diff options
45 files changed, 320 insertions, 327 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index b8577d18d10d..304fce356a43 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h | |||
@@ -141,14 +141,14 @@ struct xt_match | |||
141 | /* Arguments changed since 2.6.9, as this must now handle | 141 | /* Arguments changed since 2.6.9, as this must now handle |
142 | non-linear skb, using skb_header_pointer and | 142 | non-linear skb, using skb_header_pointer and |
143 | skb_ip_make_writable. */ | 143 | skb_ip_make_writable. */ |
144 | int (*match)(const struct sk_buff *skb, | 144 | bool (*match)(const struct sk_buff *skb, |
145 | const struct net_device *in, | 145 | const struct net_device *in, |
146 | const struct net_device *out, | 146 | const struct net_device *out, |
147 | const struct xt_match *match, | 147 | const struct xt_match *match, |
148 | const void *matchinfo, | 148 | const void *matchinfo, |
149 | int offset, | 149 | int offset, |
150 | unsigned int protoff, | 150 | unsigned int protoff, |
151 | bool *hotdrop); | 151 | bool *hotdrop); |
152 | 152 | ||
153 | /* Called when user tries to insert an entry of this type. */ | 153 | /* Called when user tries to insert an entry of this type. */ |
154 | /* Should return true or false. */ | 154 | /* Should return true or false. */ |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index e2a893825656..b9c792dd4890 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -183,19 +183,19 @@ ipt_error(struct sk_buff **pskb, | |||
183 | } | 183 | } |
184 | 184 | ||
185 | static inline | 185 | static inline |
186 | int do_match(struct ipt_entry_match *m, | 186 | bool do_match(struct ipt_entry_match *m, |
187 | const struct sk_buff *skb, | 187 | const struct sk_buff *skb, |
188 | const struct net_device *in, | 188 | const struct net_device *in, |
189 | const struct net_device *out, | 189 | const struct net_device *out, |
190 | int offset, | 190 | int offset, |
191 | bool *hotdrop) | 191 | bool *hotdrop) |
192 | { | 192 | { |
193 | /* Stop iteration if it doesn't match */ | 193 | /* Stop iteration if it doesn't match */ |
194 | if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data, | 194 | if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data, |
195 | offset, ip_hdrlen(skb), hotdrop)) | 195 | offset, ip_hdrlen(skb), hotdrop)) |
196 | return 1; | 196 | return true; |
197 | else | 197 | else |
198 | return 0; | 198 | return false; |
199 | } | 199 | } |
200 | 200 | ||
201 | static inline struct ipt_entry * | 201 | static inline struct ipt_entry * |
@@ -2105,16 +2105,16 @@ void ipt_unregister_table(struct xt_table *table) | |||
2105 | } | 2105 | } |
2106 | 2106 | ||
2107 | /* Returns 1 if the type and code is matched by the range, 0 otherwise */ | 2107 | /* Returns 1 if the type and code is matched by the range, 0 otherwise */ |
2108 | static inline int | 2108 | static inline bool |
2109 | icmp_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code, | 2109 | icmp_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code, |
2110 | u_int8_t type, u_int8_t code, | 2110 | u_int8_t type, u_int8_t code, |
2111 | int invert) | 2111 | bool invert) |
2112 | { | 2112 | { |
2113 | return ((test_type == 0xFF) || (type == test_type && code >= min_code && code <= max_code)) | 2113 | return ((test_type == 0xFF) || (type == test_type && code >= min_code && code <= max_code)) |
2114 | ^ invert; | 2114 | ^ invert; |
2115 | } | 2115 | } |
2116 | 2116 | ||
2117 | static int | 2117 | static bool |
2118 | icmp_match(const struct sk_buff *skb, | 2118 | icmp_match(const struct sk_buff *skb, |
2119 | const struct net_device *in, | 2119 | const struct net_device *in, |
2120 | const struct net_device *out, | 2120 | const struct net_device *out, |
@@ -2129,7 +2129,7 @@ icmp_match(const struct sk_buff *skb, | |||
2129 | 2129 | ||
2130 | /* Must not be a fragment. */ | 2130 | /* Must not be a fragment. */ |
2131 | if (offset) | 2131 | if (offset) |
2132 | return 0; | 2132 | return false; |
2133 | 2133 | ||
2134 | ic = skb_header_pointer(skb, protoff, sizeof(_icmph), &_icmph); | 2134 | ic = skb_header_pointer(skb, protoff, sizeof(_icmph), &_icmph); |
2135 | if (ic == NULL) { | 2135 | if (ic == NULL) { |
@@ -2138,7 +2138,7 @@ icmp_match(const struct sk_buff *skb, | |||
2138 | */ | 2138 | */ |
2139 | duprintf("Dropping evil ICMP tinygram.\n"); | 2139 | duprintf("Dropping evil ICMP tinygram.\n"); |
2140 | *hotdrop = true; | 2140 | *hotdrop = true; |
2141 | return 0; | 2141 | return false; |
2142 | } | 2142 | } |
2143 | 2143 | ||
2144 | return icmp_type_code_match(icmpinfo->type, | 2144 | return icmp_type_code_match(icmpinfo->type, |
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c index a9a9b750ff2d..abea446a4437 100644 --- a/net/ipv4/netfilter/ipt_addrtype.c +++ b/net/ipv4/netfilter/ipt_addrtype.c | |||
@@ -22,19 +22,19 @@ MODULE_LICENSE("GPL"); | |||
22 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); | 22 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); |
23 | MODULE_DESCRIPTION("iptables addrtype match"); | 23 | MODULE_DESCRIPTION("iptables addrtype match"); |
24 | 24 | ||
25 | static inline int match_type(__be32 addr, u_int16_t mask) | 25 | static inline bool match_type(__be32 addr, u_int16_t mask) |
26 | { | 26 | { |
27 | return !!(mask & (1 << inet_addr_type(addr))); | 27 | return !!(mask & (1 << inet_addr_type(addr))); |
28 | } | 28 | } |
29 | 29 | ||
30 | static int match(const struct sk_buff *skb, | 30 | static bool match(const struct sk_buff *skb, |
31 | const struct net_device *in, const struct net_device *out, | 31 | const struct net_device *in, const struct net_device *out, |
32 | const struct xt_match *match, const void *matchinfo, | 32 | const struct xt_match *match, const void *matchinfo, |
33 | int offset, unsigned int protoff, bool *hotdrop) | 33 | int offset, unsigned int protoff, bool *hotdrop) |
34 | { | 34 | { |
35 | const struct ipt_addrtype_info *info = matchinfo; | 35 | const struct ipt_addrtype_info *info = matchinfo; |
36 | const struct iphdr *iph = ip_hdr(skb); | 36 | const struct iphdr *iph = ip_hdr(skb); |
37 | int ret = 1; | 37 | bool ret = true; |
38 | 38 | ||
39 | if (info->source) | 39 | if (info->source) |
40 | ret &= match_type(iph->saddr, info->source)^info->invert_source; | 40 | ret &= match_type(iph->saddr, info->source)^info->invert_source; |
diff --git a/net/ipv4/netfilter/ipt_ah.c b/net/ipv4/netfilter/ipt_ah.c index 9a244e406a48..3da39ee92d8b 100644 --- a/net/ipv4/netfilter/ipt_ah.c +++ b/net/ipv4/netfilter/ipt_ah.c | |||
@@ -25,10 +25,10 @@ MODULE_DESCRIPTION("iptables AH SPI match module"); | |||
25 | #endif | 25 | #endif |
26 | 26 | ||
27 | /* Returns 1 if the spi is matched by the range, 0 otherwise */ | 27 | /* Returns 1 if the spi is matched by the range, 0 otherwise */ |
28 | static inline int | 28 | static inline bool |
29 | spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) | 29 | spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert) |
30 | { | 30 | { |
31 | int r=0; | 31 | bool r; |
32 | duprintf("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ', | 32 | duprintf("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ', |
33 | min,spi,max); | 33 | min,spi,max); |
34 | r=(spi >= min && spi <= max) ^ invert; | 34 | r=(spi >= min && spi <= max) ^ invert; |
@@ -36,7 +36,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) | |||
36 | return r; | 36 | return r; |
37 | } | 37 | } |
38 | 38 | ||
39 | static int | 39 | static bool |
40 | match(const struct sk_buff *skb, | 40 | match(const struct sk_buff *skb, |
41 | const struct net_device *in, | 41 | const struct net_device *in, |
42 | const struct net_device *out, | 42 | const struct net_device *out, |
@@ -51,7 +51,7 @@ match(const struct sk_buff *skb, | |||
51 | 51 | ||
52 | /* Must not be a fragment. */ | 52 | /* Must not be a fragment. */ |
53 | if (offset) | 53 | if (offset) |
54 | return 0; | 54 | return false; |
55 | 55 | ||
56 | ah = skb_header_pointer(skb, protoff, | 56 | ah = skb_header_pointer(skb, protoff, |
57 | sizeof(_ahdr), &_ahdr); | 57 | sizeof(_ahdr), &_ahdr); |
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c index a47f3745553b..ba3a17e0f848 100644 --- a/net/ipv4/netfilter/ipt_ecn.c +++ b/net/ipv4/netfilter/ipt_ecn.c | |||
@@ -22,15 +22,15 @@ MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); | |||
22 | MODULE_DESCRIPTION("iptables ECN matching module"); | 22 | MODULE_DESCRIPTION("iptables ECN matching module"); |
23 | MODULE_LICENSE("GPL"); | 23 | MODULE_LICENSE("GPL"); |
24 | 24 | ||
25 | static inline int match_ip(const struct sk_buff *skb, | 25 | static inline bool match_ip(const struct sk_buff *skb, |
26 | const struct ipt_ecn_info *einfo) | 26 | const struct ipt_ecn_info *einfo) |
27 | { | 27 | { |
28 | return (ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect; | 28 | return (ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect; |
29 | } | 29 | } |
30 | 30 | ||
31 | static inline int match_tcp(const struct sk_buff *skb, | 31 | static inline bool match_tcp(const struct sk_buff *skb, |
32 | const struct ipt_ecn_info *einfo, | 32 | const struct ipt_ecn_info *einfo, |
33 | bool *hotdrop) | 33 | bool *hotdrop) |
34 | { | 34 | { |
35 | struct tcphdr _tcph, *th; | 35 | struct tcphdr _tcph, *th; |
36 | 36 | ||
@@ -40,51 +40,51 @@ static inline int match_tcp(const struct sk_buff *skb, | |||
40 | th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph); | 40 | th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph); |
41 | if (th == NULL) { | 41 | if (th == NULL) { |
42 | *hotdrop = false; | 42 | *hotdrop = false; |
43 | return 0; | 43 | return false; |
44 | } | 44 | } |
45 | 45 | ||
46 | if (einfo->operation & IPT_ECN_OP_MATCH_ECE) { | 46 | if (einfo->operation & IPT_ECN_OP_MATCH_ECE) { |
47 | if (einfo->invert & IPT_ECN_OP_MATCH_ECE) { | 47 | if (einfo->invert & IPT_ECN_OP_MATCH_ECE) { |
48 | if (th->ece == 1) | 48 | if (th->ece == 1) |
49 | return 0; | 49 | return false; |
50 | } else { | 50 | } else { |
51 | if (th->ece == 0) | 51 | if (th->ece == 0) |
52 | return 0; | 52 | return false; |
53 | } | 53 | } |
54 | } | 54 | } |
55 | 55 | ||
56 | if (einfo->operation & IPT_ECN_OP_MATCH_CWR) { | 56 | if (einfo->operation & IPT_ECN_OP_MATCH_CWR) { |
57 | if (einfo->invert & IPT_ECN_OP_MATCH_CWR) { | 57 | if (einfo->invert & IPT_ECN_OP_MATCH_CWR) { |
58 | if (th->cwr == 1) | 58 | if (th->cwr == 1) |
59 | return 0; | 59 | return false; |
60 | } else { | 60 | } else { |
61 | if (th->cwr == 0) | 61 | if (th->cwr == 0) |
62 | return 0; | 62 | return false; |
63 | } | 63 | } |
64 | } | 64 | } |
65 | 65 | ||
66 | return 1; | 66 | return true; |
67 | } | 67 | } |
68 | 68 | ||
69 | static int match(const struct sk_buff *skb, | 69 | static bool match(const struct sk_buff *skb, |
70 | const struct net_device *in, const struct net_device *out, | 70 | const struct net_device *in, const struct net_device *out, |
71 | const struct xt_match *match, const void *matchinfo, | 71 | const struct xt_match *match, const void *matchinfo, |
72 | int offset, unsigned int protoff, bool *hotdrop) | 72 | int offset, unsigned int protoff, bool *hotdrop) |
73 | { | 73 | { |
74 | const struct ipt_ecn_info *info = matchinfo; | 74 | const struct ipt_ecn_info *info = matchinfo; |
75 | 75 | ||
76 | if (info->operation & IPT_ECN_OP_MATCH_IP) | 76 | if (info->operation & IPT_ECN_OP_MATCH_IP) |
77 | if (!match_ip(skb, info)) | 77 | if (!match_ip(skb, info)) |
78 | return 0; | 78 | return false; |
79 | 79 | ||
80 | if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) { | 80 | if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) { |
81 | if (ip_hdr(skb)->protocol != IPPROTO_TCP) | 81 | if (ip_hdr(skb)->protocol != IPPROTO_TCP) |
82 | return 0; | 82 | return false; |
83 | if (!match_tcp(skb, info, hotdrop)) | 83 | if (!match_tcp(skb, info, hotdrop)) |
84 | return 0; | 84 | return false; |
85 | } | 85 | } |
86 | 86 | ||
87 | return 1; | 87 | return true; |
88 | } | 88 | } |
89 | 89 | ||
90 | static int checkentry(const char *tablename, const void *ip_void, | 90 | static int checkentry(const char *tablename, const void *ip_void, |
diff --git a/net/ipv4/netfilter/ipt_iprange.c b/net/ipv4/netfilter/ipt_iprange.c index 86f225c1d067..b266d98aac8c 100644 --- a/net/ipv4/netfilter/ipt_iprange.c +++ b/net/ipv4/netfilter/ipt_iprange.c | |||
@@ -23,7 +23,7 @@ MODULE_DESCRIPTION("iptables arbitrary IP range match module"); | |||
23 | #define DEBUGP(format, args...) | 23 | #define DEBUGP(format, args...) |
24 | #endif | 24 | #endif |
25 | 25 | ||
26 | static int | 26 | static bool |
27 | match(const struct sk_buff *skb, | 27 | match(const struct sk_buff *skb, |
28 | const struct net_device *in, | 28 | const struct net_device *in, |
29 | const struct net_device *out, | 29 | const struct net_device *out, |
@@ -44,7 +44,7 @@ match(const struct sk_buff *skb, | |||
44 | info->flags & IPRANGE_SRC_INV ? "(INV) " : "", | 44 | info->flags & IPRANGE_SRC_INV ? "(INV) " : "", |
45 | NIPQUAD(info->src.min_ip), | 45 | NIPQUAD(info->src.min_ip), |
46 | NIPQUAD(info->src.max_ip)); | 46 | NIPQUAD(info->src.max_ip)); |
47 | return 0; | 47 | return false; |
48 | } | 48 | } |
49 | } | 49 | } |
50 | if (info->flags & IPRANGE_DST) { | 50 | if (info->flags & IPRANGE_DST) { |
@@ -57,10 +57,10 @@ match(const struct sk_buff *skb, | |||
