diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2009-07-07 20:54:30 +0200 |
---|---|---|
committer | Jan Engelhardt <jengelh@medozas.de> | 2010-05-11 18:35:27 +0200 |
commit | b4ba26119b06052888696491f614201817491a0d (patch) | |
tree | d6dc2a4e0f78641b5b64a1728322c81cbad09974 /net/netfilter | |
parent | 62fc8051083a334578c3f4b3488808f210b4565f (diff) |
netfilter: xtables: change hotdrop pointer to direct modification
Since xt_action_param is writable, let's use it. The pointer to
'bool hotdrop' always worried (8 bytes (64-bit) to write 1 byte!).
Surprisingly results in a reduction in size:
text data bss filename
5457066 692730 357892 vmlinux.o-prev
5456554 692730 357892 vmlinux.o
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/xt_connlimit.c | 4 | ||||
-rw-r--r-- | net/netfilter/xt_dccp.c | 4 | ||||
-rw-r--r-- | net/netfilter/xt_esp.c | 2 | ||||
-rw-r--r-- | net/netfilter/xt_hashlimit.c | 2 | ||||
-rw-r--r-- | net/netfilter/xt_multiport.c | 2 | ||||
-rw-r--r-- | net/netfilter/xt_recent.c | 2 | ||||
-rw-r--r-- | net/netfilter/xt_sctp.c | 4 | ||||
-rw-r--r-- | net/netfilter/xt_tcpmss.c | 2 | ||||
-rw-r--r-- | net/netfilter/xt_tcpudp.c | 10 |
9 files changed, 16 insertions, 16 deletions
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c index f130fd9817b..5c5b6b921b8 100644 --- a/net/netfilter/xt_connlimit.c +++ b/net/netfilter/xt_connlimit.c @@ -206,14 +206,14 @@ connlimit_mt(const struct sk_buff *skb, struct xt_action_param *par) if (connections < 0) { /* kmalloc failed, drop it entirely */ - *par->hotdrop = true; + par->hotdrop = true; return false; } return (connections > info->limit) ^ info->inverse; hotdrop: - *par->hotdrop = true; + par->hotdrop = true; return false; } diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c index cc2c2919439..b63d2a3d80b 100644 --- a/net/netfilter/xt_dccp.c +++ b/net/netfilter/xt_dccp.c @@ -107,7 +107,7 @@ dccp_mt(const struct sk_buff *skb, struct xt_action_param *par) dh = skb_header_pointer(skb, par->thoff, sizeof(_dh), &_dh); if (dh == NULL) { - *par->hotdrop = true; + par->hotdrop = true; return false; } @@ -120,7 +120,7 @@ dccp_mt(const struct sk_buff *skb, struct xt_action_param *par) && DCCHECK(match_types(dh, info->typemask), XT_DCCP_TYPE, info->flags, info->invflags) && DCCHECK(match_option(info->option, skb, par->thoff, dh, - par->hotdrop), + &par->hotdrop), XT_DCCP_OPTION, info->flags, info->invflags); } diff --git a/net/netfilter/xt_esp.c b/net/netfilter/xt_esp.c index 7c2d8002055..171ba82b590 100644 --- a/net/netfilter/xt_esp.c +++ b/net/netfilter/xt_esp.c @@ -52,7 +52,7 @@ static bool esp_mt(const struct sk_buff *skb, struct xt_action_param *par) * can't. Hence, no choice but to drop. */ pr_debug("Dropping evil ESP tinygram.\n"); - *par->hotdrop = true; + par->hotdrop = true; return false; } diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index 25a6e548ec2..b46a8390896 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c @@ -562,7 +562,7 @@ hashlimit_mt(const struct sk_buff *skb, struct xt_action_param *par) return info->cfg.mode & XT_HASHLIMIT_INVERT; hotdrop: - *par->hotdrop = true; + par->hotdrop = true; return false; } diff --git a/net/netfilter/xt_multiport.c b/net/netfilter/xt_multiport.c index 52beb68256c..ac1d3c3d09e 100644 --- a/net/netfilter/xt_multiport.c +++ b/net/netfilter/xt_multiport.c @@ -87,7 +87,7 @@ multiport_mt(const struct sk_buff *skb, struct xt_action_param *par) * can't. Hence, no choice but to drop. */ pr_debug("Dropping evil offset=0 tinygram.