diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2010-03-25 11:34:45 -0400 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@medozas.de> | 2010-03-25 11:55:49 -0400 |
| commit | d6b00a5345ce4e86e8b00a88bb84a2c0c1f69ddc (patch) | |
| tree | 11d68bb08584fbbae02a7bf22599bdd67da4408e | |
| parent | bd414ee605ff3ac5fcd79f57269a897879ee4cde (diff) | |
netfilter: xtables: change targets to return error code
Part of the transition of done by this semantic patch:
// <smpl>
@ rule1 @
struct xt_target ops;
identifier check;
@@
ops.checkentry = check;
@@
identifier rule1.check;
@@
check(...) { <...
-return true;
+return 0;
...> }
@@
identifier rule1.check;
@@
check(...) { <...
-return false;
+return -EINVAL;
...> }
// </smpl>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
31 files changed, 116 insertions, 111 deletions
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c index 2491564e9e0..4581adb2758 100644 --- a/net/bridge/netfilter/ebt_arpreply.c +++ b/net/bridge/netfilter/ebt_arpreply.c | |||
| @@ -63,11 +63,11 @@ static int ebt_arpreply_tg_check(const struct xt_tgchk_param *par) | |||
| 63 | const struct ebt_entry *e = par->entryinfo; | 63 | const struct ebt_entry *e = par->entryinfo; |
| 64 | 64 | ||
| 65 | if (BASE_CHAIN && info->target == EBT_RETURN) | 65 | if (BASE_CHAIN && info->target == EBT_RETURN) |
| 66 | return false; | 66 | return -EINVAL; |
| 67 | if (e->ethproto != htons(ETH_P_ARP) || | 67 | if (e->ethproto != htons(ETH_P_ARP) || |
| 68 | e->invflags & EBT_IPROTO) | 68 | e->invflags & EBT_IPROTO) |
| 69 | return false; | 69 | return -EINVAL; |
| 70 | return true; | 70 | return 0; |
| 71 | } | 71 | } |
| 72 | 72 | ||
| 73 | static struct xt_target ebt_arpreply_tg_reg __read_mostly = { | 73 | static struct xt_target ebt_arpreply_tg_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c index 5fddebea45c..59d5b7c8a55 100644 --- a/net/bridge/netfilter/ebt_dnat.c +++ b/net/bridge/netfilter/ebt_dnat.c | |||
| @@ -32,7 +32,7 @@ static int ebt_dnat_tg_check(const struct xt_tgchk_param *par) | |||
| 32 | unsigned int hook_mask; | 32 | unsigned int hook_mask; |
| 33 | 33 | ||
| 34 | if (BASE_CHAIN && info->target == EBT_RETURN) | 34 | if (BASE_CHAIN && info->target == EBT_RETURN) |
| 35 | return false; | 35 | return -EINVAL; |
| 36 | 36 | ||
| 37 | hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS); | 37 | hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS); |
| 38 | if ((strcmp(par->table, "nat") != 0 || | 38 | if ((strcmp(par->table, "nat") != 0 || |
| @@ -40,10 +40,10 @@ static int ebt_dnat_tg_check(const struct xt_tgchk_param *par) | |||
| 40 | (1 << NF_BR_LOCAL_OUT)))) && | 40 | (1 << NF_BR_LOCAL_OUT)))) && |
| 41 | (strcmp(par->table, "broute") != 0 || | 41 | (strcmp(par->table, "broute") != 0 || |
| 42 | hook_mask & ~(1 << NF_BR_BROUTING))) | 42 | hook_mask & ~(1 << NF_BR_BROUTING))) |
| 43 | return false; | 43 | return -EINVAL; |
| 44 | if (INVALID_TARGET) | 44 | if (INVALID_TARGET) |
| 45 | return false; | 45 | return -EINVAL; |
| 46 | return true; | 46 | return 0; |
| 47 | } | 47 | } |
| 48 | 48 | ||
| 49 | static struct xt_target ebt_dnat_tg_reg __read_mostly = { | 49 | static struct xt_target ebt_dnat_tg_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c index a0aeac6176e..c4602415653 100644 --- a/net/bridge/netfilter/ebt_log.c +++ b/net/bridge/netfilter/ebt_log.c | |||
| @@ -29,11 +29,11 @@ static int ebt_log_tg_check(const struct xt_tgchk_param *par) | |||
| 29 | struct ebt_log_info *info = par->targinfo; | 29 | struct ebt_log_info *info = par->targinfo; |
| 30 | 30 | ||
| 31 | if (info->bitmask & ~EBT_LOG_MASK) | 31 | if (info->bitmask & ~EBT_LOG_MASK) |
| 32 | return false; | 32 | return -EINVAL; |
| 33 | if (info->loglevel >= 8) | 33 | if (info->loglevel >= 8) |
| 34 | return false; | 34 | return -EINVAL; |
| 35 | info->prefix[EBT_LOG_PREFIX_SIZE - 1] = '\0'; | 35 | info->prefix[EBT_LOG_PREFIX_SIZE - 1] = '\0'; |
| 36 | return true; | 36 | return 0; |
| 37 | } | 37 | } |
| 38 | 38 | ||
| 39 | struct tcpudphdr | 39 | struct tcpudphdr |
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c index dd94dafa615..126e536ff8f 100644 --- a/net/bridge/netfilter/ebt_mark.c +++ b/net/bridge/netfilter/ebt_mark.c | |||
| @@ -43,14 +43,14 @@ static int ebt_mark_tg_check(const struct xt_tgchk_param *par) | |||
| 43 | 43 | ||
| 44 | tmp = info->target | ~EBT_VERDICT_BITS; | 44 | tmp = info->target | ~EBT_VERDICT_BITS; |
| 45 | if (BASE_CHAIN && tmp == EBT_RETURN) | 45 | if (BASE_CHAIN && tmp == EBT_RETURN) |
| 46 | return false; | 46 | return -EINVAL; |
| 47 | if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) | 47 | if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) |
| 48 | return false; | 48 | return -EINVAL; |
| 49 | tmp = info->target & ~EBT_VERDICT_BITS; | 49 | tmp = info->target & ~EBT_VERDICT_BITS; |
| 50 | if (tmp != MARK_SET_VALUE && tmp != MARK_OR_VALUE && | 50 | if (tmp != MARK_SET_VALUE && tmp != MARK_OR_VALUE && |
| 51 | tmp != MARK_AND_VALUE && tmp != MARK_XOR_VALUE) | 51 | tmp != MARK_AND_VALUE && tmp != MARK_XOR_VALUE) |
| 52 | return false; | 52 | return -EINVAL; |
| 53 | return true; | 53 | return 0; |
| 54 | } | 54 | } |
| 55 | #ifdef CONFIG_COMPAT | 55 | #ifdef CONFIG_COMPAT |