57 | info->flags & IPRANGE_DST_INV ? "(INV) " : "", | 57 | info->flags & IPRANGE_DST_INV ? "(INV) " : "", |
58 | NIPQUAD(info->dst.min_ip), | 58 | NIPQUAD(info->dst.min_ip), |
59 | NIPQUAD(info->dst.max_ip)); | 59 | NIPQUAD(info->dst.max_ip)); |
60 | return 0; | 60 | return false; |
61 | } | 61 | } |
62 | } | 62 | } |
63 | return 1; | 63 | return true; |
64 | } | 64 | } |
65 | 65 | ||
66 | static struct xt_match iprange_match = { | 66 | static struct xt_match iprange_match = { |
diff --git a/net/ipv4/netfilter/ipt_owner.c b/net/ipv4/netfilter/ipt_owner.c index 92be562c4aca..8f441cef5504 100644 --- a/net/ipv4/netfilter/ipt_owner.c +++ b/net/ipv4/netfilter/ipt_owner.c | |||
@@ -21,7 +21,7 @@ MODULE_LICENSE("GPL"); | |||
21 | MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); | 21 | MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); |
22 | MODULE_DESCRIPTION("iptables owner match"); | 22 | MODULE_DESCRIPTION("iptables owner match"); |
23 | 23 | ||
24 | static int | 24 | static bool |
25 | match(const struct sk_buff *skb, | 25 | match(const struct sk_buff *skb, |
26 | const struct net_device *in, | 26 | const struct net_device *in, |
27 | const struct net_device *out, | 27 | const struct net_device *out, |
@@ -34,21 +34,21 @@ match(const struct sk_buff *skb, | |||
34 | const struct ipt_owner_info *info = matchinfo; | 34 | const struct ipt_owner_info *info = matchinfo; |
35 | 35 | ||
36 | if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file) | 36 | if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file) |
37 | return 0; | 37 | return false; |
38 | 38 | ||
39 | if(info->match & IPT_OWNER_UID) { | 39 | if(info->match & IPT_OWNER_UID) { |
40 | if ((skb->sk->sk_socket->file->f_uid != info->uid) ^ | 40 | if ((skb->sk->sk_socket->file->f_uid != info->uid) ^ |
41 | !!(info->invert & IPT_OWNER_UID)) | 41 | !!(info->invert & IPT_OWNER_UID)) |
42 | return 0; | 42 | return false; |
43 | } | 43 | } |
44 | 44 | ||
45 | if(info->match & IPT_OWNER_GID) { | 45 | if(info->match & IPT_OWNER_GID) { |
46 | if ((skb->sk->sk_socket->file->f_gid != info->gid) ^ | 46 | if ((skb->sk->sk_socket->file->f_gid != info->gid) ^ |
47 | !!(info->invert & IPT_OWNER_GID)) | 47 | !!(info->invert & IPT_OWNER_GID)) |
48 | return 0; | 48 | return false; |
49 | } | 49 | } |
50 | 50 | ||
51 | return 1; | 51 | return true; |
52 | } | 52 | } |
53 | 53 | ||
54 | static int | 54 | static int |
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c index 81f1a017f311..2e513ed9b6e9 100644 --- a/net/ipv4/netfilter/ipt_recent.c +++ b/net/ipv4/netfilter/ipt_recent.c | |||
@@ -169,7 +169,7 @@ static void recent_table_flush(struct recent_table *t) | |||
169 | } | 169 | } |
170 | } | 170 | } |
171 | 171 | ||
172 | static int | 172 | static bool |
173 | ipt_recent_match(const struct sk_buff *skb, | 173 | ipt_recent_match(const struct sk_buff *skb, |
174 | const struct net_device *in, const struct net_device *out, | 174 | const struct net_device *in, const struct net_device *out, |
175 | const struct xt_match *match, const void *matchinfo, | 175 | const struct xt_match *match, const void *matchinfo, |
@@ -180,7 +180,7 @@ ipt_recent_match(const struct sk_buff *skb, | |||
180 | struct recent_entry *e; | 180 | struct recent_entry *e; |
181 | __be32 addr; | 181 | __be32 addr; |
182 | u_int8_t ttl; | 182 | u_int8_t ttl; |
183 | int ret = info->invert; | 183 | bool ret = info->invert; |
184 | 184 | ||
185 | if (info->side == IPT_RECENT_DEST) | 185 | if (info->side == IPT_RECENT_DEST) |
186 | addr = ip_hdr(skb)->daddr; | 186 | addr = ip_hdr(skb)->daddr; |
@@ -202,15 +202,15 @@ ipt_recent_match(const struct sk_buff *skb, | |||
202 | e = recent_entry_init(t, addr, ttl); | 202 | e = recent_entry_init(t, addr, ttl); |
203 | if (e == NULL) | 203 | if (e == NULL) |
204 | *hotdrop = true; | 204 | *hotdrop = true; |
205 | ret ^= 1; | 205 | ret = !ret; |
206 | goto out; | 206 | goto out; |
207 | } | 207 | } |
208 | 208 | ||
209 | if (info->check_set & IPT_RECENT_SET) | 209 | if (info->check_set & IPT_RECENT_SET) |
210 | ret ^= 1; | 210 | ret = !ret; |
211 | else if (info->check_set & IPT_RECENT_REMOVE) { | 211 | else if (info->check_set & IPT_RECENT_REMOVE) { |
212 | recent_entry_remove(t, e); | 212 | recent_entry_remove(t, e); |
213 | ret ^= 1; | 213 | ret = !ret; |
214 | } else if (info->check_set & (IPT_RECENT_CHECK | IPT_RECENT_UPDATE)) { | 214 | } else if (info->check_set & (IPT_RECENT_CHECK | IPT_RECENT_UPDATE)) { |
215 | unsigned long t = jiffies - info->seconds * HZ; | 215 | unsigned long t = jiffies - info->seconds * HZ; |
216 | unsigned int i, hits = 0; | 216 | unsigned int i, hits = 0; |
@@ -219,7 +219,7 @@ ipt_recent_match(const struct sk_buff *skb, | |||
219 | if (info->seconds && time_after(t, e->stamps[i])) | 219 | if (info->seconds && time_after(t, e->stamps[i])) |
220 | continue; | 220 | continue; |
221 | if (++hits >= info->hit_count) { | 221 | if (++hits >= info->hit_count) { |
222 | ret ^= 1; | 222 | ret = !ret; |
223 | break; | 223 | break; |
224 | } | 224 | } |
225 | } | 225 | } |
diff --git a/net/ipv4/netfilter/ipt_tos.c b/net/ipv4/netfilter/ipt_tos.c index 803ed4c35b55..67699ae46d37 100644 --- a/net/ipv4/netfilter/ipt_tos.c +++ b/net/ipv4/netfilter/ipt_tos.c | |||
@@ -18,7 +18,7 @@ | |||
18 | MODULE_LICENSE("GPL"); | 18 | MODULE_LICENSE("GPL"); |
19 | MODULE_DESCRIPTION("iptables TOS match module"); | 19 | MODULE_DESCRIPTION("iptables TOS match module"); |
20 | 20 | ||
21 | static int | 21 | static bool |
22 | match(const struct sk_buff *skb, | 22 | match(const struct sk_buff *skb, |
23 | const struct net_device *in, | 23 | const struct net_device *in, |
24 | const struct net_device *out, | 24 | const struct net_device *out, |
diff --git a/net/ipv4/netfilter/ipt_ttl.c b/net/ipv4/netfilter/ipt_ttl.c index e7316b27d2c5..82fe4ea8ab79 100644 --- a/net/ipv4/netfilter/ipt_ttl.c +++ b/net/ipv4/netfilter/ipt_ttl.c | |||
@@ -18,10 +18,10 @@ MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); | |||
18 | MODULE_DESCRIPTION("IP tables TTL matching module"); | 18 | MODULE_DESCRIPTION("IP tables TTL matching module"); |
19 | MODULE_LICENSE("GPL"); | 19 | MODULE_LICENSE("GPL"); |
20 | 20 | ||
21 | static int match(const struct sk_buff *skb, | 21 | static bool match(const struct sk_buff *skb, |
22 | const struct net_device *in, const struct net_device *out, | 22 | const struct net_device *in, const struct net_device *out, |
23 | const struct xt_match *match, const void *matchinfo, | 23 | const struct xt_match *match, const void *matchinfo, |
24 | int offset, unsigned int protoff, bool *hotdrop) | 24 | int offset, unsigned int protoff, bool *hotdrop) |
25 | { | 25 | { |
26 | const struct ipt_ttl_info *info = matchinfo; | 26 | const struct ipt_ttl_info *info = matchinfo; |
27 | const u8 ttl = ip_hdr(skb)->ttl; | 27 | const u8 ttl = ip_hdr(skb)->ttl; |
@@ -42,10 +42,10 @@ static int match(const struct sk_buff *skb, | |||
42 | default: | 42 | default: |
43 | printk(KERN_WARNING "ipt_ttl: unknown mode %d\n", | 43 | printk(KERN_WARNING "ipt_ttl: unknown mode %d\n", |
44 | info->mode); | 44 | info->mode); |
45 | return 0; | 45 | return false; |
46 | } | 46 | } |
47 | 47 | ||
48 | return 0; | 48 | return false; |
49 | } | 49 | } |
50 | 50 | ||
51 | static struct xt_match ttl_match = { | 51 | static struct xt_match ttl_match = { |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 13c66a75c21c..31f42e82184a 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -96,7 +96,7 @@ ip6t_ext_hdr(u8 nexthdr) | |||
96 | } | 96 | } |
97 | 97 | ||
98 | /* Returns whether matches rule or not. */ | 98 | /* Returns whether matches rule or not. */ |
99 | static inline int | 99 | static inline bool |
100 | ip6_packet_match(const struct sk_buff *skb, | 100 | ip6_packet_match(const struct sk_buff *skb, |
101 | const char *indev, | 101 | const char *indev, |
102 | const char *outdev, | 102 | const char *outdev, |
@@ -122,7 +122,7 @@ ip6_packet_match(const struct sk_buff *skb, | |||
122 | dprintf("DST: %u. Mask: %u. Target: %u.%s\n", ip->daddr, | 122 | dprintf("DST: %u. Mask: %u. Target: %u.%s\n", ip->daddr, |
123 | ipinfo->dmsk.s_addr, ipinfo->dst.s_addr, | 123 | ipinfo->dmsk.s_addr, ipinfo->dst.s_addr, |
124 | ipinfo->invflags & IP6T_INV_DSTIP ? " (INV)" : "");*/ | 124 | ipinfo->invflags & IP6T_INV_DSTIP ? " (INV)" : "");*/ |
125 | return 0; | 125 | return false; |
126 | } | 126 | } |
127 | 127 | ||
128 | /* Look for ifname matches; this should unroll nicely. */ | 128 | /* Look for ifname matches; this should unroll nicely. */ |
@@ -136,7 +136,7 @@ ip6_packet_match(const struct sk_buff *skb, | |||
136 | dprintf("VIA in mismatch (%s vs %s).%s\n", | 136 | dprintf("VIA in mismatch (%s vs %s).%s\n", |
137 | indev, ip6info->iniface, | 137 | indev, ip6info->iniface, |
138 | ip6info->invflags&IP6T_INV_VIA_IN ?" (INV)":""); | 138 | ip6info->invflags&IP6T_INV_VIA_IN ?" (INV)":""); |
139 | return 0; | 139 | return false; |
140 | } | 140 | } |
141 | 141 | ||
142 | for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { | 142 | for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { |
@@ -149,7 +149,7 @@ ip6_packet_match(const struct sk_buff *skb, | |||
149 | dprintf("VIA out mismatch (%s vs %s).%s\n", | 149 | dprintf("VIA out mismatch (%s vs %s).%s\n", |
150 | outdev, ip6info->outiface, | 150 | outdev, ip6info->outiface, |
151 | ip6info->invflags&IP6T_INV_VIA_OUT ?" (INV)":""); | 151 | ip6info->invflags&IP6T_INV_VIA_OUT ?" (INV)":""); |
152 | return 0; | 152 | return false; |
153 | } | 153 | } |
154 | 154 | ||
155 | /* ... might want to do something with class and flowlabel here ... */ | 155 | /* ... might want to do something with class and flowlabel here ... */ |
@@ -163,7 +163,7 @@ ip6_packet_match(const struct sk_buff *skb, | |||
163 | if (protohdr < 0) { | 163 | if (protohdr < 0) { |
164 | if (_frag_off == 0) | 164 | if (_frag_off == 0) |
165 | *hotdrop = true; | 165 | *hotdrop = true; |
166 | return 0; | 166 | return false; |
167 | } | 167 | } |
168 | *fragoff = _frag_off; | 168 | *fragoff = _frag_off; |
169 | 169 | ||
@@ -174,17 +174,17 @@ ip6_packet_match(const struct sk_buff *skb, | |||
174 | 174 | ||
175 | if (ip6info->proto == protohdr) { | 175 | if (ip6info->proto == protohdr) { |
176 | if(ip6info->invflags & IP6T_INV_PROTO) { | 176 | if(ip6info->invflags & IP6T_INV_PROTO) { |
177 | return 0; | 177 | return false; |
178 | } | 178 | } |
179 | return 1; | 179 | return true; |
180 | } | 180 | } |
181 | 181 | ||
182 | /* We need match for the '-p all', too! */ | 182 | /* We need match for the '-p all', too! */ |
183 | if ((ip6info->proto != 0) && | 183 | if ((ip6info->proto != 0) && |
184 | !(ip6info->invflags & IP6T_INV_PROTO)) | 184 | !(ip6info->invflags & IP6T_INV_PROTO)) |
185 | return 0; | 185 | return false; |
186 | } | 186 | } |
187 | return 1; | 187 | return true; |
188 | } | 188 | } |
189 | 189 | ||
190 | /* should be ip6 safe */ | 190 | /* should be ip6 safe */ |
@@ -219,20 +219,20 @@ ip6t_error(struct sk_buff **pskb, | |||
219 | } | 219 | } |
220 | 220 | ||
221 | static inline | 221 | static inline |
222 | int do_match(struct ip6t_entry_match *m, | 222 | bool do_match(struct ip6t_entry_match *m, |
223 | const struct sk_buff *skb, | 223 | const struct sk_buff *skb, |
224 | const struct net_device *in, | 224 | const struct net_device *in, |
225 | const struct net_device *out, | 225 | const struct net_device *out, |
226 | int offset, | 226 | int offset, |
227 | unsigned int protoff, | 227 | unsigned int protoff, |
228 | bool *hotdrop) | 228 | bool *hotdrop) |
229 | { | 229 | { |
230 | /* Stop iteration if it doesn't match */ | 230 | /* Stop iteration if it doesn't match */ |
231 | if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data, | 231 | if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data, |
232 | offset, protoff, hotdrop)) | 232 | offset, protoff, hotdrop)) |
233 | return 1; | 233 | return true; |
234 | else | 234 | else |
235 | return 0; | 235 | return false; |
236 | } | 236 | } |
237 | 237 | ||
238 | static inline struct ip6t_entry * | 238 | static inline struct ip6t_entry * |
@@ -1291,7 +1291,7 @@ icmp6_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code, | |||
1291 | ^ invert; | 1291 | ^ invert; |
1292 | } | 1292 | } |
1293 | 1293 | ||
1294 | static int | 1294 | static bool |
1295 | icmp6_match(const struct sk_buff *skb, | 1295 | icmp6_match(const struct sk_buff *skb, |
1296 | const struct net_device *in, | 1296 | const struct net_device *in, |
1297 | const struct net_device *out, | 1297 | const struct net_device *out, |
@@ -1306,7 +1306,7 @@ icmp6_match(const struct sk_buff *skb, | |||
1306 | 1306 | ||
1307 | /* Must not be a fragment. */ | 1307 | /* Must not be a fragment. */ |
1308 | if (offset) | 1308 | if (offset) |
1309 | return 0; | 1309 | return false; |
1310 | 1310 | ||
1311 | ic = skb_header_pointer(skb, protoff, sizeof(_icmp), &_icmp); | 1311 | ic = skb_header_pointer(skb, protoff, sizeof(_icmp), &_icmp); |
1312 | if (ic == NULL) { | 1312 | if (ic == NULL) { |
@@ -1314,7 +1314,7 @@ icmp6_match(const struct sk_buff *skb, | |||
1314 | can't. Hence, no choice but to drop. */ | 1314 | can't. Hence, no choice but to drop. */ |
1315 | duprintf("Dropping evil ICMP tinygram.\n"); | 1315 | duprintf("Dropping evil ICMP tinygram.\n"); |
1316 | *hotdrop = true; | 1316 | *hotdrop = true; |
1317 | return 0; | 1317 | return false; |
1318 | } | 1318 | } |
1319 | 1319 | ||
