diff options
author | Bart De Schuymer <bdschuym@pandora.be> | 2007-02-11 12:47:58 +0000 |
---|---|---|
committer | Bart De Schuymer <bdschuym@pandora.be> | 2007-02-11 12:47:58 +0000 |
commit | 24816d3c530007d62f72b37ffabc35277c090cd1 (patch) | |
tree | df31904ac018a5ce86eac9e50ed6999cabff7d7d | |
parent | 6c36d705db7023bb1b2595beceb714b15b5de065 (diff) |
speedup checking for loops
-rw-r--r-- | ebtables.c | 11 | ||||
-rw-r--r-- | libebtc.c | 7 |
2 files changed, 13 insertions, 5 deletions
@@ -1170,9 +1170,14 @@ check_extension: rule_nr--; rule_nr_end = rule_nr; - ebt_check_for_loops(replace); - if (ebt_errormsg[0] != '\0') - goto delete_the_rule; + /* a jump to a udc requires checking for loops */ + if (!strcmp(new_entry->t->u.name, EBT_STANDARD_TARGET) && + ((struct ebt_standard_target *)(new_entry->t))->verdict >= 0) { + /* FIXME: this can be done faster */ + ebt_check_for_loops(replace); + if (ebt_errormsg[0] != '\0') + goto delete_the_rule; + } /* Do the final_check(), for all entries. * This is needed when adding a rule that has a chain target */ @@ -1019,8 +1019,6 @@ void ebt_check_for_loops(struct ebt_u_replace *replace) verdict = ((struct ebt_standard_target *)(e->t))->verdict; if (verdict < 0) goto letscontinue; - entries2 = replace->chains[verdict + NF_BR_NUMHOOKS]; - entries2->hook_mask |= entries->hook_mask; /* Now see if we've been here before */ for (k = 0; k < sp; k++) if (stack[k].chain_nr == verdict + NF_BR_NUMHOOKS) { @@ -1029,6 +1027,11 @@ void ebt_check_for_loops(struct ebt_u_replace *replace) replace->chains[stack[k].chain_nr]->name); goto free_stack; } + entries2 = replace->chains[verdict + NF_BR_NUMHOOKS]; + /* check if we've dealt with this chain already */ + if (entries2->hook_mask & (1<<i)) + goto letscontinue; + entries2->hook_mask |= entries->hook_mask; /* Jump to the chain, make sure we know how to get back */ stack[sp].chain_nr = chain_nr; stack[sp].n = j; |