tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF

netfilter uses multiple FWINV #defines with identical form that hide a
specific structure variable and dereference it with a invflags member.

$ git grep "#define FWINV"
include/linux/netfilter_bridge/ebtables.h:#define FWINV(bool,invflg) ((bool) ^ !!(info->invflags & invflg))
net/bridge/netfilter/ebtables.c:#define FWINV2(bool, invflg) ((bool) ^ !!(e->invflags & invflg))
net/ipv4/netfilter/arp_tables.c:#define FWINV(bool, invflg) ((bool) ^ !!(arpinfo->invflags & (invflg)))
net/ipv4/netfilter/ip_tables.c:#define FWINV(bool, invflg) ((bool) ^ !!(ipinfo->invflags & (invflg)))
net/ipv6/netfilter/ip6_tables.c:#define FWINV(bool, invflg) ((bool) ^ !!(ip6info->invflags & (invflg)))
net/netfilter/xt_tcpudp.c:#define FWINVTCP(bool, invflg) ((bool) ^ !!(tcpinfo->invflags & (invflg)))

Consolidate these macros into a single NF_INVF macro.

Miscellanea:

o Neaten the alignment around these uses
o A few lines are > 80 columns for intelligibility

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Joe Perches and committed by
Pablo Neira Ayuso c37a2dfa f1504307

+144 -138
+4
include/linux/netfilter/x_tables.h
··· 6 6 #include <linux/static_key.h> 7 7 #include <uapi/linux/netfilter/x_tables.h> 8 8 9 + /* Test a struct->invflags and a boolean for inequality */ 10 + #define NF_INVF(ptr, flag, boolean) \ 11 + ((boolean) ^ !!((ptr)->invflags & (flag))) 12 + 9 13 /** 10 14 * struct xt_action_param - parameters for matches/targets 11 15 *
-2
include/linux/netfilter_bridge/ebtables.h
··· 115 115 const struct nf_hook_state *state, 116 116 struct ebt_table *table); 117 117 118 - /* Used in the kernel match() functions */ 119 - #define FWINV(bool,invflg) ((bool) ^ !!(info->invflags & invflg)) 120 118 /* True if the hook mask denotes that the rule is in a base chain, 121 119 * used in the check() functions */ 122 120 #define BASE_CHAIN (par->hook_mask & (1 << NF_BR_NUMHOOKS))
+3 -3
net/bridge/netfilter/ebt_802_3.c
··· 20 20 __be16 type = hdr->llc.ui.ctrl & IS_UI ? hdr->llc.ui.type : hdr->llc.ni.type; 21 21 22 22 if (info->bitmask & EBT_802_3_SAP) { 23 - if (FWINV(info->sap != hdr->llc.ui.ssap, EBT_802_3_SAP)) 23 + if (NF_INVF(info, EBT_802_3_SAP, info->sap != hdr->llc.ui.ssap)) 24 24 return false; 25 - if (FWINV(info->sap != hdr->llc.ui.dsap, EBT_802_3_SAP)) 25 + if (NF_INVF(info, EBT_802_3_SAP, info->sap != hdr->llc.ui.dsap)) 26 26 return false; 27 27 } 28 28 29 29 if (info->bitmask & EBT_802_3_TYPE) { 30 30 if (!(hdr->llc.ui.dsap == CHECK_TYPE && hdr->llc.ui.ssap == CHECK_TYPE)) 31 31 return false; 32 - if (FWINV(info->type != type, EBT_802_3_TYPE)) 32 + if (NF_INVF(info, EBT_802_3_TYPE, info->type != type)) 33 33 return false; 34 34 } 35 35