| 56 | struct compat_ebt_mark_t_info { | 56 | struct compat_ebt_mark_t_info { |
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c index 1f2b7bbdde7..22e2ad5f23e 100644 --- a/net/bridge/netfilter/ebt_nflog.c +++ b/net/bridge/netfilter/ebt_nflog.c | |||
| @@ -40,9 +40,9 @@ static int ebt_nflog_tg_check(const struct xt_tgchk_param *par) | |||
| 40 | struct ebt_nflog_info *info = par->targinfo; | 40 | struct ebt_nflog_info *info = par->targinfo; |
| 41 | 41 | ||
| 42 | if (info->flags & ~EBT_NFLOG_MASK) | 42 | if (info->flags & ~EBT_NFLOG_MASK) |
| 43 | return false; | 43 | return -EINVAL; |
| 44 | info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0'; | 44 | info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0'; |
| 45 | return true; | 45 | return 0; |
| 46 | } | 46 | } |
| 47 | 47 | ||
| 48 | static struct xt_target ebt_nflog_tg_reg __read_mostly = { | 48 | static struct xt_target ebt_nflog_tg_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c index 73c4d3ac6f2..a6044a6f238 100644 --- a/net/bridge/netfilter/ebt_redirect.c +++ b/net/bridge/netfilter/ebt_redirect.c | |||
| @@ -38,17 +38,17 @@ static int ebt_redirect_tg_check(const struct xt_tgchk_param *par) | |||
| 38 | unsigned int hook_mask; | 38 | unsigned int hook_mask; |
| 39 | 39 | ||
| 40 | if (BASE_CHAIN && info->target == EBT_RETURN) | 40 | if (BASE_CHAIN && info->target == EBT_RETURN) |
| 41 | return false; | 41 | return -EINVAL; |
| 42 | 42 | ||
| 43 | hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS); | 43 | hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS); |
| 44 | if ((strcmp(par->table, "nat") != 0 || | 44 | if ((strcmp(par->table, "nat") != 0 || |
| 45 | hook_mask & ~(1 << NF_BR_PRE_ROUTING)) && | 45 | hook_mask & ~(1 << NF_BR_PRE_ROUTING)) && |
| 46 | (strcmp(par->table, "broute") != 0 || | 46 | (strcmp(par->table, "broute") != 0 || |
| 47 | hook_mask & ~(1 << NF_BR_BROUTING))) | 47 | hook_mask & ~(1 << NF_BR_BROUTING))) |
| 48 | return false; | 48 | return -EINVAL; |
| 49 | if (INVALID_TARGET) | 49 | if (INVALID_TARGET) |
| 50 | return false; | 50 | return -EINVAL; |
| 51 | return true; | 51 | return 0; |
| 52 | } | 52 | } |
| 53 | 53 | ||
| 54 | static struct xt_target ebt_redirect_tg_reg __read_mostly = { | 54 | static struct xt_target ebt_redirect_tg_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c index 94bcecd90d7..79caca34ae2 100644 --- a/net/bridge/netfilter/ebt_snat.c +++ b/net/bridge/netfilter/ebt_snat.c | |||
| @@ -49,14 +49,14 @@ static int ebt_snat_tg_check(const struct xt_tgchk_param *par) | |||
| 49 | 49 | ||
| 50 | tmp = info->target | ~EBT_VERDICT_BITS; | 50 | tmp = info->target | ~EBT_VERDICT_BITS; |
| 51 | if (BASE_CHAIN && tmp == EBT_RETURN) | 51 | if (BASE_CHAIN && tmp == EBT_RETURN) |
| 52 | return false; | 52 | return -EINVAL; |
| 53 | 53 | ||
| 54 | if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) | 54 | if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) |
| 55 | return false; | 55 | return -EINVAL; |
| 56 | tmp = info->target | EBT_VERDICT_BITS; | 56 | tmp = info->target | EBT_VERDICT_BITS; |
| 57 | if ((tmp & ~NAT_ARP_BIT) != ~NAT_ARP_BIT) | 57 | if ((tmp & ~NAT_ARP_BIT) != ~NAT_ARP_BIT) |
| 58 | return false; | 58 | return -EINVAL; |
| 59 | return true; | 59 | return 0; |
| 60 | } | 60 | } |
| 61 | 61 | ||
| 62 | static struct xt_target ebt_snat_tg_reg __read_mostly = { | 62 | static struct xt_target ebt_snat_tg_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c index f554bc2515d..f77b42d8e87 100644 --- a/net/bridge/netfilter/ebt_ulog.c +++ b/net/bridge/netfilter/ebt_ulog.c | |||
| @@ -254,14 +254,14 @@ static int ebt_ulog_tg_check(const struct xt_tgchk_param *par) | |||
| 254 | struct ebt_ulog_info *uloginfo = par->targinfo; | 254 | struct ebt_ulog_info *uloginfo = par->targinfo; |
| 255 | 255 | ||
| 256 | if (uloginfo->nlgroup > 31) | 256 | if (uloginfo->nlgroup > 31) |
| 257 | return false; | 257 | return -EINVAL; |
| 258 | 258 | ||
| 259 | uloginfo->prefix[EBT_ULOG_PREFIX_LEN - 1] = '\0'; | 259 | uloginfo->prefix[EBT_ULOG_PREFIX_LEN - 1] = '\0'; |
| 260 | 260 | ||
| 261 | if (uloginfo->qthreshold > EBT_ULOG_MAX_QLEN) | 261 | if (uloginfo->qthreshold > EBT_ULOG_MAX_QLEN) |
| 262 | uloginfo->qthreshold = EBT_ULOG_MAX_QLEN; | 262 | uloginfo->qthreshold = EBT_ULOG_MAX_QLEN; |
| 263 | 263 | ||
| 264 | return true; | 264 | return 0; |
| 265 | } | 265 | } |
| 266 | 266 | ||
| 267 | static struct xt_target ebt_ulog_tg_reg __read_mostly = { | 267 | static struct xt_target ebt_ulog_tg_reg __read_mostly = { |
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c index 290a7b9b393..1302de2ae0a 100644 --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c | |||
| @@ -358,13 +358,13 @@ static int clusterip_tg_check(const struct xt_tgchk_param *par) | |||
| 358 | cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT && | 358 | cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT && |
| 359 | cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) { | 359 | cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) { |
| 360 | pr_info("unknown mode %u\n", cipinfo->hash_mode); | 360 | pr_info("unknown mode %u\n", cipinfo->hash_mode); |
