xshared: Share make_delete_mask() between ip{,6}tables

author Phil Sutter <phil@nwl.cc>

Tue, 12 May 2020 16:46:39 +0000 (18:46 +0200)

committer Phil Sutter <phil@nwl.cc>

Tue, 15 Nov 2022 15:58:16 +0000 (16:58 +0100)
author Phil Sutter <phil@nwl.cc>
Tue, 12 May 2020 16:46:39 +0000 (18:46 +0200)
committer Phil Sutter <phil@nwl.cc>
Tue, 15 Nov 2022 15:58:16 +0000 (16:58 +0100)
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c

index 75984cc1bcdd88337d5c1981b774c295548c5799..ae2670357264b26a1c1cc7a88c0e9bf904ae0380 100644 (file)
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -277,40 +277,6 @@ insert_entry(const xt_chainlabel chain,
         return ret;
  }
  
-static unsigned char *
-make_delete_mask(const struct xtables_rule_match *matches,
-                const struct xtables_target *target)
-{
-       /* Establish mask for comparison */
-       unsigned int size;
-       const struct xtables_rule_match *matchp;
-       unsigned char *mask, *mptr;
-
-       size = sizeof(struct ip6t_entry);
-       for (matchp = matches; matchp; matchp = matchp->next)
-               size += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
-
-       mask = xtables_calloc(1, size
-                        + XT_ALIGN(sizeof(struct xt_entry_target))
-                        + target->size);
-
-       memset(mask, 0xFF, sizeof(struct ip6t_entry));
-       mptr = mask + sizeof(struct ip6t_entry);
-
-       for (matchp = matches; matchp; matchp = matchp->next) {
-               memset(mptr, 0xFF,
-                      XT_ALIGN(sizeof(struct xt_entry_match))
-                      + matchp->match->userspacesize);
-               mptr += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
-       }
-
-       memset(mptr, 0xFF,
-              XT_ALIGN(sizeof(struct xt_entry_target))
-              + target->userspacesize);
-
-       return mask;
-}
-
  static int
  delete_entry(const xt_chainlabel chain,
              struct ip6t_entry *fw,
@@ -329,7 +295,7 @@ delete_entry(const xt_chainlabel chain,
         int ret = 1;
         unsigned char *mask;
  
-       mask = make_delete_mask(matches, target);
+       mask = make_delete_mask(matches, target, sizeof(*fw));
         for (i = 0; i < nsaddrs; i++) {
                 fw->ipv6.src = saddrs[i];
                 fw->ipv6.smsk = smasks[i];
@@ -359,7 +325,7 @@ check_entry(const xt_chainlabel chain, struct ip6t_entry *fw,
         int ret = 1;
         unsigned char *mask;
  
-       mask = make_delete_mask(matches, target);
+       mask = make_delete_mask(matches, target, sizeof(fw));
         for (i = 0; i < nsaddrs; i++) {
                 fw->ipv6.src = saddrs[i];
                 fw->ipv6.smsk = smasks[i];
diff --git a/iptables/iptables.c b/iptables/iptables.c

index e5207ba106057dad88246e68286554c1f3a973f1..591ec17886562d079f55ced5643c65723e5d85f0 100644 (file)
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -276,40 +276,6 @@ insert_entry(const xt_chainlabel chain,
         return ret;
  }
  
-static unsigned char *
-make_delete_mask(const struct xtables_rule_match *matches,
-                const struct xtables_target *target)
-{
-       /* Establish mask for comparison */
-       unsigned int size;
-       const struct xtables_rule_match *matchp;
-       unsigned char *mask, *mptr;
-
-       size = sizeof(struct ipt_entry);
-       for (matchp = matches; matchp; matchp = matchp->next)
-               size += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
-
-       mask = xtables_calloc(1, size
-                        + XT_ALIGN(sizeof(struct xt_entry_target))
-                        + target->size);
-
-       memset(mask, 0xFF, sizeof(struct ipt_entry));
-       mptr = mask + sizeof(struct ipt_entry);
-
-       for (matchp = matches; matchp; matchp = matchp->next) {
-               memset(mptr, 0xFF,
-                      XT_ALIGN(sizeof(struct xt_entry_match))
-                      + matchp->match->userspacesize);
-               mptr += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
-       }
-
-       memset(mptr, 0xFF,
-              XT_ALIGN(sizeof(struct xt_entry_target))
-              + target->userspacesize);
-
-       return mask;
-}
-
  static int
  delete_entry(const xt_chainlabel chain,
              struct ipt_entry *fw,
@@ -328,7 +294,7 @@ delete_entry(const xt_chainlabel chain,
         int ret = 1;
         unsigned char *mask;
  
