Commit d6b00a5345ce4e86e8b00a88bb84a2c0c1f69ddc
1 parent
bd414ee605
Exists in
master
and in
39 other branches
netfilter: xtables: change targets to return error code
Part of the transition of done by this semantic patch:
// <smpl>
@ rule1 @
struct xt_target ops;
identifier check;
@@
ops.checkentry = check;
@@
identifier rule1.check;
@@
check(...) { <...
-return true;
+return 0;
...> }
@@
identifier rule1.check;
@@
check(...) { <...
-return false;
+return -EINVAL;
...> }
// </smpl>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Showing 31 changed files with 116 additions and 111 deletions Side-by-side Diff
- net/bridge/netfilter/ebt_arpreply.c
- net/bridge/netfilter/ebt_dnat.c
- net/bridge/netfilter/ebt_log.c
- net/bridge/netfilter/ebt_mark.c
- net/bridge/netfilter/ebt_nflog.c
- net/bridge/netfilter/ebt_redirect.c
- net/bridge/netfilter/ebt_snat.c
- net/bridge/netfilter/ebt_ulog.c
- net/ipv4/netfilter/ipt_CLUSTERIP.c
- net/ipv4/netfilter/ipt_ECN.c
- net/ipv4/netfilter/ipt_LOG.c
- net/ipv4/netfilter/ipt_MASQUERADE.c
- net/ipv4/netfilter/ipt_NETMAP.c
- net/ipv4/netfilter/ipt_REDIRECT.c
- net/ipv4/netfilter/ipt_REJECT.c
- net/ipv4/netfilter/ipt_ULOG.c
- net/ipv4/netfilter/nf_nat_rule.c
- net/ipv6/netfilter/ip6t_LOG.c
- net/ipv6/netfilter/ip6t_REJECT.c
- net/netfilter/x_tables.c
- net/netfilter/xt_CONNSECMARK.c
- net/netfilter/xt_CT.c
- net/netfilter/xt_DSCP.c
- net/netfilter/xt_HL.c
- net/netfilter/xt_LED.c
- net/netfilter/xt_NFLOG.c
- net/netfilter/xt_NFQUEUE.c
- net/netfilter/xt_RATEEST.c
- net/netfilter/xt_SECMARK.c
- net/netfilter/xt_TCPMSS.c
- net/netfilter/xt_TPROXY.c
net/bridge/netfilter/ebt_arpreply.c
| ... | ... | @@ -63,11 +63,11 @@ |
| 63 | 63 | const struct ebt_entry *e = par->entryinfo; |
| 64 | 64 | |
| 65 | 65 | if (BASE_CHAIN && info->target == EBT_RETURN) |
| 66 | - return false; | |
| 66 | + return -EINVAL; | |
| 67 | 67 | if (e->ethproto != htons(ETH_P_ARP) || |
| 68 | 68 | e->invflags & EBT_IPROTO) |
| 69 | - return false; | |
| 70 | - return true; | |
| 69 | + return -EINVAL; | |
| 70 | + return 0; | |
| 71 | 71 | } |
| 72 | 72 | |
| 73 | 73 | static struct xt_target ebt_arpreply_tg_reg __read_mostly = { |
net/bridge/netfilter/ebt_dnat.c
| ... | ... | @@ -32,7 +32,7 @@ |
| 32 | 32 | unsigned int hook_mask; |
| 33 | 33 | |
| 34 | 34 | if (BASE_CHAIN && info->target == EBT_RETURN) |
| 35 | - return false; | |
| 35 | + return -EINVAL; | |
| 36 | 36 | |
| 37 | 37 | hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS); |
| 38 | 38 | if ((strcmp(par->table, "nat") != 0 || |
| 39 | 39 | |
| ... | ... | @@ -40,10 +40,10 @@ |
| 40 | 40 | (1 << NF_BR_LOCAL_OUT)))) && |
| 41 | 41 | (strcmp(par->table, "broute") != 0 || |
| 42 | 42 | hook_mask & ~(1 << NF_BR_BROUTING))) |
| 43 | - return false; | |
| 43 | + return -EINVAL; | |
| 44 | 44 | if (INVALID_TARGET) |
| 45 | - return false; | |
| 46 | - return true; | |
| 45 | + return -EINVAL; | |
| 46 | + return 0; | |
| 47 | 47 | } |
| 48 | 48 | |
| 49 | 49 | static struct xt_target ebt_dnat_tg_reg __read_mostly = { |
net/bridge/netfilter/ebt_log.c
| ... | ... | @@ -29,11 +29,11 @@ |
| 29 | 29 | struct ebt_log_info *info = par->targinfo; |
| 30 | 30 | |
| 31 | 31 | if (info->bitmask & ~EBT_LOG_MASK) |
| 32 | - return false; | |
| 32 | + return -EINVAL; | |
| 33 | 33 | if (info->loglevel >= 8) |
