diff --git a/ip2net/ip2net.c b/ip2net/ip2net.c index 41011b2..793ee72 100644 --- a/ip2net/ip2net.c +++ b/ip2net/ip2net.c @@ -280,7 +280,7 @@ static void parse_params(int argc, char *argv[]) break; } } - if (plen1 != -1 && (!params.ipv6 && (plen1>31 || plen2>31) || params.ipv6 && (plen1>127 || plen2>127))) + if (plen1 != -1 && ((!params.ipv6 && (plen1>31 || plen2>31)) || (params.ipv6 && (plen1>127 || plen2>127)))) { fprintf(stderr, "invalid parameter for prefix-length\n"); exit(1); diff --git a/nfq/conntrack.c b/nfq/conntrack.c index 58226fd..62a79db 100644 --- a/nfq/conntrack.c +++ b/nfq/conntrack.c @@ -249,7 +249,7 @@ static bool ConntrackPoolFeedPool(t_conntrack_pool **pp, const struct ip *ip, co } } b_rev = tcphdr && tcp_synack_segment(tcphdr); - if (tcphdr && tcp_syn_segment(tcphdr) || b_rev || udphdr) + if ((tcphdr && tcp_syn_segment(tcphdr)) || b_rev || udphdr) { if ((ctr=ConntrackNew(pp, b_rev ? &connswp : &conn))) { @@ -297,12 +297,12 @@ void ConntrackPoolPurge(t_conntrack *p) HASH_ITER(hh, p->pool , t, tmp) { tidle = tnow - t->track.t_last; if ( t->track.b_cutoff || - t->conn.l4proto==IPPROTO_TCP && ( - t->track.state==SYN && tidle>=p->timeout_syn || - t->track.state==ESTABLISHED && tidle>=p->timeout_established || - t->track.state==FIN && tidle>=p->timeout_fin) || - t->conn.l4proto==IPPROTO_UDP && - tidle>=p->timeout_udp) + (t->conn.l4proto==IPPROTO_TCP && ( + (t->track.state==SYN && tidle>=p->timeout_syn) || + (t->track.state==ESTABLISHED && tidle>=p->timeout_established) || + (t->track.state==FIN && tidle>=p->timeout_fin)) + ) || (t->conn.l4proto==IPPROTO_UDP && tidle>=p->timeout_udp) + ) { HASH_DEL(p->pool, t); ConntrackFreeElem(t); } diff --git a/nfq/helpers.c b/nfq/helpers.c index 29ac6c8..60a32be 100644 --- a/nfq/helpers.c +++ b/nfq/helpers.c @@ -239,7 +239,7 @@ void phton64(uint8_t *p, uint64_t v) bool seq_within(uint32_t s, uint32_t s1, uint32_t s2) { - return s2>=s1 && s>=s1 && s<=s2 || s2=s1); + return (s2>=s1 && s>=s1 && s<=s2) || (s2=s1)); } bool ipv6_addr_is_zero(const struct in6_addr *a) @@ -313,7 +313,7 @@ time_t file_mod_time(const char *filename) bool pf_in_range(uint16_t port, const port_filter *pf) { - return port && ((!pf->from && !pf->to || port>=pf->from && port<=pf->to) ^ pf->neg); + return port && (((!pf->from && !pf->to) || (port>=pf->from && port<=pf->to)) ^ pf->neg); } bool pf_parse(const char *s, port_filter *pf) { diff --git a/nfq/nfqws.c b/nfq/nfqws.c index d6caa39..565c951 100644 --- a/nfq/nfqws.c +++ b/nfq/nfqws.c @@ -579,7 +579,7 @@ static bool parse_cutoff(const char *opt, unsigned int *value, char *mode) } static bool parse_badseq_increment(const char *opt, uint32_t *value) { - if ((opt[0]=='0' && opt[1]=='x' || opt[0]=='-' && opt[1]=='0' && opt[2]=='x') && sscanf(opt+2+(opt[0]=='-'), "%X", (int32_t*)value)>0) + if (((opt[0]=='0' && opt[1]=='x') || (opt[0]=='-' && opt[1]=='0' && opt[2]=='x')) && sscanf(opt+2+(opt[0]=='-'), "%X", (int32_t*)value)>0) { if (opt[0]=='-') params.desync_badseq_increment = -params.desync_badseq_increment; return true; @@ -621,10 +621,10 @@ bool parse_autottl(const char *s, autottl *t) switch (sscanf(s,"%u:%u-%u",&delta,&min,&max)) { case 3: - if (delta && !max || max>255) return false; + if ((delta && !max) || max>255) return false; t->max=(uint8_t)max; case 2: - if (delta && !min || min>255 || min>max) return false; + if ((delta && !min) || min>255 || min>max) return false; t->min=(uint8_t)min; case 1: if (delta>255) return false; diff --git a/nfq/protocol.c b/nfq/protocol.c index 290f878..6a8f2aa 100644 --- a/nfq/protocol.c +++ b/nfq/protocol.c @@ -104,7 +104,7 @@ bool HttpReplyLooksLikeDPIRedirect(const uint8_t *data, size_t len, const char * code = HttpReplyCode(data,len); - if (code!