From d4e6e3d15546aad80b2ddeff8f8c7a512acf4af6 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Thu, 24 Feb 2011 01:49:03 +0100
Subject: [PATCH 1/3] xt_pknock: indent

---
 extensions/pknock/xt_pknock.c | 63 +++++++++++++++++------------------
 1 file changed, 31 insertions(+), 32 deletions(-)

diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
index 979a1da..4e40911 100644
--- a/extensions/pknock/xt_pknock.c
+++ b/extensions/pknock/xt_pknock.c
@@ -427,9 +427,9 @@ static struct xt_pknock_rule *search_rule(const struct xt_pknock_mtinfo *info)
 					ipt_pknock_hash_rnd, rule_hashsize);
 
 	list_for_each_safe(pos, n, &rule_hashtable[hash]) {
-			rule = list_entry(pos, struct xt_pknock_rule, head);
-			if (rulecmp(info, rule))
-					return rule;
+		rule = list_entry(pos, struct xt_pknock_rule, head);
+		if (rulecmp(info, rule))
+			return rule;
 	}
 	return NULL;
 }
@@ -451,23 +451,20 @@ add_rule(struct xt_pknock_mtinfo *info)
 	list_for_each_safe(pos, n, &rule_hashtable[hash]) {
 		rule = list_entry(pos, struct xt_pknock_rule, head);
 
-		if (rulecmp(info, rule)) {
-			++rule->ref_count;
+		if (!rulecmp(info, rule))
+			continue;
+		++rule->ref_count;
 
-			if (info->option & XT_PKNOCK_OPENSECRET) {
-				rule->max_time       = info->max_time;
-				rule->autoclose_time = info->autoclose_time;
-			}
-
-			if (info->option & XT_PKNOCK_CHECKIP) {
-				pr_debug("add_rule() (AC)"
-					" rule found: %s - "
-					"ref_count: %d\n",
-					rule->rule_name,
-					rule->ref_count);
-			}
-			return true;
+		if (info->option & XT_PKNOCK_OPENSECRET) {
+			rule->max_time       = info->max_time;
+			rule->autoclose_time = info->autoclose_time;
 		}
+
+		if (info->option & XT_PKNOCK_CHECKIP)
+			pr_debug("add_rule() (AC) rule found: %s - "
+				"ref_count: %d\n",
+				rule->rule_name, rule->ref_count);
+		return true;
 	}
 
 	rule = kmalloc(sizeof(*rule), GFP_KERNEL);
@@ -523,7 +520,8 @@ remove_rule(struct xt_pknock_mtinfo *info)
 	unsigned int hash = pknock_hash(info->rule_name, info->rule_name_len,
                                 ipt_pknock_hash_rnd, rule_hashsize);
 
-	if (list_empty(&rule_hashtable[hash])) return;
+	if (list_empty(&rule_hashtable[hash]))
+		return;
 
 	list_for_each_safe(pos, n, &rule_hashtable[hash]) {
 		rule = list_entry(pos, struct xt_pknock_rule, head);
@@ -576,7 +574,8 @@ static struct peer *get_peer(struct xt_pknock_rule *rule, __be32 ip)
 
 	list_for_each_safe(pos, n, &rule->peer_head[hash]) {
 		peer = list_entry(pos, struct peer, head);
-		if (peer->ip == ip) return peer;
+		if (peer->ip == ip)
+			return peer;
 	}
 	return NULL;
 }
@@ -1043,7 +1042,8 @@ static bool pknock_mt(const struct sk_buff *skb,
 			add_peer(peer, rule);
 		}
 
-		if (peer == NULL) goto out;
+		if (peer == NULL)
+			goto out;
 
 		update_peer(peer, info, rule, &hdr);
 	}
@@ -1087,15 +1087,15 @@ static int pknock_mt_check(const struct xt_mtchk_param *par)
 		RETURN_ERR("No crypto support available; "
 			"cannot use opensecret/closescret\n");
 #endif
-	if ((info->option & XT_PKNOCK_OPENSECRET) && (info->ports_count != 1))
+	if (info->option & XT_PKNOCK_OPENSECRET && info->ports_count != 1)
 		RETURN_ERR("--opensecret must have just one knock port\n");
 	if (info->option & XT_PKNOCK_KNOCKPORT) {
 		if (info->option & XT_PKNOCK_CHECKIP)
 			RETURN_ERR("Can't specify --knockports with --checkip.\n");
-		if ((info->option & XT_PKNOCK_OPENSECRET) &&
+		if (info->option & XT_PKNOCK_OPENSECRET &&
 				!(info->option & XT_PKNOCK_CLOSESECRET))
 			RETURN_ERR("--opensecret must go with --closesecret.\n");
-		if ((info->option & XT_PKNOCK_CLOSESECRET) &&
+		if (info->option & XT_PKNOCK_CLOSESECRET &&
 				!(info->option & XT_PKNOCK_OPENSECRET))
 			RETURN_ERR("--closesecret must go with --opensecret.\n");
 	}
@@ -1115,13 +1115,11 @@ static int pknock_mt_check(const struct xt_mtchk_param *par)
 		RETURN_ERR("you must specify --time.\n");
 	}
 
-	if (info->option & XT_PKNOCK_OPENSECRET) {
-		if (info->open_secret_len == info->close_secret_len) {
-			if (memcmp(info->open_secret, info->close_secret,
-						info->open_secret_len) == 0)
-				RETURN_ERR("opensecret & closesecret cannot be equal.\n");
-		}
-	}
+	if (info->option & XT_PKNOCK_OPENSECRET &&
+	    info->open_secret_len == info->close_secret_len &&
+	    memcmp(info->open_secret, info->close_secret,
+	    info->open_secret_len) == 0)
+		RETURN_ERR("opensecret & closesecret cannot be equal.\n");
 
 	if (!add_rule(info))
 		/* should ENOMEM here */
@@ -1195,7 +1193,8 @@ static void __exit xt_pknock_mt_exit(void)
 	kfree(rule_hashtable);
 
 #ifdef PK_CRYPTO
-	if (crypto.tfm != NULL) crypto_free_hash(crypto.tfm);
+	if (crypto.tfm != NULL)
+		crypto_free_hash(crypto.tfm);
 #endif
 }
 

From 0ba44bd4618a5c97da412b4b0760f4fb15af2307 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Thu, 24 Feb 2011 05:33:05 +0100
Subject: [PATCH 2/3] xt_pknock: avoid crash when hash TFM could not be
 allocated

---
 doc/changelog.txt             | 2 ++
 extensions/pknock/xt_pknock.c | 5 ++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/doc/changelog.txt b/doc/changelog.txt
index 3a21fb4..91b17d7 100644
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -1,6 +1,8 @@
 
 HEAD
 ====
+Fixes:
+- xt_pknock: avoid crash when hash TFM could not be allocated
 
 
 v1.33 (2011-02-02)
diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
index 4e40911..d7fe379 100644
--- a/extensions/pknock/xt_pknock.c
+++ b/extensions/pknock/xt_pknock.c
@@ -1164,11 +1164,10 @@ static int __init xt_pknock_mt_init(void)
 	}
 
 	crypto.tfm = crypto_alloc_hash(crypto.algo, 0, CRYPTO_ALG_ASYNC);
-
-	if (crypto.tfm == NULL) {
+	if (IS_ERR(crypto.tfm)) {
 		printk(KERN_ERR PKNOCK "failed to load transform for %s\n",
 						crypto.algo);
-		return -ENXIO;
+		return PTR_ERR(crypto.tfm);
 	}
 
 	crypto.size = crypto_hash_digestsize(crypto.tfm);

From 32871bad39a9fcefad10d9a27bf856ca3c00b354 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Thu, 24 Feb 2011 23:58:03 +0100
Subject: [PATCH 3/3] xt_pknock: avoid inversion of rule lookup that led to
 warnings

Commit v1.18-48-g58839b9 had this screwed up.
---
 doc/changelog.txt             |  1 +
 extensions/pknock/xt_pknock.c | 10 +++-------
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/doc/changelog.txt b/doc/changelog.txt
index 91b17d7..aa07ec5 100644
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -3,6 +3,7 @@ HEAD
 ====
 Fixes:
 - xt_pknock: avoid crash when hash TFM could not be allocated
+- xt_pknock: avoid inversion of rule lookup that led to warnings
 
 
 v1.33 (2011-02-02)
diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
index d7fe379..b6f6802 100644
--- a/extensions/pknock/xt_pknock.c
+++ b/extensions/pknock/xt_pknock.c
@@ -398,19 +398,15 @@ peer_gc(unsigned long r)
 
 /**
  * Compares length and name equality for the rules.
- *
- * @info
- * @rule
- * @return: 0 equals, 1 otherwise
  */
 static inline bool
 rulecmp(const struct xt_pknock_mtinfo *info, const struct xt_pknock_rule *rule)
 {
 	if (info->rule_name_len != rule->rule_name_len)
-		return true;
+		return false;
 	if (strncmp(info->rule_name, rule->rule_name, info->rule_name_len) != 0)
-		return true;
-	return false;
+		return false;
+	return true;
 }
 
 /**