lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[NETFILTER]: x_tables: switch xt_match->match to bool

Browse Source 
Switch the return type of match functions to boolean

Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Jan Engelhardt
2007-07-07 22:15:35 -07:00
committed by David S. Miller
parent cff533ac12
commit 1d93a9cbad
45 changed files with 320 additions and 327 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
net/ipv6/netfilter/ip6_tables.c
View File

@@ -96,7 +96,7 @@ ip6t_ext_hdr(u8 nexthdr)
}
/* Returns whether matches rule or not. */
static inline int
static inline bool
ip6_packet_match(const struct sk_buff *skb,
const char *indev,
const char *outdev,
@@ -122,7 +122,7 @@ ip6_packet_match(const struct sk_buff *skb,
dprintf("DST: %u. Mask: %u. Target: %u.%s\n", ip->daddr,
ipinfo->dmsk.s_addr, ipinfo->dst.s_addr,
ipinfo->invflags & IP6T_INV_DSTIP ? " (INV)" : "");*/
return 0;
return false;
}
/* Look for ifname matches; this should unroll nicely. */
@@ -136,7 +136,7 @@ ip6_packet_match(const struct sk_buff *skb,
dprintf("VIA in mismatch (%s vs %s).%s\n",
indev, ip6info->iniface,
ip6info->invflags&IP6T_INV_VIA_IN ?" (INV)":"");
return 0;
return false;
}
for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) {
@@ -149,7 +149,7 @@ ip6_packet_match(const struct sk_buff *skb,
dprintf("VIA out mismatch (%s vs %s).%s\n",
outdev, ip6info->outiface,
ip6info->invflags&IP6T_INV_VIA_OUT ?" (INV)":"");
return 0;
return false;
}
/* ... might want to do something with class and flowlabel here ... */
@@ -163,7 +163,7 @@ ip6_packet_match(const struct sk_buff *skb,
if (protohdr < 0) {
if (_frag_off == 0)
*hotdrop = true;
return 0;
return false;
}
*fragoff = _frag_off;
@@ -174,17 +174,17 @@ ip6_packet_match(const struct sk_buff *skb,
if (ip6info->proto == protohdr) {
if(ip6info->invflags & IP6T_INV_PROTO) {
return 0;
return false;
}
return 1;
return true;
}
/* We need match for the '-p all', too! */
if ((ip6info->proto != 0) &&
!(ip6info->invflags & IP6T_INV_PROTO))
return 0;
return false;
}
return 1;
return true;
}
/* should be ip6 safe */
@@ -219,20 +219,20 @@ ip6t_error(struct sk_buff **pskb,
}
static inline
int do_match(struct ip6t_entry_match *m,
const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int offset,
unsigned int protoff,
bool *hotdrop)
bool do_match(struct ip6t_entry_match *m,
const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int offset,
unsigned int protoff,
bool *hotdrop)
{
/* Stop iteration if it doesn't match */
if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
offset, protoff, hotdrop))
return 1;
return true;
else
return 0;
return false;
}
static inline struct ip6t_entry *
@@ -1291,7 +1291,7 @@ icmp6_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code,
^ invert;
}
static int
static bool
icmp6_match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -1306,7 +1306,7 @@ icmp6_match(const struct sk_buff *skb,
/* Must not be a fragment. */
if (offset)
return 0;
return false;
ic = skb_header_pointer(skb, protoff, sizeof(_icmp), &_icmp);
if (ic == NULL) {
@@ -1314,7 +1314,7 @@ icmp6_match(const struct sk_buff *skb,
can't. Hence, no choice but to drop. */
duprintf("Dropping evil ICMP tinygram.\n");
*hotdrop = true;
return 0;
return false;
}
return icmp6_type_code_match(icmpinfo->type,

12
net/ipv6/netfilter/ip6t_ah.c
View File

@@ -30,10 +30,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
#endif
/* Returns 1 if the spi is matched by the range, 0 otherwise */
static inline int
spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
static inline bool
spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
{
int r=0;
bool r;
DEBUGP("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ',
min,spi,max);
r = (spi >= min && spi <= max) ^ invert;
@@ -41,7 +41,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
return r;
}
static int
static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -61,13 +61,13 @@ match(const struct sk_buff *skb,
if (err < 0) {
if (err != -ENOENT)
*hotdrop = true;
return 0;
return false;
}
ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
if (ah == NULL) {
*hotdrop = true;
return 0;
return false;
}
hdrlen = (ah->hdrlen + 2) << 2;

