diff options
-rw-r--r-- | include/linux/netfilter_bridge/ebtables.h | 9 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_802_3.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_among.c | 15 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_arp.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_arpreply.c | 10 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_dnat.c | 10 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ip.c | 16 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ip6.c | 16 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_limit.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_log.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_mark.c | 10 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_mark_m.c | 10 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_nflog.c | 12 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_pkttype.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_redirect.c | 10 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_snat.c | 14 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_stp.c | 8 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ulog.c | 21 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_vlan.c | 16 | ||||
-rw-r--r-- | net/bridge/netfilter/ebtables.c | 6 |
20 files changed, 109 insertions, 108 deletions
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h index fd085af8962d..5f71719b7a27 100644 --- a/include/linux/netfilter_bridge/ebtables.h +++ b/include/linux/netfilter_bridge/ebtables.h | |||
@@ -211,8 +211,7 @@ struct ebt_match | |||
211 | int (*match)(const struct sk_buff *skb, const struct net_device *in, | 211 | int (*match)(const struct sk_buff *skb, const struct net_device *in, |
212 | const struct net_device *out, const void *matchdata, | 212 | const struct net_device *out, const void *matchdata, |
213 | unsigned int datalen); | 213 | unsigned int datalen); |
214 | /* 0 == let it in */ | 214 | bool (*check)(const char *tablename, unsigned int hookmask, |
215 | int (*check)(const char *tablename, unsigned int hookmask, | ||
216 | const struct ebt_entry *e, void *matchdata, unsigned int datalen); | 215 | const struct ebt_entry *e, void *matchdata, unsigned int datalen); |
217 | void (*destroy)(void *matchdata, unsigned int datalen); | 216 | void (*destroy)(void *matchdata, unsigned int datalen); |
218 | unsigned int matchsize; | 217 | unsigned int matchsize; |
@@ -226,8 +225,7 @@ struct ebt_watcher | |||
226 | void (*watcher)(const struct sk_buff *skb, unsigned int hooknr, | 225 | void (*watcher)(const struct sk_buff *skb, unsigned int hooknr, |
227 | const struct net_device *in, const struct net_device *out, | 226 | const struct net_device *in, const struct net_device *out, |
228 | const void *watcherdata, unsigned int datalen); | 227 | const void *watcherdata, unsigned int datalen); |
229 | /* 0 == let it in */ | 228 | bool (*check)(const char *tablename, unsigned int hookmask, |
230 | int (*check)(const char *tablename, unsigned int hookmask, | ||
231 | const struct ebt_entry *e, void *watcherdata, unsigned int datalen); | 229 | const struct ebt_entry *e, void *watcherdata, unsigned int datalen); |
232 | void (*destroy)(void *watcherdata, unsigned int datalen); | 230 | void (*destroy)(void *watcherdata, unsigned int datalen); |
233 | unsigned int targetsize; | 231 | unsigned int targetsize; |
@@ -242,8 +240,7 @@ struct ebt_target | |||
242 | int (*target)(struct sk_buff *skb, unsigned int hooknr, | 240 | int (*target)(struct sk_buff *skb, unsigned int hooknr, |
243 | const struct net_device *in, const struct net_device *out, | 241 | const struct net_device *in, const struct net_device *out, |
244 | const void *targetdata, unsigned int datalen); | 242 | const void *targetdata, unsigned int datalen); |
245 | /* 0 == let it in */ | 243 | bool (*check)(const char *tablename, unsigned int hookmask, |
246 | int (*check)(const char *tablename, unsigned int hookmask, | ||
247 | const struct ebt_entry *e, void *targetdata, unsigned int datalen); | 244 | const struct ebt_entry *e, void *targetdata, unsigned int datalen); |
248 | void (*destroy)(void *targetdata, unsigned int datalen); | 245 | void (*destroy)(void *targetdata, unsigned int datalen); |
249 | unsigned int targetsize; | 246 | unsigned int targetsize; |
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c index ccecfbd2a25d..868df9c1e42b 100644 --- a/net/bridge/netfilter/ebt_802_3.c +++ b/net/bridge/netfilter/ebt_802_3.c | |||
@@ -37,15 +37,15 @@ static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device * | |||
37 | } | 37 | } |
38 | 38 | ||
39 | static struct ebt_match filter_802_3; | 39 | static struct ebt_match filter_802_3; |
40 | static int ebt_802_3_check(const char *tablename, unsigned int hookmask, | 40 | static bool ebt_802_3_check(const char *tablename, unsigned int hookmask, |
41 | const struct ebt_entry *e, void *data, unsigned int datalen) | 41 | const struct ebt_entry *e, void *data, unsigned int datalen) |
42 | { | 42 | { |
43 | const struct ebt_802_3_info *info = data; | 43 | const struct ebt_802_3_info *info = data; |
