netfilter: xtables: reduce indent level by one
authorJan Engelhardt <jengelh@medozas.de>
Wed, 15 Apr 2009 19:28:39 +0000 (21:28 +0200)
committerJan Engelhardt <jengelh@medozas.de>
Fri, 8 May 2009 08:30:48 +0000 (10:30 +0200)
Cosmetic only. Transformation applied:

-if (foo) { long block; } else { short block; }
+if (!foo) { short block; continue; } long block;

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
net/ipv4/netfilter/arp_tables.c
net/ipv4/netfilter/ip_tables.c
net/ipv6/netfilter/ip6_tables.c

index 940e54ba21b3ed0bb51155b03ddddd31e091c4bf..ecba246dc2a7f2a8fbf8ed98eec69e37fcc2617f 100644 (file)
@@ -273,66 +273,62 @@ unsigned int arpt_do_table(struct sk_buff *skb,
 
        arp = arp_hdr(skb);
        do {
-               if (arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {
-                       struct arpt_entry_target *t;
-                       int hdr_len;
+               struct arpt_entry_target *t;
+               int hdr_len;
 
-                       hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) +
-                               (2 * skb->dev->addr_len);
+               if (!arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {
+                       e = arpt_next_entry(e);
+                       continue;
+               }
 
-                       ADD_COUNTER(e->counters, hdr_len, 1);
+               hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) +
+                       (2 * skb->dev->addr_len);
+               ADD_COUNTER(e->counters, hdr_len, 1);
 
-                       t = arpt_get_target(e);
+               t = arpt_get_target(e);
 
-                       /* Standard target? */
-                       if (!t->u.kernel.target->target) {
-                               int v;
+               /* Standard target? */
+               if (!t->u.kernel.target->target) {
+                       int v;
 
-                               v = ((struct arpt_standard_target *)t)->verdict;
-                               if (v < 0) {
-                                       /* Pop from stack? */
-                                       if (v != ARPT_RETURN) {
-                                               verdict = (unsigned)(-v) - 1;
-                                               break;
-                                       }
-                                       e = back;
-                                       back = get_entry(table_base,
-                                                        back->comefrom);
-                                       continue;
-                               }
-                               if (table_base + v
-                                   != arpt_next_entry(e)) {
-                                       /* Save old back ptr in next entry */
-                                       struct arpt_entry *next
-                                               = arpt_next_entry(e);
-                                       next->comefrom =
-                                               (void *)back - table_base;
-
-                                       /* set back pointer to next entry */
-                                       back = next;
-                               }
-
-                               e = get_entry(table_base, v);
-                       } else {
-                               /* Targets which reenter must return
-                                * abs. verdicts
-                                */
-                               tgpar.target   = t->u.kernel.target;
-                               tgpar.targinfo = t->data;
-                               verdict = t->u.kernel.target->target(skb,
-                                                                    &tgpar);
-
-                               /* Target might have changed stuff. */
-                               arp = arp_hdr(skb);
-
-                               if (verdict == ARPT_CONTINUE)
-                                       e = arpt_next_entry(e);
-                               else
-                                       /* Verdict */
+                       v = ((struct arpt_standard_target *)t)->verdict;
+                       if (v < 0) {
+                               /* Pop from stack? */
+                               if (v != ARPT_RETURN) {
+                                       verdict = (unsigned)(-v) - 1;
                                        break;
+                               }
+                               e = back;
+                               back = get_entry(table_base, back->comefrom);
+                               continue;
                        }
+                       if (table_base + v
+                           != arpt_next_entry(e)) {
+                               /* Save old back ptr in next entry */
+                               struct arpt_entry *next = arpt_next_entry(e);
+                               next->comefrom = (void *)back - table_base;
+
+                               /* set back pointer to next entry */
+                               back = next;
+                       }
+
+                       e = get_entry(table_base, v);
                } else {
-                       e = arpt_next_entry(e);
+                       /* Targets which reenter must return
+                        * abs. verdicts
+                        */
+                       tgpar.target   = t->u.kernel.target;
+                       tgpar.targinfo = t->data;
+                       verdict = t->u.kernel.target->target(skb, &tgpar);
+
+                       /* Target might have changed stuff. */
+                       arp = arp_hdr(skb);
+
+                       if (verdict == ARPT_CONTINUE)
+                               e = arpt_next_entry(e);
+                       else
+                               /* Verdict */
+                               break;
                }
        } while (!hotdrop);
        xt_info_rdunlock_bh();
index 7ec4e40927555e45f715b7447b10f2f25dcf36f9..82888bc6bc1af59b9dd679109af103b95d67f8ae 100644 (file)
@@ -354,91 +354,87 @@ ipt_do_table(struct sk_buff *skb,
        back = get_entry(table_base, private->underflow[hook]);
 
