[NETFILTER]: Remove redundant parentheses/braces
Removes redundant parentheses and braces (And add one pair in a xt_tcpudp.c macro). Signed-off-by: Jan Engelhardt <jengelh@gmx.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Jan Engelhardt
David S. Miller
parent
170b197c0a
commit
7c4e36bc17
@ -122,9 +122,8 @@ __clusterip_config_find(__be32 clusterip)
|
|||||||
list_for_each(pos, &clusterip_configs) {
|
list_for_each(pos, &clusterip_configs) {
|
||||||
struct clusterip_config *c = list_entry(pos,
|
struct clusterip_config *c = list_entry(pos,
|
||||||
struct clusterip_config, list);
|
struct clusterip_config, list);
|
||||||
if (c->clusterip == clusterip) {
|
if (c->clusterip == clusterip)
|
||||||
return c;
|
return c;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -155,9 +154,8 @@ clusterip_config_init_nodelist(struct clusterip_config *c,
|
|||||||
{
|
{
|
||||||
int n;
|
int n;
|
||||||
|
|
||||||
for (n = 0; n < i->num_local_nodes; n++) {
|
for (n = 0; n < i->num_local_nodes; n++)
|
||||||
set_bit(i->local_nodes[n] - 1, &c->local_nodes);
|
set_bit(i->local_nodes[n] - 1, &c->local_nodes);
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct clusterip_config *
|
static struct clusterip_config *
|
||||||
@ -255,10 +253,9 @@ clusterip_hashfn(const struct sk_buff *skb,
|
|||||||
dport = ports[1];
|
dport = ports[1];
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
if (net_ratelimit()) {
|
if (net_ratelimit())
|
||||||
printk(KERN_NOTICE "CLUSTERIP: unknown protocol `%u'\n",
|
printk(KERN_NOTICE "CLUSTERIP: unknown protocol `%u'\n",
|
||||||
iph->protocol);
|
iph->protocol);
|
||||||
}
|
|
||||||
sport = dport = 0;
|
sport = dport = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -286,7 +283,7 @@ clusterip_hashfn(const struct sk_buff *skb,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* node numbers are 1..n, not 0..n */
|
/* node numbers are 1..n, not 0..n */
|
||||||
return ((hashval % config->num_total_nodes)+1);
|
return (hashval % config->num_total_nodes) + 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int
|
static inline int
|
||||||
|
|||||||
@ -58,8 +58,8 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
|
|||||||
|
|
||||||
if ((!(einfo->operation & IPT_ECN_OP_SET_ECE) ||
|
if ((!(einfo->operation & IPT_ECN_OP_SET_ECE) ||
|
||||||
tcph->ece == einfo->proto.tcp.ece) &&
|
tcph->ece == einfo->proto.tcp.ece) &&
|
||||||
((!(einfo->operation & IPT_ECN_OP_SET_CWR) ||
|
(!(einfo->operation & IPT_ECN_OP_SET_CWR) ||
|
||||||
tcph->cwr == einfo->proto.tcp.cwr)))
|
tcph->cwr == einfo->proto.tcp.cwr))
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph)))
|
if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph)))
|
||||||
|
|||||||
@ -75,7 +75,7 @@ static bool ipt_ttl_checkentry(const char *tablename,
|
|||||||
info->mode);
|
info->mode);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if ((info->mode != IPT_TTL_SET) && (info->ttl == 0))
|
if (info->mode != IPT_TTL_SET && info->ttl == 0)
|
||||||
return false;
|
return false;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -179,12 +179,10 @@ static void ipt_ulog_packet(unsigned int hooknum,
|
|||||||
unsigned int groupnum = ffs(loginfo->nl_group) - 1;
|
unsigned int groupnum = ffs(loginfo->nl_group) - 1;
|
||||||
|
|
||||||
/* calculate the size of the skb needed */
|
/* calculate the size of the skb needed */
|
||||||
if ((loginfo->copy_range == 0) ||
|
if (loginfo->copy_range == 0 || loginfo->copy_range > skb->len)
|
||||||
(loginfo->copy_range > skb->len)) {
|
|
||||||
copy_len = skb->len;
|
