diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2008-10-08 05:35:13 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:13 -0400 |
commit | 8cc784eec6676b58e7f60419c88179aaa97bf71c (patch) | |
tree | 03847986f09580dccfee9e9afde68cf578a2d996 | |
parent | 19eda879a136889110c692dec4c2ab59e0e43cef (diff) |
netfilter: change return types of match functions for ebtables extensions
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r-- | include/linux/netfilter_bridge/ebtables.h | 3 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_802_3.c | 13 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_among.c | 44 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_arp.c | 35 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ip.c | 25 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ip6.c | 26 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_limit.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_mark_m.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_pkttype.c | 4 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_stp.c | 39 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_vlan.c | 8 |
11 files changed, 104 insertions, 105 deletions
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h index 5f71719b7a27..f9fda2c442a0 100644 --- a/include/linux/netfilter_bridge/ebtables.h +++ b/include/linux/netfilter_bridge/ebtables.h | |||
@@ -207,8 +207,7 @@ struct ebt_match | |||
207 | { | 207 | { |
208 | struct list_head list; | 208 | struct list_head list; |
209 | const char name[EBT_FUNCTION_MAXNAMELEN]; | 209 | const char name[EBT_FUNCTION_MAXNAMELEN]; |
210 | /* 0 == it matches */ | 210 | bool (*match)(const struct sk_buff *skb, const struct net_device *in, |
211 | int (*match)(const struct sk_buff *skb, const struct net_device *in, | ||
212 | const struct net_device *out, const void *matchdata, | 211 | const struct net_device *out, const void *matchdata, |
213 | unsigned int datalen); | 212 | unsigned int datalen); |
214 | bool (*check)(const char *tablename, unsigned int hookmask, | 213 | bool (*check)(const char *tablename, unsigned int hookmask, |
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c index 868df9c1e42b..8ebe62b9bcc1 100644 --- a/net/bridge/netfilter/ebt_802_3.c +++ b/net/bridge/netfilter/ebt_802_3.c | |||
@@ -12,7 +12,8 @@ | |||
12 | #include <linux/netfilter_bridge/ebtables.h> | 12 | #include <linux/netfilter_bridge/ebtables.h> |
13 | #include <linux/netfilter_bridge/ebt_802_3.h> | 13 | #include <linux/netfilter_bridge/ebt_802_3.h> |
14 | 14 | ||
15 | static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device *in, | 15 | static bool ebt_filter_802_3(const struct sk_buff *skb, |
16 | const struct net_device *in, | ||
16 | const struct net_device *out, const void *data, unsigned int datalen) | 17 | const struct net_device *out, const void *data, unsigned int datalen) |
17 | { | 18 | { |
18 | const struct ebt_802_3_info *info = data; | 19 | const struct ebt_802_3_info *info = data; |
@@ -21,19 +22,19 @@ static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device * | |||
21 | 22 | ||
22 | if (info->bitmask & EBT_802_3_SAP) { | 23 | if (info->bitmask & EBT_802_3_SAP) { |
23 | if (FWINV(info->sap != hdr->llc.ui.ssap, EBT_802_3_SAP)) | 24 | if (FWINV(info->sap != hdr->llc.ui.ssap, EBT_802_3_SAP)) |
24 | return EBT_NOMATCH; | 25 | return false; |
25 | if (FWINV(info->sap != hdr->llc.ui.dsap, EBT_802_3_SAP)) | 26 | if (FWINV(info->sap != hdr->llc.ui.dsap, EBT_802_3_SAP)) |
26 | return EBT_NOMATCH; | 27 | return false; |
27 | } | 28 | } |
28 | 29 | ||
29 | if (info->bitmask & EBT_802_3_TYPE) { | 30 | if (info->bitmask & EBT_802_3_TYPE) { |
30 | if (!(hdr->llc.ui.dsap == CHECK_TYPE && hdr->llc.ui.ssap == CHECK_TYPE)) | 31 | if (!(hdr->llc.ui.dsap == CHECK_TYPE && hdr->llc.ui.ssap == CHECK_TYPE)) |
31 | return EBT_NOMATCH; | 32 | return false; |
32 | if (FWINV(info->type != type, EBT_802_3_TYPE)) | 33 | if (FWINV(info->type != type, EBT_802_3_TYPE)) |
33 | return EBT_NOMATCH; | 34 | return false; |
34 | } | 35 | } |
35 | 36 | ||
36 | return EBT_MATCH; | 37 | return true; |
37 | } | 38 | } |
38 | 39 | ||
39 | static struct ebt_match filter_802_3; | 40 | static struct ebt_match filter_802_3; |
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c index 95e2e70ac90a..bfdc67bcbfaf 100644 --- a/net/bridge/netfilter/ebt_among.c +++ b/net/bridge/netfilter/ebt_among.c | |||
@@ -14,8 +14,8 @@ | |||
14 | #include <linux/if_arp.h> | 14 | #include <linux/if_arp.h> |
15 | #include <linux/module.h> | 15 | #include <linux/module.h> |
16 | 16 | ||
17 | static int ebt_mac_wormhash_contains(const struct ebt_mac_wormhash *wh, | 17 | static bool ebt_mac_wormhash_contains(const struct ebt_mac_wormhash *wh, |