44 | 44 | ||
45 | if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK) | 45 | if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK) |
46 | return -EINVAL; | 46 | return false; |
47 | 47 | ||
48 | return 0; | 48 | return true; |
49 | } | 49 | } |
50 | 50 | ||
51 | static struct ebt_match filter_802_3 __read_mostly = { | 51 | static struct ebt_match filter_802_3 __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c index b0acb13a390c..95e2e70ac90a 100644 --- a/net/bridge/netfilter/ebt_among.c +++ b/net/bridge/netfilter/ebt_among.c | |||
@@ -177,9 +177,10 @@ static int ebt_filter_among(const struct sk_buff *skb, | |||
177 | return EBT_MATCH; | 177 | return EBT_MATCH; |
178 | } | 178 | } |
179 | 179 | ||
180 | static int ebt_among_check(const char *tablename, unsigned int hookmask, | 180 | static bool |
181 | const struct ebt_entry *e, void *data, | 181 | ebt_among_check(const char *tablename, unsigned int hookmask, |
182 | unsigned int datalen) | 182 | const struct ebt_entry *e, void *data, |
183 | unsigned int datalen) | ||
183 | { | 184 | { |
184 | const struct ebt_among_info *info = data; | 185 | const struct ebt_among_info *info = data; |
185 | int expected_length = sizeof(struct ebt_among_info); | 186 | int expected_length = sizeof(struct ebt_among_info); |
@@ -197,19 +198,19 @@ static int ebt_among_check(const char *tablename, unsigned int hookmask, | |||
197 | "against expected %d, rounded to %Zd\n", | 198 | "against expected %d, rounded to %Zd\n", |
198 | datalen, expected_length, | 199 | datalen, expected_length, |
199 | EBT_ALIGN(expected_length)); | 200 | EBT_ALIGN(expected_length)); |
200 | return -EINVAL; | 201 | return false; |
201 | } | 202 | } |
202 | if (wh_dst && (err = ebt_mac_wormhash_check_integrity(wh_dst))) { | 203 | if (wh_dst && (err = ebt_mac_wormhash_check_integrity(wh_dst))) { |
203 | printk(KERN_WARNING | 204 | printk(KERN_WARNING |
204 | "ebtables: among: dst integrity fail: %x\n", -err); | 205 | "ebtables: among: dst integrity fail: %x\n", -err); |
205 | return -EINVAL; | 206 | return false; |
206 | } | 207 | } |
207 | if (wh_src && (err = ebt_mac_wormhash_check_integrity(wh_src))) { | 208 | if (wh_src && (err = ebt_mac_wormhash_check_integrity(wh_src))) { |
208 | printk(KERN_WARNING | 209 | printk(KERN_WARNING |
209 | "ebtables: among: src integrity fail: %x\n", -err); | 210 | "ebtables: among: src integrity fail: %x\n", -err); |
210 | return -EINVAL; | 211 | return false; |
211 | } | 212 | } |
212 | return 0; | 213 | return true; |
213 | } | 214 | } |
214 | 215 | ||
215 | static struct ebt_match filter_among __read_mostly = { | 216 | static struct ebt_match filter_among __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c index 385f9cb85bce..cb33672380d0 100644 --- a/net/bridge/netfilter/ebt_arp.c +++ b/net/bridge/netfilter/ebt_arp.c | |||
@@ -100,7 +100,7 @@ static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in | |||
100 | return EBT_MATCH; | 100 | return EBT_MATCH; |
101 | } | 101 | } |
102 | 102 | ||
103 | static int ebt_arp_check(const char *tablename, unsigned int hookmask, | 103 | static bool ebt_arp_check(const char *tablename, unsigned int hookmask, |
104 | const struct ebt_entry *e, void *data, unsigned int datalen) | 104 | const struct ebt_entry *e, void *data, unsigned int datalen) |
105 | { | 105 | { |
106 | const struct ebt_arp_info *info = data; | 106 | const struct ebt_arp_info *info = data; |
@@ -108,10 +108,10 @@ static int ebt_arp_check(const char *tablename, unsigned int hookmask, | |||
108 | if ((e->ethproto != htons(ETH_P_ARP) && | 108 | if ((e->ethproto != htons(ETH_P_ARP) && |
109 | e->ethproto != htons(ETH_P_RARP)) || | 109 | e->ethproto != htons(ETH_P_RARP)) || |
110 | e->invflags & EBT_IPROTO) | 110 | e->invflags & EBT_IPROTO) |
111 | return -EINVAL; | 111 | return false; |
112 | if (info->bitmask & ~EBT_ARP_MASK || info->invflags & ~EBT_ARP_MASK) | 112 | if (info->bitmask & ~EBT_ARP_MASK || info->invflags & ~EBT_ARP_MASK) |
113 | return -EINVAL; | 113 | return false; |
114 | return 0; | 114 | return true; |
115 | } | 115 | } |
116 | 116 | ||
117 | static struct ebt_match filter_arp __read_mostly = { | 117 | static struct ebt_match filter_arp __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c index a860ea6da46a..c298d3deffa4 100644 --- a/net/bridge/netfilter/ebt_arpreply.c +++ b/net/bridge/netfilter/ebt_arpreply.c | |||
@@ -58,20 +58,20 @@ static int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr, | |||
58 | return info->target; | 58 | return info->target; |
59 | } | 59 | } |
60 | 60 | ||
61 | static int ebt_target_reply_check(const char *tablename, unsigned int hookmask, | 61 | static bool ebt_target_reply_check(const char *tablename, unsigned int hookmask, |
62 | const struct ebt_entry *e, void *data, unsigned int datalen) | 62 | const struct ebt_entry *e, void *data, unsigned int datalen) |
63 | { | 63 | { |
64 | const struct ebt_arpreply_info *info = data; | 64 | const struct ebt_arpreply_info *info = data; |
65 | 65 | ||
