summaryrefslogtreecommitdiff
path: root/src/iptables.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/iptables.c')
-rw-r--r--src/iptables.c379
1 files changed, 194 insertions, 185 deletions
diff --git a/src/iptables.c b/src/iptables.c
index 9584e12..8d583ea 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -2,7 +2,7 @@
*
* Connection Manager
*
- * Copyright (C) 2007-2012 Intel Corporation. All rights reserved.
+ * Copyright (C) 2007-2013 Intel Corporation. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -35,6 +35,7 @@
#include <linux/netfilter_ipv4/ip_tables.h>
#include "connman.h"
+#include "src/shared/util.h"
/*
* Some comments on how the iptables API works (some of them from the
@@ -175,10 +176,10 @@ struct connman_iptables {
};
static GHashTable *table_hash = NULL;
-static gboolean debug_enabled = FALSE;
+static bool debug_enabled = false;
typedef int (*iterate_entries_cb_t)(struct ipt_entry *entry, int builtin,
- unsigned int hook,size_t size,
+ unsigned int hook, size_t size,
unsigned int offset, void *user_data);
static unsigned int next_hook_entry_index(unsigned int *valid_hooks)
@@ -233,9 +234,8 @@ static int iterate_entries(struct ipt_entry *entries,
if (h == NF_INET_NUMHOOKS)
hook = h;
- if (h < NF_INET_NUMHOOKS && underflow[h] <= offset) {
+ if (h < NF_INET_NUMHOOKS && underflow[h] <= offset)
h = next_hook_entry_index(&valid_hooks);
- }
err = cb(entry, builtin, hook, size, offset, user_data);
if (err < 0)
@@ -274,18 +274,18 @@ static int target_to_verdict(const char *target_name)
return 0;
}
-static gboolean is_builtin_target(const char *target_name)
+static bool is_builtin_target(const char *target_name)
{
if (!g_strcmp0(target_name, LABEL_ACCEPT) ||
!g_strcmp0(target_name, LABEL_DROP) ||
!g_strcmp0(target_name, LABEL_QUEUE) ||
!g_strcmp0(target_name, LABEL_RETURN))
- return TRUE;
+ return true;
- return FALSE;
+ return false;
}
-static gboolean is_jump(struct connman_iptables_entry *e)
+static bool is_jump(struct connman_iptables_entry *e)
{
struct xt_entry_target *target;
@@ -312,7 +312,7 @@ static gboolean is_jump(struct connman_iptables_entry *e)
return false;
}
-static gboolean is_fallthrough(struct connman_iptables_entry *e)
+static bool is_fallthrough(struct connman_iptables_entry *e)
{
struct xt_entry_target *target;
@@ -327,7 +327,7 @@ static gboolean is_fallthrough(struct connman_iptables_entry *e)
return false;
}
-static gboolean is_chain(struct connman_iptables *table,
+static bool is_chain(struct connman_iptables *table,
struct connman_iptables_entry *e)
{
struct ipt_entry *entry;
@@ -335,13 +335,13 @@ static gboolean is_chain(struct connman_iptables *table,
entry = e->entry;
if (e->builtin >= 0)
- return TRUE;
+ return true;
target = ipt_get_target(entry);
if (!g_strcmp0(target->u.user.name, IPT_ERROR_TARGET))
- return TRUE;
+ return true;
- return FALSE;
+ return false;
}
static GList *find_chain_head(struct connman_iptables *table,
@@ -379,7 +379,7 @@ static GList *find_chain_tail(struct connman_iptables *table,
GList *chain_head, *list;
chain_head = find_chain_head(table, chain_name);
- if (chain_head == NULL)
+ if (!chain_head)
return NULL;
/* Then we look for the next chain */
@@ -420,7 +420,7 @@ static void update_offsets(struct connman_iptables *table)
static void update_targets_reference(struct connman_iptables *table,
struct connman_iptables_entry *entry_before,
struct connman_iptables_entry *modified_entry,
- gboolean is_removing)
+ bool is_removing)
{
struct connman_iptables_entry *tmp;
struct xt_standard_target *t;
@@ -437,7 +437,7 @@ static void update_targets_reference(struct connman_iptables *table,
t = (struct xt_standard_target *)ipt_get_target(tmp->entry);
- if (is_removing == TRUE) {
+ if (is_removing) {
if (t->verdict >= entry_before->offset)
t->verdict -= offset;
} else {
@@ -447,7 +447,8 @@ static void update_targets_reference(struct connman_iptables *table,
}
if (is_fallthrough(modified_entry)) {
- t = (struct xt_standard_target *) ipt_get_target(modified_entry->entry);
+ t = (struct xt_standard_target *)
+ ipt_get_target(modified_entry->entry);
t->verdict = entry_before->offset +
modified_entry->entry->target_offset +
@@ -463,11 +464,11 @@ static int iptables_add_entry(struct connman_iptables *table,
{
struct connman_iptables_entry *e, *entry_before;
- if (table == NULL)
+ if (!table)
return -1;
e = g_try_malloc0(sizeof(struct connman_iptables_entry));
- if (e == NULL)
+ if (!e)
return -1;
e->entry = entry;
@@ -477,7 +478,7 @@ static int iptables_add_entry(struct connman_iptables *table,
table->num_entries++;
table->size += entry->next_offset;
- if (before == NULL) {
+ if (!before) {
e->offset = table->size - entry->next_offset;
return 0;
@@ -489,7 +490,7 @@ static int iptables_add_entry(struct connman_iptables *table,
* We've just appended/insterted a new entry. All references
* should be bumped accordingly.
