diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2010-03-23 11:35:56 -0400 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@medozas.de> | 2010-03-25 11:55:24 -0400 |
| commit | bd414ee605ff3ac5fcd79f57269a897879ee4cde (patch) | |
| tree | 3cff5d1f3fd43791341e9cde23dabb4dfbc94bd3 /net/ipv6 | |
| parent | 135367b8f6a18507af6b9a6910a14b5699415309 (diff) | |
netfilter: xtables: change matches to return error code
The following semantic patch does part of the transformation:
// <smpl>
@ rule1 @
struct xt_match ops;
identifier check;
@@
ops.checkentry = check;
@@
identifier rule1.check;
@@
check(...) { <...
-return true;
+return 0;
...> }
@@
identifier rule1.check;
@@
check(...) { <...
-return false;
+return -EINVAL;
...> }
// </smpl>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_ah.c | 4 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_frag.c | 4 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_hbh.c | 6 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_ipv6header.c | 4 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_mh.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_rt.c | 6 |
7 files changed, 14 insertions, 14 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 595b45d52ff3..f2b815e72329 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -2214,7 +2214,7 @@ static int icmp6_checkentry(const struct xt_mtchk_param *par) | |||
| 2214 | const struct ip6t_icmp *icmpinfo = par->matchinfo; | 2214 | const struct ip6t_icmp *icmpinfo = par->matchinfo; |
| 2215 | 2215 | ||
| 2216 | /* Must specify no unknown invflags */ | 2216 | /* Must specify no unknown invflags */ |
| 2217 | return !(icmpinfo->invflags & ~IP6T_ICMP_INV); | 2217 | return (icmpinfo->invflags & ~IP6T_ICMP_INV) ? -EINVAL : 0; |
| 2218 | } | 2218 | } |
| 2219 | 2219 | ||
| 2220 | /* The built-in targets: standard (NULL) and error. */ | 2220 | /* The built-in targets: standard (NULL) and error. */ |
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c index 3d570446deef..1580693c86c1 100644 --- a/net/ipv6/netfilter/ip6t_ah.c +++ b/net/ipv6/netfilter/ip6t_ah.c | |||
| @@ -93,9 +93,9 @@ static int ah_mt6_check(const struct xt_mtchk_param *par) | |||
| 93 | 93 | ||
| 94 | if (ahinfo->invflags & ~IP6T_AH_INV_MASK) { | 94 | if (ahinfo->invflags & ~IP6T_AH_INV_MASK) { |
| 95 | pr_debug("unknown flags %X\n", ahinfo->invflags); | 95 | pr_debug("unknown flags %X\n", ahinfo->invflags); |
| 96 | return false; | 96 | return -EINVAL; |
| 97 | } | 97 | } |
| 98 | return true; | 98 | return 0; |
| 99 | } | 99 | } |
| 100 | 100 | ||
| 101 | static struct xt_match ah_mt6_reg __read_mostly = { | 101 | static struct xt_match ah_mt6_reg __read_mostly = { |
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c index c2dba2701fa3..a5daf0ffb4ec 100644 --- a/net/ipv6/netfilter/ip6t_frag.c +++ b/net/ipv6/netfilter/ip6t_frag.c | |||
| @@ -108,9 +108,9 @@ static int frag_mt6_check(const struct xt_mtchk_param *par) | |||
| 108 | 108 | ||
| 109 | if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) { | 109 | if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) { |
| 110 | pr_debug("unknown flags %X\n", fraginfo->invflags); | 110 | pr_debug("unknown flags %X\n", fraginfo->invflags); |
| 111 | return false; | 111 | return -EINVAL; |
| 112 | } | 112 | } |
| 113 | return true; | 113 | return 0; |
| 114 | } | 114 | } |
| 115 | 115 | ||
| 116 | static struct xt_match frag_mt6_reg __read_mostly = { | 116 | static struct xt_match frag_mt6_reg __read_mostly = { |
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c index 1b294317707b..5e6acdae6d80 100644 --- a/net/ipv6/netfilter/ip6t_hbh.c +++ b/net/ipv6/netfilter/ip6t_hbh.c | |||
| @@ -170,15 +170,15 @@ static int hbh_mt6_check(const struct xt_mtchk_param *par) | |||
| 170 | 170 | ||