66 | if (BASE_CHAIN && info->target == EBT_RETURN) | 66 | if (BASE_CHAIN && info->target == EBT_RETURN) |
67 | return -EINVAL; | 67 | return false; |
68 | if (e->ethproto != htons(ETH_P_ARP) || | 68 | if (e->ethproto != htons(ETH_P_ARP) || |
69 | e->invflags & EBT_IPROTO) | 69 | e->invflags & EBT_IPROTO) |
70 | return -EINVAL; | 70 | return false; |
71 | CLEAR_BASE_CHAIN_BIT; | 71 | CLEAR_BASE_CHAIN_BIT; |
72 | if (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING)) | 72 | if (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING)) |
73 | return -EINVAL; | 73 | return false; |
74 | return 0; | 74 | return true; |
75 | } | 75 | } |
76 | 76 | ||
77 | static struct ebt_target reply_target __read_mostly = { | 77 | static struct ebt_target reply_target __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c index c2be41e8bb99..6ddea2184e95 100644 --- a/net/bridge/netfilter/ebt_dnat.c +++ b/net/bridge/netfilter/ebt_dnat.c | |||
@@ -27,21 +27,21 @@ static int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr, | |||
27 | return info->target; | 27 | return info->target; |
28 | } | 28 | } |
29 | 29 | ||
30 | static int ebt_target_dnat_check(const char *tablename, unsigned int hookmask, | 30 | static bool ebt_target_dnat_check(const char *tablename, unsigned int hookmask, |
31 | const struct ebt_entry *e, void *data, unsigned int datalen) | 31 | const struct ebt_entry *e, void *data, unsigned int datalen) |
32 | { | 32 | { |
33 | const struct ebt_nat_info *info = data; | 33 | const struct ebt_nat_info *info = data; |
34 | 34 | ||
35 | if (BASE_CHAIN && info->target == EBT_RETURN) | 35 | if (BASE_CHAIN && info->target == EBT_RETURN) |
36 | return -EINVAL; | 36 | return false; |
37 | CLEAR_BASE_CHAIN_BIT; | 37 | CLEAR_BASE_CHAIN_BIT; |
38 | if ( (strcmp(tablename, "nat") || | 38 | if ( (strcmp(tablename, "nat") || |
39 | (hookmask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT)))) && | 39 | (hookmask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT)))) && |
40 | (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) ) | 40 | (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) ) |
41 | return -EINVAL; | 41 | return false; |
42 | if (INVALID_TARGET) | 42 | if (INVALID_TARGET) |
43 | return -EINVAL; | 43 | return false; |
44 | return 0; | 44 | return true; |
45 | } | 45 | } |
46 | 46 | ||
47 | static struct ebt_target dnat __read_mostly = { | 47 | static struct ebt_target dnat __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c index c1ae2547e3d0..cbf0918ec166 100644 --- a/net/bridge/netfilter/ebt_ip.c +++ b/net/bridge/netfilter/ebt_ip.c | |||
@@ -78,31 +78,31 @@ static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in, | |||
78 | return EBT_MATCH; | 78 | return EBT_MATCH; |
79 | } | 79 | } |
80 | 80 | ||
81 | static int ebt_ip_check(const char *tablename, unsigned int hookmask, | 81 | static bool ebt_ip_check(const char *tablename, unsigned int hookmask, |
82 | const struct ebt_entry *e, void *data, unsigned int datalen) | 82 | const struct ebt_entry *e, void *data, unsigned int datalen) |
83 | { | 83 | { |
84 | const struct ebt_ip_info *info = data; | 84 | const struct ebt_ip_info *info = data; |
85 | 85 | ||
86 | if (e->ethproto != htons(ETH_P_IP) || | 86 | if (e->ethproto != htons(ETH_P_IP) || |
87 | e->invflags & EBT_IPROTO) | 87 | e->invflags & EBT_IPROTO) |
88 | return -EINVAL; | 88 | return false; |
89 | if (info->bitmask & ~EBT_IP_MASK || info->invflags & ~EBT_IP_MASK) | 89 | if (info->bitmask & ~EBT_IP_MASK || info->invflags & ~EBT_IP_MASK) |
90 | return -EINVAL; | 90 | return false; |
91 | if (info->bitmask & (EBT_IP_DPORT | EBT_IP_SPORT)) { | 91 | if (info->bitmask & (EBT_IP_DPORT | EBT_IP_SPORT)) { |
92 | if (info->invflags & EBT_IP_PROTO) | 92 | if (info->invflags & EBT_IP_PROTO) |
93 | return -EINVAL; | 93 | return false; |
94 | if (info->protocol != IPPROTO_TCP && | 94 | if (info->protocol != IPPROTO_TCP && |
95 | info->protocol != IPPROTO_UDP && | 95 | info->protocol != IPPROTO_UDP && |
96 | info->protocol != IPPROTO_UDPLITE && | 96 | info->protocol != IPPROTO_UDPLITE && |
97 | info->protocol != IPPROTO_SCTP && | 97 | info->protocol != IPPROTO_SCTP && |
98 | info->protocol != IPPROTO_DCCP) | 98 | info->protocol != IPPROTO_DCCP) |
99 | return -EINVAL; | 99 | return false; |
100 | } | 100 | } |
101 | if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1]) | 101 | if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1]) |
102 | return -EINVAL; | 102 | return false; |
103 | if (info->bitmask & EBT_IP_SPORT && info->sport[0] > info->sport[1]) | 103 | if (info->bitmask & EBT_IP_SPORT && info->sport[0] > info->sport[1]) |
104 | return -EINVAL; | 104 | return false; |
105 | return 0; | 105 | return true; |
106 | } | 106 | } |
107 | 107 | ||
108 | static struct ebt_match filter_ip __read_mostly = { | 108 | static struct ebt_match filter_ip __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c index 554dd68637c8..1230c9ee394a 100644 --- a/net/bridge/netfilter/ebt_ip6.c +++ b/net/bridge/netfilter/ebt_ip6.c | |||
@@ -92,30 +92,30 @@ static int ebt_filter_ip6(const struct sk_buff *skb, | |||
