diff options
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 22 |
1 files changed, 5 insertions, 17 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index f92818f..265cedf 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -173,21 +173,6 @@ ipt_error(struct sk_buff *skb, const struct xt_target_param *par) return NF_DROP; } -/* Performance critical - called for every packet */ -static inline bool -do_match(const struct ipt_entry_match *m, const struct sk_buff *skb, - struct xt_match_param *par) -{ - par->match = m->u.kernel.match; - par->matchinfo = m->data; - - /* Stop iteration if it doesn't match */ - if (!m->u.kernel.match->match(skb, par)) - return true; - else - return false; -} - /* Performance critical */ static inline struct ipt_entry * get_entry(const void *base, unsigned int offset) @@ -379,9 +364,12 @@ ipt_do_table(struct sk_buff *skb, continue; } - xt_ematch_foreach(ematch, e) - if (do_match(ematch, skb, &mtpar) != 0) + xt_ematch_foreach(ematch, e) { + mtpar.match = ematch->u.kernel.match; + mtpar.matchinfo = ematch->data; + if (!mtpar.match->match(skb, &mtpar)) goto no_match; + } ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1); |