*/
- update_targets_reference(table, entry_before, e, FALSE);
+ update_targets_reference(table, entry_before, e, false);
update_offsets(table);
@@ -546,11 +547,11 @@ static int iptables_flush_chain(struct connman_iptables *table,
DBG("table %s chain %s", table->name, name);
chain_head = find_chain_head(table, name);
- if (chain_head == NULL)
+ if (!chain_head)
return -EINVAL;
chain_tail = find_chain_tail(table, name);
- if (chain_tail == NULL)
+ if (!chain_tail)
return -EINVAL;
entry = chain_head->data;
@@ -605,13 +606,13 @@ static int iptables_add_chain(struct connman_iptables *table,
*/
/* head entry */
- entry_head_size = sizeof(struct ipt_entry) +
- sizeof(struct error_target);
+ entry_head_size = ALIGN(sizeof(struct ipt_entry)) +
+ ALIGN(sizeof(struct error_target));
entry_head = g_try_malloc0(entry_head_size);
- if (entry_head == NULL)
+ if (!entry_head)
goto err_head;
- entry_head->target_offset = sizeof(struct ipt_entry);
+ entry_head->target_offset = ALIGN(sizeof(struct ipt_entry));
entry_head->next_offset = entry_head_size;
error = (struct error_target *) entry_head->elems;
@@ -623,13 +624,13 @@ static int iptables_add_chain(struct connman_iptables *table,
goto err_head;
/* tail entry */
- entry_return_size = sizeof(struct ipt_entry) +
- sizeof(struct ipt_standard_target);
+ entry_return_size = ALIGN(sizeof(struct ipt_entry))+
+ ALIGN(sizeof(struct ipt_standard_target));
entry_return = g_try_malloc0(entry_return_size);
- if (entry_return == NULL)
+ if (!entry_return)
goto err;
- entry_return->target_offset = sizeof(struct ipt_entry);
+ entry_return->target_offset = ALIGN(sizeof(struct ipt_entry));
entry_return->next_offset = entry_return_size;
standard = (struct ipt_standard_target *) entry_return->elems;
@@ -659,7 +660,7 @@ static int iptables_delete_chain(struct connman_iptables *table,
DBG("table %s chain %s", table->name, name);
chain_head = find_chain_head(table, name);
- if (chain_head == NULL)
+ if (!chain_head)
return -EINVAL;
entry = chain_head->data;
@@ -669,7 +670,7 @@ static int iptables_delete_chain(struct connman_iptables *table,
return -EINVAL;
chain_tail = find_chain_tail(table, name);
- if (chain_tail == NULL)
+ if (!chain_tail)
return -EINVAL;
/* Chain must be flushed */
@@ -695,27 +696,28 @@ static struct ipt_entry *new_rule(struct ipt_ip *ip,
size_t match_size, target_size;
match_size = 0;
- for (tmp_xt_rm = xt_rm; tmp_xt_rm != NULL; tmp_xt_rm = tmp_xt_rm->next)
+ for (tmp_xt_rm = xt_rm; tmp_xt_rm; tmp_xt_rm = tmp_xt_rm->next)
match_size += tmp_xt_rm->match->m->u.match_size;
if (xt_t)
- target_size = ALIGN(xt_t->t->u.target_size);
+ target_size = xt_t->t->u.target_size;
else
target_size = ALIGN(sizeof(struct xt_standard_target));
- new_entry = g_try_malloc0(sizeof(struct ipt_entry) + target_size +
- match_size);
- if (new_entry == NULL)
+ new_entry = g_try_malloc0(ALIGN(sizeof(struct ipt_entry)) +
+ target_size + match_size);
+ if (!new_entry)
return NULL;
memcpy(&new_entry->ip, ip, sizeof(struct ipt_ip));
- new_entry->target_offset = sizeof(struct ipt_entry) + match_size;
- new_entry->next_offset = sizeof(struct ipt_entry) + target_size +
- match_size;
+ new_entry->target_offset = ALIGN(sizeof(struct ipt_entry)) +
+ match_size;
+ new_entry->next_offset = ALIGN(sizeof(struct ipt_entry)) +
+ target_size + match_size;
match_size = 0;
- for (tmp_xt_rm = xt_rm; tmp_xt_rm != NULL;
+ for (tmp_xt_rm = xt_rm; tmp_xt_rm;
tmp_xt_rm = tmp_xt_rm->next) {
memcpy(new_entry->elems + match_size, tmp_xt_rm->match->m,
tmp_xt_rm->match->m->u.match_size);
@@ -739,7 +741,7 @@ static void update_hooks(struct connman_iptables *table, GList *chain_head,
struct connman_iptables_entry *head, *e;
int builtin;
- if (chain_head == NULL)
+ if (!chain_head)
return;
head = chain_head->data;
@@ -767,22 +769,22 @@ static struct ipt_entry *prepare_rule_inclusion(struct connman_iptables *table,
const char *target_name,
struct xtables_target *xt_t,
int *builtin, struct xtables_rule_match *xt_rm,
- connman_bool_t insert)
+ bool insert)
