netfilter: xtables: change matches to return error code

The following semantic patch does part of the transformation: // <smpl> @ rule1 @ struct xt_match ops; identifier check; @@ ops.checkentry = check; @@ identifier rule1.check; @@ check(...) { <... -return true; +return 0; ...> } @@ identifier rule1.check; @@ check(...) { <... -return false; +return -EINVAL; ...> } // </smpl> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2010-03-23 11:35:56 -0400
committer: Jan Engelhardt <jengelh@medozas.de> 2010-03-25 11:55:24 -0400
commit: bd414ee605ff3ac5fcd79f57269a897879ee4cde (patch)
tree: 3cff5d1f3fd43791341e9cde23dabb4dfbc94bd3 /net/bridge
parent: 135367b8f6a18507af6b9a6910a14b5699415309 (diff)
10 files changed, 41 insertions, 41 deletions
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c
index 7b6f4c4cccb7..f7de8dbc3422 100644
--- a/net/bridge/netfilter/ebt_802_3.c
+++ b/net/bridge/netfilter/ebt_802_3.c
@@ -41,9 +41,9 @@ static int ebt_802_3_mt_check(const struct xt_mtchk_param *par)
        const struct ebt_802_3_info *info = par->matchinfo;
        if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK)
-                return false;
+                return -EINVAL;
-        return true;
+        return 0;
 }
 static struct xt_match ebt_802_3_mt_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
index 8a75d399b510..20068e03fa81 100644
--- a/net/bridge/netfilter/ebt_among.c
+++ b/net/bridge/netfilter/ebt_among.c
@@ -190,17 +190,17 @@ static int ebt_among_mt_check(const struct xt_mtchk_param *par)
                pr_info("wrong size: %d against expected %d, rounded to %Zd\n",
                        em->match_size, expected_length,
                        EBT_ALIGN(expected_length));
-                return false;
+                return -EINVAL;
        }
        if (wh_dst && (err = ebt_mac_wormhash_check_integrity(wh_dst))) {
                pr_info("dst integrity fail: %x\n", -err);
-                return false;
+                return -EINVAL;
        }
        if (wh_src && (err = ebt_mac_wormhash_check_integrity(wh_src))) {
                pr_info("src integrity fail: %x\n", -err);
-                return false;
+                return -EINVAL;
        }
-        return true;
+        return 0;
 }
 static struct xt_match ebt_among_mt_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c
index fc62055adb17..952150cd5e7d 100644
--- a/net/bridge/netfilter/ebt_arp.c
+++ b/net/bridge/netfilter/ebt_arp.c
@@ -108,10 +108,10 @@ static int ebt_arp_mt_check(const struct xt_mtchk_param *par)
        if ((e->ethproto != htons(ETH_P_ARP) &&
           e->ethproto != htons(ETH_P_RARP)) ||
           e->invflags & EBT_IPROTO)
-                return false;
+                return -EINVAL;
        if (info->bitmask & ~EBT_ARP_MASK || info->invflags & ~EBT_ARP_MASK)
-                return false;
+                return -EINVAL;
-        return true;
+        return 0;
 }
 static struct xt_match ebt_arp_mt_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c
index d1a555dc8878..a1c76c7e5219 100644
--- a/net/bridge/netfilter/ebt_ip.c
+++ b/net/bridge/netfilter/ebt_ip.c
@@ -84,24 +84,24 @@ static int ebt_ip_mt_check(const struct xt_mtchk_param *par)
        if (e->ethproto != htons(ETH_P_IP) ||
           e->invflags & EBT_IPROTO)
-                return false;
+                return -EINVAL;
        if (info->bitmask & ~EBT_IP_MASK || info->invflags & ~EBT_IP_MASK)
-                return false;
+                return -EINVAL;
        if (info->bitmask & (EBT_IP_DPORT | EBT_IP_SPORT)) {
                if (info->invflags & EBT_IP_PROTO)
