diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2009-07-07 20:54:30 +0200 |
---|---|---|
committer | Jan Engelhardt <jengelh@medozas.de> | 2010-05-11 18:35:27 +0200 |
commit | b4ba26119b06052888696491f614201817491a0d (patch) | |
tree | d6dc2a4e0f78641b5b64a1728322c81cbad09974 /net/ipv6/netfilter/ip6_tables.c | |
parent | 62fc8051083a334578c3f4b3488808f210b4565f (diff) |
netfilter: xtables: change hotdrop pointer to direct modification
Since xt_action_param is writable, let's use it. The pointer to
'bool hotdrop' always worried (8 bytes (64-bit) to write 1 byte!).
Surprisingly results in a reduction in size:
text data bss filename
5457066 692730 357892 vmlinux.o-prev
5456554 692730 357892 vmlinux.o
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'net/ipv6/netfilter/ip6_tables.c')
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 4549f8d6f88f..557fac9689c0 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -337,7 +337,6 @@ ip6t_do_table(struct sk_buff *skb, struct xt_table *table) { static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); - bool hotdrop = false; /* Initializing verdict to NF_DROP keeps gcc happy. */ unsigned int verdict = NF_DROP; const char *indev, *outdev; @@ -356,7 +355,7 @@ ip6t_do_table(struct sk_buff *skb, * things we don't know, ie. tcp syn flag or ports). If the * rule is also a fragment-specific rule, non-fragments won't * match it. */ - acpar.hotdrop = &hotdrop; + acpar.hotdrop = false; acpar.in = in; acpar.out = out; acpar.family = NFPROTO_IPV6; @@ -380,7 +379,7 @@ ip6t_do_table(struct sk_buff *skb, IP_NF_ASSERT(e); if (!ip6_packet_match(skb, indev, outdev, &e->ipv6, - &acpar.thoff, &acpar.fragoff, &hotdrop)) { + &acpar.thoff, &acpar.fragoff, &acpar.hotdrop)) { no_match: e = ip6t_next_entry(e); continue; @@ -447,7 +446,7 @@ ip6t_do_table(struct sk_buff *skb, else /* Verdict */ break; - } while (!hotdrop); + } while (!acpar.hotdrop); xt_info_rdunlock_bh(); *stackptr = origptr; @@ -455,7 +454,7 @@ ip6t_do_table(struct sk_buff *skb, #ifdef DEBUG_ALLOW_ALL return NF_ACCEPT; #else - if (hotdrop) + if (acpar.hotdrop) return NF_DROP; else return verdict; #endif @@ -2170,7 +2169,7 @@ icmp6_match(const struct sk_buff *skb, struct xt_action_param *par) * can't. Hence, no choice but to drop. */ duprintf("Dropping evil ICMP tinygram.\n"); - *par->hotdrop = true; + par->hotdrop = true; return false; } |