| 34 | - return false; | |
| 34 | + return -EINVAL; | |
| 35 | 35 | info->prefix[EBT_LOG_PREFIX_SIZE - 1] = '\0'; |
| 36 | - return true; | |
| 36 | + return 0; | |
| 37 | 37 | } |
| 38 | 38 | |
| 39 | 39 | struct tcpudphdr |
net/bridge/netfilter/ebt_mark.c
| ... | ... | @@ -43,14 +43,14 @@ |
| 43 | 43 | |
| 44 | 44 | tmp = info->target | ~EBT_VERDICT_BITS; |
| 45 | 45 | if (BASE_CHAIN && tmp == EBT_RETURN) |
| 46 | - return false; | |
| 46 | + return -EINVAL; | |
| 47 | 47 | if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) |
| 48 | - return false; | |
| 48 | + return -EINVAL; | |
| 49 | 49 | tmp = info->target & ~EBT_VERDICT_BITS; |
| 50 | 50 | if (tmp != MARK_SET_VALUE && tmp != MARK_OR_VALUE && |
| 51 | 51 | tmp != MARK_AND_VALUE && tmp != MARK_XOR_VALUE) |
| 52 | - return false; | |
| 53 | - return true; | |
| 52 | + return -EINVAL; | |
| 53 | + return 0; | |
| 54 | 54 | } |
| 55 | 55 | #ifdef CONFIG_COMPAT |
| 56 | 56 | struct compat_ebt_mark_t_info { |
net/bridge/netfilter/ebt_nflog.c
| ... | ... | @@ -40,9 +40,9 @@ |
| 40 | 40 | struct ebt_nflog_info *info = par->targinfo; |
| 41 | 41 | |
| 42 | 42 | if (info->flags & ~EBT_NFLOG_MASK) |
| 43 | - return false; | |
| 43 | + return -EINVAL; | |
| 44 | 44 | info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0'; |
| 45 | - return true; | |
| 45 | + return 0; | |
| 46 | 46 | } |
| 47 | 47 | |
| 48 | 48 | static struct xt_target ebt_nflog_tg_reg __read_mostly = { |
net/bridge/netfilter/ebt_redirect.c
| ... | ... | @@ -38,17 +38,17 @@ |
| 38 | 38 | unsigned int hook_mask; |
| 39 | 39 | |
| 40 | 40 | if (BASE_CHAIN && info->target == EBT_RETURN) |
| 41 | - return false; | |
| 41 | + return -EINVAL; | |
| 42 | 42 | |
| 43 | 43 | hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS); |
| 44 | 44 | if ((strcmp(par->table, "nat") != 0 || |
| 45 | 45 | hook_mask & ~(1 << NF_BR_PRE_ROUTING)) && |
| 46 | 46 | (strcmp(par->table, "broute") != 0 || |
| 47 | 47 | hook_mask & ~(1 << NF_BR_BROUTING))) |
| 48 | - return false; | |
| 48 | + return -EINVAL; | |
| 49 | 49 | if (INVALID_TARGET) |
| 50 | - return false; | |
| 51 | - return true; | |
| 50 | + return -EINVAL; | |
| 51 | + return 0; | |
| 52 | 52 | } |
| 53 | 53 | |
| 54 | 54 | static struct xt_target ebt_redirect_tg_reg __read_mostly = { |
net/bridge/netfilter/ebt_snat.c
| ... | ... | @@ -49,14 +49,14 @@ |
| 49 | 49 | |
| 50 | 50 | tmp = info->target | ~EBT_VERDICT_BITS; |
| 51 | 51 | if (BASE_CHAIN && tmp == EBT_RETURN) |
| 52 | - return false; | |
| 52 | + return -EINVAL; | |
| 53 | 53 | |
| 54 | 54 | if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) |
| 55 | - return false; | |
| 55 | + return -EINVAL; | |
| 56 | 56 | tmp = info->target | EBT_VERDICT_BITS; |
| 57 | 57 | if ((tmp & ~NAT_ARP_BIT) != ~NAT_ARP_BIT) |
| 58 | - return false; | |
| 59 | - return true; | |
| 58 | + return -EINVAL; | |
| 59 | + return 0; | |
| 60 | 60 | } |
| 61 | 61 | |
| 62 | 62 | static struct xt_target ebt_snat_tg_reg __read_mostly = { |
net/bridge/netfilter/ebt_ulog.c
| ... | ... | @@ -254,14 +254,14 @@ |
| 254 | 254 | struct ebt_ulog_info *uloginfo = par->targinfo; |
| 255 | 255 | |
| 256 | 256 | if (uloginfo->nlgroup > 31) |
| 257 | - return false; | |
| 257 | + return -EINVAL; | |
| 258 | 258 | |
| 259 | 259 | uloginfo->prefix[EBT_ULOG_PREFIX_LEN - 1] = '\0'; |
