[hipl-commit] [trunk] Rev 3627: Styling for firewall/rule_management.c
- From: Miika Komu <miika@xxxxxx>
- To: hipl-commit@xxxxxxxxxxxxx
- Date: Sun, 14 Feb 2010 14:08:29 +0200
Committer: Miika Komu <miika@xxxxxx>
Date: Sun Feb 14 14:08:28 2010 +0200
Revision: 3627
Revision-id: miika@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Branch nick: trunk
Log:
Styling for firewall/rule_management.c
Modified:
M firewall/rule_management.c
=== modified file 'firewall/rule_management.c'
--- firewall/rule_management.c 2010-02-13 20:58:35 +0000
+++ firewall/rule_management.c 2010-02-14 12:08:28 +0000
@@ -38,7 +38,7 @@
#include "lib/tool/crypto.h"
#include "lib/core/debug.h"
-//string tokens for rule parsing
+/* string tokens for rule parsing */
#define SRC_HIT_STR "-src_hit"
#define DST_HIT_STR "-dst_hit"
#define TYPE_STR "-type"
@@ -55,7 +55,7 @@
#define FORWARD_STR "FORWARD"
#define NEW_STR "NEW"
#define ESTABLISHED_STR "ESTABLISHED"
-//filename needs to contain either to be valid HI file
+/* filename needs to contain either to be valid HI file */
#define RSA_FILE "_rsa_"
#define DSA_FILE "_dsa_"
@@ -186,7 +186,7 @@
{
if (rule != NULL) {
HIP_DEBUG("rule: ");
- //filtering firewall, so no other hooks supported
+ /* filtering firewall, so no other hooks supported */
if (rule->hook == NF_IP6_LOCAL_IN) {
HIP_DEBUG("%s ", INPUT_STR);
} else if (rule->hook == NF_IP6_LOCAL_OUT) {
@@ -500,7 +500,7 @@
{
if (hit1 == NULL && hit2 == NULL) {
return 1;
- } else if (hit1 == NULL || hit2 == NULL) { //only one is NULL
+ } else if (hit1 == NULL || hit2 == NULL) { /* only one is NULL */
return 0;
} else {
if (IN6_ARE_ADDR_EQUAL(&hit1->value, &hit2->value) &&
@@ -525,7 +525,7 @@
{
if (int_option1 == NULL && int_option2 == NULL) {
return 1;
- } else if (int_option1 == NULL || int_option2 == NULL) { //only one is NULL
+ } else if (int_option1 == NULL || int_option2 == NULL) { /* only one is
NULL */
return 0;
} else {
if (int_option1->value == int_option2->value &&
@@ -550,7 +550,7 @@
{
if (state_option1 == NULL && state_option2 == NULL) {
return 1;
- } else if (state_option1 == NULL || state_option2 == NULL) { //only one is
NULL
+ } else if (state_option1 == NULL || state_option2 == NULL) { /* only one
is NULL */
return 0;
} else {
if (int_options_equal(&state_option1->int_opt,
@@ -579,7 +579,7 @@
{
if (string_option1 == NULL && string_option2 == NULL) {
return 1;
- } else if (string_option1 == NULL || string_option2 == NULL) { //only one
is NULL
+ } else if (string_option1 == NULL || string_option2 == NULL) { /* only one
is NULL */
return 0;
} else {
if (!strcmp(string_option1->value, string_option2->value) &&
@@ -613,7 +613,7 @@
if (!hit_options_equal(rule1->dst_hit, rule2->dst_hit)) {
return 0;
}
- //no need to compare HIs as src_hits have been compared
+ /* no need to compare HIs as src_hits have been compared */
if ((rule1->src_hi != NULL && rule2->src_hi == NULL) ||
(rule1->src_hi == NULL && rule2->src_hi != NULL)) {
return 0;
@@ -786,7 +786,7 @@
return NULL;
}
- //verify hi => hit
+ /* verify hi => hit */
hip_host_id_to_hit(hi, &temp_hit, HIP_HIT_TYPE_HASH100);
if (!ipv6_addr_cmp(&temp_hit, hit)) {
_HIP_DEBUG("parse hi: hi-hit match\n");
@@ -931,7 +931,7 @@
return NULL;
}
rule = alloc_empty_rule();
- //rule needs to start with a hook
+ /* rule needs to start with a hook */
if (!strcmp(token, INPUT_STR)) {
rule->hook = NF_IP6_LOCAL_IN;
_HIP_DEBUG("INPUT found \n");
@@ -949,13 +949,13 @@
while (strlen(string) > 0) {
token = (char *) strtok(NULL, " ");
if (token == NULL) {
- //empty string
+ /* empty string */
break;
}
- //matching new option