=302 && code!=307 || !HttpExtractHeader(data,len,"\nLocation:",loc,sizeof(loc))) return false; + if ((code!=302 && code!=307) || !HttpExtractHeader(data,len,"\nLocation:",loc,sizeof(loc))) return false; // something like : https://censor.net/badpage.php?reason=denied&source=RKN diff --git a/tpws/helpers.c b/tpws/helpers.c index 8d02347..ea70898 100644 --- a/tpws/helpers.c +++ b/tpws/helpers.c @@ -140,10 +140,10 @@ bool samappedcmp(const struct sockaddr_in *sa1,const struct sockaddr_in6 *sa2) } bool sacmp(const struct sockaddr *sa1,const struct sockaddr *sa2) { - return sa1->sa_family==AF_INET && sa2->sa_family==AF_INET && !memcmp(&((struct sockaddr_in*)sa1)->sin_addr,&((struct sockaddr_in*)sa2)->sin_addr,sizeof(struct in_addr)) || - sa1->sa_family==AF_INET6 && sa2->sa_family==AF_INET6 && !memcmp(&((struct sockaddr_in6*)sa1)->sin6_addr,&((struct sockaddr_in6*)sa2)->sin6_addr,sizeof(struct in6_addr)) || - sa1->sa_family==AF_INET && sa2->sa_family==AF_INET6 && samappedcmp((struct sockaddr_in*)sa1,(struct sockaddr_in6*)sa2) || - sa1->sa_family==AF_INET6 && sa2->sa_family==AF_INET && samappedcmp((struct sockaddr_in*)sa2,(struct sockaddr_in6*)sa1); + return (sa1->sa_family==AF_INET && sa2->sa_family==AF_INET && !memcmp(&((struct sockaddr_in*)sa1)->sin_addr,&((struct sockaddr_in*)sa2)->sin_addr,sizeof(struct in_addr))) || + (sa1->sa_family==AF_INET6 && sa2->sa_family==AF_INET6 && !memcmp(&((struct sockaddr_in6*)sa1)->sin6_addr,&((struct sockaddr_in6*)sa2)->sin6_addr,sizeof(struct in6_addr))) || + (sa1->sa_family==AF_INET && sa2->sa_family==AF_INET6 && samappedcmp((struct sockaddr_in*)sa1,(struct sockaddr_in6*)sa2)) || + (sa1->sa_family==AF_INET6 && sa2->sa_family==AF_INET && samappedcmp((struct sockaddr_in*)sa2,(struct sockaddr_in6*)sa1)); } uint16_t saport(const struct sockaddr *sa) { @@ -236,7 +236,7 @@ time_t file_mod_time(const char *filename) bool pf_in_range(uint16_t port, const port_filter *pf) { - return port && ((!pf->from && !pf->to || port>=pf->from && port<=pf->to) ^ pf->neg); + return port && (((!pf->from && !pf->to) || (port>=pf->from && port<=pf->to)) ^ pf->neg); } bool pf_parse(const char *s, port_filter *pf) { diff --git a/tpws/protocol.c b/tpws/protocol.c index 0787064..22e89c5 100644 --- a/tpws/protocol.c +++ b/tpws/protocol.c @@ -104,7 +104,7 @@ bool HttpReplyLooksLikeDPIRedirect(const uint8_t *data, size_t len, const char * code = HttpReplyCode(data,len); - if (code!=302 && code!=307 || !HttpExtractHeader(data,len,"\nLocation:",loc,sizeof(loc))) return false; + if ((code!=302 && code!=307) || !HttpExtractHeader(data,len,"\nLocation:",loc,sizeof(loc))) return false; // something like : https://censor.net/badpage.php?reason=denied&source=RKN diff --git a/tpws/socks.h b/tpws/socks.h index 9026a64..5c9feb0 100644 --- a/tpws/socks.h +++ b/tpws/socks.h @@ -66,8 +66,8 @@ typedef struct }; } s5_req; #define S5_REQ_HEADER_VALID(r,l) (l>=4 && r->ver==5) -#define S5_IP46_VALID(r,l) (r->atyp==S5_ATYP_IP4 && l>=(4+sizeof(r->d4)) || r->atyp==S5_ATYP_IP6 && l>=(4+sizeof(r->d6))) -#define