diff options
author | Patrick McHardy <kaber@trash.net> | 2008-01-14 23:46:52 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-28 15:02:36 -0800 |
commit | b37e933ac7bdad2d587a6048babb8db2718460de (patch) | |
tree | 5ec44e055333aa20b178e6196d20e3caaa7f3089 /net | |
parent | 8528819adc613e0b4bc3e5cb4123b4b33d2b03c4 (diff) | |
download | lwn-b37e933ac7bdad2d587a6048babb8db2718460de.tar.gz lwn-b37e933ac7bdad2d587a6048babb8db2718460de.zip |
[NETFILTER]: nf_conntrack_sctp: consolidate sctp_packet() error paths
Consolidate error paths and use proper symbolic return value instead
of magic values.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_conntrack_proto_sctp.c | 46 |
1 files changed, 20 insertions, 26 deletions
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index fdabef56bf17..e52b6b95b304 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c @@ -291,7 +291,7 @@ static int new_state(enum ip_conntrack_dir dir, return sctp_conntracks[dir][i][cur_state]; } -/* Returns verdict for packet, or -1 for invalid. */ +/* Returns verdict for packet, or -NF_ACCEPT for invalid. */ static int sctp_packet(struct nf_conn *ct, const struct sk_buff *skb, unsigned int dataoff, @@ -308,10 +308,10 @@ static int sctp_packet(struct nf_conn *ct, sh = skb_header_pointer(skb, dataoff, sizeof(_sctph), &_sctph); if (sh == NULL) - return -1; + goto out; if (do_basic_checks(ct, skb, dataoff, map) != 0) - return -1; + goto out; /* Check the verification tag (Sec 8.5) */ if (!test_bit(SCTP_CID_INIT, map) && @@ -321,7 +321,7 @@ static int sctp_packet(struct nf_conn *ct, !test_bit(SCTP_CID_SHUTDOWN_ACK, map) && sh->vtag != ct->proto.sctp.vtag[dir]) { pr_debug("Verification tag check failed\n"); - return -1; + goto out; } oldsctpstate = newconntrack = SCTP_CONNTRACK_MAX; @@ -331,31 +331,23 @@ static int sctp_packet(struct nf_conn *ct, /* Special cases of Verification tag check (Sec 8.5.1) */ if (sch->type == SCTP_CID_INIT) { /* Sec 8.5.1 (A) */ - if (sh->vtag != 0) { - write_unlock_bh(&sctp_lock); - return -1; - } + if (sh->vtag != 0) + goto out_unlock; } else if (sch->type == SCTP_CID_ABORT) { /* Sec 8.5.1 (B) */ if (sh->vtag != ct->proto.sctp.vtag[dir] && - sh->vtag != ct->proto.sctp.vtag[!dir]) { - write_unlock_bh(&sctp_lock); - return -1; - } + sh->vtag != ct->proto.sctp.vtag[!dir]) + goto out_unlock; } else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) { /* Sec 8.5.1 (C) */ if (sh->vtag != ct->proto.sctp.vtag[dir] && sh->vtag != ct->proto.sctp.vtag[!dir] && - (sch->flags & 1)) { - write_unlock_bh(&sctp_lock); - return -1; - } + (sch->flags & 1)) + goto out_unlock; } else if (sch->type == SCTP_CID_COOKIE_ECHO) { /* Sec 8.5.1 (D) */ - if (sh->vtag != ct->proto.sctp.vtag[dir]) { - write_unlock_bh(&sctp_lock); - return -1; - } + if (sh->vtag != ct->proto.sctp.vtag[dir]) + goto out_unlock; } oldsctpstate = ct->proto.sctp.state; @@ -366,8 +358,7 @@ static int sctp_packet(struct nf_conn *ct, pr_debug("nf_conntrack_sctp: Invalid dir=%i ctype=%u " "conntrack=%u\n", dir, sch->type, oldsctpstate); - write_unlock_bh(&sctp_lock); - return -1; + goto out_unlock; } /* If it is an INIT or an INIT ACK note down the vtag */ @@ -377,10 +368,8 @@ static int sctp_packet(struct nf_conn *ct, ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t), sizeof(_inithdr), &_inithdr); - if (ih == NULL) { - write_unlock_bh(&sctp_lock); - return -1; - } + if (ih == NULL) + goto out_unlock; pr_debug("Setting vtag %x for dir %d\n", ih->init_tag, !dir); ct->proto.sctp.vtag[!dir] = ih->init_tag; @@ -403,6 +392,11 @@ static int sctp_packet(struct nf_conn *ct, } return NF_ACCEPT; + +out_unlock: + write_unlock_bh(&sctp_lock); +out: + return -NF_ACCEPT; } /* Called when a new connection for this protocol found. */ |