Author: oleg
Date: Tue Feb 28 21:53:39 2012
New Revision: 232272
URL: http://svn.freebsd.org/changeset/base/232272
Log:
lookup_dyn_rule_locked(): style(9) cleanup
MFC after: 1 month
Modified:
head/sys/netinet/ipfw/ip_fw_dynamic.c
Modified: head/sys/netinet/ipfw/ip_fw_dynamic.c
==============================================================================
--- head/sys/netinet/ipfw/ip_fw_dynamic.c Tue Feb 28 21:45:21 2012
(r232271)
+++ head/sys/netinet/ipfw/ip_fw_dynamic.c Tue Feb 28 21:53:39 2012
(r232272)
@@ -390,72 +390,68 @@ ipfw_remove_dyn_children(struct ip_fw *r
IPFW_DYN_UNLOCK();
}
-/**
- * lookup a dynamic rule, locked version
+/*
+ * Lookup a dynamic rule, locked version.
*/
static ipfw_dyn_rule *
lookup_dyn_rule_locked(struct ipfw_flow_id *pkt, int *match_direction,
struct tcphdr *tcp)
{
/*
- * stateful ipfw extensions.
- * Lookup into dynamic session queue
+ * Stateful ipfw extensions.
+ * Lookup into dynamic session queue.
*/
#define MATCH_REVERSE 0
#define MATCH_FORWARD 1
#define MATCH_NONE 2
#define MATCH_UNKNOWN 3
int i, dir = MATCH_NONE;
- ipfw_dyn_rule *prev, *q=NULL;
+ ipfw_dyn_rule *prev, *q = NULL;
IPFW_DYN_LOCK_ASSERT();
if (V_ipfw_dyn_v == NULL)
- goto done; /* not found */
- i = hash_packet( pkt );
- for (prev=NULL, q = V_ipfw_dyn_v[i] ; q != NULL ; ) {
+ goto done; /* not found */
+ i = hash_packet(pkt);
+ for (prev = NULL, q = V_ipfw_dyn_v[i]; q != NULL;) {
if (q->dyn_type == O_LIMIT_PARENT && q->count)
goto next;
- if (TIME_LEQ( q->expire, time_uptime)) { /* expire entry */
+ if (TIME_LEQ(q->expire, time_uptime)) { /* expire entry */
UNLINK_DYN_RULE(prev, V_ipfw_dyn_v[i], q);
continue;
}
- if (pkt->proto == q->id.proto &&
- q->dyn_type != O_LIMIT_PARENT) {
- if (IS_IP6_FLOW_ID(pkt)) {
- if (IN6_ARE_ADDR_EQUAL(&(pkt->src_ip6),
- &(q->id.src_ip6)) &&
- IN6_ARE_ADDR_EQUAL(&(pkt->dst_ip6),
- &(q->id.dst_ip6)) &&
+ if (pkt->proto != q->id.proto || q->dyn_type == O_LIMIT_PARENT)
+ goto next;
+
+ if (IS_IP6_FLOW_ID(pkt)) {
+ if (IN6_ARE_ADDR_EQUAL(&pkt->src_ip6, &q->id.src_ip6) &&
+ IN6_ARE_ADDR_EQUAL(&pkt->dst_ip6, &q->id.dst_ip6) &&
pkt->src_port == q->id.src_port &&
- pkt->dst_port == q->id.dst_port ) {
+ pkt->dst_port == q->id.dst_port) {
dir = MATCH_FORWARD;
break;
- }
- if (IN6_ARE_ADDR_EQUAL(&(pkt->src_ip6),
- &(q->id.dst_ip6)) &&
- IN6_ARE_ADDR_EQUAL(&(pkt->dst_ip6),
- &(q->id.src_ip6)) &&
- pkt->src_port == q->id.dst_port &&
- pkt->dst_port == q->id.src_port ) {
- dir = MATCH_REVERSE;
- break;
- }
- } else {
- if (pkt->src_ip == q->id.src_ip &&
- pkt->dst_ip == q->id.dst_ip &&
- pkt->src_port == q->id.src_port &&
- pkt->dst_port == q->id.dst_port ) {
- dir = MATCH_FORWARD;
- break;
- }
- if (pkt->src_ip == q->id.dst_ip &&
- pkt->dst_ip == q->id.src_ip &&