| 260 | 260 | |
| 261 | 261 | if (uloginfo->qthreshold > EBT_ULOG_MAX_QLEN) |
| 262 | 262 | uloginfo->qthreshold = EBT_ULOG_MAX_QLEN; |
| 263 | 263 | |
| 264 | - return true; | |
| 264 | + return 0; | |
| 265 | 265 | } |
| 266 | 266 | |
| 267 | 267 | static struct xt_target ebt_ulog_tg_reg __read_mostly = { |
net/ipv4/netfilter/ipt_CLUSTERIP.c
| ... | ... | @@ -358,13 +358,13 @@ |
| 358 | 358 | cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT && |
| 359 | 359 | cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) { |
| 360 | 360 | pr_info("unknown mode %u\n", cipinfo->hash_mode); |
| 361 | - return false; | |
| 361 | + return -EINVAL; | |
| 362 | 362 | |
| 363 | 363 | } |
| 364 | 364 | if (e->ip.dmsk.s_addr != htonl(0xffffffff) || |
| 365 | 365 | e->ip.dst.s_addr == 0) { |
| 366 | 366 | pr_info("Please specify destination IP\n"); |
| 367 | - return false; | |
| 367 | + return -EINVAL; | |
| 368 | 368 | } |
| 369 | 369 | |
| 370 | 370 | /* FIXME: further sanity checks */ |
| 371 | 371 | |
| 372 | 372 | |
| ... | ... | @@ -374,20 +374,20 @@ |
| 374 | 374 | if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) { |
| 375 | 375 | pr_info("no config found for %pI4, need 'new'\n", |
| 376 | 376 | &e->ip.dst.s_addr); |
| 377 | - return false; | |
| 377 | + return -EINVAL; | |
| 378 | 378 | } else { |
| 379 | 379 | struct net_device *dev; |
| 380 | 380 | |
| 381 | 381 | if (e->ip.iniface[0] == '\0') { |
| 382 | 382 | pr_info("Please specify an interface name\n"); |
| 383 | - return false; | |
| 383 | + return -EINVAL; | |
| 384 | 384 | } |
| 385 | 385 | |
| 386 | 386 | dev = dev_get_by_name(&init_net, e->ip.iniface); |
| 387 | 387 | if (!dev) { |
| 388 | 388 | pr_info("no such interface %s\n", |
| 389 | 389 | e->ip.iniface); |
| 390 | - return false; | |
| 390 | + return -EINVAL; | |
| 391 | 391 | } |
| 392 | 392 | |
| 393 | 393 | config = clusterip_config_init(cipinfo, |
| ... | ... | @@ -395,7 +395,7 @@ |
| 395 | 395 | if (!config) { |
| 396 | 396 | pr_info("cannot allocate config\n"); |
| 397 | 397 | dev_put(dev); |
| 398 | - return false; | |
| 398 | + return -EINVAL; | |
| 399 | 399 | } |
| 400 | 400 | dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0); |
| 401 | 401 | } |
| 402 | 402 | |
| ... | ... | @@ -405,10 +405,10 @@ |
| 405 | 405 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
| 406 | 406 | pr_info("cannot load conntrack support for proto=%u\n", |
| 407 | 407 | par->family); |
| 408 | - return false; | |
| 408 | + return -EINVAL; | |
| 409 | 409 | } |
| 410 | 410 | |
| 411 | - return true; | |
| 411 | + return 0; | |
| 412 | 412 | } |
| 413 | 413 | |
| 414 | 414 | /* drop reference count of cluster config when rule is deleted */ |
net/ipv4/netfilter/ipt_ECN.c
| ... | ... | @@ -100,18 +100,18 @@ |
| 100 | 100 | |
| 101 | 101 | if (einfo->operation & IPT_ECN_OP_MASK) { |
| 102 | 102 | pr_info("unsupported ECN operation %x\n", einfo->operation); |
| 103 | - return false; | |
| 103 | + return -EINVAL; | |
| 104 | 104 | } |
| 105 | 105 | if (einfo->ip_ect & ~IPT_ECN_IP_MASK) { |
| 106 | 106 | pr_info("new ECT codepoint %x out of mask\n", einfo->ip_ect); |
| 107 | - return false; | |
| 107 | + return -EINVAL; | |
| 108 | 108 | } |
| 109 | 109 | if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) && |