+20 -18
net/bridge/netfilter/ebt_arp.c
··· 25 25 ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph); 26 26 if (ah == NULL) 27 27 return false; 28 - if (info->bitmask & EBT_ARP_OPCODE && FWINV(info->opcode != 29 - ah->ar_op, EBT_ARP_OPCODE)) 28 + if ((info->bitmask & EBT_ARP_OPCODE) && 29 + NF_INVF(info, EBT_ARP_OPCODE, info->opcode != ah->ar_op)) 30 30 return false; 31 - if (info->bitmask & EBT_ARP_HTYPE && FWINV(info->htype != 32 - ah->ar_hrd, EBT_ARP_HTYPE)) 31 + if ((info->bitmask & EBT_ARP_HTYPE) && 32 + NF_INVF(info, EBT_ARP_HTYPE, info->htype != ah->ar_hrd)) 33 33 return false; 34 - if (info->bitmask & EBT_ARP_PTYPE && FWINV(info->ptype != 35 - ah->ar_pro, EBT_ARP_PTYPE)) 34 + if ((info->bitmask & EBT_ARP_PTYPE) && 35 + NF_INVF(info, EBT_ARP_PTYPE, info->ptype != ah->ar_pro)) 36 36 return false; 37 37 38 38 if (info->bitmask & (EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_GRAT)) { ··· 51 51 sizeof(daddr), &daddr); 52 52 if (dap == NULL) 53 53 return false; 54 - if (info->bitmask & EBT_ARP_SRC_IP && 55 - FWINV(info->saddr != (*sap & info->smsk), EBT_ARP_SRC_IP)) 54 + if ((info->bitmask & EBT_ARP_SRC_IP) && 55 + NF_INVF(info, EBT_ARP_SRC_IP, 56 + info->saddr != (*sap & info->smsk))) 56 57 return false; 57 - if (info->bitmask & EBT_ARP_DST_IP && 58 - FWINV(info->daddr != (*dap & info->dmsk), EBT_ARP_DST_IP)) 58 + if ((info->bitmask & EBT_ARP_DST_IP) && 59 + NF_INVF(info, EBT_ARP_DST_IP, 60 + info->daddr != (*dap & info->dmsk))) 59 61 return false; 60 - if (info->bitmask & EBT_ARP_GRAT && 61 - FWINV(*dap != *sap, EBT_ARP_GRAT)) 62 + if ((info->bitmask & EBT_ARP_GRAT) && 63 + NF_INVF(info, EBT_ARP_GRAT, *dap != *sap)) 62 64 return false; 63 65 } 64 66 ··· 75 73 sizeof(_mac), &_mac); 76 74 if (mp == NULL) 77 75 return false; 78 - if (FWINV(!ether_addr_equal_masked(mp, info->smaddr, 79 - info->smmsk), 80 - EBT_ARP_SRC_MAC)) 76 + if (NF_INVF(info, EBT_ARP_SRC_MAC, 77 + !ether_addr_equal_masked(mp, info->smaddr, 78 + info->smmsk))) 81 79 return false; 82 80 } 83 81 ··· 87 85 sizeof(_mac), &_mac); 88 86 if (mp == NULL) 89 87 return false; 90 - if (FWINV(!ether_addr_equal_masked(mp, info->dmaddr, 91 - info->dmmsk), 92 - EBT_ARP_DST_MAC)) 88 + if (NF_INVF(info, EBT_ARP_DST_MAC, 89 + !ether_addr_equal_masked(mp, info->dmaddr, 90 + info->dmmsk))) 93 91 return false; 94 92 } 95 93 }
+14 -14
net/bridge/netfilter/ebt_ip.c