1320 | return icmp6_type_code_match(icmpinfo->type, | 1320 | return icmp6_type_code_match(icmpinfo->type, |
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c index 27b7bd279c0e..607c2eb1296f 100644 --- a/net/ipv6/netfilter/ip6t_ah.c +++ b/net/ipv6/netfilter/ip6t_ah.c | |||
@@ -30,10 +30,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); | |||
30 | #endif | 30 | #endif |
31 | 31 | ||
32 | /* Returns 1 if the spi is matched by the range, 0 otherwise */ | 32 | /* Returns 1 if the spi is matched by the range, 0 otherwise */ |
33 | static inline int | 33 | static inline bool |
34 | spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) | 34 | spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert) |
35 | { | 35 | { |
36 | int r=0; | 36 | bool r; |
37 | DEBUGP("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ', | 37 | DEBUGP("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ', |
38 | min,spi,max); | 38 | min,spi,max); |
39 | r = (spi >= min && spi <= max) ^ invert; | 39 | r = (spi >= min && spi <= max) ^ invert; |
@@ -41,7 +41,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) | |||
41 | return r; | 41 | return r; |
42 | } | 42 | } |
43 | 43 | ||
44 | static int | 44 | static bool |
45 | match(const struct sk_buff *skb, | 45 | match(const struct sk_buff *skb, |
46 | const struct net_device *in, | 46 | const struct net_device *in, |
47 | const struct net_device *out, | 47 | const struct net_device *out, |
@@ -61,13 +61,13 @@ match(const struct sk_buff *skb, | |||
61 | if (err < 0) { | 61 | if (err < 0) { |
62 | if (err != -ENOENT) | 62 | if (err != -ENOENT) |
63 | *hotdrop = true; | 63 | *hotdrop = true; |
64 | return 0; | 64 | return false; |
65 | } | 65 | } |
66 | 66 | ||
67 | ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah); | 67 | ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah); |
68 | if (ah == NULL) { | 68 | if (ah == NULL) { |
69 | *hotdrop = true; | 69 | *hotdrop = true; |
70 | return 0; | 70 | return false; |
71 | } | 71 | } |
72 | 72 | ||
73 | hdrlen = (ah->hdrlen + 2) << 2; | 73 | hdrlen = (ah->hdrlen + 2) << 2; |
diff --git a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c index 69e79e19040e..bebb12a1d0e6 100644 --- a/net/ipv6/netfilter/ip6t_eui64.c +++ b/net/ipv6/netfilter/ip6t_eui64.c | |||
@@ -19,7 +19,7 @@ MODULE_DESCRIPTION("IPv6 EUI64 address checking match"); | |||
19 | MODULE_LICENSE("GPL"); | 19 | MODULE_LICENSE("GPL"); |
20 | MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); | 20 | MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); |
21 | 21 | ||
22 | static int | 22 | static bool |
23 | match(const struct sk_buff *skb, | 23 | match(const struct sk_buff *skb, |
24 | const struct net_device *in, | 24 | const struct net_device *in, |
25 | const struct net_device *out, | 25 | const struct net_device *out, |
@@ -36,7 +36,7 @@ match(const struct sk_buff *skb, | |||
36 | (skb_mac_header(skb) + ETH_HLEN) <= skb->data) && | 36 | (skb_mac_header(skb) + ETH_HLEN) <= skb->data) && |
37 | offset != 0) { | 37 | offset != 0) { |
38 | *hotdrop = true; | 38 | *hotdrop = true; |
39 | return 0; | 39 | return false; |
40 | } | 40 | } |
41 | 41 | ||
42 | memset(eui64, 0, sizeof(eui64)); | 42 | memset(eui64, 0, sizeof(eui64)); |
@@ -55,11 +55,11 @@ match(const struct sk_buff *skb, | |||
55 | i++; | 55 | i++; |
56 | 56 | ||
57 | if (i == 8) | 57 | if (i == 8) |
58 | return 1; | 58 | return true; |
59 | } | 59 | } |
60 | } | 60 | } |
61 | 61 | ||
62 | return 0; | 62 | return false; |
63 | } | 63 | } |
64 | 64 | ||
65 | static struct xt_match eui64_match = { | 65 | static struct xt_match eui64_match = { |
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c index 740fdcafa5f3..0ed5fbcf1f18 100644 --- a/net/ipv6/netfilter/ip6t_frag.c +++ b/net/ipv6/netfilter/ip6t_frag.c | |||
@@ -29,10 +29,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); | |||
29 | #endif | 29 | #endif |
30 | 30 | ||
31 | /* Returns 1 if the id is matched by the range, 0 otherwise */ | 31 | /* Returns 1 if the id is matched by the range, 0 otherwise */ |
32 | static inline int | 32 | static inline bool |
33 | id_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert) | 33 | id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert) |
34 | { | 34 | { |
35 | int r = 0; | 35 | bool r; |
36 | DEBUGP("frag id_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ', | 36 | DEBUGP("frag id_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ', |
37 | min, id, max); | 37 | min, id, max); |
38 | r = (id >= min && id <= max) ^ invert; | 38 | r = (id >= min && id <= max) ^ invert; |
@@ -40,7 +40,7 @@ id_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert) | |||
40 | return r; | 40 | return r; |
41 | } | 41 | } |
42 | 42 | ||
43 | static int | 43 | static bool |
44 | match(const struct sk_buff *skb, | 44 | match(const struct sk_buff *skb, |
45 | const struct net_device *in, | 45 | const struct net_device *in, |
46 | const struct net_device *out, | 46 | const struct net_device *out, |
@@ -59,13 +59,13 @@ match(const struct sk_buff *skb, | |||
59 | if (err < 0) { | 59 | if (err < 0) { |
60 | if (err != -ENOENT) | 60 | if (err != -ENOENT) |
61 | *hotdrop = true; | 61 | *hotdrop = true; |
62 | return 0; | 62 | return false; |
63 | } | 63 | } |
64 | 64 | ||
65 | fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag); | 65 | fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag); |
66 | if (fh == NULL) { | 66 | if (fh == NULL) { |
67 | *hotdrop = true; | 67 | *hotdrop = true; |
68 | return 0; | 68 | return false; |
69 | } | 69 | } |
70 | 70 | ||
71 | DEBUGP("INFO %04X ", fh->frag_off); | 71 | DEBUGP("INFO %04X ", fh->frag_off); |
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c index 5633de160c6d..4b05393faa68 100644 --- a/net/ipv6/netfilter/ip6t_hbh.c +++ b/net/ipv6/netfilter/ip6t_hbh.c | |||
@@ -47,7 +47,7 @@ MODULE_ALIAS("ip6t_dst"); | |||
47 | * 5 -> RTALERT 2 x x | 47 | * 5 -> RTALERT 2 x x |
48 | */ | 48 | */ |
49 | 49 | ||
50 | static int | 50 | static bool |
51 | match(const struct sk_buff *skb, | 51 | match(const struct sk_buff *skb, |
52 | const struct net_device *in, | 52 | const struct net_device *in, |
53 | const struct net_device *out, | 53 | const struct net_device *out, |
@@ -62,7 +62,7 @@ match(const struct sk_buff *skb, | |||
62 | unsigned int temp; | 62 | unsigned int temp; |
63 | unsigned int ptr; | 63 | unsigned int ptr; |
64 | unsigned int hdrlen = 0; | 64 | unsigned int hdrlen = 0; |
65 | unsigned int ret = 0; | 65 | bool ret = false; |
66 | u8 _opttype, *tp = NULL; | 66 | u8 _opttype, *tp = NULL; |
67 | u8 _optlen, *lp = NULL; | 67 | u8 _optlen, *lp = NULL; |
68 | unsigned int optlen; | 68 | unsigned int optlen; |
@@ -72,19 +72,19 @@ match(const struct sk_buff *skb, | |||
72 | if (err < 0) { | 72 | if (err < 0) { |
73 | if (err != -ENOENT) | 73 | if (err != -ENOENT) |
74 | *hotdrop = true; | 74 | *hotdrop = true; |
75 | return 0; | 75 | return false; |
76 | } | 76 | } |
77 | 77 | ||
78 | oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh); | 78 | oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh); |
79 | if (oh == NULL) { | 79 | if (oh == NULL) { |
80 | *hotdrop = true; | 80 | *hotdrop = true; |
81 | return 0; | 81 | return false; |
82 | } | 82 | } |
83 | 83 | ||
84 | hdrlen = ipv6_optlen(oh); | 84 | hdrlen = ipv6_optlen(oh); |
85 | if (skb->len - ptr < hdrlen) { | 85 | if (skb->len - ptr < hdrlen) { |
86 | /* Packet smaller than it's length field */ | 86 | /* Packet smaller than it's length field */ |
87 | return 0; | 87 | return false; |
88 | } | 88 | } |
89 | 89 | ||
90 | DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen); | 90 | DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen); |
@@ -123,7 +123,7 @@ match(const struct sk_buff *skb, | |||
123 | DEBUGP("Tbad %02X %02X\n", | 123 | DEBUGP("Tbad %02X %02X\n", |
124 | *tp, | 124 | *tp, |
125 | (optinfo->opts[temp] & 0xFF00) >> 8); | 125 | (optinfo->opts[temp] & 0xFF00) >> 8); |
126 | return 0; | 126 | return false; |
127 | } else { | 127 | } else { |
128 | DEBUGP("Tok "); | 128 | DEBUGP("Tok "); |
129 | } | 129 | } |
@@ -144,7 +144,7 @@ match(const struct sk_buff *skb, | |||
144 | if (spec_len != 0x00FF && spec_len != *lp) { | 144 | if (spec_len != 0x00FF && spec_len != *lp) { |
145 | DEBUGP("Lbad %02X %04X\n", *lp, | 145 | DEBUGP("Lbad %02X %04X\n", *lp, |
146 | spec_len); | 146 | spec_len); |
147 | return 0; | 147 | return false; |
148 | } | 148 | } |
149 | DEBUGP("Lok "); | 149 | DEBUGP("Lok "); |
150 | optlen = *lp + 2; | 150 | optlen = *lp + 2; |
@@ -167,10 +167,10 @@ match(const struct sk_buff *skb, | |||
167 | if (temp == optinfo->optsnr) | 167 | if (temp == optinfo->optsnr) |
168 | return ret; | 168 | return ret; |
169 | else | 169 | else |
170 | return 0; | 170 | return false; |
171 | } | 171 | } |
172 | 172 | ||
173 | return 0; | 173 | return false; |
174 | } | 174 | } |
175 | 175 | ||
176 | /* Called when user tries to insert an entry of this type. */ | 176 | /* Called when user tries to insert an entry of this type. */ |
diff --git a/net/ipv6/netfilter/ip6t_hl.c b/net/ipv6/netfilter/ip6t_hl.c index cbf49cffa067..b933e84a06a4 100644 --- a/net/ipv6/netfilter/ip6t_hl.c +++ b/net/ipv6/netfilter/ip6t_hl.c | |||
@@ -19,10 +19,10 @@ MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>"); | |||
19 | MODULE_DESCRIPTION("IP tables Hop Limit matching module"); | 19 | MODULE_DESCRIPTION("IP tables Hop Limit matching module"); |
20 | MODULE_LICENSE("GPL"); | 20 | MODULE_LICENSE("GPL"); |
21 | 21 | ||
22 | static int match(const struct sk_buff *skb, | 22 | static bool match(const struct sk_buff *skb, |
23 | const struct net_device *in, const struct net_device *out, | 23 | const struct net_device *in, const struct net_device *out, |
24 | const struct xt_match *match, const void *matchinfo, | 24 | const struct xt_match *match, const void *matchinfo, |
25 | int offset, unsigned int protoff, bool *hotdrop) | 25 | int offset, unsigned int protoff, bool *hotdrop) |
26 | { | 26 | { |
27 | const struct ip6t_hl_info *info = matchinfo; | 27 | const struct ip6t_hl_info *info = matchinfo; |
28 | const struct ipv6hdr *ip6h = ipv6_hdr(skb); | 28 | const struct ipv6hdr *ip6h = ipv6_hdr(skb); |
@@ -43,10 +43,10 @@ static int match(const struct sk_buff *skb, | |||
43 | default: | 43 | default: |
44 | printk(KERN_WARNING "ip6t_hl: unknown mode %d\n", | 44 | printk(KERN_WARNING "ip6t_hl: unknown mode %d\n", |
45 | info->mode); | 45 | info->mode); |
46 | return 0; | 46 | return false; |
47 | } | 47 | } |
48 | 48 | ||
49 | return 0; | 49 | return false; |
50 | } | 50 | } |
51 | 51 | ||
52 | static struct xt_match hl_match = { | 52 | static struct xt_match hl_match = { |
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c index 469dec27c649..3222e8959426 100644 --- a/net/ipv6/netfilter/ip6t_ipv6header.c +++ b/net/ipv6/netfilter/ip6t_ipv6header.c | |||
@@ -26,7 +26,7 @@ MODULE_LICENSE("GPL"); | |||
26 | MODULE_DESCRIPTION("IPv6 headers match"); | 26 | MODULE_DESCRIPTION("IPv6 headers match"); |
27 | MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); | 27 | MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); |
28 | 28 | ||
29 | static int | 29 | static bool |
30 | ipv6header_match(const struct sk_buff *skb, | 30 | ipv6header_match(const struct sk_buff *skb, |
31 | const struct net_device *in, | 31 | const struct net_device *in, |
32 | const struct net_device *out, | 32 | const struct net_device *out, |
@@ -58,7 +58,7 @@ ipv6header_match(const struct sk_buff *skb, | |||
58 | 58 | ||
59 | /* Is there enough space for the next ext header? */ | 59 | /* Is there enough space for the next ext header? */ |
60 | if (len < (int)sizeof(struct ipv6_opt_hdr)) | 60 | if (len < (int)sizeof(struct ipv6_opt_hdr)) |
61 | return 0; | 61 | return false; |
62 | /* No more exthdr -> evaluate */ | 62 | /* No more exthdr -> evaluate */ |
63 | if (nexthdr == NEXTHDR_NONE) { | 63 | if (nexthdr == NEXTHDR_NONE) { |
64 | temp |= MASK_NONE; | 64 | temp |= MASK_NONE; |
@@ -99,7 +99,7 @@ ipv6header_match(const struct sk_buff *skb, | |||
99 | temp |= MASK_DSTOPTS; | 99 | temp |= MASK_DSTOPTS; |
100 | break; | 100 | break; |
101 | default: | 101 | default: |
102 | return 0; | 102 | return false; |
103 | break; | 103 | break; |
104 | } | 104 | } |
105 | 105 | ||
diff --git a/net/ipv6/netfilter/ip6t_mh.c b/net/ipv6/netfilter/ip6t_mh.c index c27647b6c274..ddffe03a8b37 100644 --- a/net/ipv6/netfilter/ip6t_mh.c +++ b/net/ipv6/netfilter/ip6t_mh.c | |||
@@ -31,16 +31,13 @@ MODULE_LICENSE("GPL"); | |||
31 | #endif | 31 | #endif |
32 | 32 | ||
33 | /* Returns 1 if the type is matched by the range, 0 otherwise */ | 33 | /* Returns 1 if the type is matched by the range, 0 otherwise */ |
34 | static inline int | 34 | static inline bool |
35 | type_match(u_int8_t min, u_int8_t max, u_int8_t type, int invert) | 35 | type_match(u_int8_t min, u_int8_t max, u_int8_t type, bool invert) |
36 | { | 36 | { |
37 | int ret; | 37 | return (type >= min && type <= max) ^ invert; |
38 | |||
39 | ret = (type >= min && type <= max) ^ invert; | ||
40 | return ret; | ||
41 | } | 38 | } |
42 | 39 | ||
43 | static int | 40 | static bool |
44 | match(const struct sk_buff *skb, | 41 | match(const struct sk_buff *skb, |
45 | const struct net_device *in, | 42 | const struct net_device *in, |
46 | const struct net_device *out, | 43 | const struct net_device *out, |
@@ -55,7 +52,7 @@ match(const struct sk_buff *skb, | |||
