Vitezslav Samel (2): ipfilter(): simplify the code using new port_in_range() function ipfilter(): simplify the code using new addr_in_net() function
src/ipfilter.c | 80 ++++++++++++++++++++----------------------------------- 1 files changed, 29 insertions(+), 51 deletions(-)
Separate port checking code into the function port_in_range() and use it in ipfilter().
Signed-off-by: Vitezslav Samel vitezslav@samel.cz --- src/ipfilter.c | 50 +++++++++++++++----------------------------------- 1 files changed, 15 insertions(+), 35 deletions(-)
diff --git a/src/ipfilter.c b/src/ipfilter.c index 7f9ee64..35ea9b6 100644 --- a/src/ipfilter.c +++ b/src/ipfilter.c @@ -365,37 +365,30 @@ void ipfilterselect(int *aborted) doupdate(); }
-/* - * Display/logging filter for other (non-TCP, non-UDP) IP protocols. - */ +static int port_in_range(in_port_t port, in_port_t port1, in_port_t port2) +{ + if (port2 == 0) + return port == port1 || port1 == 0; + else + return port >= port1 && port <= port2; +} + +/* Display/logging filter for other (non-TCP, non-UDP) IP protocols. */ int ipfilter(unsigned long saddr, unsigned long daddr, in_port_t sport, in_port_t dport, unsigned int protocol, int match_opp_mode) { - struct filterent *fe = ofilter.fl.head; + struct filterent *fe; int result = 0; int fltexpr1; int fltexpr2;
- - while (fe != NULL) { + for (fe = ofilter.fl.head; fe != NULL; fe = fe->next_entry) { if (protocol == IPPROTO_TCP || protocol == IPPROTO_UDP) { fltexpr1 = ((saddr & fe->smask) == (fe->saddr & fe->smask) && (daddr & fe->dmask) == (fe->daddr & fe->dmask)) - && - (((fe->hp.sport2 == 0 - && (fe->hp.sport1 == sport - || fe->hp.sport1 == 0)) - || (fe->hp.sport2 != 0 - && (sport >= fe->hp.sport1 - && sport <= fe->hp.sport2))) - && - ((fe->hp.dport2 == 0 - && (fe->hp.dport1 == dport - || fe->hp.dport1 == 0)) - || (fe->hp.dport2 != 0 - && (dport >= fe->hp.dport1 - && dport <= fe->hp.dport2)))); + && port_in_range(sport, fe->hp.sport1, fe->hp.sport2) + && port_in_range(dport, fe->hp.dport1, fe->hp.dport2);
if ((protocol == IPPROTO_TCP && match_opp_mode == MATCH_OPPOSITE_ALWAYS) @@ -405,20 +398,8 @@ int ipfilter(unsigned long saddr, unsigned long daddr, in_port_t sport, (fe->daddr & fe->dmask) && (daddr & fe->smask) == (fe->saddr & fe->smask)) - && - (((fe->hp.dport2 == 0 - && (sport == fe->hp.dport1 - || fe->hp.dport1 == 0)) - || (fe->hp.dport2 != 0 - && (sport >= fe->hp.dport1 - && sport <= fe->hp.dport2))) - && - ((fe->hp.sport2 == 0 - && (dport == fe->hp.sport1 - || fe->hp.sport1 == 0)) - || (fe->hp.dport2 != 0 - && (dport >= fe->hp.sport1 - && dport <= fe->hp.sport2)))); + && port_in_range(sport, fe->hp.dport1, fe->hp.dport2) + && port_in_range(dport, fe->hp.sport1, fe->hp.sport2); else fltexpr2 = 0; } else { @@ -448,7 +429,6 @@ int ipfilter(unsigned long saddr, unsigned long daddr, in_port_t sport, return 1; } } - fe = fe->next_entry; }
return 0;
Separate address checking code into the function addr_in_net() and use it in ipfilter().
Signed-off-by: Vitezslav Samel vitezslav@samel.cz --- src/ipfilter.c | 30 ++++++++++++++---------------- 1 files changed, 14 insertions(+), 16 deletions(-)
diff --git a/src/ipfilter.c b/src/ipfilter.c index 35ea9b6..eb17ec7 100644 --- a/src/ipfilter.c +++ b/src/ipfilter.c @@ -365,6 +365,12 @@ void ipfilterselect(int *aborted) doupdate(); }
+static int addr_in_net(unsigned long addr, unsigned long net, + unsigned long mask) +{ + return (addr & mask) == (net & mask); +} + static int port_in_range(in_port_t port, in_port_t port1, in_port_t port2) { if (port2 == 0) @@ -384,35 +390,27 @@ int ipfilter(unsigned long saddr, unsigned long daddr, in_port_t sport,
for (fe = ofilter.fl.head; fe != NULL; fe = fe->next_entry) { if (protocol == IPPROTO_TCP || protocol == IPPROTO_UDP) { - fltexpr1 = - ((saddr & fe->smask) == (fe->saddr & fe->smask) - && (daddr & fe->dmask) == (fe->daddr & fe->dmask)) + fltexpr1 = addr_in_net(saddr, fe->saddr, fe->smask) + && addr_in_net(daddr, fe->daddr, fe->dmask) && port_in_range(sport, fe->hp.sport1, fe->hp.sport2) && port_in_range(dport, fe->hp.dport1, fe->hp.dport2);
if ((protocol == IPPROTO_TCP && match_opp_mode == MATCH_OPPOSITE_ALWAYS) || (fe->hp.match_opposite == 'Y')) - fltexpr2 = - ((saddr & fe->dmask) == - (fe->daddr & fe->dmask) - && (daddr & fe->smask) == - (fe->saddr & fe->smask)) + fltexpr2 = addr_in_net(saddr, fe->daddr, fe->dmask) + && addr_in_net(daddr, fe->saddr, fe->smask) && port_in_range(sport, fe->hp.dport1, fe->hp.dport2) && port_in_range(dport, fe->hp.sport1, fe->hp.sport2); else fltexpr2 = 0; } else { - fltexpr1 = - ((saddr & fe->smask) == (fe->saddr & fe->smask)) - && ((daddr & fe->dmask) == (fe->daddr & fe->dmask)); + fltexpr1 = addr_in_net(saddr, fe->saddr, fe->smask) + && addr_in_net(daddr, fe->daddr, fe->dmask);
if (fe->hp.match_opposite == 'Y') { - fltexpr2 = - ((daddr & fe->smask) == - (fe->saddr & fe->smask)) - && ((saddr & fe->dmask) == - (fe->daddr & fe->dmask)); + fltexpr2 = addr_in_net(saddr, fe->daddr, fe->dmask) + && addr_in_net(daddr, fe->saddr, fe->smask); } else fltexpr2 = 0; }
Vitezslav Samel vitezslav@samel.cz writes:
Vitezslav Samel (2): ipfilter(): simplify the code using new port_in_range() function ipfilter(): simplify the code using new addr_in_net() function
src/ipfilter.c | 80 ++++++++++++++++++++----------------------------------- 1 files changed, 29 insertions(+), 51 deletions(-)
applied. thanks.
iptraf-ng@lists.fedorahosted.org