mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2025-12-06 16:13:54 +01:00
extensions: split assignments and if-exprs
This commit is contained in:
Jan Engelhardt
@@ -34,7 +34,8 @@ int ipt_ACCOUNT_init(struct ipt_ACCOUNT_context *ctx)
|
|||||||
|
|
||||||
// 4096 bytes default buffer should save us from reallocations
|
// 4096 bytes default buffer should save us from reallocations
|
||||||
// as it fits 200 concurrent active clients
|
// as it fits 200 concurrent active clients
|
||||||
if ((ctx->data = malloc(IPT_ACCOUNT_MIN_BUFSIZE)) == NULL) {
|
ctx->data = malloc(IPT_ACCOUNT_MIN_BUFSIZE);
|
||||||
|
if (ctx->data == NULL) {
|
||||||
close(ctx->sockfd);
|
close(ctx->sockfd);
|
||||||
ctx->sockfd = -1;
|
ctx->sockfd = -1;
|
||||||
ctx->error_str = "Out of memory for data buffer";
|
ctx->error_str = "Out of memory for data buffer";
|
||||||
|
|||||||
@@ -627,7 +627,8 @@ static int ipt_acc_handle_prepare_read(struct ipt_acc_table *ipt_acc_tables,
|
|||||||
dest->itemcount = ipt_acc_tables[table_nr].itemcount;
|
dest->itemcount = ipt_acc_tables[table_nr].itemcount;
|
||||||
|
|
||||||
/* allocate "root" table */
|
/* allocate "root" table */
|
||||||
if ((dest->data = ipt_acc_zalloc_page()) == NULL) {
|
dest->data = ipt_acc_zalloc_page();
|
||||||
|
if (dest->data == NULL) {
|
||||||
printk("ACCOUNT: out of memory for root table "
|
printk("ACCOUNT: out of memory for root table "
|
||||||
"in ipt_acc_handle_prepare_read()\n");
|
"in ipt_acc_handle_prepare_read()\n");
|
||||||
return -1;
|
return -1;
|
||||||
@@ -725,7 +726,8 @@ static int ipt_acc_handle_prepare_read_flush(struct ipt_acc_table *ipt_acc_table
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Try to allocate memory */
|
/* Try to allocate memory */
|
||||||
if (!(new_data_page = ipt_acc_zalloc_page())) {
|
new_data_page = ipt_acc_zalloc_page();
|
||||||
|
if (new_data_page == NULL) {
|
||||||
printk("ACCOUNT: ipt_acc_handle_prepare_read_flush(): "
|
printk("ACCOUNT: ipt_acc_handle_prepare_read_flush(): "
|
||||||
"Out of memory!\n");
|
"Out of memory!\n");
|
||||||
return -1;
|
return -1;
|
||||||
@@ -979,7 +981,8 @@ static int ipt_acc_get_ctl(struct sock *sk, int cmd, void *user, int *len)
|
|||||||
|
|
||||||
/* Allocate a userspace handle */
|
/* Allocate a userspace handle */
|
||||||
down(&ian->ipt_acc_userspace_mutex);
|
down(&ian->ipt_acc_userspace_mutex);
|
||||||
if ((handle.handle_nr = ipt_acc_handle_find_slot(ian->ipt_acc_handles)) == -1) {
|
handle.handle_nr = ipt_acc_handle_find_slot(ian->ipt_acc_handles);
|
||||||
|
if (handle.handle_nr == -1) {
|
||||||
ipt_acc_data_free(dest.data, dest.depth);
|
ipt_acc_data_free(dest.data, dest.depth);
|
||||||
up(&ian->ipt_acc_userspace_mutex);
|
up(&ian->ipt_acc_userspace_mutex);
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|||||||
@@ -75,7 +75,6 @@ geoip_get_subnets(const char *code, uint32_t *count, uint8_t nfproto)
|
|||||||
void *subnets;
|
void *subnets;
|
||||||
struct stat sb;
|
struct stat sb;
|
||||||
char buf[256];
|
char buf[256];
|
||||||
int fd;
|
|
||||||
#if __BYTE_ORDER == __LITTLE_ENDIAN
|
#if __BYTE_ORDER == __LITTLE_ENDIAN
|
||||||
unsigned int n;
|
unsigned int n;
|
||||||
#endif
|
#endif
|
||||||
@@ -86,7 +85,8 @@ geoip_get_subnets(const char *code, uint32_t *count, uint8_t nfproto)
|
|||||||
else
|
else
|
||||||
snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/%s.iv4", code);
|
snprintf(buf, sizeof(buf), GEOIP_DB_DIR "/%s.iv4", code);
|
||||||
|
|
||||||
if ((fd = open(buf, O_RDONLY)) < 0) {
|
int fd = open(buf, O_RDONLY);
|
||||||
|
if (fd < 0) {
|
||||||
fprintf(stderr, "Could not open %s: %s\n", buf, strerror(errno));
|
fprintf(stderr, "Could not open %s: %s\n", buf, strerror(errno));
|
||||||
xtables_error(OTHER_PROBLEM, "Could not read geoip database");
|
xtables_error(OTHER_PROBLEM, "Could not read geoip database");
|
||||||
}
|
}
|
||||||
