aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter_bridge/ebtables.h9
-rw-r--r--net/bridge/netfilter/ebt_802_3.c6
-rw-r--r--net/bridge/netfilter/ebt_among.c15
-rw-r--r--net/bridge/netfilter/ebt_arp.c8
-rw-r--r--net/bridge/netfilter/ebt_arpreply.c10
-rw-r--r--net/bridge/netfilter/ebt_dnat.c10
-rw-r--r--net/bridge/netfilter/ebt_ip.c16
-rw-r--r--net/bridge/netfilter/ebt_ip6.c16
-rw-r--r--net/bridge/netfilter/ebt_limit.c6
-rw-r--r--net/bridge/netfilter/ebt_log.c8
-rw-r--r--net/bridge/netfilter/ebt_mark.c10
-rw-r--r--net/bridge/netfilter/ebt_mark_m.c10
-rw-r--r--net/bridge/netfilter/ebt_nflog.c12
-rw-r--r--net/bridge/netfilter/ebt_pkttype.c6
-rw-r--r--net/bridge/netfilter/ebt_redirect.c10
-rw-r--r--net/bridge/netfilter/ebt_snat.c14
-rw-r--r--net/bridge/netfilter/ebt_stp.c8
-rw-r--r--net/bridge/netfilter/ebt_ulog.c21
-rw-r--r--net/bridge/netfilter/ebt_vlan.c16
-rw-r--r--net/bridge/netfilter/ebtables.c6
20 files changed, 109 insertions, 108 deletions
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index fd085af8962d..5f71719b7a27 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -211,8 +211,7 @@ struct ebt_match
211 int (*match)(const struct sk_buff *skb, const struct net_device *in, 211 int (*match)(const struct sk_buff *skb, const struct net_device *in,
212 const struct net_device *out, const void *matchdata, 212 const struct net_device *out, const void *matchdata,
213 unsigned int datalen); 213 unsigned int datalen);
214 /* 0 == let it in */ 214 bool (*check)(const char *tablename, unsigned int hookmask,
215 int (*check)(const char *tablename, unsigned int hookmask,
216 const struct ebt_entry *e, void *matchdata, unsigned int datalen); 215 const struct ebt_entry *e, void *matchdata, unsigned int datalen);
217 void (*destroy)(void *matchdata, unsigned int datalen); 216 void (*destroy)(void *matchdata, unsigned int datalen);
218 unsigned int matchsize; 217 unsigned int matchsize;
@@ -226,8 +225,7 @@ struct ebt_watcher
226 void (*watcher)(const struct sk_buff *skb, unsigned int hooknr, 225 void (*watcher)(const struct sk_buff *skb, unsigned int hooknr,
227 const struct net_device *in, const struct net_device *out, 226 const struct net_device *in, const struct net_device *out,
228 const void *watcherdata, unsigned int datalen); 227 const void *watcherdata, unsigned int datalen);
229 /* 0 == let it in */ 228 bool (*check)(const char *tablename, unsigned int hookmask,
230 int (*check)(const char *tablename, unsigned int hookmask,
231 const struct ebt_entry *e, void *watcherdata, unsigned int datalen); 229 const struct ebt_entry *e, void *watcherdata, unsigned int datalen);
232 void (*destroy)(void *watcherdata, unsigned int datalen); 230 void (*destroy)(void *watcherdata, unsigned int datalen);
233 unsigned int targetsize; 231 unsigned int targetsize;
@@ -242,8 +240,7 @@ struct ebt_target
242 int (*target)(struct sk_buff *skb, unsigned int hooknr, 240 int (*target)(struct sk_buff *skb, unsigned int hooknr,
243 const struct net_device *in, const struct net_device *out, 241 const struct net_device *in, const struct net_device *out,
244 const void *targetdata, unsigned int datalen); 242 const void *targetdata, unsigned int datalen);
245 /* 0 == let it in */ 243 bool (*check)(const char *tablename, unsigned int hookmask,
246 int (*check)(const char *tablename, unsigned int hookmask,
247 const struct ebt_entry *e, void *targetdata, unsigned int datalen); 244 const struct ebt_entry *e, void *targetdata, unsigned int datalen);
248 void (*destroy)(void *targetdata, unsigned int datalen); 245 void (*destroy)(void *targetdata, unsigned int datalen);
249 unsigned int targetsize; 246 unsigned int targetsize;
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c
index ccecfbd2a25d..868df9c1e42b 100644
--- a/net/bridge/netfilter/ebt_802_3.c
+++ b/net/bridge/netfilter/ebt_802_3.c
@@ -37,15 +37,15 @@ static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device *
37} 37}
38 38
39static struct ebt_match filter_802_3; 39static struct ebt_match filter_802_3;
40static int ebt_802_3_check(const char *tablename, unsigned int hookmask, 40static bool ebt_802_3_check(const char *tablename, unsigned int hookmask,
41 const struct ebt_entry *e, void *data, unsigned int datalen) 41 const struct ebt_entry *e, void *data, unsigned int datalen)
42{ 42{
43 const struct ebt_802_3_info *info = data; 43 const struct ebt_802_3_info *info = data;
44 44
45 if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK) 45 if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK)