92 | return EBT_MATCH; | 92 | return EBT_MATCH; |
93 | } | 93 | } |
94 | 94 | ||
95 | static int ebt_ip6_check(const char *tablename, unsigned int hookmask, | 95 | static bool ebt_ip6_check(const char *tablename, unsigned int hookmask, |
96 | const struct ebt_entry *e, void *data, unsigned int datalen) | 96 | const struct ebt_entry *e, void *data, unsigned int datalen) |
97 | { | 97 | { |
98 | struct ebt_ip6_info *info = (struct ebt_ip6_info *)data; | 98 | struct ebt_ip6_info *info = (struct ebt_ip6_info *)data; |
99 | 99 | ||
100 | if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO) | 100 | if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO) |
101 | return -EINVAL; | 101 | return false; |
102 | if (info->bitmask & ~EBT_IP6_MASK || info->invflags & ~EBT_IP6_MASK) | 102 | if (info->bitmask & ~EBT_IP6_MASK || info->invflags & ~EBT_IP6_MASK) |
103 | return -EINVAL; | 103 | return false; |
104 | if (info->bitmask & (EBT_IP6_DPORT | EBT_IP6_SPORT)) { | 104 | if (info->bitmask & (EBT_IP6_DPORT | EBT_IP6_SPORT)) { |
105 | if (info->invflags & EBT_IP6_PROTO) | 105 | if (info->invflags & EBT_IP6_PROTO) |
106 | return -EINVAL; | 106 | return false; |
107 | if (info->protocol != IPPROTO_TCP && | 107 | if (info->protocol != IPPROTO_TCP && |
108 | info->protocol != IPPROTO_UDP && | 108 | info->protocol != IPPROTO_UDP && |
109 | info->protocol != IPPROTO_UDPLITE && | 109 | info->protocol != IPPROTO_UDPLITE && |
110 | info->protocol != IPPROTO_SCTP && | 110 | info->protocol != IPPROTO_SCTP && |
111 | info->protocol != IPPROTO_DCCP) | 111 | info->protocol != IPPROTO_DCCP) |
112 | return -EINVAL; | 112 | return false; |
113 | } | 113 | } |
114 | if (info->bitmask & EBT_IP6_DPORT && info->dport[0] > info->dport[1]) | 114 | if (info->bitmask & EBT_IP6_DPORT && info->dport[0] > info->dport[1]) |
115 | return -EINVAL; | 115 | return false; |
116 | if (info->bitmask & EBT_IP6_SPORT && info->sport[0] > info->sport[1]) | 116 | if (info->bitmask & EBT_IP6_SPORT && info->sport[0] > info->sport[1]) |
117 | return -EINVAL; | 117 | return false; |
118 | return 0; | 118 | return true; |
119 | } | 119 | } |
120 | 120 | ||
121 | static struct ebt_match filter_ip6 = | 121 | static struct ebt_match filter_ip6 = |
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c index 3d71f3510ffa..9b04f2be94e9 100644 --- a/net/bridge/netfilter/ebt_limit.c +++ b/net/bridge/netfilter/ebt_limit.c | |||
@@ -65,7 +65,7 @@ user2credits(u_int32_t user) | |||
65 | return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE; | 65 | return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE; |
66 | } | 66 | } |
67 | 67 | ||
68 | static int ebt_limit_check(const char *tablename, unsigned int hookmask, | 68 | static bool ebt_limit_check(const char *tablename, unsigned int hookmask, |
69 | const struct ebt_entry *e, void *data, unsigned int datalen) | 69 | const struct ebt_entry *e, void *data, unsigned int datalen) |
70 | { | 70 | { |
71 | struct ebt_limit_info *info = data; | 71 | struct ebt_limit_info *info = data; |
@@ -75,7 +75,7 @@ static int ebt_limit_check(const char *tablename, unsigned int hookmask, | |||
75 | user2credits(info->avg * info->burst) < user2credits(info->avg)) { | 75 | user2credits(info->avg * info->burst) < user2credits(info->avg)) { |
76 | printk("Overflow in ebt_limit, try lower: %u/%u\n", | 76 | printk("Overflow in ebt_limit, try lower: %u/%u\n", |
77 | info->avg, info->burst); | 77 | info->avg, info->burst); |
78 | return -EINVAL; | 78 | return false; |
79 | } | 79 | } |
80 | 80 | ||
81 | /* User avg in seconds * EBT_LIMIT_SCALE: convert to jiffies * 128. */ | 81 | /* User avg in seconds * EBT_LIMIT_SCALE: convert to jiffies * 128. */ |
@@ -83,7 +83,7 @@ static int ebt_limit_check(const char *tablename, unsigned int hookmask, | |||
83 | info->credit = user2credits(info->avg * info->burst); | 83 | info->credit = user2credits(info->avg * info->burst); |
84 | info->credit_cap = user2credits(info->avg * info->burst); | 84 | info->credit_cap = user2credits(info->avg * info->burst); |
85 | info->cost = user2credits(info->avg); | 85 | info->cost = user2credits(info->avg); |
86 | return 0; | 86 | return true; |
87 | } | 87 | } |
88 | 88 | ||
89 | static struct ebt_match ebt_limit_reg __read_mostly = { | 89 | static struct ebt_match ebt_limit_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c index d9596f114a37..f3d6d5ec2dc6 100644 --- a/net/bridge/netfilter/ebt_log.c +++ b/net/bridge/netfilter/ebt_log.c | |||
@@ -24,17 +24,17 @@ | |||
24 | 24 | ||
25 | static DEFINE_SPINLOCK(ebt_log_lock); | 25 | static DEFINE_SPINLOCK(ebt_log_lock); |
26 | 26 | ||
27 | static int ebt_log_check(const char *tablename, unsigned int hookmask, | 27 | static bool ebt_log_check(const char *tablename, unsigned int hookmask, |
28 | const struct ebt_entry *e, void *data, unsigned int datalen) | 28 | const struct ebt_entry *e, void *data, unsigned int datalen) |
29 | { | 29 | { |
30 | struct ebt_log_info *info = data; | 30 | struct ebt_log_info *info = data; |
31 | 31 | ||
