc */ cs[sp].n = i + 1; cs[sp].n = i + 1; cs[sp].chaininfo = chaininfo; cs[sp].chaininfo = chaininfo; cs[sp].e = (struct ebt_entry *) cs[sp].e = ebt_next_entry(point); (((char *)point) + point->next_offset); i = 0; i = 0; chaininfo = (struct ebt_entries *) (base + verdict); chaininfo = (struct ebt_entries *) (base + verdict); #ifdef CONFIG_NETFILTER_DEBUG #ifdef CONFIG_NETFILTER_DEBUG Loading @@ -266,8 +271,7 @@ letsreturn: sp++; sp++; continue; continue; letscontinue: letscontinue: point = (struct ebt_entry *) point = ebt_next_entry(point); (((char *)point) + point->next_offset); i++; i++; } } Loading Loading @@ -787,7 +791,7 @@ static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s /* this can't be 0, so the loop test is correct */ /* this can't be 0, so the loop test is correct */ cl_s[i].cs.n = pos + 1; cl_s[i].cs.n = pos + 1; pos = 0; pos = 0; cl_s[i].cs.e = ((void *)e + e->next_offset); cl_s[i].cs.e = ebt_next_entry(e); e = (struct ebt_entry *)(hlp2->data); e = (struct ebt_entry *)(hlp2->data); nentries = hlp2->nentries; nentries = hlp2->nentries; cl_s[i].from = chain_nr; cl_s[i].from = chain_nr; Loading @@ -797,7 +801,7 @@ static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s continue; continue; } } letscontinue: letscontinue: e = (void *)e + e->next_offset; e = ebt_next_entry(e); pos++; pos++; } } return 0; return 0; Loading net/ipv4/netfilter/arp_tables.c +10 −4 Original line number Original line Diff line number Diff line Loading @@ -231,6 +231,12 @@ static inline struct arpt_entry *get_entry(void *base, unsigned int offset) return (struct arpt_entry *)(base + offset); return (struct arpt_entry *)(base + offset); } } static inline __pure struct arpt_entry *arpt_next_entry(const struct arpt_entry *entry) { return (void *)entry + entry->next_offset; } unsigned int arpt_do_table(struct sk_buff *skb, unsigned int arpt_do_table(struct sk_buff *skb, unsigned int hook, unsigned int hook, const struct net_device *in, const struct net_device *in, Loading Loading @@ -295,10 +301,10 @@ unsigned int arpt_do_table(struct sk_buff *skb, continue; continue; } } if (table_base + v if (table_base + v != (void *)e + e->next_offset) { != arpt_next_entry(e)) { /* Save old back ptr in next entry */ /* Save old back ptr in next entry */ struct arpt_entry *next struct arpt_entry *next = (void *)e + e->next_offset; = arpt_next_entry(e); next->comefrom = next->comefrom = (void *)back - table_base; (void *)back - table_base; Loading @@ -320,13 +326,13 @@ unsigned int arpt_do_table(struct sk_buff *skb, arp = arp_hdr(skb); arp = arp_hdr(skb); if (verdict == ARPT_CONTINUE) if (verdict == ARPT_CONTINUE) e = (void *)e + e->next_offset; e = arpt_next_entry(e); else else /* Verdict */ /* Verdict */ break; break; } } } else { } else { e = (void *)e + e->next_offset; e = arpt_next_entry(e); } } } while (!hotdrop); } while (!hotdrop); xt_info_rdunlock_bh(); xt_info_rdunlock_bh(); Loading net/ipv4/netfilter/ip_tables.c +10 −4 Original line number Original line Diff line number Diff line Loading @@ -297,6 +297,12 @@ static void trace_packet(struct sk_buff *skb, } } #endif #endif static inline __pure struct ipt_entry *ipt_next_entry(const struct ipt_entry *entry) { return (void *)entry + entry->next_offset; } /* Returns one of the generic firewall policies, like NF_ACCEPT. */ /* Returns one of the generic firewall policies, like NF_ACCEPT. */ unsigned int unsigned int ipt_do_table(struct sk_buff *skb, ipt_do_table(struct sk_buff *skb, Loading Loading @@ -385,11 +391,11 @@ ipt_do_table(struct sk_buff *skb, back->comefrom); back->comefrom); continue; continue; } } if (table_base + v != (void *)e + e->next_offset if (table_base + v != ipt_next_entry(e) && !