mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2025-09-21 20:14:56 +02:00
pknock: remove unneeded braces
This commit is contained in:
@@ -245,40 +245,31 @@ static void pknock_check(unsigned int flags)
|
|||||||
"--name option is required.\n");
|
"--name option is required.\n");
|
||||||
|
|
||||||
if (flags & XT_PKNOCK_KNOCKPORT) {
|
if (flags & XT_PKNOCK_KNOCKPORT) {
|
||||||
if (flags & XT_PKNOCK_CHECKIP) {
|
if (flags & XT_PKNOCK_CHECKIP)
|
||||||
xtables_error(PARAMETER_PROBLEM, PKNOCK
|
xtables_error(PARAMETER_PROBLEM, PKNOCK
|
||||||
"cannot specify --knockports with --checkip.\n");
|
"cannot specify --knockports with --checkip.\n");
|
||||||
}
|
|
||||||
if ((flags & XT_PKNOCK_OPENSECRET)
|
if ((flags & XT_PKNOCK_OPENSECRET)
|
||||||
&& !(flags & XT_PKNOCK_CLOSESECRET))
|
&& !(flags & XT_PKNOCK_CLOSESECRET))
|
||||||
{
|
|
||||||
xtables_error(PARAMETER_PROBLEM, PKNOCK
|
xtables_error(PARAMETER_PROBLEM, PKNOCK
|
||||||
"--opensecret must go with --closesecret.\n");
|
"--opensecret must go with --closesecret.\n");
|
||||||
}
|
|
||||||
if ((flags & XT_PKNOCK_CLOSESECRET)
|
if ((flags & XT_PKNOCK_CLOSESECRET)
|
||||||
&& !(flags & XT_PKNOCK_OPENSECRET))
|
&& !(flags & XT_PKNOCK_OPENSECRET))
|
||||||
{
|
|
||||||
xtables_error(PARAMETER_PROBLEM, PKNOCK
|
xtables_error(PARAMETER_PROBLEM, PKNOCK
|
||||||
"--closesecret must go with --opensecret.\n");
|
"--closesecret must go with --opensecret.\n");
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (flags & XT_PKNOCK_CHECKIP) {
|
if (flags & XT_PKNOCK_CHECKIP) {
|
||||||
if (flags & XT_PKNOCK_KNOCKPORT) {
|
if (flags & XT_PKNOCK_KNOCKPORT)
|
||||||
xtables_error(PARAMETER_PROBLEM, PKNOCK
|
xtables_error(PARAMETER_PROBLEM, PKNOCK
|
||||||
"cannot specify --checkip with --knockports.\n");
|
"cannot specify --checkip with --knockports.\n");
|
||||||
}
|
|
||||||
if ((flags & XT_PKNOCK_OPENSECRET)
|
if ((flags & XT_PKNOCK_OPENSECRET)
|
||||||
|| (flags & XT_PKNOCK_CLOSESECRET))
|
|| (flags & XT_PKNOCK_CLOSESECRET))
|
||||||
{
|
|
||||||
xtables_error(PARAMETER_PROBLEM, PKNOCK
|
xtables_error(PARAMETER_PROBLEM, PKNOCK
|
||||||
"cannot specify --opensecret and"
|
"cannot specify --opensecret and"
|
||||||
" --closesecret with --checkip.\n");
|
" --closesecret with --checkip.\n");
|
||||||
}
|
if (flags & XT_PKNOCK_TIME)
|
||||||
if (flags & XT_PKNOCK_TIME) {
|
|
||||||
xtables_error(PARAMETER_PROBLEM, PKNOCK
|
xtables_error(PARAMETER_PROBLEM, PKNOCK
|
||||||
"cannot specify --time with --checkip.\n");
|
"cannot specify --time with --checkip.\n");
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -796,11 +796,10 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
|
|||||||
|
|
||||||
crypt_to_hex(hexresult, result, crypto.size);
|
crypt_to_hex(hexresult, result, crypto.size);
|
||||||
|
|
||||||
if (memcmp(hexresult, payload, hexa_size) != 0) {
|
if (memcmp(hexresult, payload, hexa_size) != 0)
|
||||||
pr_debug("secret match failed\n");
|
pr_debug("secret match failed\n");
|
||||||
} else {
|
else
|
||||||
fret = true;
|
fret = true;
|
||||||
}
|
|
||||||
|
|
||||||
out:
|
out:
|
||||||
kfree(hexresult);
|
kfree(hexresult);
|
||||||
@@ -832,9 +831,8 @@ pass_security(struct peer *peer, const struct xt_pknock_mtinfo *info,
|
|||||||
if (!has_secret(info->open_secret,
|
if (!has_secret(info->open_secret,
|
||||||
info->open_secret_len, htonl(peer->ip),
|
info->open_secret_len, htonl(peer->ip),
|
||||||
payload, payload_len))
|
payload, payload_len))
|
