From 6733265358404e6ed7a98cb10acad26d1f1aa519 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 24 Oct 2010 18:13:28 +0200 Subject: [PATCH] xt_iface: reorder code for upcoming address checking From now on, info->flags lists the flags to test, not just the flags to test positively for. --- extensions/libxt_iface.c | 7 ++----- extensions/xt_iface.c | 39 ++++++++++++++++++++++++--------------- 2 files changed, 26 insertions(+), 20 deletions(-) diff --git a/extensions/libxt_iface.c b/extensions/libxt_iface.c index b1ae6ff..cefde6e 100644 --- a/extensions/libxt_iface.c +++ b/extensions/libxt_iface.c @@ -44,9 +44,7 @@ static void iface_print_opt(const struct xt_iface_mtinfo *info, const unsigned int option, const char *command) { if (info->flags & option) - printf(" %s", command); - if (info->invflags & option) - printf(" ! %s", command); + printf(" %s%s", (info->invflags & option) ? "! " : "", command); } static void iface_setflag(struct xt_iface_mtinfo *info, @@ -55,10 +53,9 @@ static void iface_setflag(struct xt_iface_mtinfo *info, if (*flags & flag) xtables_error(PARAMETER_PROBLEM, "iface: \"--%s\" flag already specified", command); + info->flags |= flag; if (invert) info->invflags |= flag; - else - info->flags |= flag; *flags |= flag; } diff --git a/extensions/xt_iface.c b/extensions/xt_iface.c index ce04915..cd16363 100644 --- a/extensions/xt_iface.c +++ b/extensions/xt_iface.c @@ -40,29 +40,38 @@ static const struct xt_iface_flag_pairs xt_iface_lookup[] = {.iface_flag = XT_IFACE_DORMANT, .iff_flag = IFF_DORMANT}, }; +static struct net_device *iface_get(const char *name) +{ +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24) + return dev_get_by_name(&init_net, name); +#else + return dev_get_by_name(name); +#endif +} + +static bool iface_flagtest(unsigned int devflags, unsigned int flags, + unsigned int invflags) +{ + unsigned int i; + + for (i = 0; i < ARRAY_SIZE(xt_iface_lookup); ++i) + if ((flags & xt_iface_lookup[i].iface_flag) && + !!(devflags & xt_iface_lookup[i].iff_flag) ^ + !(invflags & xt_iface_lookup[i].iface_flag)) + return false; + return true; +} + static bool xt_iface_mt(const struct sk_buff *skb, struct xt_action_param *par) { const struct xt_iface_mtinfo *info = par->matchinfo; - struct net_device *dev; + struct net_device *dev = iface_get(info->ifname); bool retval; - int i; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24) - dev = dev_get_by_name(&init_net, info->ifname); -#else - dev = dev_get_by_name(info->ifname); -#endif if (dev == NULL) return false; - - retval = true; - for (i = 0; i < ARRAY_SIZE(xt_iface_lookup) && retval; ++i) { - if (info->flags & xt_iface_lookup[i].iface_flag) - retval &= dev->flags & xt_iface_lookup[i].iff_flag; - if (info->invflags & xt_iface_lookup[i].iface_flag) - retval &= !(dev->flags & xt_iface_lookup[i].iff_flag); - } + retval = iface_flagtest(dev->flags, info->flags, info->invflags); dev_put(dev); return retval; }