··· 36 36 ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); 37 37 if (ih == NULL) 38 38 return false; 39 - if (info->bitmask & EBT_IP_TOS && 40 - FWINV(info->tos != ih->tos, EBT_IP_TOS)) 39 + if ((info->bitmask & EBT_IP_TOS) && 40 + NF_INVF(info, EBT_IP_TOS, info->tos != ih->tos)) 41 41 return false; 42 - if (info->bitmask & EBT_IP_SOURCE && 43 - FWINV((ih->saddr & info->smsk) != 44 - info->saddr, EBT_IP_SOURCE)) 42 + if ((info->bitmask & EBT_IP_SOURCE) && 43 + NF_INVF(info, EBT_IP_SOURCE, 44 + (ih->saddr & info->smsk) != info->saddr)) 45 45 return false; 46 46 if ((info->bitmask & EBT_IP_DEST) && 47 - FWINV((ih->daddr & info->dmsk) != 48 - info->daddr, EBT_IP_DEST)) 47 + NF_INVF(info, EBT_IP_DEST, 48 + (ih->daddr & info->dmsk) != info->daddr)) 49 49 return false; 50 50 if (info->bitmask & EBT_IP_PROTO) { 51 - if (FWINV(info->protocol != ih->protocol, EBT_IP_PROTO)) 51 + if (NF_INVF(info, EBT_IP_PROTO, info->protocol != ih->protocol)) 52 52 return false; 53 53 if (!(info->bitmask & EBT_IP_DPORT) && 54 54 !(info->bitmask & EBT_IP_SPORT)) ··· 61 61 return false; 62 62 if (info->bitmask & EBT_IP_DPORT) { 63 63 u32 dst = ntohs(pptr->dst); 64 - if (FWINV(dst < info->dport[0] || 65 - dst > info->dport[1], 66 - EBT_IP_DPORT)) 64 + if (NF_INVF(info, EBT_IP_DPORT, 65 + dst < info->dport[0] || 66 + dst > info->dport[1])) 67 67 return false; 68 68 } 69 69 if (info->bitmask & EBT_IP_SPORT) { 70 70 u32 src = ntohs(pptr->src); 71 - if (FWINV(src < info->sport[0] || 72 - src > info->sport[1], 73 - EBT_IP_SPORT)) 71 + if (NF_INVF(info, EBT_IP_SPORT, 72 + src < info->sport[0] || 73 + src > info->sport[1])) 74 74 return false; 75 75 } 76 76 }
+23 -18
net/bridge/netfilter/ebt_ip6.c
··· 45 45 ih6 = skb_header_pointer(skb, 0, sizeof(_ip6h), &_ip6h); 46 46 if (ih6 == NULL) 47 47 return false; 48 - if (info->bitmask & EBT_IP6_TCLASS && 49 - FWINV(info->tclass != ipv6_get_dsfield(ih6), EBT_IP6_TCLASS)) 48 + if ((info->bitmask & EBT_IP6_TCLASS) && 49 + NF_INVF(info, EBT_IP6_TCLASS, 50 + info->tclass != ipv6_get_dsfield(ih6))) 50 51 return false; 51 - if ((info->bitmask & EBT_IP6_SOURCE && 52 - FWINV(ipv6_masked_addr_cmp(&ih6->saddr, &info->smsk, 53 - &info->saddr), EBT_IP6_SOURCE)) || 54 - (info->bitmask & EBT_IP6_DEST && 55 - FWINV(ipv6_masked_addr_cmp(&ih6->daddr, &info->dmsk, 56 - &info->daddr), EBT_IP6_DEST))) 52 + if (((info->bitmask & EBT_IP6_SOURCE) && 53 + NF_INVF(info, EBT_IP6_SOURCE, 54 + ipv6_masked_addr_cmp(&ih6->saddr, &info->smsk, 55 + &info->saddr))) || 56 + ((info->bitmask & EBT_IP6_DEST) && 57 + NF_INVF(info, EBT_IP6_DEST, 58 + ipv6_masked_addr_cmp(&ih6->daddr, &info->dmsk, 59 + &info->daddr)))) 57 60 return false; 58 61 if (info->bitmask & EBT_IP6_PROTO) { 59 62 uint8_t nexthdr = ih6->nexthdr; ··· 66 63 offset_ph = ipv6_skip_exthdr(skb, sizeof(_ip6h), &nexthdr, &frag_off); 67 64 if (offset_ph == -1) 68 65 return false; 69 - if (FWINV(info->protocol != nexthdr, EBT_IP6_PROTO)) 66 + if (NF_INVF(info, EBT_IP6_PROTO, info->protocol != nexthdr)) 70 67 return false; 71 68 if (!