mirror of
https://github.com/Dasharo/linux.git
synced 2026-03-06 15:25:10 -08:00
netfilter: xtables: change matches to return error code
The following semantic patch does part of the transformation:
// <smpl>
@ rule1 @
struct xt_match ops;
identifier check;
@@
ops.checkentry = check;
@@
identifier rule1.check;
@@
check(...) { <...
-return true;
+return 0;
...> }
@@
identifier rule1.check;
@@
check(...) { <...
-return false;
+return -EINVAL;
...> }
// </smpl>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
This commit is contained in:
Jan Engelhardt
@@ -41,9 +41,9 @@ static int ebt_802_3_mt_check(const struct xt_mtchk_param *par)
|
||||
const struct ebt_802_3_info *info = par->matchinfo;
|
||||
|
||||
if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK)
|
||||
return false;
|
||||
return -EINVAL;
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match ebt_802_3_mt_reg __read_mostly = {
|
||||
|
||||
@@ -190,17 +190,17 @@ static int ebt_among_mt_check(const struct xt_mtchk_param *par)
|
||||
pr_info("wrong size: %d against expected %d, rounded to %Zd\n",
|
||||
em->match_size, expected_length,
|
||||
EBT_ALIGN(expected_length));
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
if (wh_dst && (err = ebt_mac_wormhash_check_integrity(wh_dst))) {
|
||||
pr_info("dst integrity fail: %x\n", -err);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
if (wh_src && (err = ebt_mac_wormhash_check_integrity(wh_src))) {
|
||||
pr_info("src integrity fail: %x\n", -err);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match ebt_among_mt_reg __read_mostly = {
|
||||
|
||||
@@ -108,10 +108,10 @@ static int ebt_arp_mt_check(const struct xt_mtchk_param *par)
|
||||
if ((e->ethproto != htons(ETH_P_ARP) &&
|
||||
e->ethproto != htons(ETH_P_RARP)) ||
|
||||
e->invflags & EBT_IPROTO)
|
||||
return false;
|
||||
return -EINVAL;
|
||||
if (info->bitmask & ~EBT_ARP_MASK || info->invflags & ~EBT_ARP_MASK)
|
||||
return false;
|
||||
return true;
|
||||
return -EINVAL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match ebt_arp_mt_reg __read_mostly = {
|
||||
|
||||
@@ -84,24 +84,24 @@ static int ebt_ip_mt_check(const struct xt_mtchk_param *par)
|
||||
|
||||
if (e->ethproto != htons(ETH_P_IP) ||
|
||||
e->invflags & EBT_IPROTO)
|
||||
return false;
|
||||
return -EINVAL;
|
||||
if (info->bitmask & ~EBT_IP_MASK || info->invflags & ~EBT_IP_MASK)
|
||||
return false;
|
||||
return -EINVAL;
|
||||
if (info->bitmask & (EBT_IP_DPORT | EBT_IP_SPORT)) {
|
||||
if (info->invflags & EBT_IP_PROTO)
|
||||
return false;
|
||||
return -EINVAL;
|
||||
if (info->protocol != IPPROTO_TCP &&
|
||||
info->protocol != IPPROTO_UDP &&
|
||||
info->protocol != IPPROTO_UDPLITE &&
|
||||
info->protocol != IPPROTO_SCTP &&
|
||||
info->protocol != IPPROTO_DCCP)
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1])
|
||||
return false;
|
||||
return -EINVAL;
|
||||
if (info->bitmask & EBT_IP_SPORT && info->sport[0] > info->sport[1])
|
||||
return false;
|
||||
return true;
|
||||
return -EINVAL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match ebt_ip_mt_reg __read_mostly = {
|
||||
|
||||
@@ -86,24 +86,24 @@ static int ebt_ip6_mt_check(const struct xt_mtchk_param *par)
|
||||
struct ebt_ip6_info *info = par->matchinfo;
|
||||
|
||||
if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO)
|
||||
return false;
|
||||
return -EINVAL;
|
||||
if (info->bitmask & ~EBT_IP6_MASK || info->invflags & ~EBT_IP6_MASK)
|
||||
return false;
|
||||
return -EINVAL;
|
||||
if (info->bitmask & (EBT_IP6_DPORT | EBT_IP6_SPORT)) {
|
||||
if (info->invflags & EBT_IP6_PROTO)
|
||||
return false;
|
||||
return -EINVAL;
|
||||
if (info->protocol != IPPROTO_TCP &&
|
||||
info->protocol != IPPROTO_UDP &&
|
||||
info->protocol != IPPROTO_UDPLITE &&