-                        return false;
+                        return -EINVAL;
                if (info->protocol != IPPROTO_TCP &&
                    info->protocol != IPPROTO_UDP &&
                    info->protocol != IPPROTO_UDPLITE &&
                    info->protocol != IPPROTO_SCTP &&
                    info->protocol != IPPROTO_DCCP)
-                         return false;
+                         return -EINVAL;
        }
        if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1])
-                return false;
+                return -EINVAL;
        if (info->bitmask & EBT_IP_SPORT && info->sport[0] > info->sport[1])
-                return false;
+                return -EINVAL;
-        return true;
+        return 0;
 }
 static struct xt_match ebt_ip_mt_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
index fa4ecf50fdc9..33f8413f05ad 100644
--- a/net/bridge/netfilter/ebt_ip6.c
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -86,24 +86,24 @@ static int ebt_ip6_mt_check(const struct xt_mtchk_param *par)
        struct ebt_ip6_info *info = par->matchinfo;
        if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO)
-                return false;
+                return -EINVAL;
        if (info->bitmask & ~EBT_IP6_MASK || info->invflags & ~EBT_IP6_MASK)
-                return false;
+                return -EINVAL;
        if (info->bitmask & (EBT_IP6_DPORT | EBT_IP6_SPORT)) {
                if (info->invflags & EBT_IP6_PROTO)
-                        return false;
+                        return -EINVAL;
                if (info->protocol != IPPROTO_TCP &&
                    info->protocol != IPPROTO_UDP &&
                    info->protocol != IPPROTO_UDPLITE &&
                    info->protocol != IPPROTO_SCTP &&
                    info->protocol != IPPROTO_DCCP)
-                        return false;
+                        return -EINVAL;
        }
        if (info->bitmask & EBT_IP6_DPORT && info->dport[0] > info->dport[1])
-                return false;
+                return -EINVAL;
        if (info->bitmask & EBT_IP6_SPORT && info->sport[0] > info->sport[1])
-                return false;
+                return -EINVAL;
-        return true;
+        return 0;
 }
 static struct xt_match ebt_ip6_mt_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
index abfb0ecd7c17..4b0e2e53fa57 100644
--- a/net/bridge/netfilter/ebt_limit.c
+++ b/net/bridge/netfilter/ebt_limit.c
@@ -74,7 +74,7 @@ static int ebt_limit_mt_check(const struct xt_mtchk_param *par)
            user2credits(info->avg * info->burst) < user2credits(info->avg)) {
                pr_info("overflow, try lower: %u/%u\n",
                        info->avg, info->burst);
-                return false;
+                return -EINVAL;
        }
        /* User avg in seconds * EBT_LIMIT_SCALE: convert to jiffies * 128. */
@@ -82,7 +82,7 @@ static int ebt_limit_mt_check(const struct xt_mtchk_param *par)
        info->credit = user2credits(info->avg * info->burst);
        info->credit_cap = user2credits(info->avg * info->burst);
        info->cost = user2credits(info->avg);
-        return true;
+        return 0;
 }
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c
index 1e5b0b316fbe..e4366c0a1a43 100644
--- a/net/bridge/netfilter/ebt_mark_m.c
+++ b/net/bridge/netfilter/ebt_mark_m.c
@@ -27,12 +27,12 @@ static int ebt_mark_mt_check(const struct xt_mtchk_param *par)
        const struct ebt_mark_m_info *info = par->matchinfo;
        if (info->bitmask & ~EBT_MARK_MASK)
-                return false;
+                return -EINVAL;
