netfilter: xtables: change matches to return error code

The following semantic patch does part of the transformation: // <smpl> @ rule1 @ struct xt_match ops; identifier check; @@ ops.checkentry = check; @@ identifier rule1.check; @@ check(...) { <... -return true; +return 0; ...> } @@ identifier rule1.check; @@ check(...) { <... -return false; +return -EINVAL; ...> } // </smpl> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2010-03-23 11:35:56 -0400
committer: Jan Engelhardt <jengelh@medozas.de> 2010-03-25 11:55:24 -0400
commit: bd414ee605ff3ac5fcd79f57269a897879ee4cde (patch)
tree: 3cff5d1f3fd43791341e9cde23dabb4dfbc94bd3 /net/netfilter
parent: 135367b8f6a18507af6b9a6910a14b5699415309 (diff)
23 files changed, 96 insertions, 90 deletions
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index ee7fe215b3e1..7ee177746172 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -363,6 +363,8 @@ static char *textify_hooks(char *buf, size_t size, unsigned int mask)
 int xt_check_match(struct xt_mtchk_param *par,
                   unsigned int size, u_int8_t proto, bool inv_proto)
 {
+        int ret;
        if (XT_ALIGN(par->match->matchsize) != size &&
            par->match->matchsize != -1) {
                /*
@@ -399,8 +401,14 @@ int xt_check_match(struct xt_mtchk_param *par,
                       par->match->proto);
                return -EINVAL;
        }
-        if (par->match->checkentry != NULL && !par->match->checkentry(par))
+        if (par->match->checkentry != NULL) {
-                return -EINVAL;
+                ret = par->match->checkentry(par);
+                if (ret < 0)
+                        return ret;
+                else if (ret > 0)
+                        /* Flag up potential errors. */
+                        return -EIO;
+        }
        return 0;
 }
 EXPORT_SYMBOL_GPL(xt_check_match);
diff --git a/net/netfilter/xt_cluster.c b/net/netfilter/xt_cluster.c
index 1f2c35ef1427..30cb7762fc41 100644
--- a/net/netfilter/xt_cluster.c
+++ b/net/netfilter/xt_cluster.c
@@ -140,14 +140,14 @@ static int xt_cluster_mt_checkentry(const struct xt_mtchk_param *par)
                pr_info("you have exceeded the maximum "
                        "number of cluster nodes (%u > %u)\n",
                        info->total_nodes, XT_CLUSTER_NODES_MAX);
-                return false;
+                return -EINVAL;
        }
        if (info->node_mask >= (1ULL << info->total_nodes)) {
                pr_info("this node mask cannot be "
                        "higher than the total number of nodes\n");
-                return false;
+                return -EINVAL;
        }
-        return true;
+        return 0;
 }
 static struct xt_match xt_cluster_match __read_mostly = {
diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c
index 136ef4ccdacb..bf8e286361c3 100644
--- a/net/netfilter/xt_connbytes.c
+++ b/net/netfilter/xt_connbytes.c
@@ -100,20 +100,20 @@ static int connbytes_mt_check(const struct xt_mtchk_param *par)
        if (sinfo->what != XT_CONNBYTES_PKTS &&
            sinfo->what != XT_CONNBYTES_BYTES &&
            sinfo->what != XT_CONNBYTES_AVGPKT)
-                return false;
+                return -EINVAL;
        if (sinfo->direction != XT_CONNBYTES_DIR_ORIGINAL &&
            sinfo->direction != XT_CONNBYTES_DIR_REPLY &&
            sinfo->direction != XT_CONNBYTES_DIR_BOTH)
-                return false;
+                return -EINVAL;
        if (nf_ct_l3proto_try_module_get(par->family) < 0) {
                pr_info("cannot load conntrack support for proto=%u\n",
                        par->family);
-                return false;
+                return -EINVAL;
        }
-        return true;
+        return 0;
 }
 static void connbytes_mt_destroy(const struct xt_mtdtor_param *par)
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index a9fec38ab029..68e89f08140b 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -228,21 +228,21 @@ static int connlimit_mt_check(const struct xt_mtchk_param *par)
