Commit 1d93a9cb authored by Jan Engelhardt's avatar Jan Engelhardt Committed by David S. Miller
Browse files

[NETFILTER]: x_tables: switch xt_match->match to bool



Switch the return type of match functions to boolean
Signed-off-by: default avatarJan Engelhardt <jengelh@gmx.de>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent cff533ac
......@@ -141,14 +141,14 @@ struct xt_match
/* Arguments changed since 2.6.9, as this must now handle
non-linear skb, using skb_header_pointer and
skb_ip_make_writable. */
int (*match)(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const struct xt_match *match,
const void *matchinfo,
int offset,
unsigned int protoff,
bool *hotdrop);
bool (*match)(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const struct xt_match *match,
const void *matchinfo,
int offset,
unsigned int protoff,
bool *hotdrop);
/* Called when user tries to insert an entry of this type. */
/* Should return true or false. */
......
......@@ -183,19 +183,19 @@ ipt_error(struct sk_buff **pskb,
}
static inline
int do_match(struct ipt_entry_match *m,
const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int offset,
bool *hotdrop)
bool do_match(struct ipt_entry_match *m,
const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int offset,
bool *hotdrop)
{
/* Stop iteration if it doesn't match */
if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
offset, ip_hdrlen(skb), hotdrop))
return 1;
return true;
else
return 0;
return false;
}
static inline struct ipt_entry *
......@@ -2105,16 +2105,16 @@ void ipt_unregister_table(struct xt_table *table)
}
/* Returns 1 if the type and code is matched by the range, 0 otherwise */
static inline int
static inline bool
icmp_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code,
u_int8_t type, u_int8_t code,
int invert)
bool invert)
{
return ((test_type == 0xFF) || (type == test_type && code >= min_code && code <= max_code))
^ invert;
}
static int
static bool
icmp_match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
......@@ -2129,7 +2129,7 @@ icmp_match(const struct sk_buff *skb,
/* Must not be a fragment. */
if (offset)
return 0;
return false;
ic = skb_header_pointer(skb, protoff, sizeof(_icmph), &_icmph);
if (ic == NULL) {
......@@ -2138,7 +2138,7 @@ icmp_match(const struct sk_buff *skb,
*/
duprintf("Dropping evil ICMP tinygram.\n");
*hotdrop = true;
return 0;
return false;
}
return icmp_type_code_match(icmpinfo->type,
......
......@@ -22,19 +22,19 @@ MODULE_LICENSE("GPL");
MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
MODULE_DESCRIPTION("iptables addrtype match");
static inline int match_type(__be32 addr, u_int16_t mask)
static inline bool match_type(__be32 addr, u_int16_t mask)
{
return !!(mask & (1 << inet_addr_type(addr)));
}
static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop)
static bool match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop)
{
const struct ipt_addrtype_info *info = matchinfo;
const struct iphdr *iph = ip_hdr(skb);
int ret = 1;
bool ret = true;
if (info->source)
ret &= match_type(iph->saddr, info->source)^info->invert_source;
......
......@@ -25,10 +25,10 @@ MODULE_DESCRIPTION("iptables AH SPI match module");
#endif
/* Returns 1 if the spi is matched by the range, 0 otherwise */
static inline int
spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
static inline bool
spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
{
int r=0;
bool r;
duprintf("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ',
min,spi,max);
r=(spi >= min && spi <= max) ^ invert;
......@@ -36,7 +36,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
return r;
}
static int
static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
......@@ -51,7 +51,7 @@ match(const struct sk_buff *skb,
/* Must not be a fragment. */
if (offset)
return 0;
return false;
ah = skb_header_pointer(skb, protoff,
sizeof(_ahdr), &_ahdr);
......
......@@ -22,15 +22,15 @@ MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
MODULE_DESCRIPTION("iptables ECN matching module");
MODULE_LICENSE("GPL");
static inline int match_ip(const struct sk_buff *skb,
const struct ipt_ecn_info *einfo)
static inline bool match_ip(const struct sk_buff *skb,
const struct ipt_ecn_info *einfo)
{
return (ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect;
}
static inline int match_tcp(const struct sk_buff *skb,
const struct ipt_ecn_info *einfo,
bool *hotdrop)
static inline bool match_tcp(const struct sk_buff *skb,
const struct ipt_ecn_info *einfo,
bool *hotdrop)
{
struct tcphdr _tcph, *th;
......@@ -40,51 +40,51 @@ static inline int match_tcp(const struct sk_buff *skb,
th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
if (th == NULL) {
*hotdrop = false;
return 0;
return false;
}
if (einfo->operation & IPT_ECN_OP_MATCH_ECE) {
if (einfo->invert & IPT_ECN_OP_MATCH_ECE) {
if (th->ece == 1)
return 0;
return false;
} else {
if (th->ece == 0)
return 0;
return false;
}
}
if (einfo->operation & IPT_ECN_OP_MATCH_CWR) {
if (einfo->invert & IPT_ECN_OP_MATCH_CWR) {
if (th->cwr == 1)
return 0;
return false;
} else {
if (th->cwr == 0)
return 0;
return false;
}
}
return 1;
return true;
}
static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop)
static bool match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop)
{
const struct ipt_ecn_info *info = matchinfo;
if (info->operation & IPT_ECN_OP_MATCH_IP)
if (!match_ip(skb, info))
return 0;
return false;
if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) {
if (ip_hdr(skb)->protocol != IPPROTO_TCP)
return 0;
return false;
if (!match_tcp(skb, info, hotdrop))
return 0;
return false;
}
return 1;
return true;
}
static int checkentry(const char *tablename, const void *ip_void,
......