55 | 52 | ||
56 | /* Must not be a fragment. */ | 53 | /* Must not be a fragment. */ |
57 | if (offset) | 54 | if (offset) |
58 | return 0; | 55 | return false; |
59 | 56 | ||
60 | mh = skb_header_pointer(skb, protoff, sizeof(_mh), &_mh); | 57 | mh = skb_header_pointer(skb, protoff, sizeof(_mh), &_mh); |
61 | if (mh == NULL) { | 58 | if (mh == NULL) { |
@@ -63,14 +60,14 @@ match(const struct sk_buff *skb, | |||
63 | can't. Hence, no choice but to drop. */ | 60 | can't. Hence, no choice but to drop. */ |
64 | duprintf("Dropping evil MH tinygram.\n"); | 61 | duprintf("Dropping evil MH tinygram.\n"); |
65 | *hotdrop = true; | 62 | *hotdrop = true; |
66 | return 0; | 63 | return false; |
67 | } | 64 | } |
68 | 65 | ||
69 | if (mh->ip6mh_proto != IPPROTO_NONE) { | 66 | if (mh->ip6mh_proto != IPPROTO_NONE) { |
70 | duprintf("Dropping invalid MH Payload Proto: %u\n", | 67 | duprintf("Dropping invalid MH Payload Proto: %u\n", |
71 | mh->ip6mh_proto); | 68 | mh->ip6mh_proto); |
72 | *hotdrop = true; | 69 | *hotdrop = true; |
73 | return 0; | 70 | return false; |
74 | } | 71 | } |
75 | 72 | ||
76 | return type_match(mhinfo->types[0], mhinfo->types[1], mh->ip6mh_type, | 73 | return type_match(mhinfo->types[0], mhinfo->types[1], mh->ip6mh_type, |
diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c index f90f7c32cc9e..cadd0a64fed7 100644 --- a/net/ipv6/netfilter/ip6t_owner.c +++ b/net/ipv6/netfilter/ip6t_owner.c | |||
@@ -23,7 +23,7 @@ MODULE_DESCRIPTION("IP6 tables owner matching module"); | |||
23 | MODULE_LICENSE("GPL"); | 23 | MODULE_LICENSE("GPL"); |
24 | 24 | ||
25 | 25 | ||
26 | static int | 26 | static bool |
27 | match(const struct sk_buff *skb, | 27 | match(const struct sk_buff *skb, |
28 | const struct net_device *in, | 28 | const struct net_device *in, |
29 | const struct net_device *out, | 29 | const struct net_device *out, |
@@ -36,21 +36,21 @@ match(const struct sk_buff *skb, | |||
36 | const struct ip6t_owner_info *info = matchinfo; | 36 | const struct ip6t_owner_info *info = matchinfo; |
37 | 37 | ||
38 | if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file) | 38 | if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file) |
39 | return 0; | 39 | return false; |
40 | 40 | ||
41 | if (info->match & IP6T_OWNER_UID) { | 41 | if (info->match & IP6T_OWNER_UID) { |
42 | if ((skb->sk->sk_socket->file->f_uid != info->uid) ^ | 42 | if ((skb->sk->sk_socket->file->f_uid != info->uid) ^ |
43 | !!(info->invert & IP6T_OWNER_UID)) | 43 | !!(info->invert & IP6T_OWNER_UID)) |
44 | return 0; | 44 | return false; |
45 | } | 45 | } |
46 | 46 | ||
47 | if (info->match & IP6T_OWNER_GID) { | 47 | if (info->match & IP6T_OWNER_GID) { |
48 | if ((skb->sk->sk_socket->file->f_gid != info->gid) ^ | 48 | if ((skb->sk->sk_socket->file->f_gid != info->gid) ^ |
49 | !!(info->invert & IP6T_OWNER_GID)) | 49 | !!(info->invert & IP6T_OWNER_GID)) |
50 | return 0; | 50 | return false; |
51 | } | 51 | } |
52 | 52 | ||
53 | return 1; | 53 | return true; |
54 | } | 54 | } |
55 | 55 | ||
56 | static int | 56 | static int |
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c index 2bb88214cfda..7966f4a5e9b7 100644 --- a/net/ipv6/netfilter/ip6t_rt.c +++ b/net/ipv6/netfilter/ip6t_rt.c | |||
@@ -31,10 +31,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); | |||
31 | #endif | 31 | #endif |
32 | 32 | ||
33 | /* Returns 1 if the id is matched by the range, 0 otherwise */ | 33 | /* Returns 1 if the id is matched by the range, 0 otherwise */ |
34 | static inline int | 34 | static inline bool |
35 | segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert) | 35 | segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert) |
36 | { | 36 | { |
37 | int r = 0; | 37 | bool r; |
38 | DEBUGP("rt segsleft_match:%c 0x%x <= 0x%x <= 0x%x", | 38 | DEBUGP("rt segsleft_match:%c 0x%x <= 0x%x <= 0x%x", |
39 | invert ? '!' : ' ', min, id, max); | 39 | invert ? '!' : ' ', min, id, max); |
40 | r = (id >= min && id <= max) ^ invert; | 40 | r = (id >= min && id <= max) ^ invert; |
@@ -42,7 +42,7 @@ segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert) | |||
42 | return r; | 42 | return r; |
43 | } | 43 | } |
44 | 44 | ||
45 | static int | 45 | static bool |
46 | match(const struct sk_buff *skb, | 46 | match(const struct sk_buff *skb, |
47 | const struct net_device *in, | 47 | const struct net_device *in, |
48 | const struct net_device *out, | 48 | const struct net_device *out, |
@@ -57,7 +57,7 @@ match(const struct sk_buff *skb, | |||
57 | unsigned int temp; | 57 | unsigned int temp; |
58 | unsigned int ptr; | 58 | unsigned int ptr; |
59 | unsigned int hdrlen = 0; | 59 | unsigned int hdrlen = 0; |
60 | unsigned int ret = 0; | 60 | bool ret = false; |
61 | struct in6_addr *ap, _addr; | 61 | struct in6_addr *ap, _addr; |
62 | int err; | 62 | int err; |
63 | 63 | ||
@@ -65,19 +65,19 @@ match(const struct sk_buff *skb, | |||
65 | if (err < 0) { | 65 | if (err < 0) { |
66 | if (err != -ENOENT) | 66 | if (err != -ENOENT) |
67 | *hotdrop = true; | 67 | *hotdrop = true; |
68 | return 0; | 68 | return false; |
69 | } | 69 | } |
70 | 70 | ||
71 | rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route); | 71 | rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route); |
72 | if (rh == NULL) { | 72 | if (rh == NULL) { |
73 | *hotdrop = true; | 73 | *hotdrop = true; |
74 | return 0; | 74 | return false; |
75 | } | 75 | } |
76 | 76 | ||
77 | hdrlen = ipv6_optlen(rh); | 77 | hdrlen = ipv6_optlen(rh); |
78 | if (skb->len - ptr < hdrlen) { | 78 | if (skb->len - ptr < hdrlen) { |
79 | /* Pcket smaller than its length field */ | 79 | /* Pcket smaller than its length field */ |
80 | return 0; | 80 | return false; |
81 | } | 81 | } |
82 | 82 | ||
83 | DEBUGP("IPv6 RT LEN %u %u ", hdrlen, rh->hdrlen); | 83 | DEBUGP("IPv6 RT LEN %u %u ", hdrlen, rh->hdrlen); |
@@ -136,7 +136,7 @@ match(const struct sk_buff *skb, | |||
136 | DEBUGP("Not strict "); | 136 | DEBUGP("Not strict "); |
137 | if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) { | 137 | if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) { |
138 | DEBUGP("There isn't enough space\n"); | 138 | DEBUGP("There isn't enough space\n"); |
139 | return 0; | 139 | return false; |
140 | } else { | 140 | } else { |
141 | unsigned int i = 0; | 141 | unsigned int i = 0; |
142 | 142 | ||
@@ -164,13 +164,13 @@ match(const struct sk_buff *skb, | |||
164 | if (i == rtinfo->addrnr) | 164 | if (i == rtinfo->addrnr) |
165 | return ret; | 165 | return ret; |
166 | else | 166 | else |
167 | return 0; | 167 | return false; |
168 | } | 168 | } |
169 | } else { | 169 | } else { |
170 | DEBUGP("Strict "); | 170 | DEBUGP("Strict "); |
171 | if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) { | 171 | if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) { |
172 | DEBUGP("There isn't enough space\n"); | 172 | DEBUGP("There isn't enough space\n"); |
173 | return 0; | 173 | return false; |
174 | } else { | 174 | } else { |
175 | DEBUGP("#%d ", rtinfo->addrnr); | 175 | DEBUGP("#%d ", rtinfo->addrnr); |
176 | for (temp = 0; temp < rtinfo->addrnr; temp++) { | 176 | for (temp = 0; temp < rtinfo->addrnr; temp++) { |
@@ -190,11 +190,11 @@ match(const struct sk_buff *skb, | |||
190 | (temp == (unsigned int)((hdrlen - 8) / 16))) | 190 | (temp == (unsigned int)((hdrlen - 8) / 16))) |
191 | return ret; | 191 | return ret; |
192 | else | 192 | else |
193 | return 0; | 193 | return false; |
194 | } | 194 | } |
195 | } | 195 | } |
196 | 196 | ||
197 | return 0; | 197 | return false; |
198 | } | 198 | } |
199 | 199 | ||
200 | /* Called when user tries to insert an entry of this type. */ | 200 | /* Called when user tries to insert an entry of this type. */ |
diff --git a/net/netfilter/xt_comment.c b/net/netfilter/xt_comment.c index 20690ea0d466..aa9503ff90ba 100644 --- a/net/netfilter/xt_comment.c +++ b/net/netfilter/xt_comment.c | |||
@@ -15,7 +15,7 @@ MODULE_LICENSE("GPL"); | |||
15 | MODULE_ALIAS("ipt_comment"); | 15 | MODULE_ALIAS("ipt_comment"); |
16 | MODULE_ALIAS("ip6t_comment"); | 16 | MODULE_ALIAS("ip6t_comment"); |
17 | 17 | ||
18 | static int | 18 | static bool |
19 | match(const struct sk_buff *skb, | 19 | match(const struct sk_buff *skb, |
20 | const struct net_device *in, | 20 | const struct net_device *in, |
21 | const struct net_device *out, | 21 | const struct net_device *out, |
@@ -26,7 +26,7 @@ match(const struct sk_buff *skb, | |||
26 | bool *hotdrop) | 26 | bool *hotdrop) |
27 | { | 27 | { |
28 | /* We always match */ | 28 | /* We always match */ |
29 | return 1; | 29 | return true; |
30 | } | 30 | } |
31 | 31 | ||
32 | static struct xt_match xt_comment_match[] = { | 32 | static struct xt_match xt_comment_match[] = { |
diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c index 8fe5775901e1..aada7b797549 100644 --- a/net/netfilter/xt_connbytes.c +++ b/net/netfilter/xt_connbytes.c | |||
@@ -15,7 +15,7 @@ MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); | |||
15 | MODULE_DESCRIPTION("iptables match for matching number of pkts/bytes per connection"); | 15 | MODULE_DESCRIPTION("iptables match for matching number of pkts/bytes per connection"); |
16 | MODULE_ALIAS("ipt_connbytes"); | 16 | MODULE_ALIAS("ipt_connbytes"); |
17 | 17 | ||
18 | static int | 18 | static bool |
19 | match(const struct sk_buff *skb, | 19 | match(const struct sk_buff *skb, |
20 | const struct net_device *in, | 20 | const struct net_device *in, |
21 | const struct net_device *out, | 21 | const struct net_device *out, |
@@ -35,7 +35,7 @@ match(const struct sk_buff *skb, | |||
35 | 35 | ||
36 | ct = nf_ct_get(skb, &ctinfo); | 36 | ct = nf_ct_get(skb, &ctinfo); |
37 | if (!ct) | 37 | if (!ct) |
38 | return 0; | 38 | return false; |
39 | counters = ct->counters; | 39 | counters = ct->counters; |
40 | 40 | ||
41 | switch (sinfo->what) { | 41 | switch (sinfo->what) { |
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c index 8a6d58ab5d2b..3321b80aff4f 100644 --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c | |||
@@ -30,7 +30,7 @@ MODULE_DESCRIPTION("IP tables connmark match module"); | |||
30 | MODULE_LICENSE("GPL"); | 30 | MODULE_LICENSE("GPL"); |
31 | MODULE_ALIAS("ipt_connmark"); | 31 | MODULE_ALIAS("ipt_connmark"); |
32 | 32 | ||
33 | static int | 33 | static bool |
34 | match(const struct sk_buff *skb, | 34 | match(const struct sk_buff *skb, |
35 | const struct net_device *in, | 35 | const struct net_device *in, |
36 | const struct net_device *out, | 36 | const struct net_device *out, |
@@ -46,7 +46,7 @@ match(const struct sk_buff *skb, | |||
46 | 46 | ||
47 | ct = nf_ct_get(skb, &ctinfo); | 47 | ct = nf_ct_get(skb, &ctinfo); |
48 | if (!ct) | 48 | if (!ct) |
49 | return 0; | 49 | return false; |
50 | 50 | ||
51 | return (((ct->mark) & info->mask) == info->mark) ^ info->invert; | 51 | return (((ct->mark) & info->mask) == info->mark) ^ info->invert; |
52 | } | 52 | } |
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index 915c730d3b72..26901f95bf4b 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c | |||
@@ -19,7 +19,7 @@ MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); | |||
19 | MODULE_DESCRIPTION("iptables connection tracking match module"); | 19 | MODULE_DESCRIPTION("iptables connection tracking match module"); |
20 | MODULE_ALIAS("ipt_conntrack"); | 20 | MODULE_ALIAS("ipt_conntrack"); |
21 | 21 | ||
22 | static int | 22 | static bool |
23 | match(const struct sk_buff *skb, | 23 | match(const struct sk_buff *skb, |
24 | const struct net_device *in, | 24 | const struct net_device *in, |
25 | const struct net_device *out, | 25 | const struct net_device *out, |
@@ -54,53 +54,53 @@ match(const struct sk_buff *skb, | |||
54 | } | 54 | } |
55 | if (FWINV((statebit & sinfo->statemask) == 0, | 55 | if (FWINV((statebit & sinfo->statemask) == 0, |
56 | XT_CONNTRACK_STATE)) | 56 | XT_CONNTRACK_STATE)) |
57 | return 0; | 57 | return false; |
58 | } | 58 | } |
59 | 59 | ||
60 | if (ct == NULL) { | 60 | if (ct == NULL) { |
61 | if (sinfo->flags & ~XT_CONNTRACK_STATE) | 61 | if (sinfo->flags & ~XT_CONNTRACK_STATE) |
62 | return 0; | 62 | return false; |
63 | return 1; | 63 | return true; |
64 | } | 64 | } |
65 | 65 | ||
66 | if (sinfo->flags & XT_CONNTRACK_PROTO && | 66 | if (sinfo->flags & XT_CONNTRACK_PROTO && |
67 | FWINV(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum != | 67 | FWINV(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum != |
68 | sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum, | 68 | sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum, |
69 | XT_CONNTRACK_PROTO)) | 69 | XT_CONNTRACK_PROTO)) |
70 | return 0; | 70 | return false; |
71 | 71 | ||
72 | if (sinfo->flags & XT_CONNTRACK_ORIGSRC && | 72 | if (sinfo->flags & XT_CONNTRACK_ORIGSRC && |
73 | FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip & | 73 | FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip & |
74 | sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) != | 74 | sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) != |
75 | sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip, | 75 | sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip, |
76 | XT_CONNTRACK_ORIGSRC)) | 76 | XT_CONNTRACK_ORIGSRC)) |
77 | return 0; | 77 | return false; |
78 | 78 | ||
79 | if (sinfo->flags & XT_CONNTRACK_ORIGDST && | 79 | if (sinfo->flags & XT_CONNTRACK_ORIGDST && |