        if (nf_ct_l3proto_try_module_get(par->family) < 0) {
                pr_info("cannot load conntrack support for "
                        "address family %u\n", par->family);
-                return false;
+                return -EINVAL;
        }
        /* init private data */
        info->data = kmalloc(sizeof(struct xt_connlimit_data), GFP_KERNEL);
        if (info->data == NULL) {
                nf_ct_l3proto_module_put(par->family);
-                return false;
+                return -EINVAL;
        }
        spin_lock_init(&info->data->lock);
        for (i = 0; i < ARRAY_SIZE(info->data->iphash); ++i)
                INIT_LIST_HEAD(&info->data->iphash[i]);
-        return true;
+        return 0;
 }
 static void connlimit_mt_destroy(const struct xt_mtdtor_param *par)
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c
index 0e69427f8cda..e137af5559e0 100644
--- a/net/netfilter/xt_connmark.c
+++ b/net/netfilter/xt_connmark.c
@@ -79,9 +79,9 @@ static int connmark_tg_check(const struct xt_tgchk_param *par)
        if (nf_ct_l3proto_try_module_get(par->family) < 0) {
                pr_info("cannot load conntrack support for proto=%u\n",
                        par->family);
-                return false;
+                return -EINVAL;
        }
-        return true;
+        return 0;
 }
 static void connmark_tg_destroy(const struct xt_tgdtor_param *par)
@@ -108,9 +108,9 @@ static int connmark_mt_check(const struct xt_mtchk_param *par)
        if (nf_ct_l3proto_try_module_get(par->family) < 0) {
                pr_info("cannot load conntrack support for proto=%u\n",
                        par->family);
-                return false;
+                return -EINVAL;
        }
-        return true;
+        return 0;
 }
 static void connmark_mt_destroy(const struct xt_mtdtor_param *par)
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index 500e0338a187..26e34aa7f8d1 100644
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c
@@ -211,9 +211,9 @@ static int conntrack_mt_check(const struct xt_mtchk_param *par)
        if (nf_ct_l3proto_try_module_get(par->family) < 0) {
                pr_info("cannot load conntrack support for proto=%u\n",
                        par->family);
-                return false;
+                return -EINVAL;
        }
-        return true;
+        return 0;
 }
 static void conntrack_mt_destroy(const struct xt_mtdtor_param *par)
diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c
index da8c301d24ea..f54699ca5609 100644
--- a/net/netfilter/xt_dccp.c
+++ b/net/netfilter/xt_dccp.c
@@ -128,12 +128,12 @@ static int dccp_mt_check(const struct xt_mtchk_param *par)
        const struct xt_dccp_info *info = par->matchinfo;
        if (info->flags & ~XT_DCCP_VALID_FLAGS)
-                return false;
+                return -EINVAL;
        if (info->invflags & ~XT_DCCP_VALID_FLAGS)
-                return false;
+                return -EINVAL;
        if (info->invflags & ~info->flags)
-                return false;
+                return -EINVAL;
-        return true;
+        return 0;
 }
 static struct xt_match dccp_mt_reg[] __read_mostly = {
diff --git a/net/netfilter/xt_dscp.c b/net/netfilter/xt_dscp.c
index 295da4ce822c..f355fb9e06fa 100644
--- a/net/netfilter/xt_dscp.c
+++ b/net/netfilter/xt_dscp.c
@@ -48,10 +48,10 @@ static int dscp_mt_check(const struct xt_mtchk_param *par)
        if (info->dscp > XT_DSCP_MAX) {
                pr_info("dscp %x out of range\n", info->dscp);
-                return false;
+                return -EINVAL;
        }
-        return true;
+        return 0;
 }
 static bool tos_mt(const struct sk_buff *skb, const struct xt_match_param *par)
diff --git a/net/netfilter/xt_esp.c b/net/netfilter/xt_esp.c
index 9f5da9795674..143bfdc8e38f 100644
--- a/net/netfilter/xt_esp.c
+++ b/net/netfilter/xt_esp.c
@@ -66,10 +66,10 @@ static int esp_mt_check(const struct xt_mtchk_param *par)
        if (espinfo->invflags & ~XT_ESP_INV_MASK) {
                pr_debug("unknown flags %X\n", espinfo->invflags);
-                return false;
