Skip to content

L
linux
Commit 72a52569 authored by Patrick McHardy's avatar Patrick McHardy
Browse files
Options

[NETFILTER]: Introduce tabs to ip6t_ah.c 

Fix horrible indentation, not a single tab in the file.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 2ece4504
Hide whitespace changes
Inline Side-by-side
Showing with 132 additions and 136 deletions
net/ipv6/netfilter/ip6t_ah.c
View file @ 72a52569
...@@ -31,12 +31,12 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); ...@@ -31,12 +31,12 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
static inline int static inline int
spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
{ {
int r=0; int r=0;
DEBUGP("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ', DEBUGP("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ',
min,spi,max); min,spi,max);
r=(spi >= min && spi <= max) ^ invert; r = (spi >= min && spi <= max) ^ invert;
DEBUGP(" result %s\n",r? "PASS\n" : "FAILED\n"); DEBUGP(" result %s\n",r? "PASS\n" : "FAILED\n");
return r; return r;
} }
static int static int
...@@ -48,123 +48,121 @@ match(const struct sk_buff *skb, ...@@ -48,123 +48,121 @@ match(const struct sk_buff *skb,
unsigned int protoff, unsigned int protoff,
int *hotdrop) int *hotdrop)
{ {
struct ip_auth_hdr *ah = NULL, _ah; struct ip_auth_hdr *ah = NULL, _ah;
const struct ip6t_ah *ahinfo = matchinfo; const struct ip6t_ah *ahinfo = matchinfo;
unsigned int temp; unsigned int temp;
int len; int len;
u8 nexthdr; u8 nexthdr;
unsigned int ptr; unsigned int ptr;
unsigned int hdrlen = 0; unsigned int hdrlen = 0;
/*DEBUGP("IPv6 AH entered\n");*/ /*DEBUGP("IPv6 AH entered\n");*/
/* if (opt->auth == 0) return 0; /* if (opt->auth == 0) return 0;
* It does not filled on output */ * It does not filled on output */
/* type of the 1st exthdr */ /* type of the 1st exthdr */
nexthdr = skb->nh.ipv6h->nexthdr; nexthdr = skb->nh.ipv6h->nexthdr;
/* pointer to the 1st exthdr */ /* pointer to the 1st exthdr */
ptr = sizeof(struct ipv6hdr); ptr = sizeof(struct ipv6hdr);
/* available length */ /* available length */
len = skb->len - ptr; len = skb->len - ptr;
temp = 0; temp = 0;
while (ip6t_ext_hdr(nexthdr)) { while (ip6t_ext_hdr(nexthdr)) {
struct ipv6_opt_hdr _hdr, *hp; struct ipv6_opt_hdr _hdr, *hp;
DEBUGP("ipv6_ah header iteration \n"); DEBUGP("ipv6_ah header iteration \n");
/* Is there enough space for the next ext header? */ /* Is there enough space for the next ext header? */
if (len < (int)sizeof(struct ipv6_opt_hdr)) if (len < sizeof(struct ipv6_opt_hdr))
return 0; return 0;
/* No more exthdr -> evaluate */ /* No more exthdr -> evaluate */
if (nexthdr == NEXTHDR_NONE) { if (nexthdr == NEXTHDR_NONE)
break; break;
} /* ESP -> evaluate */
/* ESP -> evaluate */ if (nexthdr == NEXTHDR_ESP)
if (nexthdr == NEXTHDR_ESP) { break;
break;
} hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
BUG_ON(hp == NULL);
hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
BUG_ON(hp == NULL); /* Calculate the header length */
if (nexthdr == NEXTHDR_FRAGMENT)
/* Calculate the header length */ hdrlen = 8;
if (nexthdr == NEXTHDR_FRAGMENT) { else if (nexthdr == NEXTHDR_AUTH)
hdrlen = 8; hdrlen = (hp->hdrlen+2)<<2;
} else if (nexthdr == NEXTHDR_AUTH) else
hdrlen = (hp->hdrlen+2)<<2; hdrlen = ipv6_optlen(hp);
else
hdrlen = ipv6_optlen(hp); /* AH -> evaluate */
if (nexthdr == NEXTHDR_AUTH) {
/* AH -> evaluate */ temp |= MASK_AH;
if (nexthdr == NEXTHDR_AUTH) { break;
temp |= MASK_AH; }
break;
}
/* set the flag */
switch (nexthdr) {
/* set the flag */ case NEXTHDR_HOP:
switch (nexthdr){ case NEXTHDR_ROUTING:
case NEXTHDR_HOP: case NEXTHDR_FRAGMENT:
case NEXTHDR_ROUTING: case NEXTHDR_AUTH:
case NEXTHDR_FRAGMENT: case NEXTHDR_DEST:
case NEXTHDR_AUTH: break;
case NEXTHDR_DEST: default:
break; DEBUGP("ipv6_ah match: unknown nextheader %u\n",nexthdr);
default: return 0;
DEBUGP("ipv6_ah match: unknown nextheader %u\n",nexthdr); }
