提交 e1931b78 编写于 作者: J Jan Engelhardt 提交者: David S. Miller

[NETFILTER]: x_tables: switch xt_target->checkentry to bool

Switch the return type of target checkentry functions to boolean.
Signed-off-by: NJan Engelhardt <jengelh@gmx.de>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 ccb79bdc
......@@ -202,11 +202,11 @@ struct xt_target
hook_mask is a bitmask of hooks from which it can be
called. */
/* Should return true or false. */
int (*checkentry)(const char *tablename,
const void *entry,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask);
bool (*checkentry)(const char *tablename,
const void *entry,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask);
/* Called when entry of this type deleted. */
void (*destroy)(const struct xt_target *target, void *targinfo);
......
......@@ -65,7 +65,7 @@ target(struct sk_buff **pskb,
return mangle->target;
}
static int
static bool
checkentry(const char *tablename, const void *e, const struct xt_target *target,
void *targinfo, unsigned int hook_mask)
{
......@@ -73,12 +73,12 @@ checkentry(const char *tablename, const void *e, const struct xt_target *target,
if (mangle->flags & ~ARPT_MANGLE_MASK ||
!(mangle->flags & ARPT_MANGLE_MASK))
return 0;
return false;
if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT &&
mangle->target != ARPT_CONTINUE)
return 0;
return 1;
return false;
return true;
}
static struct arpt_target arpt_mangle_reg = {
......
......@@ -220,17 +220,17 @@ clusterip_add_node(struct clusterip_config *c, u_int16_t nodenum)
return 0;
}
static int
static bool
clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum)
{
if (nodenum == 0 ||
nodenum > c->num_total_nodes)
return 1;
return true;
if (test_and_clear_bit(nodenum - 1, &c->local_nodes))
return 0;
return false;
return 1;
return true;
}
#endif
......@@ -370,7 +370,7 @@ target(struct sk_buff **pskb,
return XT_CONTINUE;
}
static int
static bool
checkentry(const char *tablename,
const void *e_void,
const struct xt_target *target,
......@@ -387,13 +387,13 @@ checkentry(const char *tablename,
cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) {
printk(KERN_WARNING "CLUSTERIP: unknown mode `%u'\n",
cipinfo->hash_mode);
return 0;
return false;
}
if (e->ip.dmsk.s_addr != htonl(0xffffffff)
|| e->ip.dst.s_addr == 0) {
printk(KERN_ERR "CLUSTERIP: Please specify destination IP\n");
return 0;
return false;
}
/* FIXME: further sanity checks */
......@@ -407,7 +407,7 @@ checkentry(const char *tablename,
if (cipinfo->config != config) {
printk(KERN_ERR "CLUSTERIP: Reloaded entry "
"has invalid config pointer!\n");
return 0;
return false;
}
} else {
/* Case B: This is a new rule referring to an existing
......@@ -418,19 +418,19 @@ checkentry(const char *tablename,
/* Case C: This is a completely new clusterip config */
if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) {
printk(KERN_WARNING "CLUSTERIP: no config found for %u.%u.%u.%u, need 'new'\n", NIPQUAD(e->ip.dst.s_addr));
return 0;
return false;
} else {
struct net_device *dev;
if (e->ip.iniface[0] == '\0') {
printk(KERN_WARNING "CLUSTERIP: Please specify an interface name\n");
return 0;
return false;
}
dev = dev_get_by_name(e->ip.iniface);
if (!dev) {
printk(KERN_WARNING "CLUSTERIP: no such interface %s\n", e->ip.iniface);
return 0;
return false;
}
config = clusterip_config_init(cipinfo,
......@@ -438,7 +438,7 @@ checkentry(const char *tablename,
if (!config) {
printk(KERN_WARNING "CLUSTERIP: cannot allocate config\n");
dev_put(dev);
return 0;
return false;
}
dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0);
}
......@@ -448,10 +448,10 @@ checkentry(const char *tablename,
if (nf_ct_l3proto_try_module_get(target->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for "
"proto=%d\n", target->family);
return 0;
return false;
}
return 1;
return true;
}
/* drop reference count of cluster config when rule is deleted */
......
......@@ -24,8 +24,8 @@ MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
MODULE_DESCRIPTION("iptables ECN modification module");
/* set ECT codepoint from IP header.