        if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND))
-                return false;
+                return -EINVAL;
        if (!info->bitmask)
-                return false;
+                return -EINVAL;
-        return true;
+        return 0;
 }
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c
index 9b3c64516605..f34bcc3197bd 100644
--- a/net/bridge/netfilter/ebt_pkttype.c
+++ b/net/bridge/netfilter/ebt_pkttype.c
@@ -25,9 +25,9 @@ static int ebt_pkttype_mt_check(const struct xt_mtchk_param *par)
        const struct ebt_pkttype_info *info = par->matchinfo;
        if (info->invert != 0 && info->invert != 1)
-                return false;
+                return -EINVAL;
        /* Allow any pkt_type value */
-        return true;
+        return 0;
 }
 static struct xt_match ebt_pkttype_mt_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c
index 521186fa6994..02f28fdda393 100644
--- a/net/bridge/netfilter/ebt_stp.c
+++ b/net/bridge/netfilter/ebt_stp.c
@@ -162,13 +162,13 @@ static int ebt_stp_mt_check(const struct xt_mtchk_param *par)
        if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK ||
            !(info->bitmask & EBT_STP_MASK))
-                return false;
+                return -EINVAL;
        /* Make sure the match only receives stp frames */
        if (compare_ether_addr(e->destmac, bridge_ula) ||
            compare_ether_addr(e->destmsk, msk) || !(e->bitmask & EBT_DESTMAC))
-                return false;
+                return -EINVAL;
-        return true;
+        return 0;
 }
 static struct xt_match ebt_stp_mt_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c
index 04a9575389d8..bf8ae5c7a0c5 100644
--- a/net/bridge/netfilter/ebt_vlan.c
+++ b/net/bridge/netfilter/ebt_vlan.c
@@ -88,7 +88,7 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
        if (e->ethproto != htons(ETH_P_8021Q)) {
                pr_debug("passed entry proto %2.4X is not 802.1Q (8100)\n",
                         ntohs(e->ethproto));
-                return false;
+                return -EINVAL;
        }
        /* Check for bitmask range
@@ -96,14 +96,14 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
        if (info->bitmask & ~EBT_VLAN_MASK) {
                pr_debug("bitmask %2X is out of mask (%2X)\n",
                         info->bitmask, EBT_VLAN_MASK);
-                return false;
+                return -EINVAL;
        }
        /* Check for inversion flags range */
        if (info->invflags & ~EBT_VLAN_MASK) {
                pr_debug("inversion flags %2X is out of mask (%2X)\n",
                         info->invflags, EBT_VLAN_MASK);
-                return false;
+                return -EINVAL;
        }
        /* Reserved VLAN ID (VID) values
@@ -117,7 +117,7 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
                        if (info->id > VLAN_GROUP_ARRAY_LEN) {
                                pr_debug("id %d is out of range (1-4096)\n",
                                         info->id);
-                                return false;
+                                return -EINVAL;
                        }
                        /* Note: This is valid VLAN-tagged frame point.
                         * Any value of user_priority are acceptable,
@@ -132,7 +132,7 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
                if ((unsigned char) info->prio > 7) {
                        pr_debug("prio %d is out of range (0-7)\n",
                                 info->prio);
-                        return false;
+                        return -EINVAL;
                }
        }