32 | if (info->bitmask & ~EBT_LOG_MASK) | 32 | if (info->bitmask & ~EBT_LOG_MASK) |
33 | return -EINVAL; | 33 | return false; |
34 | if (info->loglevel >= 8) | 34 | if (info->loglevel >= 8) |
35 | return -EINVAL; | 35 | return false; |
36 | info->prefix[EBT_LOG_PREFIX_SIZE - 1] = '\0'; | 36 | info->prefix[EBT_LOG_PREFIX_SIZE - 1] = '\0'; |
37 | return 0; | 37 | return true; |
38 | } | 38 | } |
39 | 39 | ||
40 | struct tcpudphdr | 40 | struct tcpudphdr |
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c index bb02412786c8..b85c73895aeb 100644 --- a/net/bridge/netfilter/ebt_mark.c +++ b/net/bridge/netfilter/ebt_mark.c | |||
@@ -37,7 +37,7 @@ static int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr, | |||
37 | return info->target | ~EBT_VERDICT_BITS; | 37 | return info->target | ~EBT_VERDICT_BITS; |
38 | } | 38 | } |
39 | 39 | ||
40 | static int ebt_target_mark_check(const char *tablename, unsigned int hookmask, | 40 | static bool ebt_target_mark_check(const char *tablename, unsigned int hookmask, |
41 | const struct ebt_entry *e, void *data, unsigned int datalen) | 41 | const struct ebt_entry *e, void *data, unsigned int datalen) |
42 | { | 42 | { |
43 | const struct ebt_mark_t_info *info = data; | 43 | const struct ebt_mark_t_info *info = data; |
@@ -45,15 +45,15 @@ static int ebt_target_mark_check(const char *tablename, unsigned int hookmask, | |||
45 | 45 | ||
46 | tmp = info->target | ~EBT_VERDICT_BITS; | 46 | tmp = info->target | ~EBT_VERDICT_BITS; |
47 | if (BASE_CHAIN && tmp == EBT_RETURN) | 47 | if (BASE_CHAIN && tmp == EBT_RETURN) |
48 | return -EINVAL; | 48 | return false; |
49 | CLEAR_BASE_CHAIN_BIT; | 49 | CLEAR_BASE_CHAIN_BIT; |
50 | if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) | 50 | if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) |
51 | return -EINVAL; | 51 | return false; |
52 | tmp = info->target & ~EBT_VERDICT_BITS; | 52 | tmp = info->target & ~EBT_VERDICT_BITS; |
53 | if (tmp != MARK_SET_VALUE && tmp != MARK_OR_VALUE && | 53 | if (tmp != MARK_SET_VALUE && tmp != MARK_OR_VALUE && |
54 | tmp != MARK_AND_VALUE && tmp != MARK_XOR_VALUE) | 54 | tmp != MARK_AND_VALUE && tmp != MARK_XOR_VALUE) |
55 | return -EINVAL; | 55 | return false; |
56 | return 0; | 56 | return true; |
57 | } | 57 | } |
58 | 58 | ||
59 | static struct ebt_target mark_target __read_mostly = { | 59 | static struct ebt_target mark_target __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c index b8ce9eb71709..b2707d772c90 100644 --- a/net/bridge/netfilter/ebt_mark_m.c +++ b/net/bridge/netfilter/ebt_mark_m.c | |||
@@ -23,18 +23,18 @@ static int ebt_filter_mark(const struct sk_buff *skb, | |||
23 | return !(((skb->mark & info->mask) == info->mark) ^ info->invert); | 23 | return !(((skb->mark & info->mask) == info->mark) ^ info->invert); |
24 | } | 24 | } |
25 | 25 | ||
26 | static int ebt_mark_check(const char *tablename, unsigned int hookmask, | 26 | static bool ebt_mark_check(const char *tablename, unsigned int hookmask, |
27 | const struct ebt_entry *e, void *data, unsigned int datalen) | 27 | const struct ebt_entry *e, void *data, unsigned int datalen) |
28 | { | 28 | { |
29 | const struct ebt_mark_m_info *info = data; | 29 | const struct ebt_mark_m_info *info = data; |
30 | 30 | ||
31 | if (info->bitmask & ~EBT_MARK_MASK) | 31 | if (info->bitmask & ~EBT_MARK_MASK) |
32 | return -EINVAL; | 32 | return false; |
33 | if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND)) | 33 | if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND)) |
34 | return -EINVAL; | 34 | return false; |
35 | if (!info->bitmask) | 35 | if (!info->bitmask) |
36 | return -EINVAL; | 36 | return false; |
37 | return 0; | 37 | return true; |
38 | } | 38 | } |
39 | 39 | ||
40 | static struct ebt_match filter_mark __read_mostly = { | 40 | static struct ebt_match filter_mark __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c index 88ceb5eb8496..a6954eb3f58a 100644 --- a/net/bridge/netfilter/ebt_nflog.c +++ b/net/bridge/netfilter/ebt_nflog.c | |||
@@ -36,17 +36,17 @@ static void ebt_nflog(const struct sk_buff *skb, | |||
36 | nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, "%s", info->prefix); | 36 | nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, "%s", info->prefix); |
37 | } | 37 | } |
38 | 38 | ||
39 | static int ebt_nflog_check(const char *tablename, | 39 | static bool ebt_nflog_check(const char *tablename, |
40 | unsigned int hookmask, | 40 | unsigned int hookmask, |
41 | const struct ebt_entry *e, | 41 | const struct ebt_entry *e, |
42 | void *data, unsigned int datalen) | 42 | void *data, unsigned int datalen) |
43 | { | 43 | { |
44 | struct ebt_nflog_info *info = (struct ebt_nflog_info *)data; | 44 | struct ebt_nflog_info *info = (struct ebt_nflog_info *)data; |
45 | 45 | ||
46 | if (info->flags & ~EBT_NFLOG_MASK) | 46 | if (info->flags & ~EBT_NFLOG_MASK) |
47 | return -EINVAL; | 47 | return false; |
48 | info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0'; | 48 | info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0'; |
49 | return 0; | 49 | return true; |