18 | const char *mac, __be32 ip) | 18 | const char *mac, __be32 ip) |
19 | { | 19 | { |
20 | /* You may be puzzled as to how this code works. | 20 | /* You may be puzzled as to how this code works. |
21 | * Some tricks were used, refer to | 21 | * Some tricks were used, refer to |
@@ -33,23 +33,19 @@ static int ebt_mac_wormhash_contains(const struct ebt_mac_wormhash *wh, | |||
33 | if (ip) { | 33 | if (ip) { |
34 | for (i = start; i < limit; i++) { | 34 | for (i = start; i < limit; i++) { |
35 | p = &wh->pool[i]; | 35 | p = &wh->pool[i]; |
36 | if (cmp[1] == p->cmp[1] && cmp[0] == p->cmp[0]) { | 36 | if (cmp[1] == p->cmp[1] && cmp[0] == p->cmp[0]) |
37 | if (p->ip == 0 || p->ip == ip) { | 37 | if (p->ip == 0 || p->ip == ip) |
38 | return 1; | 38 | return true; |
39 | } | ||
40 | } | ||
41 | } | 39 | } |
42 | } else { | 40 | } else { |
43 | for (i = start; i < limit; i++) { | 41 | for (i = start; i < limit; i++) { |
44 | p = &wh->pool[i]; | 42 | p = &wh->pool[i]; |
45 | if (cmp[1] == p->cmp[1] && cmp[0] == p->cmp[0]) { | 43 | if (cmp[1] == p->cmp[1] && cmp[0] == p->cmp[0]) |
46 | if (p->ip == 0) { | 44 | if (p->ip == 0) |
47 | return 1; | 45 | return true; |
48 | } | ||
49 | } | ||
50 | } | 46 | } |
51 | } | 47 | } |
52 | return 0; | 48 | return false; |
53 | } | 49 | } |
54 | 50 | ||
55 | static int ebt_mac_wormhash_check_integrity(const struct ebt_mac_wormhash | 51 | static int ebt_mac_wormhash_check_integrity(const struct ebt_mac_wormhash |
@@ -131,10 +127,10 @@ static int get_ip_src(const struct sk_buff *skb, __be32 *addr) | |||
131 | return 0; | 127 | return 0; |
132 | } | 128 | } |
133 | 129 | ||
134 | static int ebt_filter_among(const struct sk_buff *skb, | 130 | static bool ebt_filter_among(const struct sk_buff *skb, |
135 | const struct net_device *in, | 131 | const struct net_device *in, |
136 | const struct net_device *out, const void *data, | 132 | const struct net_device *out, const void *data, |
137 | unsigned int datalen) | 133 | unsigned int datalen) |
138 | { | 134 | { |
139 | const struct ebt_among_info *info = data; | 135 | const struct ebt_among_info *info = data; |
140 | const char *dmac, *smac; | 136 | const char *dmac, *smac; |
@@ -147,34 +143,34 @@ static int ebt_filter_among(const struct sk_buff *skb, | |||
147 | if (wh_src) { | 143 | if (wh_src) { |
148 | smac = eth_hdr(skb)->h_source; | 144 | smac = eth_hdr(skb)->h_source; |
149 | if (get_ip_src(skb, &sip)) | 145 | if (get_ip_src(skb, &sip)) |
150 | return EBT_NOMATCH; | 146 | return false; |
151 | if (!(info->bitmask & EBT_AMONG_SRC_NEG)) { | 147 | if (!(info->bitmask & EBT_AMONG_SRC_NEG)) { |
152 | /* we match only if it contains */ | 148 | /* we match only if it contains */ |
153 | if (!ebt_mac_wormhash_contains(wh_src, smac, sip)) | 149 | if (!ebt_mac_wormhash_contains(wh_src, smac, sip)) |
154 | return EBT_NOMATCH; | 150 | return false; |
155 | } else { | 151 | } else { |
156 | /* we match only if it DOES NOT contain */ | 152 | /* we match only if it DOES NOT contain */ |
157 | if (ebt_mac_wormhash_contains(wh_src, smac, sip)) | 153 | if (ebt_mac_wormhash_contains(wh_src, smac, sip)) |
158 | return EBT_NOMATCH; | 154 | return false; |
159 | } | 155 | } |
160 | } | 156 | } |
161 | 157 | ||
162 | if (wh_dst) { | 158 | if (wh_dst) { |
163 | dmac = eth_hdr(skb)->h_dest; | 159 | dmac = eth_hdr(skb)->h_dest; |
164 | if (get_ip_dst(skb, &dip)) | 160 | if (get_ip_dst(skb, &dip)) |
165 | return EBT_NOMATCH; | 161 | return false; |
166 | if (!(info->bitmask & EBT_AMONG_DST_NEG)) { | 162 | if (!(info->bitmask & EBT_AMONG_DST_NEG)) { |
167 | /* we match only if it contains */ | 163 | /* we match only if it contains */ |
168 | if (!ebt_mac_wormhash_contains(wh_dst, dmac, dip)) | 164 | if (!ebt_mac_wormhash_contains(wh_dst, dmac, dip)) |
169 | return EBT_NOMATCH; | 165 | return false; |
170 | } else { | 166 | } else { |
171 | /* we match only if it DOES NOT contain */ | 167 | /* we match only if it DOES NOT contain */ |
172 | if (ebt_mac_wormhash_contains(wh_dst, dmac, dip)) | 168 | if (ebt_mac_wormhash_contains(wh_dst, dmac, dip)) |
173 | return EBT_NOMATCH; | 169 | return false; |
174 | } | 170 | } |
175 | } | 171 | } |
176 | 172 | ||
177 | return EBT_MATCH; | 173 | return true; |
178 | } | 174 | } |
179 | 175 | ||
180 | static bool | 176 | static bool |
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c index cb33672380d0..f1f0bcf5524a 100644 --- a/net/bridge/netfilter/ebt_arp.c +++ b/net/bridge/netfilter/ebt_arp.c | |||
@@ -15,7 +15,8 @@ | |||
15 | #include <linux/netfilter_bridge/ebtables.h> | 15 | #include <linux/netfilter_bridge/ebtables.h> |
16 | #include <linux/netfilter_bridge/ebt_arp.h> | 16 | #include <linux/netfilter_bridge/ebt_arp.h> |