+ /* matching new option */
else if (option_found == NO_OPTION) {
if (!strcmp(token, SRC_HIT_STR)) {
- //option already defined
+ /* option already defined */
if (rule->src_hit != NULL) {
HIP_DEBUG("error parsing rule: src_hit option \n");
free_rule(rule);
@@ -964,7 +964,7 @@
option_found = SRC_HIT_OPTION;
_HIP_DEBUG("src_hit found\n");
} else if (!strcmp(token, DST_HIT_STR)) {
- //option already defined
+ /* option already defined */
if (rule->dst_hit != NULL) {
HIP_DEBUG("error parsing rule: dst_hit option \n");
free_rule(rule);
@@ -973,10 +973,10 @@
option_found = DST_HIT_OPTION;
_HIP_DEBUG("dst_hit found\n");
} else if (!strcmp(token, SRC_HI_STR)) {
- //option already defined
- if (rule->src_hit == NULL || //no hit for hi
- !rule->src_hit->boolean || // negated hit
- rule->src_hi != NULL) { //hi already defined
+ /* option already defined */
+ if (rule->src_hit == NULL || /* no hit for hi */
+ !rule->src_hit->boolean || /* negated hit */
+ rule->src_hi != NULL) { /* hi already defined */
HIP_DEBUG("error parsing rule: src_hi option \n");
free_rule(rule);
return NULL;
@@ -984,7 +984,7 @@
option_found = SRC_HI_OPTION;
_HIP_DEBUG("src_hi found\n");
} else if (!strcmp(token, TYPE_STR)) {
- //option already defined
+ /* option already defined */
if (rule->type != NULL) {
HIP_DEBUG("error parsing rule: type option \n");
free_rule(rule);
@@ -993,7 +993,7 @@
option_found = TYPE_OPTION;
_HIP_DEBUG("type found\n");
} else if (!strcmp(token, STATE_STR)) {
- //option already defined
+ /* option already defined */
if (rule->state != NULL) {
HIP_DEBUG("error parsing rule: state option \n");
free_rule(rule);
@@ -1002,7 +1002,7 @@
option_found = STATE_OPTION;
_HIP_DEBUG("state found\n");
} else if (!strcmp(token, VERIFY_RESPONDER_STR)) {
- //related state option must be defined
+ /* related state option must be defined */
if (rule->state == NULL) {
HIP_DEBUG("error parsing rule: %s without %s\n",
VERIFY_RESPONDER_STR, STATE_STR);
@@ -1012,7 +1012,7 @@
rule->state->verify_responder = 1;
_HIP_DEBUG("%s found\n", VERIFY_RESPONDER_STR);
} else if (!strcmp(token, ACCEPT_MOBILE_STR)) {
- //related state option must be defined
+ /* related state option must be defined */
if (rule->state == NULL) {
HIP_DEBUG("error parsing rule: %s without %s\n",
ACCEPT_MOBILE_STR, STATE_STR);
@@ -1022,7 +1022,7 @@
rule->state->accept_mobile = 1;
_HIP_DEBUG("%s found\n", ACCEPT_MOBILE_STR);
} else if (!strcmp(token, DECRYPT_CONTENTS_STR)) {
- //related state option must be defined
+ /* related state option must be defined */
if (rule->state == NULL) {
HIP_DEBUG("error parsing rule: %s without %s\n",
DECRYPT_CONTENTS_STR, STATE_STR);
@@ -1032,8 +1032,8 @@
rule->state->decrypt_contents = 1;
_HIP_DEBUG("%s found\n", DECRYPT_CONTENTS_STR);
} else if (!strcmp(token, IN_IF_STR)) {
- //option already defined
- //rule in output hook can't have incoming if
+ /* option already defined */
+ /* rule in output hook can't have incoming if */
if (rule->in_if != NULL || rule->hook == NF_IP6_LOCAL_OUT) {
HIP_DEBUG("error parsing rule: i option \n");
free_rule(rule);
@@ -1042,8 +1042,8 @@
option_found = IN_IF_OPTION;
_HIP_DEBUG("-i found\n");
} else if (!strcmp(token, OUT_IF_STR)) {
- //option already defined
- //rule in input hook can't have outcoming if
+ /* option already defined */
+ /* rule in input hook can't have outcoming if */
if (rule->in_if != NULL || rule->hook == NF_IP6_LOCAL_IN) {
HIP_DEBUG("error parsing rule: o option \n");
free_rule(rule);
@@ -1052,7 +1052,7 @@
option_found = OUT_IF_OPTION;
_HIP_DEBUG("-o found\n");
} else if (!strcmp(token, "ACCEPT")) {