46 return -EINVAL; 46 return false;
47 47
48 return 0; 48 return true;
49} 49}
50 50
51static struct ebt_match filter_802_3 __read_mostly = { 51static struct ebt_match filter_802_3 __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
index b0acb13a390c..95e2e70ac90a 100644
--- a/net/bridge/netfilter/ebt_among.c
+++ b/net/bridge/netfilter/ebt_among.c
@@ -177,9 +177,10 @@ static int ebt_filter_among(const struct sk_buff *skb,
177 return EBT_MATCH; 177 return EBT_MATCH;
178} 178}
179 179
180static int ebt_among_check(const char *tablename, unsigned int hookmask, 180static bool
181 const struct ebt_entry *e, void *data, 181ebt_among_check(const char *tablename, unsigned int hookmask,
182 unsigned int datalen) 182 const struct ebt_entry *e, void *data,
183 unsigned int datalen)
183{ 184{
184 const struct ebt_among_info *info = data; 185 const struct ebt_among_info *info = data;
185 int expected_length = sizeof(struct ebt_among_info); 186 int expected_length = sizeof(struct ebt_among_info);
@@ -197,19 +198,19 @@ static int ebt_among_check(const char *tablename, unsigned int hookmask,
197 "against expected %d, rounded to %Zd\n", 198 "against expected %d, rounded to %Zd\n",
198 datalen, expected_length, 199 datalen, expected_length,
199 EBT_ALIGN(expected_length)); 200 EBT_ALIGN(expected_length));
200 return -EINVAL; 201 return false;
201 } 202 }
202 if (wh_dst && (err = ebt_mac_wormhash_check_integrity(wh_dst))) { 203 if (wh_dst && (err = ebt_mac_wormhash_check_integrity(wh_dst))) {
203 printk(KERN_WARNING 204 printk(KERN_WARNING
204 "ebtables: among: dst integrity fail: %x\n", -err); 205 "ebtables: among: dst integrity fail: %x\n", -err);
205 return -EINVAL; 206 return false;
206 } 207 }
207 if (wh_src && (err = ebt_mac_wormhash_check_integrity(wh_src))) { 208 if (wh_src && (err = ebt_mac_wormhash_check_integrity(wh_src))) {
208 printk(KERN_WARNING 209 printk(KERN_WARNING
209 "ebtables: among: src integrity fail: %x\n", -err); 210 "ebtables: among: src integrity fail: %x\n", -err);
210 return -EINVAL; 211 return false;
211 } 212 }
212 return 0; 213 return true;
213} 214}
214 215
215static struct ebt_match filter_among __read_mostly = { 216static struct ebt_match filter_among __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c
index 385f9cb85bce..cb33672380d0 100644
--- a/net/bridge/netfilter/ebt_arp.c
+++ b/net/bridge/netfilter/ebt_arp.c
@@ -100,7 +100,7 @@ static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in
100 return EBT_MATCH; 100 return EBT_MATCH;
101} 101}
102 102
103static int ebt_arp_check(const char *tablename, unsigned int hookmask, 103static bool ebt_arp_check(const char *tablename, unsigned int hookmask,
104 const struct ebt_entry *e, void *data, unsigned int datalen) 104 const struct ebt_entry *e, void *data, unsigned int datalen)
105{ 105{
106 const struct ebt_arp_info *info = data; 106 const struct ebt_arp_info *info = data;
@@ -108,10 +108,10 @@ static int ebt_arp_check(const char *tablename, unsigned int hookmask,
108 if ((e->ethproto != htons(ETH_P_ARP) && 108 if ((e->ethproto != htons(ETH_P_ARP) &&
109 e->ethproto != htons(ETH_P_RARP)) || 109 e->ethproto != htons(ETH_P_RARP)) ||
110 e->invflags & EBT_IPROTO) 110 e->invflags & EBT_IPROTO)
111 return -EINVAL; 111 return false;
112 if (info->bitmask & ~EBT_ARP_MASK || info->invflags & ~EBT_ARP_MASK) 112 if (info->bitmask & ~EBT_ARP_MASK || info->invflags & ~EBT_ARP_MASK)
113 return -EINVAL; 113 return false;
114 return 0; 114 return true;
115} 115}
116 116
117static struct ebt_match filter_arp __read_mostly = { 117static struct ebt_match filter_arp __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c
index a860ea6da46a..c298d3deffa4 100644
--- a/net/bridge/netfilter/ebt_arpreply.c
+++ b/net/bridge/netfilter/ebt_arpreply.c
@@ -58,20 +58,20 @@ static int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr,
58 return info->target; 58 return info->target;
59} 59}
60 60
61static int ebt_target_reply_check(const char *tablename, unsigned int hookmask, 61static bool ebt_target_reply_check(const char *tablename, unsigned int hookmask,
62 const struct ebt_entry *e, void *data, unsigned int datalen) 62 const struct ebt_entry *e, void *data, unsigned int datalen)
63{ 63{
64 const struct ebt_arpreply_info *info = data; 64 const struct ebt_arpreply_info *info = data;
65 65
66 if (BASE_CHAIN && info->target == EBT_RETURN) 66 if (BASE_CHAIN && info->target == EBT_RETURN)
