[xtables-addons 2/4] xt_ipp2p: move the protocol-specific code out into separate functions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Signed-off-by: Jeremy Sowden <jeremy@xxxxxxxxxx>
---
 extensions/xt_ipp2p.c | 165 ++++++++++++++++++++++++------------------
 1 file changed, 93 insertions(+), 72 deletions(-)

diff --git a/extensions/xt_ipp2p.c b/extensions/xt_ipp2p.c
index 4e0fbb675c76..298950514569 100644
--- a/extensions/xt_ipp2p.c
+++ b/extensions/xt_ipp2p.c
@@ -807,15 +807,97 @@ static const struct {
 	{0},
 };
 
+static bool
+ipp2p_mt_tcp(const struct ipt_p2p_info *info, const struct tcphdr *tcph,
+	     const unsigned char *haystack, unsigned int hlen,
+	     const struct iphdr *ip)
+{
+	size_t tcph_len = tcph->doff * 4;
+	bool p2p_result = false;
+	int i = 0;
+
+	if (tcph->fin) return 0;  /* if FIN bit is set bail out */
+	if (tcph->syn) return 0;  /* if SYN bit is set bail out */
+	if (tcph->rst) return 0;  /* if RST bit is set bail out */
+
+	if (hlen < tcph_len) {
+		if (info->debug)
+			pr_info("TCP header indicated packet larger than it is\n");
+		return 0;
+	}
+	if (hlen == tcph_len)
+		return 0;
+
+	haystack += tcph_len;
+	hlen     -= tcph_len;
+
+	while (matchlist[i].command) {
+		if ((info->cmd & matchlist[i].command) == matchlist[i].command &&
+		    hlen > matchlist[i].packet_len)
+		{
+			p2p_result = matchlist[i].function_name(haystack, hlen);
+			if (p2p_result)	{
+				if (info->debug)
+					printk("IPP2P.debug:TCP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %d\n",
+					       p2p_result, &ip->saddr,
+					       ntohs(tcph->source),
+					       &ip->daddr,
+					       ntohs(tcph->dest), hlen);
+				return p2p_result;
+			}
+		}
+		i++;
+	}
+	return p2p_result;
+}
+
+static bool
+ipp2p_mt_udp(const struct ipt_p2p_info *info, const struct udphdr *udph,
+	     const unsigned char *haystack, unsigned int hlen,
+	     const struct iphdr *ip)
+{
+	size_t udph_len = sizeof(*udph);
+	bool p2p_result = false;
+	int i = 0;
+
+	if (hlen < udph_len) {
+		if (info->debug)
+			pr_info("UDP header indicated packet larger than it is\n");
+		return 0;
+	}
+	if (hlen == udph_len)
+		return 0;
+
+	haystack += udph_len;
+	hlen     -= udph_len;
+
+	while (udp_list[i].command) {
+		if ((info->cmd & udp_list[i].command) == udp_list[i].command &&
+		    hlen > udp_list[i].packet_len)
+		{
+			p2p_result = udp_list[i].function_name(haystack, hlen);
+			if (p2p_result) {
+				if (info->debug)
+					printk("IPP2P.debug:UDP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %d\n",
+					       p2p_result, &ip->saddr,
+					       ntohs(udph->source),
+					       &ip->daddr,
+					       ntohs(udph->dest), hlen);
+				return p2p_result;
+			}
+		}
+		i++;
+	}
+	return p2p_result;
+}
+
 static bool
 ipp2p_mt(const struct sk_buff *skb, struct xt_action_param *par)
 {
 	const struct ipt_p2p_info *info = par->matchinfo;
-	const unsigned char  *haystack;
 	const struct iphdr *ip = ip_hdr(skb);
-	bool p2p_result = false;
-	int i = 0;
-	unsigned int hlen = ntohs(ip->tot_len) - ip_hdrlen(skb);	/* hlen = packet-data length */
+	const unsigned char *haystack;  /* packet-data */
+	unsigned int hlen;              /* packet-data length */
 
 	/* must not be a fragment */
 	if (par->fragoff != 0) {
@@ -831,84 +913,23 @@ ipp2p_mt(const struct sk_buff *skb, struct xt_action_param *par)
 		return 0;
 	}
 
-	haystack = skb_network_header(skb) + ip_hdrlen(skb);
+	haystack = skb_transport_header(skb);
+	hlen     = ntohs(ip->tot_len) - skb_transport_offset(skb);
 
 	switch (ip->protocol) {
 	case IPPROTO_TCP:	/* what to do with a TCP packet */
 	{
-		const struct tcphdr *tcph = (const void *)ip + ip_hdrlen(skb);
-
-		if (tcph->fin) return 0;  /* if FIN bit is set bail out */
-		if (tcph->syn) return 0;  /* if SYN bit is set bail out */
-		if (tcph->rst) return 0;  /* if RST bit is set bail out */
-
-		if (tcph->doff * 4 > hlen) {
-			if (info->debug)
-				pr_info("TCP header indicated packet larger than it is\n");
-			return 0;
-		}
-		if (tcph->doff * 4 == hlen)
-			return 0;
+		const struct tcphdr *tcph = tcp_hdr(skb);
 
-		haystack += tcph->doff * 4; /* get TCP-Header-Size */
-		hlen     -= tcph->doff * 4;
-
-		while (matchlist[i].command) {
-			if ((info->cmd & matchlist[i].command) == matchlist[i].command &&
-			    hlen > matchlist[i].packet_len)
-			{
-				p2p_result = matchlist[i].function_name(haystack, hlen);
-				if (p2p_result)	{
-					if (info->debug)
-						printk("IPP2P.debug:TCP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %d\n",
-						       p2p_result, &ip->saddr,
-						       ntohs(tcph->source),
-						       &ip->daddr,
-						       ntohs(tcph->dest), hlen);
-					return p2p_result;
-				}
-			}
-			i++;
-		}
-		return p2p_result;
+		return ipp2p_mt_tcp(info, tcph, haystack, hlen, ip);
 	}
-
-	case IPPROTO_UDP:	/* what to do with an UDP packet */
+	case IPPROTO_UDP:	/* what to do with a UDP packet */
 	case IPPROTO_UDPLITE:
 	{
-		const struct udphdr *udph = (const void *)ip + ip_hdrlen(skb);
+		const struct udphdr *udph = udp_hdr(skb);
 
-		if (sizeof(*udph) > hlen) {
-			if (info->debug)
-				pr_info("UDP header indicated packet larger than it is\n");
-			return 0;
-		}
-		if (sizeof(*udph) == hlen)
-			return 0;
-
-		haystack += sizeof(*udph);
-		hlen     -= sizeof(*udph);
-
-		while (udp_list[i].command) {
-			if ((info->cmd & udp_list[i].command) == udp_list[i].command &&
-			    hlen > udp_list[i].packet_len)
-			{
-				p2p_result = udp_list[i].function_name(haystack, hlen);
-				if (p2p_result) {
-					if (info->debug)
-						printk("IPP2P.debug:UDP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %d\n",
-						       p2p_result, &ip->saddr,
-						       ntohs(udph->source),
-						       &ip->daddr,
-						       ntohs(udph->dest), hlen);
-					return p2p_result;
-				}
-			}
-			i++;
-		}
-		return p2p_result;
+		return ipp2p_mt_udp(info, udph, haystack, hlen, ip);
 	}
-
 	default:
 		return 0;
 	}
-- 
2.33.0




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux