diff options
28 files changed, 90 insertions, 110 deletions
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c index 2de7ae0180aa..5de13b44b1ca 100644 --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c | |||
@@ -122,9 +122,8 @@ __clusterip_config_find(__be32 clusterip) | |||
122 | list_for_each(pos, &clusterip_configs) { | 122 | list_for_each(pos, &clusterip_configs) { |
123 | struct clusterip_config *c = list_entry(pos, | 123 | struct clusterip_config *c = list_entry(pos, |
124 | struct clusterip_config, list); | 124 | struct clusterip_config, list); |
125 | if (c->clusterip == clusterip) { | 125 | if (c->clusterip == clusterip) |
126 | return c; | 126 | return c; |
127 | } | ||
128 | } | 127 | } |
129 | 128 | ||
130 | return NULL; | 129 | return NULL; |
@@ -155,9 +154,8 @@ clusterip_config_init_nodelist(struct clusterip_config *c, | |||
155 | { | 154 | { |
156 | int n; | 155 | int n; |
157 | 156 | ||
158 | for (n = 0; n < i->num_local_nodes; n++) { | 157 | for (n = 0; n < i->num_local_nodes; n++) |
159 | set_bit(i->local_nodes[n] - 1, &c->local_nodes); | 158 | set_bit(i->local_nodes[n] - 1, &c->local_nodes); |
160 | } | ||
161 | } | 159 | } |
162 | 160 | ||
163 | static struct clusterip_config * | 161 | static struct clusterip_config * |
@@ -255,10 +253,9 @@ clusterip_hashfn(const struct sk_buff *skb, | |||
255 | dport = ports[1]; | 253 | dport = ports[1]; |
256 | break; | 254 | break; |
257 | default: | 255 | default: |
258 | if (net_ratelimit()) { | 256 | if (net_ratelimit()) |
259 | printk(KERN_NOTICE "CLUSTERIP: unknown protocol `%u'\n", | 257 | printk(KERN_NOTICE "CLUSTERIP: unknown protocol `%u'\n", |
260 | iph->protocol); | 258 | iph->protocol); |
261 | } | ||
262 | sport = dport = 0; | 259 | sport = dport = 0; |
263 | } | 260 | } |
264 | 261 | ||
@@ -286,7 +283,7 @@ clusterip_hashfn(const struct sk_buff *skb, | |||
286 | } | 283 | } |
287 | 284 | ||
288 | /* node numbers are 1..n, not 0..n */ | 285 | /* node numbers are 1..n, not 0..n */ |
289 | return ((hashval % config->num_total_nodes)+1); | 286 | return (hashval % config->num_total_nodes) + 1; |
290 | } | 287 | } |
291 | 288 | ||
292 | static inline int | 289 | static inline int |
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index 02367012fc74..a647c1db86dd 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c | |||
@@ -58,8 +58,8 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | |||
58 | 58 | ||
59 | if ((!(einfo->operation & IPT_ECN_OP_SET_ECE) || | 59 | if ((!(einfo->operation & IPT_ECN_OP_SET_ECE) || |
60 | tcph->ece == einfo->proto.tcp.ece) && | 60 | tcph->ece == einfo->proto.tcp.ece) && |
61 | ((!(einfo->operation & IPT_ECN_OP_SET_CWR) || | 61 | (!(einfo->operation & IPT_ECN_OP_SET_CWR) || |
62 | tcph->cwr == einfo->proto.tcp.cwr))) | 62 | tcph->cwr == einfo->proto.tcp.cwr)) |
63 | return true; | 63 | return true; |
64 | 64 | ||
65 | if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) | 65 | if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) |
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c index f53f2c4ca4a1..737830b68ade 100644 --- a/net/ipv4/netfilter/ipt_TTL.c +++ b/net/ipv4/netfilter/ipt_TTL.c | |||
@@ -75,7 +75,7 @@ static bool ipt_ttl_checkentry(const char *tablename, | |||
75 | info->mode); | 75 | info->mode); |
76 | return false; | 76 | return false; |
77 | } | 77 | } |
78 | if ((info->mode != IPT_TTL_SET) && (info->ttl == 0)) | 78 | if (info->mode != IPT_TTL_SET && info->ttl == 0) |
79 | return false; | 79 | return false; |
80 | return true; | 80 | return true; |
81 | } | 81 | } |
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index 282eb00fc471..5b25ca688784 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c | |||
@@ -179,12 +179,10 @@ static void ipt_ulog_packet(unsigned int hooknum, | |||
179 | unsigned int groupnum = ffs(loginfo->nl_group) - 1; | 179 | unsigned int groupnum = ffs(loginfo->nl_group) - 1; |
180 | 180 | ||
181 | /* calculate the size of the skb needed */ | 181 | /* calculate the size of the skb needed */ |
182 | if ((loginfo->copy_range == 0) || | 182 | if (loginfo->copy_range == 0 || loginfo->copy_range > skb->len) |
183 | (loginfo->copy_range > skb->len)) { | ||
184 | copy_len = skb->len; | 183 | copy_len = skb->len; |
185 | } else { | 184 | else |