copy_len = skb->len;
|
||||||
} else {
|
else
|
||||||
copy_len = loginfo->copy_range;
|
copy_len = loginfo->copy_range;
|
||||||
}
|
|
||||||
|
|
||||||
size = NLMSG_SPACE(sizeof(*pm) + copy_len);
|
size = NLMSG_SPACE(sizeof(*pm) + copy_len);
|
||||||
|
|
||||||
@ -257,9 +255,8 @@ static void ipt_ulog_packet(unsigned int hooknum,
|
|||||||
BUG();
|
BUG();
|
||||||
|
|
||||||
/* check if we are building multi-part messages */
|
/* check if we are building multi-part messages */
|
||||||
if (ub->qlen > 1) {
|
if (ub->qlen > 1)
|
||||||
ub->lastnlh->nlmsg_flags |= NLM_F_MULTI;
|
ub->lastnlh->nlmsg_flags |= NLM_F_MULTI;
|
||||||
}
|
|
||||||
|
|
||||||
ub->lastnlh = nlh;
|
ub->lastnlh = nlh;
|
||||||
|
|
||||||
|
|||||||
@ -35,8 +35,8 @@ match(const struct sk_buff *skb,
|
|||||||
const struct iphdr *iph = ip_hdr(skb);
|
const struct iphdr *iph = ip_hdr(skb);
|
||||||
|
|
||||||
if (info->flags & IPRANGE_SRC) {
|
if (info->flags & IPRANGE_SRC) {
|
||||||
if (((ntohl(iph->saddr) < ntohl(info->src.min_ip))
|
if ((ntohl(iph->saddr) < ntohl(info->src.min_ip)
|
||||||
|| (ntohl(iph->saddr) > ntohl(info->src.max_ip)))
|
|| ntohl(iph->saddr) > ntohl(info->src.max_ip))
|
||||||
^ !!(info->flags & IPRANGE_SRC_INV)) {
|
^ !!(info->flags & IPRANGE_SRC_INV)) {
|
||||||
DEBUGP("src IP %u.%u.%u.%u NOT in range %s"
|
DEBUGP("src IP %u.%u.%u.%u NOT in range %s"
|
||||||
"%u.%u.%u.%u-%u.%u.%u.%u\n",
|
"%u.%u.%u.%u-%u.%u.%u.%u\n",
|
||||||
@ -48,8 +48,8 @@ match(const struct sk_buff *skb,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (info->flags & IPRANGE_DST) {
|
if (info->flags & IPRANGE_DST) {
|
||||||
if (((ntohl(iph->daddr) < ntohl(info->dst.min_ip))
|
if ((ntohl(iph->daddr) < ntohl(info->dst.min_ip)
|
||||||
|| (ntohl(iph->daddr) > ntohl(info->dst.max_ip)))
|
|| ntohl(iph->daddr) > ntohl(info->dst.max_ip))
|
||||||
^ !!(info->flags & IPRANGE_DST_INV)) {
|
^ !!(info->flags & IPRANGE_DST_INV)) {
|
||||||
DEBUGP("dst IP %u.%u.%u.%u NOT in range %s"
|
DEBUGP("dst IP %u.%u.%u.%u NOT in range %s"
|
||||||
"%u.%u.%u.%u-%u.%u.%u.%u\n",
|
"%u.%u.%u.%u-%u.%u.%u.%u\n",
|
||||||
|
|||||||
@ -163,10 +163,9 @@ static void recent_table_flush(struct recent_table *t)
|
|||||||
struct recent_entry *e, *next;
|
struct recent_entry *e, *next;
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
|
||||||
for (i = 0; i < ip_list_hash_size; i++) {
|
for (i = 0; i < ip_list_hash_size; i++)
|
||||||
list_for_each_entry_safe(e, next, &t->iphash[i], list)
|
list_for_each_entry_safe(e, next, &t->iphash[i], list)
|
||||||
recent_entry_remove(t, e);
|
recent_entry_remove(t, e);
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static bool
|
||||||
@ -329,12 +328,10 @@ static void *recent_seq_start(struct seq_file *seq, loff_t *pos)
|
|||||||
|
|
||||||
spin_lock_bh(&recent_lock);
|
spin_lock_bh(&recent_lock);
|
||||||
|
|
||||||
for (st->bucket = 0; st->bucket < ip_list_hash_size; st->bucket++) {
|
for (st->bucket = 0; st->bucket < ip_list_hash_size; st->bucket++)
|
||||||
list_for_each_entry(e, &t->iphash[st->bucket], list) {
|
list_for_each_entry(e, &t->iphash[st->bucket], list)
|
||||||
if (p-- == 0)
|
if (p-- == 0)
|
||||||
return e;
|
return e;
|
||||||
}
|
|
||||||
}
|
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -28,17 +28,13 @@ static bool match(const struct sk_buff *skb,
|
|||||||
|
|
||||||
switch (info->mode) {
|
switch (info->mode) {
|
||||||
case IPT_TTL_EQ:
|
case IPT_TTL_EQ:
|
||||||
return (ttl == info->ttl);
|
return ttl == info->ttl;
|
||||||
break;
|
|
||||||
case IPT_TTL_NE:
|
case IPT_TTL_NE:
|
||||||
