Function bodies were mostly identical, the only difference being the use of struct ipt_entry or ip6t_entry for size calculation. Pass this value via parameter to make them fully identical. Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/ip6tables.c | 38 ++------------------------------------ iptables/iptables.c | 38 ++------------------------------------ iptables/xshared.c | 34 ++++++++++++++++++++++++++++++++++ iptables/xshared.h | 4 ++++ 4 files changed, 42 insertions(+), 72 deletions(-) diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c index 75984cc1bcdd8..ae2670357264b 100644 --- a/iptables/ip6tables.c +++ b/iptables/ip6tables.c @@ -277,40 +277,6 @@ insert_entry(const xt_chainlabel chain, return ret; } -static unsigned char * -make_delete_mask(const struct xtables_rule_match *matches, - const struct xtables_target *target) -{ - /* Establish mask for comparison */ - unsigned int size; - const struct xtables_rule_match *matchp; - unsigned char *mask, *mptr; - - size = sizeof(struct ip6t_entry); - for (matchp = matches; matchp; matchp = matchp->next) - size += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size; - - mask = xtables_calloc(1, size - + XT_ALIGN(sizeof(struct xt_entry_target)) - + target->size); - - memset(mask, 0xFF, sizeof(struct ip6t_entry)); - mptr = mask + sizeof(struct ip6t_entry); - - for (matchp = matches; matchp; matchp = matchp->next) { - memset(mptr, 0xFF, - XT_ALIGN(sizeof(struct xt_entry_match)) - + matchp->match->userspacesize); - mptr += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size; - } - - memset(mptr, 0xFF, - XT_ALIGN(sizeof(struct xt_entry_target)) - + target->userspacesize); - - return mask; -} - static int delete_entry(const xt_chainlabel chain, struct ip6t_entry *fw, @@ -329,7 +295,7 @@ delete_entry(const xt_chainlabel chain, int ret = 1; unsigned char *mask; - mask = make_delete_mask(matches, target); + mask = make_delete_mask(matches, target, sizeof(*fw)); for (i = 0; i < nsaddrs; i++) { fw->ipv6.src = saddrs[i]; fw->ipv6.smsk = smasks[i]; @@ -359,7 +325,7 @@ check_entry(const xt_chainlabel chain, struct ip6t_entry *fw, int ret = 1; unsigned char *mask; - mask = make_delete_mask(matches, target); + mask = make_delete_mask(matches, target, sizeof(fw)); for (i = 0; i < nsaddrs; i++) { fw->ipv6.src = saddrs[i]; fw->ipv6.smsk = smasks[i]; diff --git a/iptables/iptables.c b/iptables/iptables.c index e5207ba106057..591ec17886562 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -276,40 +276,6 @@ insert_entry(const xt_chainlabel chain, return ret; } -static unsigned char * -make_delete_mask(const struct xtables_rule_match *matches, - const struct xtables_target *target) -{ - /* Establish mask for comparison */ - unsigned int size; - const struct xtables_rule_match *matchp; - unsigned char *mask, *mptr; - - size = sizeof(struct ipt_entry); - for (matchp = matches; matchp; matchp = matchp->next) - size += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size; - - mask = xtables_calloc(1, size - + XT_ALIGN(sizeof(struct xt_entry_target)) - + target->size); - - memset(mask, 0xFF, sizeof(struct ipt_entry)); - mptr = mask + sizeof(struct ipt_entry); - - for (matchp = matches; matchp; matchp = matchp->next) { - memset(mptr, 0xFF, - XT_ALIGN(sizeof(struct xt_entry_match)) - + matchp->match->userspacesize); - mptr += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size; - } - - memset(mptr, 0xFF, - XT_ALIGN(sizeof(struct xt_entry_target)) - + target->userspacesize); - - return mask; -} - static int delete_entry(const xt_chainlabel chain, struct ipt_entry *fw, @@ -328,7 +294,7 @@ delete_entry(const xt_chainlabel chain, int ret = 1; unsigned char *mask; - mask = make_delete_mask(matches, target); + mask = make_delete_mask(matches, target, sizeof(*fw)); for (i = 0; i < nsaddrs; i++) { fw->ip.src.s_addr = saddrs[i].s_addr; fw->ip.smsk.s_addr = smasks[i].s_addr; @@ -358,7 +324,7 @@ check_entry(const xt_chainlabel chain, struct ipt_entry *fw, int ret = 1; unsigned char *mask; - mask = make_delete_mask(matches, target); + mask = make_delete_mask(matches, target, sizeof(*fw)); for (i = 0; i < nsaddrs; i++) { fw->ip.src.s_addr = saddrs[i].s_addr; fw->ip.smsk.s_addr = smasks[i].s_addr; diff --git a/iptables/xshared.c b/iptables/xshared.c index 695157896d521..0beacee61d487 100644 --- a/iptables/xshared.c +++ b/iptables/xshared.c @@ -2000,3 +2000,37 @@ void ipv6_post_parse(int command, struct iptables_command_state *cs, "! not allowed with multiple" " source or destination IP addresses"); } + +unsigned char * +make_delete_mask(const struct xtables_rule_match *matches, + const struct xtables_target *target, + size_t entry_size) +{ + /* Establish mask for comparison */ + unsigned int size = entry_size; + const struct xtables_rule_match *matchp; + unsigned char *mask, *mptr; + + for (matchp = matches; matchp; matchp = matchp->next) + size += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size; + + mask = xtables_calloc(1, size + + XT_ALIGN(sizeof(struct xt_entry_target)) + + target->size); + + memset(mask, 0xFF, entry_size); + mptr = mask + entry_size; + + for (matchp = matches; matchp; matchp = matchp->next) { + memset(mptr, 0xFF, + XT_ALIGN(sizeof(struct xt_entry_match)) + + matchp->match->userspacesize); + mptr += XT_ALIGN(sizeof(struct xt_entry_match)) + matchp->match->size; + } + + memset(mptr, 0xFF, + XT_ALIGN(sizeof(struct xt_entry_target)) + + target->userspacesize); + + return mask; +} diff --git a/iptables/xshared.h b/iptables/xshared.h index f43c28f519a9c..bfae4b4e1b5d3 100644 --- a/iptables/xshared.h +++ b/iptables/xshared.h @@ -293,4 +293,8 @@ void ipv6_post_parse(int command, struct iptables_command_state *cs, extern char *arp_opcodes[]; #define ARP_NUMOPCODES 9 +unsigned char *make_delete_mask(const struct xtables_rule_match *matches, + const struct xtables_target *target, + size_t entry_size); + #endif /* IPTABLES_XSHARED_H */ -- 2.38.0