netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_osf.c
pluto
cvs at pld-linux.org
Sat Jun 11 18:57:05 CEST 2005
Author: pluto
Date: Sat Jun 11 18:57:02 2005
New Revision: 6072
Modified:
netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_osf.c
Log:
- cosmetics.
Modified: netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_osf.c
==============================================================================
--- netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_osf.c (original)
+++ netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_osf.c Sat Jun 11 18:57:02 2005
@@ -1,7 +1,7 @@
/*
* ipt_osf.c
*
- * Copyright (c) 2003 Evgeniy Polyakov <johnpol at 2ka.mipt.ru>
+ * Copyright (c) 2003-2005 Evgeniy Polyakov <johnpol at 2ka.mipt.ru>
*
*
* This program is free software; you can redistribute it and/or modify
@@ -100,8 +100,7 @@
size = NLMSG_SPACE(sizeof(struct ipt_osf_nlmsg));
skb = alloc_skb(size, GFP_ATOMIC);
- if (!skb)
- {
+ if (!skb) {
log("skb_alloc() failed.\n");
return;
}
@@ -125,14 +124,11 @@
{
struct iphdr *ip = skb->nh.iph;
- if (flags & IPT_OSF_SMART)
- {
+ if (flags & IPT_OSF_SMART) {
struct in_device *in_dev = in_dev_get(skb->dev);
- for_ifa(in_dev)
- {
- if (inet_ifa_match(ip->saddr, ifa))
- {
+ for_ifa(in_dev) {
+ if (inet_ifa_match(ip->saddr, ifa)) {
in_dev_put(in_dev);
return (ip->ttl == f_ttl);
}
@@ -152,20 +148,29 @@
int *hotdrop)
{
struct ipt_osf_info *info = (struct ipt_osf_info *)matchinfo;
- struct iphdr *ip = skb->nh.iph;
- struct tcphdr *tcp;
+ struct iphdr _iph, *ip;
+ struct tcphdr _tcph, *tcp;
int fmatch = FMATCH_WRONG, fcount = 0;
unsigned long totlen, optsize = 0, window;
unsigned char df, *optp = NULL, *_optp = NULL;
+ unsigned char opts[MAX_IPOPTLEN];
char check_WSS = 0;
- struct list_head *ent;
struct osf_finger *f;
+ int off;
- if (!ip || !info)
+ if (!info)
+ return 0;
+
+ off = 0;
+
+ ip = skb_header_pointer(skb, off, sizeof(_iph), &_iph);
+ if (!ip)
return 0;
- tcp = (struct tcphdr *)((u_int32_t *)ip + ip->ihl);
-
+ tcp = skb_header_pointer(skb, off + ip->ihl * 4, sizeof(_tcph), &_tcph);
+ if (!tcp)
+ return 0;
+
if (!tcp->syn)
return 0;
@@ -173,10 +178,16 @@
df = ((ntohs(ip->frag_off) & IP_DF)?1:0);
window = ntohs(tcp->window);
- if (tcp->doff*4 > sizeof(struct tcphdr))
- {
- _optp = optp = (char *)(tcp+1);
+ if (tcp->doff*4 > sizeof(struct tcphdr)) {
optsize = tcp->doff*4 - sizeof(struct tcphdr);
+
+ if (optsize > sizeof(opts)) {
+ log("%s: BUG: too big options size: optsize=%lu, max=%d.\n",
+ __func__, optsize, sizeof(opts));
+ optsize = sizeof(opts);
+ }
+
+ _optp = optp = skb_header_pointer(skb, off + ip->ihl*4 + sizeof(_tcph), optsize, opts);
}
/* Actually we can create hash/table of all genres and search
@@ -184,9 +195,7 @@
* so will use slow path.