(e->ip.flags & IPT_F_GOTO)) { && !(e->ip.flags & IPT_F_GOTO)) { /* Save old back ptr in next entry */ /* Save old back ptr in next entry */ struct ipt_entry *next struct ipt_entry *next = (void *)e + e->next_offset; = ipt_next_entry(e); next->comefrom next->comefrom = (void *)back - table_base; = (void *)back - table_base; /* set back pointer to next entry */ /* set back pointer to next entry */ Loading Loading @@ -424,7 +430,7 @@ ipt_do_table(struct sk_buff *skb, datalen = skb->len - ip->ihl * 4; datalen = skb->len - ip->ihl * 4; if (verdict == IPT_CONTINUE) if (verdict == IPT_CONTINUE) e = (void *)e + e->next_offset; e = ipt_next_entry(e); else else /* Verdict */ /* Verdict */ break; break; Loading @@ -432,7 +438,7 @@ ipt_do_table(struct sk_buff *skb, } else { } else { no_match: no_match: e = (void *)e + e->next_offset; e = ipt_next_entry(e); } } } while (!hotdrop); } while (!hotdrop); xt_info_rdunlock_bh(); xt_info_rdunlock_bh(); Loading net/ipv6/netfilter/ip6_tables.c +10 −4 Original line number Original line Diff line number Diff line Loading @@ -329,6 +329,12 @@ static void trace_packet(struct sk_buff *skb, } } #endif #endif static inline __pure struct ip6t_entry * ip6t_next_entry(const struct ip6t_entry *entry) { return (void *)entry + entry->next_offset; } /* Returns one of the generic firewall policies, like NF_ACCEPT. */ /* Returns one of the generic firewall policies, like NF_ACCEPT. */ unsigned int unsigned int ip6t_do_table(struct sk_buff *skb, ip6t_do_table(struct sk_buff *skb, Loading Loading @@ -414,11 +420,11 @@ ip6t_do_table(struct sk_buff *skb, back->comefrom); back->comefrom); continue; continue; } } if (table_base + v != (void *)e + e->next_offset if (table_base + v != ip6t_next_entry(e) && !(e->ipv6.flags & IP6T_F_GOTO)) { && !(e->ipv6.flags & IP6T_F_GOTO)) { /* Save old back ptr in next entry */ /* Save old back ptr in next entry */ struct ip6t_entry *next struct ip6t_entry *next = (void *)e + e->next_offset; = ip6t_next_entry(e); next->comefrom next->comefrom = (void *)back - table_base; = (void *)back - table_base; /* set back pointer to next entry */ /* set back pointer to next entry */ Loading Loading @@ -451,7 +457,7 @@ ip6t_do_table(struct sk_buff *skb, = 0x57acc001; = 0x57acc001; #endif #endif if (verdict == IP6T_CONTINUE) if (verdict == IP6T_CONTINUE) e = (void *)e + e->next_offset; e = ip6t_next_entry(e); else else /* Verdict */ /* Verdict */ break; break; Loading @@ -459,7 +465,7 @@ ip6t_do_table(struct sk_buff *skb, } else { } else { no_match: no_match: e = (void *)e + e->next_offset; e = ip6t_next_entry(e); } } } while (!hotdrop); } while (!hotdrop); Loading Loading
