lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

netfilter: xtables: change targets to return error code

Browse Source 
Part of the transition of done by this semantic patch:
// <smpl>
@ rule1 @
struct xt_target ops;
identifier check;
@@
 ops.checkentry = check;

@@
identifier rule1.check;
@@
 check(...) { <...
-return true;
+return 0;
 ...> }

@@
identifier rule1.check;
@@
 check(...) { <...
-return false;
+return -EINVAL;
 ...> }
// </smpl>

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
This commit is contained in:
Jan Engelhardt
2010-03-25 16:34:45 +01:00
parent bd414ee605
commit d6b00a5345
31 changed files with 116 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
net/netfilter/x_tables.c
View File

@ -528,6 +528,8 @@ EXPORT_SYMBOL_GPL(xt_compat_match_to_user);
int xt_check_target(struct xt_tgchk_param *par,
unsigned int size, u_int8_t proto, bool inv_proto)
{
int ret;
if (XT_ALIGN(par->target->targetsize) != size) {
pr_err("%s_tables: %s.%u target: invalid size "
"%u (kernel) != (user) %u\n",
@ -559,8 +561,14 @@ int xt_check_target(struct xt_tgchk_param *par,
par->target->proto);
return -EINVAL;
}
if (par->target->checkentry != NULL && !par->target->checkentry(par))
return -EINVAL;
if (par->target->checkentry != NULL) {
ret = par->target->checkentry(par);
if (ret < 0)
return ret;
else if (ret > 0)
/* Flag up potential errors. */
return -EIO;
}
return 0;
}
EXPORT_SYMBOL_GPL(xt_check_target);

6
net/netfilter/xt_CONNSECMARK.c
View File

@ -92,7 +92,7 @@ static int connsecmark_tg_check(const struct xt_tgchk_param *par)
strcmp(par->table, "security") != 0) {
pr_info("target only valid in the \'mangle\' "
"or \'security\' tables, not \'%s\'.\n", par->table);
return false;
return -EINVAL;
}
switch (info->mode) {
@ -108,9 +108,9 @@ static int connsecmark_tg_check(const struct xt_tgchk_param *par)
if (nf_ct_l3proto_try_module_get(par->family) < 0) {
pr_info("cannot load conntrack support for proto=%u\n",
par->family);
return false;
return -EINVAL;
}
return true;
return 0;
}
static void connsecmark_tg_destroy(const struct xt_tgdtor_param *par)

6
net/netfilter/xt_CT.c
View File

@ -62,7 +62,7 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par)
u8 proto;
if (info->flags & ~XT_CT_NOTRACK)
return false;
return -EINVAL;
if (info->flags & XT_CT_NOTRACK) {
ct = &nf_conntrack_untracked;
@ -108,14 +108,14 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par)
__set_bit(IPS_CONFIRMED_BIT, &ct->status);
out:
info->ct = ct;
return true;
return 0;
err3:
nf_conntrack_free(ct);
err2:
nf_ct_l3proto_module_put(par->family);
err1:
return false;
return -EINVAL;
}
static void xt_ct_tg_destroy(const struct xt_tgdtor_param *par)

4
net/netfilter/xt_DSCP.c
View File

@ -66,9 +66,9 @@ static int dscp_tg_check(const struct xt_tgchk_param *par)
if (info->dscp > XT_DSCP_MAX) {
pr_info("dscp %x out of range\n", info->dscp);
return false;
return -EINVAL;
}
return true;
return 0;
}
static unsigned int

10
net/netfilter/xt_HL.c
View File

@ -110,8 +110,8 @@ static int ttl_tg_check(const struct xt_tgchk_param *par)
return false;
}
if (info->mode != IPT_TTL_SET && info->ttl == 0)
return false;
return true;
return -EINVAL;
return 0;
}
static int hl_tg6_check(const struct xt_tgchk_param *par)
@ -120,14 +120,14 @@ static int hl_tg6_check(const struct xt_tgchk_param *par)
if (info->mode > IP6T_HL_MAXMODE) {
pr_info("invalid or unknown mode %u\n", info->mode);
return false;
return -EINVAL;
}
if (info->mode != IP6T_HL_SET && info->hop_limit == 0) {
pr_info("increment/decrement does not "
"make sense with value 0\n");
return false;
return -EINVAL;
}
return true;
return 0;
}
static struct xt_target hl_tg_reg[] __read_mostly = {