80 | FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip & | 80 | FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip & |
81 | sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) != | 81 | sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) != |
82 | sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip, | 82 | sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip, |
83 | XT_CONNTRACK_ORIGDST)) | 83 | XT_CONNTRACK_ORIGDST)) |
84 | return 0; | 84 | return false; |
85 | 85 | ||
86 | if (sinfo->flags & XT_CONNTRACK_REPLSRC && | 86 | if (sinfo->flags & XT_CONNTRACK_REPLSRC && |
87 | FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip & | 87 | FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip & |
88 | sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) != | 88 | sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) != |
89 | sinfo->tuple[IP_CT_DIR_REPLY].src.ip, | 89 | sinfo->tuple[IP_CT_DIR_REPLY].src.ip, |
90 | XT_CONNTRACK_REPLSRC)) | 90 | XT_CONNTRACK_REPLSRC)) |
91 | return 0; | 91 | return false; |
92 | 92 | ||
93 | if (sinfo->flags & XT_CONNTRACK_REPLDST && | 93 | if (sinfo->flags & XT_CONNTRACK_REPLDST && |
94 | FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip & | 94 | FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip & |
95 | sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) != | 95 | sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) != |
96 | sinfo->tuple[IP_CT_DIR_REPLY].dst.ip, | 96 | sinfo->tuple[IP_CT_DIR_REPLY].dst.ip, |
97 | XT_CONNTRACK_REPLDST)) | 97 | XT_CONNTRACK_REPLDST)) |
98 | return 0; | 98 | return false; |
99 | 99 | ||
100 | if (sinfo->flags & XT_CONNTRACK_STATUS && | 100 | if (sinfo->flags & XT_CONNTRACK_STATUS && |
101 | FWINV((ct->status & sinfo->statusmask) == 0, | 101 | FWINV((ct->status & sinfo->statusmask) == 0, |
102 | XT_CONNTRACK_STATUS)) | 102 | XT_CONNTRACK_STATUS)) |
103 | return 0; | 103 | return false; |
104 | 104 | ||
105 | if(sinfo->flags & XT_CONNTRACK_EXPIRES) { | 105 | if(sinfo->flags & XT_CONNTRACK_EXPIRES) { |
106 | unsigned long expires = timer_pending(&ct->timeout) ? | 106 | unsigned long expires = timer_pending(&ct->timeout) ? |
@@ -109,9 +109,9 @@ match(const struct sk_buff *skb, | |||
109 | if (FWINV(!(expires >= sinfo->expires_min && | 109 | if (FWINV(!(expires >= sinfo->expires_min && |
110 | expires <= sinfo->expires_max), | 110 | expires <= sinfo->expires_max), |
111 | XT_CONNTRACK_EXPIRES)) | 111 | XT_CONNTRACK_EXPIRES)) |
112 | return 0; | 112 | return false; |
113 | } | 113 | } |
114 | return 1; | 114 | return true; |
115 | } | 115 | } |
116 | 116 | ||
117 | static int | 117 | static int |
diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c index 3172e7308b35..b0eba4e2c53f 100644 --- a/net/netfilter/xt_dccp.c +++ b/net/netfilter/xt_dccp.c | |||
@@ -31,7 +31,7 @@ MODULE_ALIAS("ipt_dccp"); | |||
31 | static unsigned char *dccp_optbuf; | 31 | static unsigned char *dccp_optbuf; |
32 | static DEFINE_SPINLOCK(dccp_buflock); | 32 | static DEFINE_SPINLOCK(dccp_buflock); |
33 | 33 | ||
34 | static inline int | 34 | static inline bool |
35 | dccp_find_option(u_int8_t option, | 35 | dccp_find_option(u_int8_t option, |
36 | const struct sk_buff *skb, | 36 | const struct sk_buff *skb, |
37 | unsigned int protoff, | 37 | unsigned int protoff, |
@@ -46,11 +46,11 @@ dccp_find_option(u_int8_t option, | |||
46 | 46 | ||
47 | if (dh->dccph_doff * 4 < __dccp_hdr_len(dh)) { | 47 | if (dh->dccph_doff * 4 < __dccp_hdr_len(dh)) { |
48 | *hotdrop = true; | 48 | *hotdrop = true; |
49 | return 0; | 49 | return false; |
50 | } | 50 | } |
51 | 51 | ||
52 | if (!optlen) | 52 | if (!optlen) |
53 | return 0; | 53 | return false; |
54 | 54 | ||
55 | spin_lock_bh(&dccp_buflock); | 55 | spin_lock_bh(&dccp_buflock); |
56 | op = skb_header_pointer(skb, protoff + optoff, optlen, dccp_optbuf); | 56 | op = skb_header_pointer(skb, protoff + optoff, optlen, dccp_optbuf); |
@@ -58,13 +58,13 @@ dccp_find_option(u_int8_t option, | |||
58 | /* If we don't have the whole header, drop packet. */ | 58 | /* If we don't have the whole header, drop packet. */ |
59 | spin_unlock_bh(&dccp_buflock); | 59 | spin_unlock_bh(&dccp_buflock); |
60 | *hotdrop = true; | 60 | *hotdrop = true; |
61 | return 0; | 61 | return false; |
62 | } | 62 | } |
63 | 63 | ||
64 | for (i = 0; i < optlen; ) { | 64 | for (i = 0; i < optlen; ) { |
65 | if (op[i] == option) { | 65 | if (op[i] == option) { |
66 | spin_unlock_bh(&dccp_buflock); | 66 | spin_unlock_bh(&dccp_buflock); |
67 | return 1; | 67 | return true; |
68 | } | 68 | } |
69 | 69 | ||
70 | if (op[i] < 2) | 70 | if (op[i] < 2) |
@@ -74,24 +74,24 @@ dccp_find_option(u_int8_t option, | |||
74 | } | 74 | } |
75 | 75 | ||
76 | spin_unlock_bh(&dccp_buflock); | 76 | spin_unlock_bh(&dccp_buflock); |
77 | return 0; | 77 | return false; |
78 | } | 78 | } |
79 | 79 | ||
80 | 80 | ||
81 | static inline int | 81 | static inline bool |
82 | match_types(const struct dccp_hdr *dh, u_int16_t typemask) | 82 | match_types(const struct dccp_hdr *dh, u_int16_t typemask) |
83 | { | 83 | { |
84 | return (typemask & (1 << dh->dccph_type)); | 84 | return (typemask & (1 << dh->dccph_type)); |
85 | } | 85 | } |
86 | 86 | ||
87 | static inline int | 87 | static inline bool |
88 | match_option(u_int8_t option, const struct sk_buff *skb, unsigned int protoff, | 88 | match_option(u_int8_t option, const struct sk_buff *skb, unsigned int protoff, |
89 | const struct dccp_hdr *dh, bool *hotdrop) | 89 | const struct dccp_hdr *dh, bool *hotdrop) |
90 | { | 90 | { |
91 | return dccp_find_option(option, skb, protoff, dh, hotdrop); | 91 | return dccp_find_option(option, skb, protoff, dh, hotdrop); |
92 | } | 92 | } |
93 | 93 | ||
94 | static int | 94 | static bool |
95 | match(const struct sk_buff *skb, | 95 | match(const struct sk_buff *skb, |
96 | const struct net_device *in, | 96 | const struct net_device *in, |
97 | const struct net_device *out, | 97 | const struct net_device *out, |
@@ -105,12 +105,12 @@ match(const struct sk_buff *skb, | |||
105 | struct dccp_hdr _dh, *dh; | 105 | struct dccp_hdr _dh, *dh; |
106 | 106 | ||
107 | if (offset) | 107 | if (offset) |
108 | return 0; | 108 | return false; |
109 | 109 | ||
110 | dh = skb_header_pointer(skb, protoff, sizeof(_dh), &_dh); | 110 | dh = skb_header_pointer(skb, protoff, sizeof(_dh), &_dh); |
111 | if (dh == NULL) { | 111 | if (dh == NULL) { |
112 | *hotdrop = true; | 112 | *hotdrop = true; |
113 | return 0; | 113 | return false; |
114 | } | 114 | } |
115 | 115 | ||
116 | return DCCHECK(((ntohs(dh->dccph_sport) >= info->spts[0]) | 116 | return DCCHECK(((ntohs(dh->dccph_sport) >= info->spts[0]) |
diff --git a/net/netfilter/xt_dscp.c b/net/netfilter/xt_dscp.c index c106d738da6d..c9c6518907a2 100644 --- a/net/netfilter/xt_dscp.c +++ b/net/netfilter/xt_dscp.c | |||
@@ -22,22 +22,7 @@ MODULE_LICENSE("GPL"); | |||
22 | MODULE_ALIAS("ipt_dscp"); | 22 | MODULE_ALIAS("ipt_dscp"); |
23 | MODULE_ALIAS("ip6t_dscp"); | 23 | MODULE_ALIAS("ip6t_dscp"); |
24 | 24 | ||
25 | static int match(const struct sk_buff *skb, | 25 | static bool match(const struct sk_buff *skb, |
26 | const struct net_device *in, | ||
27 | const struct net_device *out, | ||
28 | const struct xt_match *match, | ||
29 | const void *matchinfo, | ||
30 | int offset, | ||
31 | unsigned int protoff, | ||
32 | bool *hotdrop) | ||
33 | { | ||
34 | const struct xt_dscp_info *info = matchinfo; | ||
35 | u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; | ||
36 | |||
37 | return (dscp == info->dscp) ^ !!info->invert; | ||
38 | } | ||
39 | |||
40 | static int match6(const struct sk_buff *skb, | ||
41 | const struct net_device *in, | 26 | const struct net_device *in, |
42 | const struct net_device *out, | 27 | const struct net_device *out, |
43 | const struct xt_match *match, | 28 | const struct xt_match *match, |
@@ -47,6 +32,21 @@ static int match6(const struct sk_buff *skb, | |||
47 | bool *hotdrop) | 32 | bool *hotdrop) |
48 | { | 33 | { |
49 | const struct xt_dscp_info *info = matchinfo; | 34 | const struct xt_dscp_info *info = matchinfo; |
35 | u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; | ||
36 | |||
37 | return (dscp == info->dscp) ^ !!info->invert; | ||
38 | } | ||
39 | |||
40 | static bool match6(const struct sk_buff *skb, | ||
41 | const struct net_device *in, | ||
42 | const struct net_device *out, | ||
43 | const struct xt_match *match, | ||
44 | const void *matchinfo, | ||
45 | int offset, | ||
46 | unsigned int protoff, | ||
47 | bool *hotdrop) | ||
48 | { | ||
49 | const struct xt_dscp_info *info = matchinfo; | ||
50 | u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; | 50 | u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; |
51 | 51 | ||
52 | return (dscp == info->dscp) ^ !!info->invert; | 52 | return (dscp == info->dscp) ^ !!info->invert; |
diff --git a/net/netfilter/xt_esp.c b/net/netfilter/xt_esp.c index 5d3421bcd850..1a945cb7c359 100644 --- a/net/netfilter/xt_esp.c +++ b/net/netfilter/xt_esp.c | |||
@@ -31,10 +31,10 @@ MODULE_ALIAS("ip6t_esp"); | |||
31 | #endif | 31 | #endif |
32 | 32 | ||
33 | /* Returns 1 if the spi is matched by the range, 0 otherwise */ | 33 | /* Returns 1 if the spi is matched by the range, 0 otherwise */ |
34 | static inline int | 34 | static inline bool |
35 | spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) | 35 | spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert) |
36 | { | 36 | { |
37 | int r = 0; | 37 | bool r; |
38 | duprintf("esp spi_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ', | 38 | duprintf("esp spi_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ', |
39 | min, spi, max); | 39 | min, spi, max); |
40 | r = (spi >= min && spi <= max) ^ invert; | 40 | r = (spi >= min && spi <= max) ^ invert; |
@@ -42,7 +42,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) | |||
42 | return r; | 42 | return r; |
43 | } | 43 | } |
44 | 44 | ||
45 | static int | 45 | static bool |
46 | match(const struct sk_buff *skb, | 46 | match(const struct sk_buff *skb, |
47 | const struct net_device *in, | 47 | const struct net_device *in, |
48 | const struct net_device *out, | 48 | const struct net_device *out, |
@@ -57,7 +57,7 @@ match(const struct sk_buff *skb, | |||
57 | 57 | ||
58 | /* Must not be a fragment. */ | 58 | /* Must not be a fragment. */ |
59 | if (offset) | 59 | if (offset) |
60 | return 0; | 60 | return false; |
61 | 61 | ||
62 | eh = skb_header_pointer(skb, protoff, sizeof(_esp), &_esp); | 62 | eh = skb_header_pointer(skb, protoff, sizeof(_esp), &_esp); |
63 | if (eh == NULL) { | 63 | if (eh == NULL) { |
@@ -66,7 +66,7 @@ match(const struct sk_buff *skb, | |||
66 | */ | 66 | */ |
67 | duprintf("Dropping evil ESP tinygram.\n"); | 67 | duprintf("Dropping evil ESP tinygram.\n"); |
68 | *hotdrop = true; | 68 | *hotdrop = true; |
69 | return 0; | 69 | return false; |
70 | } | 70 | } |
71 | 71 | ||
72 | return spi_match(espinfo->spis[0], espinfo->spis[1], ntohl(eh->spi), | 72 | return spi_match(espinfo->spis[0], espinfo->spis[1], ntohl(eh->spi), |
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index cd5cba6978c3..21597b755cea 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c | |||
@@ -94,7 +94,8 @@ static DEFINE_MUTEX(hlimit_mutex); /* additional checkentry protection */ | |||
94 | static HLIST_HEAD(hashlimit_htables); | 94 | static HLIST_HEAD(hashlimit_htables); |
95 | static struct kmem_cache *hashlimit_cachep __read_mostly; | 95 | static struct kmem_cache *hashlimit_cachep __read_mostly; |
96 | 96 | ||
97 | static inline int dst_cmp(const struct dsthash_ent *ent, struct dsthash_dst *b) | 97 | static inline bool dst_cmp(const struct dsthash_ent *ent, |
98 | struct dsthash_dst *b) | ||
98 | { | 99 | { |
99 | return !memcmp(&ent->dst, b, sizeof(ent->dst)); | 100 | return !memcmp(&ent->dst, b, sizeof(ent->dst)); |
100 | } | 101 | } |
@@ -227,18 +228,18 @@ static int htable_create(struct xt_hashlimit_info *minfo, int family) | |||
227 | return 0; | 228 | return 0; |
228 | } | 229 | } |
229 | 230 | ||
230 | static int select_all(struct xt_hashlimit_htable *ht, struct dsthash_ent *he) | 231 | static bool select_all(struct xt_hashlimit_htable *ht, struct dsthash_ent *he) |
231 | { | 232 | { |
232 | return 1; | 233 | return 1; |
233 | } | 234 | } |
234 | 235 | ||
235 | static int select_gc(struct xt_hashlimit_htable *ht, struct dsthash_ent *he) | 236 | static bool select_gc(struct xt_hashlimit_htable *ht, struct dsthash_ent *he) |
236 | { | 237 | { |
237 | return (jiffies >= he->expires); | 238 | return (jiffies >= he->expires); |
238 | } | 239 | } |
239 | 240 | ||
240 | static void htable_selective_cleanup(struct xt_hashlimit_htable *ht, | 241 | static void htable_selective_cleanup(struct xt_hashlimit_htable *ht, |
241 | int (*select)(struct xt_hashlimit_htable *ht, | 242 | bool (*select)(struct xt_hashlimit_htable *ht, |
242 | struct dsthash_ent *he)) | 243 | struct dsthash_ent *he)) |
243 | { | 244 | { |
244 | unsigned int i; | 245 | unsigned int i; |
@@ -432,7 +433,7 @@ hashlimit_init_dst(struct xt_hashlimit_htable *hinfo, struct dsthash_dst *dst, | |||
432 | return 0; | 433 | return 0; |
433 | } | 434 | } |
434 | 435 | ||
435 | static int | 436 | static bool |
436 | hashlimit_match(const struct sk_buff *skb, | 437 | hashlimit_match(const struct sk_buff *skb, |
437 | const struct net_device *in, | 438 | const struct net_device *in, |