67 return -EINVAL; 67 return false;
68 if (e->ethproto != htons(ETH_P_ARP) || 68 if (e->ethproto != htons(ETH_P_ARP) ||
69 e->invflags & EBT_IPROTO) 69 e->invflags & EBT_IPROTO)
70 return -EINVAL; 70 return false;
71 CLEAR_BASE_CHAIN_BIT; 71 CLEAR_BASE_CHAIN_BIT;
72 if (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING)) 72 if (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING))
73 return -EINVAL; 73 return false;
74 return 0; 74 return true;
75} 75}
76 76
77static struct ebt_target reply_target __read_mostly = { 77static struct ebt_target reply_target __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c
index c2be41e8bb99..6ddea2184e95 100644
--- a/net/bridge/netfilter/ebt_dnat.c
+++ b/net/bridge/netfilter/ebt_dnat.c
@@ -27,21 +27,21 @@ static int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr,
27 return info->target; 27 return info->target;
28} 28}
29 29
30static int ebt_target_dnat_check(const char *tablename, unsigned int hookmask, 30static bool ebt_target_dnat_check(const char *tablename, unsigned int hookmask,
31 const struct ebt_entry *e, void *data, unsigned int datalen) 31 const struct ebt_entry *e, void *data, unsigned int datalen)
32{ 32{
33 const struct ebt_nat_info *info = data; 33 const struct ebt_nat_info *info = data;
34 34
35 if (BASE_CHAIN && info->target == EBT_RETURN) 35 if (BASE_CHAIN && info->target == EBT_RETURN)
36 return -EINVAL; 36 return false;
37 CLEAR_BASE_CHAIN_BIT; 37 CLEAR_BASE_CHAIN_BIT;
38 if ( (strcmp(tablename, "nat") || 38 if ( (strcmp(tablename, "nat") ||
39 (hookmask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT)))) && 39 (hookmask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT)))) &&
40 (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) ) 40 (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) )
41 return -EINVAL; 41 return false;
42 if (INVALID_TARGET) 42 if (INVALID_TARGET)
43 return -EINVAL; 43 return false;
44 return 0; 44 return true;
45} 45}
46 46
47static struct ebt_target dnat __read_mostly = { 47static struct ebt_target dnat __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c
index c1ae2547e3d0..cbf0918ec166 100644
--- a/net/bridge/netfilter/ebt_ip.c
+++ b/net/bridge/netfilter/ebt_ip.c
@@ -78,31 +78,31 @@ static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in,
78 return EBT_MATCH; 78 return EBT_MATCH;
79} 79}
80 80
81static int ebt_ip_check(const char *tablename, unsigned int hookmask, 81static bool ebt_ip_check(const char *tablename, unsigned int hookmask,
82 const struct ebt_entry *e, void *data, unsigned int datalen) 82 const struct ebt_entry *e, void *data, unsigned int datalen)
83{ 83{
84 const struct ebt_ip_info *info = data; 84 const struct ebt_ip_info *info = data;
85 85
86 if (e->ethproto != htons(ETH_P_IP) || 86 if (e->ethproto != htons(ETH_P_IP) ||
87 e->invflags & EBT_IPROTO) 87 e->invflags & EBT_IPROTO)
88 return -EINVAL; 88 return false;
89 if (info->bitmask & ~EBT_IP_MASK || info->invflags & ~EBT_IP_MASK) 89 if (info->bitmask & ~EBT_IP_MASK || info->invflags & ~EBT_IP_MASK)
90 return -EINVAL; 90 return false;
91 if (info->bitmask & (EBT_IP_DPORT | EBT_IP_SPORT)) { 91 if (info->bitmask & (EBT_IP_DPORT | EBT_IP_SPORT)) {
92 if (info->invflags & EBT_IP_PROTO) 92 if (info->invflags & EBT_IP_PROTO)
93 return -EINVAL; 93 return false;
94 if (info->protocol != IPPROTO_TCP && 94 if (info->protocol != IPPROTO_TCP &&
95 info->protocol != IPPROTO_UDP && 95 info->protocol != IPPROTO_UDP &&
96 info->protocol != IPPROTO_UDPLITE && 96 info->protocol != IPPROTO_UDPLITE &&
97 info->protocol != IPPROTO_SCTP && 97 info->protocol != IPPROTO_SCTP &&
98 info->protocol != IPPROTO_DCCP) 98 info->protocol != IPPROTO_DCCP)
99 return -EINVAL; 99 return false;
100 } 100 }
101 if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1]) 101 if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1])
102 return -EINVAL; 102 return false;
103 if (info->bitmask & EBT_IP_SPORT && info->sport[0] > info->sport[1]) 103 if (info->bitmask & EBT_IP_SPORT && info->sport[0] > info->sport[1])
104 return -EINVAL; 104 return false;
105 return 0; 105 return true;
106} 106}
107 107
108static struct ebt_match filter_ip __read_mostly = { 108static struct ebt_match filter_ip __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
index 554dd68637c8..1230c9ee394a 100644
--- a/net/bridge/netfilter/ebt_ip6.c
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -92,30 +92,30 @@ static int ebt_filter_ip6(const struct sk_buff *skb,