* return 0 if there was an error. */
static inline int
* return false if there was an error. */
static inline bool
set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
{
struct iphdr *iph = ip_hdr(*pskb);
......@@ -33,18 +33,18 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) {
__u8 oldtos;
if (!skb_make_writable(pskb, sizeof(struct iphdr)))
return 0;
return false;
iph = ip_hdr(*pskb);
oldtos = iph->tos;
iph->tos &= ~IPT_ECN_IP_MASK;
iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK);
nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos));
}
return 1;
return true;
}
/* Return 0 if there was an error. */
static inline int
/* Return false if there was an error. */
static inline bool
set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
{
struct tcphdr _tcph, *tcph;
......@@ -54,16 +54,16 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
tcph = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
sizeof(_tcph), &_tcph);
if (!tcph)
return 0;
return false;
if ((!(einfo->operation & IPT_ECN_OP_SET_ECE) ||
tcph->ece == einfo->proto.tcp.ece) &&
((!(einfo->operation & IPT_ECN_OP_SET_CWR) ||
tcph->cwr == einfo->proto.tcp.cwr)))
return 1;
return true;
if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph)))
return 0;
return false;
tcph = (void *)ip_hdr(*pskb) + ip_hdrlen(*pskb);
oldval = ((__be16 *)tcph)[6];
......@@ -74,7 +74,7 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
nf_proto_csum_replace2(&tcph->check, *pskb,
oldval, ((__be16 *)tcph)[6], 0);
return 1;
return true;
}
static unsigned int
......@@ -99,7 +99,7 @@ target(struct sk_buff **pskb,
return XT_CONTINUE;
}
static int
static bool
checkentry(const char *tablename,
const void *e_void,
const struct xt_target *target,
......@@ -112,20 +112,20 @@ checkentry(const char *tablename,
if (einfo->operation & IPT_ECN_OP_MASK) {
printk(KERN_WARNING "ECN: unsupported ECN operation %x\n",
einfo->operation);
return 0;
return false;
}
if (einfo->ip_ect & ~IPT_ECN_IP_MASK) {
printk(KERN_WARNING "ECN: new ECT codepoint %x out of mask\n",
einfo->ip_ect);
return 0;
return false;
}
if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR))
&& (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) {
printk(KERN_WARNING "ECN: cannot use TCP operations on a "
"non-tcp rule\n");
return 0;
return false;
}
return 1;
return true;
}
static struct xt_target ipt_ecn_reg = {
......
......@@ -435,24 +435,24 @@ ipt_log_target(struct sk_buff **pskb,
return XT_CONTINUE;
}
static int ipt_log_checkentry(const char *tablename,
const void *e,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
static bool ipt_log_checkentry(const char *tablename,
const void *e,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
{
const struct ipt_log_info *loginfo = targinfo;
if (loginfo->level >= 8) {
DEBUGP("LOG: level %u >= 8\n", loginfo->level);
return 0;
return false;
}
if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
DEBUGP("LOG: prefix term %i\n",
loginfo->prefix[sizeof(loginfo->prefix)-1]);
return 0;
return false;
}
return 1;
return true;
}
static struct xt_target ipt_log_reg = {
......
......@@ -37,7 +37,7 @@ MODULE_DESCRIPTION("iptables MASQUERADE target module");
static DEFINE_RWLOCK(masq_lock);
/* FIXME: Multiple targets. --RR */
static int
static bool
masquerade_check(const char *tablename,
const void *e,
const struct xt_target *target,
......@@ -48,13 +48,13 @@ masquerade_check(const char *tablename,
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
DEBUGP("masquerade_check: bad MAP_IPS.\n");
return 0;
return false;
}
if (mr->rangesize != 1) {
DEBUGP("masquerade_check: bad rangesize %u.\n", mr->rangesize);
return 0;
return false;
}
return 1;
return true;
}
static unsigned int
......
......@@ -29,7 +29,7 @@ MODULE_DESCRIPTION("iptables 1:1 NAT mapping of IP networks target");
#define DEBUGP(format, args...)