17 | 17 | ||
18 | static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in, | 18 | static bool ebt_filter_arp(const struct sk_buff *skb, |
19 | const struct net_device *in, | ||
19 | const struct net_device *out, const void *data, unsigned int datalen) | 20 | const struct net_device *out, const void *data, unsigned int datalen) |
20 | { | 21 | { |
21 | const struct ebt_arp_info *info = data; | 22 | const struct ebt_arp_info *info = data; |
@@ -24,42 +25,42 @@ static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in | |||
24 | 25 | ||
25 | ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph); | 26 | ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph); |
26 | if (ah == NULL) | 27 | if (ah == NULL) |
27 | return EBT_NOMATCH; | 28 | return false; |
28 | if (info->bitmask & EBT_ARP_OPCODE && FWINV(info->opcode != | 29 | if (info->bitmask & EBT_ARP_OPCODE && FWINV(info->opcode != |
29 | ah->ar_op, EBT_ARP_OPCODE)) | 30 | ah->ar_op, EBT_ARP_OPCODE)) |
30 | return EBT_NOMATCH; | 31 | return false; |
31 | if (info->bitmask & EBT_ARP_HTYPE && FWINV(info->htype != | 32 | if (info->bitmask & EBT_ARP_HTYPE && FWINV(info->htype != |
32 | ah->ar_hrd, EBT_ARP_HTYPE)) | 33 | ah->ar_hrd, EBT_ARP_HTYPE)) |
33 | return EBT_NOMATCH; | 34 | return false; |
34 | if (info->bitmask & EBT_ARP_PTYPE && FWINV(info->ptype != | 35 | if (info->bitmask & EBT_ARP_PTYPE && FWINV(info->ptype != |
35 | ah->ar_pro, EBT_ARP_PTYPE)) | 36 | ah->ar_pro, EBT_ARP_PTYPE)) |
36 | return EBT_NOMATCH; | 37 | return false; |
37 | 38 | ||
38 | if (info->bitmask & (EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_GRAT)) { | 39 | if (info->bitmask & (EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_GRAT)) { |
39 | const __be32 *sap, *dap; | 40 | const __be32 *sap, *dap; |
40 | __be32 saddr, daddr; | 41 | __be32 saddr, daddr; |
41 | 42 | ||
42 | if (ah->ar_pln != sizeof(__be32) || ah->ar_pro != htons(ETH_P_IP)) | 43 | if (ah->ar_pln != sizeof(__be32) || ah->ar_pro != htons(ETH_P_IP)) |
43 | return EBT_NOMATCH; | 44 | return false; |
44 | sap = skb_header_pointer(skb, sizeof(struct arphdr) + | 45 | sap = skb_header_pointer(skb, sizeof(struct arphdr) + |
45 | ah->ar_hln, sizeof(saddr), | 46 | ah->ar_hln, sizeof(saddr), |
46 | &saddr); | 47 | &saddr); |
47 | if (sap == NULL) | 48 | if (sap == NULL) |
48 | return EBT_NOMATCH; | 49 | return false; |
49 | dap = skb_header_pointer(skb, sizeof(struct arphdr) + | 50 | dap = skb_header_pointer(skb, sizeof(struct arphdr) + |
50 | 2*ah->ar_hln+sizeof(saddr), | 51 | 2*ah->ar_hln+sizeof(saddr), |
51 | sizeof(daddr), &daddr); | 52 | sizeof(daddr), &daddr); |
52 | if (dap == NULL) | 53 | if (dap == NULL) |
53 | return EBT_NOMATCH; | 54 | return false; |
54 | if (info->bitmask & EBT_ARP_SRC_IP && | 55 | if (info->bitmask & EBT_ARP_SRC_IP && |
55 | FWINV(info->saddr != (*sap & info->smsk), EBT_ARP_SRC_IP)) | 56 | FWINV(info->saddr != (*sap & info->smsk), EBT_ARP_SRC_IP)) |
56 | return EBT_NOMATCH; | 57 | return false; |
57 | if (info->bitmask & EBT_ARP_DST_IP && | 58 | if (info->bitmask & EBT_ARP_DST_IP && |
58 | FWINV(info->daddr != (*dap & info->dmsk), EBT_ARP_DST_IP)) | 59 | FWINV(info->daddr != (*dap & info->dmsk), EBT_ARP_DST_IP)) |
59 | return EBT_NOMATCH; | 60 | return false; |
60 | if (info->bitmask & EBT_ARP_GRAT && | 61 | if (info->bitmask & EBT_ARP_GRAT && |
61 | FWINV(*dap != *sap, EBT_ARP_GRAT)) | 62 | FWINV(*dap != *sap, EBT_ARP_GRAT)) |
62 | return EBT_NOMATCH; | 63 | return false; |
63 | } | 64 | } |
64 | 65 | ||
65 | if (info->bitmask & (EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC)) { | 66 | if (info->bitmask & (EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC)) { |
@@ -68,18 +69,18 @@ static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in | |||
68 | uint8_t verdict, i; | 69 | uint8_t verdict, i; |
69 | 70 | ||
70 | if (ah->ar_hln != ETH_ALEN || ah->ar_hrd != htons(ARPHRD_ETHER)) | 71 | if (ah->ar_hln != ETH_ALEN || ah->ar_hrd != htons(ARPHRD_ETHER)) |
71 | return EBT_NOMATCH; | 72 | return false; |
72 | if (info->bitmask & EBT_ARP_SRC_MAC) { | 73 | if (info->bitmask & EBT_ARP_SRC_MAC) { |
73 | mp = skb_header_pointer(skb, sizeof(struct arphdr), | 74 | mp = skb_header_pointer(skb, sizeof(struct arphdr), |
74 | sizeof(_mac), &_mac); | 75 | sizeof(_mac), &_mac); |
75 | if (mp == NULL) | 76 | if (mp == NULL) |
76 | return EBT_NOMATCH; | 77 | return false; |
77 | verdict = 0; | 78 | verdict = 0; |
78 | for (i = 0; i < 6; i++) | 79 | for (i = 0; i < 6; i++) |
79 | verdict |= (mp[i] ^ info->smaddr[i]) & | 80 | verdict |= (mp[i] ^ info->smaddr[i]) & |
80 | info->smmsk[i]; | 81 | info->smmsk[i]; |