92 return EBT_MATCH; 92 return EBT_MATCH;
93} 93}
94 94
95static int ebt_ip6_check(const char *tablename, unsigned int hookmask, 95static bool ebt_ip6_check(const char *tablename, unsigned int hookmask,
96 const struct ebt_entry *e, void *data, unsigned int datalen) 96 const struct ebt_entry *e, void *data, unsigned int datalen)
97{ 97{
98 struct ebt_ip6_info *info = (struct ebt_ip6_info *)data; 98 struct ebt_ip6_info *info = (struct ebt_ip6_info *)data;
99 99
100 if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO) 100 if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO)
101 return -EINVAL; 101 return false;
102 if (info->bitmask & ~EBT_IP6_MASK || info->invflags & ~EBT_IP6_MASK) 102 if (info->bitmask & ~EBT_IP6_MASK || info->invflags & ~EBT_IP6_MASK)
103 return -EINVAL; 103 return false;
104 if (info->bitmask & (EBT_IP6_DPORT | EBT_IP6_SPORT)) { 104 if (info->bitmask & (EBT_IP6_DPORT | EBT_IP6_SPORT)) {
105 if (info->invflags & EBT_IP6_PROTO) 105 if (info->invflags & EBT_IP6_PROTO)
106 return -EINVAL; 106 return false;
107 if (info->protocol != IPPROTO_TCP && 107 if (info->protocol != IPPROTO_TCP &&
108 info->protocol != IPPROTO_UDP && 108 info->protocol != IPPROTO_UDP &&
109 info->protocol != IPPROTO_UDPLITE && 109 info->protocol != IPPROTO_UDPLITE &&
110 info->protocol != IPPROTO_SCTP && 110 info->protocol != IPPROTO_SCTP &&
111 info->protocol != IPPROTO_DCCP) 111 info->protocol != IPPROTO_DCCP)
112 return -EINVAL; 112 return false;
113 } 113 }
114 if (info->bitmask & EBT_IP6_DPORT && info->dport[0] > info->dport[1]) 114 if (info->bitmask & EBT_IP6_DPORT && info->dport[0] > info->dport[1])
115 return -EINVAL; 115 return false;
116 if (info->bitmask & EBT_IP6_SPORT && info->sport[0] > info->sport[1]) 116 if (info->bitmask & EBT_IP6_SPORT && info->sport[0] > info->sport[1])
117 return -EINVAL; 117 return false;
118 return 0; 118 return true;
119} 119}
120 120
121static struct ebt_match filter_ip6 = 121static struct ebt_match filter_ip6 =
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
index 3d71f3510ffa..9b04f2be94e9 100644
--- a/net/bridge/netfilter/ebt_limit.c
+++ b/net/bridge/netfilter/ebt_limit.c
@@ -65,7 +65,7 @@ user2credits(u_int32_t user)
65 return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE; 65 return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE;
66} 66}
67 67
68static int ebt_limit_check(const char *tablename, unsigned int hookmask, 68static bool ebt_limit_check(const char *tablename, unsigned int hookmask,
69 const struct ebt_entry *e, void *data, unsigned int datalen) 69 const struct ebt_entry *e, void *data, unsigned int datalen)
70{ 70{
71 struct ebt_limit_info *info = data; 71 struct ebt_limit_info *info = data;
@@ -75,7 +75,7 @@ static int ebt_limit_check(const char *tablename, unsigned int hookmask,
75 user2credits(info->avg * info->burst) < user2credits(info->avg)) { 75 user2credits(info->avg * info->burst) < user2credits(info->avg)) {
76 printk("Overflow in ebt_limit, try lower: %u/%u\n", 76 printk("Overflow in ebt_limit, try lower: %u/%u\n",
77 info->avg, info->burst); 77 info->avg, info->burst);
78 return -EINVAL; 78 return false;
79 } 79 }
80 80
81 /* User avg in seconds * EBT_LIMIT_SCALE: convert to jiffies * 128. */ 81 /* User avg in seconds * EBT_LIMIT_SCALE: convert to jiffies * 128. */
@@ -83,7 +83,7 @@ static int ebt_limit_check(const char *tablename, unsigned int hookmask,
83 info->credit = user2credits(info->avg * info->burst); 83 info->credit = user2credits(info->avg * info->burst);
84 info->credit_cap = user2credits(info->avg * info->burst); 84 info->credit_cap = user2credits(info->avg * info->burst);
85 info->cost = user2credits(info->avg); 85 info->cost = user2credits(info->avg);
86 return 0; 86 return true;
87} 87}
88 88
89static struct ebt_match ebt_limit_reg __read_mostly = { 89static struct ebt_match ebt_limit_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index d9596f114a37..f3d6d5ec2dc6 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -24,17 +24,17 @@
24 24
25static DEFINE_SPINLOCK(ebt_log_lock); 25static DEFINE_SPINLOCK(ebt_log_lock);
26 26
27static int ebt_log_check(const char *tablename, unsigned int hookmask, 27static bool ebt_log_check(const char *tablename, unsigned int hookmask,
28 const struct ebt_entry *e, void *data, unsigned int datalen) 28 const struct ebt_entry *e, void *data, unsigned int datalen)
29{ 29{
30 struct ebt_log_info *info = data; 30 struct ebt_log_info *info = data;
31 31
