Commit eacc17fb authored by Eric Dumazet's avatar Eric Dumazet Committed by Patrick McHardy

netfilter: xt_physdev: unfold two loops in physdev_mt()

xt_physdev netfilter module can use an ifname_compare() helper
so that two loops are unfolded.
Signed-off-by: default avatarEric Dumazet <dada1@cosmosbay.com>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 4323362e
...@@ -20,10 +20,27 @@ MODULE_DESCRIPTION("Xtables: Bridge physical device match"); ...@@ -20,10 +20,27 @@ MODULE_DESCRIPTION("Xtables: Bridge physical device match");
MODULE_ALIAS("ipt_physdev"); MODULE_ALIAS("ipt_physdev");
MODULE_ALIAS("ip6t_physdev"); MODULE_ALIAS("ip6t_physdev");
static unsigned long ifname_compare(const char *_a, const char *_b, const char *_mask)
{
const unsigned long *a = (const unsigned long *)_a;
const unsigned long *b = (const unsigned long *)_b;
const unsigned long *mask = (const unsigned long *)_mask;
unsigned long ret;
ret = (a[0] ^ b[0]) & mask[0];
if (IFNAMSIZ > sizeof(unsigned long))
ret |= (a[1] ^ b[1]) & mask[1];
if (IFNAMSIZ > 2 * sizeof(unsigned long))
ret |= (a[2] ^ b[2]) & mask[2];
if (IFNAMSIZ > 3 * sizeof(unsigned long))
ret |= (a[3] ^ b[3]) & mask[3];
BUILD_BUG_ON(IFNAMSIZ > 4 * sizeof(unsigned long));
return ret;
}
static bool static bool
physdev_mt(const struct sk_buff *skb, const struct xt_match_param *par) physdev_mt(const struct sk_buff *skb, const struct xt_match_param *par)
{ {
int i;
static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));
const struct xt_physdev_info *info = par->matchinfo; const struct xt_physdev_info *info = par->matchinfo;
unsigned long ret; unsigned long ret;
...@@ -68,11 +85,7 @@ physdev_mt(const struct sk_buff *skb, const struct xt_match_param *par) ...@@ -68,11 +85,7 @@ physdev_mt(const struct sk_buff *skb, const struct xt_match_param *par)
if (!(info->bitmask & XT_PHYSDEV_OP_IN)) if (!(info->bitmask & XT_PHYSDEV_OP_IN))
goto match_outdev; goto match_outdev;
indev = nf_bridge->physindev ? nf_bridge->physindev->name : nulldevname; indev = nf_bridge->physindev ? nf_bridge->physindev->name : nulldevname;
for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { ret = ifname_compare(indev, info->physindev, info->in_mask);
ret |= (((const unsigned long *)indev)[i]
^ ((const unsigned long *)info->physindev)[i])
& ((const unsigned long *)info->in_mask)[i];
}
if (!ret ^ !(info->invert & XT_PHYSDEV_OP_IN)) if (!ret ^ !(info->invert & XT_PHYSDEV_OP_IN))
return false; return false;
...@@ -82,11 +95,8 @@ physdev_mt(const struct sk_buff *skb, const struct xt_match_param *par) ...@@ -82,11 +95,8 @@ physdev_mt(const struct sk_buff *skb, const struct xt_match_param *par)
return true; return true;
outdev = nf_bridge->physoutdev ? outdev = nf_bridge->physoutdev ?
nf_bridge->physoutdev->name : nulldevname; nf_bridge->physoutdev->name : nulldevname;
for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { ret = ifname_compare(outdev, info->physoutdev, info->out_mask);
ret |= (((const unsigned long *)outdev)[i]
^ ((const unsigned long *)info->physoutdev)[i])
& ((const unsigned long *)info->out_mask)[i];
}
return (!!ret ^ !(info->invert & XT_PHYSDEV_OP_OUT)); return (!!ret ^ !(info->invert & XT_PHYSDEV_OP_OUT));
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment