anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-08 13:44:56 +02:00
Code Issues Releases Wiki Activity

pknock: remove some #ifdef PK_CRYPTO guards

Browse Source 
A number of guarded places do not use any crypto functions. So the
userspace does not pass in an info with --opensecret/--closesecret
defined.
This commit is contained in:
Jan Engelhardt
2009-10-12 01:21:26 +02:00
parent 9e5c2e7ee9
commit 98e5dfd6ef
1 changed files with 5 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
extensions/pknock/xt_pknock.c
View File

@@ -866,7 +866,6 @@ update_peer(struct peer *peer, const struct xt_pknock_mtinfo *info,
return false; return false;
} }
#ifdef PK_CRYPTO
/* If security is needed. */ /* If security is needed. */
if (info->option & XT_PKNOCK_OPENSECRET ) { if (info->option & XT_PKNOCK_OPENSECRET ) {
if (hdr->proto != IPPROTO_UDP) if (hdr->proto != IPPROTO_UDP)
@@ -875,7 +874,6 @@ update_peer(struct peer *peer, const struct xt_pknock_mtinfo *info,
if (!pass_security(peer, info, hdr->payload, hdr->payload_len)) if (!pass_security(peer, info, hdr->payload, hdr->payload_len))
return false; return false;
} }
#endif
/* Just update the timer when there is a state change. */ /* Just update the timer when there is a state change. */
update_rule_timer(rule); update_rule_timer(rule);
@@ -1010,7 +1008,6 @@ static bool pknock_mt(const struct sk_buff *skb,
/* Sets, updates, removes or checks the peer matching status. */ /* Sets, updates, removes or checks the peer matching status. */
if (info->option & XT_PKNOCK_KNOCKPORT) { if (info->option & XT_PKNOCK_KNOCKPORT) {
if ((ret = is_allowed(peer))) { if ((ret = is_allowed(peer))) {
#ifdef PK_CRYPTO
if (info->option & XT_PKNOCK_CLOSESECRET && if (info->option & XT_PKNOCK_CLOSESECRET &&
iph->protocol == IPPROTO_UDP) iph->protocol == IPPROTO_UDP)
{ {
@@ -1020,7 +1017,6 @@ static bool pknock_mt(const struct sk_buff *skb,
ret = false; ret = false;
} }
} }
#endif
goto out; goto out;
} }
@@ -1068,40 +1064,37 @@ static bool pknock_mt_check(const struct xt_mtchk_param *par)
if (!(info->option & XT_PKNOCK_NAME)) if (!(info->option & XT_PKNOCK_NAME))
RETURN_ERR("You must specify --name option.\n"); RETURN_ERR("You must specify --name option.\n");
#ifdef PK_CRYPTO #ifndef PK_CRYPTO
if (info->option & (XT_PKNOCK_OPENSECRET | XT_PKNOCK_CLOSESECRET))
RETURN_ERR("No crypto support available; "
"cannot use opensecret/closescret\n");
#endif
if ((info->option & XT_PKNOCK_OPENSECRET) && (info->ports_count != 1)) if ((info->option & XT_PKNOCK_OPENSECRET) && (info->ports_count != 1))
RETURN_ERR("--opensecret must have just one knock port\n"); RETURN_ERR("--opensecret must have just one knock port\n");
#endif
if (info->option & XT_PKNOCK_KNOCKPORT) { if (info->option & XT_PKNOCK_KNOCKPORT) {
if (info->option & XT_PKNOCK_CHECKIP) if (info->option & XT_PKNOCK_CHECKIP)
RETURN_ERR("Can't specify --knockports with --checkip.\n"); RETURN_ERR("Can't specify --knockports with --checkip.\n");
#ifdef PK_CRYPTO
if ((info->option & XT_PKNOCK_OPENSECRET) && if ((info->option & XT_PKNOCK_OPENSECRET) &&
!(info->option & XT_PKNOCK_CLOSESECRET)) !(info->option & XT_PKNOCK_CLOSESECRET))
RETURN_ERR("--opensecret must go with --closesecret.\n"); RETURN_ERR("--opensecret must go with --closesecret.\n");
if ((info->option & XT_PKNOCK_CLOSESECRET) && if ((info->option & XT_PKNOCK_CLOSESECRET) &&
!(info->option & XT_PKNOCK_OPENSECRET)) !(info->option & XT_PKNOCK_OPENSECRET))
RETURN_ERR("--closesecret must go with --opensecret.\n"); RETURN_ERR("--closesecret must go with --opensecret.\n");
#endif
} }
if (info->option & XT_PKNOCK_CHECKIP) { if (info->option & XT_PKNOCK_CHECKIP) {
if (info->option & XT_PKNOCK_KNOCKPORT) if (info->option & XT_PKNOCK_KNOCKPORT)
RETURN_ERR("Can't specify --checkip with --knockports.\n"); RETURN_ERR("Can't specify --checkip with --knockports.\n");
#ifdef PK_CRYPTO
if ((info->option & XT_PKNOCK_OPENSECRET) || if ((info->option & XT_PKNOCK_OPENSECRET) ||
(info->option & XT_PKNOCK_CLOSESECRET)) (info->option & XT_PKNOCK_CLOSESECRET))
RETURN_ERR("Can't specify --opensecret and --closesecret" RETURN_ERR("Can't specify --opensecret and --closesecret"
" with --checkip.\n"); " with --checkip.\n");
#endif
if (info->option & XT_PKNOCK_TIME) if (info->option & XT_PKNOCK_TIME)
RETURN_ERR("Can't specify --time with --checkip.\n"); RETURN_ERR("Can't specify --time with --checkip.\n");
if (info->option & XT_PKNOCK_AUTOCLOSE) if (info->option & XT_PKNOCK_AUTOCLOSE)
RETURN_ERR("Can't specify --autoclose with --checkip.\n"); RETURN_ERR("Can't specify --autoclose with --checkip.\n");
} }
#ifdef PK_CRYPTO
if (info->option & XT_PKNOCK_OPENSECRET) { if (info->option & XT_PKNOCK_OPENSECRET) {
if (info->open_secret_len == info->close_secret_len) { if (info->open_secret_len == info->close_secret_len) {
if (memcmp(info->open_secret, info->close_secret, if (memcmp(info->open_secret, info->close_secret,
@@ -1109,7 +1102,6 @@ static bool pknock_mt_check(const struct xt_mtchk_param *par)
RETURN_ERR("opensecret & closesecret cannot be equal.\n"); RETURN_ERR("opensecret & closesecret cannot be equal.\n");
} }
} }
#endif
if (!add_rule(info)) if (!add_rule(info))
RETURN_ERR("add_rule() error in checkentry() function.\n"); RETURN_ERR("add_rule() error in checkentry() function.\n");