| 361 | return false; | 361 | return -EINVAL; |
| 362 | 362 | ||
| 363 | } | 363 | } |
| 364 | if (e->ip.dmsk.s_addr != htonl(0xffffffff) || | 364 | if (e->ip.dmsk.s_addr != htonl(0xffffffff) || |
| 365 | e->ip.dst.s_addr == 0) { | 365 | e->ip.dst.s_addr == 0) { |
| 366 | pr_info("Please specify destination IP\n"); | 366 | pr_info("Please specify destination IP\n"); |
| 367 | return false; | 367 | return -EINVAL; |
| 368 | } | 368 | } |
| 369 | 369 | ||
| 370 | /* FIXME: further sanity checks */ | 370 | /* FIXME: further sanity checks */ |
| @@ -374,20 +374,20 @@ static int clusterip_tg_check(const struct xt_tgchk_param *par) | |||
| 374 | if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) { | 374 | if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) { |
| 375 | pr_info("no config found for %pI4, need 'new'\n", | 375 | pr_info("no config found for %pI4, need 'new'\n", |
| 376 | &e->ip.dst.s_addr); | 376 | &e->ip.dst.s_addr); |
| 377 | return false; | 377 | return -EINVAL; |
| 378 | } else { | 378 | } else { |
| 379 | struct net_device *dev; | 379 | struct net_device *dev; |
| 380 | 380 | ||
| 381 | if (e->ip.iniface[0] == '\0') { | 381 | if (e->ip.iniface[0] == '\0') { |
| 382 | pr_info("Please specify an interface name\n"); | 382 | pr_info("Please specify an interface name\n"); |
| 383 | return false; | 383 | return -EINVAL; |
| 384 | } | 384 | } |
| 385 | 385 | ||
| 386 | dev = dev_get_by_name(&init_net, e->ip.iniface); | 386 | dev = dev_get_by_name(&init_net, e->ip.iniface); |
| 387 | if (!dev) { | 387 | if (!dev) { |
| 388 | pr_info("no such interface %s\n", | 388 | pr_info("no such interface %s\n", |
| 389 | e->ip.iniface); | 389 | e->ip.iniface); |
| 390 | return false; | 390 | return -EINVAL; |
| 391 | } | 391 | } |
| 392 | 392 | ||
| 393 | config = clusterip_config_init(cipinfo, | 393 | config = clusterip_config_init(cipinfo, |
| @@ -395,7 +395,7 @@ static int clusterip_tg_check(const struct xt_tgchk_param *par) | |||
| 395 | if (!config) { | 395 | if (!config) { |
| 396 | pr_info("cannot allocate config\n"); | 396 | pr_info("cannot allocate config\n"); |
| 397 | dev_put(dev); | 397 | dev_put(dev); |
| 398 | return false; | 398 | return -EINVAL; |
| 399 | } | 399 | } |
| 400 | dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0); | 400 | dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0); |
| 401 | } | 401 | } |
| @@ -405,10 +405,10 @@ static int clusterip_tg_check(const struct xt_tgchk_param *par) | |||
| 405 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { | 405 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
| 406 | pr_info("cannot load conntrack support for proto=%u\n", | 406 | pr_info("cannot load conntrack support for proto=%u\n", |
| 407 | par->family); | 407 | par->family); |
| 408 | return false; | 408 | return -EINVAL; |
| 409 | } | 409 | } |
| 410 | 410 | ||
| 411 | return true; | 411 | return 0; |
| 412 | } | 412 | } |
| 413 | 413 | ||
| 414 | /* drop reference count of cluster config when rule is deleted */ | 414 | /* drop reference count of cluster config when rule is deleted */ |
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index 9d96500a415..563049f31ae 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c | |||
| @@ -100,18 +100,18 @@ static int ecn_tg_check(const struct xt_tgchk_param *par) | |||
| 100 | 100 | ||
| 101 | if (einfo->operation & IPT_ECN_OP_MASK) { | 101 | if (einfo->operation & IPT_ECN_OP_MASK) { |
| 102 | pr_info("unsupported ECN operation %x\n", einfo->operation); | 102 | pr_info("unsupported ECN operation %x\n", einfo->operation); |
| 103 | return false; | 103 | return -EINVAL; |
| 104 | } | 104 | } |
| 105 | if (einfo->ip_ect & ~IPT_ECN_IP_MASK) { | 105 | if (einfo->ip_ect & ~IPT_ECN_IP_MASK) { |
| 106 | pr_info("new ECT codepoint %x out of mask\n", einfo->ip_ect); | 106 | pr_info("new ECT codepoint %x out of mask\n", einfo->ip_ect); |
| 107 | return false; | 107 | return -EINVAL; |
| 108 | } | 108 | } |
| 109 | if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) && | 109 | if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) && |
| 110 | (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) { | 110 | (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) { |
| 111 | pr_info("cannot use TCP operations on a non-tcp rule\n"); | 111 | pr_info("cannot use TCP operations on a non-tcp rule\n"); |
| 112 | return false; | 112 | return -EINVAL; |
| 113 | } | 113 | } |
| 114 | return true; | 114 | return 0; |
| 115 | } | 115 | } |
| 116 | 116 | ||
| 117 | static struct xt_target ecn_tg_reg __read_mostly = { | 117 | static struct xt_target ecn_tg_reg __read_mostly = { |
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c index c9ee5c40d1b..a6a454b2550 100644 --- a/net/ipv4/netfilter/ipt_LOG.c +++ b/net/ipv4/netfilter/ipt_LOG.c | |||
| @@ -445,13 +445,13 @@ static int log_tg_check(const struct xt_tgchk_param *par) | |||
| 445 | 445 | ||
| 446 | if (loginfo->level >= 8) { | 446 | if (loginfo->level >= 8) { |
| 447 | pr_debug("level %u >= 8\n", loginfo->level); | 447 | pr_debug("level %u >= 8\n", loginfo->level); |
| 448 | return false; | 448 | return -EINVAL; |
| 449 | } | 449 | } |
| 450 | if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { | 450 | if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { |
| 451 | pr_debug("prefix is not null-terminated\n"); | 451 | pr_debug("prefix is not null-terminated\n"); |
| 452 | return false; | 452 | return -EINVAL; |
| 453 | } | 453 | } |
| 454 | return true; | 454 | return 0; |
| 455 | } | 455 | } |
| 456 | 456 | ||
| 457 | static struct xt_target log_tg_reg __read_mostly = { | 457 | static struct xt_target log_tg_reg __read_mostly = { |
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c index 5a182f6de5d..02b1bc47799 100644 --- a/net/ipv4/netfilter/ipt_MASQUERADE.c +++ b/net/ipv4/netfilter/ipt_MASQUERADE.c | |||
| @@ -34,13 +34,13 @@ static int masquerade_tg_check(const struct xt_tgchk_param *par) | |||
| 34 | 34 | ||
| 35 | if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { | 35 | if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { |
| 36 | pr_debug("bad MAP_IPS.\n"); | 36 | pr_debug("bad MAP_IPS.\n"); |
| 37 | return false; | 37 | return -EINVAL; |
| 38 | } | 38 | } |
| 39 | if (mr->rangesize != 1) { | 39 | if (mr->rangesize != 1) { |
| 40 | pr_debug("bad rangesize %u\n", mr->rangesize); | 40 | pr_debug("bad rangesize %u\n", mr->rangesize); |
| 41 | return false; | 41 | return -EINVAL; |
| 42 | } | 42 | } |
| 43 | return true; | 43 | return 0; |
| 44 | } | 44 | } |
| 45 | 45 | ||
| 46 | static unsigned int | 46 | static unsigned int |
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c index cbfe5f7e082..708c7f8f7ee 100644 --- a/net/ipv4/netfilter/ipt_NETMAP.c +++ b/net/ipv4/netfilter/ipt_NETMAP.c | |||
| @@ -28,13 +28,13 @@ static int netmap_tg_check(const struct xt_tgchk_param *par) | |||
| 28 | 28 | ||
| 29 | if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) { | 29 | if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) { |
| 30 | pr_debug("bad MAP_IPS.\n"); | 30 | pr_debug("bad MAP_IPS.\n"); |
| 31 | return false; | 31 | return -EINVAL; |
| 32 | } | 32 | } |
| 33 | if (mr->rangesize != 1) { | 33 | if (mr->rangesize != 1) { |
| 34 | pr_debug("bad rangesize %u.\n", mr->rangesize); | 34 | pr_debug("bad rangesize %u.\n", mr->rangesize); |
| 35 | return false; | 35 | return -EINVAL; |
| 36 | } | 36 | } |
| 37 | return true; | 37 | return 0; |
| 38 | } | 38 | } |
| 39 | 39 | ||
| 40 | static unsigned int | 40 | static unsigned int |
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c index f8daec20fb0..3cf10191652 100644 --- a/net/ipv4/netfilter/ipt_REDIRECT.c +++ b/net/ipv4/netfilter/ipt_REDIRECT.c | |||
| @@ -32,13 +32,13 @@ static int redirect_tg_check(const struct xt_tgchk_param *par) | |||
| 32 | 32 | ||
| 33 | if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { | 33 | if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) { |
| 34 | pr_debug("bad MAP_IPS.\n"); | 34 | pr_debug("bad MAP_IPS.\n"); |
| 35 | return false; | 35 | return -EINVAL; |
| 36 | } | 36 | } |
| 37 | if (mr->rangesize != 1) { | 37 | if (mr->rangesize != 1) { |
| 38 | pr_debug("bad rangesize %u.\n", mr->rangesize); | 38 | pr_debug("bad rangesize %u.\n", mr->rangesize); |
| 39 | return false; | 39 | return -EINVAL; |
| 40 | } | 40 | } |
| 41 | return true; | 41 | return 0; |
| 42 | } | 42 | } |
| 43 | 43 | ||
| 44 | static unsigned int | 44 | static unsigned int |
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index cf76f1bc3f1..b026014e7a5 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c | |||
| @@ -181,16 +181,16 @@ static int reject_tg_check(const struct xt_tgchk_param *par) | |||
| 181 | 181 | ||
| 182 | if (rejinfo->with == IPT_ICMP_ECHOREPLY) { | 182 | if (rejinfo->with == IPT_ICMP_ECHOREPLY) { |
| 183 | pr_info("ECHOREPLY no longer supported.\n"); | 183 | pr_info("ECHOREPLY no longer supported.\n"); |
| 184 | return false; | 184 | return -EINVAL; |
| 185 | } else if (rejinfo->with == IPT_TCP_RESET) { | 185 | } else if (rejinfo->with == IPT_TCP_RESET) { |
| 186 | /* Must specify that it's a TCP packet */ | 186 | /* Must specify that it's a TCP packet */ |
| 187 | if (e->ip.proto != IPPROTO_TCP || | 187 | if (e->ip.proto != IPPROTO_TCP || |
| 188 | (e->ip.invflags & XT_INV_PROTO)) { | 188 | (e->ip.invflags & XT_INV_PROTO)) { |
| 189 | pr_info("TCP_RESET invalid for non-tcp\n"); | 189 | pr_info("TCP_RESET invalid for non-tcp\n"); |
| 190 | return false; | 190 | return -EINVAL; |
| 191 | } | 191 | } |
| 192 | } | 192 | } |
| 193 | return true; | 193 | return 0; |
| 194 | } | 194 | } |
| 195 | 195 | ||
| 196 | static struct xt_target reject_tg_reg __read_mostly = { | 196 | static struct xt_target reject_tg_reg __read_mostly = { |
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index 7f73bbe2193..04c86dc5d53 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c | |||
| @@ -313,14 +313,14 @@ static int ulog_tg_check(const struct xt_tgchk_param *par) | |||
| 313 | 313 | ||
| 314 | if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { | 314 | if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { |
| 315 | pr_debug("prefix not null-terminated\n"); | 315 | pr_debug("prefix not null-terminated\n"); |
| 316 | return false; | 316 | return -EINVAL; |
| 317 | } | 317 | } |
| 318 | if (loginfo->qthreshold > ULOG_MAX_QLEN) { | 318 | if (loginfo->qthreshold > ULOG_MAX_QLEN) { |