{
GList *chain_tail, *chain_head;
struct ipt_entry *new_entry;
struct connman_iptables_entry *head;
chain_head = find_chain_head(table, chain_name);
- if (chain_head == NULL)
+ if (!chain_head)
return NULL;
chain_tail = find_chain_tail(table, chain_name);
- if (chain_tail == NULL)
+ if (!chain_tail)
return NULL;
new_entry = new_rule(ip, target_name, xt_t, xt_rm);
- if (new_entry == NULL)
+ if (!new_entry)
return NULL;
update_hooks(table, chain_head, new_entry);
@@ -795,7 +797,7 @@ static struct ipt_entry *prepare_rule_inclusion(struct connman_iptables *table,
head = chain_head->data;
if (head->builtin < 0)
*builtin = -1;
- else if (insert == TRUE || chain_head == chain_tail->prev) {
+ else if (insert || chain_head == chain_tail->prev) {
*builtin = head->builtin;
head->builtin = -1;
}
@@ -816,12 +818,12 @@ static int iptables_append_rule(struct connman_iptables *table,
DBG("table %s chain %s", table->name, chain_name);
chain_tail = find_chain_tail(table, chain_name);
- if (chain_tail == NULL)
+ if (!chain_tail)
return -EINVAL;
new_entry = prepare_rule_inclusion(table, ip, chain_name,
- target_name, xt_t, &builtin, xt_rm, FALSE);
- if (new_entry == NULL)
+ target_name, xt_t, &builtin, xt_rm, false);
+ if (!new_entry)
return -EINVAL;
ret = iptables_add_entry(table, new_entry, chain_tail->prev, builtin);
@@ -844,12 +846,12 @@ static int iptables_insert_rule(struct connman_iptables *table,
DBG("table %s chain %s", table->name, chain_name);
chain_head = find_chain_head(table, chain_name);
- if (chain_head == NULL)
+ if (!chain_head)
return -EINVAL;
new_entry = prepare_rule_inclusion(table, ip, chain_name,
- target_name, xt_t, &builtin, xt_rm, TRUE);
- if (new_entry == NULL)
+ target_name, xt_t, &builtin, xt_rm, true);
+ if (!new_entry)
return -EINVAL;
if (builtin == -1)
@@ -862,33 +864,33 @@ static int iptables_insert_rule(struct connman_iptables *table,
return ret;
}
-static gboolean is_same_ipt_entry(struct ipt_entry *i_e1,
+static bool is_same_ipt_entry(struct ipt_entry *i_e1,
struct ipt_entry *i_e2)
{
if (memcmp(&i_e1->ip, &i_e2->ip, sizeof(struct ipt_ip)) != 0)
- return FALSE;
+ return false;
if (i_e1->target_offset != i_e2->target_offset)
- return FALSE;
+ return false;
if (i_e1->next_offset != i_e2->next_offset)
- return FALSE;
+ return false;
- return TRUE;
+ return true;
}
-static gboolean is_same_target(struct xt_entry_target *xt_e_t1,
+static bool is_same_target(struct xt_entry_target *xt_e_t1,
struct xt_entry_target *xt_e_t2)
{
unsigned int i;
- if (xt_e_t1 == NULL || xt_e_t2 == NULL)
- return FALSE;
+ if (!xt_e_t1 || !xt_e_t2)
+ return false;
if (g_strcmp0(xt_e_t1->u.user.name, "") == 0 &&
g_strcmp0(xt_e_t2->u.user.name, "") == 0) {
/* fallthrough */
- return TRUE;
+ return true;
} else if (g_strcmp0(xt_e_t1->u.user.name, IPT_STANDARD_TARGET) == 0) {
struct xt_standard_target *xt_s_t1;
struct xt_standard_target *xt_s_t2;
@@ -897,48 +899,48 @@ static gboolean is_same_target(struct xt_entry_target *xt_e_t1,
xt_s_t2 = (struct xt_standard_target *) xt_e_t2;
if (xt_s_t1->verdict != xt_s_t2->verdict)
- return FALSE;
+ return false;
} else {
if (xt_e_t1->u.target_size != xt_e_t2->u.target_size)
- return FALSE;
+ return false;
if (g_strcmp0(xt_e_t1->u.user.name, xt_e_t2->u.user.name) != 0)
- return FALSE;
+ return false;
for (i = 0; i < xt_e_t1->u.target_size -
sizeof(struct xt_standard_target); i++) {
if ((xt_e_t1->data[i] ^ xt_e_t2->data[i]) != 0)
- return FALSE;
+ return false;
}
}
- return TRUE;
+ return true;
}
-static gboolean is_same_match(struct xt_entry_match *xt_e_m1,
+static bool is_same_match(struct xt_entry_match *xt_e_m1,
struct xt_entry_match *xt_e_m2)
{
unsigned int i;
- if (xt_e_m1 == NULL || xt_e_m2 == NULL)
- return FALSE;
+ if (!xt_e_m1 || !xt_e_m2)
+ return false;
if (xt_e_m1->u.match_size != xt_e_m2->u.match_size)
- return FALSE;
+ return false;
if (xt_e_m1->u.user.revision != xt_e_m2->u.user.revision)
- return FALSE;
+ return false;
if (g_strcmp0(xt_e_m1->u.user.name, xt_e_m2->u.user.name) != 0)