- pkt->src_port == q->id.dst_port &&
- pkt->dst_port == q->id.src_port ) {
- dir = MATCH_REVERSE;
- break;
- }
+ }
+ if (IN6_ARE_ADDR_EQUAL(&pkt->src_ip6, &q->id.dst_ip6) &&
+ IN6_ARE_ADDR_EQUAL(&pkt->dst_ip6, &q->id.src_ip6) &&
+ pkt->src_port == q->id.dst_port &&
+ pkt->dst_port == q->id.src_port) {
+ dir = MATCH_REVERSE;
+ break;
+ }
+ } else {
+ if (pkt->src_ip == q->id.src_ip &&
+ pkt->dst_ip == q->id.dst_ip &&
+ pkt->src_port == q->id.src_port &&
+ pkt->dst_port == q->id.dst_port) {
+ dir = MATCH_FORWARD;
+ break;
+ }
+ if (pkt->src_ip == q->id.dst_ip &&
+ pkt->dst_ip == q->id.src_ip &&
+ pkt->src_port == q->id.dst_port &&
+ pkt->dst_port == q->id.src_port) {
+ dir = MATCH_REVERSE;
+ break;
}
}
next:
@@ -463,43 +459,45 @@ next:
q = q->next;
}
if (q == NULL)
- goto done; /* q = NULL, not found */
+ goto done; /* q = NULL, not found */
- if ( prev != NULL) { /* found and not in front */
+ if (prev != NULL) { /* found and not in front */
prev->next = q->next;
q->next = V_ipfw_dyn_v[i];
V_ipfw_dyn_v[i] = q;
}
if (pkt->proto == IPPROTO_TCP) { /* update state according to flags */
- u_char flags = pkt->_flags & (TH_FIN|TH_SYN|TH_RST);
+ uint32_t ack;
+ u_char flags = pkt->_flags & (TH_FIN | TH_SYN | TH_RST);
#define BOTH_SYN (TH_SYN | (TH_SYN << 8))
#define BOTH_FIN (TH_FIN | (TH_FIN << 8))
- q->state |= (dir == MATCH_FORWARD ) ? flags : (flags << 8);
+ q->state |= (dir == MATCH_FORWARD) ? flags : (flags << 8);
switch (q->state) {
- case TH_SYN: /* opening */
+ case TH_SYN: /* opening */
q->expire = time_uptime + V_dyn_syn_lifetime;
break;
case BOTH_SYN: /* move to established */
- case BOTH_SYN | TH_FIN : /* one side tries to close */
- case BOTH_SYN | (TH_FIN << 8) :
- if (tcp) {
+ case BOTH_SYN | TH_FIN: /* one side tries to close */
+ case BOTH_SYN | (TH_FIN << 8):
#define _SEQ_GE(a,b) ((int)(a) - (int)(b) >= 0)
- u_int32_t ack = ntohl(tcp->th_ack);
- if (dir == MATCH_FORWARD) {
+ if (tcp == NULL) {
+ q->expire = time_uptime + V_dyn_ack_lifetime;
+ break;
+ }
+
+ ack = ntohl(tcp->th_ack);
+ if (dir == MATCH_FORWARD) {
if (q->ack_fwd == 0 || _SEQ_GE(ack, q->ack_fwd))
- q->ack_fwd = ack;
- else { /* ignore out-of-sequence */
- break;
- }
- } else {
+ q->ack_fwd = ack;
+ else /* ignore out-of-sequence */
+ break;
+ } else {
if (q->ack_rev == 0 || _SEQ_GE(ack, q->ack_rev))
- q->ack_rev = ack;
- else { /* ignore out-of-sequence */
- break;
- }
- }
+ q->ack_rev = ack;
+ else /* ignore out-of-sequence */
+ break;
}
q->expire = time_uptime + V_dyn_ack_lifetime;
break;
@@ -531,9 +529,9 @@ next:
q->expire = time_uptime + V_dyn_short_lifetime;
}
done:
- if (match_direction)
+ if (match_direction != NULL)
*match_direction = dir;
- return q;
+ return (q);
}
ipfw_dyn_rule *
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