        do {
+               struct ipt_entry_target *t;
+
                IP_NF_ASSERT(e);
                IP_NF_ASSERT(back);
-               if (ip_packet_match(ip, indev, outdev,
+               if (!ip_packet_match(ip, indev, outdev,
                    &e->ip, mtpar.fragoff)) {
-                       struct ipt_entry_target *t;
+ no_match:
+                       e = ipt_next_entry(e);
+                       continue;
+               }
 
-                       if (IPT_MATCH_ITERATE(e, do_match, skb, &mtpar) != 0)
-                               goto no_match;
+               if (IPT_MATCH_ITERATE(e, do_match, skb, &mtpar) != 0)
+                       goto no_match;
 
-                       ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1);
+               ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1);
 
-                       t = ipt_get_target(e);
-                       IP_NF_ASSERT(t->u.kernel.target);
+               t = ipt_get_target(e);
+               IP_NF_ASSERT(t->u.kernel.target);
 
 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
     defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
-                       /* The packet is traced: log it */
-                       if (unlikely(skb->nf_trace))
-                               trace_packet(skb, hook, in, out,
-                                            table->name, private, e);
+               /* The packet is traced: log it */
+               if (unlikely(skb->nf_trace))
+                       trace_packet(skb, hook, in, out,
+                                    table->name, private, e);
 #endif
-                       /* Standard target? */
-                       if (!t->u.kernel.target->target) {
-                               int v;
-
-                               v = ((struct ipt_standard_target *)t)->verdict;
-                               if (v < 0) {
-                                       /* Pop from stack? */
-                                       if (v != IPT_RETURN) {
-                                               verdict = (unsigned)(-v) - 1;
-                                               break;
-                                       }
-                                       e = back;
-                                       back = get_entry(table_base,
-                                                        back->comefrom);
-                                       continue;
-                               }
-                               if (table_base + v != ipt_next_entry(e)
-                                   && !(e->ip.flags & IPT_F_GOTO)) {
-                                       /* Save old back ptr in next entry */
-                                       struct ipt_entry *next
-                                               = ipt_next_entry(e);
-                                       next->comefrom
-                                               = (void *)back - table_base;
-                                       /* set back pointer to next entry */
-                                       back = next;
+               /* Standard target? */
+               if (!t->u.kernel.target->target) {
+                       int v;
+
+                       v = ((struct ipt_standard_target *)t)->verdict;
+                       if (v < 0) {
+                               /* Pop from stack? */
+                               if (v != IPT_RETURN) {
+                                       verdict = (unsigned)(-v) - 1;
+                                       break;
                                }
+                               e = back;
+                               back = get_entry(table_base, back->comefrom);
+                               continue;
+                       }
+                       if (table_base + v != ipt_next_entry(e)
+                           && !(e->ip.flags & IPT_F_GOTO)) {
+                               /* Save old back ptr in next entry */
+                               struct ipt_entry *next = ipt_next_entry(e);
+                               next->comefrom = (void *)back - table_base;
+                               /* set back pointer to next entry */
+                               back = next;
+                       }
 