81 | if (FWINV(verdict != 0, EBT_ARP_SRC_MAC)) | 82 | if (FWINV(verdict != 0, EBT_ARP_SRC_MAC)) |
82 | return EBT_NOMATCH; | 83 | return false; |
83 | } | 84 | } |
84 | 85 | ||
85 | if (info->bitmask & EBT_ARP_DST_MAC) { | 86 | if (info->bitmask & EBT_ARP_DST_MAC) { |
@@ -87,17 +88,17 @@ static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in | |||
87 | ah->ar_hln + ah->ar_pln, | 88 | ah->ar_hln + ah->ar_pln, |
88 | sizeof(_mac), &_mac); | 89 | sizeof(_mac), &_mac); |
89 | if (mp == NULL) | 90 | if (mp == NULL) |
90 | return EBT_NOMATCH; | 91 | return false; |
91 | verdict = 0; | 92 | verdict = 0; |
92 | for (i = 0; i < 6; i++) | 93 | for (i = 0; i < 6; i++) |
93 | verdict |= (mp[i] ^ info->dmaddr[i]) & | 94 | verdict |= (mp[i] ^ info->dmaddr[i]) & |
94 | info->dmmsk[i]; | 95 | info->dmmsk[i]; |
95 | if (FWINV(verdict != 0, EBT_ARP_DST_MAC)) | 96 | if (FWINV(verdict != 0, EBT_ARP_DST_MAC)) |
96 | return EBT_NOMATCH; | 97 | return false; |
97 | } | 98 | } |
98 | } | 99 | } |
99 | 100 | ||
100 | return EBT_MATCH; | 101 | return true; |
101 | } | 102 | } |
102 | 103 | ||
103 | static bool ebt_arp_check(const char *tablename, unsigned int hookmask, | 104 | static bool ebt_arp_check(const char *tablename, unsigned int hookmask, |
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c index cbf0918ec166..018782f044c4 100644 --- a/net/bridge/netfilter/ebt_ip.c +++ b/net/bridge/netfilter/ebt_ip.c | |||
@@ -24,7 +24,8 @@ struct tcpudphdr { | |||
24 | __be16 dst; | 24 | __be16 dst; |
25 | }; | 25 | }; |
26 | 26 | ||
27 | static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in, | 27 | static bool ebt_filter_ip(const struct sk_buff *skb, |
28 | const struct net_device *in, | ||
28 | const struct net_device *out, const void *data, | 29 | const struct net_device *out, const void *data, |
29 | unsigned int datalen) | 30 | unsigned int datalen) |
30 | { | 31 | { |
@@ -36,46 +37,46 @@ static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in, | |||
36 | 37 | ||
37 | ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); | 38 | ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); |
38 | if (ih == NULL) | 39 | if (ih == NULL) |
39 | return EBT_NOMATCH; | 40 | return false; |
40 | if (info->bitmask & EBT_IP_TOS && | 41 | if (info->bitmask & EBT_IP_TOS && |
41 | FWINV(info->tos != ih->tos, EBT_IP_TOS)) | 42 | FWINV(info->tos != ih->tos, EBT_IP_TOS)) |
42 | return EBT_NOMATCH; | 43 | return false; |
43 | if (info->bitmask & EBT_IP_SOURCE && | 44 | if (info->bitmask & EBT_IP_SOURCE && |
44 | FWINV((ih->saddr & info->smsk) != | 45 | FWINV((ih->saddr & info->smsk) != |
45 | info->saddr, EBT_IP_SOURCE)) | 46 | info->saddr, EBT_IP_SOURCE)) |
46 | return EBT_NOMATCH; | 47 | return false; |
47 | if ((info->bitmask & EBT_IP_DEST) && | 48 | if ((info->bitmask & EBT_IP_DEST) && |
48 | FWINV((ih->daddr & info->dmsk) != | 49 | FWINV((ih->daddr & info->dmsk) != |
49 | info->daddr, EBT_IP_DEST)) | 50 | info->daddr, EBT_IP_DEST)) |
50 | return EBT_NOMATCH; | 51 | return false; |
51 | if (info->bitmask & EBT_IP_PROTO) { | 52 | if (info->bitmask & EBT_IP_PROTO) { |
52 | if (FWINV(info->protocol != ih->protocol, EBT_IP_PROTO)) | 53 | if (FWINV(info->protocol != ih->protocol, EBT_IP_PROTO)) |
53 | return EBT_NOMATCH; | 54 | return false; |
54 | if (!(info->bitmask & EBT_IP_DPORT) && | 55 | if (!(info->bitmask & EBT_IP_DPORT) && |
55 | !(info->bitmask & EBT_IP_SPORT)) | 56 | !(info->bitmask & EBT_IP_SPORT)) |
56 | return EBT_MATCH; | 57 | return true; |
57 | if (ntohs(ih->frag_off) & IP_OFFSET) | 58 | if (ntohs(ih->frag_off) & IP_OFFSET) |
58 | return EBT_NOMATCH; | 59 | return false; |
59 | pptr = skb_header_pointer(skb, ih->ihl*4, | 60 | pptr = skb_header_pointer(skb, ih->ihl*4, |
60 | sizeof(_ports), &_ports); | 61 | sizeof(_ports), &_ports); |
61 | if (pptr == NULL) | 62 | if (pptr == NULL) |
62 | return EBT_NOMATCH; | 63 | return false; |
63 | if (info->bitmask & EBT_IP_DPORT) { | 64 | if (info->bitmask & EBT_IP_DPORT) { |
64 | u32 dst = ntohs(pptr->dst); | 65 | u32 dst = ntohs(pptr->dst); |
65 | if (FWINV(dst < info->dport[0] || | 66 | if (FWINV(dst < info->dport[0] || |
66 | dst > info->dport[1], | 67 | dst > info->dport[1], |
67 | EBT_IP_DPORT)) | 68 | EBT_IP_DPORT)) |
68 | return EBT_NOMATCH; | 69 | return false; |
69 | } | 70 | } |
70 | if (info->bitmask & EBT_IP_SPORT) { | 71 | if (info->bitmask & EBT_IP_SPORT) { |
71 | u32 src = ntohs(pptr->src); | 72 | u32 src = ntohs(pptr->src); |
72 | if (FWINV(src < info->sport[0] || | 73 | if (FWINV(src < info->sport[0] || |
73 | src > info->sport[1], | 74 | src > info->sport[1], |
74 | EBT_IP_SPORT)) | 75 | EBT_IP_SPORT)) |
75 | return EBT_NOMATCH; | 76 | return false; |
76 | } | 77 | } |
