[NETFILTER]: x_tables: switch xt_target->checkentry to bool
Switch the return type of target checkentry functions to boolean. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Jan Engelhardt
David S. Miller
Родитель
ccb79bdce7
Коммит
e1931b784a
|
|
@ -202,7 +202,7 @@ struct xt_target
|
||||||
hook_mask is a bitmask of hooks from which it can be
|
hook_mask is a bitmask of hooks from which it can be
|
||||||
called. */
|
called. */
|
||||||
/* Should return true or false. */
|
/* Should return true or false. */
|
||||||
int (*checkentry)(const char *tablename,
|
bool (*checkentry)(const char *tablename,
|
||||||
const void *entry,
|
const void *entry,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
void *targinfo,
|
void *targinfo,
|
||||||
|
|
|
||||||
|
|
@ -65,7 +65,7 @@ target(struct sk_buff **pskb,
|
||||||
return mangle->target;
|
return mangle->target;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static bool
|
||||||
checkentry(const char *tablename, const void *e, const struct xt_target *target,
|
checkentry(const char *tablename, const void *e, const struct xt_target *target,
|
||||||
void *targinfo, unsigned int hook_mask)
|
void *targinfo, unsigned int hook_mask)
|
||||||
{
|
{
|
||||||
|
|
@ -73,12 +73,12 @@ checkentry(const char *tablename, const void *e, const struct xt_target *target,
|
||||||
|
|
||||||
if (mangle->flags & ~ARPT_MANGLE_MASK ||
|
if (mangle->flags & ~ARPT_MANGLE_MASK ||
|
||||||
!(mangle->flags & ARPT_MANGLE_MASK))
|
!(mangle->flags & ARPT_MANGLE_MASK))
|
||||||
return 0;
|
return false;
|
||||||
|
|
||||||
if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT &&
|
if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT &&
|
||||||
mangle->target != ARPT_CONTINUE)
|
mangle->target != ARPT_CONTINUE)
|
||||||
return 0;
|
return false;
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct arpt_target arpt_mangle_reg = {
|
static struct arpt_target arpt_mangle_reg = {
|
||||||
|
|
|
||||||
|
|
@ -220,17 +220,17 @@ clusterip_add_node(struct clusterip_config *c, u_int16_t nodenum)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static bool
|
||||||
clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum)
|
clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum)
|
||||||
{
|
{
|
||||||
if (nodenum == 0 ||
|
if (nodenum == 0 ||
|
||||||
nodenum > c->num_total_nodes)
|
nodenum > c->num_total_nodes)
|
||||||
return 1;
|
return true;
|
||||||
|
|
||||||
if (test_and_clear_bit(nodenum - 1, &c->local_nodes))
|
if (test_and_clear_bit(nodenum - 1, &c->local_nodes))
|
||||||
return 0;
|
return false;
|
||||||
|
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
@ -370,7 +370,7 @@ target(struct sk_buff **pskb,
|
||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static bool
|
||||||
checkentry(const char *tablename,
|
checkentry(const char *tablename,
|
||||||
const void *e_void,
|
const void *e_void,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
|
|
@ -387,13 +387,13 @@ checkentry(const char *tablename,
|
||||||
cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) {
|
cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT_DPT) {
|
||||||
printk(KERN_WARNING "CLUSTERIP: unknown mode `%u'\n",
|
printk(KERN_WARNING "CLUSTERIP: unknown mode `%u'\n",
|
||||||
cipinfo->hash_mode);
|
cipinfo->hash_mode);
|
||||||
return 0;
|
return false;
|
||||||
|
|
||||||
}
|
}
|
||||||
if (e->ip.dmsk.s_addr != htonl(0xffffffff)
|
if (e->ip.dmsk.s_addr != htonl(0xffffffff)