10
net/netfilter/xt_LED.c
View File

@ -88,12 +88,12 @@ static int led_tg_check(const struct xt_tgchk_param *par)
if (ledinfo->id[0] == '\0') {
pr_info("No 'id' parameter given.\n");
return false;
return -EINVAL;
}
ledinternal = kzalloc(sizeof(struct xt_led_info_internal), GFP_KERNEL);
if (!ledinternal)
return false;
return -EINVAL;
ledinternal->netfilter_led_trigger.name = ledinfo->id;
@ -111,13 +111,11 @@ static int led_tg_check(const struct xt_tgchk_param *par)
(unsigned long)ledinfo);
ledinfo->internal_data = ledinternal;
return true;
return 0;
exit_alloc:
kfree(ledinternal);
return false;
return -EINVAL;
}
static void led_tg_destroy(const struct xt_tgdtor_param *par)

6
net/netfilter/xt_NFLOG.c
View File

@ -42,10 +42,10 @@ static int nflog_tg_check(const struct xt_tgchk_param *par)
const struct xt_nflog_info *info = par->targinfo;
if (info->flags & ~XT_NFLOG_MASK)
return false;
return -EINVAL;
if (info->prefix[sizeof(info->prefix) - 1] != '\0')
return false;
return true;
return -EINVAL;
return 0;
}
static struct xt_target nflog_tg_reg __read_mostly = {

6
net/netfilter/xt_NFQUEUE.c
View File

@ -92,15 +92,15 @@ static int nfqueue_tg_v1_check(const struct xt_tgchk_param *par)
}
if (info->queues_total == 0) {
pr_err("NFQUEUE: number of total queues is 0\n");
return false;
return -EINVAL;
}
maxid = info->queues_total - 1 + info->queuenum;
if (maxid > 0xffff) {
pr_err("NFQUEUE: number of queues (%u) out of range (got %u)\n",
info->queues_total, maxid);
return false;
return -EINVAL;
}
return true;
return 0;
}
static struct xt_target nfqueue_tg_reg[] __read_mostly = {

9
net/netfilter/xt_RATEEST.c
View File

@ -109,10 +109,10 @@ static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
(info->interval != est->params.interval ||
info->ewma_log != est->params.ewma_log)) {
xt_rateest_put(est);
return false;
return -EINVAL;
}
info->est = est;
return true;
return 0;
}
est = kzalloc(sizeof(*est), GFP_KERNEL);
@ -136,13 +136,12 @@ static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par)
info->est = est;
xt_rateest_hash_insert(est);
return true;
return 0;
err2:
kfree(est);
err1:
return false;
return -EINVAL;
}
static void xt_rateest_tg_destroy(const struct xt_tgdtor_param *par)

10
net/netfilter/xt_SECMARK.c
View File

@ -88,29 +88,29 @@ static int secmark_tg_check(const struct xt_tgchk_param *par)
strcmp(par->table, "security") != 0) {
pr_info("target only valid in the \'mangle\' "
"or \'security\' tables, not \'%s\'.\n", par->table);
return false;
return -EINVAL;
}
if (mode && mode != info->mode) {
pr_info("mode already set to %hu cannot mix with "
"rules for mode %hu\n", mode, info->mode);
return false;
return -EINVAL;
}
switch (info->mode) {
case SECMARK_MODE_SEL:
if (!checkentry_selinux(info))
return false;
return -EINVAL;
break;
default:
pr_info("invalid mode: %hu\n", info->mode);
return false;
return -EINVAL;
}
if (!mode)
mode = info->mode;
return true;
return 0;
}
static void secmark_tg_destroy(const struct xt_tgdtor_param *par)

12
net/netfilter/xt_TCPMSS.c
View File

@ -246,13 +246,13 @@ static int tcpmss_tg4_check(const struct xt_tgchk_param *par)
(1 << NF_INET_POST_ROUTING))) != 0) {
pr_info("path-MTU clamping only supported in "
"FORWARD, OUTPUT and POSTROUTING hooks\n");
return false;
return -EINVAL;
}
xt_ematch_foreach(ematch, e)
if (find_syn_match(ematch))
return true;
return 0;
pr_info("Only works on TCP SYN packets\n");
return false;
return -EINVAL;
}
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
@ -268,13 +268,13 @@ static int tcpmss_tg6_check(const struct xt_tgchk_param *par)
(1 << NF_INET_POST_ROUTING))) != 0) {
pr_info("path-MTU clamping only supported in "
"FORWARD, OUTPUT and POSTROUTING hooks\n");
return false;
return -EINVAL;
}
xt_ematch_foreach(ematch, e)
if (find_syn_match(ematch))
return true;
return 0;
pr_info("Only works on TCP SYN packets\n");
return false;
return -EINVAL;
}
#endif

4
net/netfilter/xt_TPROXY.c
View File

@ -65,11 +65,11 @@ static int tproxy_tg_check(const struct xt_tgchk_param *par)
if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP)
&& !(i->invflags & IPT_INV_PROTO))
return true;
return 0;
pr_info("Can be used only in combination with "
"either -p tcp or -p udp\n");
return false;
return -EINVAL;
}
static struct xt_target tproxy_tg_reg __read_mostly = {