50 | } | 50 | } |
51 | 51 | ||
52 | static struct ebt_watcher nflog __read_mostly = { | 52 | static struct ebt_watcher nflog __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c index 019026177f8b..4dcd3b86cff6 100644 --- a/net/bridge/netfilter/ebt_pkttype.c +++ b/net/bridge/netfilter/ebt_pkttype.c | |||
@@ -23,15 +23,15 @@ static int ebt_filter_pkttype(const struct sk_buff *skb, | |||
23 | return (skb->pkt_type != info->pkt_type) ^ info->invert; | 23 | return (skb->pkt_type != info->pkt_type) ^ info->invert; |
24 | } | 24 | } |
25 | 25 | ||
26 | static int ebt_pkttype_check(const char *tablename, unsigned int hookmask, | 26 | static bool ebt_pkttype_check(const char *tablename, unsigned int hookmask, |
27 | const struct ebt_entry *e, void *data, unsigned int datalen) | 27 | const struct ebt_entry *e, void *data, unsigned int datalen) |
28 | { | 28 | { |
29 | const struct ebt_pkttype_info *info = data; | 29 | const struct ebt_pkttype_info *info = data; |
30 | 30 | ||
31 | if (info->invert != 0 && info->invert != 1) | 31 | if (info->invert != 0 && info->invert != 1) |
32 | return -EINVAL; | 32 | return false; |
33 | /* Allow any pkt_type value */ | 33 | /* Allow any pkt_type value */ |
34 | return 0; | 34 | return true; |
35 | } | 35 | } |
36 | 36 | ||
37 | static struct ebt_match filter_pkttype __read_mostly = { | 37 | static struct ebt_match filter_pkttype __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c index 040532683862..d2076f4227cd 100644 --- a/net/bridge/netfilter/ebt_redirect.c +++ b/net/bridge/netfilter/ebt_redirect.c | |||
@@ -33,20 +33,20 @@ static int ebt_target_redirect(struct sk_buff *skb, unsigned int hooknr, | |||
33 | return info->target; | 33 | return info->target; |
34 | } | 34 | } |
35 | 35 | ||
36 | static int ebt_target_redirect_check(const char *tablename, unsigned int hookmask, | 36 | static bool ebt_target_redirect_check(const char *tablename, unsigned int hookmask, |
37 | const struct ebt_entry *e, void *data, unsigned int datalen) | 37 | const struct ebt_entry *e, void *data, unsigned int datalen) |
38 | { | 38 | { |
39 | const struct ebt_redirect_info *info = data; | 39 | const struct ebt_redirect_info *info = data; |
40 | 40 | ||
41 | if (BASE_CHAIN && info->target == EBT_RETURN) | 41 | if (BASE_CHAIN && info->target == EBT_RETURN) |
42 | return -EINVAL; | 42 | return false; |
43 | CLEAR_BASE_CHAIN_BIT; | 43 | CLEAR_BASE_CHAIN_BIT; |
44 | if ( (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING)) && | 44 | if ( (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING)) && |
45 | (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) ) | 45 | (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) ) |
46 | return -EINVAL; | 46 | return false; |
47 | if (INVALID_TARGET) | 47 | if (INVALID_TARGET) |
48 | return -EINVAL; | 48 | return false; |
49 | return 0; | 49 | return true; |
50 | } | 50 | } |
51 | 51 | ||
52 | static struct ebt_target redirect_target __read_mostly = { | 52 | static struct ebt_target redirect_target __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c index abfbc6c95024..5a5a16acca00 100644 --- a/net/bridge/netfilter/ebt_snat.c +++ b/net/bridge/netfilter/ebt_snat.c | |||
@@ -43,7 +43,7 @@ out: | |||
43 | return info->target | ~EBT_VERDICT_BITS; | 43 | return info->target | ~EBT_VERDICT_BITS; |
44 | } | 44 | } |
45 | 45 | ||
46 | static int ebt_target_snat_check(const char *tablename, unsigned int hookmask, | 46 | static bool ebt_target_snat_check(const char *tablename, unsigned int hookmask, |
47 | const struct ebt_entry *e, void *data, unsigned int datalen) | 47 | const struct ebt_entry *e, void *data, unsigned int datalen) |
48 | { | 48 | { |
49 | const struct ebt_nat_info *info = data; | 49 | const struct ebt_nat_info *info = data; |
@@ -51,19 +51,19 @@ static int ebt_target_snat_check(const char *tablename, unsigned int hookmask, | |||
51 | 51 | ||
52 | tmp = info->target | ~EBT_VERDICT_BITS; | 52 | tmp = info->target | ~EBT_VERDICT_BITS; |
53 | if (BASE_CHAIN && tmp == EBT_RETURN) | 53 | if (BASE_CHAIN && tmp == EBT_RETURN) |
54 | return -EINVAL; | 54 | return false; |
55 | CLEAR_BASE_CHAIN_BIT; | 55 | CLEAR_BASE_CHAIN_BIT; |
56 | if (strcmp(tablename, "nat")) | 56 | if (strcmp(tablename, "nat")) |
57 | return -EINVAL; | 57 | return false; |
58 | if (hookmask & ~(1 << NF_BR_POST_ROUTING)) | 58 | if (hookmask & ~(1 << NF_BR_POST_ROUTING)) |
59 | return -EINVAL; | 59 | return false; |
60 | 60 | ||
61 | if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) | 61 | if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) |
62 | return -EINVAL; | 62 | return false; |
63 | tmp = info->target | EBT_VERDICT_BITS; | 63 | tmp = info->target | EBT_VERDICT_BITS; |
64 | if ((tmp & ~NAT_ARP_BIT) != ~NAT_ARP_BIT) | 64 | if ((tmp & ~NAT_ARP_BIT) != ~NAT_ARP_BIT) |
65 | return -EINVAL; | 65 | return false; |
66 | return 0; | 66 | return true; |
67 | } | 67 | } |
68 | 68 | ||
69 | static struct ebt_target snat __read_mostly = { | 69 | static struct ebt_target snat __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c index c7a0a00dac7c..37d9480a00c6 100644 --- a/net/bridge/netfilter/ebt_stp.c +++ b/net/bridge/netfilter/ebt_stp.c | |||
