1) Removed bogus #include

2) Rewrote "bad_packet" code to be less buggy and more readable.
3) Removed a pile of goto's; the code is now somewhat less reminiscent
   of a certain Italian pasta.
4) Changed all boolean returns of "0" and "1" to FALSE/TRUE.

1 files changed, 25 insertions, 46 deletions

diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c
index 7155f2f..c82630c 100644
--- a/sys/netinet/ip_fw.c
+++ b/sys/netinet/ip_fw.c
@@ -37,9 +37,6 @@
 #include <netinet/tcp.h>
 #include <netinet/udp.h>
 #include <netinet/ip_icmp.h>
-
-#include <arpa/inet.h>
-
 #include <netinet/ip_fw.h>
 
 #ifdef IPFIREWALL_DEBUG
@@ -68,7 +65,7 @@
 
 
 /*
- * Returns 1 if the port is matched by the vector, 0 otherwise
+ * Returns TRUE if the port is matched by the vector, FALSE otherwise
  */
 inline
 int port_match(portptr,nports,port,range_flag)
@@ -78,25 +75,25 @@ u_short port;
 int range_flag;
 {
     if (!nports)
-	return 1;
+	return TRUE;
     if (range_flag) {
 	if (portptr[0]<=port && port<=portptr[1]) {
-	    return 1;
+	    return TRUE;
 	}
 	nports-=2;
 	portptr+=2;
     }
     while (nports-->0) {
 	if (*portptr++==port) {
-	    return 1;
+	    return TRUE;
 	}
     }
-    return 0;
+    return FALSE;
 }
 
 
 /*
- * Returns 0 if packet should be dropped, 1 or more if it should be accepted
+ * Returns TRUE if it should be accepted, FALSE otherwise.
  */
 
 #ifdef IPFIREWALL
@@ -122,7 +119,7 @@ struct ip_fw 	*chain;
 		 * to disabling firewall.
 		 */
     if (!chain)
-	return(1);
+	return TRUE;
 
 		/*
 		 * This way we handle fragmented packets.
@@ -132,7 +129,7 @@ struct ip_fw 	*chain;
 		 * stored only in first packet.
 		 */
     if (ip->ip_off&IP_OFFMASK)
-	return(1);
+	return TRUE;
 
     src = ip->ip_src;
     dst = ip->ip_dst;
@@ -258,7 +255,7 @@ via_match:
     	if (ip_fw_policy&IP_FW_P_DENY)
 		goto bad_packet;
 	else
-		goto good_packet;
+		return TRUE;
 
 got_match:
 #ifdef IPFIREWALL_VERBOSE
@@ -296,51 +293,33 @@ got_match:
     }
 #endif
 	if (f->fw_flg&IP_FW_F_ACCEPT)
-		goto good_packet;
-#ifdef noneed
-	else
-		goto bad_packet;
-#endif
+		return TRUE;
 
 bad_packet:
-	if (f) {
-			/*
-			 * Do not ICMP reply to icmp
-			 * packets....:)
-			 */
-		if (f_prt==IP_FW_F_ICMP)
-			goto return_0;
-			/*
-			 * Reply to packets rejected
-			 * by entry with this flag
-			 * set only.
-			 */
-		if (!(f->fw_flg&IP_FW_F_ICMPRPL))
-			goto return_0;
-		m = dtom(ip);
+	m = dtom(ip);
+	if (f != NULL) {
+		/*
+		 * Do not ICMP reply to icmp
+		 * packets....:) or to packets
+		 * rejected by entry without
+		 * the special ICMP reply flag.
+		 */
+		if ((f_prt == IP_FW_F_ICMP) ||
+		    !(f->fw_flg&IP_FW_F_ICMPRPL)) {
+			m_freem(m);
+			return FALSE;
+		}
 		if (f_prt==IP_FW_F_ALL)
    			icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, 0L, 0);
 		else
    			icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 0L, 0);
-		return 0;
-	} else {
-		/*
-		 * If global icmp flag set we will do
-		 * something here...later..
-		 */
-		goto return_0;
+		return FALSE;
 	}
-return_0:
 	m_freem(m);
-	return 0;
-good_packet:
-	return 1;
+	return FALSE;
 }
 #endif /* IPFIREWALL */
 
-
-
-
 #ifdef IPACCT
 void ip_acct_cnt(ip,rif,chain,nh_conv)
 struct ip 	*ip;