|
||||
info->protocol != IPPROTO_SCTP &&
|
||||
info->protocol != IPPROTO_DCCP)
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
if (info->bitmask & EBT_IP6_DPORT && info->dport[0] > info->dport[1])
|
||||
return false;
|
||||
return -EINVAL;
|
||||
if (info->bitmask & EBT_IP6_SPORT && info->sport[0] > info->sport[1])
|
||||
return false;
|
||||
return true;
|
||||
return -EINVAL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match ebt_ip6_mt_reg __read_mostly = {
|
||||
|
||||
@@ -74,7 +74,7 @@ static int ebt_limit_mt_check(const struct xt_mtchk_param *par)
|
||||
user2credits(info->avg * info->burst) < user2credits(info->avg)) {
|
||||
pr_info("overflow, try lower: %u/%u\n",
|
||||
info->avg, info->burst);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
/* User avg in seconds * EBT_LIMIT_SCALE: convert to jiffies * 128. */
|
||||
@@ -82,7 +82,7 @@ static int ebt_limit_mt_check(const struct xt_mtchk_param *par)
|
||||
info->credit = user2credits(info->avg * info->burst);
|
||||
info->credit_cap = user2credits(info->avg * info->burst);
|
||||
info->cost = user2credits(info->avg);
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -27,12 +27,12 @@ static int ebt_mark_mt_check(const struct xt_mtchk_param *par)
|
||||
const struct ebt_mark_m_info *info = par->matchinfo;
|
||||
|
||||
if (info->bitmask & ~EBT_MARK_MASK)
|
||||
return false;
|
||||
return -EINVAL;
|
||||
if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND))
|
||||
return false;
|
||||
return -EINVAL;
|
||||
if (!info->bitmask)
|
||||
return false;
|
||||
return true;
|
||||
return -EINVAL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -25,9 +25,9 @@ static int ebt_pkttype_mt_check(const struct xt_mtchk_param *par)
|
||||
const struct ebt_pkttype_info *info = par->matchinfo;
|
||||
|
||||
if (info->invert != 0 && info->invert != 1)
|
||||
return false;
|
||||
return -EINVAL;
|
||||
/* Allow any pkt_type value */
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match ebt_pkttype_mt_reg __read_mostly = {
|
||||
|
||||
@@ -162,13 +162,13 @@ static int ebt_stp_mt_check(const struct xt_mtchk_param *par)
|
||||
|
||||
if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK ||
|
||||
!(info->bitmask & EBT_STP_MASK))
|
||||
return false;
|
||||
return -EINVAL;
|
||||
/* Make sure the match only receives stp frames */
|
||||
if (compare_ether_addr(e->destmac, bridge_ula) ||
|
||||
compare_ether_addr(e->destmsk, msk) || !(e->bitmask & EBT_DESTMAC))
|
||||
return false;
|
||||
return -EINVAL;
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match ebt_stp_mt_reg __read_mostly = {
|
||||
|
||||
@@ -88,7 +88,7 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
|
||||
if (e->ethproto != htons(ETH_P_8021Q)) {
|
||||
pr_debug("passed entry proto %2.4X is not 802.1Q (8100)\n",
|
||||
ntohs(e->ethproto));
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
/* Check for bitmask range
|
||||
@@ -96,14 +96,14 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
|
||||
if (info->bitmask & ~EBT_VLAN_MASK) {
|
||||
pr_debug("bitmask %2X is out of mask (%2X)\n",
|
||||
info->bitmask, EBT_VLAN_MASK);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
/* Check for inversion flags range */
|
||||
if (info->invflags & ~EBT_VLAN_MASK) {
|
||||
pr_debug("inversion flags %2X is out of mask (%2X)\n",
|
||||
info->invflags, EBT_VLAN_MASK);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
/* Reserved VLAN ID (VID) values
|
||||
@@ -117,7 +117,7 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
|
||||
if (info->id > VLAN_GROUP_ARRAY_LEN) {
|
||||
pr_debug("id %d is out of range (1-4096)\n",
|
||||
info->id);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
/* Note: This is valid VLAN-tagged frame point.