return (!(ttl == info->ttl));
|
return ttl != info->ttl;
|
||||||
break;
|
|
||||||
case IPT_TTL_LT:
|
case IPT_TTL_LT:
|
||||||
return (ttl < info->ttl);
|
return ttl < info->ttl;
|
||||||
break;
|
|
||||||
case IPT_TTL_GT:
|
case IPT_TTL_GT:
|
||||||
return (ttl > info->ttl);
|
return ttl > info->ttl;
|
||||||
break;
|
|
||||||
default:
|
default:
|
||||||
printk(KERN_WARNING "ipt_ttl: unknown mode %d\n",
|
printk(KERN_WARNING "ipt_ttl: unknown mode %d\n",
|
||||||
info->mode);
|
info->mode);
|
||||||
|
|||||||
@ -71,7 +71,7 @@ static bool ip6t_hl_checkentry(const char *tablename,
|
|||||||
info->mode);
|
info->mode);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if ((info->mode != IP6T_HL_SET) && (info->hop_limit == 0)) {
|
if (info->mode != IP6T_HL_SET && info->hop_limit == 0) {
|
||||||
printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
|
printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
|
||||||
"make sense with value 0\n");
|
"make sense with value 0\n");
|
||||||
return false;
|
return false;
|
||||||
|
|||||||
@ -69,7 +69,7 @@ static void send_reset(struct sk_buff *oldskb)
|
|||||||
otcplen = oldskb->len - tcphoff;
|
otcplen = oldskb->len - tcphoff;
|
||||||
|
|
||||||
/* IP header checks: fragment, too short. */
|
/* IP header checks: fragment, too short. */
|
||||||
if ((proto != IPPROTO_TCP) || (otcplen < sizeof(struct tcphdr))) {
|
if (proto != IPPROTO_TCP || otcplen < sizeof(struct tcphdr)) {
|
||||||
DEBUGP("ip6t_REJECT: proto(%d) != IPPROTO_TCP, or too short. otcplen = %d\n",
|
DEBUGP("ip6t_REJECT: proto(%d) != IPPROTO_TCP, or too short. otcplen = %d\n",
|
||||||
proto, otcplen);
|
proto, otcplen);
|
||||||
return;
|
return;
|
||||||
|
|||||||
@ -78,9 +78,9 @@ match(const struct sk_buff *skb,
|
|||||||
DEBUGP("SPI %u %08X\n", ntohl(ah->spi), ntohl(ah->spi));
|
DEBUGP("SPI %u %08X\n", ntohl(ah->spi), ntohl(ah->spi));
|
||||||
|
|
||||||
DEBUGP("IPv6 AH spi %02X ",
|
DEBUGP("IPv6 AH spi %02X ",
|
||||||
(spi_match(ahinfo->spis[0], ahinfo->spis[1],
|
spi_match(ahinfo->spis[0], ahinfo->spis[1],
|
||||||
ntohl(ah->spi),
|
ntohl(ah->spi),
|
||||||
!!(ahinfo->invflags & IP6T_AH_INV_SPI))));
|
!!(ahinfo->invflags & IP6T_AH_INV_SPI)));
|
||||||
DEBUGP("len %02X %04X %02X ",
|
DEBUGP("len %02X %04X %02X ",
|
||||||
ahinfo->hdrlen, hdrlen,
|
ahinfo->hdrlen, hdrlen,
|
||||||
(!ahinfo->hdrlen ||
|
(!ahinfo->hdrlen ||
|
||||||
@ -92,9 +92,9 @@ match(const struct sk_buff *skb,
|
|||||||
|
|
||||||
return (ah != NULL)
|
return (ah != NULL)
|
||||||
&&
|
&&
|
||||||
(spi_match(ahinfo->spis[0], ahinfo->spis[1],
|
spi_match(ahinfo->spis[0], ahinfo->spis[1],
|
||||||
ntohl(ah->spi),
|
ntohl(ah->spi),
|
||||||
!!(ahinfo->invflags & IP6T_AH_INV_SPI)))
|
!!(ahinfo->invflags & IP6T_AH_INV_SPI))
|
||||||
&&
|
&&
|
||||||
(!ahinfo->hdrlen ||
|
(!ahinfo->hdrlen ||
|
||||||
(ahinfo->hdrlen == hdrlen) ^
|
(ahinfo->hdrlen == hdrlen) ^
|
||||||
|
|||||||
@ -33,7 +33,7 @@ match(const struct sk_buff *skb,
|
|||||||
int i = 0;
|
int i = 0;
|
||||||
|
|
||||||
if (!(skb_mac_header(skb) >= skb->head &&
|
if (!(skb_mac_header(skb) >= skb->head &&
|
||||||
(skb_mac_header(skb) + ETH_HLEN) <= skb->data) &&
|
skb_mac_header(skb) + ETH_HLEN <= skb->data) &&
|
||||||
offset != 0) {
|
offset != 0) {
|
||||||
*hotdrop = true;
|
*hotdrop = true;
|
||||||
return false;
|
return false;
|
||||||
@ -50,8 +50,8 @@ match(const struct sk_buff *skb,
|
|||||||
eui64[0] |= 0x02;
|
eui64[0] |= 0x02;
|
||||||
|
|
||||||
i = 0;
|
i = 0;
|
||||||
while ((ipv6_hdr(skb)->saddr.s6_addr[8 + i] == eui64[i])
|