+                return -EINVAL;
        }
-        return true;
+        return 0;
 }
 static struct xt_match esp_mt_reg[] __read_mostly = {
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index d13800c95930..0c0152902b3b 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -681,30 +681,29 @@ static int hashlimit_mt_check_v0(const struct xt_mtchk_param *par)
            user2credits(r->cfg.avg * r->cfg.burst) < user2credits(r->cfg.avg)) {
                pr_info("overflow, try lower: %u/%u\n",
                        r->cfg.avg, r->cfg.burst);
-                return false;
+                return -EINVAL;
        }
        if (r->cfg.mode == 0 ||
            r->cfg.mode > (XT_HASHLIMIT_HASH_DPT |
                           XT_HASHLIMIT_HASH_DIP |
                           XT_HASHLIMIT_HASH_SIP |
                           XT_HASHLIMIT_HASH_SPT))
-                return false;
+                return -EINVAL;
        if (!r->cfg.gc_interval)
-                return false;
+                return -EINVAL;
        if (!r->cfg.expire)
-                return false;
+                return -EINVAL;
        if (r->name[sizeof(r->name) - 1] != '\0')
-                return false;
+                return -EINVAL;
        mutex_lock(&hashlimit_mutex);
        r->hinfo = htable_find_get(net, r->name, par->family);
        if (!r->hinfo && htable_create_v0(net, r, par->family) != 0) {
                mutex_unlock(&hashlimit_mutex);
-                return false;
+                return -EINVAL;
        }
        mutex_unlock(&hashlimit_mutex);
+        return 0;
-        return true;
 }
 static int hashlimit_mt_check(const struct xt_mtchk_param *par)
@@ -718,28 +717,28 @@ static int hashlimit_mt_check(const struct xt_mtchk_param *par)
            user2credits(info->cfg.avg)) {
                pr_info("overflow, try lower: %u/%u\n",
                        info->cfg.avg, info->cfg.burst);
-                return false;
+                return -EINVAL;
        }
        if (info->cfg.gc_interval == 0 || info->cfg.expire == 0)
-                return false;
+                return -EINVAL;
        if (info->name[sizeof(info->name)-1] != '\0')
-                return false;
+                return -EINVAL;
        if (par->family == NFPROTO_IPV4) {
                if (info->cfg.srcmask > 32 || info->cfg.dstmask > 32)
-                        return false;
+                        return -EINVAL;
        } else {
                if (info->cfg.srcmask > 128 || info->cfg.dstmask > 128)
-                        return false;
+                        return -EINVAL;
        }
        mutex_lock(&hashlimit_mutex);
        info->hinfo = htable_find_get(net, info->name, par->family);
        if (!info->hinfo && htable_create(net, info, par->family) != 0) {
                mutex_unlock(&hashlimit_mutex);
-                return false;
+                return -EINVAL;
        }
        mutex_unlock(&hashlimit_mutex);
-        return true;
+        return 0;
 }
 static void
diff --git a/net/netfilter/xt_helper.c b/net/netfilter/xt_helper.c
index 6e177b279f90..eb308b32bfe0 100644
--- a/net/netfilter/xt_helper.c
+++ b/net/netfilter/xt_helper.c
@@ -61,10 +61,10 @@ static int helper_mt_check(const struct xt_mtchk_param *par)
        if (nf_ct_l3proto_try_module_get(par->family) < 0) {
                pr_info("cannot load conntrack support for proto=%u\n",
                        par->family);
-                return false;
+                return -EINVAL;
        }
        info->name[29] = '\0';
-        return true;
+        return 0;
 }
 static void helper_mt_destroy(const struct xt_mtdtor_param *par)
diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c
index 138a324df8df..5ff0580ce878 100644
--- a/net/netfilter/xt_limit.c
+++ b/net/netfilter/xt_limit.c
@@ -107,12 +107,12 @@ static int limit_mt_check(const struct xt_mtchk_param *par)
            || user2credits(r->avg * r->burst) < user2credits(r->avg)) {
                pr_info("Overflow, try lower: %u/%u\n",
                        r->avg, r->burst);
