netfilter: xtables: change targets to return error code

Part of the transition of done by this semantic patch: // <smpl> @ rule1 @ struct xt_target ops; identifier check; @@ ops.checkentry = check; @@ identifier rule1.check; @@ check(...) { <... -return true; +return 0; ...> } @@ identifier rule1.check; @@ check(...) { <... -return false; +return -EINVAL; ...> } // </smpl> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2010-03-25 11:34:45 -0400
committer: Jan Engelhardt <jengelh@medozas.de> 2010-03-25 11:55:49 -0400
commit: d6b00a5345ce4e86e8b00a88bb84a2c0c1f69ddc (patch)
tree: 11d68bb08584fbbae02a7bf22599bdd67da4408e /net/netfilter
parent: bd414ee605ff3ac5fcd79f57269a897879ee4cde (diff)
12 files changed, 50 insertions, 45 deletions
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 7ee177746172..8e23d8f68459 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -528,6 +528,8 @@ EXPORT_SYMBOL_GPL(xt_compat_match_to_user);
 int xt_check_target(struct xt_tgchk_param *par,
                    unsigned int size, u_int8_t proto, bool inv_proto)
 {
+        int ret;
        if (XT_ALIGN(par->target->targetsize) != size) {
                pr_err("%s_tables: %s.%u target: invalid size "
                       "%u (kernel) != (user) %u\n",
@@ -559,8 +561,14 @@ int xt_check_target(struct xt_tgchk_param *par,
                       par->target->proto);
                return -EINVAL;
        }
-        if (par->target->checkentry != NULL && !par->target->checkentry(par))
+        if (par->target->checkentry != NULL) {
-                return -EINVAL;
+                ret = par->target->checkentry(par);
+                if (ret < 0)
+                        return ret;
+                else if (ret > 0)
+                        /* Flag up potential errors. */
+                        return -EIO;
+        }
        return 0;
 }
 EXPORT_SYMBOL_GPL(xt_check_target);
diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c
index 3f9d0f4f852d..2287a82a0703 100644
--- a/net/netfilter/xt_CONNSECMARK.c
+++ b/net/netfilter/xt_CONNSECMARK.c
@@ -92,7 +92,7 @@ static int connsecmark_tg_check(const struct xt_tgchk_param *par)
            strcmp(par->table, "security") != 0) {
                pr_info("target only valid in the \'mangle\' "
                        "or \'security\' tables, not \'%s\'.\n", par->table);
-                return false;
+                return -EINVAL;
        }
        switch (info->mode) {
@@ -108,9 +108,9 @@ static int connsecmark_tg_check(const struct xt_tgchk_param *par)
        if (nf_ct_l3proto_try_module_get(par->family) < 0) {
                pr_info("cannot load conntrack support for proto=%u\n",
                        par->family);
-                return false;
+                return -EINVAL;
        }
-        return true;
+        return 0;
 }
 static void connsecmark_tg_destroy(const struct xt_tgdtor_param *par)
diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
index c1553bf06cf6..ee566e2e4534 100644
--- a/net/netfilter/xt_CT.c
+++ b/net/netfilter/xt_CT.c
@@ -62,7 +62,7 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par)
        u8 proto;
        if (info->flags & ~XT_CT_NOTRACK)
-                return false;
+                return -EINVAL;
        if (info->flags & XT_CT_NOTRACK) {
                ct = &nf_conntrack_untracked;