@@ -203,7 +203,8 @@ static unsigned int parse_geoip_cc(const char *ccstr, uint16_t *cc,
|
|||||||
next = strchr(cp, ',');
|
next = strchr(cp, ',');
|
||||||
if (next) *next++ = '\0';
|
if (next) *next++ = '\0';
|
||||||
|
|
||||||
if ((cctmp = check_geoip_cc(cp, cc, count)) != 0) {
|
cctmp = check_geoip_cc(cp, cc, count);
|
||||||
|
if (cctmp != 0) {
|
||||||
if ((mem[count++].user =
|
if ((mem[count++].user =
|
||||||
(unsigned long)geoip_load_cc(cp, cctmp, nfproto)) == 0)
|
(unsigned long)geoip_load_cc(cp, cctmp, nfproto)) == 0)
|
||||||
xtables_error(OTHER_PROBLEM,
|
xtables_error(OTHER_PROBLEM,
|
||||||
|
|||||||
@@ -91,12 +91,11 @@ proto_to_name(uint8_t proto)
|
|||||||
static const char *
|
static const char *
|
||||||
check_proto(uint16_t pnum, uint8_t invflags)
|
check_proto(uint16_t pnum, uint8_t invflags)
|
||||||
{
|
{
|
||||||
char *proto;
|
|
||||||
|
|
||||||
if (invflags & XT_INV_PROTO)
|
if (invflags & XT_INV_PROTO)
|
||||||
xtables_error(PARAMETER_PROBLEM, PKNOCK "only works with TCP and UDP.");
|
xtables_error(PARAMETER_PROBLEM, PKNOCK "only works with TCP and UDP.");
|
||||||
|
|
||||||
if ((proto = proto_to_name(pnum)) != NULL)
|
const char *proto = proto_to_name(pnum);
|
||||||
|
if (proto != NULL)
|
||||||
return proto;
|
return proto;
|
||||||
else if (pnum == 0)
|
else if (pnum == 0)
|
||||||
xtables_error(PARAMETER_PROBLEM, PKNOCK "needs `-p tcp' or `-p udp'");
|
xtables_error(PARAMETER_PROBLEM, PKNOCK "needs `-p tcp' or `-p udp'");
|
||||||
|
|||||||
@@ -30,8 +30,8 @@ int main(int argc, char **argv)
|
|||||||
struct xt_pknock_nl_msg *pknock_msg;
|
struct xt_pknock_nl_msg *pknock_msg;
|
||||||
|
|
||||||
if (argc > 2) {
|
if (argc > 2) {
|
||||||
char *prog;
|
char *prog = strdup(argv[0]);
|
||||||
if (!(prog = strdup(argv[0]))) {
|
if (prog == NULL) {
|
||||||
perror("strdup()");
|
perror("strdup()");
|
||||||
} else {
|
} else {
|
||||||
fprintf(stderr, "%s [ group-id ]\n", basename(prog));
|
fprintf(stderr, "%s [ group-id ]\n", basename(prog));
|
||||||
|
|||||||
@@ -972,7 +972,8 @@ static bool pknock_mt(const struct sk_buff *skb,
|
|||||||
|
|
||||||
/* Sets, updates, removes or checks the peer matching status. */
|
/* Sets, updates, removes or checks the peer matching status. */
|
||||||
if (info->option & XT_PKNOCK_KNOCKPORT) {
|
if (info->option & XT_PKNOCK_KNOCKPORT) {
|
||||||
if ((ret = is_allowed(peer))) {
|
ret = is_allowed(peer);
|
||||||
|
if (ret != 0) {
|
||||||
if (info->option & XT_PKNOCK_CLOSESECRET &&
|
if (info->option & XT_PKNOCK_CLOSESECRET &&
|
||||||
(iph->protocol == IPPROTO_UDP ||
|
(iph->protocol == IPPROTO_UDP ||
|
||||||
iph->protocol == IPPROTO_UDPLITE))
|
iph->protocol == IPPROTO_UDPLITE))
|
||||||
|
|||||||
@@ -171,7 +171,8 @@ static int __init chaos_tg_init(void)
|
|||||||
printk(KERN_WARNING PFX "Warning: Could not find or load "
|
printk(KERN_WARNING PFX "Warning: Could not find or load "
|
||||||
"\"DELUDE\" target\n");
|
"\"DELUDE\" target\n");
|
||||||
|
|
||||||
if ((ret = xt_register_target(&chaos_tg_reg)) != 0) {
|
ret = xt_register_target(&chaos_tg_reg);
|
||||||
|
if (ret != 0) {
|
||||||
printk(KERN_WARNING PFX "xt_register_target returned "
|
printk(KERN_WARNING PFX "xt_register_target returned "
|
||||||
"error %d\n", ret);
|
"error %d\n", ret);
|
||||||
goto out3;
|
goto out3;
|
||||||
|
|||||||
@@ -184,7 +184,8 @@ lscan_mt(const struct sk_buff *skb, struct xt_action_param *par)
|
|||||||
return false;
|
return false;
|
||||||
|
|
||||||
/* Check for invalid packets: -m conntrack --ctstate INVALID */
|
/* Check for invalid packets: -m conntrack --ctstate INVALID */
|
||||||
if ((ctdata = nf_ct_get(skb, &ctstate)) == NULL) {
|
ctdata = nf_ct_get(skb, &ctstate);
|
||||||
|
if (ctdata == NULL) {
|
||||||
if (info->match_stealth)
|
if (info->match_stealth)
|
||||||
return lscan_mt_stealth(tcph);
|
return lscan_mt_stealth(tcph);
|
||||||
/*
|
/*
|
||||||
|
|||||||
Reference in New Issue
Block a user