32 if (info->bitmask & ~EBT_LOG_MASK) 32 if (info->bitmask & ~EBT_LOG_MASK)
33 return -EINVAL; 33 return false;
34 if (info->loglevel >= 8) 34 if (info->loglevel >= 8)
35 return -EINVAL; 35 return false;
36 info->prefix[EBT_LOG_PREFIX_SIZE - 1] = '\0'; 36 info->prefix[EBT_LOG_PREFIX_SIZE - 1] = '\0';
37 return 0; 37 return true;
38} 38}
39 39
40struct tcpudphdr 40struct tcpudphdr
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c
index bb02412786c8..b85c73895aeb 100644
--- a/net/bridge/netfilter/ebt_mark.c
+++ b/net/bridge/netfilter/ebt_mark.c
@@ -37,7 +37,7 @@ static int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr,
37 return info->target | ~EBT_VERDICT_BITS; 37 return info->target | ~EBT_VERDICT_BITS;
38} 38}
39 39
40static int ebt_target_mark_check(const char *tablename, unsigned int hookmask, 40static bool ebt_target_mark_check(const char *tablename, unsigned int hookmask,
41 const struct ebt_entry *e, void *data, unsigned int datalen) 41 const struct ebt_entry *e, void *data, unsigned int datalen)
42{ 42{
43 const struct ebt_mark_t_info *info = data; 43 const struct ebt_mark_t_info *info = data;
@@ -45,15 +45,15 @@ static int ebt_target_mark_check(const char *tablename, unsigned int hookmask,
45 45
46 tmp = info->target | ~EBT_VERDICT_BITS; 46 tmp = info->target | ~EBT_VERDICT_BITS;
47 if (BASE_CHAIN && tmp == EBT_RETURN) 47 if (BASE_CHAIN && tmp == EBT_RETURN)
48 return -EINVAL; 48 return false;
49 CLEAR_BASE_CHAIN_BIT; 49 CLEAR_BASE_CHAIN_BIT;
50 if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) 50 if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0)
51 return -EINVAL; 51 return false;
52 tmp = info->target & ~EBT_VERDICT_BITS; 52 tmp = info->target & ~EBT_VERDICT_BITS;
53 if (tmp != MARK_SET_VALUE && tmp != MARK_OR_VALUE && 53 if (tmp != MARK_SET_VALUE && tmp != MARK_OR_VALUE &&
54 tmp != MARK_AND_VALUE && tmp != MARK_XOR_VALUE) 54 tmp != MARK_AND_VALUE && tmp != MARK_XOR_VALUE)
55 return -EINVAL; 55 return false;
56 return 0; 56 return true;
57} 57}
58 58
59static struct ebt_target mark_target __read_mostly = { 59static struct ebt_target mark_target __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c
index b8ce9eb71709..b2707d772c90 100644
--- a/net/bridge/netfilter/ebt_mark_m.c
+++ b/net/bridge/netfilter/ebt_mark_m.c
@@ -23,18 +23,18 @@ static int ebt_filter_mark(const struct sk_buff *skb,
23 return !(((skb->mark & info->mask) == info->mark) ^ info->invert); 23 return !(((skb->mark & info->mask) == info->mark) ^ info->invert);
24} 24}
25 25
26static int ebt_mark_check(const char *tablename, unsigned int hookmask, 26static bool ebt_mark_check(const char *tablename, unsigned int hookmask,
27 const struct ebt_entry *e, void *data, unsigned int datalen) 27 const struct ebt_entry *e, void *data, unsigned int datalen)
28{ 28{
29 const struct ebt_mark_m_info *info = data; 29 const struct ebt_mark_m_info *info = data;
30 30
31 if (info->bitmask & ~EBT_MARK_MASK) 31 if (info->bitmask & ~EBT_MARK_MASK)
32 return -EINVAL; 32 return false;
33 if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND)) 33 if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND))
34 return -EINVAL; 34 return false;
35 if (!info->bitmask) 35 if (!info->bitmask)
36 return -EINVAL; 36 return false;
37 return 0; 37 return true;
38} 38}
39 39
40static struct ebt_match filter_mark __read_mostly = { 40static struct ebt_match filter_mark __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c
index 88ceb5eb8496..a6954eb3f58a 100644
--- a/net/bridge/netfilter/ebt_nflog.c
+++ b/net/bridge/netfilter/ebt_nflog.c
@@ -36,17 +36,17 @@ static void ebt_nflog(const struct sk_buff *skb,
36 nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, "%s", info->prefix); 36 nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, "%s", info->prefix);
37} 37}
38 38
39static int ebt_nflog_check(const char *tablename, 39static bool ebt_nflog_check(const char *tablename,
40 unsigned int hookmask, 40 unsigned int hookmask,
41 const struct ebt_entry *e, 41 const struct ebt_entry *e,
42 void *data, unsigned int datalen) 42 void *data, unsigned int datalen)
43{ 43{
44 struct ebt_nflog_info *info = (struct ebt_nflog_info *)data; 44 struct ebt_nflog_info *info = (struct ebt_nflog_info *)data;
45 45
46 if (info->flags & ~EBT_NFLOG_MASK) 46 if (info->flags & ~EBT_NFLOG_MASK)
47 return -EINVAL; 47 return false;
48 info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0'; 48 info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0';