- return FALSE;
+ return false;
for (i = 0; i < xt_e_m1->u.match_size - sizeof(struct xt_entry_match);
i++) {
if ((xt_e_m1->data[i] ^ xt_e_m2->data[i]) != 0)
- return FALSE;
+ return false;
}
- return TRUE;
+ return true;
}
static GList *find_existing_rule(struct connman_iptables *table,
@@ -956,23 +958,23 @@ static GList *find_existing_rule(struct connman_iptables *table,
int builtin;
chain_head = find_chain_head(table, chain_name);
- if (chain_head == NULL)
+ if (!chain_head)
return NULL;
chain_tail = find_chain_tail(table, chain_name);
- if (chain_tail == NULL)
+ if (!chain_tail)
return NULL;
if (!xt_t && !matches)
return NULL;
entry_test = new_rule(ip, target_name, xt_t, xt_rm);
- if (entry_test == NULL)
+ if (!entry_test)
return NULL;
- if (xt_t != NULL)
+ if (xt_t)
xt_e_t = ipt_get_target(entry_test);
- if (matches != NULL)
+ if (matches)
xt_e_m = (struct xt_entry_match *)entry_test->elems;
entry = chain_head->data;
@@ -990,10 +992,10 @@ static GList *find_existing_rule(struct connman_iptables *table,
tmp = list->data;
tmp_e = tmp->entry;
- if (is_same_ipt_entry(entry_test, tmp_e) == FALSE)
+ if (!is_same_ipt_entry(entry_test, tmp_e))
continue;
- if (xt_t != NULL) {
+ if (xt_t) {
struct xt_entry_target *tmp_xt_e_t;
tmp_xt_e_t = ipt_get_target(tmp_e);
@@ -1002,7 +1004,7 @@ static GList *find_existing_rule(struct connman_iptables *table,
continue;
}
- if (matches != NULL) {
+ if (matches) {
struct xt_entry_match *tmp_xt_e_m;
tmp_xt_e_m = (struct xt_entry_match *)tmp_e->elems;
@@ -1039,16 +1041,16 @@ static int iptables_delete_rule(struct connman_iptables *table,
removed = 0;
chain_head = find_chain_head(table, chain_name);
- if (chain_head == NULL)
+ if (!chain_head)
return -EINVAL;
chain_tail = find_chain_tail(table, chain_name);
- if (chain_tail == NULL)
+ if (!chain_tail)
return -EINVAL;
list = find_existing_rule(table, ip, chain_name, target_name,
xt_t, matches, xt_rm);
- if (list == NULL)
+ if (!list)
return -EINVAL;
entry = chain_head->data;
@@ -1071,14 +1073,14 @@ static int iptables_delete_rule(struct connman_iptables *table,
}
entry = list->data;
- if (entry == NULL)
+ if (!entry)
return -EINVAL;
/* We have deleted a rule,
* all references should be bumped accordingly */
- if (list->next != NULL)
+ if (list->next)
update_targets_reference(table, list->next->data,
- list->data, TRUE);
+ list->data, true);
removed += remove_table_entry(table, entry);
@@ -1111,7 +1113,7 @@ static int iptables_change_policy(struct connman_iptables *table,
}
chain_head = find_chain_head(table, chain_name);
- if (chain_head == NULL)
+ if (!chain_head)
return -EINVAL;
entry = chain_head->data;
@@ -1119,7 +1121,7 @@ static int iptables_change_policy(struct connman_iptables *table,
return -EINVAL;
chain_tail = find_chain_tail(table, chain_name);
- if (chain_tail == NULL)
+ if (!chain_tail)
return -EINVAL;
entry = chain_tail->prev->data;
@@ -1139,14 +1141,14 @@ static struct ipt_replace *iptables_blob(struct connman_iptables *table)
unsigned char *entry_index;
r = g_try_malloc0(sizeof(struct ipt_replace) + table->size);
- if (r == NULL)
+ if (!r)
return NULL;
memset(r, 0, sizeof(*r) + table->size);
r->counters = g_try_malloc0(sizeof(struct xt_counters)
* table->old_entries);
- if (r->counters == NULL) {
+ if (!r->counters) {
g_free(r);
return NULL;
}
@@ -1184,14 +1186,14 @@ static void dump_ip(struct ipt_entry *entry)
if (strlen(ip->outiface))
DBG("\tout %s", ip->outiface);
- if (inet_ntop(AF_INET, &ip->src, ip_string, INET6_ADDRSTRLEN) != NULL &&
- inet_ntop(AF_INET, &ip->smsk,
- ip_mask, INET6_ADDRSTRLEN) != NULL)
+ if (inet_ntop(AF_INET, &ip->src, ip_string, INET6_ADDRSTRLEN) &&
+ inet_ntop(AF_INET, &ip->smsk, ip_mask,
+ INET6_ADDRSTRLEN))
DBG("\tsrc %s/%s", ip_string, ip_mask);
- if (inet_ntop(AF_INET, &ip->dst, ip_string, INET6_ADDRSTRLEN) != NULL &&
- inet_ntop(AF_INET, &ip->dmsk,
- ip_mask, INET6_ADDRSTRLEN) != NULL)
+ if (inet_ntop(AF_INET, &ip->dst, ip_string, INET6_ADDRSTRLEN) &&
+ inet_ntop(AF_INET, &ip->dmsk, ip_mask,