@@ -108,14 +108,14 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par)
        __set_bit(IPS_CONFIRMED_BIT, &ct->status);
 out:
        info->ct = ct;
-        return true;
+        return 0;
 err3:
        nf_conntrack_free(ct);
 err2:
        nf_ct_l3proto_module_put(par->family);
 err1:
-        return false;
+        return -EINVAL;
 }
 static void xt_ct_tg_destroy(const struct xt_tgdtor_param *par)
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c
index 1fa7b67bf225..aa263b80f8c0 100644
--- a/net/netfilter/xt_DSCP.c
+++ b/net/netfilter/xt_DSCP.c
@@ -66,9 +66,9 @@ static int dscp_tg_check(const struct xt_tgchk_param *par)
        if (info->dscp > XT_DSCP_MAX) {
                pr_info("dscp %x out of range\n", info->dscp);
-                return false;
+                return -EINVAL;
        }
-        return true;
+        return 0;
 }
 static unsigned int
diff --git a/net/netfilter/xt_HL.c b/net/netfilter/xt_HL.c
index 15ba16108182..7a47383ec723 100644
--- a/net/netfilter/xt_HL.c
+++ b/net/netfilter/xt_HL.c
@@ -110,8 +110,8 @@ static int ttl_tg_check(const struct xt_tgchk_param *par)
                return false;
        }
        if (info->mode != IPT_TTL_SET && info->ttl == 0)
-                return false;
+                return -EINVAL;
-        return true;
+        return 0;
 }
 static int hl_tg6_check(const struct xt_tgchk_param *par)
@@ -120,14 +120,14 @@ static int hl_tg6_check(const struct xt_tgchk_param *par)
        if (info->mode > IP6T_HL_MAXMODE) {
                pr_info("invalid or unknown mode %u\n", info->mode);
-                return false;
+                return -EINVAL;
        }
        if (info->mode != IP6T_HL_SET && info->hop_limit == 0) {
                pr_info("increment/decrement does not "
                        "make sense with value 0\n");
-                return false;
+                return -EINVAL;
        }
-        return true;
+        return 0;
 }
 static struct xt_target hl_tg_reg[] __read_mostly = {
diff --git a/net/netfilter/xt_LED.c b/net/netfilter/xt_LED.c
index 1a3e3dd5a774..22b5b7057397 100644
--- a/net/netfilter/xt_LED.c
+++ b/net/netfilter/xt_LED.c
@@ -88,12 +88,12 @@ static int led_tg_check(const struct xt_tgchk_param *par)
        if (ledinfo->id[0] == '\0') {
                pr_info("No 'id' parameter given.\n");
-                return false;
+                return -EINVAL;
        }
        ledinternal = kzalloc(sizeof(struct xt_led_info_internal), GFP_KERNEL);
        if (!ledinternal)
-                return false;
+                return -EINVAL;
        ledinternal->netfilter_led_trigger.name = ledinfo->id;
@@ -111,13 +111,11 @@ static int led_tg_check(const struct xt_tgchk_param *par)
                            (unsigned long)ledinfo);
        ledinfo->internal_data = ledinternal;
+        return 0;
-        return true;
 exit_alloc:
        kfree(ledinternal);
+        return -EINVAL;
-        return false;
 }
 static void led_tg_destroy(const struct xt_tgdtor_param *par)
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
index 13e6c0002c8a..42dd8747b421 100644
--- a/net/netfilter/xt_NFLOG.c
+++ b/net/netfilter/xt_NFLOG.c
@@ -42,10 +42,10 @@ static int nflog_tg_check(const struct xt_tgchk_param *par)
        const struct xt_nflog_info *info = par->targinfo;
        if (info->flags & ~XT_NFLOG_MASK)
-                return false;
+                return -EINVAL;