186 | copy_len = loginfo->copy_range; | 185 | copy_len = loginfo->copy_range; |
187 | } | ||
188 | 186 | ||
189 | size = NLMSG_SPACE(sizeof(*pm) + copy_len); | 187 | size = NLMSG_SPACE(sizeof(*pm) + copy_len); |
190 | 188 | ||
@@ -257,9 +255,8 @@ static void ipt_ulog_packet(unsigned int hooknum, | |||
257 | BUG(); | 255 | BUG(); |
258 | 256 | ||
259 | /* check if we are building multi-part messages */ | 257 | /* check if we are building multi-part messages */ |
260 | if (ub->qlen > 1) { | 258 | if (ub->qlen > 1) |
261 | ub->lastnlh->nlmsg_flags |= NLM_F_MULTI; | 259 | ub->lastnlh->nlmsg_flags |= NLM_F_MULTI; |
262 | } | ||
263 | 260 | ||
264 | ub->lastnlh = nlh; | 261 | ub->lastnlh = nlh; |
265 | 262 | ||
diff --git a/net/ipv4/netfilter/ipt_iprange.c b/net/ipv4/netfilter/ipt_iprange.c index b266d98aac8c..854281c62008 100644 --- a/net/ipv4/netfilter/ipt_iprange.c +++ b/net/ipv4/netfilter/ipt_iprange.c | |||
@@ -35,8 +35,8 @@ match(const struct sk_buff *skb, | |||
35 | const struct iphdr *iph = ip_hdr(skb); | 35 | const struct iphdr *iph = ip_hdr(skb); |
36 | 36 | ||
37 | if (info->flags & IPRANGE_SRC) { | 37 | if (info->flags & IPRANGE_SRC) { |
38 | if (((ntohl(iph->saddr) < ntohl(info->src.min_ip)) | 38 | if ((ntohl(iph->saddr) < ntohl(info->src.min_ip) |
39 | || (ntohl(iph->saddr) > ntohl(info->src.max_ip))) | 39 | || ntohl(iph->saddr) > ntohl(info->src.max_ip)) |
40 | ^ !!(info->flags & IPRANGE_SRC_INV)) { | 40 | ^ !!(info->flags & IPRANGE_SRC_INV)) { |
41 | DEBUGP("src IP %u.%u.%u.%u NOT in range %s" | 41 | DEBUGP("src IP %u.%u.%u.%u NOT in range %s" |
42 | "%u.%u.%u.%u-%u.%u.%u.%u\n", | 42 | "%u.%u.%u.%u-%u.%u.%u.%u\n", |
@@ -48,8 +48,8 @@ match(const struct sk_buff *skb, | |||
48 | } | 48 | } |
49 | } | 49 | } |
50 | if (info->flags & IPRANGE_DST) { | 50 | if (info->flags & IPRANGE_DST) { |
51 | if (((ntohl(iph->daddr) < ntohl(info->dst.min_ip)) | 51 | if ((ntohl(iph->daddr) < ntohl(info->dst.min_ip) |
52 | || (ntohl(iph->daddr) > ntohl(info->dst.max_ip))) | 52 | || ntohl(iph->daddr) > ntohl(info->dst.max_ip)) |
53 | ^ !!(info->flags & IPRANGE_DST_INV)) { | 53 | ^ !!(info->flags & IPRANGE_DST_INV)) { |
54 | DEBUGP("dst IP %u.%u.%u.%u NOT in range %s" | 54 | DEBUGP("dst IP %u.%u.%u.%u NOT in range %s" |
55 | "%u.%u.%u.%u-%u.%u.%u.%u\n", | 55 | "%u.%u.%u.%u-%u.%u.%u.%u\n", |
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c index d03e6a6eb767..68f7181e412d 100644 --- a/net/ipv4/netfilter/ipt_recent.c +++ b/net/ipv4/netfilter/ipt_recent.c | |||
@@ -163,10 +163,9 @@ static void recent_table_flush(struct recent_table *t) | |||
163 | struct recent_entry *e, *next; | 163 | struct recent_entry *e, *next; |
164 | unsigned int i; | 164 | unsigned int i; |
165 | 165 | ||
166 | for (i = 0; i < ip_list_hash_size; i++) { | 166 | for (i = 0; i < ip_list_hash_size; i++) |
167 | list_for_each_entry_safe(e, next, &t->iphash[i], list) | 167 | list_for_each_entry_safe(e, next, &t->iphash[i], list) |
168 | recent_entry_remove(t, e); | 168 | recent_entry_remove(t, e); |
169 | } | ||
170 | } | 169 | } |
171 | 170 | ||
172 | static bool | 171 | static bool |
@@ -329,12 +328,10 @@ static void *recent_seq_start(struct seq_file *seq, loff_t *pos) | |||
329 | 328 | ||
330 | spin_lock_bh(&recent_lock); | 329 | spin_lock_bh(&recent_lock); |
331 | 330 | ||
332 | for (st->bucket = 0; st->bucket < ip_list_hash_size; st->bucket++) { | 331 | for (st->bucket = 0; st->bucket < ip_list_hash_size; st->bucket++) |
333 | list_for_each_entry(e, &t->iphash[st->bucket], list) { | 332 | list_for_each_entry(e, &t->iphash[st->bucket], list) |
334 | if (p-- == 0) | 333 | if (p-- == 0) |
335 | return e; | 334 | return e; |
336 | } | ||
337 | } | ||
338 | return NULL; | 335 | return NULL; |
339 | } | 336 | } |
340 | 337 | ||
diff --git a/net/ipv4/netfilter/ipt_ttl.c b/net/ipv4/netfilter/ipt_ttl.c index 82fe4ea8ab79..59a644db4d74 100644 --- a/net/ipv4/netfilter/ipt_ttl.c +++ b/net/ipv4/netfilter/ipt_ttl.c | |||
@@ -28,17 +28,13 @@ static bool match(const struct sk_buff *skb, | |||
28 | 28 | ||
29 | switch (info->mode) { | 29 | switch (info->mode) { |
30 | case IPT_TTL_EQ: | 30 | case IPT_TTL_EQ: |
31 | return (ttl == info->ttl); | 31 | return ttl == info->ttl; |
32 | break; | ||
33 | case IPT_TTL_NE: | 32 | case IPT_TTL_NE: |
34 | return (!(ttl == info->ttl)); | 33 | return ttl != info->ttl; |
35 | break; | ||
