netfilter: nft_masq: deduplicate eval call-backs

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

nft_masq has separate ipv4 and ipv6 call-backs which share much of their
code, and an inet one switch containing a switch that calls one of the
others based on the family of the packet. Merge the ipv4 and ipv6 ones
into the inet one in order to get rid of the duplicate code.

Const-qualify the `priv` pointer since we don't need to write through it.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Florian Westphal <fw@strlen.de>

authored by

Jeremy Sowden and committed by

Florian Westphal 3 years ago f6ca5d5e 6f56ad1b

+29 -46

1 changed file

expand all

net

netfilter

nft_masq.c

+29 -46

net/netfilter/nft_masq.c

··· 96 96 return -1; 97 97 } 98 98 99 - static void nft_masq_ipv4_eval(const struct nft_expr *expr, 100 - struct nft_regs *regs, 101 - const struct nft_pktinfo *pkt) 99 + static void nft_masq_eval(const struct nft_expr *expr, 100 + struct nft_regs *regs, 101 + const struct nft_pktinfo *pkt) 102 102 { 103 - struct nft_masq *priv = nft_expr_priv(expr); 103 + const struct nft_masq *priv = nft_expr_priv(expr); 104 104 struct nf_nat_range2 range; 105 105 106 106 memset(&range, 0, sizeof(range)); 107 107 range.flags = priv->flags; 108 108 if (priv->sreg_proto_min) { 109 - range.min_proto.all = (__force __be16)nft_reg_load16( 110 - &regs->data[priv->sreg_proto_min]); 111 - range.max_proto.all = (__force __be16)nft_reg_load16( 112 - &regs->data[priv->sreg_proto_max]); 109 + range.min_proto.all = (__force __be16) 110 + nft_reg_load16(&regs->data[priv->sreg_proto_min]); 111 + range.max_proto.all = (__force __be16) 112 + nft_reg_load16(&regs->data[priv->sreg_proto_max]); 113 113 } 114 - regs->verdict.code = nf_nat_masquerade_ipv4(pkt->skb, nft_hook(pkt), 115 - &range, nft_out(pkt)); 114 + 115 + switch (nft_pf(pkt)) { 116 + case NFPROTO_IPV4: 117 + regs->verdict.code = nf_nat_masquerade_ipv4(pkt->skb, 118 + nft_hook(pkt), 119 + &range, 120 + nft_out(pkt)); 121 + break; 122 + #ifdef CONFIG_NF_TABLES_IPV6 123 + case NFPROTO_IPV6: 124 + regs->verdict.code = nf_nat_masquerade_ipv6(pkt->skb, &range, 125 + nft_out(pkt)); 126 + break; 127 + #endif 128 + default: 129 + WARN_ON_ONCE(1); 130 + break; 131 + } 116 132 } 117 133 118 134 static void ··· 141 125 static const struct nft_expr_ops nft_masq_ipv4_ops = { 142 126 .type = &nft_masq_ipv4_type, 143 127 .size = NFT_EXPR_SIZE(sizeof(struct nft_masq)), 144 - .eval = nft_masq_ipv4_eval, 128 + .eval = nft_masq_eval, 145 129 .init = nft_masq_init, 146 130 .destroy = nft_masq_ipv4_destroy, 147 131 .dump = nft_masq_dump, ··· 159 143 }; 160 144 161 145 #ifdef CONFIG_NF_TABLES_IPV6 162 - static void nft_masq_ipv6_eval(const struct nft_expr *expr, 163 - struct nft_regs *regs, 164 - const struct nft_pktinfo *pkt) 165 - { 166 - struct nft_masq *priv = nft_expr_priv(expr); 167 - struct nf_nat_range2 range; 168 - 169 - memset(&range, 0, sizeof(range)); 170 - range.flags = priv->flags; 171 - if (priv->sreg_proto_min) { 172 - range.min_proto.all = (__force __be16)nft_reg_load16( 173 - &regs->data[priv->sreg_proto_min]); 174 - range.max_proto.all = (__force __be16)nft_reg_load16( 175 - &regs->data[priv->sreg_proto_max]); 176 - } 177 - regs->verdict.code = nf_nat_masquerade_ipv6(pkt->skb, &range, 178 - nft_out(pkt)); 179 - } 180 - 181 146 static void 182 147 nft_masq_ipv6_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr) 183 148 { ··· 169 172 static const struct nft_expr_ops nft_masq_ipv6_ops = { 170 173 .type = &nft_masq_ipv6_type, 171 174 .size = NFT_EXPR_SIZE(sizeof(struct nft_masq)), 172 - .eval = nft_masq_ipv6_eval, 175 + .eval = nft_masq_eval, 173 176 .init = nft_masq_init, 174 177 .destroy = nft_masq_ipv6_destroy, 175 178 .dump = nft_masq_dump, ··· 201 204 #endif 202 205 203 206 #ifdef CONFIG_NF_TABLES_INET 204 - static void nft_masq_inet_eval(const struct nft_expr *expr, 205 - struct nft_regs *regs, 206 - const struct nft_pktinfo *pkt) 207 - { 208 - switch (nft_pf(pkt)) { 209 - case NFPROTO_IPV4: 210 - return nft_masq_ipv4_eval(expr, regs, pkt); 211 - case NFPROTO_IPV6: 212 - return nft_masq_ipv6_eval(expr, regs, pkt); 213 - } 214 - 215 - WARN_ON_ONCE(1); 216 - } 217 - 218 207 static void 219 208 nft_masq_inet_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr) 220 209 { ··· 211 228 static const struct nft_expr_ops nft_masq_inet_ops = { 212 229 .type = &nft_masq_inet_type, 213 230 .size = NFT_EXPR_SIZE(sizeof(struct nft_masq)), 214 - .eval = nft_masq_inet_eval, 231 + .eval = nft_masq_eval, 215 232 .init = nft_masq_init, 216 233 .destroy = nft_masq_inet_destroy, 217 234 .dump = nft_masq_dump,