        if (info->prefix[sizeof(info->prefix) - 1] != '\0')
-                return false;
+                return -EINVAL;
-        return true;
+        return 0;
 }
 static struct xt_target nflog_tg_reg __read_mostly = {
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c
index d435579a64ca..add1789ae4a8 100644
--- a/net/netfilter/xt_NFQUEUE.c
+++ b/net/netfilter/xt_NFQUEUE.c
@@ -92,15 +92,15 @@ static int nfqueue_tg_v1_check(const struct xt_tgchk_param *par)
        }
        if (info->queues_total == 0) {
                pr_err("NFQUEUE: number of total queues is 0\n");
-                return false;
+                return -EINVAL;
        }
        maxid = info->queues_total - 1 + info->queuenum;
        if (maxid > 0xffff) {
                pr_err("NFQUEUE: number of queues (%u) out of range (got %u)\n",
                       info->queues_total, maxid);
-                return false;
+                return -EINVAL;
        }
-        return true;
+        return 0;
 }
 static struct xt_target nfqueue_tg_reg[] __read_mostly = {
diff --git a/net/netfilter/xt_RATEEST.c b/net/netfilter/xt_RATEEST.c
index 9743e50be8ef..7af5fba39cdd 100644
--- a/net/netfilter/xt_RATEEST.c
+++ b/net/netfilter/xt_RATEEST.c
@@ -109,10 +109,10 @@ static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
                    (info->interval != est->params.interval ||
                     info->ewma_log != est->params.ewma_log)) {
                        xt_rateest_put(est);
-                        return false;
+                        return -EINVAL;
                }
                info->est = est;
-                return true;
+                return 0;
        }
        est = kzalloc(sizeof(*est), GFP_KERNEL);
@@ -136,13 +136,12 @@ static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
        info->est = est;
        xt_rateest_hash_insert(est);
+        return 0;
-        return true;
 err2:
        kfree(est);
 err1:
-        return false;
+        return -EINVAL;
 }
 static void xt_rateest_tg_destroy(const struct xt_tgdtor_param *par)
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
index 48f8e4f7ea8a..39098fc9887d 100644
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -88,29 +88,29 @@ static int secmark_tg_check(const struct xt_tgchk_param *par)
            strcmp(par->table, "security") != 0) {
                pr_info("target only valid in the \'mangle\' "
                        "or \'security\' tables, not \'%s\'.\n", par->table);
-                return false;
+                return -EINVAL;
        }
        if (mode && mode != info->mode) {
                pr_info("mode already set to %hu cannot mix with "
                        "rules for mode %hu\n", mode, info->mode);
-                return false;
+                return -EINVAL;
        }
        switch (info->mode) {
        case SECMARK_MODE_SEL:
                if (!checkentry_selinux(info))
-                        return false;
+                        return -EINVAL;
                break;
        default:
                pr_info("invalid mode: %hu\n", info->mode);
-                return false;
+                return -EINVAL;
        }
        if (!mode)
                mode = info->mode;
-        return true;
+        return 0;
 }
 static void secmark_tg_destroy(const struct xt_tgdtor_param *par)