|
||||||
|| e->ip.dst.s_addr == 0) {
|
|| e->ip.dst.s_addr == 0) {
|
||||||
printk(KERN_ERR "CLUSTERIP: Please specify destination IP\n");
|
printk(KERN_ERR "CLUSTERIP: Please specify destination IP\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* FIXME: further sanity checks */
|
/* FIXME: further sanity checks */
|
||||||
|
|
@ -407,7 +407,7 @@ checkentry(const char *tablename,
|
||||||
if (cipinfo->config != config) {
|
if (cipinfo->config != config) {
|
||||||
printk(KERN_ERR "CLUSTERIP: Reloaded entry "
|
printk(KERN_ERR "CLUSTERIP: Reloaded entry "
|
||||||
"has invalid config pointer!\n");
|
"has invalid config pointer!\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/* Case B: This is a new rule referring to an existing
|
/* Case B: This is a new rule referring to an existing
|
||||||
|
|
@ -418,19 +418,19 @@ checkentry(const char *tablename,
|
||||||
/* Case C: This is a completely new clusterip config */
|
/* Case C: This is a completely new clusterip config */
|
||||||
if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) {
|
if (!(cipinfo->flags & CLUSTERIP_FLAG_NEW)) {
|
||||||
printk(KERN_WARNING "CLUSTERIP: no config found for %u.%u.%u.%u, need 'new'\n", NIPQUAD(e->ip.dst.s_addr));
|
printk(KERN_WARNING "CLUSTERIP: no config found for %u.%u.%u.%u, need 'new'\n", NIPQUAD(e->ip.dst.s_addr));
|
||||||
return 0;
|
return false;
|
||||||
} else {
|
} else {
|
||||||
struct net_device *dev;
|
struct net_device *dev;
|
||||||
|
|
||||||
if (e->ip.iniface[0] == '\0') {
|
if (e->ip.iniface[0] == '\0') {
|
||||||
printk(KERN_WARNING "CLUSTERIP: Please specify an interface name\n");
|
printk(KERN_WARNING "CLUSTERIP: Please specify an interface name\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
dev = dev_get_by_name(e->ip.iniface);
|
dev = dev_get_by_name(e->ip.iniface);
|
||||||
if (!dev) {
|
if (!dev) {
|
||||||
printk(KERN_WARNING "CLUSTERIP: no such interface %s\n", e->ip.iniface);
|
printk(KERN_WARNING "CLUSTERIP: no such interface %s\n", e->ip.iniface);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
config = clusterip_config_init(cipinfo,
|
config = clusterip_config_init(cipinfo,
|
||||||
|
|
@ -438,7 +438,7 @@ checkentry(const char *tablename,
|
||||||
if (!config) {
|
if (!config) {
|
||||||
printk(KERN_WARNING "CLUSTERIP: cannot allocate config\n");
|
printk(KERN_WARNING "CLUSTERIP: cannot allocate config\n");
|
||||||
dev_put(dev);
|
dev_put(dev);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0);
|
dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0);
|
||||||
}
|
}
|
||||||
|
|
@ -448,10 +448,10 @@ checkentry(const char *tablename,
|
||||||
if (nf_ct_l3proto_try_module_get(target->family) < 0) {
|
if (nf_ct_l3proto_try_module_get(target->family) < 0) {
|
||||||
printk(KERN_WARNING "can't load conntrack support for "
|
printk(KERN_WARNING "can't load conntrack support for "
|
||||||
"proto=%d\n", target->family);
|
"proto=%d\n", target->family);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* drop reference count of cluster config when rule is deleted */
|
/* drop reference count of cluster config when rule is deleted */
|
||||||
|
|
|
||||||
|
|
@ -24,8 +24,8 @@ MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
|
||||||
MODULE_DESCRIPTION("iptables ECN modification module");
|
MODULE_DESCRIPTION("iptables ECN modification module");
|
||||||
|
|
||||||
/* set ECT codepoint from IP header.
|
/* set ECT codepoint from IP header.