77 | } | 78 | } |
78 | return EBT_MATCH; | 79 | return true; |
79 | } | 80 | } |
80 | 81 | ||
81 | static bool ebt_ip_check(const char *tablename, unsigned int hookmask, | 82 | static bool ebt_ip_check(const char *tablename, unsigned int hookmask, |
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c index 1230c9ee394a..7fc3928e3fb5 100644 --- a/net/bridge/netfilter/ebt_ip6.c +++ b/net/bridge/netfilter/ebt_ip6.c | |||
@@ -27,7 +27,7 @@ struct tcpudphdr { | |||
27 | __be16 dst; | 27 | __be16 dst; |
28 | }; | 28 | }; |
29 | 29 | ||
30 | static int ebt_filter_ip6(const struct sk_buff *skb, | 30 | static bool ebt_filter_ip6(const struct sk_buff *skb, |
31 | const struct net_device *in, | 31 | const struct net_device *in, |
32 | const struct net_device *out, const void *data, | 32 | const struct net_device *out, const void *data, |
33 | unsigned int datalen) | 33 | unsigned int datalen) |
@@ -42,54 +42,54 @@ static int ebt_filter_ip6(const struct sk_buff *skb, | |||
42 | 42 | ||
43 | ih6 = skb_header_pointer(skb, 0, sizeof(_ip6h), &_ip6h); | 43 | ih6 = skb_header_pointer(skb, 0, sizeof(_ip6h), &_ip6h); |
44 | if (ih6 == NULL) | 44 | if (ih6 == NULL) |
45 | return EBT_NOMATCH; | 45 | return false; |
46 | if (info->bitmask & EBT_IP6_TCLASS && | 46 | if (info->bitmask & EBT_IP6_TCLASS && |
47 | FWINV(info->tclass != ipv6_get_dsfield(ih6), EBT_IP6_TCLASS)) | 47 | FWINV(info->tclass != ipv6_get_dsfield(ih6), EBT_IP6_TCLASS)) |
48 | return EBT_NOMATCH; | 48 | return false; |
49 | for (i = 0; i < 4; i++) | 49 | for (i = 0; i < 4; i++) |
50 | tmp_addr.in6_u.u6_addr32[i] = ih6->saddr.in6_u.u6_addr32[i] & | 50 | tmp_addr.in6_u.u6_addr32[i] = ih6->saddr.in6_u.u6_addr32[i] & |
51 | info->smsk.in6_u.u6_addr32[i]; | 51 | info->smsk.in6_u.u6_addr32[i]; |
52 | if (info->bitmask & EBT_IP6_SOURCE && | 52 | if (info->bitmask & EBT_IP6_SOURCE && |
53 | FWINV((ipv6_addr_cmp(&tmp_addr, &info->saddr) != 0), | 53 | FWINV((ipv6_addr_cmp(&tmp_addr, &info->saddr) != 0), |
54 | EBT_IP6_SOURCE)) | 54 | EBT_IP6_SOURCE)) |
55 | return EBT_NOMATCH; | 55 | return false; |
56 | for (i = 0; i < 4; i++) | 56 | for (i = 0; i < 4; i++) |
57 | tmp_addr.in6_u.u6_addr32[i] = ih6->daddr.in6_u.u6_addr32[i] & | 57 | tmp_addr.in6_u.u6_addr32[i] = ih6->daddr.in6_u.u6_addr32[i] & |
58 | info->dmsk.in6_u.u6_addr32[i]; | 58 | info->dmsk.in6_u.u6_addr32[i]; |
59 | if (info->bitmask & EBT_IP6_DEST && | 59 | if (info->bitmask & EBT_IP6_DEST && |
60 | FWINV((ipv6_addr_cmp(&tmp_addr, &info->daddr) != 0), EBT_IP6_DEST)) | 60 | FWINV((ipv6_addr_cmp(&tmp_addr, &info->daddr) != 0), EBT_IP6_DEST)) |
61 | return EBT_NOMATCH; | 61 | return false; |
62 | if (info->bitmask & EBT_IP6_PROTO) { | 62 | if (info->bitmask & EBT_IP6_PROTO) { |
63 | uint8_t nexthdr = ih6->nexthdr; | 63 | uint8_t nexthdr = ih6->nexthdr; |
64 | int offset_ph; | 64 | int offset_ph; |
65 | 65 | ||
66 | offset_ph = ipv6_skip_exthdr(skb, sizeof(_ip6h), &nexthdr); | 66 | offset_ph = ipv6_skip_exthdr(skb, sizeof(_ip6h), &nexthdr); |
67 | if (offset_ph == -1) | 67 | if (offset_ph == -1) |
68 | return EBT_NOMATCH; | 68 | return false; |
69 | if (FWINV(info->protocol != nexthdr, EBT_IP6_PROTO)) | 69 | if (FWINV(info->protocol != nexthdr, EBT_IP6_PROTO)) |
70 | return EBT_NOMATCH; | 70 | return false; |
71 | if (!(info->bitmask & EBT_IP6_DPORT) && | 71 | if (!(info->bitmask & EBT_IP6_DPORT) && |
72 | !(info->bitmask & EBT_IP6_SPORT)) | 72 | !(info->bitmask & EBT_IP6_SPORT)) |
73 | return EBT_MATCH; | 73 | return true; |
74 | pptr = skb_header_pointer(skb, offset_ph, sizeof(_ports), | 74 | pptr = skb_header_pointer(skb, offset_ph, sizeof(_ports), |
75 | &_ports); | 75 | &_ports); |
76 | if (pptr == NULL) | 76 | if (pptr == NULL) |
77 | return EBT_NOMATCH; | 77 | return false; |
78 | if (info->bitmask & EBT_IP6_DPORT) { | 78 | if (info->bitmask & EBT_IP6_DPORT) { |
79 | u32 dst = ntohs(pptr->dst); | 79 | u32 dst = ntohs(pptr->dst); |
80 | if (FWINV(dst < info->dport[0] || | 80 | if (FWINV(dst < info->dport[0] || |
81 | dst > info->dport[1], EBT_IP6_DPORT)) | 81 | dst > info->dport[1], EBT_IP6_DPORT)) |
82 | return EBT_NOMATCH; | 82 | return false; |
83 | } | 83 | } |
84 | if (info->bitmask & EBT_IP6_SPORT) { | 84 | if (info->bitmask & EBT_IP6_SPORT) { |
85 | u32 src = ntohs(pptr->src); | 85 | u32 src = ntohs(pptr->src); |
86 | if (FWINV(src < info->sport[0] || | 86 | if (FWINV(src < info->sport[0] || |
87 | src > info->sport[1], EBT_IP6_SPORT)) | 87 | src > info->sport[1], EBT_IP6_SPORT)) |
88 | return EBT_NOMATCH; | 88 | return false; |
89 | } | 89 | } |
90 | return EBT_MATCH; | 90 | return true; |
91 | } | 91 | } |
92 | return EBT_MATCH; | 92 | return true; |
93 | } | 93 | } |
94 | 94 | ||