| 319 | pr_debug("queue threshold %Zu > MAX_QLEN\n", | 319 | pr_debug("queue threshold %Zu > MAX_QLEN\n", |
| 320 | loginfo->qthreshold); | 320 | loginfo->qthreshold); |
| 321 | return false; | 321 | return -EINVAL; |
| 322 | } | 322 | } |
| 323 | return true; | 323 | return 0; |
| 324 | } | 324 | } |
| 325 | 325 | ||
| 326 | #ifdef CONFIG_COMPAT | 326 | #ifdef CONFIG_COMPAT |
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index 11722670873..b66137c80bc 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c | |||
| @@ -81,9 +81,9 @@ static int ipt_snat_checkentry(const struct xt_tgchk_param *par) | |||
| 81 | /* Must be a valid range */ | 81 | /* Must be a valid range */ |
| 82 | if (mr->rangesize != 1) { | 82 | if (mr->rangesize != 1) { |
| 83 | pr_info("SNAT: multiple ranges no longer supported\n"); | 83 | pr_info("SNAT: multiple ranges no longer supported\n"); |
| 84 | return false; | 84 | return -EINVAL; |
| 85 | } | 85 | } |
| 86 | return true; | 86 | return 0; |
| 87 | } | 87 | } |
| 88 | 88 | ||
| 89 | static int ipt_dnat_checkentry(const struct xt_tgchk_param *par) | 89 | static int ipt_dnat_checkentry(const struct xt_tgchk_param *par) |
| @@ -93,9 +93,9 @@ static int ipt_dnat_checkentry(const struct xt_tgchk_param *par) | |||
| 93 | /* Must be a valid range */ | 93 | /* Must be a valid range */ |
| 94 | if (mr->rangesize != 1) { | 94 | if (mr->rangesize != 1) { |
| 95 | pr_info("DNAT: multiple ranges no longer supported\n"); | 95 | pr_info("DNAT: multiple ranges no longer supported\n"); |
| 96 | return false; | 96 | return -EINVAL; |
| 97 | } | 97 | } |
| 98 | return true; | 98 | return 0; |
| 99 | } | 99 | } |
| 100 | 100 | ||
| 101 | unsigned int | 101 | unsigned int |
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c index bcc3fc19374..439ededd530 100644 --- a/net/ipv6/netfilter/ip6t_LOG.c +++ b/net/ipv6/netfilter/ip6t_LOG.c | |||
| @@ -457,13 +457,13 @@ static int log_tg6_check(const struct xt_tgchk_param *par) | |||
| 457 | 457 | ||
| 458 | if (loginfo->level >= 8) { | 458 | if (loginfo->level >= 8) { |
| 459 | pr_debug("level %u >= 8\n", loginfo->level); | 459 | pr_debug("level %u >= 8\n", loginfo->level); |
| 460 | return false; | 460 | return -EINVAL; |
| 461 | } | 461 | } |
| 462 | if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { | 462 | if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') { |
| 463 | pr_debug("prefix not null-terminated\n"); | 463 | pr_debug("prefix not null-terminated\n"); |
| 464 | return false; | 464 | return -EINVAL; |
| 465 | } | 465 | } |
| 466 | return true; | 466 | return 0; |
| 467 | } | 467 | } |
| 468 | 468 | ||
| 469 | static struct xt_target log_tg6_reg __read_mostly = { | 469 | static struct xt_target log_tg6_reg __read_mostly = { |
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index 8d5141ece67..55b9b2da134 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c | |||
| @@ -220,16 +220,16 @@ static int reject_tg6_check(const struct xt_tgchk_param *par) | |||
| 220 | 220 | ||
| 221 | if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) { | 221 | if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) { |
| 222 | pr_info("ECHOREPLY is not supported.\n"); | 222 | pr_info("ECHOREPLY is not supported.\n"); |
| 223 | return false; | 223 | return -EINVAL; |
| 224 | } else if (rejinfo->with == IP6T_TCP_RESET) { | 224 | } else if (rejinfo->with == IP6T_TCP_RESET) { |
| 225 | /* Must specify that it's a TCP packet */ | 225 | /* Must specify that it's a TCP packet */ |
| 226 | if (e->ipv6.proto != IPPROTO_TCP || | 226 | if (e->ipv6.proto != IPPROTO_TCP || |
| 227 | (e->ipv6.invflags & XT_INV_PROTO)) { | 227 | (e->ipv6.invflags & XT_INV_PROTO)) { |
| 228 | pr_info("TCP_RESET illegal for non-tcp\n"); | 228 | pr_info("TCP_RESET illegal for non-tcp\n"); |
| 229 | return false; | 229 | return -EINVAL; |
| 230 | } | 230 | } |
| 231 | } | 231 | } |
| 232 | return true; | 232 | return 0; |
| 233 | } | 233 | } |
| 234 | 234 | ||
| 235 | static struct xt_target reject_tg6_reg __read_mostly = { | 235 | static struct xt_target reject_tg6_reg __read_mostly = { |
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 7ee17774617..8e23d8f6845 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c | |||
| @@ -528,6 +528,8 @@ EXPORT_SYMBOL_GPL(xt_compat_match_to_user); | |||
| 528 | int xt_check_target(struct xt_tgchk_param *par, | 528 | int xt_check_target(struct xt_tgchk_param *par, |
| 529 | unsigned int size, u_int8_t proto, bool inv_proto) | 529 | unsigned int size, u_int8_t proto, bool inv_proto) |
| 530 | { | 530 | { |
| 531 | int ret; | ||
| 532 | |||
| 531 | if (XT_ALIGN(par->target->targetsize) != size) { | 533 | if (XT_ALIGN(par->target->targetsize) != size) { |
| 532 | pr_err("%s_tables: %s.%u target: invalid size " | 534 | pr_err("%s_tables: %s.%u target: invalid size " |
| 533 | "%u (kernel) != (user) %u\n", | 535 | "%u (kernel) != (user) %u\n", |
| @@ -559,8 +561,14 @@ int xt_check_target(struct xt_tgchk_param *par, | |||
| 559 | par->target->proto); | 561 | par->target->proto); |
| 560 | return -EINVAL; | 562 | return -EINVAL; |
| 561 | } | 563 | } |
| 562 | if (par->target->checkentry != NULL && !par->target->checkentry(par)) | 564 | if (par->target->checkentry != NULL) { |