36 | case IPT_TTL_LT: | 34 | case IPT_TTL_LT: |
37 | return (ttl < info->ttl); | 35 | return ttl < info->ttl; |
38 | break; | ||
39 | case IPT_TTL_GT: | 36 | case IPT_TTL_GT: |
40 | return (ttl > info->ttl); | 37 | return ttl > info->ttl; |
41 | break; | ||
42 | default: | 38 | default: |
43 | printk(KERN_WARNING "ipt_ttl: unknown mode %d\n", | 39 | printk(KERN_WARNING "ipt_ttl: unknown mode %d\n", |
44 | info->mode); | 40 | info->mode); |
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c index 20047ff5492f..33c4cb8a5c43 100644 --- a/net/ipv6/netfilter/ip6t_HL.c +++ b/net/ipv6/netfilter/ip6t_HL.c | |||
@@ -71,7 +71,7 @@ static bool ip6t_hl_checkentry(const char *tablename, | |||
71 | info->mode); | 71 | info->mode); |
72 | return false; | 72 | return false; |
73 | } | 73 | } |
74 | if ((info->mode != IP6T_HL_SET) && (info->hop_limit == 0)) { | 74 | if (info->mode != IP6T_HL_SET && info->hop_limit == 0) { |
75 | printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't " | 75 | printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't " |
76 | "make sense with value 0\n"); | 76 | "make sense with value 0\n"); |
77 | return false; | 77 | return false; |
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index 4df07f0adf1d..0fa1f2cf9fba 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c | |||
@@ -69,7 +69,7 @@ static void send_reset(struct sk_buff *oldskb) | |||
69 | otcplen = oldskb->len - tcphoff; | 69 | otcplen = oldskb->len - tcphoff; |
70 | 70 | ||
71 | /* IP header checks: fragment, too short. */ | 71 | /* IP header checks: fragment, too short. */ |
72 | if ((proto != IPPROTO_TCP) || (otcplen < sizeof(struct tcphdr))) { | 72 | if (proto != IPPROTO_TCP || otcplen < sizeof(struct tcphdr)) { |
73 | DEBUGP("ip6t_REJECT: proto(%d) != IPPROTO_TCP, or too short. otcplen = %d\n", | 73 | DEBUGP("ip6t_REJECT: proto(%d) != IPPROTO_TCP, or too short. otcplen = %d\n", |
74 | proto, otcplen); | 74 | proto, otcplen); |
75 | return; | 75 | return; |
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c index b4b1d282761c..fbf3d7748dc2 100644 --- a/net/ipv6/netfilter/ip6t_ah.c +++ b/net/ipv6/netfilter/ip6t_ah.c | |||
@@ -78,9 +78,9 @@ match(const struct sk_buff *skb, | |||
78 | DEBUGP("SPI %u %08X\n", ntohl(ah->spi), ntohl(ah->spi)); | 78 | DEBUGP("SPI %u %08X\n", ntohl(ah->spi), ntohl(ah->spi)); |
79 | 79 | ||
80 | DEBUGP("IPv6 AH spi %02X ", | 80 | DEBUGP("IPv6 AH spi %02X ", |
81 | (spi_match(ahinfo->spis[0], ahinfo->spis[1], | 81 | spi_match(ahinfo->spis[0], ahinfo->spis[1], |
82 | ntohl(ah->spi), | 82 | ntohl(ah->spi), |
83 | !!(ahinfo->invflags & IP6T_AH_INV_SPI)))); | 83 | !!(ahinfo->invflags & IP6T_AH_INV_SPI))); |
84 | DEBUGP("len %02X %04X %02X ", | 84 | DEBUGP("len %02X %04X %02X ", |
85 | ahinfo->hdrlen, hdrlen, | 85 | ahinfo->hdrlen, hdrlen, |
86 | (!ahinfo->hdrlen || | 86 | (!ahinfo->hdrlen || |
@@ -92,9 +92,9 @@ match(const struct sk_buff *skb, | |||
92 | 92 | ||
93 | return (ah != NULL) | 93 | return (ah != NULL) |
94 | && | 94 | && |
95 | (spi_match(ahinfo->spis[0], ahinfo->spis[1], | 95 | spi_match(ahinfo->spis[0], ahinfo->spis[1], |
96 | ntohl(ah->spi), | 96 | ntohl(ah->spi), |
97 | !!(ahinfo->invflags & IP6T_AH_INV_SPI))) | 97 | !!(ahinfo->invflags & IP6T_AH_INV_SPI)) |
98 | && | 98 | && |
99 | (!ahinfo->hdrlen || | 99 | (!ahinfo->hdrlen || |
100 | (ahinfo->hdrlen == hdrlen) ^ | 100 | (ahinfo->hdrlen == hdrlen) ^ |
diff --git a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c index bebb12a1d0e6..2af99fc6bdc9 100644 --- a/net/ipv6/netfilter/ip6t_eui64.c +++ b/net/ipv6/netfilter/ip6t_eui64.c | |||
@@ -33,7 +33,7 @@ match(const struct sk_buff *skb, | |||
33 | int i = 0; | 33 | int i = 0; |
34 | 34 | ||
35 | if (!(skb_mac_header(skb) >= skb->head && | 35 | if (!(skb_mac_header(skb) >= skb->head && |
36 | (skb_mac_header(skb) + ETH_HLEN) <= skb->data) && | 36 | skb_mac_header(skb) + ETH_HLEN <= skb->data) && |
37 | offset != 0) { | 37 | offset != 0) { |
38 | *hotdrop = true; | 38 | *hotdrop = true; |
39 | return false; | 39 | return false; |
@@ -50,8 +50,8 @@ match(const struct sk_buff *skb, | |||
50 | eui64[0] |= 0x02; | 50 | eui64[0] |= 0x02; |
51 | 51 | ||
52 | i = 0; | 52 | i = 0; |
53 | while ((ipv6_hdr(skb)->saddr.s6_addr[8 + i] == eui64[i]) | 53 | while (ipv6_hdr(skb)->saddr.s6_addr[8 + i] == eui64[i] |