*/
read_lock(&osf_lock);
- list_for_each(ent, &finger_list)
- {
- f = list_entry(ent, struct osf_finger, flist);
+ list_for_each_entry(f, &finger_list, flist) {
if (!(info->flags & IPT_OSF_LOG) && strcmp(info->genre, f->genre))
continue;
@@ -195,16 +204,14 @@
fmatch = FMATCH_WRONG;
if (totlen == f->ss && df == f->df &&
- smart_dec(skb, info->flags, f->ttl))
- {
+ smart_dec(skb, info->flags, f->ttl)) {
unsigned long foptsize;
int optnum;
unsigned short mss = 0;
check_WSS = 0;
- switch (f->wss.wc)
- {
+ switch (f->wss.wc) {
case 0: check_WSS = 0; break;
case 'S': check_WSS = 1; break;
case 'T': check_WSS = 2; break;
@@ -227,8 +234,7 @@
if (foptsize > MAX_IPOPTLEN || optsize > MAX_IPOPTLEN || optsize != foptsize)
continue;
- if (!optp)
- {
+ if (!optp) {
fmatch = FMATCH_OK;
loga("\tYEP : matching without options.\n");
if ((info->flags & IPT_OSF_LOG) &&
@@ -237,12 +243,9 @@
else
continue;
}
-
- for (optnum=0; optnum<f->opt_num; ++optnum)
- {
- if (f->opt[optnum].kind == (*optp))
- {
+ for (optnum=0; optnum<f->opt_num; ++optnum) {
+ if (f->opt[optnum].kind == (*optp)) {
unsigned char len = f->opt[optnum].length;
unsigned char *optend = optp + len;
int loop_cont = 0;
@@ -250,8 +253,7 @@
fmatch = FMATCH_OK;
- switch (*optp)
- {
+ switch (*optp) {
case OSFOPT_MSS:
mss = ntohs(*(unsigned short *)(optp+2));
break;
@@ -260,19 +262,16 @@
break;
}
- if (loop_cont)
- {
+ if (loop_cont) {
optp = optend;
continue;
}
- if (len != 1)
- {
+ if (len != 1) {
/* Skip kind and length fields*/
optp += 2;
- if (f->opt[optnum].wc.val != 0)
- {
+ if (f->opt[optnum].wc.val != 0) {
unsigned long tmp = 0;
/* Hmmm... It looks a bit ugly. :) */
@@ -286,8 +285,7 @@
else
tmp = ntohl(tmp);
- if (f->opt[optnum].wc.wc == '%')
- {
+ if (f->opt[optnum].wc.wc == '%') {
if ((tmp % f->opt[optnum].wc.val) != 0)
fmatch = FMATCH_OPT_WRONG;
}
@@ -297,20 +295,17 @@
}
optp = optend;
- }
- else
+ } else
fmatch = FMATCH_OPT_WRONG;
if (fmatch != FMATCH_OK)
break;
}
- if (fmatch != FMATCH_OPT_WRONG)
- {
+ if (fmatch != FMATCH_OPT_WRONG) {
fmatch = FMATCH_WRONG;
- switch (check_WSS)
- {
+ switch (check_WSS) {
case 0:
if (f->wss.val == 0 || window == f->wss.val)
fmatch = FMATCH_OK;
@@ -335,8 +330,7 @@
}
- if (fmatch == FMATCH_OK)
- {
+ if (fmatch == FMATCH_OK) {
fcount++;
log("%s [%s:%s:%s] : %u.%u.%u.%u:%u -> %u.%u.%u.%u:%u hops=%d\n",
f->genre, f->version,
@@ -344,8 +338,7 @@
NIPQUAD(ip->saddr), ntohs(tcp->source),
NIPQUAD(ip->daddr), ntohs(tcp->dest),
f->ttl - ip->ttl);
- if (info->flags & IPT_OSF_NETLINK)
- {
+ if (info->flags & IPT_OSF_NETLINK) {
spin_lock_bh(&ipt_osf_netlink_lock);
