diff options
author | Jan Engelhardt <jengelh@gmx.de> | 2007-07-08 01:15:12 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-07-11 01:16:56 -0400 |
commit | cff533ac12494fa002e2c46acc94d670e5f636a2 (patch) | |
tree | ab159436fa3f5c282455afafcf136fd03fa8225a | |
parent | 7bfe24611671ec76b44281e582b38535e21f01a9 (diff) |
[NETFILTER]: x_tables: switch hotdrop to bool
Switch the "hotdrop" variables to boolean
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
46 files changed, 92 insertions, 92 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 7e733a6ba4f6..b8577d18d10d 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h | |||
@@ -148,7 +148,7 @@ struct xt_match | |||
148 | const void *matchinfo, | 148 | const void *matchinfo, |
149 | int offset, | 149 | int offset, |
150 | unsigned int protoff, | 150 | unsigned int protoff, |
151 | int *hotdrop); | 151 | bool *hotdrop); |
152 | 152 | ||
153 | /* Called when user tries to insert an entry of this type. */ | 153 | /* Called when user tries to insert an entry of this type. */ |
154 | /* Should return true or false. */ | 154 | /* Should return true or false. */ |
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index cae41215e3c7..1d75a5cd7b44 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -224,7 +224,7 @@ unsigned int arpt_do_table(struct sk_buff **pskb, | |||
224 | static const char nulldevname[IFNAMSIZ]; | 224 | static const char nulldevname[IFNAMSIZ]; |
225 | unsigned int verdict = NF_DROP; | 225 | unsigned int verdict = NF_DROP; |
226 | struct arphdr *arp; | 226 | struct arphdr *arp; |
227 | int hotdrop = 0; | 227 | bool hotdrop = false; |
228 | struct arpt_entry *e, *back; | 228 | struct arpt_entry *e, *back; |
229 | const char *indev, *outdev; | 229 | const char *indev, *outdev; |
230 | void *table_base; | 230 | void *table_base; |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 9bacf1a03630..e2a893825656 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -188,7 +188,7 @@ int do_match(struct ipt_entry_match *m, | |||
188 | const struct net_device *in, | 188 | const struct net_device *in, |
189 | const struct net_device *out, | 189 | const struct net_device *out, |
190 | int offset, | 190 | int offset, |
191 | int *hotdrop) | 191 | bool *hotdrop) |
192 | { | 192 | { |
193 | /* Stop iteration if it doesn't match */ | 193 | /* Stop iteration if it doesn't match */ |
194 | if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data, | 194 | if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data, |
@@ -216,7 +216,7 @@ ipt_do_table(struct sk_buff **pskb, | |||
216 | u_int16_t offset; | 216 | u_int16_t offset; |
217 | struct iphdr *ip; | 217 | struct iphdr *ip; |
218 | u_int16_t datalen; | 218 | u_int16_t datalen; |
219 | int hotdrop = 0; | 219 | bool hotdrop = false; |
220 | /* Initializing verdict to NF_DROP keeps gcc happy. */ | 220 | /* Initializing verdict to NF_DROP keeps gcc happy. */ |
221 | unsigned int verdict = NF_DROP; | 221 | unsigned int verdict = NF_DROP; |
222 | const char *indev, *outdev; | 222 | const char *indev, *outdev; |
@@ -2122,7 +2122,7 @@ icmp_match(const struct sk_buff *skb, | |||
2122 | const void *matchinfo, | 2122 | const void *matchinfo, |
2123 | int offset, | 2123 | int offset, |
2124 | unsigned int protoff, | 2124 | unsigned int protoff, |
2125 | int *hotdrop) | 2125 | bool *hotdrop) |
2126 | { | 2126 | { |
2127 | struct icmphdr _icmph, *ic; | 2127 | struct icmphdr _icmph, *ic; |
2128 | const struct ipt_icmp *icmpinfo = matchinfo; | 2128 | const struct ipt_icmp *icmpinfo = matchinfo; |
@@ -2137,7 +2137,7 @@ icmp_match(const struct sk_buff *skb, | |||
2137 | * can't. Hence, no choice but to drop. | 2137 | * can't. Hence, no choice but to drop. |
2138 | */ | 2138 | */ |
2139 | duprintf("Dropping evil ICMP tinygram.\n"); | 2139 | duprintf("Dropping evil ICMP tinygram.\n"); |
2140 | *hotdrop = 1; | 2140 | *hotdrop = true; |
2141 | return 0; | 2141 | return 0; |
2142 | } | 2142 | } |
2143 | 2143 | ||
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c index a652a1451552..a9a9b750ff2d 100644 --- a/net/ipv4/netfilter/ipt_addrtype.c +++ b/net/ipv4/netfilter/ipt_addrtype.c | |||
@@ -30,7 +30,7 @@ static inline int match_type(__be32 addr, u_int16_t mask) | |||
30 | static int match(const struct sk_buff *skb, | 30 | static int match(const struct sk_buff *skb, |
31 | const struct net_device *in, const struct net_device *out, | 31 | const struct net_device *in, const struct net_device *out, |
32 | const struct xt_match *match, const void *matchinfo, | 32 | const struct xt_match *match, const void *matchinfo, |
33 | int offset, unsigned int protoff, int *hotdrop) | 33 | int offset, unsigned int protoff, bool *hotdrop) |
34 | { | 34 | { |
35 | const struct ipt_addrtype_info *info = matchinfo; | 35 | const struct ipt_addrtype_info *info = matchinfo; |
36 | const struct iphdr *iph = ip_hdr(skb); | 36 | const struct iphdr *iph = ip_hdr(skb); |
diff --git a/net/ipv4/netfilter/ipt_ah.c b/net/ipv4/netfilter/ipt_ah.c index 18a16782cf40..9a244e406a48 100644 --- a/net/ipv4/netfilter/ipt_ah.c +++ b/net/ipv4/netfilter/ipt_ah.c | |||
@@ -44,7 +44,7 @@ match(const struct sk_buff *skb, | |||
44 | const void *matchinfo, | 44 | const void *matchinfo, |
45 | int offset, | 45 | int offset, |
46 | unsigned int protoff, | 46 | unsigned int protoff, |
47 | int *hotdrop) | 47 | bool *hotdrop) |
48 | { | 48 | { |
49 | struct ip_auth_hdr _ahdr, *ah; | 49 | struct ip_auth_hdr _ahdr, *ah; |
50 | const struct ipt_ah *ahinfo = matchinfo; | 50 | const struct ipt_ah *ahinfo = matchinfo; |
@@ -60,7 +60,7 @@ match(const struct sk_buff *skb, | |||
60 | * can't. Hence, no choice but to drop. | 60 | * can't. Hence, no choice but to drop. |
61 | */ | 61 | */ |
62 | duprintf("Dropping evil AH tinygram.\n"); | 62 | duprintf("Dropping evil AH tinygram.\n"); |
63 | *hotdrop = 1; | 63 | *hotdrop = true; |
64 | return 0; | 64 | return 0; |
65 | } | 65 | } |
66 | 66 | ||
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c index 26218122f865..a47f3745553b 100644 --- a/net/ipv4/netfilter/ipt_ecn.c +++ b/net/ipv4/netfilter/ipt_ecn.c | |||
@@ -30,7 +30,7 @@ static inline int match_ip(const struct sk_buff *skb, | |||
30 | 30 | ||
31 | static inline int match_tcp(const struct sk_buff *skb, | 31 | static inline int match_tcp(const struct sk_buff *skb, |
32 | const struct ipt_ecn_info *einfo, | 32 | const struct ipt_ecn_info *einfo, |