95 | static bool ebt_ip6_check(const char *tablename, unsigned int hookmask, | 95 | static bool ebt_ip6_check(const char *tablename, unsigned int hookmask, |
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c index 9b04f2be94e9..925065a22a65 100644 --- a/net/bridge/netfilter/ebt_limit.c +++ b/net/bridge/netfilter/ebt_limit.c | |||
@@ -30,7 +30,7 @@ static DEFINE_SPINLOCK(limit_lock); | |||
30 | 30 | ||
31 | #define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ) | 31 | #define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ) |
32 | 32 | ||
33 | static int ebt_limit_match(const struct sk_buff *skb, | 33 | static bool ebt_limit_match(const struct sk_buff *skb, |
34 | const struct net_device *in, const struct net_device *out, | 34 | const struct net_device *in, const struct net_device *out, |
35 | const void *data, unsigned int datalen) | 35 | const void *data, unsigned int datalen) |
36 | { | 36 | { |
@@ -46,11 +46,11 @@ static int ebt_limit_match(const struct sk_buff *skb, | |||
46 | /* We're not limited. */ | 46 | /* We're not limited. */ |
47 | info->credit -= info->cost; | 47 | info->credit -= info->cost; |
48 | spin_unlock_bh(&limit_lock); | 48 | spin_unlock_bh(&limit_lock); |
49 | return EBT_MATCH; | 49 | return true; |
50 | } | 50 | } |
51 | 51 | ||
52 | spin_unlock_bh(&limit_lock); | 52 | spin_unlock_bh(&limit_lock); |
53 | return EBT_NOMATCH; | 53 | return false; |
54 | } | 54 | } |
55 | 55 | ||
56 | /* Precision saver. */ | 56 | /* Precision saver. */ |
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c index b2707d772c90..ec16c0e2868a 100644 --- a/net/bridge/netfilter/ebt_mark_m.c +++ b/net/bridge/netfilter/ebt_mark_m.c | |||
@@ -12,15 +12,15 @@ | |||
12 | #include <linux/netfilter_bridge/ebtables.h> | 12 | #include <linux/netfilter_bridge/ebtables.h> |
13 | #include <linux/netfilter_bridge/ebt_mark_m.h> | 13 | #include <linux/netfilter_bridge/ebt_mark_m.h> |
14 | 14 | ||
15 | static int ebt_filter_mark(const struct sk_buff *skb, | 15 | static bool ebt_filter_mark(const struct sk_buff *skb, |
16 | const struct net_device *in, const struct net_device *out, const void *data, | 16 | const struct net_device *in, const struct net_device *out, const void *data, |
17 | unsigned int datalen) | 17 | unsigned int datalen) |
18 | { | 18 | { |
19 | const struct ebt_mark_m_info *info = data; | 19 | const struct ebt_mark_m_info *info = data; |
20 | 20 | ||
21 | if (info->bitmask & EBT_MARK_OR) | 21 | if (info->bitmask & EBT_MARK_OR) |
22 | return !(!!(skb->mark & info->mask) ^ info->invert); | 22 | return !!(skb->mark & info->mask) ^ info->invert; |
23 | return !(((skb->mark & info->mask) == info->mark) ^ info->invert); | 23 | return ((skb->mark & info->mask) == info->mark) ^ info->invert; |
24 | } | 24 | } |
25 | 25 | ||
26 | static bool ebt_mark_check(const char *tablename, unsigned int hookmask, | 26 | static bool ebt_mark_check(const char *tablename, unsigned int hookmask, |
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c index 4dcd3b86cff6..74b443284366 100644 --- a/net/bridge/netfilter/ebt_pkttype.c +++ b/net/bridge/netfilter/ebt_pkttype.c | |||
@@ -12,7 +12,7 @@ | |||
12 | #include <linux/netfilter_bridge/ebtables.h> | 12 | #include <linux/netfilter_bridge/ebtables.h> |
13 | #include <linux/netfilter_bridge/ebt_pkttype.h> | 13 | #include <linux/netfilter_bridge/ebt_pkttype.h> |
14 | 14 | ||
15 | static int ebt_filter_pkttype(const struct sk_buff *skb, | 15 | static bool ebt_filter_pkttype(const struct sk_buff *skb, |
16 | const struct net_device *in, | 16 | const struct net_device *in, |
17 | const struct net_device *out, | 17 | const struct net_device *out, |
18 | const void *data, | 18 | const void *data, |
@@ -20,7 +20,7 @@ static int ebt_filter_pkttype(const struct sk_buff *skb, | |||
20 | { | 20 | { |
21 | const struct ebt_pkttype_info *info = data; | 21 | const struct ebt_pkttype_info *info = data; |
22 | 22 | ||
23 | return (skb->pkt_type != info->pkt_type) ^ info->invert; | 23 | return (skb->pkt_type == info->pkt_type) ^ info->invert; |
24 | } | 24 | } |
25 | 25 | ||
26 | static bool ebt_pkttype_check(const char *tablename, unsigned int hookmask, | 26 | static bool ebt_pkttype_check(const char *tablename, unsigned int hookmask, |
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c index 37d9480a00c6..7618206639ed 100644 --- a/net/bridge/netfilter/ebt_stp.c +++ b/net/bridge/netfilter/ebt_stp.c | |||
@@ -40,7 +40,7 @@ struct stp_config_pdu { | |||
40 | #define NR16(p) (p[0] << 8 | p[1]) | 40 | #define NR16(p) (p[0] << 8 | p[1]) |
41 | #define NR32(p) ((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]) | 41 | #define NR32(p) ((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]) |