-                return false;
+                return -EINVAL;
        }
        priv = kmalloc(sizeof(*priv), GFP_KERNEL);
        if (priv == NULL)
-                return false;
+                return -EINVAL;
        /* For SMP, we only want to use one set of state. */
        r->master = priv;
@@ -124,7 +124,7 @@ static int limit_mt_check(const struct xt_mtchk_param *par)
                r->credit_cap = user2credits(r->avg * r->burst); /* Credits full. */
                r->cost = user2credits(r->avg);
        }
-        return true;
+        return 0;
 }
 static void limit_mt_destroy(const struct xt_mtdtor_param *par)
diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c
index 850e412c83ef..d0bdf3dd4d25 100644
--- a/net/netfilter/xt_physdev.c
+++ b/net/netfilter/xt_physdev.c
@@ -89,7 +89,7 @@ static int physdev_mt_check(const struct xt_mtchk_param *par)
        if (!(info->bitmask & XT_PHYSDEV_OP_MASK) ||
            info->bitmask & ~XT_PHYSDEV_OP_MASK)
-                return false;
+                return -EINVAL;
        if (info->bitmask & XT_PHYSDEV_OP_OUT &&
            (!(info->bitmask & XT_PHYSDEV_OP_BRIDGED) ||
             info->invert & XT_PHYSDEV_OP_BRIDGED) &&
@@ -99,9 +99,9 @@ static int physdev_mt_check(const struct xt_mtchk_param *par)
                        "POSTROUTING chains for non-bridged traffic is not "
                        "supported anymore.\n");
                if (par->hook_mask & (1 << NF_INET_LOCAL_OUT))
-                        return false;
+                        return -EINVAL;
        }
-        return true;
+        return 0;
 }
 static struct xt_match physdev_mt_reg __read_mostly = {
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c
index c9965b640b16..1fa239c1fb93 100644
--- a/net/netfilter/xt_policy.c
+++ b/net/netfilter/xt_policy.c
@@ -134,23 +134,23 @@ static int policy_mt_check(const struct xt_mtchk_param *par)
        if (!(info->flags & (XT_POLICY_MATCH_IN|XT_POLICY_MATCH_OUT))) {
                pr_info("neither incoming nor outgoing policy selected\n");
-                return false;
+                return -EINVAL;
        }
        if (par->hook_mask & ((1 << NF_INET_PRE_ROUTING) |
            (1 << NF_INET_LOCAL_IN)) && info->flags & XT_POLICY_MATCH_OUT) {
                pr_info("output policy not valid in PREROUTING and INPUT\n");
-                return false;
+                return -EINVAL;
        }
        if (par->hook_mask & ((1 << NF_INET_POST_ROUTING) |
            (1 << NF_INET_LOCAL_OUT)) && info->flags & XT_POLICY_MATCH_IN) {
                pr_info("input policy not valid in POSTROUTING and OUTPUT\n");
-                return false;
+                return -EINVAL;
        }
        if (info->len > XT_POLICY_MAX_ELEM) {
                pr_info("too many policy elements\n");
-                return false;
+                return -EINVAL;
        }
-        return true;
+        return 0;
 }
 static struct xt_match policy_mt_reg[] __read_mostly = {
diff --git a/net/netfilter/xt_quota.c b/net/netfilter/xt_quota.c
index 2861fac5f2e1..766e71c6dc55 100644
--- a/net/netfilter/xt_quota.c
+++ b/net/netfilter/xt_quota.c
@@ -48,14 +48,14 @@ static int quota_mt_check(const struct xt_mtchk_param *par)
        struct xt_quota_info *q = par->matchinfo;
        if (q->flags & ~XT_QUOTA_MASK)
-                return false;
+                return -EINVAL;
        q->master = kmalloc(sizeof(*q->master), GFP_KERNEL);
        if (q->master == NULL)
-                return false;
+                return -EINVAL;
        q->master->quota = q->quota;
-        return true;
+        return 0;
 }
 static void quota_mt_destroy(const struct xt_mtdtor_param *par)
diff --git a/net/netfilter/xt_rateest.c b/net/netfilter/xt_rateest.c
index 3b5e3d613b18..0b5c6122737d 100644
--- a/net/netfilter/xt_rateest.c
+++ b/net/netfilter/xt_rateest.c
@@ -109,12 +109,12 @@ static int xt_rateest_mt_checkentry(const struct xt_mtchk_param *par)
        info->est1 = est1;
        info->est2 = est2;
-        return true;
+        return 0;
 err2:
        xt_rateest_put(est1);
 err1:
-        return false;
+        return -EINVAL;
 }
 static void xt_rateest_mt_destroy(const struct xt_mtdtor_param *par)
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index 52042c8bf7f2..0994ff54a731 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -314,7 +314,7 @@ static int recent_mt_check(const struct xt_mtchk_param *par)
        struct proc_dir_entry *pde;
 #endif
        unsigned i;
-        bool ret = false;
+        int ret = -EINVAL;
        if (unlikely(!hash_rnd_inited)) {
                get_random_bytes(&hash_rnd, sizeof(hash_rnd));
@@ -323,33 +323,33 @@ static int recent_mt_check(const struct xt_mtchk_param *par)
        if (info->check_set & ~XT_RECENT_VALID_FLAGS) {
                pr_info("Unsupported user space flags (%08x)\n",
                        info->check_set);
-                return false;
+                return -EINVAL;
        }
        if (hweight8(info->check_set &
                     (XT_RECENT_SET | XT_RECENT_REMOVE |
                      XT_RECENT_CHECK | XT_RECENT_UPDATE)) != 1)
-                return false;
+                return -EINVAL;
        if ((info->check_set & (XT_RECENT_SET | XT_RECENT_REMOVE)) &&
            (info->seconds || info->hit_count ||
            (info->check_set & XT_RECENT_MODIFIERS)))
-                return false;
+                return -EINVAL;
        if ((info->check_set & XT_RECENT_REAP) && !info->seconds)
-                return false;
+                return -EINVAL;
        if (info->hit_count > ip_pkt_list_tot) {
                pr_info("hitcount (%u) is larger than "
                        "packets to be remembered (%u)\n",
                        info->hit_count, ip_pkt_list_tot);
-                return false;
+                return -EINVAL;
        }
        if (info->name[0] == '\0' ||
            strnlen(info->name, XT_RECENT_NAME_LEN) == XT_RECENT_NAME_LEN)
-                return false;
+                return -EINVAL;
        mutex_lock(&recent_mutex);
        t = recent_table_lookup(recent_net, info->name);
        if (t != NULL) {
                t->refcnt++;
-                ret = true;
+                ret = 0;
                goto out;
        }
@@ -375,7 +375,7 @@ static int recent_mt_check(const struct xt_mtchk_param *par)
        spin_lock_bh(&recent_lock);
        list_add_tail(&t->list, &recent_net->tables);
        spin_unlock_bh(&recent_lock);
-        ret = true;
+        ret = 0;
 out:
        mutex_unlock(&recent_mutex);
        return ret;
diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c
index 5037a7a0059c..c3694df54672 100644
--- a/net/netfilter/xt_sctp.c
+++ b/net/netfilter/xt_sctp.c
@@ -149,17 +149,17 @@ static int sctp_mt_check(const struct xt_mtchk_param *par)
        const struct xt_sctp_info *info = par->matchinfo;
        if (info->flags & ~XT_SCTP_VALID_FLAGS)
-                return false;
+                return -EINVAL;
        if (info->invflags & ~XT_SCTP_VALID_FLAGS)
-                return false;
+                return -EINVAL;
        if (info->invflags & ~info->flags)
-                return false;
+                return -EINVAL;
        if (!(info->flags & XT_SCTP_CHUNK_TYPES))
-                return true;
+                return 0;
        if (info->chunk_match_type & (SCTP_CHUNK_MATCH_ALL |
            SCTP_CHUNK_MATCH_ANY | SCTP_CHUNK_MATCH_ONLY))
-                return true;
+                return 0;
-        return false;
+        return -EINVAL;
 }
 static struct xt_match sctp_mt_reg[] __read_mostly = {
diff --git a/net/netfilter/xt_state.c b/net/netfilter/xt_state.c
index 8b15b1317f1f..8e8c9df51784 100644
--- a/net/netfilter/xt_state.c
+++ b/net/netfilter/xt_state.c
@@ -42,9 +42,9 @@ static int state_mt_check(const struct xt_mtchk_param *par)
        if (nf_ct_l3proto_try_module_get(par->family) < 0) {
                pr_info("cannot load conntrack support for proto=%u\n",
                        par->family);
-                return false;
+                return -EINVAL;
        }
-        return true;