33 | int *hotdrop) | 33 | bool *hotdrop) |
34 | { | 34 | { |
35 | struct tcphdr _tcph, *th; | 35 | struct tcphdr _tcph, *th; |
36 | 36 | ||
@@ -39,7 +39,7 @@ static inline int match_tcp(const struct sk_buff *skb, | |||
39 | */ | 39 | */ |
40 | th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph); | 40 | th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph); |
41 | if (th == NULL) { | 41 | if (th == NULL) { |
42 | *hotdrop = 0; | 42 | *hotdrop = false; |
43 | return 0; | 43 | return 0; |
44 | } | 44 | } |
45 | 45 | ||
@@ -69,7 +69,7 @@ static inline int match_tcp(const struct sk_buff *skb, | |||
69 | static int match(const struct sk_buff *skb, | 69 | static int match(const struct sk_buff *skb, |
70 | const struct net_device *in, const struct net_device *out, | 70 | const struct net_device *in, const struct net_device *out, |
71 | const struct xt_match *match, const void *matchinfo, | 71 | const struct xt_match *match, const void *matchinfo, |
72 | int offset, unsigned int protoff, int *hotdrop) | 72 | int offset, unsigned int protoff, bool *hotdrop) |
73 | { | 73 | { |
74 | const struct ipt_ecn_info *info = matchinfo; | 74 | const struct ipt_ecn_info *info = matchinfo; |
75 | 75 | ||
diff --git a/net/ipv4/netfilter/ipt_iprange.c b/net/ipv4/netfilter/ipt_iprange.c index 33af9e940887..86f225c1d067 100644 --- a/net/ipv4/netfilter/ipt_iprange.c +++ b/net/ipv4/netfilter/ipt_iprange.c | |||
@@ -29,7 +29,7 @@ match(const struct sk_buff *skb, | |||
29 | const struct net_device *out, | 29 | const struct net_device *out, |
30 | const struct xt_match *match, | 30 | const struct xt_match *match, |
31 | const void *matchinfo, | 31 | const void *matchinfo, |
32 | int offset, unsigned int protoff, int *hotdrop) | 32 | int offset, unsigned int protoff, bool *hotdrop) |
33 | { | 33 | { |
34 | const struct ipt_iprange_info *info = matchinfo; | 34 | const struct ipt_iprange_info *info = matchinfo; |
35 | const struct iphdr *iph = ip_hdr(skb); | 35 | const struct iphdr *iph = ip_hdr(skb); |
diff --git a/net/ipv4/netfilter/ipt_owner.c b/net/ipv4/netfilter/ipt_owner.c index 7fae9aa8944c..92be562c4aca 100644 --- a/net/ipv4/netfilter/ipt_owner.c +++ b/net/ipv4/netfilter/ipt_owner.c | |||
@@ -29,7 +29,7 @@ match(const struct sk_buff *skb, | |||
29 | const void *matchinfo, | 29 | const void *matchinfo, |
30 | int offset, | 30 | int offset, |
31 | unsigned int protoff, | 31 | unsigned int protoff, |
32 | int *hotdrop) | 32 | bool *hotdrop) |
33 | { | 33 | { |
34 | const struct ipt_owner_info *info = matchinfo; | 34 | const struct ipt_owner_info *info = matchinfo; |
35 | 35 | ||
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c index 15a9e8bbb7cc..81f1a017f311 100644 --- a/net/ipv4/netfilter/ipt_recent.c +++ b/net/ipv4/netfilter/ipt_recent.c | |||
@@ -173,7 +173,7 @@ static int | |||
173 | ipt_recent_match(const struct sk_buff *skb, | 173 | ipt_recent_match(const struct sk_buff *skb, |
174 | const struct net_device *in, const struct net_device *out, | 174 | const struct net_device *in, const struct net_device *out, |
175 | const struct xt_match *match, const void *matchinfo, | 175 | const struct xt_match *match, const void *matchinfo, |
176 | int offset, unsigned int protoff, int *hotdrop) | 176 | int offset, unsigned int protoff, bool *hotdrop) |
177 | { | 177 | { |
178 | const struct ipt_recent_info *info = matchinfo; | 178 | const struct ipt_recent_info *info = matchinfo; |
179 | struct recent_table *t; | 179 | struct recent_table *t; |
@@ -201,7 +201,7 @@ ipt_recent_match(const struct sk_buff *skb, | |||
201 | goto out; | 201 | goto out; |
202 | e = recent_entry_init(t, addr, ttl); | 202 | e = recent_entry_init(t, addr, ttl); |
203 | if (e == NULL) | 203 | if (e == NULL) |
204 | *hotdrop = 1; | 204 | *hotdrop = true; |
205 | ret ^= 1; | 205 | ret ^= 1; |
206 | goto out; | 206 | goto out; |
207 | } | 207 | } |
diff --git a/net/ipv4/netfilter/ipt_tos.c b/net/ipv4/netfilter/ipt_tos.c index d314844af12b..803ed4c35b55 100644 --- a/net/ipv4/netfilter/ipt_tos.c +++ b/net/ipv4/netfilter/ipt_tos.c | |||
@@ -26,7 +26,7 @@ match(const struct sk_buff *skb, | |||
26 | const void *matchinfo, | 26 | const void *matchinfo, |
27 | int offset, | 27 | int offset, |
28 | unsigned int protoff, | 28 | unsigned int protoff, |
29 | int *hotdrop) | 29 | bool *hotdrop) |
30 | { | 30 | { |
31 | const struct ipt_tos_info *info = matchinfo; | 31 | const struct ipt_tos_info *info = matchinfo; |
32 | 32 | ||
diff --git a/net/ipv4/netfilter/ipt_ttl.c b/net/ipv4/netfilter/ipt_ttl.c index ab02d9e3139c..e7316b27d2c5 100644 --- a/net/ipv4/netfilter/ipt_ttl.c +++ b/net/ipv4/netfilter/ipt_ttl.c | |||
@@ -21,7 +21,7 @@ MODULE_LICENSE("GPL"); | |||
21 | static int match(const struct sk_buff *skb, | 21 | static int match(const struct sk_buff *skb, |
22 | const struct net_device *in, const struct net_device *out, | 22 | const struct net_device *in, const struct net_device *out, |
23 | const struct xt_match *match, const void *matchinfo, | 23 | const struct xt_match *match, const void *matchinfo, |
24 | int offset, unsigned int protoff, int *hotdrop) | 24 | int offset, unsigned int protoff, bool *hotdrop) |
25 | { | 25 | { |
26 | const struct ipt_ttl_info *info = matchinfo; | 26 | const struct ipt_ttl_info *info = matchinfo; |
27 | const u8 ttl = ip_hdr(skb)->ttl; | 27 | const u8 ttl = ip_hdr(skb)->ttl; |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 9aa624026688..13c66a75c21c 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -102,7 +102,7 @@ ip6_packet_match(const struct sk_buff *skb, | |||
102 | const char *outdev, | 102 | const char *outdev, |
103 | const struct ip6t_ip6 *ip6info, | 103 | const struct ip6t_ip6 *ip6info, |
104 | unsigned int *protoff, | 104 | unsigned int *protoff, |
105 | int *fragoff, int *hotdrop) | 105 | int *fragoff, bool *hotdrop) |
106 | { | 106 | { |
107 | size_t i; | 107 | size_t i; |
108 | unsigned long ret; | 108 | unsigned long ret; |
@@ -162,7 +162,7 @@ ip6_packet_match(const struct sk_buff *skb, | |||
162 | protohdr = ipv6_find_hdr(skb, protoff, -1, &_frag_off); | 162 | protohdr = ipv6_find_hdr(skb, protoff, -1, &_frag_off); |
163 | if (protohdr < 0) { | 163 | if (protohdr < 0) { |
164 | if (_frag_off == 0) | 164 | if (_frag_off == 0) |
165 | *hotdrop = 1; | 165 | *hotdrop = true; |
166 | return 0; | 166 | return 0; |
167 | } | 167 | } |
168 | *fragoff = _frag_off; | 168 | *fragoff = _frag_off; |