ipt_osf_nlsend(f, skb);
spin_unlock_bh(&ipt_osf_netlink_lock);
@@ -356,8 +349,7 @@
}
}
}
- if (!fcount && (info->flags & (IPT_OSF_LOG | IPT_OSF_NETLINK)))
- {
+ if (!fcount && (info->flags & (IPT_OSF_LOG | IPT_OSF_NETLINK))) {
unsigned char opt[4 * 15 - sizeof(struct tcphdr)];
unsigned int i, optsize;
struct osf_finger fg;
@@ -366,21 +358,16 @@
if ((info->flags & IPT_OSF_LOG))
log("Unknown: %lu:%d:%d:%lu:", window, ip->ttl, df, totlen);
- if (optp)
- {
+ if (optp) {
optsize = tcp->doff * 4 - sizeof(struct tcphdr);
- if (skb_copy_bits(skb, ip->ihl*4 + sizeof(struct tcphdr),
- opt, optsize) < 0)
- {
+ if (skb_copy_bits(skb, off + ip->ihl*4 + sizeof(struct tcphdr),
+ opt, optsize) < 0) {
if (info->flags & IPT_OSF_LOG)
loga("TRUNCATED");
if (info->flags & IPT_OSF_NETLINK)
strcpy(fg.details, "TRUNCATED");
- }
- else
- {
- for (i = 0; i < optsize; i++)
- {
+ } else {
+ for (i = 0; i < optsize; i++) {
if (info->flags & IPT_OSF_LOG)
loga("%02X", opt[i]);
}
@@ -393,8 +380,7 @@
NIPQUAD(ip->saddr), ntohs(tcp->source),
NIPQUAD(ip->daddr), ntohs(tcp->dest));
- if (info->flags & IPT_OSF_NETLINK)
- {
+ if (info->flags & IPT_OSF_NETLINK) {
fg.wss.val = window;
fg.ttl = ip->ttl;
fg.df = df;
@@ -468,31 +454,26 @@
ptr = &obuf[0];
i = 0;
- while (ptr != NULL && i < olen)
- {
+ while (ptr != NULL && i < olen) {
val = 0;
op = 0;
wc = 0;
- switch (obuf[i])
- {
+ switch (obuf[i]) {
case 'N':
op = OSFOPT_NOP;
ptr = osf_strchr(&obuf[i], OPTDEL);
- if (ptr)
- {
+ if (ptr) {
*ptr = '\0';
ptr++;
i += (int)(ptr-&obuf[i]);
- }
- else
+ } else
i++;
break;
case 'S':
op = OSFOPT_SACKP;
ptr = osf_strchr(&obuf[i], OPTDEL);
- if (ptr)
- {
+ if (ptr) {
*ptr = '\0';
ptr++;
i += (int)(ptr-&obuf[i]);
@@ -504,23 +485,19 @@
case 'T':
op = OSFOPT_TS;
ptr = osf_strchr(&obuf[i], OPTDEL);
- if (ptr)
- {
+ if (ptr) {
*ptr = '\0';
ptr++;
i += (int)(ptr-&obuf[i]);
- }
- else
+ } else
i++;
break;
case 'W':
op = OSFOPT_WSO;
ptr = osf_strchr(&obuf[i], OPTDEL);
- if (ptr)
- {
- switch (obuf[i+1])
- {
+ if (ptr) {
+ switch (obuf[i+1]) {
case '%': wc = '%'; break;
case 'S': wc = 'S'; break;
case 'T': wc = 'T'; break;
@@ -535,15 +512,13 @@
val = simple_strtoul(&obuf[i+1], NULL, 10);
i += (int)(ptr-&obuf[i]);
- }
- else
+ } else
i++;
break;
case 'M':
op = OSFOPT_MSS;
ptr = osf_strchr(&obuf[i], OPTDEL);
- if (ptr)
- {
+ if (ptr) {
if (obuf[i+1] == '%')
wc = '%';
*ptr = '\0';
@@ -554,32 +529,27 @@
val = simple_strtoul(&obuf[i+1], NULL, 10);
i += (int)(ptr-&obuf[i]);
- }
- else
+ } else
i++;
break;
case 'E':
op = OSFOPT_EOL;
ptr = osf_strchr(&obuf[i], OPTDEL);
- if (ptr)
- {
+ if (ptr) {
*ptr = '\0';