54 | && (i < 8)) | 54 | && i < 8) |
55 | i++; | 55 | i++; |
56 | 56 | ||
57 | if (i == 8) | 57 | if (i == 8) |
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c index e0e416bb284a..65482af711de 100644 --- a/net/ipv6/netfilter/ip6t_frag.c +++ b/net/ipv6/netfilter/ip6t_frag.c | |||
@@ -77,35 +77,35 @@ match(const struct sk_buff *skb, | |||
77 | ntohl(fh->identification)); | 77 | ntohl(fh->identification)); |
78 | 78 | ||
79 | DEBUGP("IPv6 FRAG id %02X ", | 79 | DEBUGP("IPv6 FRAG id %02X ", |
80 | (id_match(fraginfo->ids[0], fraginfo->ids[1], | 80 | id_match(fraginfo->ids[0], fraginfo->ids[1], |
81 | ntohl(fh->identification), | 81 | ntohl(fh->identification), |
82 | !!(fraginfo->invflags & IP6T_FRAG_INV_IDS)))); | 82 | !!(fraginfo->invflags & IP6T_FRAG_INV_IDS))); |
83 | DEBUGP("res %02X %02X%04X %02X ", | 83 | DEBUGP("res %02X %02X%04X %02X ", |
84 | (fraginfo->flags & IP6T_FRAG_RES), fh->reserved, | 84 | fraginfo->flags & IP6T_FRAG_RES, fh->reserved, |
85 | ntohs(fh->frag_off) & 0x6, | 85 | ntohs(fh->frag_off) & 0x6, |
86 | !((fraginfo->flags & IP6T_FRAG_RES) | 86 | !((fraginfo->flags & IP6T_FRAG_RES) |
87 | && (fh->reserved || (ntohs(fh->frag_off) & 0x06)))); | 87 | && (fh->reserved || (ntohs(fh->frag_off) & 0x06)))); |
88 | DEBUGP("first %02X %02X %02X ", | 88 | DEBUGP("first %02X %02X %02X ", |
89 | (fraginfo->flags & IP6T_FRAG_FST), | 89 | fraginfo->flags & IP6T_FRAG_FST, |
90 | ntohs(fh->frag_off) & ~0x7, | 90 | ntohs(fh->frag_off) & ~0x7, |
91 | !((fraginfo->flags & IP6T_FRAG_FST) | 91 | !((fraginfo->flags & IP6T_FRAG_FST) |
92 | && (ntohs(fh->frag_off) & ~0x7))); | 92 | && (ntohs(fh->frag_off) & ~0x7))); |
93 | DEBUGP("mf %02X %02X %02X ", | 93 | DEBUGP("mf %02X %02X %02X ", |
94 | (fraginfo->flags & IP6T_FRAG_MF), | 94 | fraginfo->flags & IP6T_FRAG_MF, |
95 | ntohs(fh->frag_off) & IP6_MF, | 95 | ntohs(fh->frag_off) & IP6_MF, |
96 | !((fraginfo->flags & IP6T_FRAG_MF) | 96 | !((fraginfo->flags & IP6T_FRAG_MF) |
97 | && !((ntohs(fh->frag_off) & IP6_MF)))); | 97 | && !((ntohs(fh->frag_off) & IP6_MF)))); |
98 | DEBUGP("last %02X %02X %02X\n", | 98 | DEBUGP("last %02X %02X %02X\n", |
99 | (fraginfo->flags & IP6T_FRAG_NMF), | 99 | fraginfo->flags & IP6T_FRAG_NMF, |
100 | ntohs(fh->frag_off) & IP6_MF, | 100 | ntohs(fh->frag_off) & IP6_MF, |
101 | !((fraginfo->flags & IP6T_FRAG_NMF) | 101 | !((fraginfo->flags & IP6T_FRAG_NMF) |
102 | && (ntohs(fh->frag_off) & IP6_MF))); | 102 | && (ntohs(fh->frag_off) & IP6_MF))); |
103 | 103 | ||
104 | return (fh != NULL) | 104 | return (fh != NULL) |
105 | && | 105 | && |
106 | (id_match(fraginfo->ids[0], fraginfo->ids[1], | 106 | id_match(fraginfo->ids[0], fraginfo->ids[1], |
107 | ntohl(fh->identification), | 107 | ntohl(fh->identification), |
108 | !!(fraginfo->invflags & IP6T_FRAG_INV_IDS))) | 108 | !!(fraginfo->invflags & IP6T_FRAG_INV_IDS)) |
109 | && | 109 | && |
110 | !((fraginfo->flags & IP6T_FRAG_RES) | 110 | !((fraginfo->flags & IP6T_FRAG_RES) |
111 | && (fh->reserved || (ntohs(fh->frag_off) & 0x6))) | 111 | && (fh->reserved || (ntohs(fh->frag_off) & 0x6))) |
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c index bbd2615ad2e1..8eecac14ddaa 100644 --- a/net/ipv6/netfilter/ip6t_hbh.c +++ b/net/ipv6/netfilter/ip6t_hbh.c | |||
@@ -160,7 +160,7 @@ match(const struct sk_buff *skb, | |||
160 | DEBUGP("len%04X \n", optlen); | 160 | DEBUGP("len%04X \n", optlen); |
161 | 161 | ||
162 | if ((ptr > skb->len - optlen || hdrlen < optlen) && | 162 | if ((ptr > skb->len - optlen || hdrlen < optlen) && |
163 | (temp < optinfo->optsnr - 1)) { | 163 | temp < optinfo->optsnr - 1) { |
164 | DEBUGP("new pointer is too large! \n"); | 164 | DEBUGP("new pointer is too large! \n"); |
165 | break; | 165 | break; |
166 | } | 166 | } |
diff --git a/net/ipv6/netfilter/ip6t_hl.c b/net/ipv6/netfilter/ip6t_hl.c index b933e84a06a4..ddee088f5f10 100644 --- a/net/ipv6/netfilter/ip6t_hl.c +++ b/net/ipv6/netfilter/ip6t_hl.c | |||
@@ -29,16 +29,16 @@ static bool match(const struct sk_buff *skb, | |||
29 | 29 | ||
30 | switch (info->mode) { | 30 | switch (info->mode) { |
31 | case IP6T_HL_EQ: | 31 | case IP6T_HL_EQ: |
32 | return (ip6h->hop_limit == info->hop_limit); | 32 | return ip6h->hop_limit == info->hop_limit; |
33 | break; | 33 | break; |
34 | case IP6T_HL_NE: | 34 | case IP6T_HL_NE: |