| 110 | 110 | (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) { |
| 111 | 111 | pr_info("cannot use TCP operations on a non-tcp rule\n"); |
| 112 | - return false; | |
| 112 | + return -EINVAL; | |
| 113 | 113 | } |
| 114 | - return true; | |
| 114 | + return 0; | |
| 115 | 115 | } |
| 116 | 116 | |
| 117 | 117 | static struct xt_target ecn_tg_reg __read_mostly = { |
net/ipv4/netfilter/ipt_LOG.c
| ... | ... | @@ -445,13 +445,13 @@ |
| 445 | 445 | |
| 446 | 446 | if (loginfo->level >= 8) { |
| 447 | 447 | pr_debug("level %u >= 8\n", loginfo->level); |
| 448 | - return false; | |
| 448 | + return -EINVAL; | |
| 449 | 449 | } |
| 450 | 450 | if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { |
| 451 | 451 | pr_debug("prefix is not null-terminated\n"); |
| 452 | - return false; | |
| 452 | + return -EINVAL; | |
| 453 | 453 | } |
| 454 | - return true; | |
| 454 | + return 0; | |
| 455 | 455 | } |
| 456 | 456 | |
| 457 | 457 | static struct xt_target log_tg_reg __read_mostly = { |
net/ipv4/netfilter/ipt_MASQUERADE.c
| ... | ... | @@ -34,13 +34,13 @@ |
| 34 | 34 | |
| 35 | 35 | if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { |
| 36 | 36 | pr_debug("bad MAP_IPS.\n"); |
| 37 | - return false; | |
| 37 | + return -EINVAL; | |
| 38 | 38 | } |
| 39 | 39 | if (mr->rangesize != 1) { |
| 40 | 40 | pr_debug("bad rangesize %u\n", mr->rangesize); |
| 41 | - return false; | |
| 41 | + return -EINVAL; | |
| 42 | 42 | } |
| 43 | - return true; | |
| 43 | + return 0; | |
| 44 | 44 | } |
| 45 | 45 | |
| 46 | 46 | static unsigned int |
net/ipv4/netfilter/ipt_NETMAP.c
| ... | ... | @@ -28,13 +28,13 @@ |
| 28 | 28 | |
| 29 | 29 | if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) { |
| 30 | 30 | pr_debug("bad MAP_IPS.\n"); |
| 31 | - return false; | |
| 31 | + return -EINVAL; | |
| 32 | 32 | } |
| 33 | 33 | if (mr->rangesize != 1) { |
| 34 | 34 | pr_debug("bad rangesize %u.\n", mr->rangesize); |
| 35 | - return false; | |
| 35 | + return -EINVAL; | |
| 36 | 36 | } |
| 37 | - return true; | |
| 37 | + return 0; | |
| 38 | 38 | } |
| 39 | 39 | |
| 40 | 40 | static unsigned int |
net/ipv4/netfilter/ipt_REDIRECT.c
| ... | ... | @@ -32,13 +32,13 @@ |
| 32 | 32 | |
| 33 | 33 | if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { |
| 34 | 34 | pr_debug("bad MAP_IPS.\n"); |
| 35 | - return false; | |
| 35 | + return -EINVAL; | |
| 36 | 36 | } |
| 37 | 37 | if (mr->rangesize != 1) { |
| 38 | 38 | pr_debug("bad rangesize %u.\n", mr->rangesize); |
| 39 | - return false; | |
| 39 | + return -EINVAL; | |
| 40 | 40 | } |
| 41 | - return true; | |
| 41 | + return 0; | |
| 42 | 42 | } |
| 43 | 43 | |
| 44 | 44 | static unsigned int |
net/ipv4/netfilter/ipt_REJECT.c
| ... | ... | @@ -181,16 +181,16 @@ |
| 181 | 181 | |
| 182 | 182 | if (rejinfo->with == IPT_ICMP_ECHOREPLY) { |
| 183 | 183 | pr_info("ECHOREPLY no longer supported.\n"); |
| 184 | - return false; | |
| 184 | + return -EINVAL; | |
| 185 | 185 | } else if (rejinfo->with == IPT_TCP_RESET) { |
| 186 | 186 | /* Must specify that it's a TCP packet */ |
| 187 | 187 | if (e->ip.proto != IPPROTO_TCP || |
| 188 | 188 | (e->ip.invflags & XT_INV_PROTO)) { |
| 189 | 189 | pr_info("TCP_RESET invalid for non-tcp\n"); |
| 190 | - return false; | |
| 190 | + return -EINVAL; | |
| 191 | 191 | } |