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index 70288dc31583..385677b963d5 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -246,13 +246,13 @@ static int tcpmss_tg4_check(const struct xt_tgchk_param *par)
                           (1 << NF_INET_POST_ROUTING))) != 0) {
                pr_info("path-MTU clamping only supported in "
                        "FORWARD, OUTPUT and POSTROUTING hooks\n");
-                return false;
+                return -EINVAL;
        }
        xt_ematch_foreach(ematch, e)
                if (find_syn_match(ematch))
-                        return true;
+                        return 0;
        pr_info("Only works on TCP SYN packets\n");
-        return false;
+        return -EINVAL;
 }
 #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
@@ -268,13 +268,13 @@ static int tcpmss_tg6_check(const struct xt_tgchk_param *par)
                           (1 << NF_INET_POST_ROUTING))) != 0) {
                pr_info("path-MTU clamping only supported in "
                        "FORWARD, OUTPUT and POSTROUTING hooks\n");
-                return false;
+                return -EINVAL;
        }
        xt_ematch_foreach(ematch, e)
                if (find_syn_match(ematch))
-                        return true;
+                        return 0;
        pr_info("Only works on TCP SYN packets\n");
-        return false;
+        return -EINVAL;
 }
 #endif
diff --git a/net/netfilter/xt_TPROXY.c b/net/netfilter/xt_TPROXY.c
index 189df9af4de6..4f246ddc5c48 100644
--- a/net/netfilter/xt_TPROXY.c
+++ b/net/netfilter/xt_TPROXY.c
@@ -65,11 +65,11 @@ static int tproxy_tg_check(const struct xt_tgchk_param *par)
        if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP)
            && !(i->invflags & IPT_INV_PROTO))
-                return true;
+                return 0;
        pr_info("Can be used only in combination with "
                "either -p tcp or -p udp\n");
-        return false;
+        return -EINVAL;
 }
 static struct xt_target tproxy_tg_reg __read_mostly = {
author	Jan Engelhardt <jengelh@medozas.de>	2010-03-25 11:34:45 -0400
committer	Jan Engelhardt <jengelh@medozas.de>	2010-03-25 11:55:49 -0400
commit	d6b00a5345ce4e86e8b00a88bb84a2c0c1f69ddc (patch)
tree	11d68bb08584fbbae02a7bf22599bdd67da4408e /net/netfilter
parent	bd414ee605ff3ac5fcd79f57269a897879ee4cde (diff)

diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 7ee177746172..8e23d8f68459 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c
@@ -528,6 +528,8 @@ EXPORT_SYMBOL_GPL(xt_compat_match_to_user);
528	int xt_check_target(struct xt_tgchk_param *par,	528	int xt_check_target(struct xt_tgchk_param *par,
529	unsigned int size, u_int8_t proto, bool inv_proto)	529	unsigned int size, u_int8_t proto, bool inv_proto)
530	{	530	{
		531	int ret;
		532
531	if (XT_ALIGN(par->target->targetsize) != size) {	533	if (XT_ALIGN(par->target->targetsize) != size) {
532	pr_err("%s_tables: %s.%u target: invalid size "	534	pr_err("%s_tables: %s.%u target: invalid size "
533	"%u (kernel) != (user) %u\n",	535	"%u (kernel) != (user) %u\n",
@@ -559,8 +561,14 @@ int xt_check_target(struct xt_tgchk_param *par,
559	par->target->proto);	561	par->target->proto);
560	return -EINVAL;	562	return -EINVAL;
561	}	563	}
562	if (par->target->checkentry != NULL && !par->target->checkentry(par))	564	if (par->target->checkentry != NULL) {