35 | return (!(ip6h->hop_limit == info->hop_limit)); | 35 | return ip6h->hop_limit != info->hop_limit; |
36 | break; | 36 | break; |
37 | case IP6T_HL_LT: | 37 | case IP6T_HL_LT: |
38 | return (ip6h->hop_limit < info->hop_limit); | 38 | return ip6h->hop_limit < info->hop_limit; |
39 | break; | 39 | break; |
40 | case IP6T_HL_GT: | 40 | case IP6T_HL_GT: |
41 | return (ip6h->hop_limit > info->hop_limit); | 41 | return ip6h->hop_limit > info->hop_limit; |
42 | break; | 42 | break; |
43 | default: | 43 | default: |
44 | printk(KERN_WARNING "ip6t_hl: unknown mode %d\n", | 44 | printk(KERN_WARNING "ip6t_hl: unknown mode %d\n", |
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c index 5ba6ef0f1b1b..ca020ce1c4a3 100644 --- a/net/ipv6/netfilter/ip6t_ipv6header.c +++ b/net/ipv6/netfilter/ip6t_ipv6header.c | |||
@@ -74,9 +74,9 @@ ipv6header_match(const struct sk_buff *skb, | |||
74 | BUG_ON(hp == NULL); | 74 | BUG_ON(hp == NULL); |
75 | 75 | ||
76 | /* Calculate the header length */ | 76 | /* Calculate the header length */ |
77 | if (nexthdr == NEXTHDR_FRAGMENT) { | 77 | if (nexthdr == NEXTHDR_FRAGMENT) |
78 | hdrlen = 8; | 78 | hdrlen = 8; |
79 | } else if (nexthdr == NEXTHDR_AUTH) | 79 | else if (nexthdr == NEXTHDR_AUTH) |
80 | hdrlen = (hp->hdrlen + 2) << 2; | 80 | hdrlen = (hp->hdrlen + 2) << 2; |
81 | else | 81 | else |
82 | hdrlen = ipv6_optlen(hp); | 82 | hdrlen = ipv6_optlen(hp); |
@@ -110,7 +110,7 @@ ipv6header_match(const struct sk_buff *skb, | |||
110 | break; | 110 | break; |
111 | } | 111 | } |
112 | 112 | ||
113 | if ((nexthdr != NEXTHDR_NONE) && (nexthdr != NEXTHDR_ESP)) | 113 | if (nexthdr != NEXTHDR_NONE && nexthdr != NEXTHDR_ESP) |
114 | temp |= MASK_PROTO; | 114 | temp |= MASK_PROTO; |
115 | 115 | ||
116 | if (info->modeflag) | 116 | if (info->modeflag) |
diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c index 8cb6c94b4a20..d2bf3204aeac 100644 --- a/net/ipv6/netfilter/ip6t_owner.c +++ b/net/ipv6/netfilter/ip6t_owner.c | |||
@@ -38,17 +38,15 @@ match(const struct sk_buff *skb, | |||
38 | if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file) | 38 | if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file) |
39 | return false; | 39 | return false; |
40 | 40 | ||
41 | if (info->match & IP6T_OWNER_UID) { | 41 | if (info->match & IP6T_OWNER_UID) |
42 | if ((skb->sk->sk_socket->file->f_uid != info->uid) ^ | 42 | if ((skb->sk->sk_socket->file->f_uid != info->uid) ^ |
43 | !!(info->invert & IP6T_OWNER_UID)) | 43 | !!(info->invert & IP6T_OWNER_UID)) |
44 | return false; | 44 | return false; |
45 | } | ||
46 | 45 | ||
47 | if (info->match & IP6T_OWNER_GID) { | 46 | if (info->match & IP6T_OWNER_GID) |
48 | if ((skb->sk->sk_socket->file->f_gid != info->gid) ^ | 47 | if ((skb->sk->sk_socket->file->f_gid != info->gid) ^ |
49 | !!(info->invert & IP6T_OWNER_GID)) | 48 | !!(info->invert & IP6T_OWNER_GID)) |
50 | return false; | 49 | return false; |
51 | } | ||
52 | 50 | ||
53 | return true; | 51 | return true; |
54 | } | 52 | } |
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c index bc5ff4b1af39..f86fdcdd8cb8 100644 --- a/net/ipv6/netfilter/ip6t_rt.c +++ b/net/ipv6/netfilter/ip6t_rt.c | |||
@@ -87,9 +87,9 @@ match(const struct sk_buff *skb, | |||
87 | DEBUGP("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left); | 87 | DEBUGP("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left); |
88 | 88 | ||
89 | DEBUGP("IPv6 RT segsleft %02X ", | 89 | DEBUGP("IPv6 RT segsleft %02X ", |
90 | (segsleft_match(rtinfo->segsleft[0], rtinfo->segsleft[1], | 90 | segsleft_match(rtinfo->segsleft[0], rtinfo->segsleft[1], |
91 | rh->segments_left, | 91 | rh->segments_left, |
92 | !!(rtinfo->invflags & IP6T_RT_INV_SGS)))); | 92 | !!(rtinfo->invflags & IP6T_RT_INV_SGS))); |
93 | DEBUGP("type %02X %02X %02X ", | 93 | DEBUGP("type %02X %02X %02X ", |
94 | rtinfo->rt_type, rh->type, | 94 | rtinfo->rt_type, rh->type, |
95 | (!(rtinfo->flags & IP6T_RT_TYP) || | 95 | (!(rtinfo->flags & IP6T_RT_TYP) || |
@@ -97,11 +97,11 @@ match(const struct sk_buff *skb, | |||
97 | !!(rtinfo->invflags & IP6T_RT_INV_TYP)))); | 97 | !!(rtinfo->invflags & IP6T_RT_INV_TYP)))); |
98 | DEBUGP("len %02X %04X %02X ", | 98 | DEBUGP("len %02X %04X %02X ", |
99 | rtinfo->hdrlen, hdrlen, | 99 | rtinfo->hdrlen, hdrlen, |
100 | (!(rtinfo->flags & IP6T_RT_LEN) || | 100 | !(rtinfo->flags & IP6T_RT_LEN) || |