49 return 0; 49 return true;
50} 50}
51 51
52static struct ebt_watcher nflog __read_mostly = { 52static struct ebt_watcher nflog __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c
index 019026177f8b..4dcd3b86cff6 100644
--- a/net/bridge/netfilter/ebt_pkttype.c
+++ b/net/bridge/netfilter/ebt_pkttype.c
@@ -23,15 +23,15 @@ static int ebt_filter_pkttype(const struct sk_buff *skb,
23 return (skb->pkt_type != info->pkt_type) ^ info->invert; 23 return (skb->pkt_type != info->pkt_type) ^ info->invert;
24} 24}
25 25
26static int ebt_pkttype_check(const char *tablename, unsigned int hookmask, 26static bool ebt_pkttype_check(const char *tablename, unsigned int hookmask,
27 const struct ebt_entry *e, void *data, unsigned int datalen) 27 const struct ebt_entry *e, void *data, unsigned int datalen)
28{ 28{
29 const struct ebt_pkttype_info *info = data; 29 const struct ebt_pkttype_info *info = data;
30 30
31 if (info->invert != 0 && info->invert != 1) 31 if (info->invert != 0 && info->invert != 1)
32 return -EINVAL; 32 return false;
33 /* Allow any pkt_type value */ 33 /* Allow any pkt_type value */
34 return 0; 34 return true;
35} 35}
36 36
37static struct ebt_match filter_pkttype __read_mostly = { 37static struct ebt_match filter_pkttype __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c
index 040532683862..d2076f4227cd 100644
--- a/net/bridge/netfilter/ebt_redirect.c
+++ b/net/bridge/netfilter/ebt_redirect.c
@@ -33,20 +33,20 @@ static int ebt_target_redirect(struct sk_buff *skb, unsigned int hooknr,
33 return info->target; 33 return info->target;
34} 34}
35 35
36static int ebt_target_redirect_check(const char *tablename, unsigned int hookmask, 36static bool ebt_target_redirect_check(const char *tablename, unsigned int hookmask,
37 const struct ebt_entry *e, void *data, unsigned int datalen) 37 const struct ebt_entry *e, void *data, unsigned int datalen)
38{ 38{
39 const struct ebt_redirect_info *info = data; 39 const struct ebt_redirect_info *info = data;
40 40
41 if (BASE_CHAIN && info->target == EBT_RETURN) 41 if (BASE_CHAIN && info->target == EBT_RETURN)
42 return -EINVAL; 42 return false;
43 CLEAR_BASE_CHAIN_BIT; 43 CLEAR_BASE_CHAIN_BIT;
44 if ( (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING)) && 44 if ( (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING)) &&
45 (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) ) 45 (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) )
46 return -EINVAL; 46 return false;
47 if (INVALID_TARGET) 47 if (INVALID_TARGET)
48 return -EINVAL; 48 return false;
49 return 0; 49 return true;
50} 50}
51 51
52static struct ebt_target redirect_target __read_mostly = { 52static struct ebt_target redirect_target __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c
index abfbc6c95024..5a5a16acca00 100644
--- a/net/bridge/netfilter/ebt_snat.c
+++ b/net/bridge/netfilter/ebt_snat.c
@@ -43,7 +43,7 @@ out:
43 return info->target | ~EBT_VERDICT_BITS; 43 return info->target | ~EBT_VERDICT_BITS;
44} 44}
45 45
46static int ebt_target_snat_check(const char *tablename, unsigned int hookmask, 46static bool ebt_target_snat_check(const char *tablename, unsigned int hookmask,
47 const struct ebt_entry *e, void *data, unsigned int datalen) 47 const struct ebt_entry *e, void *data, unsigned int datalen)
48{ 48{
49 const struct ebt_nat_info *info = data; 49 const struct ebt_nat_info *info = data;
@@ -51,19 +51,19 @@ static int ebt_target_snat_check(const char *tablename, unsigned int hookmask,
51 51
52 tmp = info->target | ~EBT_VERDICT_BITS; 52 tmp = info->target | ~EBT_VERDICT_BITS;
53 if (BASE_CHAIN && tmp == EBT_RETURN) 53 if (BASE_CHAIN && tmp == EBT_RETURN)
54 return -EINVAL; 54 return false;
55 CLEAR_BASE_CHAIN_BIT; 55 CLEAR_BASE_CHAIN_BIT;
56 if (strcmp(tablename, "nat")) 56 if (strcmp(tablename, "nat"))
57 return -EINVAL; 57 return false;
58 if (hookmask & ~(1 << NF_BR_POST_ROUTING)) 58 if (hookmask & ~(1 << NF_BR_POST_ROUTING))
59 return -EINVAL; 59 return false;
60 60
61 if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) 61 if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0)
62 return -EINVAL; 62 return false;
63 tmp = info->target | EBT_VERDICT_BITS; 63 tmp = info->target | EBT_VERDICT_BITS;
64 if ((tmp & ~NAT_ARP_BIT) != ~NAT_ARP_BIT) 64 if ((tmp & ~NAT_ARP_BIT) != ~NAT_ARP_BIT)
65 return -EINVAL; 65 return false;
66 return 0; 66 return true;
67} 67}
68 68
69static struct ebt_target snat __read_mostly = { 69static struct ebt_target snat __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c