42 | 42 | ||
43 | static int ebt_filter_config(const struct ebt_stp_info *info, | 43 | static bool ebt_filter_config(const struct ebt_stp_info *info, |
44 | const struct stp_config_pdu *stpc) | 44 | const struct stp_config_pdu *stpc) |
45 | { | 45 | { |
46 | const struct ebt_stp_config_info *c; | 46 | const struct ebt_stp_config_info *c; |
@@ -51,12 +51,12 @@ static int ebt_filter_config(const struct ebt_stp_info *info, | |||
51 | c = &info->config; | 51 | c = &info->config; |
52 | if ((info->bitmask & EBT_STP_FLAGS) && | 52 | if ((info->bitmask & EBT_STP_FLAGS) && |
53 | FWINV(c->flags != stpc->flags, EBT_STP_FLAGS)) | 53 | FWINV(c->flags != stpc->flags, EBT_STP_FLAGS)) |
54 | return EBT_NOMATCH; | 54 | return false; |
55 | if (info->bitmask & EBT_STP_ROOTPRIO) { | 55 | if (info->bitmask & EBT_STP_ROOTPRIO) { |
56 | v16 = NR16(stpc->root); | 56 | v16 = NR16(stpc->root); |
57 | if (FWINV(v16 < c->root_priol || | 57 | if (FWINV(v16 < c->root_priol || |
58 | v16 > c->root_priou, EBT_STP_ROOTPRIO)) | 58 | v16 > c->root_priou, EBT_STP_ROOTPRIO)) |
59 | return EBT_NOMATCH; | 59 | return false; |
60 | } | 60 | } |
61 | if (info->bitmask & EBT_STP_ROOTADDR) { | 61 | if (info->bitmask & EBT_STP_ROOTADDR) { |
62 | verdict = 0; | 62 | verdict = 0; |
@@ -64,19 +64,19 @@ static int ebt_filter_config(const struct ebt_stp_info *info, | |||
64 | verdict |= (stpc->root[2+i] ^ c->root_addr[i]) & | 64 | verdict |= (stpc->root[2+i] ^ c->root_addr[i]) & |
65 | c->root_addrmsk[i]; | 65 | c->root_addrmsk[i]; |
66 | if (FWINV(verdict != 0, EBT_STP_ROOTADDR)) | 66 | if (FWINV(verdict != 0, EBT_STP_ROOTADDR)) |
67 | return EBT_NOMATCH; | 67 | return false; |
68 | } | 68 | } |
69 | if (info->bitmask & EBT_STP_ROOTCOST) { | 69 | if (info->bitmask & EBT_STP_ROOTCOST) { |
70 | v32 = NR32(stpc->root_cost); | 70 | v32 = NR32(stpc->root_cost); |
71 | if (FWINV(v32 < c->root_costl || | 71 | if (FWINV(v32 < c->root_costl || |
72 | v32 > c->root_costu, EBT_STP_ROOTCOST)) | 72 | v32 > c->root_costu, EBT_STP_ROOTCOST)) |
73 | return EBT_NOMATCH; | 73 | return false; |
74 | } | 74 | } |
75 | if (info->bitmask & EBT_STP_SENDERPRIO) { | 75 | if (info->bitmask & EBT_STP_SENDERPRIO) { |
76 | v16 = NR16(stpc->sender); | 76 | v16 = NR16(stpc->sender); |
77 | if (FWINV(v16 < c->sender_priol || | 77 | if (FWINV(v16 < c->sender_priol || |
78 | v16 > c->sender_priou, EBT_STP_SENDERPRIO)) | 78 | v16 > c->sender_priou, EBT_STP_SENDERPRIO)) |
79 | return EBT_NOMATCH; | 79 | return false; |
80 | } | 80 | } |
81 | if (info->bitmask & EBT_STP_SENDERADDR) { | 81 | if (info->bitmask & EBT_STP_SENDERADDR) { |
82 | verdict = 0; | 82 | verdict = 0; |
@@ -84,42 +84,43 @@ static int ebt_filter_config(const struct ebt_stp_info *info, | |||
84 | verdict |= (stpc->sender[2+i] ^ c->sender_addr[i]) & | 84 | verdict |= (stpc->sender[2+i] ^ c->sender_addr[i]) & |
85 | c->sender_addrmsk[i]; | 85 | c->sender_addrmsk[i]; |
86 | if (FWINV(verdict != 0, EBT_STP_SENDERADDR)) | 86 | if (FWINV(verdict != 0, EBT_STP_SENDERADDR)) |
87 | return EBT_NOMATCH; | 87 | return false; |
88 | } | 88 | } |
89 | if (info->bitmask & EBT_STP_PORT) { | 89 | if (info->bitmask & EBT_STP_PORT) { |
90 | v16 = NR16(stpc->port); | 90 | v16 = NR16(stpc->port); |
91 | if (FWINV(v16 < c->portl || | 91 | if (FWINV(v16 < c->portl || |
92 | v16 > c->portu, EBT_STP_PORT)) | 92 | v16 > c->portu, EBT_STP_PORT)) |
93 | return EBT_NOMATCH; | 93 | return false; |
94 | } | 94 | } |
95 | if (info->bitmask & EBT_STP_MSGAGE) { | 95 | if (info->bitmask & EBT_STP_MSGAGE) { |
96 | v16 = NR16(stpc->msg_age); | 96 | v16 = NR16(stpc->msg_age); |
97 | if (FWINV(v16 < c->msg_agel || | 97 | if (FWINV(v16 < c->msg_agel || |
98 | v16 > c->msg_ageu, EBT_STP_MSGAGE)) | 98 | v16 > c->msg_ageu, EBT_STP_MSGAGE)) |
99 | return EBT_NOMATCH; | 99 | return false; |
100 | } | 100 | } |
101 | if (info->bitmask & EBT_STP_MAXAGE) { | 101 | if (info->bitmask & EBT_STP_MAXAGE) { |
102 | v16 = NR16(stpc->max_age); | 102 | v16 = NR16(stpc->max_age); |
103 | if (FWINV(v16 < c->max_agel || | 103 | if (FWINV(v16 < c->max_agel || |
104 | v16 > c->max_ageu, EBT_STP_MAXAGE)) | 104 | v16 > c->max_ageu, EBT_STP_MAXAGE)) |
105 | return EBT_NOMATCH; | 105 | return false; |
106 | } | 106 | } |
107 | if (info->bitmask & EBT_STP_HELLOTIME) { | 107 | if (info->bitmask & EBT_STP_HELLOTIME) { |
108 | v16 = NR16(stpc->hello_time); | 108 | v16 = NR16(stpc->hello_time); |
109 | if (FWINV(v16 < c->hello_timel || | 109 | if (FWINV(v16 < c->hello_timel || |
110 | v16 > c->hello_timeu, EBT_STP_HELLOTIME)) | 110 | v16 > c->hello_timeu, EBT_STP_HELLOTIME)) |
111 | return EBT_NOMATCH; | 111 | return false; |
112 | } | 112 | } |
113 | if (info->bitmask & EBT_STP_FWDD) { | 113 | if (info->bitmask & EBT_STP_FWDD) { |
