diff options
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/xt_DSCP.c | 2 | ||||
-rw-r--r-- | net/netfilter/xt_TCPMSS.c | 4 | ||||
-rw-r--r-- | net/netfilter/xt_connbytes.c | 4 | ||||
-rw-r--r-- | net/netfilter/xt_connmark.c | 2 | ||||
-rw-r--r-- | net/netfilter/xt_dccp.c | 10 | ||||
-rw-r--r-- | net/netfilter/xt_hashlimit.c | 2 | ||||
-rw-r--r-- | net/netfilter/xt_length.c | 4 | ||||
-rw-r--r-- | net/netfilter/xt_mac.c | 10 | ||||
-rw-r--r-- | net/netfilter/xt_pkttype.c | 4 | ||||
-rw-r--r-- | net/netfilter/xt_sctp.c | 23 | ||||
-rw-r--r-- | net/netfilter/xt_tcpudp.c | 2 |
11 files changed, 31 insertions, 36 deletions
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c index 2d779f6902d..ed6b524064f 100644 --- a/net/netfilter/xt_DSCP.c +++ b/net/netfilter/xt_DSCP.c @@ -74,7 +74,7 @@ static bool checkentry(const char *tablename, { const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp; - if ((dscp > XT_DSCP_MAX)) { + if (dscp > XT_DSCP_MAX) { printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp); return false; } diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c index 075051acb55..6ae6df993aa 100644 --- a/net/netfilter/xt_TCPMSS.c +++ b/net/netfilter/xt_TCPMSS.c @@ -93,7 +93,7 @@ tcpmss_mangle_packet(struct sk_buff **pskb, return 0; opt[i+2] = (newmss & 0xff00) >> 8; - opt[i+3] = (newmss & 0x00ff); + opt[i+3] = newmss & 0x00ff; nf_proto_csum_replace2(&tcph->check, *pskb, htons(oldmss), htons(newmss), 0); @@ -126,7 +126,7 @@ tcpmss_mangle_packet(struct sk_buff **pskb, opt[0] = TCPOPT_MSS; opt[1] = TCPOLEN_MSS; opt[2] = (newmss & 0xff00) >> 8; - opt[3] = (newmss & 0x00ff); + opt[3] = newmss & 0x00ff; nf_proto_csum_replace4(&tcph->check, *pskb, 0, *((__be32 *)opt), 0); diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c index 99c246e45c4..d9b2e75fbab 100644 --- a/net/netfilter/xt_connbytes.c +++ b/net/netfilter/xt_connbytes.c @@ -90,9 +90,9 @@ match(const struct sk_buff *skb, } if (sinfo->count.to) - return (what <= sinfo->count.to && what >= sinfo->count.from); + return what <= sinfo->count.to && what >= sinfo->count.from; else - return (what >= sinfo->count.from); + return what >= sinfo->count.from; } static bool check(const char *tablename, diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c index 71f3c1a5d5e..3a6e16d4edc 100644 --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c @@ -48,7 +48,7 @@ match(const struct sk_buff *skb, if (!ct) return false; - return (((ct->mark) & info->mask) == info->mark) ^ info->invert; + return ((ct->mark & info->mask) == info->mark) ^ info->invert; } static bool diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c index 1b77c5bcb34..f07a68d445c 100644 --- a/net/netfilter/xt_dccp.c +++ b/net/netfilter/xt_dccp.c @@ -81,7 +81,7 @@ dccp_find_option(u_int8_t option, static inline bool match_types(const struct dccp_hdr *dh, u_int16_t typemask) { - return (typemask & (1 << dh->dccph_type)); + return typemask & (1 << dh->dccph_type); } static inline bool @@ -113,11 +113,11 @@ match(const struct sk_buff *skb, return false; } - return DCCHECK(((ntohs(dh->dccph_sport) >= info->spts[0]) - && (ntohs(dh->dccph_sport) <= info->spts[1])), + return DCCHECK(ntohs(dh->dccph_sport) >= info->spts[0] + && ntohs(dh->dccph_sport) <= info->spts[1], XT_DCCP_SRC_PORTS, info->flags, info->invflags) - && DCCHECK(((ntohs(dh->dccph_dport) >= info->dpts[0]) - && (ntohs(dh->dccph_dport) <= info->dpts[1])), + && DCCHECK(ntohs(dh->dccph_dport) >= info->dpts[0] + && ntohs(dh->dccph_dport) <= info->dpts[1], XT_DCCP_DEST_PORTS, info->flags, info->invflags) && DCCHECK(match_types(dh, info->typemask), XT_DCCP_TYPE, info->flags, info->invflags) diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index deb5890aa3a..094da6e066b 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c @@ -239,7 +239,7 @@ static bool select_all(const struct xt_hashlimit_htable *ht, static bool select_gc(const struct xt_hashlimit_htable *ht, const struct dsthash_ent *he) { - return (jiffies >= he->expires); + return jiffies >= he->expires; } static void htable_selective_cleanup(struct