(info->bitmask & (EBT_IP6_DPORT | 72 69 EBT_IP6_SPORT | EBT_IP6_ICMP6))) ··· 79 76 return false; 80 77 if (info->bitmask & EBT_IP6_DPORT) { 81 78 u16 dst = ntohs(pptr->tcpudphdr.dst); 82 - if (FWINV(dst < info->dport[0] || 83 - dst > info->dport[1], EBT_IP6_DPORT)) 79 + if (NF_INVF(info, EBT_IP6_DPORT, 80 + dst < info->dport[0] || 81 + dst > info->dport[1])) 84 82 return false; 85 83 } 86 84 if (info->bitmask & EBT_IP6_SPORT) { 87 85 u16 src = ntohs(pptr->tcpudphdr.src); 88 - if (FWINV(src < info->sport[0] || 89 - src > info->sport[1], EBT_IP6_SPORT)) 86 + if (NF_INVF(info, EBT_IP6_SPORT, 87 + src < info->sport[0] || 88 + src > info->sport[1])) 90 89 return false; 91 90 } 92 91 if ((info->bitmask & EBT_IP6_ICMP6) && 93 - FWINV(pptr->icmphdr.type < info->icmpv6_type[0] || 94 - pptr->icmphdr.type > info->icmpv6_type[1] || 95 - pptr->icmphdr.code < info->icmpv6_code[0] || 96 - pptr->icmphdr.code > info->icmpv6_code[1], 97 - EBT_IP6_ICMP6)) 92 + NF_INVF(info, EBT_IP6_ICMP6, 93 + pptr->icmphdr.type < info->icmpv6_type[0] || 94 + pptr->icmphdr.type > info->icmpv6_type[1] || 95 + pptr->icmphdr.code < info->icmpv6_code[0] || 96 + pptr->icmphdr.code > info->icmpv6_code[1])) 98 97 return false; 99 98 } 100 99 return true;
+27 -25
net/bridge/netfilter/ebt_stp.c
··· 49 49 50 50 c = &info->config; 51 51 if ((info->bitmask & EBT_STP_FLAGS) && 52 - FWINV(c->flags != stpc->flags, EBT_STP_FLAGS)) 52 + NF_INVF(info, EBT_STP_FLAGS, c->flags != stpc->flags)) 53 53 return false; 54 54 if (info->bitmask & EBT_STP_ROOTPRIO) { 55 55 v16 = NR16(stpc->root); 56 - if (FWINV(v16 < c->root_priol || v16 > c->root_priou, 57 - EBT_STP_ROOTPRIO)) 56 + if (NF_INVF(info, EBT_STP_ROOTPRIO, 57 + v16 < c->root_priol || v16 > c->root_priou)) 58 58 return false; 59 59 } 60 60 if (info->bitmask & EBT_STP_ROOTADDR) { 61 - if (FWINV(!ether_addr_equal_masked(&stpc->root[2], c->root_addr, 62 - c->root_addrmsk), 63 - EBT_STP_ROOTADDR)) 61 + if (NF_INVF(info, EBT_STP_ROOTADDR, 62 + !ether_addr_equal_masked(&stpc->root[2], 63 + c->root_addr, 64 + c->root_addrmsk))) 64 65 return false; 65 66 } 66 67 if (info->bitmask & EBT_STP_ROOTCOST) { 67 68 v32 = NR32(stpc->root_cost); 68 - if (FWINV(v32 < c->root_costl || v32 > c->root_costu, 69 - EBT_STP_ROOTCOST)) 69 + if (NF_INVF(info, EBT_STP_ROOTCOST, 70 + v32 < c->root_costl || v32 > c->root_costu)) 70 71 return false; 71 72 } 72 73 if (info->bitmask & EBT_STP_SENDERPRIO) { 73 74 v16 = NR16(stpc->sender); 74 - if (FWINV(v16 < c->sender_priol || v16 > c->sender_priou, 75 - EBT_STP_SENDERPRIO)) 75 + if (NF_INVF(info, EBT_STP_SENDERPRIO, 76 + v16 < c->sender_priol || v16 > c->sender_priou)) 76 77 return false; 77 78 } 78 79 if (info->bitmask & EBT_STP_SENDERADDR) { 79 - if (FWINV(!ether_addr_equal_masked(&stpc->sender[2], 80 - c->sender_addr, 81 - c->sender_addrmsk), 82 - EBT_STP_SENDERADDR)) 80 + if (NF_INVF(info, EBT_STP_SENDERADDR, 81 + !ether_addr_equal_masked(&stpc->sender[2], 82 + c->sender_addr, 83 + c->sender_addrmsk))) 83 84 return false; 84 85 } 85 86 if (info->bitmask & EBT_STP_PORT) { 86 87 v16 = NR16(stpc->port); 87 - if (FWINV(v16 < c->portl || v16 > c->portu, EBT_STP_PORT)) 88 + if (NF_INVF(info, EBT_STP_PORT, 89 + v16 < c->portl || v16 > c->portu)) 88 90 return false; 89 91 } 90 92 if (info->bitmask & EBT_STP_MSGAGE) { 91 93 v16 = NR16(stpc->msg_age); 92 - if (FWINV(v16 < c->msg_agel || v16 > c->msg_ageu, 93 - EBT_STP_MSGAGE)) 94 + if (NF_INVF(info, EBT_STP_MSGAGE, 95 + v16 < c->msg_agel || v16 > c->msg_ageu)) 94 96 return false; 95 97 } 96 98 if (info->bitmask & EBT_STP_MAXAGE) { 97 99 v16 = NR16(stpc->max_age); 98 - if (FWINV(v16 < c->max_agel || v16 > c->max_ageu, 99 - EBT_STP_MAXAGE)) 100 + if (NF_INVF(info, EBT_STP_MAXAGE, 101 + v16 < c->max_agel || v16 > c->max_ageu)) 100 102 return false; 101 103 } 102 104 if (info->bitmask & EBT_STP_HELLOTIME) { 103 105 v16 = NR16(stpc->hello_time); 104 - if (FWINV(v16 < c->hello_timel || v16 > c->hello_timeu, 105 - EBT_STP_HELLOTIME)) 106 + if (NF_INVF(info, EBT_STP_HELLOTIME, 107 + v16 < c->hello_timel || v16 > c->hello_timeu)) 106 108 return false; 107 109 } 108 110 if (info->bitmask & EBT_STP_FWDD) { 109 111 v16 = NR16(stpc->forward_delay); 110 - if (FWINV(v16 < c->forward_delayl || v16 > c->forward_delayu, 111 - EBT_STP_FWDD)) 112 + if (NF_INVF(info, EBT_STP_FWDD, 113 + v16 < c->forward_delayl || v16 > c->forward_delayu)) 112 114 return false; 113 115 } 114 116 return true; ··· 132 130 if (memcmp(sp, header, sizeof(header))) 133 131 return false; 134 132 135 - if (info->bitmask & EBT_STP_TYPE && 136 - FWINV(info->type != sp->type, EBT_STP_TYPE)) 133 + if ((info->bitmask & EBT_STP_TYPE) && 134 + NF_INVF(info, EBT_STP_TYPE, info->type != sp->type)) 137 135 return false; 138 136 139 137 if (sp->type == BPDU_TYPE_CONFIG &&
+14 -13
net/bridge/netfilter/ebtables.c
··· 121 121 return devname[i] != entry[i] && entry[i] != 1; 122 122 } 123 123 124 - #define FWINV2(bool, invflg) ((bool) ^ !!(e->invflags & invflg)) 125 124 /* process standard matches */ 126 125 static inline int 127 126 ebt_basic_match(const struct ebt_entry *e, const struct sk_buff *skb, ··· 136 137 ethproto = h->h_proto; 137 138 138 139 if (e->bitmask & EBT_802_3) { 139 - if (FWINV2(eth_proto_is_802_3(ethproto), EBT_IPROTO)) 140 + if (NF_INVF(e, EBT_IPROTO, eth_proto_is_802_3(ethproto))) 140 141 return 1; 141 142 } else if (!