| 192 | 192 | } |
| 193 | - return true; | |
| 193 | + return 0; | |
| 194 | 194 | } |
| 195 | 195 | |
| 196 | 196 | static struct xt_target reject_tg_reg __read_mostly = { |
net/ipv4/netfilter/ipt_ULOG.c
| ... | ... | @@ -313,14 +313,14 @@ |
| 313 | 313 | |
| 314 | 314 | if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { |
| 315 | 315 | pr_debug("prefix not null-terminated\n"); |
| 316 | - return false; | |
| 316 | + return -EINVAL; | |
| 317 | 317 | } |
| 318 | 318 | if (loginfo->qthreshold > ULOG_MAX_QLEN) { |
| 319 | 319 | pr_debug("queue threshold %Zu > MAX_QLEN\n", |
| 320 | 320 | loginfo->qthreshold); |
| 321 | - return false; | |
| 321 | + return -EINVAL; | |
| 322 | 322 | } |
| 323 | - return true; | |
| 323 | + return 0; | |
| 324 | 324 | } |
| 325 | 325 | |
| 326 | 326 | #ifdef CONFIG_COMPAT |
net/ipv4/netfilter/nf_nat_rule.c
| ... | ... | @@ -81,9 +81,9 @@ |
| 81 | 81 | /* Must be a valid range */ |
| 82 | 82 | if (mr->rangesize != 1) { |
| 83 | 83 | pr_info("SNAT: multiple ranges no longer supported\n"); |
| 84 | - return false; | |
| 84 | + return -EINVAL; | |
| 85 | 85 | } |
| 86 | - return true; | |
| 86 | + return 0; | |
| 87 | 87 | } |
| 88 | 88 | |
| 89 | 89 | static int ipt_dnat_checkentry(const struct xt_tgchk_param *par) |
| 90 | 90 | |
| ... | ... | @@ -93,9 +93,9 @@ |
| 93 | 93 | /* Must be a valid range */ |
| 94 | 94 | if (mr->rangesize != 1) { |
| 95 | 95 | pr_info("DNAT: multiple ranges no longer supported\n"); |
| 96 | - return false; | |
| 96 | + return -EINVAL; | |
| 97 | 97 | } |
| 98 | - return true; | |
| 98 | + return 0; | |
| 99 | 99 | } |
| 100 | 100 | |
| 101 | 101 | unsigned int |
net/ipv6/netfilter/ip6t_LOG.c
| ... | ... | @@ -457,13 +457,13 @@ |
| 457 | 457 | |
| 458 | 458 | if (loginfo->level >= 8) { |
| 459 | 459 | pr_debug("level %u >= 8\n", loginfo->level); |
| 460 | - return false; | |
| 460 | + return -EINVAL; | |
| 461 | 461 | } |
| 462 | 462 | if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { |
| 463 | 463 | pr_debug("prefix not null-terminated\n"); |
| 464 | - return false; | |
| 464 | + return -EINVAL; | |
| 465 | 465 | } |
| 466 | - return true; | |
| 466 | + return 0; | |
| 467 | 467 | } |
| 468 | 468 | |
| 469 | 469 | static struct xt_target log_tg6_reg __read_mostly = { |
net/ipv6/netfilter/ip6t_REJECT.c
| ... | ... | @@ -220,16 +220,16 @@ |
| 220 | 220 | |
| 221 | 221 | if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) { |
| 222 | 222 | pr_info("ECHOREPLY is not supported.\n"); |
| 223 | - return false; | |
| 223 | + return -EINVAL; | |
| 224 | 224 | } else if (rejinfo->with == IP6T_TCP_RESET) { |
| 225 | 225 | /* Must specify that it's a TCP packet */ |
| 226 | 226 | if (e->ipv6.proto != IPPROTO_TCP || |
| 227 | 227 | (e->ipv6.invflags & XT_INV_PROTO)) { |
| 228 | 228 | pr_info("TCP_RESET illegal for non-tcp\n"); |
| 229 | - return false; | |
| 229 | + return -EINVAL; | |
| 230 | 230 | } |
| 231 | 231 | } |
| 232 | - return true; | |
| 232 | + return 0; | |
| 233 | 233 | } |
| 234 | 234 | |
| 235 | 235 | static struct xt_target reject_tg6_reg __read_mostly = { |
net/netfilter/x_tables.c
| ... | ... | @@ -528,6 +528,8 @@ |
| 528 | 528 | int xt_check_target(struct xt_tgchk_param *par, |
| 529 | 529 | unsigned int size, u_int8_t proto, bool inv_proto) |
| 530 | 530 | { |