+ INET6_ADDRSTRLEN))
DBG("\tdst %s/%s", ip_string, ip_mask);
}
@@ -1237,16 +1239,16 @@ static void dump_target(struct ipt_entry *entry)
xt_t = xtables_find_target(IPT_STANDARD_TARGET,
XTF_LOAD_MUST_SUCCEED);
- if(xt_t->print != NULL)
+ if (xt_t->print)
xt_t->print(NULL, target, 1);
} else {
xt_t = xtables_find_target(target->u.user.name, XTF_TRY_LOAD);
- if (xt_t == NULL) {
+ if (!xt_t) {
DBG("\ttarget %s", target->u.user.name);
return;
}
- if(xt_t->print != NULL) {
+ if (xt_t->print) {
DBG("\ttarget ");
xt_t->print(NULL, target, 1);
}
@@ -1270,10 +1272,10 @@ static void dump_match(struct ipt_entry *entry)
return;
xt_m = xtables_find_match(match->u.user.name, XTF_TRY_LOAD, NULL);
- if (xt_m == NULL)
+ if (!xt_m)
goto out;
- if(xt_m->print != NULL) {
+ if (xt_m->print) {
DBG("\tmatch ");
xt_m->print(NULL, match, 1);
@@ -1378,18 +1380,29 @@ static void dump_ipt_replace(struct ipt_replace *repl)
static int iptables_get_entries(struct connman_iptables *table)
{
socklen_t entry_size;
+ int err;
entry_size = sizeof(struct ipt_get_entries) + table->info->size;
- return getsockopt(table->ipt_sock, IPPROTO_IP, IPT_SO_GET_ENTRIES,
+ err = getsockopt(table->ipt_sock, IPPROTO_IP, IPT_SO_GET_ENTRIES,
table->blob_entries, &entry_size);
+ if (err < 0)
+ return -errno;
+
+ return 0;
}
static int iptables_replace(struct connman_iptables *table,
struct ipt_replace *r)
{
- return setsockopt(table->ipt_sock, IPPROTO_IP, IPT_SO_SET_REPLACE, r,
- sizeof(*r) + r->size);
+ int err;
+
+ err = setsockopt(table->ipt_sock, IPPROTO_IP, IPT_SO_SET_REPLACE, r,
+ sizeof(*r) + r->size);
+ if (err < 0)
+ return -errno;
+
+ return 0;
}
static int add_entry(struct ipt_entry *entry, int builtin, unsigned int hook,
@@ -1399,7 +1412,7 @@ static int add_entry(struct ipt_entry *entry, int builtin, unsigned int hook,
struct ipt_entry *new_entry;
new_entry = g_try_malloc0(entry->next_offset);
- if (new_entry == NULL)
+ if (!new_entry)
return -ENOMEM;
memcpy(new_entry, entry, entry->next_offset);
@@ -1412,7 +1425,7 @@ static void table_cleanup(struct connman_iptables *table)
GList *list;
struct connman_iptables_entry *entry;
- if (table == NULL)
+ if (!table)
return;
if (table->ipt_sock >= 0)
@@ -1444,7 +1457,7 @@ static struct connman_iptables *iptables_init(const char *table_name)
DBG("ip_tables module loading gives error but trying anyway");
module = g_strconcat("iptable_", table_name, NULL);
- if (module == NULL)
+ if (!module)
return NULL;
if (xtables_insmod(module, NULL, TRUE) != 0)
@@ -1453,11 +1466,11 @@ static struct connman_iptables *iptables_init(const char *table_name)
g_free(module);
table = g_try_new0(struct connman_iptables, 1);
- if (table == NULL)
+ if (!table)
return NULL;
table->info = g_try_new0(struct ipt_getinfo, 1);
- if (table->info == NULL)
+ if (!table->info)
goto err;
table->ipt_sock = socket(AF_INET, SOCK_RAW | SOCK_CLOEXEC, IPPROTO_RAW);
@@ -1475,7 +1488,7 @@ static struct connman_iptables *iptables_init(const char *table_name)
table->blob_entries = g_try_malloc0(sizeof(struct ipt_get_entries) +
table->info->size);
- if (table->blob_entries == NULL)
+ if (!table->blob_entries)
goto err;
g_stpcpy(table->blob_entries->name, table_name);
@@ -1498,7 +1511,7 @@ static struct connman_iptables *iptables_init(const char *table_name)
table->info->underflow, table->blob_entries->size,
add_entry, table);
- if (debug_enabled == TRUE)
+ if (debug_enabled)
dump_table(table);
return table;
@@ -1539,19 +1552,19 @@ static struct xtables_target *prepare_target(struct connman_iptables *table,
const char *target_name)
{
struct xtables_target *xt_t = NULL;
- gboolean is_builtin, is_user_defined;
+ bool is_builtin, is_user_defined;
GList *chain_head = NULL;
size_t target_size;
- is_builtin = FALSE;
- is_user_defined = FALSE;
+ is_builtin = false;
+ is_user_defined = false;
if (is_builtin_target(target_name))
- is_builtin = TRUE;
+ is_builtin = true;
else {
chain_head = find_chain_head(table, target_name);
- if (chain_head != NULL && chain_head->next != NULL)