        /* Check for encapsulated proto range - it is possible to be
@@ -142,11 +142,11 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
                if ((unsigned short) ntohs(info->encap) < ETH_ZLEN) {
                        pr_debug("encap frame length %d is less than "
                                 "minimal\n", ntohs(info->encap));
-                        return false;
+                        return -EINVAL;
                }
        }
-        return true;
+        return 0;
 }
 static struct xt_match ebt_vlan_mt_reg __read_mostly = {
author	Jan Engelhardt <jengelh@medozas.de>	2010-03-23 11:35:56 -0400
committer	Jan Engelhardt <jengelh@medozas.de>	2010-03-25 11:55:24 -0400
commit	bd414ee605ff3ac5fcd79f57269a897879ee4cde (patch)
tree	3cff5d1f3fd43791341e9cde23dabb4dfbc94bd3 /net/bridge
parent	135367b8f6a18507af6b9a6910a14b5699415309 (diff)

diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c index 7b6f4c4cccb7..f7de8dbc3422 100644 --- a/net/bridge/netfilter/ebt_802_3.c +++ b/net/bridge/netfilter/ebt_802_3.c
@@ -41,9 +41,9 @@ static int ebt_802_3_mt_check(const struct xt_mtchk_param *par)
41	const struct ebt_802_3_info *info = par->matchinfo;	41	const struct ebt_802_3_info *info = par->matchinfo;
42		42
43	if (info->bitmask & ~EBT_802_3_MASK \|\| info->invflags & ~EBT_802_3_MASK)	43	if (info->bitmask & ~EBT_802_3_MASK \|\| info->invflags & ~EBT_802_3_MASK)
44	return false;	44	return -EINVAL;
45		45
46	return true;	46	return 0;
47	}	47	}
48		48
49	static struct xt_match ebt_802_3_mt_reg __read_mostly = {	49	static struct xt_match ebt_802_3_mt_reg __read_mostly = {


diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c index 8a75d399b510..20068e03fa81 100644 --- a/net/bridge/netfilter/ebt_among.c +++ b/net/bridge/netfilter/ebt_among.c
@@ -190,17 +190,17 @@ static int ebt_among_mt_check(const struct xt_mtchk_param *par)
190	pr_info("wrong size: %d against expected %d, rounded to %Zd\n",	190	pr_info("wrong size: %d against expected %d, rounded to %Zd\n",
191	em->match_size, expected_length,	191	em->match_size, expected_length,
192	EBT_ALIGN(expected_length));	192	EBT_ALIGN(expected_length));
193	return false;	193	return -EINVAL;
194	}	194	}
195	if (wh_dst && (err = ebt_mac_wormhash_check_integrity(wh_dst))) {	195	if (wh_dst && (err = ebt_mac_wormhash_check_integrity(wh_dst))) {
196	pr_info("dst integrity fail: %x\n", -err);	196	pr_info("dst integrity fail: %x\n", -err);
197	return false;	197	return -EINVAL;
198	}	198	}
199	if (wh_src && (err = ebt_mac_wormhash_check_integrity(wh_src))) {	199	if (wh_src && (err = ebt_mac_wormhash_check_integrity(wh_src))) {
200	pr_info("src integrity fail: %x\n", -err);	200	pr_info("src integrity fail: %x\n", -err);
201	return false;	201	return -EINVAL;
202	}	202	}
203	return true;	203	return 0;
204	}	204	}
205		205
206	static struct xt_match ebt_among_mt_reg __read_mostly = {	206	static struct xt_match ebt_among_mt_reg __read_mostly = {


diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c index fc62055adb17..952150cd5e7d 100644 --- a/net/bridge/netfilter/ebt_arp.c +++ b/net/bridge/netfilter/ebt_arp.c
@@ -108,10 +108,10 @@ static int ebt_arp_mt_check(const struct xt_mtchk_param *par)
108	if ((e->ethproto != htons(ETH_P_ARP) &&	108	if ((e->ethproto != htons(ETH_P_ARP) &&
109	e->ethproto != htons(ETH_P_RARP)) \|\|	109	e->ethproto != htons(ETH_P_RARP)) \|\|
110	e->invflags & EBT_IPROTO)	110	e->invflags & EBT_IPROTO)
111	return false;	111	return -EINVAL;
112	if (info->bitmask & ~EBT_ARP_MASK \|\| info->invflags & ~EBT_ARP_MASK)	112	if (info->bitmask & ~EBT_ARP_MASK \|\| info->invflags & ~EBT_ARP_MASK)
113	return false;	113	return -EINVAL;