563	return -EINVAL;	565	ret = par->target->checkentry(par);
		566	if (ret < 0)
		567	return ret;
		568	else if (ret > 0)
		569	/* Flag up potential errors. */
		570	return -EIO;
		571	}
564	return 0;	572	return 0;
565	}	573	}
566	EXPORT_SYMBOL_GPL(xt_check_target);	574	EXPORT_SYMBOL_GPL(xt_check_target);


diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c index 3f9d0f4f852d..2287a82a0703 100644 --- a/net/netfilter/xt_CONNSECMARK.c +++ b/net/netfilter/xt_CONNSECMARK.c
@@ -92,7 +92,7 @@ static int connsecmark_tg_check(const struct xt_tgchk_param *par)
92	strcmp(par->table, "security") != 0) {	92	strcmp(par->table, "security") != 0) {
93	pr_info("target only valid in the \'mangle\' "	93	pr_info("target only valid in the \'mangle\' "
94	"or \'security\' tables, not \'%s\'.\n", par->table);	94	"or \'security\' tables, not \'%s\'.\n", par->table);
95	return false;	95	return -EINVAL;
96	}	96	}
97		97
98	switch (info->mode) {	98	switch (info->mode) {
@@ -108,9 +108,9 @@ static int connsecmark_tg_check(const struct xt_tgchk_param *par)
108	if (nf_ct_l3proto_try_module_get(par->family) < 0) {	108	if (nf_ct_l3proto_try_module_get(par->family) < 0) {
109	pr_info("cannot load conntrack support for proto=%u\n",	109	pr_info("cannot load conntrack support for proto=%u\n",
110	par->family);	110	par->family);
111	return false;	111	return -EINVAL;
112	}	112	}
113	return true;	113	return 0;
114	}	114	}
115		115
116	static void connsecmark_tg_destroy(const struct xt_tgdtor_param *par)	116	static void connsecmark_tg_destroy(const struct xt_tgdtor_param *par)


diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c index c1553bf06cf6..ee566e2e4534 100644 --- a/net/netfilter/xt_CT.c +++ b/net/netfilter/xt_CT.c
@@ -62,7 +62,7 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par)
62	u8 proto;	62	u8 proto;
63		63
64	if (info->flags & ~XT_CT_NOTRACK)	64	if (info->flags & ~XT_CT_NOTRACK)
65	return false;	65	return -EINVAL;
66		66
67	if (info->flags & XT_CT_NOTRACK) {	67	if (info->flags & XT_CT_NOTRACK) {
68	ct = &nf_conntrack_untracked;	68	ct = &nf_conntrack_untracked;
@@ -108,14 +108,14 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par)
108	__set_bit(IPS_CONFIRMED_BIT, &ct->status);	108	__set_bit(IPS_CONFIRMED_BIT, &ct->status);
109	out:	109	out:
110	info->ct = ct;	110	info->ct = ct;
111	return true;	111	return 0;
112		112
113	err3:	113	err3:
114	nf_conntrack_free(ct);	114	nf_conntrack_free(ct);
115	err2:	115	err2:
116	nf_ct_l3proto_module_put(par->family);	116	nf_ct_l3proto_module_put(par->family);
117	err1:	117	err1:
118	return false;	118	return -EINVAL;
119	}	119	}
120		120
121	static void xt_ct_tg_destroy(const struct xt_tgdtor_param *par)	121	static void xt_ct_tg_destroy(const struct xt_tgdtor_param *par)


diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c index 1fa7b67bf225..aa263b80f8c0 100644 --- a/net/netfilter/xt_DSCP.c +++ b/net/netfilter/xt_DSCP.c
@@ -66,9 +66,9 @@ static int dscp_tg_check(const struct xt_tgchk_param *par)
66		66
67	if (info->dscp > XT_DSCP_MAX) {	67	if (info->dscp > XT_DSCP_MAX) {
68	pr_info("dscp %x out of range\n", info->dscp);	68	pr_info("dscp %x out of range\n", info->dscp);
69	return false;	69	return -EINVAL;
70	}	70	}
71	return true;	71	return 0;
72	}	72	}
73		73
74	static unsigned int	74	static unsigned int