S5_REQ_CONNECT_VALID(r,l) (S5_REQ_HEADER_VALID(r,l) && r->cmd==S5_CMD_CONNECT && (S5_IP46_VALID(r,l) || r->atyp==S5_ATYP_DOM && l>=5 && l>=(5+r->dd.len))) +#define S5_IP46_VALID(r,l) ((r->atyp==S5_ATYP_IP4 && l>=(4+sizeof(r->d4))) || (r->atyp==S5_ATYP_IP6 && l>=(4+sizeof(r->d6)))) +#define S5_REQ_CONNECT_VALID(r,l) (S5_REQ_HEADER_VALID(r,l) && r->cmd==S5_CMD_CONNECT && (S5_IP46_VALID(r,l) || (r->atyp==S5_ATYP_DOM && l>=5 && l>=(5+r->dd.len)))) #define S5_PORT_FROM_DD(r,l) (l>=(4+r->dd.len+2) ? ntohs(*(uint16_t*)(r->dd.domport+r->dd.len)) : 0) #define S5_REP_OK 0 diff --git a/tpws/tpws.c b/tpws/tpws.c index 3399a28..1de0e22 100644 --- a/tpws/tpws.c +++ b/tpws/tpws.c @@ -875,13 +875,13 @@ static bool find_listen_addr(struct sockaddr_storage *salisten, const char *bind // ipv6 links locals are fe80::/10 else if (a->ifa_addr->sa_family==AF_INET6 && - (!*bindiface && (bindll==prefer || bindll==force) || - *bindiface && bind_if6 && !strcmp(a->ifa_name, bindiface)) + ((!*bindiface && (bindll==prefer || bindll==force)) || + (*bindiface && bind_if6 && !strcmp(a->ifa_name, bindiface))) && - (bindll==force && is_linklocal((struct sockaddr_in6*)a->ifa_addr) || - bindll==prefer && (pass==0 && is_linklocal((struct sockaddr_in6*)a->ifa_addr) || pass==1 && is_private6((struct sockaddr_in6*)a->ifa_addr) || pass==2) || - bindll==no && (pass==0 && is_private6((struct sockaddr_in6*)a->ifa_addr) || pass==1 && !is_linklocal((struct sockaddr_in6*)a->ifa_addr)) || - bindll==unwanted && (pass==0 && is_private6((struct sockaddr_in6*)a->ifa_addr) || pass==1 && !is_linklocal((struct sockaddr_in6*)a->ifa_addr) || pass==2)) + ((bindll==force && is_linklocal((struct sockaddr_in6*)a->ifa_addr)) || + (bindll==prefer && ((pass==0 && is_linklocal((struct sockaddr_in6*)a->ifa_addr)) || (pass==1 && is_private6((struct sockaddr_in6*)a->ifa_addr)) || pass==2)) || + (bindll==no && ((pass==0 && is_private6((struct sockaddr_in6*)a->ifa_addr)) || (pass==1 && !is_linklocal((struct sockaddr_in6*)a->ifa_addr)))) || + (bindll==unwanted && ((pass==0 && is_private6((struct sockaddr_in6*)a->ifa_addr)) || (pass==1 && !is_linklocal((struct sockaddr_in6*)a->ifa_addr)) || pass==2))) ) { salisten->ss_family = AF_INET6; diff --git a/tpws/tpws_conn.c b/tpws/tpws_conn.c index b88b429..23df5df 100644 --- a/tpws/tpws_conn.c +++ b/tpws/tpws_conn.c @@ -625,7 +625,7 @@ static bool check_connection_attempt(tproxy_conn_t *conn, int efd) if (!errn) { VPRINT("Socket fd=%d (remote) connected", conn->fd) - if (!epoll_set_flow(conn, true, false) || conn_partner_alive(conn) && !epoll_set_flow(conn->partner, true, false)) + if (!epoll_set_flow(conn, true, false) || (conn_partner_alive(conn) && !epoll_set_flow(conn->partner, true, false))) { return false; } @@ -1064,7 +1064,7 @@ static bool handle_epoll(tproxy_conn_t *conn, struct tailhead *conn_list, uint32 { DBGPRINT("%s leg fd=%d stream pos : %" PRIu64 "(n%" PRIu64 ")/%" PRIu64, conn->remote ? "remote" : "local", conn->fd, conn->trd,conn->tnrd+1,conn->twr) #ifdef SPLICE_PRESENT - if (!params.nosplice && (!params.tamper || conn->remote && conn->partner->track.bTamperInCutoff || !conn->remote && !in_tamper_out_range(conn))) + if (!params.nosplice && (!params.tamper || (conn->remote && conn->partner->track.bTamperInCutoff) || (!conn->remote && !in_tamper_out_range(conn)))) { // incoming data from remote leg we splice without touching // pipe is in the local leg, so its in conn->partner->splice_pipe