| 531 | + int ret; | |
| 532 | + | |
| 531 | 533 | if (XT_ALIGN(par->target->targetsize) != size) { |
| 532 | 534 | pr_err("%s_tables: %s.%u target: invalid size " |
| 533 | 535 | "%u (kernel) != (user) %u\n", |
| ... | ... | @@ -559,8 +561,14 @@ |
| 559 | 561 | par->target->proto); |
| 560 | 562 | return -EINVAL; |
| 561 | 563 | } |
| 562 | - if (par->target->checkentry != NULL && !par->target->checkentry(par)) | |
| 563 | - return -EINVAL; | |
| 564 | + if (par->target->checkentry != NULL) { | |
| 565 | + ret = par->target->checkentry(par); | |
| 566 | + if (ret < 0) | |
| 567 | + return ret; | |
| 568 | + else if (ret > 0) | |
| 569 | + /* Flag up potential errors. */ | |
| 570 | + return -EIO; | |
| 571 | + } | |
| 564 | 572 | return 0; |
| 565 | 573 | } |
| 566 | 574 | EXPORT_SYMBOL_GPL(xt_check_target); |
net/netfilter/xt_CONNSECMARK.c
| ... | ... | @@ -92,7 +92,7 @@ |
| 92 | 92 | strcmp(par->table, "security") != 0) { |
| 93 | 93 | pr_info("target only valid in the \'mangle\' " |
| 94 | 94 | "or \'security\' tables, not \'%s\'.\n", par->table); |
| 95 | - return false; | |
| 95 | + return -EINVAL; | |
| 96 | 96 | } |
| 97 | 97 | |
| 98 | 98 | switch (info->mode) { |
| 99 | 99 | |
| ... | ... | @@ -108,9 +108,9 @@ |
| 108 | 108 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
| 109 | 109 | pr_info("cannot load conntrack support for proto=%u\n", |
| 110 | 110 | par->family); |
| 111 | - return false; | |
| 111 | + return -EINVAL; | |
| 112 | 112 | } |
| 113 | - return true; | |
| 113 | + return 0; | |
| 114 | 114 | } |
| 115 | 115 | |
| 116 | 116 | static void connsecmark_tg_destroy(const struct xt_tgdtor_param *par) |
net/netfilter/xt_CT.c
| ... | ... | @@ -62,7 +62,7 @@ |
| 62 | 62 | u8 proto; |
| 63 | 63 | |
| 64 | 64 | if (info->flags & ~XT_CT_NOTRACK) |
| 65 | - return false; | |
| 65 | + return -EINVAL; | |
| 66 | 66 | |
| 67 | 67 | if (info->flags & XT_CT_NOTRACK) { |
| 68 | 68 | ct = &nf_conntrack_untracked; |
| 69 | 69 | |
| ... | ... | @@ -108,14 +108,14 @@ |
| 108 | 108 | __set_bit(IPS_CONFIRMED_BIT, &ct->status); |
| 109 | 109 | out: |
| 110 | 110 | info->ct = ct; |
| 111 | - return true; | |
| 111 | + return 0; | |
| 112 | 112 | |
| 113 | 113 | err3: |
| 114 | 114 | nf_conntrack_free(ct); |
| 115 | 115 | err2: |
| 116 | 116 | nf_ct_l3proto_module_put(par->family); |
| 117 | 117 | err1: |
| 118 | - return false; | |
| 118 | + return -EINVAL; | |
| 119 | 119 | } |
| 120 | 120 | |
| 121 | 121 | static void xt_ct_tg_destroy(const struct xt_tgdtor_param *par) |
net/netfilter/xt_DSCP.c
net/netfilter/xt_HL.c
| ... | ... | @@ -110,8 +110,8 @@ |
| 110 | 110 | return false; |
| 111 | 111 | } |
| 112 | 112 | if (info->mode != IPT_TTL_SET && info->ttl == 0) |
| 113 | - return false; | |
| 114 | - return true; | |
| 113 | + return -EINVAL; | |
| 114 | + return 0; | |
| 115 | 115 | } |
| 116 | 116 | |
| 117 | 117 | static int hl_tg6_check(const struct xt_tgchk_param *par) |
| 118 | 118 | |
| 119 | 119 | |
| ... | ... | @@ -120,14 +120,14 @@ |
| 120 | 120 | |
| 121 | 121 | if (info->mode > IP6T_HL_MAXMODE) { |
| 122 | 122 | pr_info("invalid or unknown mode %u\n", info->mode); |
| 123 | - return false; | |
| 123 | + return -EINVAL; | |
| 124 | 124 | } |
| 125 | 125 | if (info->mode != IP6T_HL_SET && info->hop_limit == 0) { |
