netfilter: xtables: consolidate open-coded logic
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 16b7c09..7ec4e40 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -297,6 +297,12 @@
}
#endif
+static inline __pure
+struct ipt_entry *ipt_next_entry(const struct ipt_entry *entry)
+{
+ return (void *)entry + entry->next_offset;
+}
+
/* Returns one of the generic firewall policies, like NF_ACCEPT. */
unsigned int
ipt_do_table(struct sk_buff *skb,
@@ -385,11 +391,11 @@
back->comefrom);
continue;
}
- if (table_base + v != (void *)e + e->next_offset
+ if (table_base + v != ipt_next_entry(e)
&& !(e->ip.flags & IPT_F_GOTO)) {
/* Save old back ptr in next entry */
struct ipt_entry *next
- = (void *)e + e->next_offset;
+ = ipt_next_entry(e);
next->comefrom
= (void *)back - table_base;
/* set back pointer to next entry */
@@ -424,7 +430,7 @@
datalen = skb->len - ip->ihl * 4;
if (verdict == IPT_CONTINUE)
- e = (void *)e + e->next_offset;
+ e = ipt_next_entry(e);
else
/* Verdict */
break;
@@ -432,7 +438,7 @@
} else {
no_match:
- e = (void *)e + e->next_offset;
+ e = ipt_next_entry(e);
}
} while (!hotdrop);
xt_info_rdunlock_bh();