+        return 0;
 }
 static void state_mt_destroy(const struct xt_mtdtor_param *par)
diff --git a/net/netfilter/xt_statistic.c b/net/netfilter/xt_statistic.c
index a577ab008f57..29d76f8f1880 100644
--- a/net/netfilter/xt_statistic.c
+++ b/net/netfilter/xt_statistic.c
@@ -58,14 +58,14 @@ static int statistic_mt_check(const struct xt_mtchk_param *par)
        if (info->mode > XT_STATISTIC_MODE_MAX ||
            info->flags & ~XT_STATISTIC_MASK)
-                return false;
+                return -EINVAL;
        info->master = kzalloc(sizeof(*info->master), GFP_KERNEL);
        if (info->master == NULL)
-                return false;
+                return -EINVAL;
        info->master->count = info->u.nth.count;
-        return true;
+        return 0;
 }
 static void statistic_mt_destroy(const struct xt_mtdtor_param *par)
diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c
index 7d1412154e27..e1f22a7a4152 100644
--- a/net/netfilter/xt_string.c
+++ b/net/netfilter/xt_string.c
@@ -48,26 +48,25 @@ static int string_mt_check(const struct xt_mtchk_param *par)
        /* Damn, can't handle this case properly with iptables... */
        if (conf->from_offset > conf->to_offset)
-                return false;
+                return -EINVAL;
        if (conf->algo[XT_STRING_MAX_ALGO_NAME_SIZE - 1] != '\0')
-                return false;
+                return -EINVAL;
        if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE)
-                return false;
+                return -EINVAL;
        if (par->match->revision == 1) {
                if (conf->u.v1.flags &
                    ~(XT_STRING_FLAG_IGNORECASE | XT_STRING_FLAG_INVERT))
-                        return false;
+                        return -EINVAL;
                if (conf->u.v1.flags & XT_STRING_FLAG_IGNORECASE)
                        flags |= TS_IGNORECASE;
        }
        ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,
                                     GFP_KERNEL, flags);
        if (IS_ERR(ts_conf))
-                return false;
+                return -EINVAL;
        conf->config = ts_conf;
+        return 0;
-        return true;
 }
 static void string_mt_destroy(const struct xt_mtdtor_param *par)
diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c
index 00728410099f..efa2ede24ae6 100644
--- a/net/netfilter/xt_tcpudp.c
+++ b/net/netfilter/xt_tcpudp.c
@@ -125,7 +125,7 @@ static int tcp_mt_check(const struct xt_mtchk_param *par)
        const struct xt_tcp *tcpinfo = par->matchinfo;
        /* Must specify no unknown invflags */
-        return !(tcpinfo->invflags & ~XT_TCP_INV_MASK);
+        return (tcpinfo->invflags & ~XT_TCP_INV_MASK) ? -EINVAL : 0;
 }
 static bool udp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
@@ -160,7 +160,7 @@ static int udp_mt_check(const struct xt_mtchk_param *par)
        const struct xt_udp *udpinfo = par->matchinfo;
        /* Must specify no unknown invflags */
-        return !(udpinfo->invflags & ~XT_UDP_INV_MASK);
+        return (udpinfo->invflags & ~XT_UDP_INV_MASK) ? -EINVAL : 0;
 }
 static struct xt_match tcpudp_mt_reg[] __read_mostly = {
diff --git a/net/netfilter/xt_time.c b/net/netfilter/xt_time.c
index db74f4fd57df..8dde5e51ff19 100644
--- a/net/netfilter/xt_time.c
+++ b/net/netfilter/xt_time.c
@@ -225,10 +225,10 @@ static int time_mt_check(const struct xt_mtchk_param *par)
            info->daytime_stop > XT_TIME_MAX_DAYTIME) {
                pr_info("invalid argument - start or "
                        "stop time greater than 23:59:59\n");
-                return false;
+                return -EINVAL;
        }
-        return true;
+        return 0;
 }
 static struct xt_match xt_time_mt_reg __read_mostly = {
author	Jan Engelhardt <jengelh@medozas.de>	2010-03-23 11:35:56 -0400
committer	Jan Engelhardt <jengelh@medozas.de>	2010-03-25 11:55:24 -0400
commit	bd414ee605ff3ac5fcd79f57269a897879ee4cde (patch)
tree	3cff5d1f3fd43791341e9cde23dabb4dfbc94bd3 /net/netfilter
parent	135367b8f6a18507af6b9a6910a14b5699415309 (diff)