diff --git a/net/netfilter/xt_HL.c b/net/netfilter/xt_HL.c index 15ba16108182..7a47383ec723 100644 --- a/net/netfilter/xt_HL.c +++ b/net/netfilter/xt_HL.c
@@ -110,8 +110,8 @@ static int ttl_tg_check(const struct xt_tgchk_param *par)
110	return false;	110	return false;
111	}	111	}
112	if (info->mode != IPT_TTL_SET && info->ttl == 0)	112	if (info->mode != IPT_TTL_SET && info->ttl == 0)
113	return false;	113	return -EINVAL;
114	return true;	114	return 0;
115	}	115	}
116		116
117	static int hl_tg6_check(const struct xt_tgchk_param *par)	117	static int hl_tg6_check(const struct xt_tgchk_param *par)
@@ -120,14 +120,14 @@ static int hl_tg6_check(const struct xt_tgchk_param *par)
120		120
121	if (info->mode > IP6T_HL_MAXMODE) {	121	if (info->mode > IP6T_HL_MAXMODE) {
122	pr_info("invalid or unknown mode %u\n", info->mode);	122	pr_info("invalid or unknown mode %u\n", info->mode);
123	return false;	123	return -EINVAL;
124	}	124	}
125	if (info->mode != IP6T_HL_SET && info->hop_limit == 0) {	125	if (info->mode != IP6T_HL_SET && info->hop_limit == 0) {
126	pr_info("increment/decrement does not "	126	pr_info("increment/decrement does not "
127	"make sense with value 0\n");	127	"make sense with value 0\n");
128	return false;	128	return -EINVAL;
129	}	129	}
130	return true;	130	return 0;
131	}	131	}
132		132
133	static struct xt_target hl_tg_reg[] __read_mostly = {	133	static struct xt_target hl_tg_reg[] __read_mostly = {


diff --git a/net/netfilter/xt_LED.c b/net/netfilter/xt_LED.c index 1a3e3dd5a774..22b5b7057397 100644 --- a/net/netfilter/xt_LED.c +++ b/net/netfilter/xt_LED.c
@@ -88,12 +88,12 @@ static int led_tg_check(const struct xt_tgchk_param *par)
88		88
89	if (ledinfo->id[0] == '\0') {	89	if (ledinfo->id[0] == '\0') {
90	pr_info("No 'id' parameter given.\n");	90	pr_info("No 'id' parameter given.\n");
91	return false;	91	return -EINVAL;
92	}	92	}
93		93
94	ledinternal = kzalloc(sizeof(struct xt_led_info_internal), GFP_KERNEL);	94	ledinternal = kzalloc(sizeof(struct xt_led_info_internal), GFP_KERNEL);
95	if (!ledinternal)	95	if (!ledinternal)
96	return false;	96	return -EINVAL;
97		97
98	ledinternal->netfilter_led_trigger.name = ledinfo->id;	98	ledinternal->netfilter_led_trigger.name = ledinfo->id;
99		99
@@ -111,13 +111,11 @@ static int led_tg_check(const struct xt_tgchk_param *par)
111	(unsigned long)ledinfo);	111	(unsigned long)ledinfo);
112		112
113	ledinfo->internal_data = ledinternal;	113	ledinfo->internal_data = ledinternal;
114		114	return 0;
115	return true;
116		115
117	exit_alloc:	116	exit_alloc:
118	kfree(ledinternal);	117	kfree(ledinternal);
119		118	return -EINVAL;
120	return false;
121	}	119	}
122		120
123	static void led_tg_destroy(const struct xt_tgdtor_param *par)	121	static void led_tg_destroy(const struct xt_tgdtor_param *par)


diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c index 13e6c0002c8a..42dd8747b421 100644 --- a/net/netfilter/xt_NFLOG.c +++ b/net/netfilter/xt_NFLOG.c
@@ -42,10 +42,10 @@ static int nflog_tg_check(const struct xt_tgchk_param *par)
42	const struct xt_nflog_info *info = par->targinfo;	42	const struct xt_nflog_info *info = par->targinfo;
43		43
44	if (info->flags & ~XT_NFLOG_MASK)	44	if (info->flags & ~XT_NFLOG_MASK)
45	return false;	45	return -EINVAL;
46	if (info->prefix[sizeof(info->prefix) - 1] != '\0')	46	if (info->prefix[sizeof(info->prefix) - 1] != '\0')
47	return false;	47	return -EINVAL;
48	return true;	48	return 0;