-       mask = make_delete_mask(matches, target);
+       mask = make_delete_mask(matches, target, sizeof(*fw));
         for (i = 0; i < nsaddrs; i++) {
                 fw->ip.src.s_addr = saddrs[i].s_addr;
                 fw->ip.smsk.s_addr = smasks[i].s_addr;
@@ -358,7 +324,7 @@ check_entry(const xt_chainlabel chain, struct ipt_entry *fw,
         int ret = 1;
         unsigned char *mask;
  
-       mask = make_delete_mask(matches, target);
+       mask = make_delete_mask(matches, target, sizeof(*fw));
         for (i = 0; i < nsaddrs; i++) {
                 fw->ip.src.s_addr = saddrs[i].s_addr;
                 fw->ip.smsk.s_addr = smasks[i].s_addr;
diff --git a/iptables/xshared.c b/iptables/xshared.c

index 695157896d521a33052ad7410bac3751eeb871a2..0beacee61d48779af4d374c139afc2028cfdc98a 100644 (file)
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -2000,3 +2000,37 @@ void ipv6_post_parse(int command, struct iptables_command_state *cs,
                               "! not allowed with multiple"
                               " source or destination IP addresses");
  }
+
+unsigned char *
+make_delete_mask(const struct xtables_rule_match *matches,
+                const struct xtables_target *target,
+                size_t entry_size)
+{
+       /* Establish mask for comparison */
+       unsigned int size = entry_size;
+       const struct xtables_rule_match *matchp;
+       unsigned char *mask, *mptr;
+
+       for (matchp = matches; matchp; matchp = matchp->next)
+               size += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
+
+       mask = xtables_calloc(1, size
+                        + XT_ALIGN(sizeof(struct xt_entry_target))
+                        + target->size);
+
+       memset(mask, 0xFF, entry_size);
+       mptr = mask + entry_size;
+
+       for (matchp = matches; matchp; matchp = matchp->next) {
+               memset(mptr, 0xFF,
+                      XT_ALIGN(sizeof(struct xt_entry_match))
+                      + matchp->match->userspacesize);
+               mptr += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size;
+       }
+
+       memset(mptr, 0xFF,
+              XT_ALIGN(sizeof(struct xt_entry_target))
+              + target->userspacesize);
+
+       return mask;
+}
diff --git a/iptables/xshared.h b/iptables/xshared.h

index f43c28f519a9c9a7bb9154d886f2a9c673276831..bfae4b4e1b5d365de1147e5643d83a2b579899e0 100644 (file)
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -293,4 +293,8 @@ void ipv6_post_parse(int command, struct iptables_command_state *cs,
  extern char *arp_opcodes[];
  #define ARP_NUMOPCODES 9
  
+unsigned char *make_delete_mask(const struct xtables_rule_match *matches,
+                               const struct xtables_target *target,
+                               size_t entry_size);
+
  #endif /* IPTABLES_XSHARED_H */
author	Phil Sutter <phil@nwl.cc>
	Tue, 12 May 2020 16:46:39 +0000 (18:46 +0200)
committer	Phil Sutter <phil@nwl.cc>
	Tue, 15 Nov 2022 15:58:16 +0000 (16:58 +0100)
iptables/ip6tables.c		patch \| blob \| blame \| history
iptables/iptables.c		patch \| blob \| blame \| history
iptables/xshared.c		patch \| blob \| blame \| history
iptables/xshared.h		patch \| blob \| blame \| history