return 0;
break; nexthdr = hp->nexthdr;
} len -= hdrlen;
ptr += hdrlen;
nexthdr = hp->nexthdr; if (ptr > skb->len) {
len -= hdrlen;
ptr += hdrlen;
if ( ptr > skb->len ) {
DEBUGP("ipv6_ah: new pointer too large! \n"); DEBUGP("ipv6_ah: new pointer too large! \n");
break; break;
} }
} }
/* AH header not found */ /* AH header not found */
if ( temp != MASK_AH ) return 0; if (temp != MASK_AH)
return 0;
if (len < (int)sizeof(struct ip_auth_hdr)){
*hotdrop = 1; if (len < sizeof(struct ip_auth_hdr)){
return 0; *hotdrop = 1;
} return 0;
}
ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
BUG_ON(ah == NULL); ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
BUG_ON(ah == NULL);
DEBUGP("IPv6 AH LEN %u %u ", hdrlen, ah->hdrlen);
DEBUGP("RES %04X ", ah->reserved); DEBUGP("IPv6 AH LEN %u %u ", hdrlen, ah->hdrlen);
DEBUGP("SPI %u %08X\n", ntohl(ah->spi), ntohl(ah->spi)); DEBUGP("RES %04X ", ah->reserved);
DEBUGP("SPI %u %08X\n", ntohl(ah->spi), ntohl(ah->spi));
DEBUGP("IPv6 AH spi %02X ",
(spi_match(ahinfo->spis[0], ahinfo->spis[1], DEBUGP("IPv6 AH spi %02X ",
ntohl(ah->spi), (spi_match(ahinfo->spis[0], ahinfo->spis[1],
!!(ahinfo->invflags & IP6T_AH_INV_SPI)))); ntohl(ah->spi),
DEBUGP("len %02X %04X %02X ", !!(ahinfo->invflags & IP6T_AH_INV_SPI))));
ahinfo->hdrlen, hdrlen, DEBUGP("len %02X %04X %02X ",
(!ahinfo->hdrlen || ahinfo->hdrlen, hdrlen,
(ahinfo->hdrlen == hdrlen) ^ (!ahinfo->hdrlen ||
!!(ahinfo->invflags & IP6T_AH_INV_LEN))); (ahinfo->hdrlen == hdrlen) ^
DEBUGP("res %02X %04X %02X\n", !!(ahinfo->invflags & IP6T_AH_INV_LEN)));
ahinfo->hdrres, ah->reserved, DEBUGP("res %02X %04X %02X\n",
!(ahinfo->hdrres && ah->reserved)); ahinfo->hdrres, ah->reserved,
!(ahinfo->hdrres && ah->reserved));
return (ah != NULL)
&& return (ah != NULL)
(spi_match(ahinfo->spis[0], ahinfo->spis[1], &&
ntohl(ah->spi), (spi_match(ahinfo->spis[0], ahinfo->spis[1],
!!(ahinfo->invflags & IP6T_AH_INV_SPI))) ntohl(ah->spi),
&& !!(ahinfo->invflags & IP6T_AH_INV_SPI)))
(!ahinfo->hdrlen || &&
(ahinfo->hdrlen == hdrlen) ^ (!ahinfo->hdrlen ||
!!(ahinfo->invflags & IP6T_AH_INV_LEN)) (ahinfo->hdrlen == hdrlen) ^
&& !!(ahinfo->invflags & IP6T_AH_INV_LEN))
!(ahinfo->hdrres && ah->reserved); &&
!(ahinfo->hdrres && ah->reserved);
} }
/* Called when user tries to insert an entry of this type. */ /* Called when user tries to insert an entry of this type. */
...@@ -175,20 +173,18 @@ checkentry(const char *tablename, ...@@ -175,20 +173,18 @@ checkentry(const char *tablename,
unsigned int matchinfosize, unsigned int matchinfosize,
unsigned int hook_mask) unsigned int hook_mask)
{ {
const struct ip6t_ah *ahinfo = matchinfo; const struct ip6t_ah *ahinfo = matchinfo;
if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_ah))) { if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_ah))) {
DEBUGP("ip6t_ah: matchsize %u != %u\n", DEBUGP("ip6t_ah: matchsize %u != %u\n",
matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_ah))); matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_ah)));
return 0; return 0;
} }
if (ahinfo->invflags & ~IP6T_AH_INV_MASK) { if (ahinfo->invflags & ~IP6T_AH_INV_MASK) {
DEBUGP("ip6t_ah: unknown flags %X\n", DEBUGP("ip6t_ah: unknown flags %X\n", ahinfo->invflags);
ahinfo->invflags); return 0;
return 0; }
} return 1;
return 1;
} }
static struct ip6t_match ah_match = { static struct ip6t_match ah_match = {
...@@ -200,12 +196,12 @@ static struct ip6t_match ah_match = { ...@@ -200,12 +196,12 @@ static struct ip6t_match ah_match = {
static int __init init(void) static int __init init(void)
{ {
return ip6t_register_match(&ah_match); return ip6t_register_match(&ah_match);
} }
static void __exit cleanup(void) static void __exit cleanup(void)
{ {
ip6t_unregister_match(&ah_match); ip6t_unregister_match(&ah_match);
} }
module_init(init); module_init(init);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7