netfilter: xtables: change targets to return error code
Part of the transition of done by this semantic patch:
// <smpl>
@ rule1 @
struct xt_target ops;
identifier check;
@@
ops.checkentry = check;
@@
identifier rule1.check;
@@
check(...) { <...
-return true;
+return 0;
...> }
@@
identifier rule1.check;
@@
check(...) { <...
-return false;
+return -EINVAL;
...> }
// </smpl>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
This commit is contained in:
Jan Engelhardt
@ -358,13 +358,13 @@ static int clusterip_tg_check(const struct xt_tgchk_param *par)
|
||||
cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT &&
|
||||
cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) {
|
||||
pr_info("unknown mode %u\n", cipinfo->hash_mode);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
|
||||
}
|
||||
if (e->ip.dmsk.s_addr != htonl(0xffffffff) ||
|
||||
e->ip.dst.s_addr == 0) {
|
||||
pr_info("Please specify destination IP\n");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
/* FIXME: further sanity checks */
|
||||
@ -374,20 +374,20 @@ static int clusterip_tg_check(const struct xt_tgchk_param *par)
|
||||
if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) {
|
||||
pr_info("no config found for %pI4, need 'new'\n",
|
||||
&e->ip.dst.s_addr);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
} else {
|
||||
struct net_device *dev;
|
||||
|
||||
if (e->ip.iniface[0] == '\0') {
|
||||
pr_info("Please specify an interface name\n");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
dev = dev_get_by_name(&init_net, e->ip.iniface);
|
||||
if (!dev) {
|
||||
pr_info("no such interface %s\n",
|
||||
e->ip.iniface);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
config = clusterip_config_init(cipinfo,
|
||||
@ -395,7 +395,7 @@ static int clusterip_tg_check(const struct xt_tgchk_param *par)
|
||||
if (!config) {
|
||||
pr_info("cannot allocate config\n");
|
||||
dev_put(dev);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0);
|
||||
}
|
||||
@ -405,10 +405,10 @@ static int clusterip_tg_check(const struct xt_tgchk_param *par)
|
||||
if (nf_ct_l3proto_try_module_get(par->family) < 0) {
|
||||
pr_info("cannot load conntrack support for proto=%u\n",
|
||||
par->family);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* drop reference count of cluster config when rule is deleted */
|
||||
|
||||
@ -100,18 +100,18 @@ static int ecn_tg_check(const struct xt_tgchk_param *par)
|
||||
|
||||
if (einfo->operation & IPT_ECN_OP_MASK) {
|
||||
pr_info("unsupported ECN operation %x\n", einfo->operation);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
if (einfo->ip_ect & ~IPT_ECN_IP_MASK) {
|
||||
pr_info("new ECT codepoint %x out of mask\n", einfo->ip_ect);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) &&
|
||||
(e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) {
|
||||
pr_info("cannot use TCP operations on a non-tcp rule\n");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_target ecn_tg_reg __read_mostly = {
|
||||
|
||||
@ -445,13 +445,13 @@ static int log_tg_check(const struct xt_tgchk_param *par)
|
||||
|
||||
if (loginfo->level >= 8) {
|
||||
pr_debug("level %u >= 8\n", loginfo->level);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
|
||||
pr_debug("prefix is not null-terminated\n");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_target log_tg_reg __read_mostly = {
|
||||
|
||||
@ -34,13 +34,13 @@ static int masquerade_tg_check(const struct xt_tgchk_param *par)
|
||||
|
||||
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
|
||||
pr_debug("bad MAP_IPS.\n");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
if (mr->rangesize != 1) {
|
||||
pr_debug("bad rangesize %u\n", mr->rangesize);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
|
||||
@ -28,13 +28,13 @@ static int netmap_tg_check(const struct xt_tgchk_param *par)
|
||||
|
||||
if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) {
|
||||
pr_debug("bad MAP_IPS.\n");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
if (mr->rangesize != 1) {
|
||||
pr_debug("bad rangesize %u.\n", mr->rangesize);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
|
||||
@ -32,13 +32,13 @@ static int redirect_tg_check(const struct xt_tgchk_param *par)
|
||||
|
||||
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
|
||||
pr_debug("bad MAP_IPS.\n");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
if (mr->rangesize != 1) {
|
||||
pr_debug("bad rangesize %u.\n", mr->rangesize);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
|
||||
@ -181,16 +181,16 @@ static int reject_tg_check(const struct xt_tgchk_param *par)
|
||||
|
||||
if (rejinfo->with == IPT_ICMP_ECHOREPLY) {
|
||||
pr_info("ECHOREPLY no longer supported.\n");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
} else if (rejinfo->with == IPT_TCP_RESET) {
|
||||
/* Must specify that it's a TCP packet */
|
||||
if (e->ip.proto != IPPROTO_TCP ||
|
||||
(e->ip.invflags & XT_INV_PROTO)) {
|
||||
pr_info("TCP_RESET invalid for non-tcp\n");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_target reject_tg_reg __read_mostly = {
|
||||
|
||||
@ -313,14 +313,14 @@ static int ulog_tg_check(const struct xt_tgchk_param *par)
|
||||
|
||||
if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
|
||||
pr_debug("prefix not null-terminated\n");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
if (loginfo->qthreshold > ULOG_MAX_QLEN) {
|
||||
pr_debug("queue threshold %Zu > MAX_QLEN\n",
|
||||
loginfo->qthreshold);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_COMPAT
|
||||
|
||||
@ -81,9 +81,9 @@ static int ipt_snat_checkentry(const struct xt_tgchk_param *par)
|
||||
/* Must be a valid range */
|
||||
if (mr->rangesize != 1) {
|
||||
pr_info("SNAT: multiple ranges no longer supported\n");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int ipt_dnat_checkentry(const struct xt_tgchk_param *par)
|
||||
@ -93,9 +93,9 @@ static int ipt_dnat_checkentry(const struct xt_tgchk_param *par)
|
||||
/* Must be a valid range */
|
||||
if (mr->rangesize != 1) {
|
||||
pr_info("DNAT: multiple ranges no longer supported\n");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
unsigned int
|
||||
|
||||
Reference in New Issue
Block a user