| 126 | 126 | pr_info("increment/decrement does not " |
| 127 | 127 | "make sense with value 0\n"); |
| 128 | - return false; | |
| 128 | + return -EINVAL; | |
| 129 | 129 | } |
| 130 | - return true; | |
| 130 | + return 0; | |
| 131 | 131 | } |
| 132 | 132 | |
| 133 | 133 | static struct xt_target hl_tg_reg[] __read_mostly = { |
net/netfilter/xt_LED.c
| ... | ... | @@ -88,12 +88,12 @@ |
| 88 | 88 | |
| 89 | 89 | if (ledinfo->id[0] == '\0') { |
| 90 | 90 | pr_info("No 'id' parameter given.\n"); |
| 91 | - return false; | |
| 91 | + return -EINVAL; | |
| 92 | 92 | } |
| 93 | 93 | |
| 94 | 94 | ledinternal = kzalloc(sizeof(struct xt_led_info_internal), GFP_KERNEL); |
| 95 | 95 | if (!ledinternal) |
| 96 | - return false; | |
| 96 | + return -EINVAL; | |
| 97 | 97 | |
| 98 | 98 | ledinternal->netfilter_led_trigger.name = ledinfo->id; |
| 99 | 99 | |
| 100 | 100 | |
| 101 | 101 | |
| ... | ... | @@ -111,13 +111,11 @@ |
| 111 | 111 | (unsigned long)ledinfo); |
| 112 | 112 | |
| 113 | 113 | ledinfo->internal_data = ledinternal; |
| 114 | + return 0; | |
| 114 | 115 | |
| 115 | - return true; | |
| 116 | - | |
| 117 | 116 | exit_alloc: |
| 118 | 117 | kfree(ledinternal); |
| 119 | - | |
| 120 | - return false; | |
| 118 | + return -EINVAL; | |
| 121 | 119 | } |
| 122 | 120 | |
| 123 | 121 | static void led_tg_destroy(const struct xt_tgdtor_param *par) |
net/netfilter/xt_NFLOG.c
| ... | ... | @@ -42,10 +42,10 @@ |
| 42 | 42 | const struct xt_nflog_info *info = par->targinfo; |
| 43 | 43 | |
| 44 | 44 | if (info->flags & ~XT_NFLOG_MASK) |
| 45 | - return false; | |
| 45 | + return -EINVAL; | |
| 46 | 46 | if (info->prefix[sizeof(info->prefix) - 1] != '\0') |
| 47 | - return false; | |
| 48 | - return true; | |
| 47 | + return -EINVAL; | |
| 48 | + return 0; | |
| 49 | 49 | } |
| 50 | 50 | |
| 51 | 51 | static struct xt_target nflog_tg_reg __read_mostly = { |
net/netfilter/xt_NFQUEUE.c
| ... | ... | @@ -92,15 +92,15 @@ |
| 92 | 92 | } |
| 93 | 93 | if (info->queues_total == 0) { |
| 94 | 94 | pr_err("NFQUEUE: number of total queues is 0\n"); |
| 95 | - return false; | |
| 95 | + return -EINVAL; | |
| 96 | 96 | } |
| 97 | 97 | maxid = info->queues_total - 1 + info->queuenum; |
| 98 | 98 | if (maxid > 0xffff) { |
| 99 | 99 | pr_err("NFQUEUE: number of queues (%u) out of range (got %u)\n", |
| 100 | 100 | info->queues_total, maxid); |
| 101 | - return false; | |
| 101 | + return -EINVAL; | |
| 102 | 102 | } |
| 103 | - return true; | |
| 103 | + return 0; | |
| 104 | 104 | } |
| 105 | 105 | |
| 106 | 106 | static struct xt_target nfqueue_tg_reg[] __read_mostly = { |
net/netfilter/xt_RATEEST.c
| ... | ... | @@ -109,10 +109,10 @@ |
| 109 | 109 | (info->interval != est->params.interval || |
| 110 | 110 | info->ewma_log != est->params.ewma_log)) { |
| 111 | 111 | xt_rateest_put(est); |
| 112 | - return false; | |
| 112 | + return -EINVAL; | |
| 113 | 113 | } |
| 114 | 114 | info->est = est; |
| 115 | - return true; | |
| 115 | + return 0; | |
| 116 | 116 | } |
| 117 | 117 | |
| 118 | 118 | est = kzalloc(sizeof(*est), GFP_KERNEL); |
| 119 | 119 | |
| 120 | 120 | |
| ... | ... | @@ -136,13 +136,12 @@ |
| 136 | 136 | |
| 137 | 137 | info->est = est; |
| 138 | 138 | xt_rateest_hash_insert(est); |
| 139 | + return 0; | |
| 139 | 140 | |
| 140 | - return true; | |
| 141 | - | |