438 | const struct net_device *out, | 439 | const struct net_device *out, |
@@ -478,17 +479,17 @@ hashlimit_match(const struct sk_buff *skb, | |||
478 | /* We're underlimit. */ | 479 | /* We're underlimit. */ |
479 | dh->rateinfo.credit -= dh->rateinfo.cost; | 480 | dh->rateinfo.credit -= dh->rateinfo.cost; |
480 | spin_unlock_bh(&hinfo->lock); | 481 | spin_unlock_bh(&hinfo->lock); |
481 | return 1; | 482 | return true; |
482 | } | 483 | } |
483 | 484 | ||
484 | spin_unlock_bh(&hinfo->lock); | 485 | spin_unlock_bh(&hinfo->lock); |
485 | 486 | ||
486 | /* default case: we're overlimit, thus don't match */ | 487 | /* default case: we're overlimit, thus don't match */ |
487 | return 0; | 488 | return false; |
488 | 489 | ||
489 | hotdrop: | 490 | hotdrop: |
490 | *hotdrop = true; | 491 | *hotdrop = true; |
491 | return 0; | 492 | return false; |
492 | } | 493 | } |
493 | 494 | ||
494 | static int | 495 | static int |
diff --git a/net/netfilter/xt_helper.c b/net/netfilter/xt_helper.c index 0aa090776e27..10c629b34abf 100644 --- a/net/netfilter/xt_helper.c +++ b/net/netfilter/xt_helper.c | |||
@@ -28,7 +28,7 @@ MODULE_ALIAS("ip6t_helper"); | |||
28 | #define DEBUGP(format, args...) | 28 | #define DEBUGP(format, args...) |
29 | #endif | 29 | #endif |
30 | 30 | ||
31 | static int | 31 | static bool |
32 | match(const struct sk_buff *skb, | 32 | match(const struct sk_buff *skb, |
33 | const struct net_device *in, | 33 | const struct net_device *in, |
34 | const struct net_device *out, | 34 | const struct net_device *out, |
@@ -42,7 +42,7 @@ match(const struct sk_buff *skb, | |||
42 | struct nf_conn *ct; | 42 | struct nf_conn *ct; |
43 | struct nf_conn_help *master_help; | 43 | struct nf_conn_help *master_help; |
44 | enum ip_conntrack_info ctinfo; | 44 | enum ip_conntrack_info ctinfo; |
45 | int ret = info->invert; | 45 | bool ret = info->invert; |
46 | 46 | ||
47 | ct = nf_ct_get((struct sk_buff *)skb, &ctinfo); | 47 | ct = nf_ct_get((struct sk_buff *)skb, &ctinfo); |
48 | if (!ct) { | 48 | if (!ct) { |
@@ -67,7 +67,7 @@ match(const struct sk_buff *skb, | |||
67 | ct->master->helper->name, info->name); | 67 | ct->master->helper->name, info->name); |
68 | 68 | ||
69 | if (info->name[0] == '\0') | 69 | if (info->name[0] == '\0') |
70 | ret ^= 1; | 70 | ret = !ret; |
71 | else | 71 | else |
72 | ret ^= !strncmp(master_help->helper->name, info->name, | 72 | ret ^= !strncmp(master_help->helper->name, info->name, |
73 | strlen(master_help->helper->name)); | 73 | strlen(master_help->helper->name)); |
diff --git a/net/netfilter/xt_length.c b/net/netfilter/xt_length.c index 621c9ee6d1c9..57bcfacde594 100644 --- a/net/netfilter/xt_length.c +++ b/net/netfilter/xt_length.c | |||
@@ -20,7 +20,7 @@ MODULE_LICENSE("GPL"); | |||
20 | MODULE_ALIAS("ipt_length"); | 20 | MODULE_ALIAS("ipt_length"); |
21 | MODULE_ALIAS("ip6t_length"); | 21 | MODULE_ALIAS("ip6t_length"); |
22 | 22 | ||
23 | static int | 23 | static bool |
24 | match(const struct sk_buff *skb, | 24 | match(const struct sk_buff *skb, |
25 | const struct net_device *in, | 25 | const struct net_device *in, |
26 | const struct net_device *out, | 26 | const struct net_device *out, |
@@ -36,7 +36,7 @@ match(const struct sk_buff *skb, | |||
36 | return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; | 36 | return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; |
37 | } | 37 | } |
38 | 38 | ||
39 | static int | 39 | static bool |
40 | match6(const struct sk_buff *skb, | 40 | match6(const struct sk_buff *skb, |
41 | const struct net_device *in, | 41 | const struct net_device *in, |
42 | const struct net_device *out, | 42 | const struct net_device *out, |
diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c index 1133b4ca4904..0cfe241a0493 100644 --- a/net/netfilter/xt_limit.c +++ b/net/netfilter/xt_limit.c | |||
@@ -57,7 +57,7 @@ static DEFINE_SPINLOCK(limit_lock); | |||
57 | 57 | ||
58 | #define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ) | 58 | #define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ) |
59 | 59 | ||
60 | static int | 60 | static bool |
61 | ipt_limit_match(const struct sk_buff *skb, | 61 | ipt_limit_match(const struct sk_buff *skb, |
62 | const struct net_device *in, | 62 | const struct net_device *in, |
63 | const struct net_device *out, | 63 | const struct net_device *out, |
@@ -79,11 +79,11 @@ ipt_limit_match(const struct sk_buff *skb, | |||
79 | /* We're not limited. */ | 79 | /* We're not limited. */ |
80 | r->credit -= r->cost; | 80 | r->credit -= r->cost; |
81 | spin_unlock_bh(&limit_lock); | 81 | spin_unlock_bh(&limit_lock); |
82 | return 1; | 82 | return true; |
83 | } | 83 | } |
84 | 84 | ||
85 | spin_unlock_bh(&limit_lock); | 85 | spin_unlock_bh(&limit_lock); |
86 | return 0; | 86 | return false; |
87 | } | 87 | } |
88 | 88 | ||
89 | /* Precision saver. */ | 89 | /* Precision saver. */ |
diff --git a/net/netfilter/xt_mac.c b/net/netfilter/xt_mac.c index 0e6a28647206..86022027dd63 100644 --- a/net/netfilter/xt_mac.c +++ b/net/netfilter/xt_mac.c | |||
@@ -24,7 +24,7 @@ MODULE_DESCRIPTION("iptables mac matching module"); | |||
24 | MODULE_ALIAS("ipt_mac"); | 24 | MODULE_ALIAS("ipt_mac"); |
25 | MODULE_ALIAS("ip6t_mac"); | 25 | MODULE_ALIAS("ip6t_mac"); |
26 | 26 | ||
27 | static int | 27 | static bool |
28 | match(const struct sk_buff *skb, | 28 | match(const struct sk_buff *skb, |
29 | const struct net_device *in, | 29 | const struct net_device *in, |
30 | const struct net_device *out, | 30 | const struct net_device *out, |
diff --git a/net/netfilter/xt_mark.c b/net/netfilter/xt_mark.c index 944d1ea56029..10c6799cd56a 100644 --- a/net/netfilter/xt_mark.c +++ b/net/netfilter/xt_mark.c | |||
@@ -19,7 +19,7 @@ MODULE_DESCRIPTION("iptables mark matching module"); | |||
19 | MODULE_ALIAS("ipt_mark"); | 19 | MODULE_ALIAS("ipt_mark"); |
20 | MODULE_ALIAS("ip6t_mark"); | 20 | MODULE_ALIAS("ip6t_mark"); |
21 | 21 | ||
22 | static int | 22 | static bool |
23 | match(const struct sk_buff *skb, | 23 | match(const struct sk_buff *skb, |
24 | const struct net_device *in, | 24 | const struct net_device *in, |
25 | const struct net_device *out, | 25 | const struct net_device *out, |
diff --git a/net/netfilter/xt_multiport.c b/net/netfilter/xt_multiport.c index 1dc53ded9887..55feb3d737d4 100644 --- a/net/netfilter/xt_multiport.c +++ b/net/netfilter/xt_multiport.c | |||
@@ -33,24 +33,24 @@ MODULE_ALIAS("ip6t_multiport"); | |||
33 | #endif | 33 | #endif |
34 | 34 | ||
35 | /* Returns 1 if the port is matched by the test, 0 otherwise. */ | 35 | /* Returns 1 if the port is matched by the test, 0 otherwise. */ |
36 | static inline int | 36 | static inline bool |
37 | ports_match(const u_int16_t *portlist, enum xt_multiport_flags flags, | 37 | ports_match(const u_int16_t *portlist, enum xt_multiport_flags flags, |
38 | u_int8_t count, u_int16_t src, u_int16_t dst) | 38 | u_int8_t count, u_int16_t src, u_int16_t dst) |
39 | { | 39 | { |
40 | unsigned int i; | 40 | unsigned int i; |
41 | for (i = 0; i < count; i++) { | 41 | for (i = 0; i < count; i++) { |
42 | if (flags != XT_MULTIPORT_DESTINATION && portlist[i] == src) | 42 | if (flags != XT_MULTIPORT_DESTINATION && portlist[i] == src) |
43 | return 1; | 43 | return true; |
44 | 44 | ||
45 | if (flags != XT_MULTIPORT_SOURCE && portlist[i] == dst) | 45 | if (flags != XT_MULTIPORT_SOURCE && portlist[i] == dst) |
46 | return 1; | 46 | return true; |
47 | } | 47 | } |
48 | 48 | ||
49 | return 0; | 49 | return false; |
50 | } | 50 | } |
51 | 51 | ||
52 | /* Returns 1 if the port is matched by the test, 0 otherwise. */ | 52 | /* Returns 1 if the port is matched by the test, 0 otherwise. */ |
53 | static inline int | 53 | static inline bool |
54 | ports_match_v1(const struct xt_multiport_v1 *minfo, | 54 | ports_match_v1(const struct xt_multiport_v1 *minfo, |
55 | u_int16_t src, u_int16_t dst) | 55 | u_int16_t src, u_int16_t dst) |
56 | { | 56 | { |
@@ -67,34 +67,34 @@ ports_match_v1(const struct xt_multiport_v1 *minfo, | |||
67 | 67 | ||
68 | if (minfo->flags == XT_MULTIPORT_SOURCE | 68 | if (minfo->flags == XT_MULTIPORT_SOURCE |
69 | && src >= s && src <= e) | 69 | && src >= s && src <= e) |
70 | return 1 ^ minfo->invert; | 70 | return true ^ minfo->invert; |
71 | if (minfo->flags == XT_MULTIPORT_DESTINATION | 71 | if (minfo->flags == XT_MULTIPORT_DESTINATION |
72 | && dst >= s && dst <= e) | 72 | && dst >= s && dst <= e) |
73 | return 1 ^ minfo->invert; | 73 | return true ^ minfo->invert; |
74 | if (minfo->flags == XT_MULTIPORT_EITHER | 74 | if (minfo->flags == XT_MULTIPORT_EITHER |
75 | && ((dst >= s && dst <= e) | 75 | && ((dst >= s && dst <= e) |
76 | || (src >= s && src <= e))) | 76 | || (src >= s && src <= e))) |
77 | return 1 ^ minfo->invert; | 77 | return true ^ minfo->invert; |
78 | } else { | 78 | } else { |
79 | /* exact port matching */ | 79 | /* exact port matching */ |
80 | duprintf("src or dst matches with %d?\n", s); | 80 | duprintf("src or dst matches with %d?\n", s); |
81 | 81 | ||
82 | if (minfo->flags == XT_MULTIPORT_SOURCE | 82 | if (minfo->flags == XT_MULTIPORT_SOURCE |
83 | && src == s) | 83 | && src == s) |
84 | return 1 ^ minfo->invert; | 84 | return true ^ minfo->invert; |
85 | if (minfo->flags == XT_MULTIPORT_DESTINATION | 85 | if (minfo->flags == XT_MULTIPORT_DESTINATION |
86 | && dst == s) | 86 | && dst == s) |
87 | return 1 ^ minfo->invert; | 87 | return true ^ minfo->invert; |
88 | if (minfo->flags == XT_MULTIPORT_EITHER | 88 | if (minfo->flags == XT_MULTIPORT_EITHER |
89 | && (src == s || dst == s)) | 89 | && (src == s || dst == s)) |
90 | return 1 ^ minfo->invert; | 90 | return true ^ minfo->invert; |
91 | } | 91 | } |
92 | } | 92 | } |
93 | 93 | ||
94 | return minfo->invert; | 94 | return minfo->invert; |
95 | } | 95 | } |
96 | 96 | ||
97 | static int | 97 | static bool |
98 | match(const struct sk_buff *skb, | 98 | match(const struct sk_buff *skb, |
99 | const struct net_device *in, | 99 | const struct net_device *in, |
100 | const struct net_device *out, | 100 | const struct net_device *out, |
@@ -108,7 +108,7 @@ match(const struct sk_buff *skb, | |||
108 | const struct xt_multiport *multiinfo = matchinfo; | 108 | const struct xt_multiport *multiinfo = matchinfo; |
109 | 109 | ||
110 | if (offset) | 110 | if (offset) |
111 | return 0; | 111 | return false; |
112 | 112 | ||
113 | pptr = skb_header_pointer(skb, protoff, sizeof(_ports), _ports); | 113 | pptr = skb_header_pointer(skb, protoff, sizeof(_ports), _ports); |
114 | if (pptr == NULL) { | 114 | if (pptr == NULL) { |
@@ -117,7 +117,7 @@ match(const struct sk_buff *skb, | |||
117 | */ | 117 | */ |
118 | duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); | 118 | duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); |
119 | *hotdrop = true; | 119 | *hotdrop = true; |
120 | return 0; | 120 | return false; |
121 | } | 121 | } |
122 | 122 | ||
123 | return ports_match(multiinfo->ports, | 123 | return ports_match(multiinfo->ports, |
@@ -125,7 +125,7 @@ match(const struct sk_buff *skb, | |||
125 | ntohs(pptr[0]), ntohs(pptr[1])); | 125 | ntohs(pptr[0]), ntohs(pptr[1])); |
126 | } | 126 | } |
127 | 127 | ||
128 | static int | 128 | static bool |
129 | match_v1(const struct sk_buff *skb, | 129 | match_v1(const struct sk_buff *skb, |
130 | const struct net_device *in, | 130 | const struct net_device *in, |
131 | const struct net_device *out, | 131 | const struct net_device *out, |
@@ -139,7 +139,7 @@ match_v1(const struct sk_buff *skb, | |||
139 | const struct xt_multiport_v1 *multiinfo = matchinfo; | 139 | const struct xt_multiport_v1 *multiinfo = matchinfo; |
140 | 140 | ||
141 | if (offset) | 141 | if (offset) |
142 | return 0; | 142 | return false; |
143 | 143 | ||
144 | pptr = skb_header_pointer(skb, protoff, sizeof(_ports), _ports); | 144 | pptr = skb_header_pointer(skb, protoff, sizeof(_ports), _ports); |
145 | if (pptr == NULL) { | 145 | if (pptr == NULL) { |
@@ -148,7 +148,7 @@ match_v1(const struct sk_buff *skb, | |||
148 | */ | 148 | */ |
149 | duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); | 149 | duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); |
150 | *hotdrop = true; | 150 | *hotdrop = true; |
151 | return 0; | 151 | return false; |
152 | } | 152 | } |
153 | 153 | ||
154 | return ports_match_v1(multiinfo, ntohs(pptr[0]), ntohs(pptr[1])); | 154 | return ports_match_v1(multiinfo, ntohs(pptr[0]), ntohs(pptr[1])); |
diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c index a6de512fa840..70de6708e884 100644 --- a/net/netfilter/xt_physdev.c +++ b/net/netfilter/xt_physdev.c | |||
@@ -14,8 +14,6 @@ | |||
14 | #include <linux/netfilter/xt_physdev.h> | 14 | #include <linux/netfilter/xt_physdev.h> |
15 | #include <linux/netfilter/x_tables.h> | 15 | #include <linux/netfilter/x_tables.h> |
16 | #include <linux/netfilter_bridge.h> | 16 | #include <linux/netfilter_bridge.h> |
17 | #define MATCH 1 | ||
18 | #define NOMATCH 0 | ||
19 | 17 | ||
20 | MODULE_LICENSE("GPL"); | 18 | MODULE_LICENSE("GPL"); |
21 | MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>"); | 19 | MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>"); |
@@ -23,7 +21,7 @@ MODULE_DESCRIPTION("iptables bridge physical device match module"); | |||
23 | MODULE_ALIAS("ipt_physdev"); | 21 | MODULE_ALIAS("ipt_physdev"); |
24 | MODULE_ALIAS("ip6t_physdev"); | 22 | MODULE_ALIAS("ip6t_physdev"); |
25 | 23 | ||
26 | static int | 24 | static bool |