- //target already defined
+ /* target already defined */
if (rule->accept > -1) {
HIP_DEBUG("error parsing rule: target \n");
free_rule(rule);
@@ -1062,7 +1062,7 @@
_HIP_DEBUG("accept found \n");
break;
} else if (!strcmp(token, "DROP")) {
- //target already defined
+ /* target already defined */
if (rule->accept > -1) {
HIP_DEBUG("error parsing rule: target \n");
free_rule(rule);
@@ -1072,14 +1072,13 @@
_HIP_DEBUG("drop found \n");
break;
} else {
- //invalid option
+ /* invalid option */
HIP_DEBUG("error parsing rule: invalid option %s\n", token);
free_rule(rule);
return NULL;
}
- }
- //matching value for previous option
- else {
+ } else {
+ /* matching value for previous option */
if (option_found == SRC_HIT_OPTION) {
rule->src_hit = parse_hit(token);
_HIP_DEBUG("parse_rule : src hit %d %s \n", rule->src_hit,
@@ -1143,13 +1142,13 @@
}
}
}
- //rule must have a verdict
+ /* rule must have a verdict */
if (rule->accept == -1) {
free_rule(rule);
HIP_DEBUG("error parsing rule: rule is missing ACCEPT/DROP\n");
return NULL;
}
- //verdict must be the last part
+ /* verdict must be the last part */
if (strtok(NULL, " ") != NULL) {
free_rule(rule);
HIP_DEBUG("error parsing rule: ACCEPT/DROP must be last part of
rule\n");
@@ -1286,7 +1285,7 @@
continue;
}
- //remove trailing new line
+ /* remove trailing new line */
tmp_line = (char *) strtok(line, "\n");
if (tmp_line) {
@@ -1312,7 +1311,7 @@
print_rule((struct rule *) ((DList *) forward)->data);
}
- // this leads to getline to malloc new memory and the current
block is lost
+ /* this leads to getline to malloc new memory and the current
block is lost */
//rule = NULL;
} else if (tmp_line) {
HIP_DEBUG("unable to parse rule: %s\n", original_line);
@@ -1325,16 +1324,10 @@
HIP_DEBUG("Can't open file %s \n", file_name );
}
- //write_enter(NF_IP6_LOCAL_IN);
input_rules = (DList *) input;
set_stateful_filtering(state);
- //write_exit(NF_IP6_LOCAL_IN);
- //write_enter(NF_IP6_LOCAL_OUT);
output_rules = (DList *) output;
- //write_exit(NF_IP6_LOCAL_OUT);
- //write_enter(NF_IP6_FORWARD);
forward_rules = (DList *) forward;
- //write_exit(NF_IP6_FORWARD);
}
/**
@@ -1352,7 +1345,6 @@
if (!rule) {
return;
}
-// write_enter(hook);
copy = copy_rule(rule);
set_rule_list(append_to_list(get_rule_list(hook),
@@ -1362,7 +1354,6 @@
if (rule->state) {
set_stateful_filtering(1);
}
-// write_exit(hook);
}
/**
@@ -1375,13 +1366,12 @@
*/
static int delete_rule(const struct rule *rule, const int hook)
{
- HIP_DEBUG("delete_rule\n");
DList *temp;
int val = -1, state = 0;
-// write_enter(hook);
+ HIP_DEBUG("delete_rule\n");
temp = get_rule_list(hook);
while (temp) {
- //delete first match
+ /* delete first match */
if (rules_equal((struct rule *) temp->data, rule)) {
free_rule((struct rule *) temp->data);
HIP_DEBUG("delete_rule freed\n");
@@ -1397,7 +1387,6 @@
}
HIP_DEBUG("delete_rule looped\n");
set_stateful_filtering(state);
-// write_exit(hook);
HIP_DEBUG("delete_rule exit\n");
return val;
}
@@ -1413,8 +1402,8 @@
*/
static struct _DList *list_rules(const int hook)
{
+ DList *temp = NULL, *ret = NULL;
HIP_DEBUG("list_rules\n");
- DList *temp = NULL, *ret = NULL;
temp = (DList *) get_rule_list(hook);
while (temp) {
ret = append_to_list(ret,
@@ -1435,10 +1424,8 @@
{
HIP_DEBUG("flush\n");
DList *temp = (DList *) get_rule_list(hook);
-// write_enter(hook);
set_rule_list(NULL, hook);
set_stateful_filtering(0);
-// write_exit(hook);
while (temp) {
free_rule((struct rule *) temp->data);
temp = temp->next;
Other related posts:
- » [hipl-commit] [trunk] Rev 3627: Styling for firewall/rule_management.c - Miika Komu