#endif
static int
static bool
check(const char *tablename,
const void *e,
const struct xt_target *target,
......@@ -40,13 +40,13 @@ check(const char *tablename,
if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) {
DEBUGP(MODULENAME":check: bad MAP_IPS.\n");
return 0;
return false;
}
if (mr->rangesize != 1) {
DEBUGP(MODULENAME":check: bad rangesize %u.\n", mr->rangesize);
return 0;
return false;
}
return 1;
return true;
}
static unsigned int
......
......@@ -32,7 +32,7 @@ MODULE_DESCRIPTION("iptables REDIRECT target module");
#endif
/* FIXME: Take multiple ranges --RR */
static int
static bool
redirect_check(const char *tablename,
const void *e,
const struct xt_target *target,
......@@ -43,13 +43,13 @@ redirect_check(const char *tablename,
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
DEBUGP("redirect_check: bad MAP_IPS.\n");
return 0;
return false;
}
if (mr->rangesize != 1) {
DEBUGP("redirect_check: bad rangesize %u.\n", mr->rangesize);
return 0;
return false;
}
return 1;
return true;
}
static unsigned int
......
......@@ -217,27 +217,27 @@ static unsigned int reject(struct sk_buff **pskb,
return NF_DROP;
}
static int check(const char *tablename,
const void *e_void,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
static bool check(const char *tablename,
const void *e_void,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
{
const struct ipt_reject_info *rejinfo = targinfo;
const struct ipt_entry *e = e_void;
if (rejinfo->with == IPT_ICMP_ECHOREPLY) {
printk("REJECT: ECHOREPLY no longer supported.\n");
return 0;
return false;
} else if (rejinfo->with == IPT_TCP_RESET) {
/* Must specify that it's a TCP packet */
if (e->ip.proto != IPPROTO_TCP
|| (e->ip.invflags & XT_INV_PROTO)) {
DEBUGP("REJECT: TCP_RESET invalid for non-tcp\n");
return 0;
return false;
}
}
return 1;
return true;
}
static struct xt_target ipt_reject_reg = {
......
......@@ -33,7 +33,7 @@ MODULE_DESCRIPTION("iptables special SNAT module for consistent sourceip");
#define DEBUGP(format, args...)
#endif
static int
static bool
same_check(const char *tablename,
const void *e,
const struct xt_target *target,
......@@ -47,13 +47,13 @@ same_check(const char *tablename,
if (mr->rangesize < 1) {
DEBUGP("same_check: need at least one dest range.\n");
return 0;
return false;
}
if (mr->rangesize > IPT_SAME_MAX_RANGE) {
DEBUGP("same_check: too many ranges specified, maximum "
"is %u ranges\n",
IPT_SAME_MAX_RANGE);
return 0;
return false;
}
for (count = 0; count < mr->rangesize; count++) {
if (ntohl(mr->range[count].min_ip) >
......@@ -62,11 +62,11 @@ same_check(const char *tablename,
"range `%u.%u.%u.%u-%u.%u.%u.%u'.\n",
NIPQUAD(mr->range[count].min_ip),
NIPQUAD(mr->range[count].max_ip));
return 0;
return false;
}
if (!(mr->range[count].flags & IP_NAT_RANGE_MAP_IPS)) {
DEBUGP("same_check: bad MAP_IPS.\n");
return 0;
return false;
}
rangeip = (ntohl(mr->range[count].max_ip) -
ntohl(mr->range[count].min_ip) + 1);
......@@ -81,7 +81,7 @@ same_check(const char *tablename,
DEBUGP("same_check: Couldn't allocate %u bytes "
"for %u ipaddresses!\n",
(sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
return 0;
return false;
}
DEBUGP("same_check: Allocated %u bytes for %u ipaddresses.\n",
(sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
......@@ -97,7 +97,7 @@ same_check(const char *tablename,
index++;
}
}
return 1;
return true;
}
static void
......
......@@ -43,7 +43,7 @@ target(struct sk_buff **pskb,
return XT_CONTINUE;
}
static int
static bool
checkentry(const char *tablename,
const void *e_void,
const struct xt_target *target,
......@@ -58,9 +58,9 @@ checkentry(const char *tablename,
&& tos != IPTOS_MINCOST
&& tos != IPTOS_NORMALSVC) {
printk(KERN_WARNING "TOS: bad tos value %#x\n", tos);
return 0;
return false;
}
return 1;
return true;
}
static struct xt_target ipt_tos_reg = {
......
