From 8b5bbbc55ef7d9951e089a556a792f7b49c57925 Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 18 Oct 2023 07:08:19 +0000 Subject: [PATCH] rpki-client: rework ip_addr_check_overlap() Avoid conditional early returns and significantly simplify the printing of ip addresses/ranges by using the new ip_warn(). This also eliminates an extremely weird usage of the comma operator and reduces noise levels quite a bit. ok claudio job --- usr.sbin/rpki-client/ip.c | 41 +++++++++++++-------------------------- 1 file changed, 13 insertions(+), 28 deletions(-) diff --git a/usr.sbin/rpki-client/ip.c b/usr.sbin/rpki-client/ip.c index 6d768610a08..3d41bb1d06f 100644 --- a/usr.sbin/rpki-client/ip.c +++ b/usr.sbin/rpki-client/ip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip.c,v 1.29 2023/10/13 12:06:49 job Exp $ */ +/* $OpenBSD: ip.c,v 1.30 2023/10/18 07:08:19 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -107,7 +107,7 @@ ip_addr_check_overlap(const struct cert_ip *ip, const char *fn, { size_t i, sz = ip->afi == AFI_IPV4 ? 4 : 16; int inherit_v4 = 0, inherit_v6 = 0; - int has_v4 = 0, has_v6 = 0, socktype; + int has_v4 = 0, has_v6 = 0; /* * FIXME: cache this by having a flag on the cert_ip, else we're @@ -135,43 +135,28 @@ ip_addr_check_overlap(const struct cert_ip *ip, const char *fn, ip->type == CERT_IP_INHERIT) || (has_v6 && ip->afi == AFI_IPV6 && ip->type == CERT_IP_INHERIT)) { - if (quiet) - return 0; - warnx("%s: RFC 3779 section 2.2.3.5: " - "cannot have multiple inheritance or inheritance and " - "addresses of the same class", fn); + if (!quiet) { + warnx("%s: RFC 3779 section 2.2.3.5: " + "cannot have multiple inheritance or inheritance " + "and addresses of the same class", fn); + } return 0; } /* Check our ranges. */ for (i = 0; i < ipsz; i++) { - char buf[64]; - if (ips[i].afi != ip->afi) continue; if (memcmp(ips[i].max, ip->min, sz) <= 0 || memcmp(ips[i].min, ip->max, sz) >= 0) continue; - if (quiet) - return 0; - socktype = (ips[i].afi == AFI_IPV4) ? AF_INET : AF_INET6, - warnx("%s: RFC 3779 section 2.2.3.5: " - "cannot have overlapping IP addresses", fn); - ip_addr_print(&ip->ip, ip->afi, buf, sizeof(buf)); - warnx("%s: certificate IP: %s", fn, buf); - if (inet_ntop(socktype, ip->min, buf, sizeof(buf)) == NULL) - err(1, "inet_ntop"); - warnx("%s: certificate IP minimum: %s", fn, buf); - if (inet_ntop(socktype, ip->max, buf, sizeof(buf)) == NULL) - err(1, "inet_ntop"); - warnx("%s: certificate IP maximum: %s", fn, buf); - if (inet_ntop(socktype, ips[i].min, buf, sizeof(buf)) == NULL) - err(1, "inet_ntop"); - warnx("%s: offending IP minimum: %s", fn, buf); - if (inet_ntop(socktype, ips[i].max, buf, sizeof(buf)) == NULL) - err(1, "inet_ntop"); - warnx("%s: offending IP maximum: %s", fn, buf); + if (!quiet) { + warnx("%s: RFC 3779 section 2.2.3.5: " + "cannot have overlapping IP addresses", fn); + ip_warn(fn, ip, "certificate IP"); + ip_warn(fn, &ips[i], "offending IP"); + } return 0; } -- 2.20.1