101 | ((rtinfo->hdrlen == hdrlen) ^ | 101 | ((rtinfo->hdrlen == hdrlen) ^ |
102 | !!(rtinfo->invflags & IP6T_RT_INV_LEN)))); | 102 | !!(rtinfo->invflags & IP6T_RT_INV_LEN))); |
103 | DEBUGP("res %02X %02X %02X ", | 103 | DEBUGP("res %02X %02X %02X ", |
104 | (rtinfo->flags & IP6T_RT_RES), | 104 | rtinfo->flags & IP6T_RT_RES, |
105 | ((const struct rt0_hdr *)rh)->reserved, | 105 | ((const struct rt0_hdr *)rh)->reserved, |
106 | !((rtinfo->flags & IP6T_RT_RES) && | 106 | !((rtinfo->flags & IP6T_RT_RES) && |
107 | (((const struct rt0_hdr *)rh)->reserved))); | 107 | (((const struct rt0_hdr *)rh)->reserved))); |
@@ -188,8 +188,8 @@ match(const struct sk_buff *skb, | |||
188 | break; | 188 | break; |
189 | } | 189 | } |
190 | DEBUGP("temp=%d #%d\n", temp, rtinfo->addrnr); | 190 | DEBUGP("temp=%d #%d\n", temp, rtinfo->addrnr); |
191 | if ((temp == rtinfo->addrnr) && | 191 | if (temp == rtinfo->addrnr && |
192 | (temp == (unsigned int)((hdrlen - 8) / 16))) | 192 | temp == (unsigned int)((hdrlen - 8) / 16)) |
193 | return ret; | 193 | return ret; |
194 | else | 194 | else |
195 | return false; | 195 | return false; |
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c index 2d779f6902dc..ed6b524064f0 100644 --- a/net/netfilter/xt_DSCP.c +++ b/net/netfilter/xt_DSCP.c | |||
@@ -74,7 +74,7 @@ static bool checkentry(const char *tablename, | |||
74 | { | 74 | { |
75 | const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp; | 75 | const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp; |
76 | 76 | ||
77 | if ((dscp > XT_DSCP_MAX)) { | 77 | if (dscp > XT_DSCP_MAX) { |
78 | printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp); | 78 | printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp); |
79 | return false; | 79 | return false; |
80 | } | 80 | } |
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c index 075051acb554..6ae6df993aa2 100644 --- a/net/netfilter/xt_TCPMSS.c +++ b/net/netfilter/xt_TCPMSS.c | |||
@@ -93,7 +93,7 @@ tcpmss_mangle_packet(struct sk_buff **pskb, | |||
93 | return 0; | 93 | return 0; |
94 | 94 | ||
95 | opt[i+2] = (newmss & 0xff00) >> 8; | 95 | opt[i+2] = (newmss & 0xff00) >> 8; |
96 | opt[i+3] = (newmss & 0x00ff); | 96 | opt[i+3] = newmss & 0x00ff; |
97 | 97 | ||
98 | nf_proto_csum_replace2(&tcph->check, *pskb, | 98 | nf_proto_csum_replace2(&tcph->check, *pskb, |
99 | htons(oldmss), htons(newmss), 0); | 99 | htons(oldmss), htons(newmss), 0); |
@@ -126,7 +126,7 @@ tcpmss_mangle_packet(struct sk_buff **pskb, | |||
126 | opt[0] = TCPOPT_MSS; | 126 | opt[0] = TCPOPT_MSS; |
127 | opt[1] = TCPOLEN_MSS; | 127 | opt[1] = TCPOLEN_MSS; |
128 | opt[2] = (newmss & 0xff00) >> 8; | 128 | opt[2] = (newmss & 0xff00) >> 8; |
129 | opt[3] = (newmss & 0x00ff); | 129 | opt[3] = newmss & 0x00ff; |
130 | 130 | ||
131 | nf_proto_csum_replace4(&tcph->check, *pskb, 0, *((__be32 *)opt), 0); | 131 | nf_proto_csum_replace4(&tcph->check, *pskb, 0, *((__be32 *)opt), 0); |
132 | 132 | ||
diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c index 99c246e45c42..d9b2e75fbab2 100644 --- a/net/netfilter/xt_connbytes.c +++ b/net/netfilter/xt_connbytes.c | |||
@@ -90,9 +90,9 @@ match(const struct sk_buff *skb, | |||
90 | } | 90 | } |
91 | 91 | ||
92 | if (sinfo->count.to) | 92 | if (sinfo->count.to) |
93 | return (what <= sinfo->count.to && what >= sinfo->count.from); | 93 | return what <= sinfo->count.to && what >= sinfo->count.from; |
94 | else | 94 | else |
95 | return (what >= sinfo->count.from); | 95 | return what >= sinfo->count.from; |
96 | } | 96 | } |
97 | 97 | ||
98 | static bool check(const char *tablename, | 98 | static bool check(const char *tablename, |
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c index 71f3c1a5d5e5..3a6e16d4edcd 100644 --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c | |||
@@ -48,7 +48,7 @@ match(const struct sk_buff *skb, | |||
48 | if (!ct) | 48 | if (!ct) |
49 | return false; | 49 | return false; |
50 | 50 | ||
51 | return (((ct->mark) & info->mask) == info->mark) ^ info->invert; | 51 | return ((ct->mark & info->mask) == info->mark) ^ info->invert; |
52 | } | 52 | } |
53 | 53 | ||
54 | static bool | 54 | static bool |
diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c index 1b77c5bcb348..f07a68d445ca 100644 --- a/net/netfilter/xt_dccp.c +++ b/net/netfilter/xt_dccp.c | |||