while (ipv6_hdr(skb)->saddr.s6_addr[8 + i] == eui64[i]
|
||||||
&& (i < 8))
|
&& i < 8)
|
||||||
i++;
|
i++;
|
||||||
|
|
||||||
if (i == 8)
|
if (i == 8)
|
||||||
|
|||||||
@ -77,35 +77,35 @@ match(const struct sk_buff *skb,
|
|||||||
ntohl(fh->identification));
|
ntohl(fh->identification));
|
||||||
|
|
||||||
DEBUGP("IPv6 FRAG id %02X ",
|
DEBUGP("IPv6 FRAG id %02X ",
|
||||||
(id_match(fraginfo->ids[0], fraginfo->ids[1],
|
id_match(fraginfo->ids[0], fraginfo->ids[1],
|
||||||
ntohl(fh->identification),
|
ntohl(fh->identification),
|
||||||
!!(fraginfo->invflags & IP6T_FRAG_INV_IDS))));
|
!!(fraginfo->invflags & IP6T_FRAG_INV_IDS)));
|
||||||
DEBUGP("res %02X %02X%04X %02X ",
|
DEBUGP("res %02X %02X%04X %02X ",
|
||||||
(fraginfo->flags & IP6T_FRAG_RES), fh->reserved,
|
fraginfo->flags & IP6T_FRAG_RES, fh->reserved,
|
||||||
ntohs(fh->frag_off) & 0x6,
|
ntohs(fh->frag_off) & 0x6,
|
||||||
!((fraginfo->flags & IP6T_FRAG_RES)
|
!((fraginfo->flags & IP6T_FRAG_RES)
|
||||||
&& (fh->reserved || (ntohs(fh->frag_off) & 0x06))));
|
&& (fh->reserved || (ntohs(fh->frag_off) & 0x06))));
|
||||||
DEBUGP("first %02X %02X %02X ",
|
DEBUGP("first %02X %02X %02X ",
|
||||||
(fraginfo->flags & IP6T_FRAG_FST),
|
fraginfo->flags & IP6T_FRAG_FST,
|
||||||
ntohs(fh->frag_off) & ~0x7,
|
ntohs(fh->frag_off) & ~0x7,
|
||||||
!((fraginfo->flags & IP6T_FRAG_FST)
|
!((fraginfo->flags & IP6T_FRAG_FST)
|
||||||
&& (ntohs(fh->frag_off) & ~0x7)));
|
&& (ntohs(fh->frag_off) & ~0x7)));
|
||||||
DEBUGP("mf %02X %02X %02X ",
|
DEBUGP("mf %02X %02X %02X ",
|
||||||
(fraginfo->flags & IP6T_FRAG_MF),
|
fraginfo->flags & IP6T_FRAG_MF,
|
||||||
ntohs(fh->frag_off) & IP6_MF,
|
ntohs(fh->frag_off) & IP6_MF,
|
||||||
!((fraginfo->flags & IP6T_FRAG_MF)
|
!((fraginfo->flags & IP6T_FRAG_MF)
|
||||||
&& !((ntohs(fh->frag_off) & IP6_MF))));
|
&& !((ntohs(fh->frag_off) & IP6_MF))));
|
||||||
DEBUGP("last %02X %02X %02X\n",
|
DEBUGP("last %02X %02X %02X\n",
|
||||||
(fraginfo->flags & IP6T_FRAG_NMF),
|
fraginfo->flags & IP6T_FRAG_NMF,
|
||||||
ntohs(fh->frag_off) & IP6_MF,
|
ntohs(fh->frag_off) & IP6_MF,
|
||||||
!((fraginfo->flags & IP6T_FRAG_NMF)
|
!((fraginfo->flags & IP6T_FRAG_NMF)
|
||||||
&& (ntohs(fh->frag_off) & IP6_MF)));
|
&& (ntohs(fh->frag_off) & IP6_MF)));
|
||||||
|
|
||||||
return (fh != NULL)
|
return (fh != NULL)
|
||||||
&&
|
&&
|
||||||
(id_match(fraginfo->ids[0], fraginfo->ids[1],
|
id_match(fraginfo->ids[0], fraginfo->ids[1],
|
||||||
ntohl(fh->identification),
|
ntohl(fh->identification),
|
||||||
!!(fraginfo->invflags & IP6T_FRAG_INV_IDS)))
|
!!(fraginfo->invflags & IP6T_FRAG_INV_IDS))
|
||||||
&&
|
&&
|
||||||
!((fraginfo->flags & IP6T_FRAG_RES)
|
!((fraginfo->flags & IP6T_FRAG_RES)
|
||||||
&& (fh->reserved || (ntohs(fh->frag_off) & 0x6)))
|
&& (fh->reserved || (ntohs(fh->frag_off) & 0x6)))
|
||||||
|
|||||||
@ -160,7 +160,7 @@ match(const struct sk_buff *skb,
|
|||||||
DEBUGP("len%04X \n", optlen);
|
DEBUGP("len%04X \n", optlen);
|
||||||
|
|
||||||
if ((ptr > skb->len - optlen || hdrlen < optlen) &&
|
if ((ptr > skb->len - optlen || hdrlen < optlen) &&
|
||||||
(temp < optinfo->optsnr - 1)) {
|
temp < optinfo->optsnr - 1) {
|
||||||
DEBUGP("new pointer is too large! \n");
|
DEBUGP("new pointer is too large! \n");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -29,16 +29,16 @@ static bool match(const struct sk_buff *skb,
|
|||||||
|
|
||||||
switch (info->mode) {
|
switch (info->mode) {
|
||||||
case IP6T_HL_EQ:
|
case IP6T_HL_EQ:
|
||||||
return (ip6h->hop_limit == info->hop_limit);
|
return ip6h->hop_limit == info->hop_limit;
|