49	}	49	}
50		50
51	static struct xt_target nflog_tg_reg __read_mostly = {	51	static struct xt_target nflog_tg_reg __read_mostly = {


diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c index d435579a64ca..add1789ae4a8 100644 --- a/net/netfilter/xt_NFQUEUE.c +++ b/net/netfilter/xt_NFQUEUE.c
@@ -92,15 +92,15 @@ static int nfqueue_tg_v1_check(const struct xt_tgchk_param *par)
92	}	92	}
93	if (info->queues_total == 0) {	93	if (info->queues_total == 0) {
94	pr_err("NFQUEUE: number of total queues is 0\n");	94	pr_err("NFQUEUE: number of total queues is 0\n");
95	return false;	95	return -EINVAL;
96	}	96	}
97	maxid = info->queues_total - 1 + info->queuenum;	97	maxid = info->queues_total - 1 + info->queuenum;
98	if (maxid > 0xffff) {	98	if (maxid > 0xffff) {
99	pr_err("NFQUEUE: number of queues (%u) out of range (got %u)\n",	99	pr_err("NFQUEUE: number of queues (%u) out of range (got %u)\n",
100	info->queues_total, maxid);	100	info->queues_total, maxid);
101	return false;	101	return -EINVAL;
102	}	102	}
103	return true;	103	return 0;
104	}	104	}
105		105
106	static struct xt_target nfqueue_tg_reg[] __read_mostly = {	106	static struct xt_target nfqueue_tg_reg[] __read_mostly = {


diff --git a/net/netfilter/xt_RATEEST.c b/net/netfilter/xt_RATEEST.c index 9743e50be8ef..7af5fba39cdd 100644 --- a/net/netfilter/xt_RATEEST.c +++ b/net/netfilter/xt_RATEEST.c
@@ -109,10 +109,10 @@ static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
109	(info->interval != est->params.interval \|\|	109	(info->interval != est->params.interval \|\|
110	info->ewma_log != est->params.ewma_log)) {	110	info->ewma_log != est->params.ewma_log)) {
111	xt_rateest_put(est);	111	xt_rateest_put(est);
112	return false;	112	return -EINVAL;
113	}	113	}
114	info->est = est;	114	info->est = est;
115	return true;	115	return 0;
116	}	116	}
117		117
118	est = kzalloc(sizeof(*est), GFP_KERNEL);	118	est = kzalloc(sizeof(*est), GFP_KERNEL);
@@ -136,13 +136,12 @@ static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
136		136
137	info->est = est;	137	info->est = est;
138	xt_rateest_hash_insert(est);	138	xt_rateest_hash_insert(est);
139		139	return 0;
140	return true;
141		140
142	err2:	141	err2:
143	kfree(est);	142	kfree(est);
144	err1:	143	err1:
145	return false;	144	return -EINVAL;
146	}	145	}
147		146
148	static void xt_rateest_tg_destroy(const struct xt_tgdtor_param *par)	147	static void xt_rateest_tg_destroy(const struct xt_tgdtor_param *par)


diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c index 48f8e4f7ea8a..39098fc9887d 100644 --- a/net/netfilter/xt_SECMARK.c +++ b/net/netfilter/xt_SECMARK.c
@@ -88,29 +88,29 @@ static int secmark_tg_check(const struct xt_tgchk_param *par)
88	strcmp(par->table, "security") != 0) {	88	strcmp(par->table, "security") != 0) {
89	pr_info("target only valid in the \'mangle\' "	89	pr_info("target only valid in the \'mangle\' "
90	"or \'security\' tables, not \'%s\'.\n", par->table);	90	"or \'security\' tables, not \'%s\'.\n", par->table);
91	return false;	91	return -EINVAL;
92	}	92	}
93		93
94	if (mode && mode != info->mode) {	94	if (mode && mode != info->mode) {
95	pr_info("mode already set to %hu cannot mix with "	95	pr_info("mode already set to %hu cannot mix with "
96	"rules for mode %hu\n", mode, info->mode);	96	"rules for mode %hu\n", mode, info->mode);
97	return false;	97	return -EINVAL;
