tree-wide: drop 'This file is part of systemd' blurb

[thirdparty/systemd.git] / src / shared / firewall-util.c

diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
index 97865eac4a35ed0db21f9c4c7f650d5ee4f0e849..a047a6969e04161e076b7102ebf7bbc21a32391f 100644 (file)
--- a/src/shared/firewall-util.c
+++ b/src/shared/firewall-util.c
@@ -1,24 +1,11 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
 /***
-  This file is part of systemd.
-
   Copyright 2015 Lennart Poettering
-
-  systemd is free software; you can redistribute it and/or modify it
-  under the terms of the GNU Lesser General Public License as published by
-  the Free Software Foundation; either version 2.1 of the License, or
-  (at your option) any later version.
-
-  systemd is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  Lesser General Public License for more details.
-
-  You should have received a copy of the GNU Lesser General Public License
-  along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
-#warning "Temporary work-around for broken glibc vs. linux kernel header definitions"
-#warning "This really should be removed sooner rather than later, when this is fixed upstream"
+/* Temporary work-around for broken glibc vs. linux kernel header definitions
+ * This is already fixed upstream, remove this when distributions have updated.
+ */
 #define _NET_IF_H 1
 
 #include <alloca.h>
@@ -29,12 +16,10 @@
 #include <string.h>
 #include <sys/socket.h>
 #include <net/if.h>
-#include <linux/if.h>
 #ifndef IFNAMSIZ
-#undef _NET_IF_H
-/* Let's make sure to include this one, too, if IFNAMSIZ isn't defined yet, as it is for kernels <= 4.2 */
-#include <net/if.h>
+#define IFNAMSIZ 16
 #endif
+#include <linux/if.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <linux/netfilter/nf_nat.h>
 #include <linux/netfilter/xt_addrtype.h>
@@ -73,16 +58,20 @@ static int entry_fill_basics(
         }
         if (source) {
                 entry->ip.src = source->in;
-                in_addr_prefixlen_to_netmask(&entry->ip.smsk, source_prefixlen);
+                in4_addr_prefixlen_to_netmask(&entry->ip.smsk, source_prefixlen);
         }
 
         if (out_interface) {
+                size_t l = strlen(out_interface);
+                assert(l < sizeof entry->ip.outiface);
+                assert(l < sizeof entry->ip.outiface_mask);
+
                 strcpy(entry->ip.outiface, out_interface);
-                memset(entry->ip.outiface_mask, 0xFF, strlen(out_interface)+1);
+                memset(entry->ip.outiface_mask, 0xFF, l + 1);
         }
         if (destination) {
                 entry->ip.dst = destination->in;
-                in_addr_prefixlen_to_netmask(&entry->ip.dmsk, destination_prefixlen);
+                in4_addr_prefixlen_to_netmask(&entry->ip.dmsk, destination_prefixlen);
         }
 
         return 0;
@@ -108,7 +97,7 @@ int fw_add_masquerade(
         if (af != AF_INET)
                 return -EOPNOTSUPP;
 
-        if (protocol != 0 && protocol != IPPROTO_TCP && protocol != IPPROTO_UDP)
+        if (!IN_SET(protocol, 0, IPPROTO_TCP, IPPROTO_UDP))
                 return -EOPNOTSUPP;
 
         h = iptc_init("nat");
@@ -177,7 +166,6 @@ int fw_add_local_dnat(
                 uint16_t remote_port,
                 const union in_addr_union *previous_remote) {
 
-
         _cleanup_(iptc_freep) struct xtc_handle *h = NULL;
         struct ipt_entry *entry, *mask;
         struct ipt_entry_target *t;
@@ -192,7 +180,7 @@ int fw_add_local_dnat(
         if (af != AF_INET)
                 return -EOPNOTSUPP;
 
-        if (protocol != IPPROTO_TCP && protocol != IPPROTO_UDP)
+        if (!IN_SET(protocol, IPPROTO_TCP, IPPROTO_UDP))
                 return -EOPNOTSUPP;
 
         if (local_port <= 0)