||||||
{
|
|
||||||
return false;
|
return false;
|
||||||
}
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
#endif /* PK_CRYPTO */
|
#endif /* PK_CRYPTO */
|
||||||
@@ -870,9 +868,8 @@ update_peer(struct peer *peer, const struct xt_pknock_mtinfo *info,
|
|||||||
if (hdr->proto != IPPROTO_UDP)
|
if (hdr->proto != IPPROTO_UDP)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
if (!pass_security(peer, info, hdr->payload, hdr->payload_len)) {
|
if (!pass_security(peer, info, hdr->payload, hdr->payload_len))
|
||||||
return false;
|
return false;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -1068,35 +1065,26 @@ static bool pknock_mt_check(const struct xt_mtchk_param *par)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (info->option & XT_PKNOCK_KNOCKPORT) {
|
if (info->option & XT_PKNOCK_KNOCKPORT) {
|
||||||
if (info->option & XT_PKNOCK_CHECKIP) {
|
if (info->option & XT_PKNOCK_CHECKIP)
|
||||||
RETURN_ERR("Can't specify --knockports with --checkip.\n");
|
RETURN_ERR("Can't specify --knockports with --checkip.\n");
|
||||||
}
|
|
||||||
#ifdef PK_CRYPTO
|
#ifdef PK_CRYPTO
|
||||||
if ((info->option & XT_PKNOCK_OPENSECRET) &&
|
if ((info->option & XT_PKNOCK_OPENSECRET) &&
|
||||||
!(info->option & XT_PKNOCK_CLOSESECRET))
|
!(info->option & XT_PKNOCK_CLOSESECRET))
|
||||||
{
|
|
||||||
RETURN_ERR("--opensecret must go with --closesecret.\n");
|
RETURN_ERR("--opensecret must go with --closesecret.\n");
|
||||||
}
|
|
||||||
if ((info->option & XT_PKNOCK_CLOSESECRET) &&
|
if ((info->option & XT_PKNOCK_CLOSESECRET) &&
|
||||||
!(info->option & XT_PKNOCK_OPENSECRET))
|
!(info->option & XT_PKNOCK_OPENSECRET))
|
||||||
{
|
|
||||||
RETURN_ERR("--closesecret must go with --opensecret.\n");
|
RETURN_ERR("--closesecret must go with --opensecret.\n");
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
if (info->option & XT_PKNOCK_CHECKIP) {
|
if (info->option & XT_PKNOCK_CHECKIP) {
|
||||||
if (info->option & XT_PKNOCK_KNOCKPORT)
|
if (info->option & XT_PKNOCK_KNOCKPORT)
|
||||||
{
|
|
||||||
RETURN_ERR("Can't specify --checkip with --knockports.\n");
|
RETURN_ERR("Can't specify --checkip with --knockports.\n");
|
||||||
}
|
|
||||||
#ifdef PK_CRYPTO
|
#ifdef PK_CRYPTO
|
||||||
if ((info->option & XT_PKNOCK_OPENSECRET) ||
|
if ((info->option & XT_PKNOCK_OPENSECRET) ||
|
||||||
(info->option & XT_PKNOCK_CLOSESECRET))
|
(info->option & XT_PKNOCK_CLOSESECRET))
|
||||||
{
|
|
||||||
RETURN_ERR("Can't specify --opensecret and --closesecret"
|
RETURN_ERR("Can't specify --opensecret and --closesecret"
|
||||||
" with --checkip.\n");
|
" with --checkip.\n");
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
if (info->option & XT_PKNOCK_TIME)
|
if (info->option & XT_PKNOCK_TIME)
|
||||||
RETURN_ERR("Can't specify --time with --checkip.\n");
|
RETURN_ERR("Can't specify --time with --checkip.\n");
|
||||||
@@ -1107,9 +1095,7 @@ static bool pknock_mt_check(const struct xt_mtchk_param *par)
|
|||||||
if (info->open_secret_len == info->close_secret_len) {
|
if (info->open_secret_len == info->close_secret_len) {
|
||||||
if (memcmp(info->open_secret, info->close_secret,
|
if (memcmp(info->open_secret, info->close_secret,
|
||||||
info->open_secret_len) == 0)
|
info->open_secret_len) == 0)
|
||||||
{
|
|
||||||
RETURN_ERR("opensecret & closesecret cannot be equal.\n");
|
RETURN_ERR("opensecret & closesecret cannot be equal.\n");
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
Reference in New Issue
Block a user