@@ -225,7 +225,7 @@ int do_match(struct ip6t_entry_match *m, | |||
225 | const struct net_device *out, | 225 | const struct net_device *out, |
226 | int offset, | 226 | int offset, |
227 | unsigned int protoff, | 227 | unsigned int protoff, |
228 | int *hotdrop) | 228 | bool *hotdrop) |
229 | { | 229 | { |
230 | /* Stop iteration if it doesn't match */ | 230 | /* Stop iteration if it doesn't match */ |
231 | if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data, | 231 | if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data, |
@@ -252,7 +252,7 @@ ip6t_do_table(struct sk_buff **pskb, | |||
252 | static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); | 252 | static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); |
253 | int offset = 0; | 253 | int offset = 0; |
254 | unsigned int protoff = 0; | 254 | unsigned int protoff = 0; |
255 | int hotdrop = 0; | 255 | bool hotdrop = false; |
256 | /* Initializing verdict to NF_DROP keeps gcc happy. */ | 256 | /* Initializing verdict to NF_DROP keeps gcc happy. */ |
257 | unsigned int verdict = NF_DROP; | 257 | unsigned int verdict = NF_DROP; |
258 | const char *indev, *outdev; | 258 | const char *indev, *outdev; |
@@ -1299,7 +1299,7 @@ icmp6_match(const struct sk_buff *skb, | |||
1299 | const void *matchinfo, | 1299 | const void *matchinfo, |
1300 | int offset, | 1300 | int offset, |
1301 | unsigned int protoff, | 1301 | unsigned int protoff, |
1302 | int *hotdrop) | 1302 | bool *hotdrop) |
1303 | { | 1303 | { |
1304 | struct icmp6hdr _icmp, *ic; | 1304 | struct icmp6hdr _icmp, *ic; |
1305 | const struct ip6t_icmp *icmpinfo = matchinfo; | 1305 | const struct ip6t_icmp *icmpinfo = matchinfo; |
@@ -1313,7 +1313,7 @@ icmp6_match(const struct sk_buff *skb, | |||
1313 | /* We've been asked to examine this packet, and we | 1313 | /* We've been asked to examine this packet, and we |
1314 | can't. Hence, no choice but to drop. */ | 1314 | can't. Hence, no choice but to drop. */ |
1315 | duprintf("Dropping evil ICMP tinygram.\n"); | 1315 | duprintf("Dropping evil ICMP tinygram.\n"); |
1316 | *hotdrop = 1; | 1316 | *hotdrop = true; |
1317 | return 0; | 1317 | return 0; |
1318 | } | 1318 | } |
1319 | 1319 | ||
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c index d3c154371b41..27b7bd279c0e 100644 --- a/net/ipv6/netfilter/ip6t_ah.c +++ b/net/ipv6/netfilter/ip6t_ah.c | |||
@@ -49,7 +49,7 @@ match(const struct sk_buff *skb, | |||
49 | const void *matchinfo, | 49 | const void *matchinfo, |
50 | int offset, | 50 | int offset, |
51 | unsigned int protoff, | 51 | unsigned int protoff, |
52 | int *hotdrop) | 52 | bool *hotdrop) |
53 | { | 53 | { |
54 | struct ip_auth_hdr *ah, _ah; | 54 | struct ip_auth_hdr *ah, _ah; |
55 | const struct ip6t_ah *ahinfo = matchinfo; | 55 | const struct ip6t_ah *ahinfo = matchinfo; |
@@ -60,13 +60,13 @@ match(const struct sk_buff *skb, | |||
60 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL); | 60 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL); |
61 | if (err < 0) { | 61 | if (err < 0) { |
62 | if (err != -ENOENT) | 62 | if (err != -ENOENT) |
63 | *hotdrop = 1; | 63 | *hotdrop = true; |
64 | return 0; | 64 | return 0; |
65 | } | 65 | } |
66 | 66 | ||
67 | ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah); | 67 | ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah); |
68 | if (ah == NULL) { | 68 | if (ah == NULL) { |
69 | *hotdrop = 1; | 69 | *hotdrop = true; |
70 | return 0; | 70 | return 0; |
71 | } | 71 | } |
72 | 72 | ||
diff --git a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c index 0f3dd932f0a6..69e79e19040e 100644 --- a/net/ipv6/netfilter/ip6t_eui64.c +++ b/net/ipv6/netfilter/ip6t_eui64.c | |||
@@ -27,7 +27,7 @@ match(const struct sk_buff *skb, | |||
27 | const void *matchinfo, | 27 | const void *matchinfo, |
28 | int offset, | 28 | int offset, |
29 | unsigned int protoff, | 29 | unsigned int protoff, |
30 | int *hotdrop) | 30 | bool *hotdrop) |
31 | { | 31 | { |
32 | unsigned char eui64[8]; | 32 | unsigned char eui64[8]; |
33 | int i = 0; | 33 | int i = 0; |
@@ -35,7 +35,7 @@ match(const struct sk_buff *skb, | |||
35 | if (!(skb_mac_header(skb) >= skb->head && | 35 | if (!(skb_mac_header(skb) >= skb->head && |
36 | (skb_mac_header(skb) + ETH_HLEN) <= skb->data) && | 36 | (skb_mac_header(skb) + ETH_HLEN) <= skb->data) && |
37 | offset != 0) { | 37 | offset != 0) { |
38 | *hotdrop = 1; | 38 | *hotdrop = true; |
39 | return 0; | 39 | return 0; |
40 | } | 40 | } |
41 | 41 | ||
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c index 5a5da71321b6..740fdcafa5f3 100644 --- a/net/ipv6/netfilter/ip6t_frag.c +++ b/net/ipv6/netfilter/ip6t_frag.c | |||
@@ -48,7 +48,7 @@ match(const struct sk_buff *skb, | |||
48 | const void *matchinfo, | 48 | const void *matchinfo, |
49 | int offset, | 49 | int offset, |
50 | unsigned int protoff, | 50 | unsigned int protoff, |
51 | int *hotdrop) | 51 | bool *hotdrop) |
52 | { | 52 | { |
53 | struct frag_hdr _frag, *fh; | 53 | struct frag_hdr _frag, *fh; |
54 | const struct ip6t_frag *fraginfo = matchinfo; | 54 | const struct ip6t_frag *fraginfo = matchinfo; |
@@ -58,13 +58,13 @@ match(const struct sk_buff *skb, | |||
58 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL); | 58 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL); |
59 | if (err < 0) { | 59 | if (err < 0) { |
60 | if (err != -ENOENT) | 60 | if (err != -ENOENT) |
61 | *hotdrop = 1; | 61 | *hotdrop = true; |
62 | return 0; | 62 | return 0; |
63 | } | 63 | } |
64 | 64 | ||
65 | fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag); | 65 | fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag); |
66 | if (fh == NULL) { | 66 | if (fh == NULL) { |
67 | *hotdrop = 1; | 67 | *hotdrop = true; |
68 | return 0; | 68 | return 0; |
69 | } | 69 | } |
70 | 70 | ||
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c index d2373c7cd354..5633de160c6d 100644 --- a/net/ipv6/netfilter/ip6t_hbh.c +++ b/net/ipv6/netfilter/ip6t_hbh.c | |||
@@ -55,7 +55,7 @@ match(const struct sk_buff *skb, | |||
55 | const void *matchinfo, | 55 | const void *matchinfo, |
56 | int offset, | 56 | int offset, |
57 | unsigned int protoff, | 57 | unsigned int protoff, |
58 | int *hotdrop) | 58 | bool *hotdrop) |
59 | { | 59 | { |
60 | struct ipv6_opt_hdr _optsh, *oh; | 60 | struct ipv6_opt_hdr _optsh, *oh; |
61 | const struct ip6t_opts *optinfo = matchinfo; | 61 | const struct ip6t_opts *optinfo = matchinfo; |