8
net/ipv6/netfilter/ip6t_eui64.c
View File

@@ -19,7 +19,7 @@ MODULE_DESCRIPTION("IPv6 EUI64 address checking match");
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
static int
static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -36,7 +36,7 @@ match(const struct sk_buff *skb,
(skb_mac_header(skb) + ETH_HLEN) <= skb->data) &&
offset != 0) {
*hotdrop = true;
return 0;
return false;
}
memset(eui64, 0, sizeof(eui64));
@@ -55,11 +55,11 @@ match(const struct sk_buff *skb,
i++;
if (i == 8)
return 1;
return true;
}
}
return 0;
return false;
}
static struct xt_match eui64_match = {

12
net/ipv6/netfilter/ip6t_frag.c
View File

@@ -29,10 +29,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
#endif
/* Returns 1 if the id is matched by the range, 0 otherwise */
static inline int
id_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert)
static inline bool
id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
{
int r = 0;
bool r;
DEBUGP("frag id_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ',
min, id, max);
r = (id >= min && id <= max) ^ invert;
@@ -40,7 +40,7 @@ id_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert)
return r;
}
static int
static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -59,13 +59,13 @@ match(const struct sk_buff *skb,
if (err < 0) {
if (err != -ENOENT)
*hotdrop = true;
return 0;
return false;
}
fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
if (fh == NULL) {
*hotdrop = true;
return 0;
return false;
}
DEBUGP("INFO %04X ", fh->frag_off);

18
net/ipv6/netfilter/ip6t_hbh.c
View File

@@ -47,7 +47,7 @@ MODULE_ALIAS("ip6t_dst");
* 5 -> RTALERT 2 x x
*/
static int
static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -62,7 +62,7 @@ match(const struct sk_buff *skb,
unsigned int temp;
unsigned int ptr;
unsigned int hdrlen = 0;
unsigned int ret = 0;
bool ret = false;
u8 _opttype, *tp = NULL;
u8 _optlen, *lp = NULL;
unsigned int optlen;
@@ -72,19 +72,19 @@ match(const struct sk_buff *skb,
if (err < 0) {
if (err != -ENOENT)
*hotdrop = true;
return 0;
return false;
}
oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
if (oh == NULL) {
*hotdrop = true;
return 0;
return false;
}
hdrlen = ipv6_optlen(oh);
if (skb->len - ptr < hdrlen) {
/* Packet smaller than it's length field */
return 0;
return false;
}
DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);
@@ -123,7 +123,7 @@ match(const struct sk_buff *skb,
DEBUGP("Tbad %02X %02X\n",
*tp,
(optinfo->opts[temp] & 0xFF00) >> 8);
return 0;
return false;
} else {
DEBUGP("Tok ");
}
@@ -144,7 +144,7 @@ match(const struct sk_buff *skb,
if (spec_len != 0x00FF && spec_len != *lp) {
DEBUGP("Lbad %02X %04X\n", *lp,
spec_len);
return 0;
return false;
}
DEBUGP("Lok ");
optlen = *lp + 2;
@@ -167,10 +167,10 @@ match(const struct sk_buff *skb,
if (temp == optinfo->optsnr)
return ret;
else
return 0;
return false;
}
return 0;
return false;
}
/* Called when user tries to insert an entry of this type. */

12
net/ipv6/netfilter/ip6t_hl.c
View File

@@ -19,10 +19,10 @@ MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
MODULE_DESCRIPTION("IP tables Hop Limit matching module");
MODULE_LICENSE("GPL");
static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop)
static bool match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop)
{
const struct ip6t_hl_info *info = matchinfo;
const struct ipv6hdr *ip6h = ipv6_hdr(skb);
@@ -43,10 +43,10 @@ static int match(const struct sk_buff *skb,
default:
printk(KERN_WARNING "ip6t_hl: unknown mode %d\n",
info->mode);
return 0;
return false;
}
return 0;
return false;
}
static struct xt_match hl_match = {

6
net/ipv6/netfilter/ip6t_ipv6header.c
View File

@@ -26,7 +26,7 @@ MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("IPv6 headers match");
MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
static int
static bool
ipv6header_match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -58,7 +58,7 @@ ipv6header_match(const struct sk_buff *skb,
/* Is there enough space for the next ext header? */
if (len < (int)sizeof(struct ipv6_opt_hdr))
return 0;
return false;
/* No more exthdr -> evaluate */
if (nexthdr == NEXTHDR_NONE) {
temp |= MASK_NONE;
@@ -99,7 +99,7 @@ ipv6header_match(const struct sk_buff *skb,
temp |= MASK_DSTOPTS;
break;
default:
return 0;
return false;
break;
}