| 171 | if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) { | 171 | if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) { |
| 172 | pr_debug("unknown flags %X\n", optsinfo->invflags); | 172 | pr_debug("unknown flags %X\n", optsinfo->invflags); |
| 173 | return false; | 173 | return -EINVAL; |
| 174 | } | 174 | } |
| 175 | 175 | ||
| 176 | if (optsinfo->flags & IP6T_OPTS_NSTRICT) { | 176 | if (optsinfo->flags & IP6T_OPTS_NSTRICT) { |
| 177 | pr_debug("Not strict - not implemented"); | 177 | pr_debug("Not strict - not implemented"); |
| 178 | return false; | 178 | return -EINVAL; |
| 179 | } | 179 | } |
| 180 | 180 | ||
| 181 | return true; | 181 | return 0; |
| 182 | } | 182 | } |
| 183 | 183 | ||
| 184 | static struct xt_match hbh_mt6_reg[] __read_mostly = { | 184 | static struct xt_match hbh_mt6_reg[] __read_mostly = { |
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c index 90e1e04b7932..46fbabb493fa 100644 --- a/net/ipv6/netfilter/ip6t_ipv6header.c +++ b/net/ipv6/netfilter/ip6t_ipv6header.c | |||
| @@ -125,9 +125,9 @@ static int ipv6header_mt6_check(const struct xt_mtchk_param *par) | |||
| 125 | /* invflags is 0 or 0xff in hard mode */ | 125 | /* invflags is 0 or 0xff in hard mode */ |
| 126 | if ((!info->modeflag) && info->invflags != 0x00 && | 126 | if ((!info->modeflag) && info->invflags != 0x00 && |
| 127 | info->invflags != 0xFF) | 127 | info->invflags != 0xFF) |
| 128 | return false; | 128 | return -EINVAL; |
| 129 | 129 | ||
| 130 | return true; | 130 | return 0; |
| 131 | } | 131 | } |
| 132 | 132 | ||
| 133 | static struct xt_match ipv6header_mt6_reg __read_mostly = { | 133 | static struct xt_match ipv6header_mt6_reg __read_mostly = { |
diff --git a/net/ipv6/netfilter/ip6t_mh.c b/net/ipv6/netfilter/ip6t_mh.c index d9408045994c..c9f443e0138f 100644 --- a/net/ipv6/netfilter/ip6t_mh.c +++ b/net/ipv6/netfilter/ip6t_mh.c | |||
| @@ -67,7 +67,7 @@ static int mh_mt6_check(const struct xt_mtchk_param *par) | |||
| 67 | const struct ip6t_mh *mhinfo = par->matchinfo; | 67 | const struct ip6t_mh *mhinfo = par->matchinfo; |
| 68 | 68 | ||
| 69 | /* Must specify no unknown invflags */ | 69 | /* Must specify no unknown invflags */ |
| 70 | return !(mhinfo->invflags & ~IP6T_MH_INV_MASK); | 70 | return (mhinfo->invflags & ~IP6T_MH_INV_MASK) ? -EINVAL : 0; |
| 71 | } | 71 | } |
| 72 | 72 | ||
| 73 | static struct xt_match mh_mt6_reg __read_mostly = { | 73 | static struct xt_match mh_mt6_reg __read_mostly = { |
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c index 76397f35eafd..09322720d2a6 100644 --- a/net/ipv6/netfilter/ip6t_rt.c +++ b/net/ipv6/netfilter/ip6t_rt.c | |||
| @@ -189,17 +189,17 @@ static int rt_mt6_check(const struct xt_mtchk_param *par) | |||
| 189 | 189 | ||
| 190 | if (rtinfo->invflags & ~IP6T_RT_INV_MASK) { | 190 | if (rtinfo->invflags & ~IP6T_RT_INV_MASK) { |
| 191 | pr_debug("unknown flags %X\n", rtinfo->invflags); | 191 | pr_debug("unknown flags %X\n", rtinfo->invflags); |
| 192 | return false; | 192 | return -EINVAL; |
| 193 | } | 193 | } |
| 194 | if ((rtinfo->flags & (IP6T_RT_RES | IP6T_RT_FST_MASK)) && | 194 | if ((rtinfo->flags & (IP6T_RT_RES | IP6T_RT_FST_MASK)) && |
| 195 | (!(rtinfo->flags & IP6T_RT_TYP) || | 195 | (!(rtinfo->flags & IP6T_RT_TYP) || |
| 196 | (rtinfo->rt_type != 0) || | 196 | (rtinfo->rt_type != 0) || |
| 197 | (rtinfo->invflags & IP6T_RT_INV_TYP))) { | 197 | (rtinfo->invflags & IP6T_RT_INV_TYP))) { |
| 198 | pr_debug("`--rt-type 0' required before `--rt-0-*'"); | 198 | pr_debug("`--rt-type 0' required before `--rt-0-*'"); |
| 199 | return false; | 199 | return -EINVAL; |
| 200 | } | 200 | } |
| 201 | 201 | ||
| 202 | return true; | 202 | return 0; |
| 203 | } | 203 | } |
| 204 | 204 | ||
| 205 | static struct xt_match rt_mt6_reg __read_mostly = { | 205 | static struct xt_match rt_mt6_reg __read_mostly = { |