|
|
@@ -173,21 +173,6 @@ ipt_error(struct sk_buff *skb, const struct xt_target_param *par)
|
|
|
return NF_DROP;
|
|
|
}
|
|
|
|
|
|
-/* Performance critical - called for every packet */
|
|
|
-static inline bool
|
|
|
-do_match(const struct ipt_entry_match *m, const struct sk_buff *skb,
|
|
|
- struct xt_match_param *par)
|
|
|
-{
|
|
|
- par->match = m->u.kernel.match;
|
|
|
- par->matchinfo = m->data;
|
|
|
-
|
|
|
- /* Stop iteration if it doesn't match */
|
|
|
- if (!m->u.kernel.match->match(skb, par))
|
|
|
- return true;
|
|
|
- else
|
|
|
- return false;
|
|
|
-}
|
|
|
-
|
|
|
/* Performance critical */
|
|
|
static inline struct ipt_entry *
|
|
|
get_entry(const void *base, unsigned int offset)
|
|
|
@@ -379,9 +364,12 @@ ipt_do_table(struct sk_buff *skb,
|
|
|
continue;
|
|
|
}
|
|
|
|
|
|
- xt_ematch_foreach(ematch, e)
|
|
|
- if (do_match(ematch, skb, &mtpar) != 0)
|
|
|
+ xt_ematch_foreach(ematch, e) {
|
|
|
+ mtpar.match = ematch->u.kernel.match;
|
|
|
+ mtpar.matchinfo = ematch->data;
|
|
|
+ if (!mtpar.match->match(skb, &mtpar))
|
|
|
goto no_match;
|
|
|
+ }
|
|
|
|
|
|
ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1);
|
|
|
|
Jan Engelhardt