@@ -71,13 +71,13 @@ match(const struct sk_buff *skb, | |||
71 | err = ipv6_find_hdr(skb, &ptr, match->data, NULL); | 71 | err = ipv6_find_hdr(skb, &ptr, match->data, NULL); |
72 | if (err < 0) { | 72 | if (err < 0) { |
73 | if (err != -ENOENT) | 73 | if (err != -ENOENT) |
74 | *hotdrop = 1; | 74 | *hotdrop = true; |
75 | return 0; | 75 | return 0; |
76 | } | 76 | } |
77 | 77 | ||
78 | oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh); | 78 | oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh); |
79 | if (oh == NULL) { | 79 | if (oh == NULL) { |
80 | *hotdrop = 1; | 80 | *hotdrop = true; |
81 | return 0; | 81 | return 0; |
82 | } | 82 | } |
83 | 83 | ||
diff --git a/net/ipv6/netfilter/ip6t_hl.c b/net/ipv6/netfilter/ip6t_hl.c index d606c0e6d6fd..cbf49cffa067 100644 --- a/net/ipv6/netfilter/ip6t_hl.c +++ b/net/ipv6/netfilter/ip6t_hl.c | |||
@@ -22,7 +22,7 @@ MODULE_LICENSE("GPL"); | |||
22 | static int match(const struct sk_buff *skb, | 22 | static int match(const struct sk_buff *skb, |
23 | const struct net_device *in, const struct net_device *out, | 23 | const struct net_device *in, const struct net_device *out, |
24 | const struct xt_match *match, const void *matchinfo, | 24 | const struct xt_match *match, const void *matchinfo, |
25 | int offset, unsigned int protoff, int *hotdrop) | 25 | int offset, unsigned int protoff, bool *hotdrop) |
26 | { | 26 | { |
27 | const struct ip6t_hl_info *info = matchinfo; | 27 | const struct ip6t_hl_info *info = matchinfo; |
28 | const struct ipv6hdr *ip6h = ipv6_hdr(skb); | 28 | const struct ipv6hdr *ip6h = ipv6_hdr(skb); |
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c index fd6a0869099b..469dec27c649 100644 --- a/net/ipv6/netfilter/ip6t_ipv6header.c +++ b/net/ipv6/netfilter/ip6t_ipv6header.c | |||
@@ -34,7 +34,7 @@ ipv6header_match(const struct sk_buff *skb, | |||
34 | const void *matchinfo, | 34 | const void *matchinfo, |
35 | int offset, | 35 | int offset, |
36 | unsigned int protoff, | 36 | unsigned int protoff, |
37 | int *hotdrop) | 37 | bool *hotdrop) |
38 | { | 38 | { |
39 | const struct ip6t_ipv6header_info *info = matchinfo; | 39 | const struct ip6t_ipv6header_info *info = matchinfo; |
40 | unsigned int temp; | 40 | unsigned int temp; |
diff --git a/net/ipv6/netfilter/ip6t_mh.c b/net/ipv6/netfilter/ip6t_mh.c index c2a909893a64..c27647b6c274 100644 --- a/net/ipv6/netfilter/ip6t_mh.c +++ b/net/ipv6/netfilter/ip6t_mh.c | |||
@@ -48,7 +48,7 @@ match(const struct sk_buff *skb, | |||
48 | const void *matchinfo, | 48 | const void *matchinfo, |
49 | int offset, | 49 | int offset, |
50 | unsigned int protoff, | 50 | unsigned int protoff, |
51 | int *hotdrop) | 51 | bool *hotdrop) |
52 | { | 52 | { |
53 | struct ip6_mh _mh, *mh; | 53 | struct ip6_mh _mh, *mh; |
54 | const struct ip6t_mh *mhinfo = matchinfo; | 54 | const struct ip6t_mh *mhinfo = matchinfo; |
@@ -62,14 +62,14 @@ match(const struct sk_buff *skb, | |||
62 | /* We've been asked to examine this packet, and we | 62 | /* We've been asked to examine this packet, and we |
63 | can't. Hence, no choice but to drop. */ | 63 | can't. Hence, no choice but to drop. */ |
64 | duprintf("Dropping evil MH tinygram.\n"); | 64 | duprintf("Dropping evil MH tinygram.\n"); |
65 | *hotdrop = 1; | 65 | *hotdrop = true; |
66 | return 0; | 66 | return 0; |
67 | } | 67 | } |
68 | 68 | ||
69 | if (mh->ip6mh_proto != IPPROTO_NONE) { | 69 | if (mh->ip6mh_proto != IPPROTO_NONE) { |
70 | duprintf("Dropping invalid MH Payload Proto: %u\n", | 70 | duprintf("Dropping invalid MH Payload Proto: %u\n", |
71 | mh->ip6mh_proto); | 71 | mh->ip6mh_proto); |
72 | *hotdrop = 1; | 72 | *hotdrop = true; |
73 | return 0; | 73 | return 0; |
74 | } | 74 | } |
75 | 75 | ||
diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c index 43738bba00b5..f90f7c32cc9e 100644 --- a/net/ipv6/netfilter/ip6t_owner.c +++ b/net/ipv6/netfilter/ip6t_owner.c | |||
@@ -31,7 +31,7 @@ match(const struct sk_buff *skb, | |||
31 | const void *matchinfo, | 31 | const void *matchinfo, |
32 | int offset, | 32 | int offset, |
33 | unsigned int protoff, | 33 | unsigned int protoff, |
34 | int *hotdrop) | 34 | bool *hotdrop) |
35 | { | 35 | { |
36 | const struct ip6t_owner_info *info = matchinfo; | 36 | const struct ip6t_owner_info *info = matchinfo; |
37 | 37 | ||
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c index 81ab00d8c182..2bb88214cfda 100644 --- a/net/ipv6/netfilter/ip6t_rt.c +++ b/net/ipv6/netfilter/ip6t_rt.c | |||
@@ -50,7 +50,7 @@ match(const struct sk_buff *skb, | |||
50 | const void *matchinfo, | 50 | const void *matchinfo, |
51 | int offset, | 51 | int offset, |
52 | unsigned int protoff, | 52 | unsigned int protoff, |
53 | int *hotdrop) | 53 | bool *hotdrop) |
54 | { | 54 | { |
55 | struct ipv6_rt_hdr _route, *rh; | 55 | struct ipv6_rt_hdr _route, *rh; |
56 | const struct ip6t_rt *rtinfo = matchinfo; | 56 | const struct ip6t_rt *rtinfo = matchinfo; |
@@ -64,13 +64,13 @@ match(const struct sk_buff *skb, | |||
64 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL); | 64 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL); |
65 | if (err < 0) { | 65 | if (err < 0) { |
66 | if (err != -ENOENT) | 66 | if (err != -ENOENT) |
67 | *hotdrop = 1; | 67 | *hotdrop = true; |
68 | return 0; | 68 | return 0; |
69 | } | 69 | } |
70 | 70 | ||
71 | rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route); | 71 | rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route); |
72 | if (rh == NULL) { | 72 | if (rh == NULL) { |
73 | *hotdrop = 1; | 73 | *hotdrop = true; |
74 | return 0; | 74 | return 0; |
75 | } | 75 | } |
76 | 76 | ||
diff --git a/net/netfilter/xt_comment.c b/net/netfilter/xt_comment.c index 7db492d65220..20690ea0d466 100644 --- a/net/netfilter/xt_comment.c +++ b/net/netfilter/xt_comment.c | |||
@@ -23,7 +23,7 @@ match(const struct sk_buff *skb, | |||
23 | const void *matchinfo, | 23 | const void *matchinfo, |
24 | int offset, | 24 | int offset, |
25 | unsigned int protooff, | 25 | unsigned int protooff, |
26 | int *hotdrop) | 26 | bool *hotdrop) |
27 | { | 27 | { |
28 | /* We always match */ | 28 | /* We always match */ |
29 | return 1; | 29 | return 1; |
diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c index 804afe55e141..8fe5775901e1 100644 --- a/net/netfilter/xt_connbytes.c +++ b/net/netfilter/xt_connbytes.c | |||
@@ -23,7 +23,7 @@ match(const struct sk_buff *skb, | |||