| 142 | 141 | err2: |
| 143 | 142 | kfree(est); |
| 144 | 143 | err1: |
| 145 | - return false; | |
| 144 | + return -EINVAL; | |
| 146 | 145 | } |
| 147 | 146 | |
| 148 | 147 | static void xt_rateest_tg_destroy(const struct xt_tgdtor_param *par) |
net/netfilter/xt_SECMARK.c
| ... | ... | @@ -88,29 +88,29 @@ |
| 88 | 88 | strcmp(par->table, "security") != 0) { |
| 89 | 89 | pr_info("target only valid in the \'mangle\' " |
| 90 | 90 | "or \'security\' tables, not \'%s\'.\n", par->table); |
| 91 | - return false; | |
| 91 | + return -EINVAL; | |
| 92 | 92 | } |
| 93 | 93 | |
| 94 | 94 | if (mode && mode != info->mode) { |
| 95 | 95 | pr_info("mode already set to %hu cannot mix with " |
| 96 | 96 | "rules for mode %hu\n", mode, info->mode); |
| 97 | - return false; | |
| 97 | + return -EINVAL; | |
| 98 | 98 | } |
| 99 | 99 | |
| 100 | 100 | switch (info->mode) { |
| 101 | 101 | case SECMARK_MODE_SEL: |
| 102 | 102 | if (!checkentry_selinux(info)) |
| 103 | - return false; | |
| 103 | + return -EINVAL; | |
| 104 | 104 | break; |
| 105 | 105 | |
| 106 | 106 | default: |
| 107 | 107 | pr_info("invalid mode: %hu\n", info->mode); |
| 108 | - return false; | |
| 108 | + return -EINVAL; | |
| 109 | 109 | } |
| 110 | 110 | |
| 111 | 111 | if (!mode) |
| 112 | 112 | mode = info->mode; |
| 113 | - return true; | |
| 113 | + return 0; | |
| 114 | 114 | } |
| 115 | 115 | |
| 116 | 116 | static void secmark_tg_destroy(const struct xt_tgdtor_param *par) |
net/netfilter/xt_TCPMSS.c
| ... | ... | @@ -246,13 +246,13 @@ |
| 246 | 246 | (1 << NF_INET_POST_ROUTING))) != 0) { |
| 247 | 247 | pr_info("path-MTU clamping only supported in " |
| 248 | 248 | "FORWARD, OUTPUT and POSTROUTING hooks\n"); |
| 249 | - return false; | |
| 249 | + return -EINVAL; | |
| 250 | 250 | } |
| 251 | 251 | xt_ematch_foreach(ematch, e) |
| 252 | 252 | if (find_syn_match(ematch)) |
| 253 | - return true; | |
| 253 | + return 0; | |
| 254 | 254 | pr_info("Only works on TCP SYN packets\n"); |
| 255 | - return false; | |
| 255 | + return -EINVAL; | |
| 256 | 256 | } |
| 257 | 257 | |
| 258 | 258 | #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) |
| 259 | 259 | |
| 260 | 260 | |
| ... | ... | @@ -268,13 +268,13 @@ |
| 268 | 268 | (1 << NF_INET_POST_ROUTING))) != 0) { |
| 269 | 269 | pr_info("path-MTU clamping only supported in " |
| 270 | 270 | "FORWARD, OUTPUT and POSTROUTING hooks\n"); |
| 271 | - return false; | |
| 271 | + return -EINVAL; | |
| 272 | 272 | } |
| 273 | 273 | xt_ematch_foreach(ematch, e) |
| 274 | 274 | if (find_syn_match(ematch)) |
| 275 | - return true; | |
| 275 | + return 0; | |
| 276 | 276 | pr_info("Only works on TCP SYN packets\n"); |
| 277 | - return false; | |
| 277 | + return -EINVAL; | |
| 278 | 278 | } |
| 279 | 279 | #endif |
| 280 | 280 |
net/netfilter/xt_TPROXY.c
| ... | ... | @@ -65,11 +65,11 @@ |
| 65 | 65 | |
| 66 | 66 | if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP) |
| 67 | 67 | && !(i->invflags & IPT_INV_PROTO)) |
| 68 | - return true; | |
| 68 | + return 0; | |
| 69 | 69 | |
| 70 | 70 | pr_info("Can be used only in combination with " |
| 71 | 71 | "either -p tcp or -p udp\n"); |
| 72 | - return false; | |
| 72 | + return -EINVAL; | |
| 73 | 73 | } |
| 74 | 74 | |
| 75 | 75 | static struct xt_target tproxy_tg_reg __read_mostly = { |