- is_user_defined = TRUE;
+ if (chain_head && chain_head->next)
+ is_user_defined = true;
}
if (is_builtin || is_user_defined)
@@ -1560,13 +1573,13 @@ static struct xtables_target *prepare_target(struct connman_iptables *table,
else
xt_t = xtables_find_target(target_name, XTF_TRY_LOAD);
- if (xt_t == NULL)
+ if (!xt_t)
return NULL;
target_size = ALIGN(sizeof(struct ipt_entry_target)) + xt_t->size;
xt_t->t = g_try_malloc0(target_size);
- if (xt_t->t == NULL)
+ if (!xt_t->t)
return NULL;
xt_t->t->u.target_size = target_size;
@@ -1577,27 +1590,22 @@ static struct xtables_target *prepare_target(struct connman_iptables *table,
target = (struct xt_standard_target *)(xt_t->t);
g_stpcpy(target->target.u.user.name, IPT_STANDARD_TARGET);
- if (is_builtin == TRUE)
+ if (is_builtin)
target->verdict = target_to_verdict(target_name);
- else if (is_user_defined == TRUE) {
+ else if (is_user_defined) {
struct connman_iptables_entry *target_rule;
- if (chain_head == NULL) {
- g_free(xt_t->t);
- return NULL;
- }
-
target_rule = chain_head->next->data;
target->verdict = target_rule->offset;
}
} else {
g_stpcpy(xt_t->t->u.user.name, target_name);
xt_t->t->u.user.revision = xt_t->revision;
- if (xt_t->init != NULL)
+ if (xt_t->init)
xt_t->init(xt_t->t);
}
- if (xt_t->x6_options != NULL)
+ if (xt_t->x6_options)
iptables_globals.opts =
xtables_options_xfrm(
iptables_globals.orig_opts,
@@ -1612,7 +1620,7 @@ static struct xtables_target *prepare_target(struct connman_iptables *table,
xt_t->extra_opts,
&xt_t->option_offset);
- if (iptables_globals.opts == NULL) {
+ if (!iptables_globals.opts) {
g_free(xt_t->t);
xt_t = NULL;
}
@@ -1627,24 +1635,24 @@ static struct xtables_match *prepare_matches(struct connman_iptables *table,
struct xtables_match *xt_m;
size_t match_size;
- if (match_name == NULL)
+ if (!match_name)
return NULL;
xt_m = xtables_find_match(match_name, XTF_LOAD_MUST_SUCCEED, xt_rm);
match_size = ALIGN(sizeof(struct ipt_entry_match)) + xt_m->size;
xt_m->m = g_try_malloc0(match_size);
- if (xt_m->m == NULL)
+ if (!xt_m->m)
return NULL;
xt_m->m->u.match_size = match_size;
g_stpcpy(xt_m->m->u.user.name, xt_m->name);
xt_m->m->u.user.revision = xt_m->revision;
- if (xt_m->init != NULL)
+ if (xt_m->init)
xt_m->init(xt_m->m);
- if (xt_m->x6_options != NULL)
+ if (xt_m->x6_options)
iptables_globals.opts =
xtables_options_xfrm(
iptables_globals.orig_opts,
@@ -1659,7 +1667,7 @@ static struct xtables_match *prepare_matches(struct connman_iptables *table,
xt_m->extra_opts,
&xt_m->option_offset);
- if (iptables_globals.opts == NULL) {
+ if (!iptables_globals.opts) {
g_free(xt_m->m);
if (xt_m == xt_m->next)
@@ -1671,7 +1679,8 @@ static struct xtables_match *prepare_matches(struct connman_iptables *table,
return xt_m;
}
-static int parse_ip_and_mask(const char *str, struct in_addr *ip, struct in_addr *mask)
+static int parse_ip_and_mask(const char *str, struct in_addr *ip,
+ struct in_addr *mask)
{
char **tokens;
uint32_t prefixlength;
@@ -1679,7 +1688,7 @@ static int parse_ip_and_mask(const char *str, struct in_addr *ip, struct in_addr
int err;
tokens = g_strsplit(str, "/", 2);
- if (tokens == NULL)
+ if (!tokens)
return -1;
if (!inet_pton(AF_INET, tokens[0], ip)) {
@@ -1687,7 +1696,7 @@ static int parse_ip_and_mask(const char *str, struct in_addr *ip, struct in_addr
goto out;
}
- if (tokens[1] != NULL) {
+ if (tokens[1]) {
prefixlength = strtol(tokens[1], NULL, 10);
if (prefixlength > 31) {
err = -1;
@@ -1712,15 +1721,15 @@ static struct connman_iptables *get_table(const char *table_name)
{
struct connman_iptables *table;
- if (table_name == NULL)
+ if (!table_name)
table_name = "filter";
table = g_hash_table_lookup(table_hash, table_name);
- if (table != NULL)
+ if (table)
return table;
table = iptables_init(table_name);
- if (table == NULL)
+ if (!table)
return NULL;
table->name = g_strdup(table_name);
@@ -1752,7 +1761,7 @@ static int prepare_getopt_args(const char *str, struct parse_context *ctx)
/* Don't forget the last NULL entry */