net/bridge/netfilter/ebtables.c +10 −6 Original line number Original line Diff line number Diff line Loading @@ -142,6 +142,12 @@ static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, return 0; return 0; } } static inline __pure struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry) { return (void *)entry + entry->next_offset; } /* Do some firewalling */ /* Do some firewalling */ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out, Loading Loading @@ -249,8 +255,7 @@ letsreturn: /* jump to a udc */ /* jump to a udc */ cs[sp].n = i + 1; cs[sp].n = i + 1; cs[sp].chaininfo = chaininfo; cs[sp].chaininfo = chaininfo; cs[sp].e = (struct ebt_entry *) cs[sp].e = ebt_next_entry(point); (((char *)point) + point->next_offset); i = 0; i = 0; chaininfo = (struct ebt_entries *) (base + verdict); chaininfo = (struct ebt_entries *) (base + verdict); #ifdef CONFIG_NETFILTER_DEBUG #ifdef CONFIG_NETFILTER_DEBUG Loading @@ -266,8 +271,7 @@ letsreturn: sp++; sp++; continue; continue; letscontinue: letscontinue: point = (struct ebt_entry *) point = ebt_next_entry(point); (((char *)point) + point->next_offset); i++; i++; } } Loading Loading @@ -787,7 +791,7 @@ static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s /* this can't be 0, so the loop test is correct */ /* this can't be 0, so the loop test is correct */ cl_s[i].cs.n = pos + 1; cl_s[i].cs.n = pos + 1; pos = 0; pos = 0; cl_s[i].cs.e = ((void *)e + e->next_offset); cl_s[i].cs.e = ebt_next_entry(e); e = (struct ebt_entry *)(hlp2->data); e = (struct ebt_entry *)(hlp2->data); nentries = hlp2->nentries; nentries = hlp2->nentries; cl_s[i].from = chain_nr; cl_s[i].from = chain_nr; Loading @@ -797,7 +801,7 @@ static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s continue; continue; } } letscontinue: letscontinue: e = (void *)e + e->next_offset; e = ebt_next_entry(e); pos++; pos++; } } return 0; return 0; Loading
net/ipv4/netfilter/arp_tables.c +10 −4 Original line number Original line Diff line number Diff line Loading @@ -231,6 +231,12 @@ static inline struct arpt_entry *get_entry(void *base, unsigned int offset) return (struct arpt_entry *)(base + offset); return (struct arpt_entry *)(base + offset); } } static inline __pure struct arpt_entry *arpt_next_entry(const struct arpt_entry *entry) { return (void *)entry + entry->next_offset; } unsigned int arpt_do_table(struct sk_buff *skb, unsigned int arpt_do_table(struct sk_buff *skb, unsigned int hook, unsigned int hook, const struct net_device *in, const struct net_device *in, Loading Loading @@ -295,10 +301,10 @@ unsigned int arpt_do_table(struct sk_buff *skb, continue; continue; } } if (table_base + v if (table_base + v != (void *)e + e->next_offset) { != arpt_next_entry(e)) { /* Save old back ptr in next entry */ /* Save old back ptr in next entry */ struct arpt_entry *next struct arpt_entry *next = (void *)e + e->next_offset; = arpt_next_entry(e); next->comefrom = next->comefrom = (void *)back - table_base; (void *)back - table_base; Loading @@ -320,13 +326,13 @@ unsigned int arpt_do_table(struct sk_buff *skb, arp = arp_hdr(skb); arp = arp_hdr(skb); if (verdict == ARPT_CONTINUE) if (verdict == ARPT_CONTINUE) e = (void *)e + e->next_offset; e = arpt_next_entry(e); else else /* Verdict */ /* Verdict */ break; break; } } } else { } else { e = (void *)e + e->next_offset; e = arpt_next_entry(e); } } } while (!hotdrop); } while (!hotdrop); xt_info_rdunlock_bh(); xt_info_rdunlock_bh(); Loading