-                               e = get_entry(table_base, v);
-                       } else {
-                               /* Targets which reenter must return
-                                  abs. verdicts */
-                               tgpar.target   = t->u.kernel.target;
-                               tgpar.targinfo = t->data;
+                       e = get_entry(table_base, v);
+               } else {
+                       /* Targets which reenter must return
+                          abs. verdicts */
+                       tgpar.target   = t->u.kernel.target;
+                       tgpar.targinfo = t->data;
 #ifdef CONFIG_NETFILTER_DEBUG
-                               ((struct ipt_entry *)table_base)->comefrom
-                                       = 0xeeeeeeec;
+                       ((struct ipt_entry *)table_base)->comefrom
+                               = 0xeeeeeeec;
 #endif
-                               verdict = t->u.kernel.target->target(skb,
-                                                                    &tgpar);
+                       verdict = t->u.kernel.target->target(skb, &tgpar);
 #ifdef CONFIG_NETFILTER_DEBUG
-                               if (((struct ipt_entry *)table_base)->comefrom
-                                   != 0xeeeeeeec
-                                   && verdict == IPT_CONTINUE) {
-                                       printk("Target %s reentered!\n",
-                                              t->u.kernel.target->name);
-                                       verdict = NF_DROP;
-                               }
-                               ((struct ipt_entry *)table_base)->comefrom
-                                       = 0x57acc001;
-#endif
-                               /* Target might have changed stuff. */
-                               ip = ip_hdr(skb);
-                               datalen = skb->len - ip->ihl * 4;
-
-                               if (verdict == IPT_CONTINUE)
-                                       e = ipt_next_entry(e);
-                               else
-                                       /* Verdict */
-                                       break;
+                       if (((struct ipt_entry *)table_base)->comefrom
+                           != 0xeeeeeeec
+                           && verdict == IPT_CONTINUE) {
+                               printk("Target %s reentered!\n",
+                                      t->u.kernel.target->name);
+                               verdict = NF_DROP;
                        }
-               } else {
-
-               no_match:
-                       e = ipt_next_entry(e);
+                       ((struct ipt_entry *)table_base)->comefrom
+                               = 0x57acc001;
+#endif
+                       /* Target might have changed stuff. */
+                       ip = ip_hdr(skb);
+                       datalen = skb->len - ip->ihl * 4;
+
+                       if (verdict == IPT_CONTINUE)
+                               e = ipt_next_entry(e);
+                       else
+                               /* Verdict */
+                               break;
                }
        } while (!hotdrop);
        xt_info_rdunlock_bh();
index 9176e98ace7af57d70a63e2a25edb1a5440bec8b..a6c2213f821ea18559553daab8b5a6bb0f0c966a 100644 (file)
@@ -381,91 +381,87 @@ ip6t_do_table(struct sk_buff *skb,
        back = get_entry(table_base, private->underflow[hook]);
 
        do {
+               struct ip6t_entry_target *t;
+
                IP_NF_ASSERT(e);
                IP_NF_ASSERT(back);
-               if (ip6_packet_match(skb, indev, outdev, &e->ipv6,
-                       &mtpar.thoff, &mtpar.fragoff, &hotdrop)) {
-                       struct ip6t_entry_target *t;
+               if (!ip6_packet_match(skb, indev, outdev, &e->ipv6,
+                   &mtpar.thoff, &mtpar.fragoff, &hotdrop)) {
+ no_match:
+                       e = ip6t_next_entry(e);
+                       continue;
+               }
 
-                       if (IP6T_MATCH_ITERATE(e, do_match, skb, &mtpar) != 0)
-                               goto no_match;
+               if (IP6T_MATCH_ITERATE(e, do_match, skb, &mtpar) != 0)
+                       goto no_match;
 
-                       ADD_COUNTER(e->counters,
-                                   ntohs(ipv6_hdr(skb)->payload_len) +
-                                   sizeof(struct ipv6hdr), 1);
+               ADD_COUNTER(e->counters,
+                           ntohs(ipv6_hdr(skb)->payload_len) +
+                           sizeof(struct ipv6hdr), 1);
 
-                       t = ip6t_get_target(e);
-                       IP_NF_ASSERT(t->u.kernel.target);
+               t = ip6t_get_target(e);
+               IP_NF_ASSERT(t->u.kernel.target);
 