27 | match(const struct sk_buff *skb, | 25 | match(const struct sk_buff *skb, |
28 | const struct net_device *in, | 26 | const struct net_device *in, |
29 | const struct net_device *out, | 27 | const struct net_device *out, |
@@ -36,7 +34,7 @@ match(const struct sk_buff *skb, | |||
36 | int i; | 34 | int i; |
37 | static const char nulldevname[IFNAMSIZ]; | 35 | static const char nulldevname[IFNAMSIZ]; |
38 | const struct xt_physdev_info *info = matchinfo; | 36 | const struct xt_physdev_info *info = matchinfo; |
39 | unsigned int ret; | 37 | bool ret; |
40 | const char *indev, *outdev; | 38 | const char *indev, *outdev; |
41 | struct nf_bridge_info *nf_bridge; | 39 | struct nf_bridge_info *nf_bridge; |
42 | 40 | ||
@@ -47,58 +45,58 @@ match(const struct sk_buff *skb, | |||
47 | /* Return MATCH if the invert flags of the used options are on */ | 45 | /* Return MATCH if the invert flags of the used options are on */ |
48 | if ((info->bitmask & XT_PHYSDEV_OP_BRIDGED) && | 46 | if ((info->bitmask & XT_PHYSDEV_OP_BRIDGED) && |
49 | !(info->invert & XT_PHYSDEV_OP_BRIDGED)) | 47 | !(info->invert & XT_PHYSDEV_OP_BRIDGED)) |
50 | return NOMATCH; | 48 | return false; |
51 | if ((info->bitmask & XT_PHYSDEV_OP_ISIN) && | 49 | if ((info->bitmask & XT_PHYSDEV_OP_ISIN) && |
52 | !(info->invert & XT_PHYSDEV_OP_ISIN)) | 50 | !(info->invert & XT_PHYSDEV_OP_ISIN)) |
53 | return NOMATCH; | 51 | return false; |
54 | if ((info->bitmask & XT_PHYSDEV_OP_ISOUT) && | 52 | if ((info->bitmask & XT_PHYSDEV_OP_ISOUT) && |
55 | !(info->invert & XT_PHYSDEV_OP_ISOUT)) | 53 | !(info->invert & XT_PHYSDEV_OP_ISOUT)) |
56 | return NOMATCH; | 54 | return false; |
57 | if ((info->bitmask & XT_PHYSDEV_OP_IN) && | 55 | if ((info->bitmask & XT_PHYSDEV_OP_IN) && |
58 | !(info->invert & XT_PHYSDEV_OP_IN)) | 56 | !(info->invert & XT_PHYSDEV_OP_IN)) |
59 | return NOMATCH; | 57 | return false; |
60 | if ((info->bitmask & XT_PHYSDEV_OP_OUT) && | 58 | if ((info->bitmask & XT_PHYSDEV_OP_OUT) && |
61 | !(info->invert & XT_PHYSDEV_OP_OUT)) | 59 | !(info->invert & XT_PHYSDEV_OP_OUT)) |
62 | return NOMATCH; | 60 | return false; |
63 | return MATCH; | 61 | return true; |
64 | } | 62 | } |
65 | 63 | ||
66 | /* This only makes sense in the FORWARD and POSTROUTING chains */ | 64 | /* This only makes sense in the FORWARD and POSTROUTING chains */ |
67 | if ((info->bitmask & XT_PHYSDEV_OP_BRIDGED) && | 65 | if ((info->bitmask & XT_PHYSDEV_OP_BRIDGED) && |
68 | (!!(nf_bridge->mask & BRNF_BRIDGED) ^ | 66 | (!!(nf_bridge->mask & BRNF_BRIDGED) ^ |
69 | !(info->invert & XT_PHYSDEV_OP_BRIDGED))) | 67 | !(info->invert & XT_PHYSDEV_OP_BRIDGED))) |
70 | return NOMATCH; | 68 | return false; |
71 | 69 | ||
72 | if ((info->bitmask & XT_PHYSDEV_OP_ISIN && | 70 | if ((info->bitmask & XT_PHYSDEV_OP_ISIN && |
73 | (!nf_bridge->physindev ^ !!(info->invert & XT_PHYSDEV_OP_ISIN))) || | 71 | (!nf_bridge->physindev ^ !!(info->invert & XT_PHYSDEV_OP_ISIN))) || |
74 | (info->bitmask & XT_PHYSDEV_OP_ISOUT && | 72 | (info->bitmask & XT_PHYSDEV_OP_ISOUT && |
75 | (!nf_bridge->physoutdev ^ !!(info->invert & XT_PHYSDEV_OP_ISOUT)))) | 73 | (!nf_bridge->physoutdev ^ !!(info->invert & XT_PHYSDEV_OP_ISOUT)))) |
76 | return NOMATCH; | 74 | return false; |
77 | 75 | ||
78 | if (!(info->bitmask & XT_PHYSDEV_OP_IN)) | 76 | if (!(info->bitmask & XT_PHYSDEV_OP_IN)) |
79 | goto match_outdev; | 77 | goto match_outdev; |
80 | indev = nf_bridge->physindev ? nf_bridge->physindev->name : nulldevname; | 78 | indev = nf_bridge->physindev ? nf_bridge->physindev->name : nulldevname; |
81 | for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned int); i++) { | 79 | for (i = 0, ret = false; i < IFNAMSIZ/sizeof(unsigned int); i++) { |
82 | ret |= (((const unsigned int *)indev)[i] | 80 | ret |= (((const unsigned int *)indev)[i] |
83 | ^ ((const unsigned int *)info->physindev)[i]) | 81 | ^ ((const unsigned int *)info->physindev)[i]) |
84 | & ((const unsigned int *)info->in_mask)[i]; | 82 | & ((const unsigned int *)info->in_mask)[i]; |
85 | } | 83 | } |
86 | 84 | ||
87 | if ((ret == 0) ^ !(info->invert & XT_PHYSDEV_OP_IN)) | 85 | if (!ret ^ !(info->invert & XT_PHYSDEV_OP_IN)) |
88 | return NOMATCH; | 86 | return false; |
89 | 87 | ||
90 | match_outdev: | 88 | match_outdev: |
91 | if (!(info->bitmask & XT_PHYSDEV_OP_OUT)) | 89 | if (!(info->bitmask & XT_PHYSDEV_OP_OUT)) |
92 | return MATCH; | 90 | return true; |
93 | outdev = nf_bridge->physoutdev ? | 91 | outdev = nf_bridge->physoutdev ? |
94 | nf_bridge->physoutdev->name : nulldevname; | 92 | nf_bridge->physoutdev->name : nulldevname; |
95 | for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned int); i++) { | 93 | for (i = 0, ret = false; i < IFNAMSIZ/sizeof(unsigned int); i++) { |
96 | ret |= (((const unsigned int *)outdev)[i] | 94 | ret |= (((const unsigned int *)outdev)[i] |
97 | ^ ((const unsigned int *)info->physoutdev)[i]) | 95 | ^ ((const unsigned int *)info->physoutdev)[i]) |
98 | & ((const unsigned int *)info->out_mask)[i]; | 96 | & ((const unsigned int *)info->out_mask)[i]; |
99 | } | 97 | } |
100 | 98 | ||
101 | return (ret != 0) ^ !(info->invert & XT_PHYSDEV_OP_OUT); | 99 | return ret ^ !(info->invert & XT_PHYSDEV_OP_OUT); |
102 | } | 100 | } |
103 | 101 | ||
104 | static int | 102 | static int |
diff --git a/net/netfilter/xt_pkttype.c b/net/netfilter/xt_pkttype.c index 692581f40c5f..63239727bc22 100644 --- a/net/netfilter/xt_pkttype.c +++ b/net/netfilter/xt_pkttype.c | |||
@@ -21,7 +21,7 @@ MODULE_DESCRIPTION("IP tables match to match on linklayer packet type"); | |||
21 | MODULE_ALIAS("ipt_pkttype"); | 21 | MODULE_ALIAS("ipt_pkttype"); |
22 | MODULE_ALIAS("ip6t_pkttype"); | 22 | MODULE_ALIAS("ip6t_pkttype"); |
23 | 23 | ||
24 | static int match(const struct sk_buff *skb, | 24 | static bool match(const struct sk_buff *skb, |
25 | const struct net_device *in, | 25 | const struct net_device *in, |
26 | const struct net_device *out, | 26 | const struct net_device *out, |
27 | const struct xt_match *match, | 27 | const struct xt_match *match, |
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c index 6878482cd527..0aa487b1f3b8 100644 --- a/net/netfilter/xt_policy.c +++ b/net/netfilter/xt_policy.c | |||
@@ -20,7 +20,7 @@ MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); | |||
20 | MODULE_DESCRIPTION("Xtables IPsec policy matching module"); | 20 | MODULE_DESCRIPTION("Xtables IPsec policy matching module"); |
21 | MODULE_LICENSE("GPL"); | 21 | MODULE_LICENSE("GPL"); |
22 | 22 | ||
23 | static inline int | 23 | static inline bool |
24 | xt_addr_cmp(const union xt_policy_addr *a1, const union xt_policy_addr *m, | 24 | xt_addr_cmp(const union xt_policy_addr *a1, const union xt_policy_addr *m, |
25 | const union xt_policy_addr *a2, unsigned short family) | 25 | const union xt_policy_addr *a2, unsigned short family) |
26 | { | 26 | { |
@@ -30,10 +30,10 @@ xt_addr_cmp(const union xt_policy_addr *a1, const union xt_policy_addr *m, | |||
30 | case AF_INET6: | 30 | case AF_INET6: |
31 | return !ipv6_masked_addr_cmp(&a1->a6, &m->a6, &a2->a6); | 31 | return !ipv6_masked_addr_cmp(&a1->a6, &m->a6, &a2->a6); |
32 | } | 32 | } |
33 | return 0; | 33 | return false; |
34 | } | 34 | } |
35 | 35 | ||
36 | static inline int | 36 | static inline bool |
37 | match_xfrm_state(struct xfrm_state *x, const struct xt_policy_elem *e, | 37 | match_xfrm_state(struct xfrm_state *x, const struct xt_policy_elem *e, |
38 | unsigned short family) | 38 | unsigned short family) |
39 | { | 39 | { |
@@ -108,14 +108,14 @@ match_policy_out(const struct sk_buff *skb, const struct xt_policy_info *info, | |||
108 | return strict ? i == info->len : 0; | 108 | return strict ? i == info->len : 0; |
109 | } | 109 | } |
110 | 110 | ||
111 | static int match(const struct sk_buff *skb, | 111 | static bool match(const struct sk_buff *skb, |
112 | const struct net_device *in, | 112 | const struct net_device *in, |
113 | const struct net_device *out, | 113 | const struct net_device *out, |
114 | const struct xt_match *match, | 114 | const struct xt_match *match, |
115 | const void *matchinfo, | 115 | const void *matchinfo, |
116 | int offset, | 116 | int offset, |
117 | unsigned int protoff, | 117 | unsigned int protoff, |
118 | bool *hotdrop) | 118 | bool *hotdrop) |
119 | { | 119 | { |
120 | const struct xt_policy_info *info = matchinfo; | 120 | const struct xt_policy_info *info = matchinfo; |
121 | int ret; | 121 | int ret; |
@@ -126,9 +126,9 @@ static int match(const struct sk_buff *skb, | |||
126 | ret = match_policy_out(skb, info, match->family); | 126 | ret = match_policy_out(skb, info, match->family); |
127 | 127 | ||
128 | if (ret < 0) | 128 | if (ret < 0) |
129 | ret = info->flags & XT_POLICY_MATCH_NONE ? 1 : 0; | 129 | ret = info->flags & XT_POLICY_MATCH_NONE ? true : false; |
130 | else if (info->flags & XT_POLICY_MATCH_NONE) | 130 | else if (info->flags & XT_POLICY_MATCH_NONE) |
131 | ret = 0; | 131 | ret = false; |
132 | 132 | ||
133 | return ret; | 133 | return ret; |
134 | } | 134 | } |
diff --git a/net/netfilter/xt_quota.c b/net/netfilter/xt_quota.c index 53c71ac980fc..6091347e38b3 100644 --- a/net/netfilter/xt_quota.c +++ b/net/netfilter/xt_quota.c | |||
@@ -16,19 +16,19 @@ MODULE_ALIAS("ip6t_quota"); | |||
16 | 16 | ||
17 | static DEFINE_SPINLOCK(quota_lock); | 17 | static DEFINE_SPINLOCK(quota_lock); |
18 | 18 | ||
19 | static int | 19 | static bool |
20 | match(const struct sk_buff *skb, | 20 | match(const struct sk_buff *skb, |
21 | const struct net_device *in, const struct net_device *out, | 21 | const struct net_device *in, const struct net_device *out, |
22 | const struct xt_match *match, const void *matchinfo, | 22 | const struct xt_match *match, const void *matchinfo, |
23 | int offset, unsigned int protoff, bool *hotdrop) | 23 | int offset, unsigned int protoff, bool *hotdrop) |
24 | { | 24 | { |
25 | struct xt_quota_info *q = ((struct xt_quota_info *)matchinfo)->master; | 25 | struct xt_quota_info *q = ((struct xt_quota_info *)matchinfo)->master; |
26 | int ret = q->flags & XT_QUOTA_INVERT ? 1 : 0; | 26 | bool ret = q->flags & XT_QUOTA_INVERT; |
27 | 27 | ||
28 | spin_lock_bh("a_lock); | 28 | spin_lock_bh("a_lock); |
29 | if (q->quota >= skb->len) { | 29 | if (q->quota >= skb->len) { |
30 | q->quota -= skb->len; | 30 | q->quota -= skb->len; |
31 | ret ^= 1; | 31 | ret = !ret; |
32 | } else { | 32 | } else { |
33 | /* we do not allow even small packets from now on */ | 33 | /* we do not allow even small packets from now on */ |
34 | q->quota = 0; | 34 | q->quota = 0; |
diff --git a/net/netfilter/xt_realm.c b/net/netfilter/xt_realm.c index 41451f57919c..ad82c132694c 100644 --- a/net/netfilter/xt_realm.c +++ b/net/netfilter/xt_realm.c | |||
@@ -21,7 +21,7 @@ MODULE_LICENSE("GPL"); | |||
21 | MODULE_DESCRIPTION("X_tables realm match"); | 21 | MODULE_DESCRIPTION("X_tables realm match"); |
22 | MODULE_ALIAS("ipt_realm"); | 22 | MODULE_ALIAS("ipt_realm"); |
23 | 23 | ||
24 | static int | 24 | static bool |
25 | match(const struct sk_buff *skb, | 25 | match(const struct sk_buff *skb, |
26 | const struct net_device *in, | 26 | const struct net_device *in, |
27 | const struct net_device *out, | 27 | const struct net_device *out, |
diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c index e581afe89098..a118a4c71563 100644 --- a/net/netfilter/xt_sctp.c +++ b/net/netfilter/xt_sctp.c | |||
@@ -23,7 +23,7 @@ MODULE_ALIAS("ipt_sctp"); | |||
23 | #define SCCHECK(cond, option, flag, invflag) (!((flag) & (option)) \ | 23 | #define SCCHECK(cond, option, flag, invflag) (!((flag) & (option)) \ |
24 | || (!!((invflag) & (option)) ^ (cond))) | 24 | || (!!((invflag) & (option)) ^ (cond))) |
25 | 25 | ||
26 | static int | 26 | static bool |
27 | match_flags(const struct xt_sctp_flag_info *flag_info, | 27 | match_flags(const struct xt_sctp_flag_info *flag_info, |
28 | const int flag_count, | 28 | const int flag_count, |
29 | u_int8_t chunktype, | 29 | u_int8_t chunktype, |
@@ -37,10 +37,10 @@ match_flags(const struct xt_sctp_flag_info *flag_info, | |||
37 | } | 37 | } |
38 | } | 38 | } |
39 | 39 | ||
40 | return 1; | 40 | return true; |
41 | } | 41 | } |
42 | 42 | ||
43 | static inline int | 43 | static inline bool |
44 | match_packet(const struct sk_buff *skb, | 44 | match_packet(const struct sk_buff *skb, |
45 | unsigned int offset, | 45 | unsigned int offset, |
46 | const u_int32_t *chunkmap, | 46 | const u_int32_t *chunkmap, |
@@ -65,7 +65,7 @@ match_packet(const struct sk_buff *skb, | |||
65 | if (sch == NULL || sch->length == 0) { | 65 | if (sch == NULL || sch->length == 0) { |
66 | duprintf("Dropping invalid SCTP packet.\n"); | 66 | duprintf("Dropping invalid SCTP packet.\n"); |
67 | *hotdrop = true; | 67 | *hotdrop = true; |
68 | return 0; | 68 | return false; |
69 | } | 69 | } |
70 | 70 | ||
71 | duprintf("Chunk num: %d\toffset: %d\ttype: %d\tlength: %d\tflags: %x\n", | 71 | duprintf("Chunk num: %d\toffset: %d\ttype: %d\tlength: %d\tflags: %x\n", |
@@ -80,7 +80,7 @@ match_packet(const struct sk_buff *skb, | |||
80 | case SCTP_CHUNK_MATCH_ANY: | 80 | case SCTP_CHUNK_MATCH_ANY: |
81 | if (match_flags(flag_info, flag_count, | 81 | if (match_flags(flag_info, flag_count, |
82 | sch->type, sch->flags)) { | 82 | sch->type, sch->flags)) { |
83 | return 1; | 83 | return true; |
84 | } | 84 | } |
85 | break; | 85 | break; |
86 | 86 | ||
@@ -94,14 +94,14 @@ match_packet(const struct sk_buff *skb, | |||
