commit a892e62a4c5b0dcc41c2b9fda666db81334af64b
Author: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>
Date: Wed Jan 2 20:33:00 2008 +0100
[NETFILTER]: Unknot xt_ah IPv6 logic
Split up the big return statement in ah_mt6() into smaller ones.
Signed-off-by: Jan Engelhardt <jengelh@xxxxxx>
net/netfilter/xt_ah.c | 24 +++++++++++++-----------
1 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/net/netfilter/xt_ah.c b/net/netfilter/xt_ah.c
index c18cc70..2aed8c4 100644
--- a/net/netfilter/xt_ah.c
+++ b/net/netfilter/xt_ah.c
@@ -89,6 +89,7 @@ ah_mt6(const struct sk_buff *skb, const struct net_device *in,
unsigned int ptr;
unsigned int hdrlen = 0;
int err;
+ bool m;
err = ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL);
if (err < 0) {
@@ -122,17 +123,18 @@ ah_mt6(const struct sk_buff *skb, const struct net_device *in,
ahinfo->hdrres, ah->reserved,
!(ahinfo->hdrres && ah->reserved));
- return (ah != NULL)
- &&
- spi_match(ahinfo->spis[0], ahinfo->spis[1],
- ntohl(ah->spi),
- !!(ahinfo->invflags & IP6T_AH_INV_SPI))
- &&
- (!ahinfo->hdrlen ||
- (ahinfo->hdrlen == hdrlen) ^
- !!(ahinfo->invflags & IP6T_AH_INV_LEN))
- &&
- !(ahinfo->hdrres && ah->reserved);
+ m = spi_match(ahinfo->spis[0], ahinfo->spis[1], ntohl(ah->spi),
+ ahinfo->invflags & IP6T_AH_INV_SPI);
+ if (!m)
+ return false;
+
+ m = ahinfo->hdrlen == 0;
+ m |= ahinfo->hdrlen == hdrlen;
+ m ^= !!(ahinfo->invflags & IP6T_AH_INV_LEN);
+ if (!m)
+ return false;
+
+ return ahinfo->hdrres == 0 || ah->reserved == 0;
}
static bool
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