index c7a0a00dac7c..37d9480a00c6 100644
--- a/net/bridge/netfilter/ebt_stp.c
+++ b/net/bridge/netfilter/ebt_stp.c
@@ -153,7 +153,7 @@ static int ebt_filter_stp(const struct sk_buff *skb, const struct net_device *in
153 return EBT_MATCH; 153 return EBT_MATCH;
154} 154}
155 155
156static int ebt_stp_check(const char *tablename, unsigned int hookmask, 156static bool ebt_stp_check(const char *tablename, unsigned int hookmask,
157 const struct ebt_entry *e, void *data, unsigned int datalen) 157 const struct ebt_entry *e, void *data, unsigned int datalen)
158{ 158{
159 const struct ebt_stp_info *info = data; 159 const struct ebt_stp_info *info = data;
@@ -162,13 +162,13 @@ static int ebt_stp_check(const char *tablename, unsigned int hookmask,
162 162
163 if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || 163 if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK ||
164 !(info->bitmask & EBT_STP_MASK)) 164 !(info->bitmask & EBT_STP_MASK))
165 return -EINVAL; 165 return false;
166 /* Make sure the match only receives stp frames */ 166 /* Make sure the match only receives stp frames */
167 if (compare_ether_addr(e->destmac, bridge_ula) || 167 if (compare_ether_addr(e->destmac, bridge_ula) ||
168 compare_ether_addr(e->destmsk, msk) || !(e->bitmask & EBT_DESTMAC)) 168 compare_ether_addr(e->destmsk, msk) || !(e->bitmask & EBT_DESTMAC))
169 return -EINVAL; 169 return false;
170 170
171 return 0; 171 return true;
172} 172}
173 173
174static struct ebt_match filter_stp __read_mostly = { 174static struct ebt_match filter_stp __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
index bdd8a27bba9c..e13a005f58ad 100644
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -255,14 +255,13 @@ static void ebt_ulog(const struct sk_buff *skb, unsigned int hooknr,
255 ebt_ulog_packet(hooknr, skb, in, out, uloginfo, NULL); 255 ebt_ulog_packet(hooknr, skb, in, out, uloginfo, NULL);
256} 256}
257 257
258 258static bool ebt_ulog_check(const char *tablename, unsigned int hookmask,
259static int ebt_ulog_check(const char *tablename, unsigned int hookmask,
260 const struct ebt_entry *e, void *data, unsigned int datalen) 259 const struct ebt_entry *e, void *data, unsigned int datalen)
261{ 260{
262 struct ebt_ulog_info *uloginfo = data; 261 struct ebt_ulog_info *uloginfo = data;
263 262
264 if (uloginfo->nlgroup > 31) 263 if (uloginfo->nlgroup > 31)
265 return -EINVAL; 264 return false;
266 265
267 uloginfo->prefix[EBT_ULOG_PREFIX_LEN - 1] = '\0'; 266 uloginfo->prefix[EBT_ULOG_PREFIX_LEN - 1] = '\0';
268 267
@@ -288,12 +287,13 @@ static const struct nf_logger ebt_ulog_logger = {
288 287
289static int __init ebt_ulog_init(void) 288static int __init ebt_ulog_init(void)
290{ 289{
291 int i, ret = 0; 290 bool ret = true;
291 int i;
292 292
293 if (nlbufsiz >= 128*1024) { 293 if (nlbufsiz >= 128*1024) {
294 printk(KERN_NOTICE "ebt_ulog: Netlink buffer has to be <= 128kB," 294 printk(KERN_NOTICE "ebt_ulog: Netlink buffer has to be <= 128kB,"
295 " please try a smaller nlbufsiz parameter.\n"); 295 " please try a smaller nlbufsiz parameter.\n");
296 return -EINVAL; 296 return false;
297 } 297 }
298 298
299 /* initialize ulog_buffers */ 299 /* initialize ulog_buffers */
@@ -305,12 +305,15 @@ static int __init ebt_ulog_init(void)
305 ebtulognl = netlink_kernel_create(&init_net, NETLINK_NFLOG, 305 ebtulognl = netlink_kernel_create(&init_net, NETLINK_NFLOG,
306 EBT_ULOG_MAXNLGROUPS, NULL, NULL, 306 EBT_ULOG_MAXNLGROUPS, NULL, NULL,
307 THIS_MODULE); 307 THIS_MODULE);
308 if (!ebtulognl) 308 if (!ebtulognl) {
309 ret = -ENOMEM; 309 printk(KERN_WARNING KBUILD_MODNAME ": out of memory trying to "
310 else if ((ret = ebt_register_watcher(&ulog))) 310 "call netlink_kernel_create\n");
311 ret = false;
312 } else if (ebt_register_watcher(&ulog) != 0) {
311 netlink_kernel_release(ebtulognl); 313 netlink_kernel_release(ebtulognl);
314 }
312 315
313 if (ret == 0) 316 if (ret)
314 nf_log_register(NFPROTO_BRIDGE, &ebt_ulog_logger); 317 nf_log_register(NFPROTO_BRIDGE, &ebt_ulog_logger);
315 318
316 return ret; 319 return ret;
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c
index 4dba47aefc8a..fc88d5d59e04 100644
--- a/net/bridge/netfilter/ebt_vlan.c
+++ b/net/bridge/netfilter/ebt_vlan.c
@@ -87,7 +87,7 @@ ebt_filter_vlan(const struct sk_buff *skb,
87 return EBT_MATCH; 87 return EBT_MATCH;
88} 88}
89 89
90static int 90static bool
91ebt_check_vlan(const char *tablename, 91ebt_check_vlan(const char *tablename,