\n"); - *par->hotdrop = true; + par->hotdrop = true; return false; } diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c index 2808a7e3394..76aec6a4476 100644 --- a/net/netfilter/xt_recent.c +++ b/net/netfilter/xt_recent.c @@ -268,7 +268,7 @@ recent_mt(const struct sk_buff *skb, struct xt_action_param *par) goto out; e = recent_entry_init(t, &addr, par->family, ttl); if (e == NULL) - *par->hotdrop = true; + par->hotdrop = true; ret = !ret; goto out; } diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c index 94d8b5deb2d..c04fcf385c5 100644 --- a/net/netfilter/xt_sctp.c +++ b/net/netfilter/xt_sctp.c @@ -128,7 +128,7 @@ sctp_mt(const struct sk_buff *skb, struct xt_action_param *par) sh = skb_header_pointer(skb, par->thoff, sizeof(_sh), &_sh); if (sh == NULL) { pr_debug("Dropping evil TCP offset=0 tinygram.\n"); - *par->hotdrop = true; + par->hotdrop = true; return false; } pr_debug("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest)); @@ -140,7 +140,7 @@ sctp_mt(const struct sk_buff *skb, struct xt_action_param *par) && ntohs(sh->dest) <= info->dpts[1], XT_SCTP_DEST_PORTS, info->flags, info->invflags) && SCCHECK(match_packet(skb, par->thoff + sizeof(sctp_sctphdr_t), - info, par->hotdrop), + info, &par->hotdrop), XT_SCTP_CHUNK_TYPES, info->flags, info->invflags); } diff --git a/net/netfilter/xt_tcpmss.c b/net/netfilter/xt_tcpmss.c index f90728f6b8a..c53d4d18ead 100644 --- a/net/netfilter/xt_tcpmss.c +++ b/net/netfilter/xt_tcpmss.c @@ -73,7 +73,7 @@ out: return info->invert; dropit: - *par->hotdrop = true; + par->hotdrop = true; return false; } diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c index dedde33c9db..c14d4645daa 100644 --- a/net/netfilter/xt_tcpudp.c +++ b/net/netfilter/xt_tcpudp.c @@ -77,7 +77,7 @@ static bool tcp_mt(const struct sk_buff *skb, struct xt_action_param *par) */ if (par->fragoff == 1) { pr_debug("Dropping evil TCP offset=1 frag.\n"); - *par->hotdrop = true; + par->hotdrop = true; } /* Must not be a fragment. */ return false; @@ -90,7 +90,7 @@ static bool tcp_mt(const struct sk_buff *skb, struct xt_action_param *par) /* We've been asked to examine this packet, and we can't. Hence, no choice but to drop. */ pr_debug("Dropping evil TCP offset=0 tinygram.\n"); - *par->hotdrop = true; + par->hotdrop = true; return false; } @@ -108,13 +108,13 @@ static bool tcp_mt(const struct sk_buff *skb, struct xt_action_param *par) return false; if (tcpinfo->option) { if (th->doff * 4 < sizeof(_tcph)) { - *par->hotdrop = true; + par->hotdrop = true; return false; } if (!tcp_find_option(tcpinfo->option, skb, par->thoff, th->doff*4 - sizeof(_tcph), tcpinfo->invflags & XT_TCP_INV_OPTION, - par->hotdrop)) + &par->hotdrop)) return false; } return true; @@ -143,7 +143,7 @@ static bool udp_mt(const struct sk_buff *skb, struct xt_action_param *par) /* We've been asked to examine this packet, and we can't. Hence, no choice but to drop. */ pr_debug("Dropping evil UDP tinygram.\n"); - *par->hotdrop = true; + par->hotdrop = true; return false; } |