23 | const void *matchinfo, | 23 | const void *matchinfo, |
24 | int offset, | 24 | int offset, |
25 | unsigned int protoff, | 25 | unsigned int protoff, |
26 | int *hotdrop) | 26 | bool *hotdrop) |
27 | { | 27 | { |
28 | const struct xt_connbytes_info *sinfo = matchinfo; | 28 | const struct xt_connbytes_info *sinfo = matchinfo; |
29 | struct nf_conn *ct; | 29 | struct nf_conn *ct; |
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c index e1803256c792..8a6d58ab5d2b 100644 --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c | |||
@@ -38,7 +38,7 @@ match(const struct sk_buff *skb, | |||
38 | const void *matchinfo, | 38 | const void *matchinfo, |
39 | int offset, | 39 | int offset, |
40 | unsigned int protoff, | 40 | unsigned int protoff, |
41 | int *hotdrop) | 41 | bool *hotdrop) |
42 | { | 42 | { |
43 | const struct xt_connmark_info *info = matchinfo; | 43 | const struct xt_connmark_info *info = matchinfo; |
44 | struct nf_conn *ct; | 44 | struct nf_conn *ct; |
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index 189ded5f378b..915c730d3b72 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c | |||
@@ -27,7 +27,7 @@ match(const struct sk_buff *skb, | |||
27 | const void *matchinfo, | 27 | const void *matchinfo, |
28 | int offset, | 28 | int offset, |
29 | unsigned int protoff, | 29 | unsigned int protoff, |
30 | int *hotdrop) | 30 | bool *hotdrop) |
31 | { | 31 | { |
32 | const struct xt_conntrack_info *sinfo = matchinfo; | 32 | const struct xt_conntrack_info *sinfo = matchinfo; |
33 | struct nf_conn *ct; | 33 | struct nf_conn *ct; |
diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c index 2c9c0dee8aaf..3172e7308b35 100644 --- a/net/netfilter/xt_dccp.c +++ b/net/netfilter/xt_dccp.c | |||
@@ -36,7 +36,7 @@ dccp_find_option(u_int8_t option, | |||
36 | const struct sk_buff *skb, | 36 | const struct sk_buff *skb, |
37 | unsigned int protoff, | 37 | unsigned int protoff, |
38 | const struct dccp_hdr *dh, | 38 | const struct dccp_hdr *dh, |
39 | int *hotdrop) | 39 | bool *hotdrop) |
40 | { | 40 | { |
41 | /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ | 41 | /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ |
42 | unsigned char *op; | 42 | unsigned char *op; |
@@ -45,7 +45,7 @@ dccp_find_option(u_int8_t option, | |||
45 | unsigned int i; | 45 | unsigned int i; |
46 | 46 | ||
47 | if (dh->dccph_doff * 4 < __dccp_hdr_len(dh)) { | 47 | if (dh->dccph_doff * 4 < __dccp_hdr_len(dh)) { |
48 | *hotdrop = 1; | 48 | *hotdrop = true; |
49 | return 0; | 49 | return 0; |
50 | } | 50 | } |
51 | 51 | ||
@@ -57,7 +57,7 @@ dccp_find_option(u_int8_t option, | |||
57 | if (op == NULL) { | 57 | if (op == NULL) { |
58 | /* If we don't have the whole header, drop packet. */ | 58 | /* If we don't have the whole header, drop packet. */ |
59 | spin_unlock_bh(&dccp_buflock); | 59 | spin_unlock_bh(&dccp_buflock); |
60 | *hotdrop = 1; | 60 | *hotdrop = true; |
61 | return 0; | 61 | return 0; |
62 | } | 62 | } |
63 | 63 | ||
@@ -86,7 +86,7 @@ match_types(const struct dccp_hdr *dh, u_int16_t typemask) | |||
86 | 86 | ||
87 | static inline int | 87 | static inline int |
88 | match_option(u_int8_t option, const struct sk_buff *skb, unsigned int protoff, | 88 | match_option(u_int8_t option, const struct sk_buff *skb, unsigned int protoff, |
89 | const struct dccp_hdr *dh, int *hotdrop) | 89 | const struct dccp_hdr *dh, bool *hotdrop) |
90 | { | 90 | { |
91 | return dccp_find_option(option, skb, protoff, dh, hotdrop); | 91 | return dccp_find_option(option, skb, protoff, dh, hotdrop); |
92 | } | 92 | } |
@@ -99,7 +99,7 @@ match(const struct sk_buff *skb, | |||
99 | const void *matchinfo, | 99 | const void *matchinfo, |
100 | int offset, | 100 | int offset, |
101 | unsigned int protoff, | 101 | unsigned int protoff, |
102 | int *hotdrop) | 102 | bool *hotdrop) |
103 | { | 103 | { |
104 | const struct xt_dccp_info *info = matchinfo; | 104 | const struct xt_dccp_info *info = matchinfo; |
105 | struct dccp_hdr _dh, *dh; | 105 | struct dccp_hdr _dh, *dh; |
@@ -109,7 +109,7 @@ match(const struct sk_buff *skb, | |||
109 | 109 | ||
110 | dh = skb_header_pointer(skb, protoff, sizeof(_dh), &_dh); | 110 | dh = skb_header_pointer(skb, protoff, sizeof(_dh), &_dh); |
111 | if (dh == NULL) { | 111 | if (dh == NULL) { |
112 | *hotdrop = 1; | 112 | *hotdrop = true; |
113 | return 0; | 113 | return 0; |
114 | } | 114 | } |
115 | 115 | ||
diff --git a/net/netfilter/xt_dscp.c b/net/netfilter/xt_dscp.c index 56b247ecc283..c106d738da6d 100644 --- a/net/netfilter/xt_dscp.c +++ b/net/netfilter/xt_dscp.c | |||
@@ -29,7 +29,7 @@ static int match(const struct sk_buff *skb, | |||
29 | const void *matchinfo, | 29 | const void *matchinfo, |
30 | int offset, | 30 | int offset, |
31 | unsigned int protoff, | 31 | unsigned int protoff, |
32 | int *hotdrop) | 32 | bool *hotdrop) |
33 | { | 33 | { |
34 | const struct xt_dscp_info *info = matchinfo; | 34 | const struct xt_dscp_info *info = matchinfo; |
35 | u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; | 35 | u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; |
@@ -44,7 +44,7 @@ static int match6(const struct sk_buff *skb, | |||
44 | const void *matchinfo, | 44 | const void *matchinfo, |
45 | int offset, | 45 | int offset, |
46 | unsigned int protoff, | 46 | unsigned int protoff, |
47 | int *hotdrop) | 47 | bool *hotdrop) |
48 | { | 48 | { |
49 | const struct xt_dscp_info *info = matchinfo; | 49 | const struct xt_dscp_info *info = matchinfo; |
50 | u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; | 50 | u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; |
diff --git a/net/netfilter/xt_esp.c b/net/netfilter/xt_esp.c index 7c95f149d942..5d3421bcd850 100644 --- a/net/netfilter/xt_esp.c +++ b/net/netfilter/xt_esp.c | |||
@@ -50,7 +50,7 @@ match(const struct sk_buff *skb, | |||
50 | const void *matchinfo, | 50 | const void *matchinfo, |
51 | int offset, | 51 | int offset, |
52 | unsigned int protoff, | 52 | unsigned int protoff, |
53 | int *hotdrop) | 53 | bool *hotdrop) |
54 | { | 54 | { |
55 | struct ip_esp_hdr _esp, *eh; | 55 | struct ip_esp_hdr _esp, *eh; |
56 | const struct xt_esp *espinfo = matchinfo; | 56 | const struct xt_esp *espinfo = matchinfo; |
@@ -65,7 +65,7 @@ match(const struct sk_buff *skb, | |||
65 | * can't. Hence, no choice but to drop. | 65 | * can't. Hence, no choice but to drop. |
66 | */ | 66 | */ |
