On Thursday 06 July 2006 17:34, [EMAIL PROTECTED] wrote:
> Index: linux-2.6.17.i686-quilt/net/ipv4/cipso_ipv4.c
> ===================================================================
> --- /dev/null
> +++ linux-2.6.17.i686-quilt/net/ipv4/cipso_ipv4.c
> +static int cipso_v4_bitmap_walk(const unsigned char *bitmap,
> + const u32 bitmap_len,
> + const u32 offset,
> + const u8 state)
> +{
const on pass by value
> + bitmask = 0x80 >> offset % 8;
Might not be bad to add a pair of parenthesis to clarify the order of intended
evaluation.
> +static void cipso_v4_bitmap_setbit(unsigned char *bitmap,
> + const u32 bit,
> + const u8 state)
const on pass by value
> + bitmask = 0x80 >> bit % 8;
same as above
> +static void cipso_v4_doi_domhsh_free(struct rcu_head *entry)
> +{
> + struct cipso_v4_domhsh_entry *ptr;
> +
> + ptr = container_of(entry, struct cipso_v4_domhsh_entry, rcu);
> + if (ptr->domain)
> + kfree(ptr->domain);
'if' isn't needed
> +static void cipso_v4_cache_entry_free(struct cipso_v4_map_cache_entry
> *entry) +{
> + if (entry->lsm_data.free)
> + entry->lsm_data.free(entry->lsm_data.data);
> + if (entry->key)
> + kfree(entry->key);
same
> +static u32 cipso_v4_map_cache_hash(const unsigned char *key, const u32
> key_len) +{
const on pass by value
> +static int cipso_v4_cache_init(const u32 bkt_size)
same
> +static int cipso_v4_cache_check(const unsigned char *key,
> + const u32 key_len,
> + struct netlbl_lsm_secattr *secattr)
> +{
same
> +static struct cipso_v4_doi *cipso_v4_doi_search(const u32 doi)
same
> +int cipso_v4_doi_remove(const u32 doi,
> + void (*callback) (struct rcu_head * head))
same
> +struct cipso_v4_doi *cipso_v4_doi_getdef(const u32 doi)
same
> +struct sk_buff *cipso_v4_doi_dump(const u32 doi, const size_t headroom)
same
> +{
> + struct sk_buff *skb;
> + unsigned char *buf;
> + struct cipso_v4_doi *iter;
> + u32 doi_cnt = 0;
> + u32 tag_cnt = 0;
> + u32 lvl_cnt = 0;
> + u32 cat_cnt = 0;
> + ssize_t buf_len;
indent seems to have changed here
> +int cipso_v4_doi_domhsh_add(struct cipso_v4_doi *doi_def, const char
> *domain) +{
<snip>
> + rcu_read_lock();
> + list_for_each_entry_rcu(iter, &doi_def->dom_list, list)
> + if (iter->valid &&
> + ((domain != NULL && iter->domain != NULL &&
> + strcmp(iter->domain, domain) == 0) ||
> + (domain == NULL && iter->domain == NULL))) {
> + rcu_read_unlock();
> + if (new_dom->domain != NULL)
> + kfree(new_dom->domain);
'if' not needed
> +static int cipso_v4_map_lvl_valid(const struct cipso_v4_doi *doi_def,
> + const u8 level)
const on pass by value
> +static int cipso_v4_map_lvl_hton(const struct cipso_v4_doi *doi_def,
> + const u32 host_lvl,
> + u32 *net_lvl)
same
> +static int cipso_v4_map_lvl_ntoh(const struct cipso_v4_doi *doi_def,
> + const u32 net_lvl,
> + u32 *host_lvl)
same
> +static int cipso_v4_map_cat_rbm_valid(const struct cipso_v4_doi *doi_def,
> + const unsigned char *bitmap,
> + const u32 bitmap_len)
same
> +static int cipso_v4_map_cat_rbm_hton(const struct cipso_v4_doi *doi_def,
> + const unsigned char *host_cat,
> + const u32 host_cat_len,
> + unsigned char *net_cat,
> + const u32 net_cat_len)
same
> +static int cipso_v4_map_cat_rbm_ntoh(const struct cipso_v4_doi *doi_def,
> + const unsigned char *net_cat,
> + const u32 net_cat_len,
> + unsigned char *host_cat,
> + const u32 host_cat_len)
same
> +static int cipso_v4_gentag_hdr(const struct cipso_v4_doi *doi_def,
> + const u32 len,
> + unsigned char *buf)
same
> +static int cipso_v4_gentag_rbm(const struct cipso_v4_doi *doi_def,
> + const struct netlbl_lsm_secattr *secattr,
> + unsigned char **buffer,
> + u32 *buffer_len)
same
> +{
> + int ret_val = -EPERM;
> + unsigned char *buf = NULL;
> + u32 buf_len;
> + u32 level;
> +
> + if (secattr->set_mls_cat) {
> + buf = kzalloc(CIPSO_V4_HDR_LEN + 4 + CIPSO_V4_TAG1_CAT_LEN,
> + GFP_ATOMIC);
> + if (buf == NULL)
> + return -ENOMEM;
> +
> + ret_val = cipso_v4_map_cat_rbm_hton(doi_def,
> + secattr->mls_cat,
> + secattr->mls_cat_len,
> + &buf[CIPSO_V4_HDR_LEN + 4],
> + CIPSO_V4_TAG1_CAT_LEN);
> + if (ret_val < 0)
> + goto gentag_failure;
> +
> + /* XXX - this will send packets using the "optimized" format
> + when possibile as specified in section 3.4.2.6 of the
> + CIPSO draft */
> + if (cipso_v4_rbm_optfmt && (ret_val > 0 && ret_val < 10))
> + ret_val = 10;
> +
> + buf_len = 4 + ret_val;
> + } else {
> + buf = kzalloc(CIPSO_V4_HDR_LEN + 4, GFP_ATOMIC);
> + if (buf == NULL)
> + return -ENOMEM;
> + buf_len = 4;
> + }
> +
> + ret_val = cipso_v4_map_lvl_hton(doi_def, secattr->mls_lvl, &level);
> + if (ret_val != 0)
> + goto gentag_failure;
> +
> + ret_val = cipso_v4_gentag_hdr(doi_def, buf_len, buf);
> + if (ret_val != 0)
> + goto gentag_failure;
> +
> + buf[CIPSO_V4_HDR_LEN] = 0x01;
> + buf[CIPSO_V4_HDR_LEN + 1] = buf_len;
> + buf[CIPSO_V4_HDR_LEN + 3] = level;
> +
> + *buffer = buf;
> + *buffer_len = CIPSO_V4_HDR_LEN + buf_len;
> +
> + return 0;
> +
> +gentag_failure:
> + if (buf)
> + kfree(buf);
'if' is not needed. you always have a buffer when you get here.
> + return ret_val;
> +}
> +int cipso_v4_error(struct sk_buff *skb,
> + const int error,
> + const u32 gateway)
const on pbv
> +int cipso_v4_socket_setattr(const struct socket *sock,
> + const struct cipso_v4_doi *doi_def,
> + const struct netlbl_lsm_secattr *secattr)
> +{
<snip>
> +socket_setattr_failure:
> + if (buf)
> + kfree(buf);
> + if (opt)
> + kfree(opt);
no need for 'if'
-Steve
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