98	}	98	}
99		99
100	switch (info->mode) {	100	switch (info->mode) {
101	case SECMARK_MODE_SEL:	101	case SECMARK_MODE_SEL:
102	if (!checkentry_selinux(info))	102	if (!checkentry_selinux(info))
103	return false;	103	return -EINVAL;
104	break;	104	break;
105		105
106	default:	106	default:
107	pr_info("invalid mode: %hu\n", info->mode);	107	pr_info("invalid mode: %hu\n", info->mode);
108	return false;	108	return -EINVAL;
109	}	109	}
110		110
111	if (!mode)	111	if (!mode)
112	mode = info->mode;	112	mode = info->mode;
113	return true;	113	return 0;
114	}	114	}
115		115
116	static void secmark_tg_destroy(const struct xt_tgdtor_param *par)	116	static void secmark_tg_destroy(const struct xt_tgdtor_param *par)


diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c index 70288dc31583..385677b963d5 100644 --- a/net/netfilter/xt_TCPMSS.c +++ b/net/netfilter/xt_TCPMSS.c
@@ -246,13 +246,13 @@ static int tcpmss_tg4_check(const struct xt_tgchk_param *par)
246	(1 << NF_INET_POST_ROUTING))) != 0) {	246	(1 << NF_INET_POST_ROUTING))) != 0) {
247	pr_info("path-MTU clamping only supported in "	247	pr_info("path-MTU clamping only supported in "
248	"FORWARD, OUTPUT and POSTROUTING hooks\n");	248	"FORWARD, OUTPUT and POSTROUTING hooks\n");
249	return false;	249	return -EINVAL;
250	}	250	}
251	xt_ematch_foreach(ematch, e)	251	xt_ematch_foreach(ematch, e)
252	if (find_syn_match(ematch))	252	if (find_syn_match(ematch))
253	return true;	253	return 0;
254	pr_info("Only works on TCP SYN packets\n");	254	pr_info("Only works on TCP SYN packets\n");
255	return false;	255	return -EINVAL;
256	}	256	}
257		257
258	#if defined(CONFIG_IP6_NF_IPTABLES) \|\| defined(CONFIG_IP6_NF_IPTABLES_MODULE)	258	#if defined(CONFIG_IP6_NF_IPTABLES) \|\| defined(CONFIG_IP6_NF_IPTABLES_MODULE)
@@ -268,13 +268,13 @@ static int tcpmss_tg6_check(const struct xt_tgchk_param *par)
268	(1 << NF_INET_POST_ROUTING))) != 0) {	268	(1 << NF_INET_POST_ROUTING))) != 0) {
269	pr_info("path-MTU clamping only supported in "	269	pr_info("path-MTU clamping only supported in "
270	"FORWARD, OUTPUT and POSTROUTING hooks\n");	270	"FORWARD, OUTPUT and POSTROUTING hooks\n");
271	return false;	271	return -EINVAL;
272	}	272	}
273	xt_ematch_foreach(ematch, e)	273	xt_ematch_foreach(ematch, e)
274	if (find_syn_match(ematch))	274	if (find_syn_match(ematch))
275	return true;	275	return 0;
276	pr_info("Only works on TCP SYN packets\n");	276	pr_info("Only works on TCP SYN packets\n");
277	return false;	277	return -EINVAL;
278	}	278	}
279	#endif	279	#endif
280		280


diff --git a/net/netfilter/xt_TPROXY.c b/net/netfilter/xt_TPROXY.c index 189df9af4de6..4f246ddc5c48 100644 --- a/net/netfilter/xt_TPROXY.c +++ b/net/netfilter/xt_TPROXY.c
@@ -65,11 +65,11 @@ static int tproxy_tg_check(const struct xt_tgchk_param *par)
65		65
66	if ((i->proto == IPPROTO_TCP \|\| i->proto == IPPROTO_UDP)	66	if ((i->proto == IPPROTO_TCP \|\| i->proto == IPPROTO_UDP)
67	&& !(i->invflags & IPT_INV_PROTO))	67	&& !(i->invflags & IPT_INV_PROTO))
68	return true;	68	return 0;
69		69
70	pr_info("Can be used only in combination with "	70	pr_info("Can be used only in combination with "
71	"either -p tcp or -p udp\n");	71	"either -p tcp or -p udp\n");
72	return false;	72	return -EINVAL;
73	}	73	}
74		74
75	static struct xt_target tproxy_tg_reg __read_mostly = {	75	static struct xt_target tproxy_tg_reg __read_mostly = {