......@@ -23,7 +23,7 @@ MODULE_DESCRIPTION("iptables arbitrary IP range match module");
#define DEBUGP(format, args...)
#endif
static int
static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
......@@ -44,7 +44,7 @@ match(const struct sk_buff *skb,
info->flags & IPRANGE_SRC_INV ? "(INV) " : "",
NIPQUAD(info->src.min_ip),
NIPQUAD(info->src.max_ip));
return 0;
return false;
}
}
if (info->flags & IPRANGE_DST) {
......@@ -57,10 +57,10 @@ match(const struct sk_buff *skb,
info->flags & IPRANGE_DST_INV ? "(INV) " : "",
NIPQUAD(info->dst.min_ip),
NIPQUAD(info->dst.max_ip));
return 0;
return false;
}
}
return 1;
return true;
}
static struct xt_match iprange_match = {
......
......@@ -21,7 +21,7 @@ MODULE_LICENSE("GPL");
MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
MODULE_DESCRIPTION("iptables owner match");
static int
static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
......@@ -34,21 +34,21 @@ match(const struct sk_buff *skb,
const struct ipt_owner_info *info = matchinfo;
if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file)
return 0;
return false;
if(info->match & IPT_OWNER_UID) {
if ((skb->sk->sk_socket->file->f_uid != info->uid) ^
!!(info->invert & IPT_OWNER_UID))
return 0;
return false;
}
if(info->match & IPT_OWNER_GID) {
if ((skb->sk->sk_socket->file->f_gid != info->gid) ^
!!(info->invert & IPT_OWNER_GID))
return 0;
return false;
}
return 1;
return true;
}
static int
......
......@@ -169,7 +169,7 @@ static void recent_table_flush(struct recent_table *t)
}
}
static int
static bool
ipt_recent_match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
......@@ -180,7 +180,7 @@ ipt_recent_match(const struct sk_buff *skb,
struct recent_entry *e;
__be32 addr;
u_int8_t ttl;
int ret = info->invert;
bool ret = info->invert;
if (info->side == IPT_RECENT_DEST)
addr = ip_hdr(skb)->daddr;
......@@ -202,15 +202,15 @@ ipt_recent_match(const struct sk_buff *skb,
e = recent_entry_init(t, addr, ttl);
if (e == NULL)
*hotdrop = true;
ret ^= 1;
ret = !ret;
goto out;
}
if (info->check_set & IPT_RECENT_SET)
ret ^= 1;
ret = !ret;
else if (info->check_set & IPT_RECENT_REMOVE) {
recent_entry_remove(t, e);
ret ^= 1;
ret = !ret;
} else if (info->check_set & (IPT_RECENT_CHECK | IPT_RECENT_UPDATE)) {
unsigned long t = jiffies - info->seconds * HZ;
unsigned int i, hits = 0;
......@@ -219,7 +219,7 @@ ipt_recent_match(const struct sk_buff *skb,
if (info->seconds && time_after(t, e->stamps[i]))
continue;
if (++hits >= info->hit_count) {
ret ^= 1;
ret = !ret;
break;
}
}
......
......@@ -18,7 +18,7 @@
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("iptables TOS match module");
static int
static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
......
......@@ -18,10 +18,10 @@ MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
MODULE_DESCRIPTION("IP tables TTL matching module");
MODULE_LICENSE("GPL");
static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop)
static bool match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop)
{
const struct ipt_ttl_info *info = matchinfo;
const u8 ttl = ip_hdr(skb)->ttl;
......@@ -42,10 +42,10 @@ static int match(const struct sk_buff *skb,
default:
printk(KERN_WARNING "ipt_ttl: unknown mode %d\n",
info->mode);
return 0;
return false;
}
return 0;
return false;
}
static struct xt_match ttl_match = {
......