(e->bitmask & EBT_NOPROTO) && 142 - FWINV2(e->ethproto != ethproto, EBT_IPROTO)) 143 + NF_INVF(e, EBT_IPROTO, e->ethproto != ethproto)) 143 144 return 1; 144 145 145 - if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN)) 146 + if (NF_INVF(e, EBT_IIN, ebt_dev_check(e->in, in))) 146 147 return 1; 147 - if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT)) 148 + if (NF_INVF(e, EBT_IOUT, ebt_dev_check(e->out, out))) 148 149 return 1; 149 150 /* rcu_read_lock()ed by nf_hook_slow */ 150 151 if (in && (p = br_port_get_rcu(in)) != NULL && 151 - FWINV2(ebt_dev_check(e->logical_in, p->br->dev), EBT_ILOGICALIN)) 152 + NF_INVF(e, EBT_ILOGICALIN, 153 + ebt_dev_check(e->logical_in, p->br->dev))) 152 154 return 1; 153 155 if (out && (p = br_port_get_rcu(out)) != NULL && 154 - FWINV2(ebt_dev_check(e->logical_out, p->br->dev), EBT_ILOGICALOUT)) 156 + NF_INVF(e, EBT_ILOGICALOUT, 157 + ebt_dev_check(e->logical_out, p->br->dev))) 155 158 return 1; 156 159 157 160 if (e->bitmask & EBT_SOURCEMAC) { 158 - if (FWINV2(!ether_addr_equal_masked(h->h_source, 159 - e->sourcemac, e->sourcemsk), 160 - EBT_ISOURCE)) 161 + if (NF_INVF(e, EBT_ISOURCE, 162 + !ether_addr_equal_masked(h->h_source, e->sourcemac, 163 + e->sourcemsk))) 161 164 return 1; 162 165 } 163 166 if (e->bitmask & EBT_DESTMAC) { 164 - if (FWINV2(!ether_addr_equal_masked(h->h_dest, 165 - e->destmac, e->destmsk), 166 - EBT_IDEST)) 167 + if (NF_INVF(e, EBT_IDEST, 168 + !ether_addr_equal_masked(h->h_dest, e->destmac, 169 + e->destmsk))) 167 170 return 1; 168 171 } 169 172 return 0;
+20 -21
net/ipv4/netfilter/arp_tables.c
··· 89 89 __be32 src_ipaddr, tgt_ipaddr; 90 90 long ret; 91 91 92 - #define FWINV(bool, invflg) ((bool) ^ !!(arpinfo->invflags & (invflg))) 93 - 94 - if (FWINV((arphdr->ar_op & arpinfo->arpop_mask) != arpinfo->arpop, 95 - ARPT_INV_ARPOP)) 92 + if (NF_INVF(arpinfo, ARPT_INV_ARPOP, 93 + (arphdr->ar_op & arpinfo->arpop_mask) != arpinfo->arpop)) 96 94 return 0; 97 95 98 - if (FWINV((arphdr->ar_hrd & arpinfo->arhrd_mask) != arpinfo->arhrd, 99 - ARPT_INV_ARPHRD)) 96 + if (NF_INVF(arpinfo, ARPT_INV_ARPHRD, 97 + (arphdr->ar_hrd & arpinfo->arhrd_mask) != arpinfo->arhrd)) 100 98 return 0; 101 99 102 - if (FWINV((arphdr->ar_pro & arpinfo->arpro_mask) != arpinfo->arpro, 103 - ARPT_INV_ARPPRO)) 100 + if (NF_INVF(arpinfo, ARPT_INV_ARPPRO, 101 + (arphdr->ar_pro & arpinfo->arpro_mask) != arpinfo->arpro)) 104 102 return 0; 105 103 106 - if (FWINV((arphdr->ar_hln & arpinfo->arhln_mask) != arpinfo->arhln, 107 - ARPT_INV_ARPHLN)) 104 + if (NF_INVF(arpinfo, ARPT_INV_ARPHLN, 105 + (arphdr->ar_hln & arpinfo->arhln_mask) != arpinfo->arhln)) 