......@@ -62,7 +62,7 @@ ipt_ttl_target(struct sk_buff **pskb,
return XT_CONTINUE;
}
static int ipt_ttl_checkentry(const char *tablename,
static bool ipt_ttl_checkentry(const char *tablename,
const void *e,
const struct xt_target *target,
void *targinfo,
......@@ -73,11 +73,11 @@ static int ipt_ttl_checkentry(const char *tablename,
if (info->mode > IPT_TTL_MAXMODE) {
printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n",
info->mode);
return 0;
return false;
}
if ((info->mode != IPT_TTL_SET) && (info->ttl == 0))
return 0;
return 1;
return false;
return true;
}
static struct xt_target ipt_TTL = {
......
......@@ -328,25 +328,25 @@ static void ipt_logfn(unsigned int pf,
ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
}
static int ipt_ulog_checkentry(const char *tablename,
const void *e,
const struct xt_target *target,
void *targinfo,
unsigned int hookmask)
static bool ipt_ulog_checkentry(const char *tablename,
const void *e,
const struct xt_target *target,
void *targinfo,
unsigned int hookmask)
{
struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
DEBUGP("ipt_ULOG: prefix term %i\n",
loginfo->prefix[sizeof(loginfo->prefix) - 1]);
return 0;
return false;
}
if (loginfo->qthreshold > ULOG_MAX_QLEN) {
DEBUGP("ipt_ULOG: queue threshold %i > MAX_QLEN\n",
loginfo->qthreshold);
return 0;
return false;
}
return 1;
return true;
}
#ifdef CONFIG_COMPAT
......
......@@ -140,36 +140,36 @@ static unsigned int ipt_dnat_target(struct sk_buff **pskb,
return nf_nat_setup_info(ct, &mr->range[0], hooknum);
}
static int ipt_snat_checkentry(const char *tablename,
const void *entry,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
static bool ipt_snat_checkentry(const char *tablename,
const void *entry,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
{
struct nf_nat_multi_range_compat *mr = targinfo;
/* Must be a valid range */
if (mr->rangesize != 1) {
printk("SNAT: multiple ranges no longer supported\n");
return 0;
return false;
}
return 1;
return true;
}
static int ipt_dnat_checkentry(const char *tablename,
const void *entry,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
static bool ipt_dnat_checkentry(const char *tablename,
const void *entry,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
{
struct nf_nat_multi_range_compat *mr = targinfo;
/* Must be a valid range */
if (mr->rangesize != 1) {
printk("DNAT: multiple ranges no longer supported\n");
return 0;
return false;
}
return 1;
return true;
}
inline unsigned int
......
......@@ -58,7 +58,7 @@ static unsigned int ip6t_hl_target(struct sk_buff **pskb,
return XT_CONTINUE;
}
static int ip6t_hl_checkentry(const char *tablename,
static bool ip6t_hl_checkentry(const char *tablename,
const void *entry,
const struct xt_target *target,
void *targinfo,
......@@ -69,14 +69,14 @@ static int ip6t_hl_checkentry(const char *tablename,
if (info->mode > IP6T_HL_MAXMODE) {
printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n",
info->mode);
return 0;
return false;
}
if ((info->mode != IP6T_HL_SET) && (info->hop_limit == 0)) {
printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
"make sense with value 0\n");
return 0;
return false;
}
return 1;
return true;
}
static struct xt_target ip6t_HL = {
......
......@@ -448,24 +448,24 @@ ip6t_log_target(struct sk_buff **pskb,
}
static int ip6t_log_checkentry(const char *tablename,
const void *entry,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
static bool ip6t_log_checkentry(const char *tablename,
const void *entry,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
{
const struct ip6t_log_info *loginfo = targinfo;
if (loginfo->level >= 8) {
DEBUGP("LOG: level %u >= 8\n", loginfo->level);
return 0;
return false;
}
if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
DEBUGP("LOG: prefix term %i\n",
loginfo->prefix[sizeof(loginfo->prefix)-1]);
return 0;
return false;
}
return 1;
return true;
}
static struct xt_target ip6t_log_reg = {
......