......@@ -96,7 +96,7 @@ ip6t_ext_hdr(u8 nexthdr)
}
/* Returns whether matches rule or not. */
static inline int
static inline bool
ip6_packet_match(const struct sk_buff *skb,
const char *indev,
const char *outdev,
......@@ -122,7 +122,7 @@ ip6_packet_match(const struct sk_buff *skb,
dprintf("DST: %u. Mask: %u. Target: %u.%s\n", ip->daddr,
ipinfo->dmsk.s_addr, ipinfo->dst.s_addr,
ipinfo->invflags & IP6T_INV_DSTIP ? " (INV)" : "");*/
return 0;
return false;
}
/* Look for ifname matches; this should unroll nicely. */
......@@ -136,7 +136,7 @@ ip6_packet_match(const struct sk_buff *skb,
dprintf("VIA in mismatch (%s vs %s).%s\n",
indev, ip6info->iniface,
ip6info->invflags&IP6T_INV_VIA_IN ?" (INV)":"");
return 0;
return false;
}
for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) {
......@@ -149,7 +149,7 @@ ip6_packet_match(const struct sk_buff *skb,
dprintf("VIA out mismatch (%s vs %s).%s\n",
outdev, ip6info->outiface,
ip6info->invflags&IP6T_INV_VIA_OUT ?" (INV)":"");
return 0;
return false;
}
/* ... might want to do something with class and flowlabel here ... */
......@@ -163,7 +163,7 @@ ip6_packet_match(const struct sk_buff *skb,
if (protohdr < 0) {
if (_frag_off == 0)
*hotdrop = true;
return 0;
return false;
}
*fragoff = _frag_off;
......@@ -174,17 +174,17 @@ ip6_packet_match(const struct sk_buff *skb,
if (ip6info->proto == protohdr) {
if(ip6info->invflags & IP6T_INV_PROTO) {
return 0;
return false;
}
return 1;
return true;
}
/* We need match for the '-p all', too! */
if ((ip6info->proto != 0) &&
!(ip6info->invflags & IP6T_INV_PROTO))
return 0;
return false;
}
return 1;
return true;
}
/* should be ip6 safe */
......@@ -219,20 +219,20 @@ ip6t_error(struct sk_buff **pskb,
}
static inline
int do_match(struct ip6t_entry_match *m,
const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int offset,
unsigned int protoff,
bool *hotdrop)
bool do_match(struct ip6t_entry_match *m,
const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int offset,
unsigned int protoff,
bool *hotdrop)
{
/* Stop iteration if it doesn't match */
if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
offset, protoff, hotdrop))
return 1;
return true;
else
return 0;
return false;
}
static inline struct ip6t_entry *
......@@ -1291,7 +1291,7 @@ icmp6_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code,
^ invert;
}
static int
static bool
icmp6_match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
......@@ -1306,7 +1306,7 @@ icmp6_match(const struct sk_buff *skb,
/* Must not be a fragment. */
if (offset)
return 0;
return false;
ic = skb_header_pointer(skb, protoff, sizeof(_icmp), &_icmp);
if (ic == NULL) {
......@@ -1314,7 +1314,7 @@ icmp6_match(const struct sk_buff *skb,
can't. Hence, no choice but to drop. */
duprintf("Dropping evil ICMP tinygram.\n");
*hotdrop = true;
return 0;
return false;
}
return icmp6_type_code_match(icmpinfo->type,
......
......@@ -30,10 +30,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
#endif
/* Returns 1 if the spi is matched by the range, 0 otherwise */
static inline int
spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
static inline bool
spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
{
int r=0;
bool r;
DEBUGP("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ',
min,spi,max);
r = (spi >= min && spi <= max) ^ invert;
......@@ -41,7 +41,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
return r;
}
static int
static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
......@@ -61,13 +61,13 @@ match(const struct sk_buff *skb,
if (err < 0) {
if (err != -ENOENT)
*hotdrop = true;
return 0;
return false;
}
ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
if (ah == NULL) {
*hotdrop = true;
return 0;
return false;
}
hdrlen = (ah->hdrlen + 2) << 2;
......
......@@ -19,7 +19,7 @@ MODULE_DESCRIPTION("IPv6 EUI64 address checking match");
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
static int
static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
......@@ -36,7 +36,7 @@ match(const struct sk_buff *skb,
(skb_mac_header(skb) + ETH_HLEN) <= skb->data) &&
offset != 0) {
*hotdrop = true;
return 0;
return false;
}
memset(eui64, 0, sizeof(eui64));
......@@ -55,11 +55,11 @@ match(const struct sk_buff *skb,
i++;
if (i == 8)
return 1;
return true;
}
}
return 0;
return false;
}
static struct xt_match eui64_match = {
......
......@@ -29,10 +29,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
#endif
/* Returns 1 if the id is matched by the range, 0 otherwise */
static inline int
id_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert)
static inline bool
id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
{
int r = 0;
bool r;
DEBUGP("frag id_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ',
min, id, max);
r = (id >= min && id <= max) ^ invert;
......@@ -40,7 +40,7 @@ id_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert)
return r;
}
static int
static bool
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
......@@ -59,13 +59,13 @@ match(const struct sk_buff *skb,
if (err < 0) {
if (err != -ENOENT)
*hotdrop = true;
return 0;
return false;
}
fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
if (fh == NULL) {
*hotdrop = true;
return 0;
return false;
}
DEBUGP("INFO %04X ", fh->frag_off);
......
......@@ -47,7 +47,7 @@ MODULE_ALIAS("ip6t_dst");