67 | duprintf("Dropping evil ESP tinygram.\n"); | 67 | duprintf("Dropping evil ESP tinygram.\n"); |
68 | *hotdrop = 1; | 68 | *hotdrop = true; |
69 | return 0; | 69 | return 0; |
70 | } | 70 | } |
71 | 71 | ||
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index d3043fa32ebc..cd5cba6978c3 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c | |||
@@ -440,7 +440,7 @@ hashlimit_match(const struct sk_buff *skb, | |||
440 | const void *matchinfo, | 440 | const void *matchinfo, |
441 | int offset, | 441 | int offset, |
442 | unsigned int protoff, | 442 | unsigned int protoff, |
443 | int *hotdrop) | 443 | bool *hotdrop) |
444 | { | 444 | { |
445 | struct xt_hashlimit_info *r = | 445 | struct xt_hashlimit_info *r = |
446 | ((struct xt_hashlimit_info *)matchinfo)->u.master; | 446 | ((struct xt_hashlimit_info *)matchinfo)->u.master; |
@@ -487,7 +487,7 @@ hashlimit_match(const struct sk_buff *skb, | |||
487 | return 0; | 487 | return 0; |
488 | 488 | ||
489 | hotdrop: | 489 | hotdrop: |
490 | *hotdrop = 1; | 490 | *hotdrop = true; |
491 | return 0; | 491 | return 0; |
492 | } | 492 | } |
493 | 493 | ||
diff --git a/net/netfilter/xt_helper.c b/net/netfilter/xt_helper.c index c139b2f43a10..0aa090776e27 100644 --- a/net/netfilter/xt_helper.c +++ b/net/netfilter/xt_helper.c | |||
@@ -36,7 +36,7 @@ match(const struct sk_buff *skb, | |||
36 | const void *matchinfo, | 36 | const void *matchinfo, |
37 | int offset, | 37 | int offset, |
38 | unsigned int protoff, | 38 | unsigned int protoff, |
39 | int *hotdrop) | 39 | bool *hotdrop) |
40 | { | 40 | { |
41 | const struct xt_helper_info *info = matchinfo; | 41 | const struct xt_helper_info *info = matchinfo; |
42 | struct nf_conn *ct; | 42 | struct nf_conn *ct; |
diff --git a/net/netfilter/xt_length.c b/net/netfilter/xt_length.c index 77288c5ada78..621c9ee6d1c9 100644 --- a/net/netfilter/xt_length.c +++ b/net/netfilter/xt_length.c | |||
@@ -28,7 +28,7 @@ match(const struct sk_buff *skb, | |||
28 | const void *matchinfo, | 28 | const void *matchinfo, |
29 | int offset, | 29 | int offset, |
30 | unsigned int protoff, | 30 | unsigned int protoff, |
31 | int *hotdrop) | 31 | bool *hotdrop) |
32 | { | 32 | { |
33 | const struct xt_length_info *info = matchinfo; | 33 | const struct xt_length_info *info = matchinfo; |
34 | u_int16_t pktlen = ntohs(ip_hdr(skb)->tot_len); | 34 | u_int16_t pktlen = ntohs(ip_hdr(skb)->tot_len); |
@@ -44,7 +44,7 @@ match6(const struct sk_buff *skb, | |||
44 | const void *matchinfo, | 44 | const void *matchinfo, |
45 | int offset, | 45 | int offset, |
46 | unsigned int protoff, | 46 | unsigned int protoff, |
47 | int *hotdrop) | 47 | bool *hotdrop) |
48 | { | 48 | { |
49 | const struct xt_length_info *info = matchinfo; | 49 | const struct xt_length_info *info = matchinfo; |
50 | const u_int16_t pktlen = (ntohs(ipv6_hdr(skb)->payload_len) + | 50 | const u_int16_t pktlen = (ntohs(ipv6_hdr(skb)->payload_len) + |
diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c index 571a72ab89ad..1133b4ca4904 100644 --- a/net/netfilter/xt_limit.c +++ b/net/netfilter/xt_limit.c | |||
@@ -65,7 +65,7 @@ ipt_limit_match(const struct sk_buff *skb, | |||
65 | const void *matchinfo, | 65 | const void *matchinfo, |
66 | int offset, | 66 | int offset, |
67 | unsigned int protoff, | 67 | unsigned int protoff, |
68 | int *hotdrop) | 68 | bool *hotdrop) |
69 | { | 69 | { |
70 | struct xt_rateinfo *r = ((struct xt_rateinfo *)matchinfo)->master; | 70 | struct xt_rateinfo *r = ((struct xt_rateinfo *)matchinfo)->master; |
71 | unsigned long now = jiffies; | 71 | unsigned long now = jiffies; |
diff --git a/net/netfilter/xt_mac.c b/net/netfilter/xt_mac.c index 1d3a1d98b885..0e6a28647206 100644 --- a/net/netfilter/xt_mac.c +++ b/net/netfilter/xt_mac.c | |||
@@ -32,7 +32,7 @@ match(const struct sk_buff *skb, | |||
32 | const void *matchinfo, | 32 | const void *matchinfo, |
33 | int offset, | 33 | int offset, |
34 | unsigned int protoff, | 34 | unsigned int protoff, |
35 | int *hotdrop) | 35 | bool *hotdrop) |
36 | { | 36 | { |
37 | const struct xt_mac_info *info = matchinfo; | 37 | const struct xt_mac_info *info = matchinfo; |
38 | 38 | ||
diff --git a/net/netfilter/xt_mark.c b/net/netfilter/xt_mark.c index 39911dddb011..944d1ea56029 100644 --- a/net/netfilter/xt_mark.c +++ b/net/netfilter/xt_mark.c | |||
@@ -27,7 +27,7 @@ match(const struct sk_buff *skb, | |||
27 | const void *matchinfo, | 27 | const void *matchinfo, |
28 | int offset, | 28 | int offset, |
29 | unsigned int protoff, | 29 | unsigned int protoff, |
30 | int *hotdrop) | 30 | bool *hotdrop) |
31 | { | 31 | { |
32 | const struct xt_mark_info *info = matchinfo; | 32 | const struct xt_mark_info *info = matchinfo; |
33 | 33 | ||
diff --git a/net/netfilter/xt_multiport.c b/net/netfilter/xt_multiport.c index 4dce2a81702a..1dc53ded9887 100644 --- a/net/netfilter/xt_multiport.c +++ b/net/netfilter/xt_multiport.c | |||
@@ -102,7 +102,7 @@ match(const struct sk_buff *skb, | |||
102 | const void *matchinfo, | 102 | const void *matchinfo, |
103 | int offset, | 103 | int offset, |
104 | unsigned int protoff, | 104 | unsigned int protoff, |
105 | int *hotdrop) | 105 | bool *hotdrop) |
106 | { | 106 | { |
107 | __be16 _ports[2], *pptr; | 107 | __be16 _ports[2], *pptr; |
108 | const struct xt_multiport *multiinfo = matchinfo; | 108 | const struct xt_multiport *multiinfo = matchinfo; |
@@ -116,7 +116,7 @@ match(const struct sk_buff *skb, | |||
116 | * can't. Hence, no choice but to drop. | 116 | * can't. Hence, no choice but to drop. |
117 | */ | 117 | */ |
118 | duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); | 118 | duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); |
119 | *hotdrop = 1; | 119 | *hotdrop = true; |
120 | return 0; | 120 | return 0; |
121 | } | 121 | } |
122 | 122 | ||
@@ -133,7 +133,7 @@ match_v1(const struct sk_buff *skb, | |||
133 | const void *matchinfo, | 133 | const void *matchinfo, |
134 | int offset, | 134 | int offset, |
135 | unsigned int protoff, | 135 | unsigned int protoff, |
136 | int *hotdrop) | 136 | bool *hotdrop) |
137 | { | 137 | { |
138 | __be16 _ports[2], *pptr; | 138 | __be16 _ports[2], *pptr; |
139 | const struct xt_multiport_v1 *multiinfo = matchinfo; | 139 | const struct xt_multiport_v1 *multiinfo = matchinfo; |
@@ -147,7 +147,7 @@ match_v1(const struct sk_buff *skb, | |||
147 | * can't. Hence, no choice but to drop. | 147 | * can't. Hence, no choice but to drop. |
148 | */ | 148 | */ |