 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
     defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
-                       /* The packet is traced: log it */
-                       if (unlikely(skb->nf_trace))
-                               trace_packet(skb, hook, in, out,
-                                            table->name, private, e);
+               /* The packet is traced: log it */
+               if (unlikely(skb->nf_trace))
+                       trace_packet(skb, hook, in, out,
+                                    table->name, private, e);
 #endif
-                       /* Standard target? */
-                       if (!t->u.kernel.target->target) {
-                               int v;
-
-                               v = ((struct ip6t_standard_target *)t)->verdict;
-                               if (v < 0) {
-                                       /* Pop from stack? */
-                                       if (v != IP6T_RETURN) {
-                                               verdict = (unsigned)(-v) - 1;
-                                               break;
-                                       }
-                                       e = back;
-                                       back = get_entry(table_base,
-                                                        back->comefrom);
-                                       continue;
-                               }
-                               if (table_base + v != ip6t_next_entry(e)
-                                   && !(e->ipv6.flags & IP6T_F_GOTO)) {
-                                       /* Save old back ptr in next entry */
-                                       struct ip6t_entry *next
-                                               = ip6t_next_entry(e);
-                                       next->comefrom
-                                               = (void *)back - table_base;
-                                       /* set back pointer to next entry */
-                                       back = next;
+               /* Standard target? */
+               if (!t->u.kernel.target->target) {
+                       int v;
+
+                       v = ((struct ip6t_standard_target *)t)->verdict;
+                       if (v < 0) {
+                               /* Pop from stack? */
+                               if (v != IP6T_RETURN) {
+                                       verdict = (unsigned)(-v) - 1;
+                                       break;
                                }
+                               e = back;
+                               back = get_entry(table_base, back->comefrom);
+                               continue;
+                       }
+                       if (table_base + v != ip6t_next_entry(e)
+                           && !(e->ipv6.flags & IP6T_F_GOTO)) {
+                               /* Save old back ptr in next entry */
+                               struct ip6t_entry *next = ip6t_next_entry(e);
+                               next->comefrom = (void *)back - table_base;
+                               /* set back pointer to next entry */
+                               back = next;
+                       }
 
-                               e = get_entry(table_base, v);
-                       } else {
-                               /* Targets which reenter must return
-                                  abs. verdicts */
-                               tgpar.target   = t->u.kernel.target;
-                               tgpar.targinfo = t->data;
+                       e = get_entry(table_base, v);
+               } else {
+                       /* Targets which reenter must return
+                          abs. verdicts */
+                       tgpar.target   = t->u.kernel.target;
+                       tgpar.targinfo = t->data;
 
 #ifdef CONFIG_NETFILTER_DEBUG
-                               ((struct ip6t_entry *)table_base)->comefrom
-                                       = 0xeeeeeeec;
+                       ((struct ip6t_entry *)table_base)->comefrom
+                               = 0xeeeeeeec;
 #endif
-                               verdict = t->u.kernel.target->target(skb,
-                                                                    &tgpar);
+                       verdict = t->u.kernel.target->target(skb, &tgpar);
 
 #ifdef CONFIG_NETFILTER_DEBUG
-                               if (((struct ip6t_entry *)table_base)->comefrom
-                                   != 0xeeeeeeec
-                                   && verdict == IP6T_CONTINUE) {
-                                       printk("Target %s reentered!\n",
-                                              t->u.kernel.target->name);
-                                       verdict = NF_DROP;
-                               }
-                               ((struct ip6t_entry *)table_base)->comefrom
-                                       = 0x57acc001;
-#endif
-                               if (verdict == IP6T_CONTINUE)
-                                       e = ip6t_next_entry(e);
-                               else
-                                       /* Verdict */
-                                       break;
+                       if (((struct ip6t_entry *)table_base)->comefrom
+                           != 0xeeeeeeec
+                           && verdict == IP6T_CONTINUE) {
+                               printk("Target %s reentered!\n",
+                                      t->u.kernel.target->name);
+                               verdict = NF_DROP;
                        }
-               } else {
-
-               no_match:
-                       e = ip6t_next_entry(e);
+                       ((struct ip6t_entry *)table_base)->comefrom
+                               = 0x57acc001;
+#endif
+                       if (verdict == IP6T_CONTINUE)
+                               e = ip6t_next_entry(e);
+                       else
+                               /* Verdict */
+                               break;
                }
        } while (!hotdrop);