| 563 | return -EINVAL; | 565 | ret = par->target->checkentry(par); |
| 566 | if (ret < 0) | ||
| 567 | return ret; | ||
| 568 | else if (ret > 0) | ||
| 569 | /* Flag up potential errors. */ | ||
| 570 | return -EIO; | ||
| 571 | } | ||
| 564 | return 0; | 572 | return 0; |
| 565 | } | 573 | } |
| 566 | EXPORT_SYMBOL_GPL(xt_check_target); | 574 | EXPORT_SYMBOL_GPL(xt_check_target); |
diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c index 3f9d0f4f852..2287a82a070 100644 --- a/net/netfilter/xt_CONNSECMARK.c +++ b/net/netfilter/xt_CONNSECMARK.c | |||
| @@ -92,7 +92,7 @@ static int connsecmark_tg_check(const struct xt_tgchk_param *par) | |||
| 92 | strcmp(par->table, "security") != 0) { | 92 | strcmp(par->table, "security") != 0) { |
| 93 | pr_info("target only valid in the \'mangle\' " | 93 | pr_info("target only valid in the \'mangle\' " |
| 94 | "or \'security\' tables, not \'%s\'.\n", par->table); | 94 | "or \'security\' tables, not \'%s\'.\n", par->table); |
| 95 | return false; | 95 | return -EINVAL; |
| 96 | } | 96 | } |
| 97 | 97 | ||
| 98 | switch (info->mode) { | 98 | switch (info->mode) { |
| @@ -108,9 +108,9 @@ static int connsecmark_tg_check(const struct xt_tgchk_param *par) | |||
| 108 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { | 108 | if (nf_ct_l3proto_try_module_get(par->family) < 0) { |
| 109 | pr_info("cannot load conntrack support for proto=%u\n", | 109 | pr_info("cannot load conntrack support for proto=%u\n", |
| 110 | par->family); | 110 | par->family); |
| 111 | return false; | 111 | return -EINVAL; |
| 112 | } | 112 | } |
| 113 | return true; | 113 | return 0; |
| 114 | } | 114 | } |
| 115 | 115 | ||
| 116 | static void connsecmark_tg_destroy(const struct xt_tgdtor_param *par) | 116 | static void connsecmark_tg_destroy(const struct xt_tgdtor_param *par) |
diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c index c1553bf06cf..ee566e2e453 100644 --- a/net/netfilter/xt_CT.c +++ b/net/netfilter/xt_CT.c | |||
| @@ -62,7 +62,7 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par) | |||
| 62 | u8 proto; | 62 | u8 proto; |
| 63 | 63 | ||
| 64 | if (info->flags & ~XT_CT_NOTRACK) | 64 | if (info->flags & ~XT_CT_NOTRACK) |
| 65 | return false; | 65 | return -EINVAL; |
| 66 | 66 | ||
| 67 | if (info->flags & XT_CT_NOTRACK) { | 67 | if (info->flags & XT_CT_NOTRACK) { |
| 68 | ct = &nf_conntrack_untracked; | 68 | ct = &nf_conntrack_untracked; |
| @@ -108,14 +108,14 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par) | |||
| 108 | __set_bit(IPS_CONFIRMED_BIT, &ct->status); | 108 | __set_bit(IPS_CONFIRMED_BIT, &ct->status); |
| 109 | out: | 109 | out: |
| 110 | info->ct = ct; | 110 | info->ct = ct; |
| 111 | return true; | 111 | return 0; |
| 112 | 112 | ||
| 113 | err3: | 113 | err3: |
| 114 | nf_conntrack_free(ct); | 114 | nf_conntrack_free(ct); |
| 115 | err2: | 115 | err2: |
| 116 | nf_ct_l3proto_module_put(par->family); | 116 | nf_ct_l3proto_module_put(par->family); |
| 117 | err1: | 117 | err1: |
| 118 | return false; | 118 | return -EINVAL; |
| 119 | } | 119 | } |
| 120 | 120 | ||
| 121 | static void xt_ct_tg_destroy(const struct xt_tgdtor_param *par) | 121 | static void xt_ct_tg_destroy(const struct xt_tgdtor_param *par) |
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c index 1fa7b67bf22..aa263b80f8c 100644 --- a/net/netfilter/xt_DSCP.c +++ b/net/netfilter/xt_DSCP.c | |||
| @@ -66,9 +66,9 @@ static int dscp_tg_check(const struct xt_tgchk_param *par) | |||
| 66 | 66 | ||
| 67 | if (info->dscp > XT_DSCP_MAX) { | 67 | if (info->dscp > XT_DSCP_MAX) { |
| 68 | pr_info("dscp %x out of range\n", info->dscp); | 68 | pr_info("dscp %x out of range\n", info->dscp); |
| 69 | return false; | 69 | return -EINVAL; |
| 70 | } | 70 | } |
| 71 | return true; | 71 | return 0; |
| 72 | } | 72 | } |
| 73 | 73 | ||
| 74 | static unsigned int | 74 | static unsigned int |
diff --git a/net/netfilter/xt_HL.c b/net/netfilter/xt_HL.c index 15ba1610818..7a47383ec72 100644 --- a/net/netfilter/xt_HL.c +++ b/net/netfilter/xt_HL.c | |||
| @@ -110,8 +110,8 @@ static int ttl_tg_check(const struct xt_tgchk_param *par) | |||
| 110 | return false; | 110 | return false; |
| 111 | } | 111 | } |
| 112 | if (info->mode != IPT_TTL_SET && info->ttl == 0) | 112 | if (info->mode != IPT_TTL_SET && info->ttl == 0) |
| 113 | return false; | 113 | return -EINVAL; |
| 114 | return true; | 114 | return 0; |
| 115 | } | 115 | } |
| 116 | 116 | ||
| 117 | static int hl_tg6_check(const struct xt_tgchk_param *par) | 117 | static int hl_tg6_check(const struct xt_tgchk_param *par) |
| @@ -120,14 +120,14 @@ static int hl_tg6_check(const struct xt_tgchk_param *par) | |||
| 120 | 120 | ||
| 121 | if (info->mode > IP6T_HL_MAXMODE) { | 121 | if (info->mode > IP6T_HL_MAXMODE) { |
| 122 | pr_info("invalid or unknown mode %u\n", info->mode); | 122 | pr_info("invalid or unknown mode %u\n", info->mode); |
| 123 | return false; | 123 | return -EINVAL; |
| 124 | } | 124 | } |
| 125 | if (info->mode != IP6T_HL_SET && info->hop_limit == 0) { | 125 | if (info->mode != IP6T_HL_SET && info->hop_limit == 0) { |
| 126 | pr_info("increment/decrement does not " | 126 | pr_info("increment/decrement does not " |