149 | duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); | 149 | duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); |
150 | *hotdrop = 1; | 150 | *hotdrop = true; |
151 | return 0; | 151 | return 0; |
152 | } | 152 | } |
153 | 153 | ||
diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c index 35a0fe200c39..a6de512fa840 100644 --- a/net/netfilter/xt_physdev.c +++ b/net/netfilter/xt_physdev.c | |||
@@ -31,7 +31,7 @@ match(const struct sk_buff *skb, | |||
31 | const void *matchinfo, | 31 | const void *matchinfo, |
32 | int offset, | 32 | int offset, |
33 | unsigned int protoff, | 33 | unsigned int protoff, |
34 | int *hotdrop) | 34 | bool *hotdrop) |
35 | { | 35 | { |
36 | int i; | 36 | int i; |
37 | static const char nulldevname[IFNAMSIZ]; | 37 | static const char nulldevname[IFNAMSIZ]; |
diff --git a/net/netfilter/xt_pkttype.c b/net/netfilter/xt_pkttype.c index e1409fc5c288..692581f40c5f 100644 --- a/net/netfilter/xt_pkttype.c +++ b/net/netfilter/xt_pkttype.c | |||
@@ -28,7 +28,7 @@ static int match(const struct sk_buff *skb, | |||
28 | const void *matchinfo, | 28 | const void *matchinfo, |
29 | int offset, | 29 | int offset, |
30 | unsigned int protoff, | 30 | unsigned int protoff, |
31 | int *hotdrop) | 31 | bool *hotdrop) |
32 | { | 32 | { |
33 | u_int8_t type; | 33 | u_int8_t type; |
34 | const struct xt_pkttype_info *info = matchinfo; | 34 | const struct xt_pkttype_info *info = matchinfo; |
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c index 15b45a95ec13..6878482cd527 100644 --- a/net/netfilter/xt_policy.c +++ b/net/netfilter/xt_policy.c | |||
@@ -115,7 +115,7 @@ static int match(const struct sk_buff *skb, | |||
115 | const void *matchinfo, | 115 | const void *matchinfo, |
116 | int offset, | 116 | int offset, |
117 | unsigned int protoff, | 117 | unsigned int protoff, |
118 | int *hotdrop) | 118 | bool *hotdrop) |
119 | { | 119 | { |
120 | const struct xt_policy_info *info = matchinfo; | 120 | const struct xt_policy_info *info = matchinfo; |
121 | int ret; | 121 | int ret; |
diff --git a/net/netfilter/xt_quota.c b/net/netfilter/xt_quota.c index bfdde06ca0b7..53c71ac980fc 100644 --- a/net/netfilter/xt_quota.c +++ b/net/netfilter/xt_quota.c | |||
@@ -20,7 +20,7 @@ static int | |||
20 | match(const struct sk_buff *skb, | 20 | match(const struct sk_buff *skb, |
21 | const struct net_device *in, const struct net_device *out, | 21 | const struct net_device *in, const struct net_device *out, |
22 | const struct xt_match *match, const void *matchinfo, | 22 | const struct xt_match *match, const void *matchinfo, |
23 | int offset, unsigned int protoff, int *hotdrop) | 23 | int offset, unsigned int protoff, bool *hotdrop) |
24 | { | 24 | { |
25 | struct xt_quota_info *q = ((struct xt_quota_info *)matchinfo)->master; | 25 | struct xt_quota_info *q = ((struct xt_quota_info *)matchinfo)->master; |
26 | int ret = q->flags & XT_QUOTA_INVERT ? 1 : 0; | 26 | int ret = q->flags & XT_QUOTA_INVERT ? 1 : 0; |
diff --git a/net/netfilter/xt_realm.c b/net/netfilter/xt_realm.c index c2017f8af9c4..41451f57919c 100644 --- a/net/netfilter/xt_realm.c +++ b/net/netfilter/xt_realm.c | |||
@@ -29,7 +29,7 @@ match(const struct sk_buff *skb, | |||
29 | const void *matchinfo, | 29 | const void *matchinfo, |
30 | int offset, | 30 | int offset, |
31 | unsigned int protoff, | 31 | unsigned int protoff, |
32 | int *hotdrop) | 32 | bool *hotdrop) |
33 | { | 33 | { |
34 | const struct xt_realm_info *info = matchinfo; | 34 | const struct xt_realm_info *info = matchinfo; |
35 | struct dst_entry *dst = skb->dst; | 35 | struct dst_entry *dst = skb->dst; |
diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c index f86d8d769d47..e581afe89098 100644 --- a/net/netfilter/xt_sctp.c +++ b/net/netfilter/xt_sctp.c | |||
@@ -47,7 +47,7 @@ match_packet(const struct sk_buff *skb, | |||
47 | int chunk_match_type, | 47 | int chunk_match_type, |
48 | const struct xt_sctp_flag_info *flag_info, | 48 | const struct xt_sctp_flag_info *flag_info, |
49 | const int flag_count, | 49 | const int flag_count, |
50 | int *hotdrop) | 50 | bool *hotdrop) |
51 | { | 51 | { |
52 | u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)]; | 52 | u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)]; |
53 | sctp_chunkhdr_t _sch, *sch; | 53 | sctp_chunkhdr_t _sch, *sch; |
@@ -64,7 +64,7 @@ match_packet(const struct sk_buff *skb, | |||
64 | sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch); | 64 | sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch); |
65 | if (sch == NULL || sch->length == 0) { | 65 | if (sch == NULL || sch->length == 0) { |
66 | duprintf("Dropping invalid SCTP packet.\n"); | 66 | duprintf("Dropping invalid SCTP packet.\n"); |
67 | *hotdrop = 1; | 67 | *hotdrop = true; |
68 | return 0; | 68 | return 0; |
69 | } | 69 | } |
70 | 70 | ||
@@ -127,7 +127,7 @@ match(const struct sk_buff *skb, | |||
127 | const void *matchinfo, | 127 | const void *matchinfo, |
128 | int offset, | 128 | int offset, |
129 | unsigned int protoff, | 129 | unsigned int protoff, |
130 | int *hotdrop) | 130 | bool *hotdrop) |
131 | { | 131 | { |
132 | const struct xt_sctp_info *info = matchinfo; | 132 | const struct xt_sctp_info *info = matchinfo; |
133 | sctp_sctphdr_t _sh, *sh; | 133 | sctp_sctphdr_t _sh, *sh; |
@@ -140,7 +140,7 @@ match(const struct sk_buff *skb, | |||
140 | sh = skb_header_pointer(skb, protoff, sizeof(_sh), &_sh); | 140 | sh = skb_header_pointer(skb, protoff, sizeof(_sh), &_sh); |
141 | if (sh == NULL) { | 141 | if (sh == NULL) { |
142 | duprintf("Dropping evil TCP offset=0 tinygram.\n"); | 142 | duprintf("Dropping evil TCP offset=0 tinygram.\n"); |
143 | *hotdrop = 1; | 143 | *hotdrop = true; |
144 | return 0; | 144 | return 0; |
145 | } | 145 | } |
146 | duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest)); | 146 | duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest)); |
diff --git a/net/netfilter/xt_state.c b/net/netfilter/xt_state.c index 149294f7df71..74fe069fc3aa 100644 --- a/net/netfilter/xt_state.c +++ b/net/netfilter/xt_state.c | |||
@@ -28,7 +28,7 @@ match(const struct sk_buff *skb, | |||
28 | const void *matchinfo, | 28 | const void *matchinfo, |
29 | int offset, | 29 | int offset, |
30 | unsigned int protoff, | 30 | unsigned int protoff, |
31 | int *hotdrop) | 31 | bool *hotdrop) |
32 | { | 32 | { |
33 | const struct xt_state_info *sinfo = matchinfo; | 33 | const struct xt_state_info *sinfo = matchinfo; |