114 | v16 = NR16(stpc->forward_delay); | 114 | v16 = NR16(stpc->forward_delay); |
115 | if (FWINV(v16 < c->forward_delayl || | 115 | if (FWINV(v16 < c->forward_delayl || |
116 | v16 > c->forward_delayu, EBT_STP_FWDD)) | 116 | v16 > c->forward_delayu, EBT_STP_FWDD)) |
117 | return EBT_NOMATCH; | 117 | return false; |
118 | } | 118 | } |
119 | return EBT_MATCH; | 119 | return true; |
120 | } | 120 | } |
121 | 121 | ||
122 | static int ebt_filter_stp(const struct sk_buff *skb, const struct net_device *in, | 122 | static bool ebt_filter_stp(const struct sk_buff *skb, |
123 | const struct net_device *in, | ||
123 | const struct net_device *out, const void *data, unsigned int datalen) | 124 | const struct net_device *out, const void *data, unsigned int datalen) |
124 | { | 125 | { |
125 | const struct ebt_stp_info *info = data; | 126 | const struct ebt_stp_info *info = data; |
@@ -129,15 +130,15 @@ static int ebt_filter_stp(const struct sk_buff *skb, const struct net_device *in | |||
129 | 130 | ||
130 | sp = skb_header_pointer(skb, 0, sizeof(_stph), &_stph); | 131 | sp = skb_header_pointer(skb, 0, sizeof(_stph), &_stph); |
131 | if (sp == NULL) | 132 | if (sp == NULL) |
132 | return EBT_NOMATCH; | 133 | return false; |
133 | 134 | ||
134 | /* The stp code only considers these */ | 135 | /* The stp code only considers these */ |
135 | if (memcmp(sp, header, sizeof(header))) | 136 | if (memcmp(sp, header, sizeof(header))) |
136 | return EBT_NOMATCH; | 137 | return false; |
137 | 138 | ||
138 | if (info->bitmask & EBT_STP_TYPE | 139 | if (info->bitmask & EBT_STP_TYPE |
139 | && FWINV(info->type != sp->type, EBT_STP_TYPE)) | 140 | && FWINV(info->type != sp->type, EBT_STP_TYPE)) |
140 | return EBT_NOMATCH; | 141 | return false; |
141 | 142 | ||
142 | if (sp->type == BPDU_TYPE_CONFIG && | 143 | if (sp->type == BPDU_TYPE_CONFIG && |
143 | info->bitmask & EBT_STP_CONFIG_MASK) { | 144 | info->bitmask & EBT_STP_CONFIG_MASK) { |
@@ -147,10 +148,10 @@ static int ebt_filter_stp(const struct sk_buff *skb, const struct net_device *in | |||
147 | st = skb_header_pointer(skb, sizeof(_stph), | 148 | st = skb_header_pointer(skb, sizeof(_stph), |
148 | sizeof(_stpc), &_stpc); | 149 | sizeof(_stpc), &_stpc); |
149 | if (st == NULL) | 150 | if (st == NULL) |
150 | return EBT_NOMATCH; | 151 | return false; |
151 | return ebt_filter_config(info, st); | 152 | return ebt_filter_config(info, st); |
152 | } | 153 | } |
153 | return EBT_MATCH; | 154 | return true; |
154 | } | 155 | } |
155 | 156 | ||
156 | static bool ebt_stp_check(const char *tablename, unsigned int hookmask, | 157 | static bool ebt_stp_check(const char *tablename, unsigned int hookmask, |
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c index fc88d5d59e04..8cc4257a1ade 100644 --- a/net/bridge/netfilter/ebt_vlan.c +++ b/net/bridge/netfilter/ebt_vlan.c | |||
@@ -38,9 +38,9 @@ MODULE_LICENSE("GPL"); | |||
38 | 38 | ||
39 | #define DEBUG_MSG(args...) if (debug) printk (KERN_DEBUG "ebt_vlan: " args) | 39 | #define DEBUG_MSG(args...) if (debug) printk (KERN_DEBUG "ebt_vlan: " args) |
40 | #define GET_BITMASK(_BIT_MASK_) info->bitmask & _BIT_MASK_ | 40 | #define GET_BITMASK(_BIT_MASK_) info->bitmask & _BIT_MASK_ |
41 | #define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return EBT_NOMATCH;} | 41 | #define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; } |
42 | 42 | ||
43 | static int | 43 | static bool |
44 | ebt_filter_vlan(const struct sk_buff *skb, | 44 | ebt_filter_vlan(const struct sk_buff *skb, |
45 | const struct net_device *in, | 45 | const struct net_device *in, |
46 | const struct net_device *out, | 46 | const struct net_device *out, |
@@ -58,7 +58,7 @@ ebt_filter_vlan(const struct sk_buff *skb, | |||
58 | 58 | ||
59 | fp = skb_header_pointer(skb, 0, sizeof(_frame), &_frame); | 59 | fp = skb_header_pointer(skb, 0, sizeof(_frame), &_frame); |
60 | if (fp == NULL) | 60 | if (fp == NULL) |
61 | return EBT_NOMATCH; | 61 | return false; |
62 | 62 | ||
63 | /* Tag Control Information (TCI) consists of the following elements: | 63 | /* Tag Control Information (TCI) consists of the following elements: |
64 | * - User_priority. The user_priority field is three bits in length, | 64 | * - User_priority. The user_priority field is three bits in length, |
@@ -84,7 +84,7 @@ ebt_filter_vlan(const struct sk_buff *skb, | |||
84 | if (GET_BITMASK(EBT_VLAN_ENCAP)) | 84 | if (GET_BITMASK(EBT_VLAN_ENCAP)) |
85 | EXIT_ON_MISMATCH(encap, EBT_VLAN_ENCAP); | 85 | EXIT_ON_MISMATCH(encap, EBT_VLAN_ENCAP); |
86 | 86 | ||
87 | return EBT_MATCH; | 87 | return true; |
88 | } | 88 | } |
89 | 89 | ||
90 | static bool | 90 | static bool |