ptr++;
i += (int)(ptr-&obuf[i]);
- }
- else
+ } else
i++;
break;
default:
ptr = osf_strchr(&obuf[i], OPTDEL);
- if (ptr)
- {
+ if (ptr) {
ptr++;
i += (int)(ptr-&obuf[i]);
- }
- else
+ } else
i++;
break;
}
@@ -595,7 +565,6 @@
static int osf_proc_read(char *buf, char **start, off_t off, int count, int *eof, void *data)
{
- struct list_head *ent;
struct osf_finger *f = NULL;
int i, __count, err;
@@ -604,10 +573,7 @@
count = 0;
read_lock_bh(&osf_lock);
- list_for_each(ent, &finger_list)
- {
- f = list_entry(ent, struct osf_finger, flist);
-
+ list_for_each_entry(f, &finger_list, flist) {
log("%s [%s]", f->genre, f->details);
err = snprintf(buf+count, __count-count, "%s - %s[%s] : %s",
@@ -617,12 +583,10 @@
break;
else
count += err;
- if (f->opt_num)
- {
+ if (f->opt_num) {
loga(" OPT: ");
//count += sprintf(buf+count, " OPT: ");
- for (i=0; i<f->opt_num; ++i)
- {
+ for (i=0; i<f->opt_num; ++i) {
//count += sprintf(buf+count, "%d.%c%lu; ",
// f->opt[i].kind, (f->opt[i].wc.wc)?f->opt[i].wc.wc:' ', f->opt[i].wc.val);
loga("%d.%c%lu; ",
@@ -646,19 +610,15 @@
int cnt;
unsigned long i;
char obuf[MAXOPTSTRLEN];
- struct osf_finger *finger;
- struct list_head *ent, *n;
+ struct osf_finger *finger, *n;
char *pbeg, *pend;
- if (count == strlen(OSFFLUSH) && !strncmp(buffer, OSFFLUSH, strlen(OSFFLUSH)))
- {
+ if (count == strlen(OSFFLUSH) && !strncmp(buffer, OSFFLUSH, strlen(OSFFLUSH))) {
int i = 0;
write_lock_bh(&osf_lock);
- list_for_each_safe(ent, n, &finger_list)
- {
+ list_for_each_entry_safe(finger, n, &finger_list, flist) {
i++;
- finger = list_entry(ent, struct osf_finger, flist);
list_del(&finger->flist);
finger_free(finger);
}
@@ -675,8 +635,7 @@
if (buffer[i] == ':')
cnt++;
- if (cnt != 8 || i != count)
- {
+ if (cnt != 8 || i != count) {
log("Wrong input line cnt=%d[8], len=%lu[%lu]\n",
cnt, i, count);
return count;
@@ -685,19 +644,16 @@
memset(obuf, 0, sizeof(obuf));
finger = finger_alloc();
- if (!finger)
- {
+ if (!finger) {
log("Failed to allocate new fingerprint entry.\n");
return -ENOMEM;
}
pbeg = (char *)buffer;
pend = osf_strchr(pbeg, OSFPDEL);
- if (pend)
- {
+ if (pend) {
*pend = '\0';
- if (pbeg[0] == 'S')
- {
+ if (pbeg[0] == 'S') {
finger->wss.wc = 'S';
if (pbeg[1] == '%')
finger->wss.val = simple_strtoul(pbeg+2, NULL, 10);
@@ -705,9 +661,7 @@
finger->wss.val = 0;
else
finger->wss.val = simple_strtoul(pbeg+1, NULL, 10);
- }
- else if (pbeg[0] == 'T')
- {
+ } else if (pbeg[0] == 'T') {
finger->wss.wc = 'T';
if (pbeg[1] == '%')
finger->wss.val = simple_strtoul(pbeg+2, NULL, 10);
@@ -715,14 +669,10 @@
finger->wss.val = 0;
else