34 | enum ip_conntrack_info ctinfo; | 34 | enum ip_conntrack_info ctinfo; |
diff --git a/net/netfilter/xt_statistic.c b/net/netfilter/xt_statistic.c index 091a9f89f5d5..4e5ed81e9ce1 100644 --- a/net/netfilter/xt_statistic.c +++ b/net/netfilter/xt_statistic.c | |||
@@ -28,7 +28,7 @@ static int | |||
28 | match(const struct sk_buff *skb, | 28 | match(const struct sk_buff *skb, |
29 | const struct net_device *in, const struct net_device *out, | 29 | const struct net_device *in, const struct net_device *out, |
30 | const struct xt_match *match, const void *matchinfo, | 30 | const struct xt_match *match, const void *matchinfo, |
31 | int offset, unsigned int protoff, int *hotdrop) | 31 | int offset, unsigned int protoff, bool *hotdrop) |
32 | { | 32 | { |
33 | struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo; | 33 | struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo; |
34 | int ret = info->flags & XT_STATISTIC_INVERT ? 1 : 0; | 34 | int ret = info->flags & XT_STATISTIC_INVERT ? 1 : 0; |
diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c index 999a005dbd0c..7552d8927570 100644 --- a/net/netfilter/xt_string.c +++ b/net/netfilter/xt_string.c | |||
@@ -28,7 +28,7 @@ static int match(const struct sk_buff *skb, | |||
28 | const void *matchinfo, | 28 | const void *matchinfo, |
29 | int offset, | 29 | int offset, |
30 | unsigned int protoff, | 30 | unsigned int protoff, |
31 | int *hotdrop) | 31 | bool *hotdrop) |
32 | { | 32 | { |
33 | const struct xt_string_info *conf = matchinfo; | 33 | const struct xt_string_info *conf = matchinfo; |
34 | struct ts_state state; | 34 | struct ts_state state; |
diff --git a/net/netfilter/xt_tcpmss.c b/net/netfilter/xt_tcpmss.c index 80571d0749f7..0db4f5362180 100644 --- a/net/netfilter/xt_tcpmss.c +++ b/net/netfilter/xt_tcpmss.c | |||
@@ -31,7 +31,7 @@ match(const struct sk_buff *skb, | |||
31 | const void *matchinfo, | 31 | const void *matchinfo, |
32 | int offset, | 32 | int offset, |
33 | unsigned int protoff, | 33 | unsigned int protoff, |
34 | int *hotdrop) | 34 | bool *hotdrop) |
35 | { | 35 | { |
36 | const struct xt_tcpmss_match_info *info = matchinfo; | 36 | const struct xt_tcpmss_match_info *info = matchinfo; |
37 | struct tcphdr _tcph, *th; | 37 | struct tcphdr _tcph, *th; |
@@ -77,7 +77,7 @@ out: | |||
77 | return info->invert; | 77 | return info->invert; |
78 | 78 | ||
79 | dropit: | 79 | dropit: |
80 | *hotdrop = 1; | 80 | *hotdrop = true; |
81 | return 0; | 81 | return 0; |
82 | } | 82 | } |
83 | 83 | ||
diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c index 46414b562a19..ca9ccdd931bc 100644 --- a/net/netfilter/xt_tcpudp.c +++ b/net/netfilter/xt_tcpudp.c | |||
@@ -42,7 +42,7 @@ tcp_find_option(u_int8_t option, | |||
42 | unsigned int protoff, | 42 | unsigned int protoff, |
43 | unsigned int optlen, | 43 | unsigned int optlen, |
44 | int invert, | 44 | int invert, |
45 | int *hotdrop) | 45 | bool *hotdrop) |
46 | { | 46 | { |
47 | /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ | 47 | /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ |
48 | u_int8_t _opt[60 - sizeof(struct tcphdr)], *op; | 48 | u_int8_t _opt[60 - sizeof(struct tcphdr)], *op; |
@@ -57,7 +57,7 @@ tcp_find_option(u_int8_t option, | |||
57 | op = skb_header_pointer(skb, protoff + sizeof(struct tcphdr), | 57 | op = skb_header_pointer(skb, protoff + sizeof(struct tcphdr), |
58 | optlen, _opt); | 58 | optlen, _opt); |
59 | if (op == NULL) { | 59 | if (op == NULL) { |
60 | *hotdrop = 1; | 60 | *hotdrop = true; |
61 | return 0; | 61 | return 0; |
62 | } | 62 | } |
63 | 63 | ||
@@ -78,7 +78,7 @@ tcp_match(const struct sk_buff *skb, | |||
78 | const void *matchinfo, | 78 | const void *matchinfo, |
79 | int offset, | 79 | int offset, |
80 | unsigned int protoff, | 80 | unsigned int protoff, |
81 | int *hotdrop) | 81 | bool *hotdrop) |
82 | { | 82 | { |
83 | struct tcphdr _tcph, *th; | 83 | struct tcphdr _tcph, *th; |
84 | const struct xt_tcp *tcpinfo = matchinfo; | 84 | const struct xt_tcp *tcpinfo = matchinfo; |
@@ -92,7 +92,7 @@ tcp_match(const struct sk_buff *skb, | |||
92 | */ | 92 | */ |
93 | if (offset == 1) { | 93 | if (offset == 1) { |
94 | duprintf("Dropping evil TCP offset=1 frag.\n"); | 94 | duprintf("Dropping evil TCP offset=1 frag.\n"); |
95 | *hotdrop = 1; | 95 | *hotdrop = true; |
96 | } | 96 | } |
97 | /* Must not be a fragment. */ | 97 | /* Must not be a fragment. */ |
98 | return 0; | 98 | return 0; |
@@ -105,7 +105,7 @@ tcp_match(const struct sk_buff *skb, | |||
105 | /* We've been asked to examine this packet, and we | 105 | /* We've been asked to examine this packet, and we |
106 | can't. Hence, no choice but to drop. */ | 106 | can't. Hence, no choice but to drop. */ |
107 | duprintf("Dropping evil TCP offset=0 tinygram.\n"); | 107 | duprintf("Dropping evil TCP offset=0 tinygram.\n"); |
108 | *hotdrop = 1; | 108 | *hotdrop = true; |
109 | return 0; | 109 | return 0; |
110 | } | 110 | } |
111 | 111 | ||
@@ -123,7 +123,7 @@ tcp_match(const struct sk_buff *skb, | |||
123 | return 0; | 123 | return 0; |
124 | if (tcpinfo->option) { | 124 | if (tcpinfo->option) { |
125 | if (th->doff * 4 < sizeof(_tcph)) { | 125 | if (th->doff * 4 < sizeof(_tcph)) { |
126 | *hotdrop = 1; | 126 | *hotdrop = true; |
127 | return 0; | 127 | return 0; |
128 | } | 128 | } |
129 | if (!tcp_find_option(tcpinfo->option, skb, protoff, | 129 | if (!tcp_find_option(tcpinfo->option, skb, protoff, |
@@ -157,7 +157,7 @@ udp_match(const struct sk_buff *skb, | |||
157 | const void *matchinfo, | 157 | const void *matchinfo, |
158 | int offset, | 158 | int offset, |
159 | unsigned int protoff, | 159 | unsigned int protoff, |
160 | int *hotdrop) | 160 | bool *hotdrop) |
161 | { | 161 | { |
162 | struct udphdr _udph, *uh; | 162 | struct udphdr _udph, *uh; |
163 | const struct xt_udp *udpinfo = matchinfo; | 163 | const struct xt_udp *udpinfo = matchinfo; |
@@ -171,7 +171,7 @@ udp_match(const struct sk_buff *skb, | |||
171 | /* We've been asked to examine this packet, and we | 171 | /* We've been asked to examine this packet, and we |
172 | can't. Hence, no choice but to drop. */ | 172 | can't. Hence, no choice but to drop. */ |
173 | duprintf("Dropping evil UDP tinygram.\n"); | 173 | duprintf("Dropping evil UDP tinygram.\n"); |
174 | *hotdrop = 1; | 174 | *hotdrop = true; |
175 | return 0; | 175 | return 0; |
176 | } | 176 | } |
177 | 177 | ||