108 106 return 0; 109 107 110 108 src_devaddr = arpptr; ··· 113 115 arpptr += dev->addr_len; 114 116 memcpy(&tgt_ipaddr, arpptr, sizeof(u32)); 115 117 116 - if (FWINV(arp_devaddr_compare(&arpinfo->src_devaddr, src_devaddr, dev->addr_len), 117 - ARPT_INV_SRCDEVADDR) || 118 - FWINV(arp_devaddr_compare(&arpinfo->tgt_devaddr, tgt_devaddr, dev->addr_len), 119 - ARPT_INV_TGTDEVADDR)) 118 + if (NF_INVF(arpinfo, ARPT_INV_SRCDEVADDR, 119 + arp_devaddr_compare(&arpinfo->src_devaddr, src_devaddr, 120 + dev->addr_len)) || 121 + NF_INVF(arpinfo, ARPT_INV_TGTDEVADDR, 122 + arp_devaddr_compare(&arpinfo->tgt_devaddr, tgt_devaddr, 123 + dev->addr_len))) 120 124 return 0; 121 125 122 - if (FWINV((src_ipaddr & arpinfo->smsk.s_addr) != arpinfo->src.s_addr, 123 - ARPT_INV_SRCIP) || 124 - FWINV(((tgt_ipaddr & arpinfo->tmsk.s_addr) != arpinfo->tgt.s_addr), 125 - ARPT_INV_TGTIP)) 126 + if (NF_INVF(arpinfo, ARPT_INV_SRCIP, 127 + (src_ipaddr & arpinfo->smsk.s_addr) != arpinfo->src.s_addr) || 128 + NF_INVF(arpinfo, ARPT_INV_TGTIP, 129 + (tgt_ipaddr & arpinfo->tmsk.s_addr) != arpinfo->tgt.s_addr)) 126 130 return 0; 127 131 128 132 /* Look for ifname matches. */ 129 133 ret = ifname_compare(indev, arpinfo->iniface, arpinfo->iniface_mask); 130 134 131 - if (FWINV(ret != 0, ARPT_INV_VIA_IN)) 135 + if (NF_INVF(arpinfo, ARPT_INV_VIA_IN, ret != 0)) 132 136 return 0; 133 137 134 138 ret = ifname_compare(outdev, arpinfo->outiface, arpinfo->outiface_mask); 135 139 136 - if (FWINV(ret != 0, ARPT_INV_VIA_OUT)) 140 + if (NF_INVF(arpinfo, ARPT_INV_VIA_OUT, ret != 0)) 137 141 return 0; 138 142 139 143 return 1; 140 - #undef FWINV 141 144 } 142 145 143 146 static inline int arp_checkentry(const struct arpt_arp *arp)
+9 -11
net/ipv4/netfilter/ip_tables.c
··· 58 58 { 59 59 unsigned long ret; 60 60 61 - #define FWINV(bool, invflg) ((bool) ^ !!(ipinfo->invflags & (invflg))) 62 - 63 - if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr, 64 - IPT_INV_SRCIP) || 65 - FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr, 66 - IPT_INV_DSTIP)) 61 + if (NF_INVF(ipinfo, IPT_INV_SRCIP, 62 + (ip->saddr & ipinfo->smsk.s_addr) != ipinfo->src.s_addr) || 63 + NF_INVF(ipinfo, IPT_INV_DSTIP, 64 + (ip->daddr & ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr)) 67 65 return false; 68 66 69 67 ret = ifname_compare_aligned(indev, ipinfo->iniface, ipinfo->iniface_mask); 70 68 71 - if (FWINV(ret != 0, IPT_INV_VIA_IN)) 69 + if (NF_INVF(ipinfo, IPT_INV_VIA_IN, ret != 0)) 72 70 return false; 73 71 74 72 ret = ifname_compare_aligned(outdev, ipinfo->outiface, ipinfo->outiface_mask); 75 73 76 - if (FWINV(ret != 0, IPT_INV_VIA_OUT)) 74 + if (NF_INVF(ipinfo, IPT_INV_VIA_OUT, ret != 