diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2010-12-09 12:38:11 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-12-10 19:04:53 -0500 |
commit | deef4b522b814593407cfd56216840c2b75e9f15 (patch) | |
tree | 82e8f89a50e5ac994b50f4aa0c79b5f57d6c3102 | |
parent | c053fd96d0d3d18c721f880b8fdd0b925894d9c4 (diff) |
bridge: Use consistent NF_DROP returns in nf_pre_routing
The nf_pre_routing functions in bridging have collected two
distinct ways of returning NF_DROP over the years, inline and
via goto. There is no reason for preferring either one.
So this patch arbitrarily picks the inline variant and converts
the all the gotos.
Also removes a redundant comment.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/bridge/br_netfilter.c | 25 |
1 files changed, 9 insertions, 16 deletions
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 16f5c333596a..4b5b66d07bba 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c | |||
@@ -562,26 +562,26 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook, | |||
562 | u32 pkt_len; | 562 | u32 pkt_len; |
563 | 563 | ||
564 | if (skb->len < sizeof(struct ipv6hdr)) | 564 | if (skb->len < sizeof(struct ipv6hdr)) |
565 | goto inhdr_error; | 565 | return NF_DROP; |
566 | 566 | ||
567 | if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) | 567 | if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) |
568 | goto inhdr_error; | 568 | return NF_DROP; |
569 | 569 | ||
570 | hdr = ipv6_hdr(skb); | 570 | hdr = ipv6_hdr(skb); |
571 | 571 | ||
572 | if (hdr->version != 6) | 572 | if (hdr->version != 6) |
573 | goto inhdr_error; | 573 | return NF_DROP; |
574 | 574 | ||
575 | pkt_len = ntohs(hdr->payload_len); | 575 | pkt_len = ntohs(hdr->payload_len); |
576 | 576 | ||
577 | if (pkt_len || hdr->nexthdr != NEXTHDR_HOP) { | 577 | if (pkt_len || hdr->nexthdr != NEXTHDR_HOP) { |
578 | if (pkt_len + sizeof(struct ipv6hdr) > skb->len) | 578 | if (pkt_len + sizeof(struct ipv6hdr) > skb->len) |
579 | goto inhdr_error; | 579 | return NF_DROP; |
580 | if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr))) | 580 | if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr))) |
581 | goto inhdr_error; | 581 | return NF_DROP; |
582 | } | 582 | } |
583 | if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb)) | 583 | if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb)) |
584 | goto inhdr_error; | 584 | return NF_DROP; |
585 | 585 | ||
586 | nf_bridge_put(skb->nf_bridge); | 586 | nf_bridge_put(skb->nf_bridge); |
587 | if (!nf_bridge_alloc(skb)) | 587 | if (!nf_bridge_alloc(skb)) |
@@ -594,9 +594,6 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook, | |||
594 | br_nf_pre_routing_finish_ipv6); | 594 | br_nf_pre_routing_finish_ipv6); |
595 | 595 | ||
596 | return NF_STOLEN; | 596 | return NF_STOLEN; |
597 | |||
598 | inhdr_error: | ||
599 | return NF_DROP; | ||
600 | } | 597 | } |
601 | 598 | ||
602 | /* Direct IPv6 traffic to br_nf_pre_routing_ipv6. | 599 | /* Direct IPv6 traffic to br_nf_pre_routing_ipv6. |
@@ -615,11 +612,11 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb, | |||
615 | __u32 len = nf_bridge_encap_header_len(skb); | 612 | __u32 len = nf_bridge_encap_header_len(skb); |
616 | 613 | ||
617 | if (unlikely(!pskb_may_pull(skb, len))) | 614 | if (unlikely(!pskb_may_pull(skb, len))) |
618 | goto out; | 615 | return NF_DROP; |
619 | 616 | ||
620 | p = br_port_get_rcu(in); | 617 | p = br_port_get_rcu(in); |
621 | if (p == NULL) | 618 | if (p == NULL) |
622 | goto out; | 619 | return NF_DROP; |
623 | br = p->br; | 620 | br = p->br; |
624 | 621 | ||
625 | if (skb->protocol == htons(ETH_P_IPV6) || IS_VLAN_IPV6(skb) || | 622 | if (skb->protocol == htons(ETH_P_IPV6) || IS_VLAN_IPV6(skb) || |
@@ -641,8 +638,7 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb, | |||
641 | nf_bridge_pull_encap_header_rcsum(skb); | 638 | nf_bridge_pull_encap_header_rcsum(skb); |
642 | 639 | ||
643 | if (br_parse_ip_options(skb)) | 640 | if (br_parse_ip_options(skb)) |
644 | /* Drop invalid packet */ | 641 | return NF_DROP; |
645 | goto out; | ||
646 | 642 | ||
647 | nf_bridge_put(skb->nf_bridge); | 643 | nf_bridge_put(skb->nf_bridge); |
648 | if (!nf_bridge_alloc(skb)) | 644 | if (!nf_bridge_alloc(skb)) |
@@ -656,9 +652,6 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb, | |||
656 | br_nf_pre_routing_finish); | 652 | br_nf_pre_routing_finish); |
657 | 653 | ||
658 | return NF_STOLEN; | 654 | return NF_STOLEN; |
659 | |||
660 | out: | ||
661 | return NF_DROP; | ||
662 | } | 655 | } |
663 | 656 | ||
664 | 657 | ||