ctx->argv = g_try_malloc0((ctx->argc + 1) * sizeof(char *));
- if (ctx->argv == NULL) {
+ if (!ctx->argv) {
g_strfreev(tokens);
return -ENOMEM;
}
@@ -1770,19 +1779,19 @@ static int prepare_getopt_args(const char *str, struct parse_context *ctx)
return 0;
}
-static int parse_xt_modules(int c, connman_bool_t invert,
+static int parse_xt_modules(int c, bool invert,
struct parse_context *ctx)
{
struct xtables_match *m;
struct xtables_rule_match *rm;
- for (rm = ctx->xt_rm; rm != NULL; rm = rm->next) {
+ for (rm = ctx->xt_rm; rm; rm = rm->next) {
if (rm->completed != 0)
continue;
m = rm->match;
- if (m->x6_parse == NULL && m->parse == NULL)
+ if (!m->x6_parse && !m->parse)
continue;
if (c < (int) m->option_offset ||
@@ -1793,10 +1802,10 @@ static int parse_xt_modules(int c, connman_bool_t invert,
xtables_option_mpcall(c, ctx->argv, invert, m, NULL);
}
- if (ctx->xt_t == NULL)
+ if (!ctx->xt_t)
return 0;
- if (ctx->xt_t->x6_parse == NULL && ctx->xt_t->parse == NULL)
+ if (!ctx->xt_t->x6_parse && !ctx->xt_t->parse)
return 0;
if (c < (int) ctx->xt_t->option_offset ||
@@ -1813,10 +1822,10 @@ static int final_check_xt_modules(struct parse_context *ctx)
{
struct xtables_rule_match *rm;
- for (rm = ctx->xt_rm; rm != NULL; rm = rm->next)
+ for (rm = ctx->xt_rm; rm; rm = rm->next)
xtables_option_mfcall(rm->match);
- if (ctx->xt_t != NULL)
+ if (ctx->xt_t)
xtables_option_tfcall(ctx->xt_t);
return 0;
@@ -1902,11 +1911,11 @@ static int parse_rule_spec(struct connman_iptables *table,
* of libxtables is found.
*/
struct xtables_match *xt_m;
- connman_bool_t invert = FALSE;
+ bool invert = false;
int len, c, err;
ctx->ip = g_try_new0(struct ipt_ip, 1);
- if (ctx->ip == NULL)
+ if (!ctx->ip)
return -ENOMEM;
/*
@@ -1972,7 +1981,7 @@ static int parse_rule_spec(struct connman_iptables *table,
case 'm':
/* Matches */
xt_m = prepare_matches(table, &ctx->xt_rm, optarg);
- if (xt_m == NULL) {
+ if (!xt_m) {
err = -EINVAL;
goto out;
}
@@ -1982,7 +1991,7 @@ static int parse_rule_spec(struct connman_iptables *table,
case 'j':
/* Target */
ctx->xt_t = prepare_target(table, optarg);
- if (ctx->xt_t == NULL) {
+ if (!ctx->xt_t) {
err = -EINVAL;
goto out;
}
@@ -1990,7 +1999,7 @@ static int parse_rule_spec(struct connman_iptables *table,
break;
case 1:
if (optarg[0] == '!' && optarg[1] == '\0') {
- invert = TRUE;
+ invert = true;
/* Remove the '!' from the optarg */
optarg[0] = '\0';
@@ -2011,7 +2020,7 @@ static int parse_rule_spec(struct connman_iptables *table,
break;
}
- invert = FALSE;
+ invert = false;
}
err = final_check_xt_modules(ctx);
@@ -2033,10 +2042,10 @@ static void reset_xtables(void)
* Clear all flags because the flags are only valid
* for one rule.
*/
- for (xt_m = xtables_matches; xt_m != NULL; xt_m = xt_m->next)
+ for (xt_m = xtables_matches; xt_m; xt_m = xt_m->next)
xt_m->mflags = 0;
- for (xt_t = xtables_targets; xt_t != NULL; xt_t = xt_t->next) {
+ for (xt_t = xtables_targets; xt_t; xt_t = xt_t->next) {
xt_t->tflags = 0;
xt_t->used = 0;
}
@@ -2060,12 +2069,12 @@ static void cleanup_parse_context(struct parse_context *ctx)
g_strfreev(ctx->argv);
g_free(ctx->ip);
- if (ctx->xt_t != NULL) {
+ if (ctx->xt_t) {
g_free(ctx->xt_t->t);
ctx->xt_t->t = NULL;
}
- for (list = ctx->xt_m; list != NULL; list = list->next) {
+ for (list = ctx->xt_m; list; list = list->next) {
struct xtables_match *xt_m = list->data;
g_free(xt_m->m);
@@ -2077,8 +2086,8 @@ static void cleanup_parse_context(struct parse_context *ctx)
}
g_list_free(ctx->xt_m);
- for (tmp = NULL, rm = ctx->xt_rm; rm != NULL; rm = rm->next) {
- if (tmp != NULL)
+ for (tmp = NULL, rm = ctx->xt_rm; rm; rm = rm->next) {
+ if (tmp)
g_free(tmp);
tmp = rm;
}
@@ -2094,7 +2103,7 @@ int __connman_iptables_dump(const char *table_name)
DBG("-t %s -L", table_name);
table = get_table(table_name);
- if (table == NULL)
+ if (!table)
return -EINVAL;
dump_table(table);
@@ -2110,7 +2119,7 @@ int __connman_iptables_new_chain(const char *table_name,
DBG("-t %s -N %s", table_name, chain);
table = get_table(table_name);
- if (table == NULL)