| 127 | "make sense with value 0\n"); | 127 | "make sense with value 0\n"); |
| 128 | return false; | 128 | return -EINVAL; |
| 129 | } | 129 | } |
| 130 | return true; | 130 | return 0; |
| 131 | } | 131 | } |
| 132 | 132 | ||
| 133 | static struct xt_target hl_tg_reg[] __read_mostly = { | 133 | static struct xt_target hl_tg_reg[] __read_mostly = { |
diff --git a/net/netfilter/xt_LED.c b/net/netfilter/xt_LED.c index 1a3e3dd5a77..22b5b705739 100644 --- a/net/netfilter/xt_LED.c +++ b/net/netfilter/xt_LED.c | |||
| @@ -88,12 +88,12 @@ static int led_tg_check(const struct xt_tgchk_param *par) | |||
| 88 | 88 | ||
| 89 | if (ledinfo->id[0] == '\0') { | 89 | if (ledinfo->id[0] == '\0') { |
| 90 | pr_info("No 'id' parameter given.\n"); | 90 | pr_info("No 'id' parameter given.\n"); |
| 91 | return false; | 91 | return -EINVAL; |
| 92 | } | 92 | } |
| 93 | 93 | ||
| 94 | ledinternal = kzalloc(sizeof(struct xt_led_info_internal), GFP_KERNEL); | 94 | ledinternal = kzalloc(sizeof(struct xt_led_info_internal), GFP_KERNEL); |
| 95 | if (!ledinternal) | 95 | if (!ledinternal) |
| 96 | return false; | 96 | return -EINVAL; |
| 97 | 97 | ||
| 98 | ledinternal->netfilter_led_trigger.name = ledinfo->id; | 98 | ledinternal->netfilter_led_trigger.name = ledinfo->id; |
| 99 | 99 | ||
| @@ -111,13 +111,11 @@ static int led_tg_check(const struct xt_tgchk_param *par) | |||
| 111 | (unsigned long)ledinfo); | 111 | (unsigned long)ledinfo); |
| 112 | 112 | ||
| 113 | ledinfo->internal_data = ledinternal; | 113 | ledinfo->internal_data = ledinternal; |
| 114 | 114 | return 0; | |
| 115 | return true; | ||
| 116 | 115 | ||
| 117 | exit_alloc: | 116 | exit_alloc: |
| 118 | kfree(ledinternal); | 117 | kfree(ledinternal); |
| 119 | 118 | return -EINVAL; | |
| 120 | return false; | ||
| 121 | } | 119 | } |
| 122 | 120 | ||
| 123 | static void led_tg_destroy(const struct xt_tgdtor_param *par) | 121 | static void led_tg_destroy(const struct xt_tgdtor_param *par) |
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c index 13e6c0002c8..42dd8747b42 100644 --- a/net/netfilter/xt_NFLOG.c +++ b/net/netfilter/xt_NFLOG.c | |||
| @@ -42,10 +42,10 @@ static int nflog_tg_check(const struct xt_tgchk_param *par) | |||
| 42 | const struct xt_nflog_info *info = par->targinfo; | 42 | const struct xt_nflog_info *info = par->targinfo; |
| 43 | 43 | ||
| 44 | if (info->flags & ~XT_NFLOG_MASK) | 44 | if (info->flags & ~XT_NFLOG_MASK) |
| 45 | return false; | 45 | return -EINVAL; |
| 46 | if (info->prefix[sizeof(info->prefix) - 1] != '\0') | 46 | if (info->prefix[sizeof(info->prefix) - 1] != '\0') |
| 47 | return false; | 47 | return -EINVAL; |
| 48 | return true; | 48 | return 0; |
| 49 | } | 49 | } |
| 50 | 50 | ||
| 51 | static struct xt_target nflog_tg_reg __read_mostly = { | 51 | static struct xt_target nflog_tg_reg __read_mostly = { |
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c index d435579a64c..add1789ae4a 100644 --- a/net/netfilter/xt_NFQUEUE.c +++ b/net/netfilter/xt_NFQUEUE.c | |||
| @@ -92,15 +92,15 @@ static int nfqueue_tg_v1_check(const struct xt_tgchk_param *par) | |||
| 92 | } | 92 | } |
| 93 | if (info->queues_total == 0) { | 93 | if (info->queues_total == 0) { |
| 94 | pr_err("NFQUEUE: number of total queues is 0\n"); | 94 | pr_err("NFQUEUE: number of total queues is 0\n"); |
| 95 | return false; | 95 | return -EINVAL; |
| 96 | } | 96 | } |
| 97 | maxid = info->queues_total - 1 + info->queuenum; | 97 | maxid = info->queues_total - 1 + info->queuenum; |
| 98 | if (maxid > 0xffff) { | 98 | if (maxid > 0xffff) { |
| 99 | pr_err("NFQUEUE: number of queues (%u) out of range (got %u)\n", | 99 | pr_err("NFQUEUE: number of queues (%u) out of range (got %u)\n", |
| 100 | info->queues_total, maxid); | 100 | info->queues_total, maxid); |
| 101 | return false; | 101 | return -EINVAL; |
| 102 | } | 102 | } |
| 103 | return true; | 103 | return 0; |
| 104 | } | 104 | } |
| 105 | 105 | ||
| 106 | static struct xt_target nfqueue_tg_reg[] __read_mostly = { | 106 | static struct xt_target nfqueue_tg_reg[] __read_mostly = { |
diff --git a/net/netfilter/xt_RATEEST.c b/net/netfilter/xt_RATEEST.c index 9743e50be8e..7af5fba39cd 100644 --- a/net/netfilter/xt_RATEEST.c +++ b/net/netfilter/xt_RATEEST.c | |||
| @@ -109,10 +109,10 @@ static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par) | |||
| 109 | (info->interval != est->params.interval || | 109 | (info->interval != est->params.interval || |
| 110 | info->ewma_log != est->params.ewma_log)) { | 110 | info->ewma_log != est->params.ewma_log)) { |
| 111 | xt_rateest_put(est); | 111 | xt_rateest_put(est); |
| 112 | return false; | 112 | return -EINVAL; |
| 113 | } | 113 | } |
| 114 | info->est = est; | 114 | info->est = est; |
| 115 | return true; | 115 | return 0; |
| 116 | } | 116 | } |
| 117 | 117 | ||
| 118 | est = kzalloc(sizeof(*est), GFP_KERNEL); | 118 | est = kzalloc(sizeof(*est), GFP_KERNEL); |
| @@ -136,13 +136,12 @@ static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par) | |||
| 136 | 136 | ||
| 137 | info->est = est; | 137 | info->est = est; |
| 138 | xt_rateest_hash_insert(est); | 138 | xt_rateest_hash_insert(est); |
| 139 | 139 | return 0; | |
| 140 | return true; | ||
| 141 | 140 | ||
| 142 | err2: | 141 | err2: |