@@ -81,7 +81,7 @@ dccp_find_option(u_int8_t option, | |||
81 | static inline bool | 81 | static inline bool |
82 | match_types(const struct dccp_hdr *dh, u_int16_t typemask) | 82 | match_types(const struct dccp_hdr *dh, u_int16_t typemask) |
83 | { | 83 | { |
84 | return (typemask & (1 << dh->dccph_type)); | 84 | return typemask & (1 << dh->dccph_type); |
85 | } | 85 | } |
86 | 86 | ||
87 | static inline bool | 87 | static inline bool |
@@ -113,11 +113,11 @@ match(const struct sk_buff *skb, | |||
113 | return false; | 113 | return false; |
114 | } | 114 | } |
115 | 115 | ||
116 | return DCCHECK(((ntohs(dh->dccph_sport) >= info->spts[0]) | 116 | return DCCHECK(ntohs(dh->dccph_sport) >= info->spts[0] |
117 | && (ntohs(dh->dccph_sport) <= info->spts[1])), | 117 | && ntohs(dh->dccph_sport) <= info->spts[1], |
118 | XT_DCCP_SRC_PORTS, info->flags, info->invflags) | 118 | XT_DCCP_SRC_PORTS, info->flags, info->invflags) |
119 | && DCCHECK(((ntohs(dh->dccph_dport) >= info->dpts[0]) | 119 | && DCCHECK(ntohs(dh->dccph_dport) >= info->dpts[0] |
120 | && (ntohs(dh->dccph_dport) <= info->dpts[1])), | 120 | && ntohs(dh->dccph_dport) <= info->dpts[1], |
121 | XT_DCCP_DEST_PORTS, info->flags, info->invflags) | 121 | XT_DCCP_DEST_PORTS, info->flags, info->invflags) |
122 | && DCCHECK(match_types(dh, info->typemask), | 122 | && DCCHECK(match_types(dh, info->typemask), |
123 | XT_DCCP_TYPE, info->flags, info->invflags) | 123 | XT_DCCP_TYPE, info->flags, info->invflags) |
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index deb5890aa3ac..094da6e066b8 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c | |||
@@ -239,7 +239,7 @@ static bool select_all(const struct xt_hashlimit_htable *ht, | |||
239 | static bool select_gc(const struct xt_hashlimit_htable *ht, | 239 | static bool select_gc(const struct xt_hashlimit_htable *ht, |
240 | const struct dsthash_ent *he) | 240 | const struct dsthash_ent *he) |
241 | { | 241 | { |
242 | return (jiffies >= he->expires); | 242 | return jiffies >= he->expires; |
243 | } | 243 | } |
244 | 244 | ||
245 | static void htable_selective_cleanup(struct xt_hashlimit_htable *ht, | 245 | static void htable_selective_cleanup(struct xt_hashlimit_htable *ht, |
diff --git a/net/netfilter/xt_length.c b/net/netfilter/xt_length.c index 57bcfacde594..ea4880bd31ea 100644 --- a/net/netfilter/xt_length.c +++ b/net/netfilter/xt_length.c | |||
@@ -47,8 +47,8 @@ match6(const struct sk_buff *skb, | |||
47 | bool *hotdrop) | 47 | bool *hotdrop) |
48 | { | 48 | { |
49 | const struct xt_length_info *info = matchinfo; | 49 | const struct xt_length_info *info = matchinfo; |
50 | const u_int16_t pktlen = (ntohs(ipv6_hdr(skb)->payload_len) + | 50 | const u_int16_t pktlen = ntohs(ipv6_hdr(skb)->payload_len) + |
51 | sizeof(struct ipv6hdr)); | 51 | sizeof(struct ipv6hdr); |
52 | 52 | ||
53 | return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; | 53 | return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; |
54 | } | 54 | } |
diff --git a/net/netfilter/xt_mac.c b/net/netfilter/xt_mac.c index 86022027dd63..28ec08e7511b 100644 --- a/net/netfilter/xt_mac.c +++ b/net/netfilter/xt_mac.c | |||
@@ -37,11 +37,11 @@ match(const struct sk_buff *skb, | |||
37 | const struct xt_mac_info *info = matchinfo; | 37 | const struct xt_mac_info *info = matchinfo; |
38 | 38 | ||
39 | /* Is mac pointer valid? */ | 39 | /* Is mac pointer valid? */ |
40 | return (skb_mac_header(skb) >= skb->head && | 40 | return skb_mac_header(skb) >= skb->head && |
41 | (skb_mac_header(skb) + ETH_HLEN) <= skb->data | 41 | skb_mac_header(skb) + ETH_HLEN <= skb->data |
42 | /* If so, compare... */ | 42 | /* If so, compare... */ |
43 | && ((!compare_ether_addr(eth_hdr(skb)->h_source, info->srcaddr)) | 43 | && ((!compare_ether_addr(eth_hdr(skb)->h_source, info->srcaddr)) |
44 | ^ info->invert)); | 44 | ^ info->invert); |
45 | } | 45 | } |
46 | 46 | ||
47 | static struct xt_match xt_mac_match[] = { | 47 | static struct xt_match xt_mac_match[] = { |
diff --git a/net/netfilter/xt_pkttype.c b/net/netfilter/xt_pkttype.c index 63239727bc22..e4c420b5713b 100644 --- a/net/netfilter/xt_pkttype.c +++ b/net/netfilter/xt_pkttype.c | |||
@@ -34,9 +34,9 @@ static bool match(const struct sk_buff *skb, | |||