......@@ -221,27 +221,27 @@ static unsigned int reject6_target(struct sk_buff **pskb,
return NF_DROP;
}
static int check(const char *tablename,
const void *entry,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
static bool check(const char *tablename,
const void *entry,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
{
const struct ip6t_reject_info *rejinfo = targinfo;
const struct ip6t_entry *e = entry;
if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) {
printk("ip6t_REJECT: ECHOREPLY is not supported.\n");
return 0;
return false;
} else if (rejinfo->with == IP6T_TCP_RESET) {
/* Must specify that it's a TCP packet */
if (e->ipv6.proto != IPPROTO_TCP
|| (e->ipv6.invflags & XT_INV_PROTO)) {
DEBUGP("ip6t_REJECT: TCP_RESET illegal for non-tcp\n");
return 0;
return false;
}
}
return 1;
return true;
}
static struct xt_target ip6t_reject_reg = {
......
......@@ -76,7 +76,7 @@ target(struct sk_buff **pskb,
return XT_CONTINUE;
}
static int
static bool
checkentry(const char *tablename,
const void *entry,
const struct xt_target *target,
......@@ -88,21 +88,21 @@ checkentry(const char *tablename,
if (nf_ct_l3proto_try_module_get(target->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for "
"proto=%d\n", target->family);
return 0;
return false;
}
if (matchinfo->mode == XT_CONNMARK_RESTORE) {
if (strcmp(tablename, "mangle") != 0) {
printk(KERN_WARNING "CONNMARK: restore can only be "
"called from \"mangle\" table, not \"%s\"\n",
tablename);
return 0;
return false;
}
}
if (matchinfo->mark > 0xffffffff || matchinfo->mask > 0xffffffff) {
printk(KERN_WARNING "CONNMARK: Only supports 32bit mark\n");
return 0;
return false;
}
return 1;
return true;
}
static void
......
......@@ -85,16 +85,16 @@ static unsigned int target(struct sk_buff **pskb, const struct net_device *in,
return XT_CONTINUE;
}
static int checkentry(const char *tablename, const void *entry,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask)
static bool checkentry(const char *tablename, const void *entry,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask)
{
struct xt_connsecmark_target_info *info = targinfo;
if (nf_ct_l3proto_try_module_get(target->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for "
"proto=%d\n", target->family);
return 0;
return false;
}
switch (info->mode) {
case CONNSECMARK_SAVE:
......@@ -103,10 +103,10 @@ static int checkentry(const char *tablename, const void *entry,
default:
printk(KERN_INFO PFX "invalid mode: %hu\n", info->mode);
return 0;
return false;
}
return 1;
return true;
}
static void
......
......@@ -66,19 +66,19 @@ static unsigned int target6(struct sk_buff **pskb,
return XT_CONTINUE;
}
static int checkentry(const char *tablename,
const void *e_void,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
static bool checkentry(const char *tablename,
const void *e_void,
const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
{
const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp;
if ((dscp > XT_DSCP_MAX)) {
printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp);
return 0;
return false;
}
return 1;
return true;
}
static struct xt_target xt_dscp_target[] = {
......
......@@ -65,7 +65,7 @@ target_v1(struct sk_buff **pskb,
}
static int
static bool
checkentry_v0(const char *tablename,
const void *entry,
const struct xt_target *target,
......@@ -76,12 +76,12 @@ checkentry_v0(const char *tablename,
if (markinfo->mark > 0xffffffff) {
printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n");
return 0;
return false;
}
return 1;
return true;
}
static int
static bool
checkentry_v1(const char *tablename,
const void *entry,
const struct xt_target *target,
......@@ -95,13 +95,13 @@ checkentry_v1(const char *tablename,
&& markinfo->mode != XT_MARK_OR) {
printk(KERN_WARNING "MARK: unknown mode %u\n",
markinfo->mode);
return 0;
return false;
}
if (markinfo->mark > 0xffffffff) {
printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n");
return 0;
return false;
}
return 1;
return true;
}
#ifdef CONFIG_COMPAT
......