@@ -153,7 +153,7 @@ static int ebt_filter_stp(const struct sk_buff *skb, const struct net_device *in | |||
153 | return EBT_MATCH; | 153 | return EBT_MATCH; |
154 | } | 154 | } |
155 | 155 | ||
156 | static int ebt_stp_check(const char *tablename, unsigned int hookmask, | 156 | static bool ebt_stp_check(const char *tablename, unsigned int hookmask, |
157 | const struct ebt_entry *e, void *data, unsigned int datalen) | 157 | const struct ebt_entry *e, void *data, unsigned int datalen) |
158 | { | 158 | { |
159 | const struct ebt_stp_info *info = data; | 159 | const struct ebt_stp_info *info = data; |
@@ -162,13 +162,13 @@ static int ebt_stp_check(const char *tablename, unsigned int hookmask, | |||
162 | 162 | ||
163 | if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || | 163 | if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || |
164 | !(info->bitmask & EBT_STP_MASK)) | 164 | !(info->bitmask & EBT_STP_MASK)) |
165 | return -EINVAL; | 165 | return false; |
166 | /* Make sure the match only receives stp frames */ | 166 | /* Make sure the match only receives stp frames */ |
167 | if (compare_ether_addr(e->destmac, bridge_ula) || | 167 | if (compare_ether_addr(e->destmac, bridge_ula) || |
168 | compare_ether_addr(e->destmsk, msk) || !(e->bitmask & EBT_DESTMAC)) | 168 | compare_ether_addr(e->destmsk, msk) || !(e->bitmask & EBT_DESTMAC)) |
169 | return -EINVAL; | 169 | return false; |
170 | 170 | ||
171 | return 0; | 171 | return true; |
172 | } | 172 | } |
173 | 173 | ||
174 | static struct ebt_match filter_stp __read_mostly = { | 174 | static struct ebt_match filter_stp __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c index bdd8a27bba9c..e13a005f58ad 100644 --- a/net/bridge/netfilter/ebt_ulog.c +++ b/net/bridge/netfilter/ebt_ulog.c | |||
@@ -255,14 +255,13 @@ static void ebt_ulog(const struct sk_buff *skb, unsigned int hooknr, | |||
255 | ebt_ulog_packet(hooknr, skb, in, out, uloginfo, NULL); | 255 | ebt_ulog_packet(hooknr, skb, in, out, uloginfo, NULL); |
256 | } | 256 | } |
257 | 257 | ||
258 | 258 | static bool ebt_ulog_check(const char *tablename, unsigned int hookmask, | |
259 | static int ebt_ulog_check(const char *tablename, unsigned int hookmask, | ||
260 | const struct ebt_entry *e, void *data, unsigned int datalen) | 259 | const struct ebt_entry *e, void *data, unsigned int datalen) |
261 | { | 260 | { |
262 | struct ebt_ulog_info *uloginfo = data; | 261 | struct ebt_ulog_info *uloginfo = data; |
263 | 262 | ||
264 | if (uloginfo->nlgroup > 31) | 263 | if (uloginfo->nlgroup > 31) |
265 | return -EINVAL; | 264 | return false; |
266 | 265 | ||
267 | uloginfo->prefix[EBT_ULOG_PREFIX_LEN - 1] = '\0'; | 266 | uloginfo->prefix[EBT_ULOG_PREFIX_LEN - 1] = '\0'; |
268 | 267 | ||
@@ -288,12 +287,13 @@ static const struct nf_logger ebt_ulog_logger = { | |||
288 | 287 | ||
289 | static int __init ebt_ulog_init(void) | 288 | static int __init ebt_ulog_init(void) |
290 | { | 289 | { |
291 | int i, ret = 0; | 290 | bool ret = true; |
291 | int i; | ||
292 | 292 | ||
293 | if (nlbufsiz >= 128*1024) { | 293 | if (nlbufsiz >= 128*1024) { |
294 | printk(KERN_NOTICE "ebt_ulog: Netlink buffer has to be <= 128kB," | 294 | printk(KERN_NOTICE "ebt_ulog: Netlink buffer has to be <= 128kB," |
295 | " please try a smaller nlbufsiz parameter.\n"); | 295 | " please try a smaller nlbufsiz parameter.\n"); |
296 | return -EINVAL; | 296 | return false; |
297 | } | 297 | } |
298 | 298 | ||
299 | /* initialize ulog_buffers */ | 299 | /* initialize ulog_buffers */ |
@@ -305,12 +305,15 @@ static int __init ebt_ulog_init(void) | |||
305 | ebtulognl = netlink_kernel_create(&init_net, NETLINK_NFLOG, | 305 | ebtulognl = netlink_kernel_create(&init_net, NETLINK_NFLOG, |
306 | EBT_ULOG_MAXNLGROUPS, NULL, NULL, | 306 | EBT_ULOG_MAXNLGROUPS, NULL, NULL, |
307 | THIS_MODULE); | 307 | THIS_MODULE); |
308 | if (!ebtulognl) | 308 | if (!ebtulognl) { |
309 | ret = -ENOMEM; | 309 | printk(KERN_WARNING KBUILD_MODNAME ": out of memory trying to " |
310 | else if ((ret = ebt_register_watcher(&ulog))) | 310 | "call netlink_kernel_create\n"); |
311 | ret = false; | ||
312 | } else if (ebt_register_watcher(&ulog) != 0) { | ||
311 | netlink_kernel_release(ebtulognl); | 313 | netlink_kernel_release(ebtulognl); |
314 | } | ||
312 | 315 | ||
313 | if (ret == 0) | 316 | if (ret) |
314 | nf_log_register(NFPROTO_BRIDGE, &ebt_ulog_logger); | 317 | nf_log_register(NFPROTO_BRIDGE, &ebt_ulog_logger); |
315 | 318 | ||
316 | return ret; | 319 | return ret; |
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c index 4dba47aefc8a..fc88d5d59e04 100644 --- a/net/bridge/netfilter/ebt_vlan.c +++ b/net/bridge/netfilter/ebt_vlan.c | |||
@@ -87,7 +87,7 @@ ebt_filter_vlan(const struct sk_buff *skb, | |||
87 | return EBT_MATCH; | 87 | return EBT_MATCH; |
88 | } | 88 | } |
89 | 89 | ||
90 | static int | 90 | static bool |
91 | ebt_check_vlan(const char *tablename, | 91 | ebt_check_vlan(const char *tablename, |