||||||
break;
|
break;
|
||||||
case IP6T_HL_NE:
|
case IP6T_HL_NE:
|
||||||
return (!(ip6h->hop_limit == info->hop_limit));
|
return ip6h->hop_limit != info->hop_limit;
|
||||||
break;
|
break;
|
||||||
case IP6T_HL_LT:
|
case IP6T_HL_LT:
|
||||||
return (ip6h->hop_limit < info->hop_limit);
|
return ip6h->hop_limit < info->hop_limit;
|
||||||
break;
|
break;
|
||||||
case IP6T_HL_GT:
|
case IP6T_HL_GT:
|
||||||
return (ip6h->hop_limit > info->hop_limit);
|
return ip6h->hop_limit > info->hop_limit;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
printk(KERN_WARNING "ip6t_hl: unknown mode %d\n",
|
printk(KERN_WARNING "ip6t_hl: unknown mode %d\n",
|
||||||
|
|||||||
@ -74,9 +74,9 @@ ipv6header_match(const struct sk_buff *skb,
|
|||||||
BUG_ON(hp == NULL);
|
BUG_ON(hp == NULL);
|
||||||
|
|
||||||
/* Calculate the header length */
|
/* Calculate the header length */
|
||||||
if (nexthdr == NEXTHDR_FRAGMENT) {
|
if (nexthdr == NEXTHDR_FRAGMENT)
|
||||||
hdrlen = 8;
|
hdrlen = 8;
|
||||||
} else if (nexthdr == NEXTHDR_AUTH)
|
else if (nexthdr == NEXTHDR_AUTH)
|
||||||
hdrlen = (hp->hdrlen + 2) << 2;
|
hdrlen = (hp->hdrlen + 2) << 2;
|
||||||
else
|
else
|
||||||
hdrlen = ipv6_optlen(hp);
|
hdrlen = ipv6_optlen(hp);
|
||||||
@ -110,7 +110,7 @@ ipv6header_match(const struct sk_buff *skb,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((nexthdr != NEXTHDR_NONE) && (nexthdr != NEXTHDR_ESP))
|
if (nexthdr != NEXTHDR_NONE && nexthdr != NEXTHDR_ESP)
|
||||||
temp |= MASK_PROTO;
|
temp |= MASK_PROTO;
|
||||||
|
|
||||||
if (info->modeflag)
|
if (info->modeflag)
|
||||||
|
|||||||
@ -38,17 +38,15 @@ match(const struct sk_buff *skb,
|
|||||||
if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file)
|
if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
if (info->match & IP6T_OWNER_UID) {
|
if (info->match & IP6T_OWNER_UID)
|
||||||
if ((skb->sk->sk_socket->file->f_uid != info->uid) ^
|
if ((skb->sk->sk_socket->file->f_uid != info->uid) ^
|
||||||
!!(info->invert & IP6T_OWNER_UID))
|
!!(info->invert & IP6T_OWNER_UID))
|
||||||
return false;
|
return false;
|
||||||
}
|
|
||||||
|
|
||||||
if (info->match & IP6T_OWNER_GID) {
|
if (info->match & IP6T_OWNER_GID)
|
||||||
if ((skb->sk->sk_socket->file->f_gid != info->gid) ^
|
if ((skb->sk->sk_socket->file->f_gid != info->gid) ^
|
||||||
!!(info->invert & IP6T_OWNER_GID))
|
!!(info->invert & IP6T_OWNER_GID))
|
||||||
return false;
|
return false;
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -87,9 +87,9 @@ match(const struct sk_buff *skb,
|
|||||||
DEBUGP("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left);
|
DEBUGP("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left);
|
||||||
|
|
||||||
DEBUGP("IPv6 RT segsleft %02X ",
|
DEBUGP("IPv6 RT segsleft %02X ",
|
||||||
(segsleft_match(rtinfo->segsleft[0], rtinfo->segsleft[1],
|
segsleft_match(rtinfo->segsleft[0], rtinfo->segsleft[1],
|
||||||
rh->segments_left,
|
rh->segments_left,
|
||||||
!!(rtinfo->invflags & IP6T_RT_INV_SGS))));
|
!!(rtinfo->invflags & IP6T_RT_INV_SGS)));
|
||||||
DEBUGP("type %02X %02X %02X ",
|
DEBUGP("type %02X %02X %02X ",
|
||||||
rtinfo->rt_type, rh->type,
|
rtinfo->rt_type, rh->type,
|
||||||
(!(rtinfo->flags & IP6T_RT_TYP) ||
|
(!(rtinfo->flags & IP6T_RT_TYP) ||
|
||||||
@ -97,11 +97,11 @@ match(const struct sk_buff *skb,
|
|||||||
!!(rtinfo->invflags & IP6T_RT_INV_TYP))));
|
!!(rtinfo->invflags & IP6T_RT_INV_TYP))));
|
||||||
DEBUGP("len %02X %04X %02X ",
|
DEBUGP("len %02X %04X %02X ",
|
||||||
rtinfo->hdrlen, hdrlen,
|
rtinfo->hdrlen, hdrlen,
|
||||||