......@@ -38,7 +38,7 @@ nflog_target(struct sk_buff **pskb,
return XT_CONTINUE;
}
static int
static bool
nflog_checkentry(const char *tablename, const void *entry,
const struct xt_target *target, void *targetinfo,
unsigned int hookmask)
......@@ -46,10 +46,10 @@ nflog_checkentry(const char *tablename, const void *entry,
struct xt_nflog_info *info = targetinfo;
if (info->flags & ~XT_NFLOG_MASK)
return 0;
return false;
if (info->prefix[sizeof(info->prefix) - 1] != '\0')
return 0;
return 1;
return false;
return true;
}
static struct xt_target xt_nflog_target[] = {
......
......@@ -51,7 +51,7 @@ static unsigned int target(struct sk_buff **pskb, const struct net_device *in,
return XT_CONTINUE;
}
static int checkentry_selinux(struct xt_secmark_target_info *info)
static bool checkentry_selinux(struct xt_secmark_target_info *info)
{
int err;
struct xt_secmark_target_selinux_info *sel = &info->u.sel;
......@@ -63,50 +63,50 @@ static int checkentry_selinux(struct xt_secmark_target_info *info)
if (err == -EINVAL)
printk(KERN_INFO PFX "invalid SELinux context \'%s\'\n",
sel->selctx);
return 0;
return false;
}
if (!sel->selsid) {
printk(KERN_INFO PFX "unable to map SELinux context \'%s\'\n",
sel->selctx);
return 0;
return false;
}
err = selinux_relabel_packet_permission(sel->selsid);
if (err) {
printk(KERN_INFO PFX "unable to obtain relabeling permission\n");
return 0;
return false;
}
return 1;
return true;
}
static int checkentry(const char *tablename, const void *entry,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask)
static bool checkentry(const char *tablename, const void *entry,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask)
{
struct xt_secmark_target_info *info = targinfo;
if (mode && mode != info->mode) {
printk(KERN_INFO PFX "mode already set to %hu cannot mix with "
"rules for mode %hu\n", mode, info->mode);
return 0;
return false;
}
switch (info->mode) {
case SECMARK_MODE_SEL:
if (!checkentry_selinux(info))
return 0;
return false;
break;
default:
printk(KERN_INFO PFX "invalid mode: %hu\n", info->mode);
return 0;
return false;
}
if (!mode)
mode = info->mode;
return 1;
return true;
}
static struct xt_target xt_secmark_target[] = {
......
......@@ -197,19 +197,19 @@ xt_tcpmss_target6(struct sk_buff **pskb,
#define TH_SYN 0x02
/* Must specify -p tcp --syn */
static inline int find_syn_match(const struct xt_entry_match *m)
static inline bool find_syn_match(const struct xt_entry_match *m)
{
const struct xt_tcp *tcpinfo = (const struct xt_tcp *)m->data;
if (strcmp(m->u.kernel.match->name, "tcp") == 0 &&
tcpinfo->flg_cmp & TH_SYN &&
!(tcpinfo->invflags & XT_TCP_INV_FLAGS))
return 1;
return true;
return 0;
return false;
}
static int
static bool
xt_tcpmss_checkentry4(const char *tablename,
const void *entry,
const struct xt_target *target,
......@@ -225,16 +225,16 @@ xt_tcpmss_checkentry4(const char *tablename,
(1 << NF_IP_POST_ROUTING))) != 0) {
printk("xt_TCPMSS: path-MTU clamping only supported in "
"FORWARD, OUTPUT and POSTROUTING hooks\n");
return 0;
return false;
}
if (IPT_MATCH_ITERATE(e, find_syn_match))
return 1;
return true;
printk("xt_TCPMSS: Only works on TCP SYN packets\n");
return 0;
return false;
}
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
static int
static bool
xt_tcpmss_checkentry6(const char *tablename,
const void *entry,
const struct xt_target *target,
......@@ -250,12 +250,12 @@ xt_tcpmss_checkentry6(const char *tablename,
(1 << NF_IP6_POST_ROUTING))) != 0) {
printk("xt_TCPMSS: path-MTU clamping only supported in "
"FORWARD, OUTPUT and POSTROUTING hooks\n");
return 0;
return false;
}
if (IP6T_MATCH_ITERATE(e, find_syn_match))
return 1;
return true;
printk("xt_TCPMSS: Only works on TCP SYN packets\n");
return 0;
return false;
}
#endif
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册