net/ipv4/netfilter/ip_tables.c +10 −4 Original line number Original line Diff line number Diff line Loading @@ -297,6 +297,12 @@ static void trace_packet(struct sk_buff *skb, } } #endif #endif static inline __pure struct ipt_entry *ipt_next_entry(const struct ipt_entry *entry) { return (void *)entry + entry->next_offset; } /* Returns one of the generic firewall policies, like NF_ACCEPT. */ /* Returns one of the generic firewall policies, like NF_ACCEPT. */ unsigned int unsigned int ipt_do_table(struct sk_buff *skb, ipt_do_table(struct sk_buff *skb, Loading Loading @@ -385,11 +391,11 @@ ipt_do_table(struct sk_buff *skb, back->comefrom); back->comefrom); continue; continue; } } if (table_base + v != (void *)e + e->next_offset if (table_base + v != ipt_next_entry(e) && !(e->ip.flags & IPT_F_GOTO)) { && !(e->ip.flags & IPT_F_GOTO)) { /* Save old back ptr in next entry */ /* Save old back ptr in next entry */ struct ipt_entry *next struct ipt_entry *next = (void *)e + e->next_offset; = ipt_next_entry(e); next->comefrom next->comefrom = (void *)back - table_base; = (void *)back - table_base; /* set back pointer to next entry */ /* set back pointer to next entry */ Loading Loading @@ -424,7 +430,7 @@ ipt_do_table(struct sk_buff *skb, datalen = skb->len - ip->ihl * 4; datalen = skb->len - ip->ihl * 4; if (verdict == IPT_CONTINUE) if (verdict == IPT_CONTINUE) e = (void *)e + e->next_offset; e = ipt_next_entry(e); else else /* Verdict */ /* Verdict */ break; break; Loading @@ -432,7 +438,7 @@ ipt_do_table(struct sk_buff *skb, } else { } else { no_match: no_match: e = (void *)e + e->next_offset; e = ipt_next_entry(e); } } } while (!hotdrop); } while (!hotdrop); xt_info_rdunlock_bh(); xt_info_rdunlock_bh(); Loading
net/ipv6/netfilter/ip6_tables.c +10 −4 Original line number Original line Diff line number Diff line Loading @@ -329,6 +329,12 @@ static void trace_packet(struct sk_buff *skb, } } #endif #endif static inline __pure struct ip6t_entry * ip6t_next_entry(const struct ip6t_entry *entry) { return (void *)entry + entry->next_offset; } /* Returns one of the generic firewall policies, like NF_ACCEPT. */ /* Returns one of the generic firewall policies, like NF_ACCEPT. */ unsigned int unsigned int ip6t_do_table(struct sk_buff *skb, ip6t_do_table(struct sk_buff *skb, Loading Loading @@ -414,11 +420,11 @@ ip6t_do_table(struct sk_buff *skb, back->comefrom); back->comefrom); continue; continue; } } if (table_base + v != (void *)e + e->next_offset if (table_base + v != ip6t_next_entry(e) && !(e->ipv6.flags & IP6T_F_GOTO)) { && !(e->ipv6.flags & IP6T_F_GOTO)) { /* Save old back ptr in next entry */ /* Save old back ptr in next entry */ struct ip6t_entry *next struct ip6t_entry *next = (void *)e + e->next_offset; = ip6t_next_entry(e); next->comefrom next->comefrom = (void *)back - table_base; = (void *)back - table_base; /* set back pointer to next entry */ /* set back pointer to next entry */ Loading Loading @@ -451,7 +457,7 @@ ip6t_do_table(struct sk_buff *skb, = 0x57acc001; = 0x57acc001; #endif #endif if (verdict == IP6T_CONTINUE) if (verdict == IP6T_CONTINUE) e = (void *)e + e->next_offset; e = ip6t_next_entry(e); else else /* Verdict */ /* Verdict */ break; break; Loading @@ -459,7 +465,7 @@ ip6t_do_table(struct sk_buff *skb, } else { } else { no_match: no_match: e = (void *)e + e->next_offset; e = ip6t_next_entry(e); } } } while (!hotdrop); } while (!hotdrop); Loading
Jan Engelhardt <jengelh@medozas.de>Jan Engelhardt <jengelh@medozas.de>