34 | const struct xt_pkttype_info *info = matchinfo; | 34 | const struct xt_pkttype_info *info = matchinfo; |
35 | 35 | ||
36 | if (skb->pkt_type == PACKET_LOOPBACK) | 36 | if (skb->pkt_type == PACKET_LOOPBACK) |
37 | type = (MULTICAST(ip_hdr(skb)->daddr) | 37 | type = MULTICAST(ip_hdr(skb)->daddr) |
38 | ? PACKET_MULTICAST | 38 | ? PACKET_MULTICAST |
39 | : PACKET_BROADCAST); | 39 | : PACKET_BROADCAST; |
40 | else | 40 | else |
41 | type = skb->pkt_type; | 41 | type = skb->pkt_type; |
42 | 42 | ||
diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c index 22df338b3934..fefc846188f3 100644 --- a/net/netfilter/xt_sctp.c +++ b/net/netfilter/xt_sctp.c | |||
@@ -31,11 +31,9 @@ match_flags(const struct xt_sctp_flag_info *flag_info, | |||
31 | { | 31 | { |
32 | int i; | 32 | int i; |
33 | 33 | ||
34 | for (i = 0; i < flag_count; i++) { | 34 | for (i = 0; i < flag_count; i++) |
35 | if (flag_info[i].chunktype == chunktype) { | 35 | if (flag_info[i].chunktype == chunktype) |
36 | return (chunkflags & flag_info[i].flag_mask) == flag_info[i].flag; | 36 | return (chunkflags & flag_info[i].flag_mask) == flag_info[i].flag; |
37 | } | ||
38 | } | ||
39 | 37 | ||
40 | return true; | 38 | return true; |
41 | } | 39 | } |
@@ -56,9 +54,8 @@ match_packet(const struct sk_buff *skb, | |||
56 | int i = 0; | 54 | int i = 0; |
57 | #endif | 55 | #endif |
58 | 56 | ||
59 | if (chunk_match_type == SCTP_CHUNK_MATCH_ALL) { | 57 | if (chunk_match_type == SCTP_CHUNK_MATCH_ALL) |
60 | SCTP_CHUNKMAP_COPY(chunkmapcopy, chunkmap); | 58 | SCTP_CHUNKMAP_COPY(chunkmapcopy, chunkmap); |
61 | } | ||
62 | 59 | ||
63 | do { | 60 | do { |
64 | sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch); | 61 | sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch); |
@@ -86,16 +83,14 @@ match_packet(const struct sk_buff *skb, | |||
86 | 83 | ||
87 | case SCTP_CHUNK_MATCH_ALL: | 84 | case SCTP_CHUNK_MATCH_ALL: |
88 | if (match_flags(flag_info, flag_count, | 85 | if (match_flags(flag_info, flag_count, |
89 | sch->type, sch->flags)) { | 86 | sch->type, sch->flags)) |
90 | SCTP_CHUNKMAP_CLEAR(chunkmapcopy, sch->type); | 87 | SCTP_CHUNKMAP_CLEAR(chunkmapcopy, sch->type); |
91 | } | ||
92 | break; | 88 | break; |
93 | 89 | ||
94 | case SCTP_CHUNK_MATCH_ONLY: | 90 | case SCTP_CHUNK_MATCH_ONLY: |
95 | if (!match_flags(flag_info, flag_count, | 91 | if (!match_flags(flag_info, flag_count, |
96 | sch->type, sch->flags)) { | 92 | sch->type, sch->flags)) |
97 | return false; | 93 | return false; |
98 | } | ||
99 | break; | 94 | break; |
100 | } | 95 | } |
101 | } else { | 96 | } else { |
@@ -145,11 +140,11 @@ match(const struct sk_buff *skb, | |||
145 | } | 140 | } |
146 | duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest)); | 141 | duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest)); |
147 | 142 | ||
148 | return SCCHECK(((ntohs(sh->source) >= info->spts[0]) | 143 | return SCCHECK(ntohs(sh->source) >= info->spts[0] |
149 | && (ntohs(sh->source) <= info->spts[1])), | 144 | && ntohs(sh->source) <= info->spts[1], |
150 | XT_SCTP_SRC_PORTS, info->flags, info->invflags) | 145 | XT_SCTP_SRC_PORTS, info->flags, info->invflags) |
151 | && SCCHECK(((ntohs(sh->dest) >= info->dpts[0]) | 146 | && SCCHECK(ntohs(sh->dest) >= info->dpts[0] |
152 | && (ntohs(sh->dest) <= info->dpts[1])), | 147 | && ntohs(sh->dest) <= info->dpts[1], |
153 | XT_SCTP_DEST_PORTS, info->flags, info->invflags) | 148 | XT_SCTP_DEST_PORTS, info->flags, info->invflags) |
154 | && SCCHECK(match_packet(skb, protoff + sizeof (sctp_sctphdr_t), | 149 | && SCCHECK(match_packet(skb, protoff + sizeof (sctp_sctphdr_t), |
155 | info->chunkmap, info->chunk_match_type, | 150 | info->chunkmap, info->chunk_match_type, |
diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c index 0dd3022cc79a..5cb345aeeca8 100644 --- a/net/netfilter/xt_tcpudp.c +++ b/net/netfilter/xt_tcpudp.c | |||
@@ -95,7 +95,7 @@ tcp_match(const struct sk_buff *skb, | |||
95 | return false; | 95 | return false; |
96 | } | 96 | } |
97 | 97 | ||
98 | #define FWINVTCP(bool,invflg) ((bool) ^ !!(tcpinfo->invflags & invflg)) | 98 | #define FWINVTCP(bool, invflg) ((bool) ^ !!(tcpinfo->invflags & (invflg))) |
99 | 99 | ||
100 | th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); | 100 | th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); |
101 | if (th == NULL) { | 101 | if (th == NULL) { |