diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2006-11-30 19:26:35 -0800 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-12-02 21:31:59 -0800 |
commit | e4fd77deac764e17cb1eab8661bcf1413204d04d (patch) | |
tree | 09387ab5449d3013196df7e269ed2f1fd757f8ca /net/bridge | |
parent | 70fe9af47ee01a17fe7486f1739f6eac8a14868b (diff) | |
download | kernel_samsung_espresso10-e4fd77deac764e17cb1eab8661bcf1413204d04d.zip kernel_samsung_espresso10-e4fd77deac764e17cb1eab8661bcf1413204d04d.tar.gz kernel_samsung_espresso10-e4fd77deac764e17cb1eab8661bcf1413204d04d.tar.bz2 |
[EBTABLES]: Move more stuff into ebt_verify_pointers().
Take intialization of ->hook_entry[...], ->entries_size and ->nentries
over there, pull the check for empty chains into the end of that sucker.
Now it's self-contained, so we can move it up in the very beginning of
translate_table() *and* we can rely on ->hook_entry[] being properly
transliterated after it.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge')
-rw-r--r-- | net/bridge/netfilter/ebtables.c | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 2eba40f..7ce190c 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -401,6 +401,12 @@ static int ebt_verify_pointers(struct ebt_replace *repl, unsigned int offset = 0; int i; + for (i = 0; i < NF_BR_NUMHOOKS; i++) + newinfo->hook_entry[i] = NULL; + + newinfo->entries_size = repl->entries_size; + newinfo->nentries = repl->nentries; + while (offset < limit) { size_t left = limit - offset; struct ebt_entry *e = (void *)newinfo->entries + offset; @@ -440,6 +446,15 @@ static int ebt_verify_pointers(struct ebt_replace *repl, BUGPRINT("entries_size too small\n"); return -EINVAL; } + + /* check if all valid hooks have a chain */ + for (i = 0; i < NF_BR_NUMHOOKS; i++) { + if (!newinfo->hook_entry[i] && + (valid_hooks & (1 << i))) { + BUGPRINT("Valid hook without chain\n"); + return -EINVAL; + } + } return 0; } @@ -772,6 +787,10 @@ static int translate_table(struct ebt_replace *repl, int ret; struct ebt_cl_stack *cl_s = NULL; /* used in the checking for chain loops */ + ret = ebt_verify_pointers(repl, newinfo); + if (ret != 0) + return ret; + i = 0; while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i))) i++; @@ -795,16 +814,6 @@ static int translate_table(struct ebt_replace *repl, i = j; } - for (i = 0; i < NF_BR_NUMHOOKS; i++) - newinfo->hook_entry[i] = NULL; - - newinfo->entries_size = repl->entries_size; - newinfo->nentries = repl->nentries; - - ret = ebt_verify_pointers(repl, newinfo); - if (ret != 0) - return ret; - /* do some early checkings and initialize some things */ i = 0; /* holds the expected nr. of entries for the chain */ j = 0; /* holds the up to now counted entries for the chain */ @@ -829,15 +838,6 @@ static int translate_table(struct ebt_replace *repl, return -EINVAL; } - /* check if all valid hooks have a chain */ - for (i = 0; i < NF_BR_NUMHOOKS; i++) { - if (newinfo->hook_entry[i] == NULL && - (repl->valid_hooks & (1 << i))) { - BUGPRINT("Valid hook without chain\n"); - return -EINVAL; - } - } - /* get the location of the udc, put them in an array while we're at it, allocate the chainstack */ if (udc_cnt) { |