|
||||
* Any value of user_priority are acceptable,
|
||||
@@ -132,7 +132,7 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
|
||||
if ((unsigned char) info->prio > 7) {
|
||||
pr_debug("prio %d is out of range (0-7)\n",
|
||||
info->prio);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
}
|
||||
/* Check for encapsulated proto range - it is possible to be
|
||||
@@ -142,11 +142,11 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
|
||||
if ((unsigned short) ntohs(info->encap) < ETH_ZLEN) {
|
||||
pr_debug("encap frame length %d is less than "
|
||||
"minimal\n", ntohs(info->encap));
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match ebt_vlan_mt_reg __read_mostly = {
|
||||
|
||||
@@ -2181,7 +2181,7 @@ static int icmp_checkentry(const struct xt_mtchk_param *par)
|
||||
const struct ipt_icmp *icmpinfo = par->matchinfo;
|
||||
|
||||
/* Must specify no unknown invflags */
|
||||
return !(icmpinfo->invflags & ~IPT_ICMP_INV);
|
||||
return (icmpinfo->invflags & ~IPT_ICMP_INV) ? -EINVAL : 0;
|
||||
}
|
||||
|
||||
/* The built-in targets: standard (NULL) and error. */
|
||||
|
||||
@@ -78,7 +78,7 @@ static int addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par)
|
||||
info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
|
||||
pr_info("both incoming and outgoing "
|
||||
"interface limitation cannot be selected\n");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (par->hook_mask & ((1 << NF_INET_PRE_ROUTING) |
|
||||
@@ -86,7 +86,7 @@ static int addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par)
|
||||
info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
|
||||
pr_info("output interface limitation "
|
||||
"not valid in PREROUTING and INPUT\n");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (par->hook_mask & ((1 << NF_INET_POST_ROUTING) |
|
||||
@@ -94,10 +94,10 @@ static int addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par)
|
||||
info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) {
|
||||
pr_info("input interface limitation "
|
||||
"not valid in POSTROUTING and OUTPUT\n");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match addrtype_mt_reg[] __read_mostly = {
|
||||
|
||||
@@ -62,9 +62,9 @@ static int ah_mt_check(const struct xt_mtchk_param *par)
|
||||
/* Must specify no unknown invflags */
|
||||
if (ahinfo->invflags & ~IPT_AH_INV_MASK) {
|
||||
pr_debug("unknown flags %X\n", ahinfo->invflags);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match ah_mt_reg __read_mostly = {
|
||||
|
||||
@@ -91,18 +91,18 @@ static int ecn_mt_check(const struct xt_mtchk_param *par)
|
||||
const struct ipt_ip *ip = par->entryinfo;
|
||||
|
||||
if (info->operation & IPT_ECN_OP_MATCH_MASK)
|
||||
return false;
|
||||
return -EINVAL;
|
||||
|
||||
if (info->invert & IPT_ECN_OP_MATCH_MASK)
|
||||
return false;
|
||||
return -EINVAL;
|
||||
|
||||
if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR) &&
|
||||
ip->proto != IPPROTO_TCP) {
|
||||
pr_info("cannot match TCP bits in rule for non-tcp packets\n");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match ecn_mt_reg __read_mostly = {
|
||||
|
||||
@@ -2214,7 +2214,7 @@ static int icmp6_checkentry(const struct xt_mtchk_param *par)
|
||||
const struct ip6t_icmp *icmpinfo = par->matchinfo;
|
||||
|
||||
/* Must specify no unknown invflags */
|
||||
return !(icmpinfo->invflags & ~IP6T_ICMP_INV);
|
||||
return (icmpinfo->invflags & ~IP6T_ICMP_INV) ? -EINVAL : 0;
|
||||
}
|
||||
|
||||
/* The built-in targets: standard (NULL) and error. */
|
||||
|
||||
@@ -93,9 +93,9 @@ static int ah_mt6_check(const struct xt_mtchk_param *par)
|
||||
|
||||
if (ahinfo->invflags & ~IP6T_AH_INV_MASK) {
|
||||
pr_debug("unknown flags %X\n", ahinfo->invflags);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match ah_mt6_reg __read_mostly = {
|
||||
|
||||
@@ -108,9 +108,9 @@ static int frag_mt6_check(const struct xt_mtchk_param *par)
|
||||
|
||||
if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) {
|
||||
pr_debug("unknown flags %X\n", fraginfo->invflags);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match frag_mt6_reg __read_mostly = {
|
||||
|
||||
@@ -170,15 +170,15 @@ static int hbh_mt6_check(const struct xt_mtchk_param *par)
|
||||
|
||||
if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
|
||||
pr_debug("unknown flags %X\n", optsinfo->invflags);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (optsinfo->flags & IP6T_OPTS_NSTRICT) {
|
||||
pr_debug("Not strict - not implemented");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match hbh_mt6_reg[] __read_mostly = {
|
||||
|
||||
@@ -125,9 +125,9 @@ static int ipv6header_mt6_check(const struct xt_mtchk_param *par)
|
||||
/* invflags is 0 or 0xff in hard mode */
|
||||
if ((!info->modeflag) && info->invflags != 0x00 &&
|
||||
info->invflags != 0xFF)
|
||||
return false;
|
||||
return -EINVAL;
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct xt_match ipv6header_mt6_reg __read_mostly = {
|
||||
|
||||
@@ -67,7 +67,7 @@ static int mh_mt6_check(const struct xt_mtchk_param *par)
|
||||
const struct ip6t_mh *mhinfo = par->matchinfo;
|
||||
|
||||
/* Must specify no unknown invflags */
|
||||
return !(mhinfo->invflags & ~IP6T_MH_INV_MASK);
|
||||
return (mhinfo->invflags & ~IP6T_MH_INV_MASK) ? -EINVAL : 0;
|
||||
}
|
||||
|
||||
static struct xt_match mh_mt6_reg __read_mostly = {
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user