netfilter: xtables: change matches to return error code
The following semantic patch does part of the transformation:
// <smpl>
@ rule1 @
struct xt_match ops;
identifier check;
@@
ops.checkentry = check;
@@
identifier rule1.check;
@@
check(...) { <...
-return true;
+return 0;
...> }
@@
identifier rule1.check;
@@
check(...) { <...
-return false;
+return -EINVAL;
...> }
// </smpl>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
This commit is contained in:
Jan Engelhardt
@ -2214,7 +2214,7 @@ static int icmp6_checkentry(const struct xt_mtchk_param *par)
|
||||
const struct ip6t_icmp *icmpinfo = par->matchinfo;
|
||||
|
||||
/* Must specify no unknown invflags */
|
||||
return !(icmpinfo->invflags & ~IP6T_ICMP_INV);
|
||||
return (icmpinfo->invflags & ~IP6T_ICMP_INV) ? -EINVAL : 0;
|
||||
}
|
||||
|
||||
/* The built-in targets: standard (NULL) and error. */
|
||||
|
||||
@ -93,9 +93,9 @@ static int ah_mt6_check(const struct xt_mtchk_param *par)
|
||||
|
||||
if (ahinfo->invflags & ~IP6T_AH_INV_MASK) {
|
||||
pr_debug("unknown flags %X\n", ahinfo->invflags);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match ah_mt6_reg __read_mostly = {
|
||||
|
||||
@ -108,9 +108,9 @@ static int frag_mt6_check(const struct xt_mtchk_param *par)
|
||||
|
||||
if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) {
|
||||
pr_debug("unknown flags %X\n", fraginfo->invflags);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match frag_mt6_reg __read_mostly = {
|
||||
|
||||
@ -170,15 +170,15 @@ static int hbh_mt6_check(const struct xt_mtchk_param *par)
|
||||
|
||||
if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
|
||||
pr_debug("unknown flags %X\n", optsinfo->invflags);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (optsinfo->flags & IP6T_OPTS_NSTRICT) {
|
||||
pr_debug("Not strict - not implemented");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match hbh_mt6_reg[] __read_mostly = {
|
||||
|
||||
@ -125,9 +125,9 @@ static int ipv6header_mt6_check(const struct xt_mtchk_param *par)
|
||||
/* invflags is 0 or 0xff in hard mode */
|
||||
if ((!info->modeflag) && info->invflags != 0x00 &&
|
||||
info->invflags != 0xFF)
|
||||
return false;
|
||||
return -EINVAL;
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match ipv6header_mt6_reg __read_mostly = {
|
||||
|
||||
@ -67,7 +67,7 @@ static int mh_mt6_check(const struct xt_mtchk_param *par)
|
||||
const struct ip6t_mh *mhinfo = par->matchinfo;
|
||||
|
||||
/* Must specify no unknown invflags */
|
||||
return !(mhinfo->invflags & ~IP6T_MH_INV_MASK);
|
||||
return (mhinfo->invflags & ~IP6T_MH_INV_MASK) ? -EINVAL : 0;
|
||||
}
|
||||
|
||||
static struct xt_match mh_mt6_reg __read_mostly = {
|
||||
|
||||
@ -189,17 +189,17 @@ static int rt_mt6_check(const struct xt_mtchk_param *par)
|
||||
|
||||
if (rtinfo->invflags & ~IP6T_RT_INV_MASK) {
|
||||
pr_debug("unknown flags %X\n", rtinfo->invflags);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
if ((rtinfo->flags & (IP6T_RT_RES | IP6T_RT_FST_MASK)) &&
|
||||
(!(rtinfo->flags & IP6T_RT_TYP) ||
|
||||
(rtinfo->rt_type != 0) ||
|
||||
(rtinfo->invflags & IP6T_RT_INV_TYP))) {
|
||||
pr_debug("`--rt-type 0' required before `--rt-0-*'");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match rt_mt6_reg __read_mostly = {
|
||||
|
||||
Reference in New Issue
Block a user