92 unsigned int hooknr, 92 unsigned int hooknr,
93 const struct ebt_entry *e, void *data, unsigned int datalen) 93 const struct ebt_entry *e, void *data, unsigned int datalen)
@@ -99,7 +99,7 @@ ebt_check_vlan(const char *tablename,
99 DEBUG_MSG 99 DEBUG_MSG
100 ("passed entry proto %2.4X is not 802.1Q (8100)\n", 100 ("passed entry proto %2.4X is not 802.1Q (8100)\n",
101 (unsigned short) ntohs(e->ethproto)); 101 (unsigned short) ntohs(e->ethproto));
102 return -EINVAL; 102 return false;
103 } 103 }
104 104
105 /* Check for bitmask range 105 /* Check for bitmask range
@@ -107,14 +107,14 @@ ebt_check_vlan(const char *tablename,
107 if (info->bitmask & ~EBT_VLAN_MASK) { 107 if (info->bitmask & ~EBT_VLAN_MASK) {
108 DEBUG_MSG("bitmask %2X is out of mask (%2X)\n", 108 DEBUG_MSG("bitmask %2X is out of mask (%2X)\n",
109 info->bitmask, EBT_VLAN_MASK); 109 info->bitmask, EBT_VLAN_MASK);
110 return -EINVAL; 110 return false;
111 } 111 }
112 112
113 /* Check for inversion flags range */ 113 /* Check for inversion flags range */
114 if (info->invflags & ~EBT_VLAN_MASK) { 114 if (info->invflags & ~EBT_VLAN_MASK) {
115 DEBUG_MSG("inversion flags %2X is out of mask (%2X)\n", 115 DEBUG_MSG("inversion flags %2X is out of mask (%2X)\n",
116 info->invflags, EBT_VLAN_MASK); 116 info->invflags, EBT_VLAN_MASK);
117 return -EINVAL; 117 return false;
118 } 118 }
119 119
120 /* Reserved VLAN ID (VID) values 120 /* Reserved VLAN ID (VID) values
@@ -129,7 +129,7 @@ ebt_check_vlan(const char *tablename,
129 DEBUG_MSG 129 DEBUG_MSG
130 ("id %d is out of range (1-4096)\n", 130 ("id %d is out of range (1-4096)\n",
131 info->id); 131 info->id);
132 return -EINVAL; 132 return false;
133 } 133 }
134 /* Note: This is valid VLAN-tagged frame point. 134 /* Note: This is valid VLAN-tagged frame point.
135 * Any value of user_priority are acceptable, 135 * Any value of user_priority are acceptable,
@@ -144,7 +144,7 @@ ebt_check_vlan(const char *tablename,
144 if ((unsigned char) info->prio > 7) { 144 if ((unsigned char) info->prio > 7) {
145 DEBUG_MSG("prio %d is out of range (0-7)\n", 145 DEBUG_MSG("prio %d is out of range (0-7)\n",
146 info->prio); 146 info->prio);
147 return -EINVAL; 147 return false;
148 } 148 }
149 } 149 }
150 /* Check for encapsulated proto range - it is possible to be 150 /* Check for encapsulated proto range - it is possible to be
@@ -155,11 +155,11 @@ ebt_check_vlan(const char *tablename,
155 DEBUG_MSG 155 DEBUG_MSG
156 ("encap frame length %d is less than minimal\n", 156 ("encap frame length %d is less than minimal\n",
157 ntohs(info->encap)); 157 ntohs(info->encap));
158 return -EINVAL; 158 return false;
159 } 159 }
160 } 160 }
161 161
162 return 0; 162 return true;
163} 163}
164 164
165static struct ebt_match filter_vlan __read_mostly = { 165static struct ebt_match filter_vlan __read_mostly = {
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index b04e288d20f2..fe4995277296 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -365,7 +365,7 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e,
365 return -EINVAL; 365 return -EINVAL;
366 } 366 }
367 if (match->check && 367 if (match->check &&
368 match->check(name, hookmask, e, m->data, m->match_size) != 0) { 368 !match->check(name, hookmask, e, m->data, m->match_size)) {
369 BUGPRINT("match->check failed\n"); 369 BUGPRINT("match->check failed\n");
370 module_put(match->me); 370 module_put(match->me);
371 return -EINVAL; 371 return -EINVAL;
@@ -403,7 +403,7 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e,
403 return -EINVAL; 403 return -EINVAL;
404 } 404 }
405 if (watcher->check && 405 if (watcher->check &&
406 watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) { 406 !watcher->check(name, hookmask, e, w->data, w->watcher_size)) {
407 BUGPRINT("watcher->check failed\n"); 407 BUGPRINT("watcher->check failed\n");
408 module_put(watcher->me); 408 module_put(watcher->me);
409 return -EINVAL; 409 return -EINVAL;
@@ -716,7 +716,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo,
716 ret = -EINVAL; 716 ret = -EINVAL;
717 goto cleanup_watchers; 717 goto cleanup_watchers;
718 } else if (t->u.target->check && 718 } else if (t->u.target->check &&
719 t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0) { 719 !t->u.target->check(name, hookmask, e, t->data, t->target_size)) {
720 module_put(t->u.target->me); 720 module_put(t->u.target->me);
721 ret = -EFAULT; 721 ret = -EFAULT;
722 goto cleanup_watchers; 722 goto cleanup_watchers;