(!(rtinfo->flags & IP6T_RT_LEN) ||
|
!(rtinfo->flags & IP6T_RT_LEN) ||
|
||||||
((rtinfo->hdrlen == hdrlen) ^
|
((rtinfo->hdrlen == hdrlen) ^
|
||||||
!!(rtinfo->invflags & IP6T_RT_INV_LEN))));
|
!!(rtinfo->invflags & IP6T_RT_INV_LEN)));
|
||||||
DEBUGP("res %02X %02X %02X ",
|
DEBUGP("res %02X %02X %02X ",
|
||||||
(rtinfo->flags & IP6T_RT_RES),
|
rtinfo->flags & IP6T_RT_RES,
|
||||||
((const struct rt0_hdr *)rh)->reserved,
|
((const struct rt0_hdr *)rh)->reserved,
|
||||||
!((rtinfo->flags & IP6T_RT_RES) &&
|
!((rtinfo->flags & IP6T_RT_RES) &&
|
||||||
(((const struct rt0_hdr *)rh)->reserved)));
|
(((const struct rt0_hdr *)rh)->reserved)));
|
||||||
@ -188,8 +188,8 @@ match(const struct sk_buff *skb,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
DEBUGP("temp=%d #%d\n", temp, rtinfo->addrnr);
|
DEBUGP("temp=%d #%d\n", temp, rtinfo->addrnr);
|
||||||
if ((temp == rtinfo->addrnr) &&
|
if (temp == rtinfo->addrnr &&
|
||||||
(temp == (unsigned int)((hdrlen - 8) / 16)))
|
temp == (unsigned int)((hdrlen - 8) / 16))
|
||||||
return ret;
|
return ret;
|
||||||
else
|
else
|
||||||
return false;
|
return false;
|
||||||
|
|||||||
@ -74,7 +74,7 @@ static bool checkentry(const char *tablename,
|
|||||||
{
|
{
|
||||||
const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp;
|
const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp;
|
||||||
|
|
||||||
if ((dscp > XT_DSCP_MAX)) {
|
if (dscp > XT_DSCP_MAX) {
|
||||||
printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp);
|
printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -93,7 +93,7 @@ tcpmss_mangle_packet(struct sk_buff **pskb,
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
opt[i+2] = (newmss & 0xff00) >> 8;
|
opt[i+2] = (newmss & 0xff00) >> 8;
|
||||||
opt[i+3] = (newmss & 0x00ff);
|
opt[i+3] = newmss & 0x00ff;
|
||||||
|
|
||||||
nf_proto_csum_replace2(&tcph->check, *pskb,
|
nf_proto_csum_replace2(&tcph->check, *pskb,
|
||||||
htons(oldmss), htons(newmss), 0);
|
htons(oldmss), htons(newmss), 0);
|
||||||
@ -126,7 +126,7 @@ tcpmss_mangle_packet(struct sk_buff **pskb,
|
|||||||
opt[0] = TCPOPT_MSS;
|
opt[0] = TCPOPT_MSS;
|
||||||
opt[1] = TCPOLEN_MSS;
|
opt[1] = TCPOLEN_MSS;
|
||||||
opt[2] = (newmss & 0xff00) >> 8;
|
opt[2] = (newmss & 0xff00) >> 8;
|
||||||
opt[3] = (newmss & 0x00ff);
|
opt[3] = newmss & 0x00ff;
|
||||||
|
|
||||||
nf_proto_csum_replace4(&tcph->check, *pskb, 0, *((__be32 *)opt), 0);
|
nf_proto_csum_replace4(&tcph->check, *pskb, 0, *((__be32 *)opt), 0);
|
||||||
|
|
||||||
|
|||||||
@ -90,9 +90,9 @@ match(const struct sk_buff *skb,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (sinfo->count.to)
|
if (sinfo->count.to)
|
||||||
return (what <= sinfo->count.to && what >= sinfo->count.from);
|
return what <= sinfo->count.to && what >= sinfo->count.from;
|
||||||
else
|
else
|
||||||
return (what >= sinfo->count.from);
|
return what >= sinfo->count.from;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool check(const char *tablename,
|
static bool check(const char *tablename,
|
||||||
|
|||||||
@ -48,7 +48,7 @@ match(const struct sk_buff *skb,
|
|||||||
if (!ct)
|
if (!ct)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
return (((ct->mark) & info->mask) == info->mark) ^ info->invert;
|
return ((ct->mark & info->mask) == info->mark) ^ info->invert;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static bool
|
||||||
|
|||||||
@ -81,7 +81,7 @@ dccp_find_option(u_int8_t option,
|
|||||||
static inline bool
|
static inline bool
|
||||||
match_types(const struct dccp_hdr *dh, u_int16_t typemask)
|