94 | case SCTP_CHUNK_MATCH_ONLY: | 94 | case SCTP_CHUNK_MATCH_ONLY: |
95 | if (!match_flags(flag_info, flag_count, | 95 | if (!match_flags(flag_info, flag_count, |
96 | sch->type, sch->flags)) { | 96 | sch->type, sch->flags)) { |
97 | return 0; | 97 | return false; |
98 | } | 98 | } |
99 | break; | 99 | break; |
100 | } | 100 | } |
101 | } else { | 101 | } else { |
102 | switch (chunk_match_type) { | 102 | switch (chunk_match_type) { |
103 | case SCTP_CHUNK_MATCH_ONLY: | 103 | case SCTP_CHUNK_MATCH_ONLY: |
104 | return 0; | 104 | return false; |
105 | } | 105 | } |
106 | } | 106 | } |
107 | } while (offset < skb->len); | 107 | } while (offset < skb->len); |
@@ -110,16 +110,16 @@ match_packet(const struct sk_buff *skb, | |||
110 | case SCTP_CHUNK_MATCH_ALL: | 110 | case SCTP_CHUNK_MATCH_ALL: |
111 | return SCTP_CHUNKMAP_IS_CLEAR(chunkmap); | 111 | return SCTP_CHUNKMAP_IS_CLEAR(chunkmap); |
112 | case SCTP_CHUNK_MATCH_ANY: | 112 | case SCTP_CHUNK_MATCH_ANY: |
113 | return 0; | 113 | return false; |
114 | case SCTP_CHUNK_MATCH_ONLY: | 114 | case SCTP_CHUNK_MATCH_ONLY: |
115 | return 1; | 115 | return true; |
116 | } | 116 | } |
117 | 117 | ||
118 | /* This will never be reached, but required to stop compiler whine */ | 118 | /* This will never be reached, but required to stop compiler whine */ |
119 | return 0; | 119 | return false; |
120 | } | 120 | } |
121 | 121 | ||
122 | static int | 122 | static bool |
123 | match(const struct sk_buff *skb, | 123 | match(const struct sk_buff *skb, |
124 | const struct net_device *in, | 124 | const struct net_device *in, |
125 | const struct net_device *out, | 125 | const struct net_device *out, |
@@ -134,14 +134,14 @@ match(const struct sk_buff *skb, | |||
134 | 134 | ||
135 | if (offset) { | 135 | if (offset) { |
136 | duprintf("Dropping non-first fragment.. FIXME\n"); | 136 | duprintf("Dropping non-first fragment.. FIXME\n"); |
137 | return 0; | 137 | return false; |
138 | } | 138 | } |
139 | 139 | ||
140 | sh = skb_header_pointer(skb, protoff, sizeof(_sh), &_sh); | 140 | sh = skb_header_pointer(skb, protoff, sizeof(_sh), &_sh); |
141 | if (sh == NULL) { | 141 | if (sh == NULL) { |
142 | duprintf("Dropping evil TCP offset=0 tinygram.\n"); | 142 | duprintf("Dropping evil TCP offset=0 tinygram.\n"); |
143 | *hotdrop = true; | 143 | *hotdrop = true; |
144 | return 0; | 144 | return false; |
145 | } | 145 | } |
146 | duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest)); | 146 | duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest)); |
147 | 147 | ||
diff --git a/net/netfilter/xt_state.c b/net/netfilter/xt_state.c index 74fe069fc3aa..f77f74ad5c97 100644 --- a/net/netfilter/xt_state.c +++ b/net/netfilter/xt_state.c | |||
@@ -20,7 +20,7 @@ MODULE_DESCRIPTION("ip[6]_tables connection tracking state match module"); | |||
20 | MODULE_ALIAS("ipt_state"); | 20 | MODULE_ALIAS("ipt_state"); |
21 | MODULE_ALIAS("ip6t_state"); | 21 | MODULE_ALIAS("ip6t_state"); |
22 | 22 | ||
23 | static int | 23 | static bool |
24 | match(const struct sk_buff *skb, | 24 | match(const struct sk_buff *skb, |
25 | const struct net_device *in, | 25 | const struct net_device *in, |
26 | const struct net_device *out, | 26 | const struct net_device *out, |
diff --git a/net/netfilter/xt_statistic.c b/net/netfilter/xt_statistic.c index 4e5ed81e9ce1..989924f9024e 100644 --- a/net/netfilter/xt_statistic.c +++ b/net/netfilter/xt_statistic.c | |||
@@ -24,26 +24,26 @@ MODULE_ALIAS("ip6t_statistic"); | |||
24 | 24 | ||
25 | static DEFINE_SPINLOCK(nth_lock); | 25 | static DEFINE_SPINLOCK(nth_lock); |
26 | 26 | ||
27 | static int | 27 | static bool |
28 | match(const struct sk_buff *skb, | 28 | match(const struct sk_buff *skb, |
29 | const struct net_device *in, const struct net_device *out, | 29 | const struct net_device *in, const struct net_device *out, |
30 | const struct xt_match *match, const void *matchinfo, | 30 | const struct xt_match *match, const void *matchinfo, |
31 | int offset, unsigned int protoff, bool *hotdrop) | 31 | int offset, unsigned int protoff, bool *hotdrop) |
32 | { | 32 | { |
33 | struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo; | 33 | struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo; |
34 | int ret = info->flags & XT_STATISTIC_INVERT ? 1 : 0; | 34 | bool ret = info->flags & XT_STATISTIC_INVERT; |
35 | 35 | ||
36 | switch (info->mode) { | 36 | switch (info->mode) { |
37 | case XT_STATISTIC_MODE_RANDOM: | 37 | case XT_STATISTIC_MODE_RANDOM: |
38 | if ((net_random() & 0x7FFFFFFF) < info->u.random.probability) | 38 | if ((net_random() & 0x7FFFFFFF) < info->u.random.probability) |
39 | ret ^= 1; | 39 | ret = !ret; |
40 | break; | 40 | break; |
41 | case XT_STATISTIC_MODE_NTH: | 41 | case XT_STATISTIC_MODE_NTH: |
42 | info = info->master; | 42 | info = info->master; |
43 | spin_lock_bh(&nth_lock); | 43 | spin_lock_bh(&nth_lock); |
44 | if (info->u.nth.count++ == info->u.nth.every) { | 44 | if (info->u.nth.count++ == info->u.nth.every) { |
45 | info->u.nth.count = 0; | 45 | info->u.nth.count = 0; |
46 | ret ^= 1; | 46 | ret = !ret; |
47 | } | 47 | } |
48 | spin_unlock_bh(&nth_lock); | 48 | spin_unlock_bh(&nth_lock); |
49 | break; | 49 | break; |
diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c index 7552d8927570..3aea43d37339 100644 --- a/net/netfilter/xt_string.c +++ b/net/netfilter/xt_string.c | |||
@@ -21,14 +21,14 @@ MODULE_LICENSE("GPL"); | |||
21 | MODULE_ALIAS("ipt_string"); | 21 | MODULE_ALIAS("ipt_string"); |
22 | MODULE_ALIAS("ip6t_string"); | 22 | MODULE_ALIAS("ip6t_string"); |
23 | 23 | ||
24 | static int match(const struct sk_buff *skb, | 24 | static bool match(const struct sk_buff *skb, |
25 | const struct net_device *in, | 25 | const struct net_device *in, |
26 | const struct net_device *out, | 26 | const struct net_device *out, |
27 | const struct xt_match *match, | 27 | const struct xt_match *match, |
28 | const void *matchinfo, | 28 | const void *matchinfo, |
29 | int offset, | 29 | int offset, |
30 | unsigned int protoff, | 30 | unsigned int protoff, |
31 | bool *hotdrop) | 31 | bool *hotdrop) |
32 | { | 32 | { |
33 | const struct xt_string_info *conf = matchinfo; | 33 | const struct xt_string_info *conf = matchinfo; |
34 | struct ts_state state; | 34 | struct ts_state state; |
diff --git a/net/netfilter/xt_tcpmss.c b/net/netfilter/xt_tcpmss.c index 0db4f5362180..e9bfd3dd3c81 100644 --- a/net/netfilter/xt_tcpmss.c +++ b/net/netfilter/xt_tcpmss.c | |||
@@ -23,7 +23,7 @@ MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); | |||
23 | MODULE_DESCRIPTION("iptables TCP MSS match module"); | 23 | MODULE_DESCRIPTION("iptables TCP MSS match module"); |
24 | MODULE_ALIAS("ipt_tcpmss"); | 24 | MODULE_ALIAS("ipt_tcpmss"); |
25 | 25 | ||
26 | static int | 26 | static bool |
27 | match(const struct sk_buff *skb, | 27 | match(const struct sk_buff *skb, |
28 | const struct net_device *in, | 28 | const struct net_device *in, |
29 | const struct net_device *out, | 29 | const struct net_device *out, |
@@ -78,7 +78,7 @@ out: | |||
78 | 78 | ||
79 | dropit: | 79 | dropit: |
80 | *hotdrop = true; | 80 | *hotdrop = true; |
81 | return 0; | 81 | return false; |
82 | } | 82 | } |
83 | 83 | ||
84 | static struct xt_match xt_tcpmss_match[] = { | 84 | static struct xt_match xt_tcpmss_match[] = { |
diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c index ca9ccdd931bc..9ecc4a5bd529 100644 --- a/net/netfilter/xt_tcpudp.c +++ b/net/netfilter/xt_tcpudp.c | |||
@@ -27,21 +27,18 @@ MODULE_ALIAS("ip6t_tcp"); | |||
27 | 27 | ||
28 | 28 | ||
29 | /* Returns 1 if the port is matched by the range, 0 otherwise */ | 29 | /* Returns 1 if the port is matched by the range, 0 otherwise */ |
30 | static inline int | 30 | static inline bool |
31 | port_match(u_int16_t min, u_int16_t max, u_int16_t port, int invert) | 31 | port_match(u_int16_t min, u_int16_t max, u_int16_t port, bool invert) |
32 | { | 32 | { |
33 | int ret; | 33 | return (port >= min && port <= max) ^ invert; |
34 | |||
35 | ret = (port >= min && port <= max) ^ invert; | ||
36 | return ret; | ||
37 | } | 34 | } |
38 | 35 | ||
39 | static int | 36 | static bool |
40 | tcp_find_option(u_int8_t option, | 37 | tcp_find_option(u_int8_t option, |
41 | const struct sk_buff *skb, | 38 | const struct sk_buff *skb, |
42 | unsigned int protoff, | 39 | unsigned int protoff, |
43 | unsigned int optlen, | 40 | unsigned int optlen, |
44 | int invert, | 41 | bool invert, |
45 | bool *hotdrop) | 42 | bool *hotdrop) |
46 | { | 43 | { |
47 | /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ | 44 | /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ |
@@ -58,7 +55,7 @@ tcp_find_option(u_int8_t option, | |||
58 | optlen, _opt); | 55 | optlen, _opt); |
59 | if (op == NULL) { | 56 | if (op == NULL) { |
60 | *hotdrop = true; | 57 | *hotdrop = true; |
61 | return 0; | 58 | return false; |
62 | } | 59 | } |
63 | 60 | ||
64 | for (i = 0; i < optlen; ) { | 61 | for (i = 0; i < optlen; ) { |
@@ -70,7 +67,7 @@ tcp_find_option(u_int8_t option, | |||
70 | return invert; | 67 | return invert; |
71 | } | 68 | } |
72 | 69 | ||
73 | static int | 70 | static bool |
74 | tcp_match(const struct sk_buff *skb, | 71 | tcp_match(const struct sk_buff *skb, |
75 | const struct net_device *in, | 72 | const struct net_device *in, |
76 | const struct net_device *out, | 73 | const struct net_device *out, |
@@ -95,7 +92,7 @@ tcp_match(const struct sk_buff *skb, | |||
95 | *hotdrop = true; | 92 | *hotdrop = true; |
96 | } | 93 | } |
97 | /* Must not be a fragment. */ | 94 | /* Must not be a fragment. */ |
98 | return 0; | 95 | return false; |
99 | } | 96 | } |
100 | 97 | ||
101 | #define FWINVTCP(bool,invflg) ((bool) ^ !!(tcpinfo->invflags & invflg)) | 98 | #define FWINVTCP(bool,invflg) ((bool) ^ !!(tcpinfo->invflags & invflg)) |
@@ -106,33 +103,33 @@ tcp_match(const struct sk_buff *skb, | |||
106 | can't. Hence, no choice but to drop. */ | 103 | can't. Hence, no choice but to drop. */ |
107 | duprintf("Dropping evil TCP offset=0 tinygram.\n"); | 104 | duprintf("Dropping evil TCP offset=0 tinygram.\n"); |
108 | *hotdrop = true; | 105 | *hotdrop = true; |
109 | return 0; | 106 | return false; |
110 | } | 107 | } |
111 | 108 | ||
112 | if (!port_match(tcpinfo->spts[0], tcpinfo->spts[1], | 109 | if (!port_match(tcpinfo->spts[0], tcpinfo->spts[1], |
113 | ntohs(th->source), | 110 | ntohs(th->source), |
114 | !!(tcpinfo->invflags & XT_TCP_INV_SRCPT))) | 111 | !!(tcpinfo->invflags & XT_TCP_INV_SRCPT))) |
115 | return 0; | 112 | return false; |
116 | if (!port_match(tcpinfo->dpts[0], tcpinfo->dpts[1], | 113 | if (!port_match(tcpinfo->dpts[0], tcpinfo->dpts[1], |
117 | ntohs(th->dest), | 114 | ntohs(th->dest), |
118 | !!(tcpinfo->invflags & XT_TCP_INV_DSTPT))) | 115 | !!(tcpinfo->invflags & XT_TCP_INV_DSTPT))) |
119 | return 0; | 116 | return false; |
120 | if (!FWINVTCP((((unsigned char *)th)[13] & tcpinfo->flg_mask) | 117 | if (!FWINVTCP((((unsigned char *)th)[13] & tcpinfo->flg_mask) |
121 | == tcpinfo->flg_cmp, | 118 | == tcpinfo->flg_cmp, |
122 | XT_TCP_INV_FLAGS)) | 119 | XT_TCP_INV_FLAGS)) |
123 | return 0; | 120 | return false; |
124 | if (tcpinfo->option) { | 121 | if (tcpinfo->option) { |
125 | if (th->doff * 4 < sizeof(_tcph)) { | 122 | if (th->doff * 4 < sizeof(_tcph)) { |
126 | *hotdrop = true; | 123 | *hotdrop = true; |
127 | return 0; | 124 | return false; |
128 | } | 125 | } |
129 | if (!tcp_find_option(tcpinfo->option, skb, protoff, | 126 | if (!tcp_find_option(tcpinfo->option, skb, protoff, |
130 | th->doff*4 - sizeof(_tcph), | 127 | th->doff*4 - sizeof(_tcph), |
131 | tcpinfo->invflags & XT_TCP_INV_OPTION, | 128 | tcpinfo->invflags & XT_TCP_INV_OPTION, |
132 | hotdrop)) | 129 | hotdrop)) |
133 | return 0; | 130 | return false; |
134 | } | 131 | } |
135 | return 1; | 132 | return true; |
136 | } | 133 | } |
137 | 134 | ||
138 | /* Called when user tries to insert an entry of this type. */ | 135 | /* Called when user tries to insert an entry of this type. */ |
@@ -149,7 +146,7 @@ tcp_checkentry(const char *tablename, | |||
149 | return !(tcpinfo->invflags & ~XT_TCP_INV_MASK); | 146 | return !(tcpinfo->invflags & ~XT_TCP_INV_MASK); |
150 | } | 147 | } |
151 | 148 | ||
152 | static int | 149 | static bool |
153 | udp_match(const struct sk_buff *skb, | 150 | udp_match(const struct sk_buff *skb, |
154 | const struct net_device *in, | 151 | const struct net_device *in, |
155 | const struct net_device *out, | 152 | const struct net_device *out, |
@@ -164,7 +161,7 @@ udp_match(const struct sk_buff *skb, | |||
164 | 161 | ||
165 | /* Must not be a fragment. */ | 162 | /* Must not be a fragment. */ |
166 | if (offset) | 163 | if (offset) |
167 | return 0; | 164 | return false; |
168 | 165 | ||
169 | uh = skb_header_pointer(skb, protoff, sizeof(_udph), &_udph); | 166 | uh = skb_header_pointer(skb, protoff, sizeof(_udph), &_udph); |
170 | if (uh == NULL) { | 167 | if (uh == NULL) { |
@@ -172,7 +169,7 @@ udp_match(const struct sk_buff *skb, | |||
172 | can't. Hence, no choice but to drop. */ | 169 | can't. Hence, no choice but to drop. */ |
173 | duprintf("Dropping evil UDP tinygram.\n"); | 170 | duprintf("Dropping evil UDP tinygram.\n"); |
174 | *hotdrop = true; | 171 | *hotdrop = true; |
175 | return 0; | 172 | return false; |
176 | } | 173 | } |
177 | 174 | ||
178 | return port_match(udpinfo->spts[0], udpinfo->spts[1], | 175 | return port_match(udpinfo->spts[0], udpinfo->spts[1], |