| 143 | kfree(est); | 142 | kfree(est); |
| 144 | err1: | 143 | err1: |
| 145 | return false; | 144 | return -EINVAL; |
| 146 | } | 145 | } |
| 147 | 146 | ||
| 148 | static void xt_rateest_tg_destroy(const struct xt_tgdtor_param *par) | 147 | static void xt_rateest_tg_destroy(const struct xt_tgdtor_param *par) |
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c index 48f8e4f7ea8..39098fc9887 100644 --- a/net/netfilter/xt_SECMARK.c +++ b/net/netfilter/xt_SECMARK.c | |||
| @@ -88,29 +88,29 @@ static int secmark_tg_check(const struct xt_tgchk_param *par) | |||
| 88 | strcmp(par->table, "security") != 0) { | 88 | strcmp(par->table, "security") != 0) { |
| 89 | pr_info("target only valid in the \'mangle\' " | 89 | pr_info("target only valid in the \'mangle\' " |
| 90 | "or \'security\' tables, not \'%s\'.\n", par->table); | 90 | "or \'security\' tables, not \'%s\'.\n", par->table); |
| 91 | return false; | 91 | return -EINVAL; |
| 92 | } | 92 | } |
| 93 | 93 | ||
| 94 | if (mode && mode != info->mode) { | 94 | if (mode && mode != info->mode) { |
| 95 | pr_info("mode already set to %hu cannot mix with " | 95 | pr_info("mode already set to %hu cannot mix with " |
| 96 | "rules for mode %hu\n", mode, info->mode); | 96 | "rules for mode %hu\n", mode, info->mode); |
| 97 | return false; | 97 | return -EINVAL; |
| 98 | } | 98 | } |
| 99 | 99 | ||
| 100 | switch (info->mode) { | 100 | switch (info->mode) { |
| 101 | case SECMARK_MODE_SEL: | 101 | case SECMARK_MODE_SEL: |
| 102 | if (!checkentry_selinux(info)) | 102 | if (!checkentry_selinux(info)) |
| 103 | return false; | 103 | return -EINVAL; |
| 104 | break; | 104 | break; |
| 105 | 105 | ||
| 106 | default: | 106 | default: |
| 107 | pr_info("invalid mode: %hu\n", info->mode); | 107 | pr_info("invalid mode: %hu\n", info->mode); |
| 108 | return false; | 108 | return -EINVAL; |
| 109 | } | 109 | } |
| 110 | 110 | ||
| 111 | if (!mode) | 111 | if (!mode) |
| 112 | mode = info->mode; | 112 | mode = info->mode; |
| 113 | return true; | 113 | return 0; |
| 114 | } | 114 | } |
| 115 | 115 | ||
| 116 | static void secmark_tg_destroy(const struct xt_tgdtor_param *par) | 116 | static void secmark_tg_destroy(const struct xt_tgdtor_param *par) |
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c index 70288dc3158..385677b963d 100644 --- a/net/netfilter/xt_TCPMSS.c +++ b/net/netfilter/xt_TCPMSS.c | |||
| @@ -246,13 +246,13 @@ static int tcpmss_tg4_check(const struct xt_tgchk_param *par) | |||
| 246 | (1 << NF_INET_POST_ROUTING))) != 0) { | 246 | (1 << NF_INET_POST_ROUTING))) != 0) { |
| 247 | pr_info("path-MTU clamping only supported in " | 247 | pr_info("path-MTU clamping only supported in " |
| 248 | "FORWARD, OUTPUT and POSTROUTING hooks\n"); | 248 | "FORWARD, OUTPUT and POSTROUTING hooks\n"); |
| 249 | return false; | 249 | return -EINVAL; |
| 250 | } | 250 | } |
| 251 | xt_ematch_foreach(ematch, e) | 251 | xt_ematch_foreach(ematch, e) |
| 252 | if (find_syn_match(ematch)) | 252 | if (find_syn_match(ematch)) |
| 253 | return true; | 253 | return 0; |
| 254 | pr_info("Only works on TCP SYN packets\n"); | 254 | pr_info("Only works on TCP SYN packets\n"); |
| 255 | return false; | 255 | return -EINVAL; |
| 256 | } | 256 | } |
| 257 | 257 | ||
| 258 | #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) | 258 | #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) |
| @@ -268,13 +268,13 @@ static int tcpmss_tg6_check(const struct xt_tgchk_param *par) | |||
| 268 | (1 << NF_INET_POST_ROUTING))) != 0) { | 268 | (1 << NF_INET_POST_ROUTING))) != 0) { |
| 269 | pr_info("path-MTU clamping only supported in " | 269 | pr_info("path-MTU clamping only supported in " |
| 270 | "FORWARD, OUTPUT and POSTROUTING hooks\n"); | 270 | "FORWARD, OUTPUT and POSTROUTING hooks\n"); |
| 271 | return false; | 271 | return -EINVAL; |
| 272 | } | 272 | } |
| 273 | xt_ematch_foreach(ematch, e) | 273 | xt_ematch_foreach(ematch, e) |
| 274 | if (find_syn_match(ematch)) | 274 | if (find_syn_match(ematch)) |
| 275 | return true; | 275 | return 0; |
| 276 | pr_info("Only works on TCP SYN packets\n"); | 276 | pr_info("Only works on TCP SYN packets\n"); |
| 277 | return false; | 277 | return -EINVAL; |
| 278 | } | 278 | } |
| 279 | #endif | 279 | #endif |
| 280 | 280 | ||
diff --git a/net/netfilter/xt_TPROXY.c b/net/netfilter/xt_TPROXY.c index 189df9af4de..4f246ddc5c4 100644 --- a/net/netfilter/xt_TPROXY.c +++ b/net/netfilter/xt_TPROXY.c | |||
| @@ -65,11 +65,11 @@ static int tproxy_tg_check(const struct xt_tgchk_param *par) | |||
| 65 | 65 | ||
| 66 | if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP) | 66 | if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP) |
| 67 | && !(i->invflags & IPT_INV_PROTO)) | 67 | && !(i->invflags & IPT_INV_PROTO)) |
| 68 | return true; | 68 | return 0; |
| 69 | 69 | ||
| 70 | pr_info("Can be used only in combination with " | 70 | pr_info("Can be used only in combination with " |
| 71 | "either -p tcp or -p udp\n"); | 71 | "either -p tcp or -p udp\n"); |
| 72 | return false; | 72 | return -EINVAL; |
| 73 | } | 73 | } |
| 74 | 74 | ||
| 75 | static struct xt_target tproxy_tg_reg __read_mostly = { | 75 | static struct xt_target tproxy_tg_reg __read_mostly = { |