92 | unsigned int hooknr, | 92 | unsigned int hooknr, |
93 | const struct ebt_entry *e, void *data, unsigned int datalen) | 93 | const struct ebt_entry *e, void *data, unsigned int datalen) |
@@ -99,7 +99,7 @@ ebt_check_vlan(const char *tablename, | |||
99 | DEBUG_MSG | 99 | DEBUG_MSG |
100 | ("passed entry proto %2.4X is not 802.1Q (8100)\n", | 100 | ("passed entry proto %2.4X is not 802.1Q (8100)\n", |
101 | (unsigned short) ntohs(e->ethproto)); | 101 | (unsigned short) ntohs(e->ethproto)); |
102 | return -EINVAL; | 102 | return false; |
103 | } | 103 | } |
104 | 104 | ||
105 | /* Check for bitmask range | 105 | /* Check for bitmask range |
@@ -107,14 +107,14 @@ ebt_check_vlan(const char *tablename, | |||
107 | if (info->bitmask & ~EBT_VLAN_MASK) { | 107 | if (info->bitmask & ~EBT_VLAN_MASK) { |
108 | DEBUG_MSG("bitmask %2X is out of mask (%2X)\n", | 108 | DEBUG_MSG("bitmask %2X is out of mask (%2X)\n", |
109 | info->bitmask, EBT_VLAN_MASK); | 109 | info->bitmask, EBT_VLAN_MASK); |
110 | return -EINVAL; | 110 | return false; |
111 | } | 111 | } |
112 | 112 | ||
113 | /* Check for inversion flags range */ | 113 | /* Check for inversion flags range */ |
114 | if (info->invflags & ~EBT_VLAN_MASK) { | 114 | if (info->invflags & ~EBT_VLAN_MASK) { |
115 | DEBUG_MSG("inversion flags %2X is out of mask (%2X)\n", | 115 | DEBUG_MSG("inversion flags %2X is out of mask (%2X)\n", |
116 | info->invflags, EBT_VLAN_MASK); | 116 | info->invflags, EBT_VLAN_MASK); |
117 | return -EINVAL; | 117 | return false; |
118 | } | 118 | } |
119 | 119 | ||
120 | /* Reserved VLAN ID (VID) values | 120 | /* Reserved VLAN ID (VID) values |
@@ -129,7 +129,7 @@ ebt_check_vlan(const char *tablename, | |||
129 | DEBUG_MSG | 129 | DEBUG_MSG |
130 | ("id %d is out of range (1-4096)\n", | 130 | ("id %d is out of range (1-4096)\n", |
131 | info->id); | 131 | info->id); |
132 | return -EINVAL; | 132 | return false; |
133 | } | 133 | } |
134 | /* Note: This is valid VLAN-tagged frame point. | 134 | /* Note: This is valid VLAN-tagged frame point. |
135 | * Any value of user_priority are acceptable, | 135 | * Any value of user_priority are acceptable, |
@@ -144,7 +144,7 @@ ebt_check_vlan(const char *tablename, | |||
144 | if ((unsigned char) info->prio > 7) { | 144 | if ((unsigned char) info->prio > 7) { |
145 | DEBUG_MSG("prio %d is out of range (0-7)\n", | 145 | DEBUG_MSG("prio %d is out of range (0-7)\n", |
146 | info->prio); | 146 | info->prio); |
147 | return -EINVAL; | 147 | return false; |
148 | } | 148 | } |
149 | } | 149 | } |
150 | /* Check for encapsulated proto range - it is possible to be | 150 | /* Check for encapsulated proto range - it is possible to be |
@@ -155,11 +155,11 @@ ebt_check_vlan(const char *tablename, | |||
155 | DEBUG_MSG | 155 | DEBUG_MSG |
156 | ("encap frame length %d is less than minimal\n", | 156 | ("encap frame length %d is less than minimal\n", |
157 | ntohs(info->encap)); | 157 | ntohs(info->encap)); |
158 | return -EINVAL; | 158 | return false; |
159 | } | 159 | } |
160 | } | 160 | } |
161 | 161 | ||
162 | return 0; | 162 | return true; |
163 | } | 163 | } |
164 | 164 | ||
165 | static struct ebt_match filter_vlan __read_mostly = { | 165 | static struct ebt_match filter_vlan __read_mostly = { |
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index b04e288d20f2..fe4995277296 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
@@ -365,7 +365,7 @@ ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, | |||
365 | return -EINVAL; | 365 | return -EINVAL; |
366 | } | 366 | } |
367 | if (match->check && | 367 | if (match->check && |
368 | match->check(name, hookmask, e, m->data, m->match_size) != 0) { | 368 | !match->check(name, hookmask, e, m->data, m->match_size)) { |
369 | BUGPRINT("match->check failed\n"); | 369 | BUGPRINT("match->check failed\n"); |
370 | module_put(match->me); | 370 | module_put(match->me); |
371 | return -EINVAL; | 371 | return -EINVAL; |
@@ -403,7 +403,7 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, | |||
403 | return -EINVAL; | 403 | return -EINVAL; |
404 | } | 404 | } |
405 | if (watcher->check && | 405 | if (watcher->check && |
406 | watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) { | 406 | !watcher->check(name, hookmask, e, w->data, w->watcher_size)) { |
407 | BUGPRINT("watcher->check failed\n"); | 407 | BUGPRINT("watcher->check failed\n"); |
408 | module_put(watcher->me); | 408 | module_put(watcher->me); |
409 | return -EINVAL; | 409 | return -EINVAL; |
@@ -716,7 +716,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, | |||
716 | ret = -EINVAL; | 716 | ret = -EINVAL; |
717 | goto cleanup_watchers; | 717 | goto cleanup_watchers; |
718 | } else if (t->u.target->check && | 718 | } else if (t->u.target->check && |
719 | t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0) { | 719 | !t->u.target->check(name, hookmask, e, t->data, t->target_size)) { |
720 | module_put(t->u.target->me); | 720 | module_put(t->u.target->me); |
721 | ret = -EFAULT; | 721 | ret = -EFAULT; |
722 | goto cleanup_watchers; | 722 | goto cleanup_watchers; |