match_types(const struct dccp_hdr *dh, u_int16_t typemask)
|
||||||
{
|
{
|
||||||
return (typemask & (1 << dh->dccph_type));
|
return typemask & (1 << dh->dccph_type);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline bool
|
static inline bool
|
||||||
@ -113,11 +113,11 @@ match(const struct sk_buff *skb,
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return DCCHECK(((ntohs(dh->dccph_sport) >= info->spts[0])
|
return DCCHECK(ntohs(dh->dccph_sport) >= info->spts[0]
|
||||||
&& (ntohs(dh->dccph_sport) <= info->spts[1])),
|
&& ntohs(dh->dccph_sport) <= info->spts[1],
|
||||||
XT_DCCP_SRC_PORTS, info->flags, info->invflags)
|
XT_DCCP_SRC_PORTS, info->flags, info->invflags)
|
||||||
&& DCCHECK(((ntohs(dh->dccph_dport) >= info->dpts[0])
|
&& DCCHECK(ntohs(dh->dccph_dport) >= info->dpts[0]
|
||||||
&& (ntohs(dh->dccph_dport) <= info->dpts[1])),
|
&& ntohs(dh->dccph_dport) <= info->dpts[1],
|
||||||
XT_DCCP_DEST_PORTS, info->flags, info->invflags)
|
XT_DCCP_DEST_PORTS, info->flags, info->invflags)
|
||||||
&& DCCHECK(match_types(dh, info->typemask),
|
&& DCCHECK(match_types(dh, info->typemask),
|
||||||
XT_DCCP_TYPE, info->flags, info->invflags)
|
XT_DCCP_TYPE, info->flags, info->invflags)
|
||||||
|
|||||||
@ -239,7 +239,7 @@ static bool select_all(const struct xt_hashlimit_htable *ht,
|
|||||||
static bool select_gc(const struct xt_hashlimit_htable *ht,
|
static bool select_gc(const struct xt_hashlimit_htable *ht,
|
||||||
const struct dsthash_ent *he)
|
const struct dsthash_ent *he)
|
||||||
{
|
{
|
||||||
return (jiffies >= he->expires);
|
return jiffies >= he->expires;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void htable_selective_cleanup(struct xt_hashlimit_htable *ht,
|
static void htable_selective_cleanup(struct xt_hashlimit_htable *ht,
|
||||||
|
|||||||
@ -47,8 +47,8 @@ match6(const struct sk_buff *skb,
|
|||||||
bool *hotdrop)
|
bool *hotdrop)
|
||||||
{
|
{
|
||||||
const struct xt_length_info *info = matchinfo;
|
const struct xt_length_info *info = matchinfo;
|
||||||
const u_int16_t pktlen = (ntohs(ipv6_hdr(skb)->payload_len) +
|
const u_int16_t pktlen = ntohs(ipv6_hdr(skb)->payload_len) +
|
||||||
sizeof(struct ipv6hdr));
|
sizeof(struct ipv6hdr);
|
||||||
|
|
||||||
return (pktlen >= info->min && pktlen <= info->max) ^ info->invert;
|
return (pktlen >= info->min && pktlen <= info->max) ^ info->invert;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -37,11 +37,11 @@ match(const struct sk_buff *skb,
|
|||||||
const struct xt_mac_info *info = matchinfo;
|
const struct xt_mac_info *info = matchinfo;
|
||||||
|
|
||||||
/* Is mac pointer valid? */
|
/* Is mac pointer valid? */
|
||||||
return (skb_mac_header(skb) >= skb->head &&
|
return skb_mac_header(skb) >= skb->head &&
|
||||||
(skb_mac_header(skb) + ETH_HLEN) <= skb->data
|
skb_mac_header(skb) + ETH_HLEN <= skb->data
|
||||||
/* If so, compare... */
|
/* If so, compare... */
|
||||||
&& ((!compare_ether_addr(eth_hdr(skb)->h_source, info->srcaddr))
|
&& ((!compare_ether_addr(eth_hdr(skb)->h_source, info->srcaddr))
|
||||||
^ info->invert));
|
^ info->invert);
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_match xt_mac_match[] = {
|
static struct xt_match xt_mac_match[] = {
|
||||||
|
|||||||
@ -34,9 +34,9 @@ static bool match(const struct sk_buff *skb,
|
|||||||
const struct xt_pkttype_info *info = matchinfo;
|
const struct xt_pkttype_info *info = matchinfo;
|
||||||
|
|
||||||
if (skb->pkt_type == PACKET_LOOPBACK)
|
if (skb->pkt_type == PACKET_LOOPBACK)
|
||||||
type = (MULTICAST(ip_hdr(skb)->daddr)
|