xt_hashlimit_htable *ht, diff --git a/net/netfilter/xt_length.c b/net/netfilter/xt_length.c index 57bcfacde59..ea4880bd31e 100644 --- a/net/netfilter/xt_length.c +++ b/net/netfilter/xt_length.c @@ -47,8 +47,8 @@ match6(const struct sk_buff *skb, bool *hotdrop) { const struct xt_length_info *info = matchinfo; - const u_int16_t pktlen = (ntohs(ipv6_hdr(skb)->payload_len) + - sizeof(struct ipv6hdr)); + const u_int16_t pktlen = ntohs(ipv6_hdr(skb)->payload_len) + + sizeof(struct ipv6hdr); return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; } diff --git a/net/netfilter/xt_mac.c b/net/netfilter/xt_mac.c index 86022027dd6..28ec08e7511 100644 --- a/net/netfilter/xt_mac.c +++ b/net/netfilter/xt_mac.c @@ -37,11 +37,11 @@ match(const struct sk_buff *skb, const struct xt_mac_info *info = matchinfo; /* Is mac pointer valid? */ - return (skb_mac_header(skb) >= skb->head && - (skb_mac_header(skb) + ETH_HLEN) <= skb->data - /* If so, compare... */ - && ((!compare_ether_addr(eth_hdr(skb)->h_source, info->srcaddr)) - ^ info->invert)); + return skb_mac_header(skb) >= skb->head && + skb_mac_header(skb) + ETH_HLEN <= skb->data + /* If so, compare... */ + && ((!compare_ether_addr(eth_hdr(skb)->h_source, info->srcaddr)) + ^ info->invert); } static struct xt_match xt_mac_match[] = { diff --git a/net/netfilter/xt_pkttype.c b/net/netfilter/xt_pkttype.c index 63239727bc2..e4c420b5713 100644 --- a/net/netfilter/xt_pkttype.c +++ b/net/netfilter/xt_pkttype.c @@ -34,9 +34,9 @@ static bool match(const struct sk_buff *skb, const struct xt_pkttype_info *info = matchinfo; if (skb->pkt_type == PACKET_LOOPBACK) - type = (MULTICAST(ip_hdr(skb)->daddr) + type = MULTICAST(ip_hdr(skb)->daddr) ? PACKET_MULTICAST - : PACKET_BROADCAST); + : PACKET_BROADCAST; else type = skb->pkt_type; diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c index 22df338b393..fefc846188f 100644 --- a/net/netfilter/xt_sctp.c +++ b/net/netfilter/xt_sctp.c @@ -31,11 +31,9 @@ match_flags(const struct xt_sctp_flag_info *flag_info, { int i; - for (i = 0; i < flag_count; i++) { - if (flag_info[i].chunktype == chunktype) { + for (i = 0; i < flag_count; i++) + if (flag_info[i].chunktype == chunktype) return (chunkflags & flag_info[i].flag_mask) == flag_info[i].flag; - } - } return true; } @@ -56,9 +54,8 @@ match_packet(const struct sk_buff *skb, int i = 0; #endif - if (chunk_match_type == SCTP_CHUNK_MATCH_ALL) { + if (chunk_match_type == SCTP_CHUNK_MATCH_ALL) SCTP_CHUNKMAP_COPY(chunkmapcopy, chunkmap); - } do { sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch); @@ -86,16 +83,14 @@ match_packet(const struct sk_buff *skb, case SCTP_CHUNK_MATCH_ALL: if (match_flags(flag_info, flag_count, - sch->type, sch->flags)) { + sch->type, sch->flags)) SCTP_CHUNKMAP_CLEAR(chunkmapcopy, sch->type); - } break; case SCTP_CHUNK_MATCH_ONLY: if (!match_flags(flag_info, flag_count, - sch->type, sch->flags)) { + sch->type, sch->flags)) return false; - } break; } } else { @@ -145,11 +140,11 @@ match(const struct sk_buff *skb, } duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest)); - return SCCHECK(((ntohs(sh->source) >= info->spts[0]) - && (ntohs(sh->source) <= info->spts[1])), + return SCCHECK(ntohs(sh->source) >= info->spts[0] + && ntohs(sh->source) <= info->spts[1], XT_SCTP_SRC_PORTS, info->flags, info->invflags) - && SCCHECK(((ntohs(sh->dest) >= info->dpts[0]) - && (ntohs(sh->dest) <= info->dpts[1])), + && SCCHECK(ntohs(sh->dest) >= info->dpts[0] + && ntohs(sh->dest) <= info->dpts[1], XT_SCTP_DEST_PORTS, info->flags, info->invflags) && SCCHECK(match_packet(skb, protoff + sizeof (sctp_sctphdr_t), info->chunkmap, info->chunk_match_type, diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c index 0dd3022cc79..5cb345aeeca 100644 --- a/net/netfilter/xt_tcpudp.c +++ b/net/netfilter/xt_tcpudp.c @@ -95,7 +95,7 @@ tcp_match(const struct sk_buff *skb, return false; } -#define FWINVTCP(bool,invflg) ((bool) ^ !!(tcpinfo->invflags & invflg)) +#define FWINVTCP(bool, invflg) ((bool) ^ !!(tcpinfo->invflags & (invflg))) th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); if (th == NULL) { |