114	return true;	114	return 0;
115	}	115	}
116		116
117	static struct xt_match ebt_arp_mt_reg __read_mostly = {	117	static struct xt_match ebt_arp_mt_reg __read_mostly = {


diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c index d1a555dc8878..a1c76c7e5219 100644 --- a/net/bridge/netfilter/ebt_ip.c +++ b/net/bridge/netfilter/ebt_ip.c
@@ -84,24 +84,24 @@ static int ebt_ip_mt_check(const struct xt_mtchk_param *par)
84		84
85	if (e->ethproto != htons(ETH_P_IP) \|\|	85	if (e->ethproto != htons(ETH_P_IP) \|\|
86	e->invflags & EBT_IPROTO)	86	e->invflags & EBT_IPROTO)
87	return false;	87	return -EINVAL;
88	if (info->bitmask & ~EBT_IP_MASK \|\| info->invflags & ~EBT_IP_MASK)	88	if (info->bitmask & ~EBT_IP_MASK \|\| info->invflags & ~EBT_IP_MASK)
89	return false;	89	return -EINVAL;
90	if (info->bitmask & (EBT_IP_DPORT \| EBT_IP_SPORT)) {	90	if (info->bitmask & (EBT_IP_DPORT \| EBT_IP_SPORT)) {
91	if (info->invflags & EBT_IP_PROTO)	91	if (info->invflags & EBT_IP_PROTO)
92	return false;	92	return -EINVAL;
93	if (info->protocol != IPPROTO_TCP &&	93	if (info->protocol != IPPROTO_TCP &&
94	info->protocol != IPPROTO_UDP &&	94	info->protocol != IPPROTO_UDP &&
95	info->protocol != IPPROTO_UDPLITE &&	95	info->protocol != IPPROTO_UDPLITE &&
96	info->protocol != IPPROTO_SCTP &&	96	info->protocol != IPPROTO_SCTP &&
97	info->protocol != IPPROTO_DCCP)	97	info->protocol != IPPROTO_DCCP)
98	return false;	98	return -EINVAL;
99	}	99	}
100	if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1])	100	if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1])
101	return false;	101	return -EINVAL;
102	if (info->bitmask & EBT_IP_SPORT && info->sport[0] > info->sport[1])	102	if (info->bitmask & EBT_IP_SPORT && info->sport[0] > info->sport[1])
103	return false;	103	return -EINVAL;
104	return true;	104	return 0;
105	}	105	}
106		106
107	static struct xt_match ebt_ip_mt_reg __read_mostly = {	107	static struct xt_match ebt_ip_mt_reg __read_mostly = {


diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c index fa4ecf50fdc9..33f8413f05ad 100644 --- a/net/bridge/netfilter/ebt_ip6.c +++ b/net/bridge/netfilter/ebt_ip6.c
@@ -86,24 +86,24 @@ static int ebt_ip6_mt_check(const struct xt_mtchk_param *par)
86	struct ebt_ip6_info *info = par->matchinfo;	86	struct ebt_ip6_info *info = par->matchinfo;
87		87
88	if (e->ethproto != htons(ETH_P_IPV6) \|\| e->invflags & EBT_IPROTO)	88	if (e->ethproto != htons(ETH_P_IPV6) \|\| e->invflags & EBT_IPROTO)
89	return false;	89	return -EINVAL;
90	if (info->bitmask & ~EBT_IP6_MASK \|\| info->invflags & ~EBT_IP6_MASK)	90	if (info->bitmask & ~EBT_IP6_MASK \|\| info->invflags & ~EBT_IP6_MASK)
91	return false;	91	return -EINVAL;
92	if (info->bitmask & (EBT_IP6_DPORT \| EBT_IP6_SPORT)) {	92	if (info->bitmask & (EBT_IP6_DPORT \| EBT_IP6_SPORT)) {
93	if (info->invflags & EBT_IP6_PROTO)	93	if (info->invflags & EBT_IP6_PROTO)
94	return false;	94	return -EINVAL;
95	if (info->protocol != IPPROTO_TCP &&	95	if (info->protocol != IPPROTO_TCP &&
96	info->protocol != IPPROTO_UDP &&	96	info->protocol != IPPROTO_UDP &&
97	info->protocol != IPPROTO_UDPLITE &&	97	info->protocol != IPPROTO_UDPLITE &&
98	info->protocol != IPPROTO_SCTP &&	98	info->protocol != IPPROTO_SCTP &&
99	info->protocol != IPPROTO_DCCP)	99	info->protocol != IPPROTO_DCCP)
100	return false;	100	return -EINVAL;
101	}	101	}
102	if (info->bitmask & EBT_IP6_DPORT && info->dport[0] > info->dport[1])	102	if (info->bitmask & EBT_IP6_DPORT && info->dport[0] > info->dport[1])
103	return false;	103	return -EINVAL;
104	if (info->bitmask & EBT_IP6_SPORT && info->sport[0] > info->sport[1])	104	if (info->bitmask & EBT_IP6_SPORT && info->sport[0] > info->sport[1])