+ if (!table)
return -EINVAL;
return iptables_add_chain(table, chain);
@@ -2124,7 +2133,7 @@ int __connman_iptables_delete_chain(const char *table_name,
DBG("-t %s -X %s", table_name, chain);
table = get_table(table_name);
- if (table == NULL)
+ if (!table)
return -EINVAL;
return iptables_delete_chain(table, chain);
@@ -2138,7 +2147,7 @@ int __connman_iptables_flush_chain(const char *table_name,
DBG("-t %s -F %s", table_name, chain);
table = get_table(table_name);
- if (table == NULL)
+ if (!table)
return -EINVAL;
return iptables_flush_chain(table, chain);
@@ -2153,7 +2162,7 @@ int __connman_iptables_change_policy(const char *table_name,
DBG("-t %s -F %s", table_name, chain);
table = get_table(table_name);
- if (table == NULL)
+ if (!table)
return -EINVAL;
return iptables_change_policy(table, chain, policy);
@@ -2169,7 +2178,7 @@ int __connman_iptables_append(const char *table_name,
int err;
ctx = g_try_new0(struct parse_context, 1);
- if (ctx == NULL)
+ if (!ctx)
return -ENOMEM;
DBG("-t %s -A %s %s", table_name, chain, rule_spec);
@@ -2179,7 +2188,7 @@ int __connman_iptables_append(const char *table_name,
goto out;
table = get_table(table_name);
- if (table == NULL) {
+ if (!table) {
err = -EINVAL;
goto out;
}
@@ -2188,7 +2197,7 @@ int __connman_iptables_append(const char *table_name,
if (err < 0)
goto out;
- if (ctx->xt_t == NULL)
+ if (!ctx->xt_t)
target_name = NULL;
else
target_name = ctx->xt_t->name;
@@ -2212,7 +2221,7 @@ int __connman_iptables_insert(const char *table_name,
int err;
ctx = g_try_new0(struct parse_context, 1);
- if (ctx == NULL)
+ if (!ctx)
return -ENOMEM;
DBG("-t %s -I %s %s", table_name, chain, rule_spec);
@@ -2222,7 +2231,7 @@ int __connman_iptables_insert(const char *table_name,
goto out;
table = get_table(table_name);
- if (table == NULL) {
+ if (!table) {
err = -EINVAL;
goto out;
}
@@ -2231,7 +2240,7 @@ int __connman_iptables_insert(const char *table_name,
if (err < 0)
goto out;
- if (ctx->xt_t == NULL)
+ if (!ctx->xt_t)
target_name = NULL;
else
target_name = ctx->xt_t->name;
@@ -2255,7 +2264,7 @@ int __connman_iptables_delete(const char *table_name,
int err;
ctx = g_try_new0(struct parse_context, 1);
- if (ctx == NULL)
+ if (!ctx)
return -ENOMEM;
DBG("-t %s -D %s %s", table_name, chain, rule_spec);
@@ -2265,7 +2274,7 @@ int __connman_iptables_delete(const char *table_name,
goto out;
table = get_table(table_name);
- if (table == NULL) {
+ if (!table) {
err = -EINVAL;
goto out;
}
@@ -2274,7 +2283,7 @@ int __connman_iptables_delete(const char *table_name,
if (err < 0)
goto out;
- if (ctx->xt_t == NULL)
+ if (!ctx->xt_t)
target_name = NULL;
else
target_name = ctx->xt_t->name;
@@ -2298,12 +2307,12 @@ int __connman_iptables_commit(const char *table_name)
DBG("%s", table_name);
table = g_hash_table_lookup(table_hash, table_name);
- if (table == NULL)
+ if (!table)
return -EINVAL;
repl = iptables_blob(table);
- if (debug_enabled == TRUE)
+ if (debug_enabled)
dump_ipt_replace(repl);
err = iptables_replace(table, repl);
@@ -2312,7 +2321,7 @@ int __connman_iptables_commit(const char *table_name)
g_free(repl);
if (err < 0)
- return err;
+ return err;
g_hash_table_remove(table_hash, table_name);
@@ -2340,7 +2349,7 @@ static int iterate_chains_cb(struct ipt_entry *entry, int builtin,
target = ipt_get_target(entry);
if (!g_strcmp0(target->u.user.name, IPT_ERROR_TARGET))
- (*cb)((const char*)target->data, cbd->user_data);
+ (*cb)((const char *)target->data, cbd->user_data);
else if (builtin >= 0)
(*cb)(hooknames[builtin], cbd->user_data);
@@ -2355,7 +2364,7 @@ int __connman_iptables_iterate_chains(const char *table_name,
struct connman_iptables *table;
table = get_table(table_name);
- if (table == NULL)
+ if (!table)
return -EINVAL;
iterate_entries(table->blob_entries->entrytable,
@@ -2375,7 +2384,7 @@ int __connman_iptables_init(void)
DBG("");
if (getenv("CONNMAN_IPTABLES_DEBUG"))
- debug_enabled = TRUE;
+ debug_enabled = true;
table_hash = g_hash_table_new_full(g_str_hash, g_str_equal,
NULL, remove_table);