finger->wss.val = simple_strtoul(pbeg+1, NULL, 10);
- }
- else if (pbeg[0] == '%')
- {
+ } else if (pbeg[0] == '%') {
finger->wss.wc = '%';
finger->wss.val = simple_strtoul(pbeg+1, NULL, 10);
- }
- else if (isdigit(pbeg[0]))
- {
+ } else if (isdigit(pbeg[0])) {
finger->wss.wc = 0;
finger->wss.val = simple_strtoul(pbeg, NULL, 10);
}
@@ -730,38 +680,33 @@
pbeg = pend+1;
}
pend = osf_strchr(pbeg, OSFPDEL);
- if (pend)
- {
+ if (pend) {
*pend = '\0';
finger->ttl = simple_strtoul(pbeg, NULL, 10);
pbeg = pend+1;
}
pend = osf_strchr(pbeg, OSFPDEL);
- if (pend)
- {
+ if (pend) {
*pend = '\0';
finger->df = simple_strtoul(pbeg, NULL, 10);
pbeg = pend+1;
}
pend = osf_strchr(pbeg, OSFPDEL);
- if (pend)
- {
+ if (pend) {
*pend = '\0';
finger->ss = simple_strtoul(pbeg, NULL, 10);
pbeg = pend+1;
}
pend = osf_strchr(pbeg, OSFPDEL);
- if (pend)
- {
+ if (pend) {
*pend = '\0';
cnt = snprintf(obuf, sizeof(obuf), "%s", pbeg);
pbeg = pend+1;
}
pend = osf_strchr(pbeg, OSFPDEL);
- if (pend)
- {
+ if (pend) {
*pend = '\0';
if (pbeg[0] == '@' || pbeg[0] == '*')
cnt = snprintf(finger->genre, sizeof(finger->genre), "%s", pbeg+1);
@@ -771,16 +716,14 @@
}
pend = osf_strchr(pbeg, OSFPDEL);
- if (pend)
- {
+ if (pend) {
*pend = '\0';
cnt = snprintf(finger->version, sizeof(finger->version), "%s", pbeg);
pbeg = pend+1;
}
pend = osf_strchr(pbeg, OSFPDEL);
- if (pend)
- {
+ if (pend) {
*pend = '\0';
cnt = snprintf(finger->subtype, sizeof(finger->subtype), "%s", pbeg);
pbeg = pend+1;
@@ -814,15 +757,13 @@
INIT_LIST_HEAD(&finger_list);
err = ipt_register_match(&osf_match);
- if (err)
- {
+ if (err) {
log("Failed to register OS fingerprint matching module.\n");
return -ENXIO;
}
p = create_proc_entry("sys/net/ipv4/osf", S_IFREG | 0644, NULL);
- if (!p)
- {
+ if (!p) {
ipt_unregister_match(&osf_match);
return -ENXIO;
}
@@ -831,8 +772,7 @@
p->read_proc = osf_proc_read;
nts = netlink_kernel_create(NETLINK_NFLOG, NULL);
- if (!nts)
- {
+ if (!nts) {
log("netlink_kernel_create() failed\n");
remove_proc_entry("sys/net/ipv4/osf", NULL);
ipt_unregister_match(&osf_match);
@@ -844,17 +784,14 @@
static void __exit osf_fini(void)
{
- struct list_head *ent, *n;
- struct osf_finger *f;
+ struct osf_finger *f, *n;
remove_proc_entry("sys/net/ipv4/osf", NULL);
ipt_unregister_match(&osf_match);
if (nts && nts->sk_socket)
sock_release(nts->sk_socket);
- list_for_each_safe(ent, n, &finger_list)
- {
- f = list_entry(ent, struct osf_finger, flist);
+ list_for_each_entry_safe(f, n, &finger_list, flist) {
list_del(&f->flist);
finger_free(f);
}
More information about the pld-cvs-commit
mailing list