105	return false;	105	return -EINVAL;
106	return true;	106	return 0;
107	}	107	}
108		108
109	static struct xt_match ebt_ip6_mt_reg __read_mostly = {	109	static struct xt_match ebt_ip6_mt_reg __read_mostly = {


diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c index abfb0ecd7c17..4b0e2e53fa57 100644 --- a/net/bridge/netfilter/ebt_limit.c +++ b/net/bridge/netfilter/ebt_limit.c
@@ -74,7 +74,7 @@ static int ebt_limit_mt_check(const struct xt_mtchk_param *par)
74	user2credits(info->avg * info->burst) < user2credits(info->avg)) {	74	user2credits(info->avg * info->burst) < user2credits(info->avg)) {
75	pr_info("overflow, try lower: %u/%u\n",	75	pr_info("overflow, try lower: %u/%u\n",
76	info->avg, info->burst);	76	info->avg, info->burst);
77	return false;	77	return -EINVAL;
78	}	78	}
79		79
80	/* User avg in seconds * EBT_LIMIT_SCALE: convert to jiffies * 128. */	80	/* User avg in seconds * EBT_LIMIT_SCALE: convert to jiffies * 128. */
@@ -82,7 +82,7 @@ static int ebt_limit_mt_check(const struct xt_mtchk_param *par)
82	info->credit = user2credits(info->avg * info->burst);	82	info->credit = user2credits(info->avg * info->burst);
83	info->credit_cap = user2credits(info->avg * info->burst);	83	info->credit_cap = user2credits(info->avg * info->burst);
84	info->cost = user2credits(info->avg);	84	info->cost = user2credits(info->avg);
85	return true;	85	return 0;
86	}	86	}
87		87
88		88


diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c index 1e5b0b316fbe..e4366c0a1a43 100644 --- a/net/bridge/netfilter/ebt_mark_m.c +++ b/net/bridge/netfilter/ebt_mark_m.c
@@ -27,12 +27,12 @@ static int ebt_mark_mt_check(const struct xt_mtchk_param *par)
27	const struct ebt_mark_m_info *info = par->matchinfo;	27	const struct ebt_mark_m_info *info = par->matchinfo;
28		28
29	if (info->bitmask & ~EBT_MARK_MASK)	29	if (info->bitmask & ~EBT_MARK_MASK)
30	return false;	30	return -EINVAL;
31	if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND))	31	if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND))
32	return false;	32	return -EINVAL;
33	if (!info->bitmask)	33	if (!info->bitmask)
34	return false;	34	return -EINVAL;
35	return true;	35	return 0;
36	}	36	}
37		37
38		38


diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c index 9b3c64516605..f34bcc3197bd 100644 --- a/net/bridge/netfilter/ebt_pkttype.c +++ b/net/bridge/netfilter/ebt_pkttype.c
@@ -25,9 +25,9 @@ static int ebt_pkttype_mt_check(const struct xt_mtchk_param *par)
25	const struct ebt_pkttype_info *info = par->matchinfo;	25	const struct ebt_pkttype_info *info = par->matchinfo;
26		26
27	if (info->invert != 0 && info->invert != 1)	27	if (info->invert != 0 && info->invert != 1)
28	return false;	28	return -EINVAL;
29	/* Allow any pkt_type value */	29	/* Allow any pkt_type value */
30	return true;	30	return 0;
31	}	31	}
32		32
33	static struct xt_match ebt_pkttype_mt_reg __read_mostly = {	33	static struct xt_match ebt_pkttype_mt_reg __read_mostly = {


diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c index 521186fa6994..02f28fdda393 100644 --- a/net/bridge/netfilter/ebt_stp.c +++ b/net/bridge/netfilter/ebt_stp.c
@@ -162,13 +162,13 @@ static int ebt_stp_mt_check(const struct xt_mtchk_param *par)
162		162
163	if (info->bitmask & ~EBT_STP_MASK \|\| info->invflags & ~EBT_STP_MASK \|\|	163	if (info->bitmask & ~EBT_STP_MASK \|\| info->invflags & ~EBT_STP_MASK \|\|
164	!(info->bitmask & EBT_STP_MASK))	164	!(info->bitmask & EBT_STP_MASK))
165	return false;	165	return -EINVAL;
166	/* Make sure the match only receives stp frames */	166	/* Make sure the match only receives stp frames */
167	if (compare_ether_addr(e->destmac, bridge_ula) \|\|	167	if (compare_ether_addr(e->destmac, bridge_ula) \|\|
168	compare_ether_addr(e->destmsk, msk) \|\| !(e->bitmask & EBT_DESTMAC))	168	compare_ether_addr(e->destmsk, msk) \|\| !(e->bitmask & EBT_DESTMAC))
169	return false;	169	return -EINVAL;
170		170
171	return true;	171	return 0;
172	}	172	}
173		173
174	static struct xt_match ebt_stp_mt_reg __read_mostly = {	174	static struct xt_match ebt_stp_mt_reg __read_mostly = {


diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c index 04a9575389d8..bf8ae5c7a0c5 100644 --- a/net/bridge/netfilter/ebt_vlan.c +++ b/net/bridge/netfilter/ebt_vlan.c
@@ -88,7 +88,7 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
88	if (e->ethproto != htons(ETH_P_8021Q)) {	88	if (e->ethproto != htons(ETH_P_8021Q)) {
89	pr_debug("passed entry proto %2.4X is not 802.1Q (8100)\n",	89	pr_debug("passed entry proto %2.4X is not 802.1Q (8100)\n",
90	ntohs(e->ethproto));	90	ntohs(e->ethproto));
91	return false;	91	return -EINVAL;
92	}	92	}
93		93
94	/* Check for bitmask range	94	/* Check for bitmask range
@@ -96,14 +96,14 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
96	if (info->bitmask & ~EBT_VLAN_MASK) {	96	if (info->bitmask & ~EBT_VLAN_MASK) {
97	pr_debug("bitmask %2X is out of mask (%2X)\n",	97	pr_debug("bitmask %2X is out of mask (%2X)\n",
98	info->bitmask, EBT_VLAN_MASK);	98	info->bitmask, EBT_VLAN_MASK);
99	return false;	99	return -EINVAL;
100	}	100	}
101		101
102	/* Check for inversion flags range */	102	/* Check for inversion flags range */
103	if (info->invflags & ~EBT_VLAN_MASK) {	103	if (info->invflags & ~EBT_VLAN_MASK) {
104	pr_debug("inversion flags %2X is out of mask (%2X)\n",	104	pr_debug("inversion flags %2X is out of mask (%2X)\n",
105	info->invflags, EBT_VLAN_MASK);	105	info->invflags, EBT_VLAN_MASK);
106	return false;	106	return -EINVAL;
107	}	107	}
108		108
109	/* Reserved VLAN ID (VID) values	109	/* Reserved VLAN ID (VID) values
@@ -117,7 +117,7 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
117	if (info->id > VLAN_GROUP_ARRAY_LEN) {	117	if (info->id > VLAN_GROUP_ARRAY_LEN) {
118	pr_debug("id %d is out of range (1-4096)\n",	118	pr_debug("id %d is out of range (1-4096)\n",
119	info->id);	119	info->id);
120	return false;	120	return -EINVAL;
121	}	121	}
122	/* Note: This is valid VLAN-tagged frame point.	122	/* Note: This is valid VLAN-tagged frame point.
123	* Any value of user_priority are acceptable,	123	* Any value of user_priority are acceptable,
@@ -132,7 +132,7 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
132	if ((unsigned char) info->prio > 7) {	132	if ((unsigned char) info->prio > 7) {
133	pr_debug("prio %d is out of range (0-7)\n",	133	pr_debug("prio %d is out of range (0-7)\n",
134	info->prio);	134	info->prio);
135	return false;	135	return -EINVAL;
136	}	136	}
137	}	137	}
138	/* Check for encapsulated proto range - it is possible to be	138	/* Check for encapsulated proto range - it is possible to be
@@ -142,11 +142,11 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
142	if ((unsigned short) ntohs(info->encap) < ETH_ZLEN) {	142	if ((unsigned short) ntohs(info->encap) < ETH_ZLEN) {
143	pr_debug("encap frame length %d is less than "	143	pr_debug("encap frame length %d is less than "
144	"minimal\n", ntohs(info->encap));	144	"minimal\n", ntohs(info->encap));
145	return false;	145	return -EINVAL;
146	}	146	}
147	}	147	}
148		148
149	return true;	149	return 0;
150	}	150	}
151		151
152	static struct xt_match ebt_vlan_mt_reg __read_mostly = {	152	static struct xt_match ebt_vlan_mt_reg __read_mostly = {