anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-06 20:55:13 +02:00
Code Issues Releases Wiki Activity

condition: style cleanup

Browse Source
This commit is contained in:
Jan Engelhardt
2008-04-02 04:33:26 +02:00
parent c9579115c3
commit f5f17a27c5
2 changed files with 42 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
extensions/libxt_condition.c
View File

@@ -15,8 +15,8 @@ static void condition_help(void)
} }
static const struct option condition_opts[] = { static const struct option condition_opts[] = {
{ .name = "condition", .has_arg = 1, .flag = 0, .val = 'X' }, {.name = "condition", .has_arg = true, .val = 'X'},
{ .name = 0 } {NULL},
}; };
static int condition_parse(int c, char **argv, int invert, unsigned int *flags, static int condition_parse(int c, char **argv, int invert, unsigned int *flags,

87
extensions/xt_condition.c
View File

@@ -1,61 +1,49 @@
/*-------------------------------------------*\ /*
| Netfilter Condition Module | * xt_condition
| | *
| Description: This module allows firewall | * Description: This module allows firewall rules to match using
| rules to match using condition variables | * condition variables available through procfs.
| stored in /proc files. | *
| | * Authors:
| Author: Stephane Ouellette 2002-10-22 | * Stephane Ouellette <ouellettes@videotron.ca>, 2002-10-22
| <ouellettes@videotron.ca> | * Massimiliano Hofer <max@nucleus.it>, 2006-05-15
| Massimiliano Hofer 2006-05-15 | *
| <max@nucleus.it> | * This software is distributed under the terms of the GNU GPL.
| | */
| History: |
| 2003-02-10 Second version with improved |
| locking and simplified code. |
| 2006-05-15 2.6.16 adaptations. |
| Locking overhaul. |
| Various bug fixes. |
| |
| This software is distributed under the |
| terms of the GNU GPL. |
\*-------------------------------------------*/
#include <linux/version.h>
#include <linux/kernel.h> #include <linux/kernel.h>
#include <linux/list.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/proc_fs.h> #include <linux/proc_fs.h>
#include <linux/spinlock.h> #include <linux/spinlock.h>
#include <asm/semaphore.h>
#include <linux/string.h> #include <linux/string.h>
#include <linux/list.h> #include <linux/version.h>
#include <asm/atomic.h>
#include <asm/uaccess.h>
#include <linux/netfilter/x_tables.h> #include <linux/netfilter/x_tables.h>
#include <asm/uaccess.h>
#include "xt_condition.h" #include "xt_condition.h"
#include "compat_xtables.h" #include "compat_xtables.h"
#ifndef CONFIG_PROC_FS #ifndef CONFIG_PROC_FS
#error "Proc file system support is required for this module" # error "proc file system support is required for this module"
#endif #endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24) #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
# define proc_net init_net.proc_net # define proc_net init_net.proc_net
#endif #endif
/* Defaults, these can be overridden on the module command-line. */ /* Defaults, these can be overridden on the module command-line. */
static unsigned int condition_list_perms = 0644; static unsigned int condition_list_perms = S_IRUGO | S_IWUSR;
static unsigned int condition_uid_perms = 0; static unsigned int condition_uid_perms = 0;
static unsigned int condition_gid_perms = 0; static unsigned int condition_gid_perms = 0;
MODULE_AUTHOR("Stephane Ouellette <ouellettes@videotron.ca> and Massimiliano Hofer <max@nucleus.it>"); MODULE_AUTHOR("Stephane Ouellette <ouellettes@videotron.ca>");
MODULE_AUTHOR("Massimiliano Hofer <max@nucleus.it>");
MODULE_DESCRIPTION("Allows rules to match against condition variables"); MODULE_DESCRIPTION("Allows rules to match against condition variables");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
module_param(condition_list_perms, uint, 0600); module_param(condition_list_perms, uint, S_IRUSR | S_IWUSR);
MODULE_PARM_DESC(condition_list_perms,"permissions on /proc/net/nf_condition/* files"); MODULE_PARM_DESC(condition_list_perms, "permissions on /proc/net/nf_condition/* files");
module_param(condition_uid_perms, uint, 0600); module_param(condition_uid_perms, uint, S_IRUSR | S_IWUSR);
MODULE_PARM_DESC(condition_uid_perms,"user owner of /proc/net/nf_condition/* files"); MODULE_PARM_DESC(condition_uid_perms, "user owner of /proc/net/nf_condition/* files");
module_param(condition_gid_perms, uint, 0600); module_param(condition_gid_perms, uint, S_IRUSR | S_IWUSR);
MODULE_PARM_DESC(condition_gid_perms,"group owner of /proc/net/nf_condition/* files"); MODULE_PARM_DESC(condition_gid_perms, "group owner of /proc/net/nf_condition/* files");
MODULE_ALIAS("ipt_condition"); MODULE_ALIAS("ipt_condition");
MODULE_ALIAS("ip6t_condition"); MODULE_ALIAS("ip6t_condition");
@@ -71,16 +59,16 @@ struct condition_variable {
static DECLARE_MUTEX(proc_lock); static DECLARE_MUTEX(proc_lock);
static LIST_HEAD(conditions_list); static LIST_HEAD(conditions_list);
static struct proc_dir_entry *proc_net_condition = NULL; static struct proc_dir_entry *proc_net_condition;
static int condition_proc_read(char __user *buffer, char **start, off_t offset, static int condition_proc_read(char __user *buffer, char **start, off_t offset,
int length, int *eof, void *data) int length, int *eof, void *data)
{ {
const struct condition_variable *var = data; const struct condition_variable *var = data;
buffer[0] = (var->enabled) ? '1' : '0'; buffer[0] = var->enabled ? '1' : '0';
buffer[1] = '\n'; buffer[1] = '\n';
if (length>=2) if (length >= 2)
*eof = true; *eof = true;
return 2; return 2;
@@ -92,10 +80,10 @@ static int condition_proc_write(struct file *file, const char __user *buffer,
struct condition_variable *var = data; struct condition_variable *var = data;
char newval; char newval;
if (length>0) { if (length > 0) {
if (get_user(newval, buffer) != 0) if (get_user(newval, buffer) != 0)
return -EFAULT; return -EFAULT;
/* Match only on the first character */ /* Match only on the first character */
switch (newval) { switch (newval) {
case '0': case '0':
var->enabled = false; var->enabled = false;
@@ -149,8 +137,10 @@ condition_mt_check(const char *tablename, const void *entry,
return false; return false;
} }
/* Let's acquire the lock, check for the condition and add it */ /*
/* or increase the reference counter. */ * Let's acquire the lock, check for the condition and add it
* or increase the reference counter.
*/
if (down_interruptible(&proc_lock)) if (down_interruptible(&proc_lock))
return false; return false;
@@ -213,9 +203,12 @@ static void condition_mt_destroy(const struct xt_match *match, void *matchinfo)
list_del_rcu(pos); list_del_rcu(pos);
remove_proc_entry(var->status_proc->name, proc_net_condition); remove_proc_entry(var->status_proc->name, proc_net_condition);
up(&proc_lock); up(&proc_lock);
/* synchronize_rcu() would be goog enough, but synchronize_net() */ /*
/* guarantees that no packet will go out with the old rule after */ * synchronize_rcu() would be good enough, but
/* succesful removal. */ * synchronize_net() guarantees that no packet
* will go out with the old rule after
* succesful removal.
*/
synchronize_net(); synchronize_net();
kfree(var); kfree(var);
return; return;