17
net/ipv6/netfilter/ip6t_mh.c
View File

@@ -31,16 +31,13 @@ MODULE_LICENSE("GPL");
#endif
/* Returns 1 if the type is matched by the range, 0 otherwise */
static inline int
type_match(u_int8_t min, u_int8_t max, u_int8_t type, int invert)
static inline bool
type_match(u_int8_t min, u_int8_t max, u_int8_t type, bool invert)
{
int ret;
ret = (type >= min && type <= max) ^ invert;
return ret;
return (type >= min && type <= max) ^ invert;
}
static int
static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -55,7 +52,7 @@ match(const struct sk_buff *skb,
/* Must not be a fragment. */
if (offset)
return 0;
return false;
mh = skb_header_pointer(skb, protoff, sizeof(_mh), &_mh);
if (mh == NULL) {
@@ -63,14 +60,14 @@ match(const struct sk_buff *skb,
can't. Hence, no choice but to drop. */
duprintf("Dropping evil MH tinygram.\n");
*hotdrop = true;
return 0;
return false;
}
if (mh->ip6mh_proto != IPPROTO_NONE) {
duprintf("Dropping invalid MH Payload Proto: %u\n",
mh->ip6mh_proto);
*hotdrop = true;
return 0;
return false;
}
return type_match(mhinfo->types[0], mhinfo->types[1], mh->ip6mh_type,

10
net/ipv6/netfilter/ip6t_owner.c
View File

@@ -23,7 +23,7 @@ MODULE_DESCRIPTION("IP6 tables owner matching module");
MODULE_LICENSE("GPL");
static int
static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -36,21 +36,21 @@ match(const struct sk_buff *skb,
const struct ip6t_owner_info *info = matchinfo;
if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file)
return 0;
return false;
if (info->match & IP6T_OWNER_UID) {
if ((skb->sk->sk_socket->file->f_uid != info->uid) ^
!!(info->invert & IP6T_OWNER_UID))
return 0;
return false;
}
if (info->match & IP6T_OWNER_GID) {
if ((skb->sk->sk_socket->file->f_gid != info->gid) ^
!!(info->invert & IP6T_OWNER_GID))
return 0;
return false;
}
return 1;
return true;
}
static int

26
net/ipv6/netfilter/ip6t_rt.c
View File

@@ -31,10 +31,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
#endif
/* Returns 1 if the id is matched by the range, 0 otherwise */
static inline int
segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert)
static inline bool
segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
{
int r = 0;
bool r;
DEBUGP("rt segsleft_match:%c 0x%x <= 0x%x <= 0x%x",
invert ? '!' : ' ', min, id, max);
r = (id >= min && id <= max) ^ invert;
@@ -42,7 +42,7 @@ segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert)
return r;
}
static int
static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -57,7 +57,7 @@ match(const struct sk_buff *skb,
unsigned int temp;
unsigned int ptr;
unsigned int hdrlen = 0;
unsigned int ret = 0;
bool ret = false;
struct in6_addr *ap, _addr;
int err;
@@ -65,19 +65,19 @@ match(const struct sk_buff *skb,
if (err < 0) {
if (err != -ENOENT)
*hotdrop = true;
return 0;
return false;
}
rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
if (rh == NULL) {
*hotdrop = true;
return 0;
return false;
}
hdrlen = ipv6_optlen(rh);
if (skb->len - ptr < hdrlen) {
/* Pcket smaller than its length field */
return 0;
return false;
}
DEBUGP("IPv6 RT LEN %u %u ", hdrlen, rh->hdrlen);
@@ -136,7 +136,7 @@ match(const struct sk_buff *skb,
DEBUGP("Not strict ");
if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) {
DEBUGP("There isn't enough space\n");
return 0;
return false;
} else {
unsigned int i = 0;
@@ -164,13 +164,13 @@ match(const struct sk_buff *skb,
if (i == rtinfo->addrnr)
return ret;
else
return 0;
return false;
}
} else {
DEBUGP("Strict ");
if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) {
DEBUGP("There isn't enough space\n");
return 0;
return false;
} else {
DEBUGP("#%d ", rtinfo->addrnr);
for (temp = 0; temp < rtinfo->addrnr; temp++) {
@@ -190,11 +190,11 @@ match(const struct sk_buff *skb,
(temp == (unsigned int)((hdrlen - 8) / 16)))
return ret;
else
return 0;
return false;
}
}
return 0;
return false;
}
/* Called when user tries to insert an entry of this type. */