0)) 77 75 return false; 78 76 79 77 /* Check specific protocol */ 80 78 if (ipinfo->proto && 81 - FWINV(ip->protocol != ipinfo->proto, IPT_INV_PROTO)) 79 + NF_INVF(ipinfo, IPT_INV_PROTO, ip->protocol != ipinfo->proto)) 82 80 return false; 83 81 84 82 /* If we have a fragment rule but the packet is not a fragment 85 83 * then we return zero */ 86 - if (FWINV((ipinfo->flags&IPT_F_FRAG) && !isfrag, IPT_INV_FRAG)) 84 + if (NF_INVF(ipinfo, IPT_INV_FRAG, 85 + (ipinfo->flags & IPT_F_FRAG) && !isfrag)) 87 86 return false; 88 87 89 88 return true; ··· 121 122 122 123 return e->target_offset == sizeof(struct ipt_entry) && 123 124 memcmp(&e->ip, &uncond, sizeof(uncond)) == 0; 124 - #undef FWINV 125 125 } 126 126 127 127 /* for const-correctness */
+8 -8
net/ipv6/netfilter/ip6_tables.c
··· 73 73 unsigned long ret; 74 74 const struct ipv6hdr *ipv6 = ipv6_hdr(skb); 75 75 76 - #define FWINV(bool, invflg) ((bool) ^ !!(ip6info->invflags & (invflg))) 77 - 78 - if (FWINV(ipv6_masked_addr_cmp(&ipv6->saddr, &ip6info->smsk, 79 - &ip6info->src), IP6T_INV_SRCIP) || 80 - FWINV(ipv6_masked_addr_cmp(&ipv6->daddr, &ip6info->dmsk, 81 - &ip6info->dst), IP6T_INV_DSTIP)) 76 + if (NF_INVF(ip6info, IP6T_INV_SRCIP, 77 + ipv6_masked_addr_cmp(&ipv6->saddr, &ip6info->smsk, 78 + &ip6info->src)) || 79 + NF_INVF(ip6info, IP6T_INV_DSTIP, 80 + ipv6_masked_addr_cmp(&ipv6->daddr, &ip6info->dmsk, 81 + &ip6info->dst))) 82 82 return false; 83 83 84 84 ret = ifname_compare_aligned(indev, ip6info->iniface, ip6info->iniface_mask); 85 85 86 - if (FWINV(ret != 0, IP6T_INV_VIA_IN)) 86 + if (NF_INVF(ip6info, IP6T_INV_VIA_IN, ret != 0)) 87 87 return false; 88 88 89 89 ret = ifname_compare_aligned(outdev, ip6info->outiface, ip6info->outiface_mask); 90 90 91 - if (FWINV(ret != 0, IP6T_INV_VIA_OUT)) 91 + if (NF_INVF(ip6info, IP6T_INV_VIA_OUT, ret != 0)) 92 92 return false; 93 93 94 94 /* ... might want to do something with class and flowlabel here ... */
+2 -5
net/netfilter/xt_tcpudp.c
··· 83 83 return false; 84 84 } 85 85 86 - #define FWINVTCP(bool, invflg) ((bool) ^ !!(tcpinfo->invflags & (invflg))) 87 - 88 86 th = skb_header_pointer(skb, par->thoff, sizeof(_tcph), &_tcph); 89 87 if (th == NULL) { 90 88 /* We've been asked to examine this packet, and we ··· 100 102 ntohs(th->dest), 101 103 !!(tcpinfo->invflags & XT_TCP_INV_DSTPT))) 102 104 return false; 103 - if (!FWINVTCP((((unsigned char *)th)[13] & tcpinfo->flg_mask) 104 - == tcpinfo->flg_cmp, 105 - XT_TCP_INV_FLAGS)) 105 + if (!NF_INVF(tcpinfo, XT_TCP_INV_FLAGS, 106 + (((unsigned char *)th)[13] & tcpinfo->flg_mask) == tcpinfo->flg_cmp)) 106 107 return false; 107 108 if (tcpinfo->option) { 108 109 if (th->doff * 4 < sizeof(_tcph)) {