type = MULTICAST(ip_hdr(skb)->daddr)
|
||||||
? PACKET_MULTICAST
|
? PACKET_MULTICAST
|
||||||
: PACKET_BROADCAST);
|
: PACKET_BROADCAST;
|
||||||
else
|
else
|
||||||
type = skb->pkt_type;
|
type = skb->pkt_type;
|
||||||
|
|
||||||
|
|||||||
@ -31,11 +31,9 @@ match_flags(const struct xt_sctp_flag_info *flag_info,
|
|||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
for (i = 0; i < flag_count; i++) {
|
for (i = 0; i < flag_count; i++)
|
||||||
if (flag_info[i].chunktype == chunktype) {
|
if (flag_info[i].chunktype == chunktype)
|
||||||
return (chunkflags & flag_info[i].flag_mask) == flag_info[i].flag;
|
return (chunkflags & flag_info[i].flag_mask) == flag_info[i].flag;
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@ -56,9 +54,8 @@ match_packet(const struct sk_buff *skb,
|
|||||||
int i = 0;
|
int i = 0;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (chunk_match_type == SCTP_CHUNK_MATCH_ALL) {
|
if (chunk_match_type == SCTP_CHUNK_MATCH_ALL)
|
||||||
SCTP_CHUNKMAP_COPY(chunkmapcopy, chunkmap);
|
SCTP_CHUNKMAP_COPY(chunkmapcopy, chunkmap);
|
||||||
}
|
|
||||||
|
|
||||||
do {
|
do {
|
||||||
sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch);
|
sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch);
|
||||||
@ -86,16 +83,14 @@ match_packet(const struct sk_buff *skb,
|
|||||||
|
|
||||||
case SCTP_CHUNK_MATCH_ALL:
|
case SCTP_CHUNK_MATCH_ALL:
|
||||||
if (match_flags(flag_info, flag_count,
|
if (match_flags(flag_info, flag_count,
|
||||||
sch->type, sch->flags)) {
|
sch->type, sch->flags))
|
||||||
SCTP_CHUNKMAP_CLEAR(chunkmapcopy, sch->type);
|
SCTP_CHUNKMAP_CLEAR(chunkmapcopy, sch->type);
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SCTP_CHUNK_MATCH_ONLY:
|
case SCTP_CHUNK_MATCH_ONLY:
|
||||||
if (!match_flags(flag_info, flag_count,
|
if (!match_flags(flag_info, flag_count,
|
||||||
sch->type, sch->flags)) {
|
sch->type, sch->flags))
|
||||||
return false;
|
return false;
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
@ -145,11 +140,11 @@ match(const struct sk_buff *skb,
|
|||||||
}
|
}
|
||||||
duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest));
|
duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest));
|
||||||
|
|
||||||
return SCCHECK(((ntohs(sh->source) >= info->spts[0])
|
return SCCHECK(ntohs(sh->source) >= info->spts[0]
|
||||||
&& (ntohs(sh->source) <= info->spts[1])),
|
&& ntohs(sh->source) <= info->spts[1],
|
||||||
XT_SCTP_SRC_PORTS, info->flags, info->invflags)
|
XT_SCTP_SRC_PORTS, info->flags, info->invflags)
|
||||||
&& SCCHECK(((ntohs(sh->dest) >= info->dpts[0])
|
&& SCCHECK(ntohs(sh->dest) >= info->dpts[0]
|
||||||
&& (ntohs(sh->dest) <= info->dpts[1])),
|
&& ntohs(sh->dest) <= info->dpts[1],
|
||||||
XT_SCTP_DEST_PORTS, info->flags, info->invflags)
|
XT_SCTP_DEST_PORTS, info->flags, info->invflags)
|
||||||
&& SCCHECK(match_packet(skb, protoff + sizeof (sctp_sctphdr_t),
|
&& SCCHECK(match_packet(skb, protoff + sizeof (sctp_sctphdr_t),
|
||||||
info->chunkmap, info->chunk_match_type,
|
info->chunkmap, info->chunk_match_type,
|
||||||
|
|||||||
@ -95,7 +95,7 @@ tcp_match(const struct sk_buff *skb,
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
#define FWINVTCP(bool,invflg) ((bool) ^ !!(tcpinfo->invflags & invflg))
|
#define FWINVTCP(bool, invflg) ((bool) ^ !!(tcpinfo->invflags & (invflg)))
|
||||||
|
|
||||||
th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
|
th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
|
||||||
if (th == NULL) {
|
if (th == NULL) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user