|
||||||
* return 0 if there was an error. */
|
* return false if there was an error. */
|
||||||
static inline int
|
static inline bool
|
||||||
set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
|
set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
|
||||||
{
|
{
|
||||||
struct iphdr *iph = ip_hdr(*pskb);
|
struct iphdr *iph = ip_hdr(*pskb);
|
||||||
|
|
@ -33,18 +33,18 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
|
||||||
if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) {
|
if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) {
|
||||||
__u8 oldtos;
|
__u8 oldtos;
|
||||||
if (!skb_make_writable(pskb, sizeof(struct iphdr)))
|
if (!skb_make_writable(pskb, sizeof(struct iphdr)))
|
||||||
return 0;
|
return false;
|
||||||
iph = ip_hdr(*pskb);
|
iph = ip_hdr(*pskb);
|
||||||
oldtos = iph->tos;
|
oldtos = iph->tos;
|
||||||
iph->tos &= ~IPT_ECN_IP_MASK;
|
iph->tos &= ~IPT_ECN_IP_MASK;
|
||||||
iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK);
|
iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK);
|
||||||
nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos));
|
nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos));
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Return 0 if there was an error. */
|
/* Return false if there was an error. */
|
||||||
static inline int
|
static inline bool
|
||||||
set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
|
set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
|
||||||
{
|
{
|
||||||
struct tcphdr _tcph, *tcph;
|
struct tcphdr _tcph, *tcph;
|
||||||
|
|
@ -54,16 +54,16 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
|
||||||
tcph = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
|
tcph = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
|
||||||
sizeof(_tcph), &_tcph);
|
sizeof(_tcph), &_tcph);
|
||||||
if (!tcph)
|
if (!tcph)
|
||||||
return 0;
|
return false;
|
||||||
|
|
||||||
if ((!(einfo->operation & IPT_ECN_OP_SET_ECE) ||
|
if ((!(einfo->operation & IPT_ECN_OP_SET_ECE) ||
|
||||||
tcph->ece == einfo->proto.tcp.ece) &&
|
tcph->ece == einfo->proto.tcp.ece) &&
|
||||||
((!(einfo->operation & IPT_ECN_OP_SET_CWR) ||
|
((!(einfo->operation & IPT_ECN_OP_SET_CWR) ||
|
||||||
tcph->cwr == einfo->proto.tcp.cwr)))
|
tcph->cwr == einfo->proto.tcp.cwr)))
|
||||||
return 1;
|
return true;
|
||||||
|
|
||||||
if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph)))
|
if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph)))
|
||||||
return 0;
|
return false;
|
||||||
tcph = (void *)ip_hdr(*pskb) + ip_hdrlen(*pskb);
|
tcph = (void *)ip_hdr(*pskb) + ip_hdrlen(*pskb);
|
||||||
|
|
||||||
oldval = ((__be16 *)tcph)[6];
|
oldval = ((__be16 *)tcph)[6];
|
||||||
|
|
@ -74,7 +74,7 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
|
||||||
|
|
||||||
nf_proto_csum_replace2(&tcph->check, *pskb,
|
nf_proto_csum_replace2(&tcph->check, *pskb,
|
||||||
oldval, ((__be16 *)tcph)[6], 0);
|
oldval, ((__be16 *)tcph)[6], 0);
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int
|
static unsigned int
|
||||||
|
|
@ -99,7 +99,7 @@ target(struct sk_buff **pskb,
|
||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static bool
|
||||||
checkentry(const char *tablename,
|
checkentry(const char *tablename,
|
||||||
const void *e_void,
|
const void *e_void,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
|
|
@ -112,20 +112,20 @@ checkentry(const char *tablename,
|
||||||
if (einfo->operation & IPT_ECN_OP_MASK) {
|
if (einfo->operation & IPT_ECN_OP_MASK) {
|
||||||
printk(KERN_WARNING "ECN: unsupported ECN operation %x\n",
|
printk(KERN_WARNING "ECN: unsupported ECN operation %x\n",
|
||||||
einfo->operation);
|
einfo->operation);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
if (einfo->ip_ect & ~IPT_ECN_IP_MASK) {
|
if (einfo->ip_ect & ~IPT_ECN_IP_MASK) {
|
||||||
printk(KERN_WARNING "ECN: new ECT codepoint %x out of mask\n",
|
printk(KERN_WARNING "ECN: new ECT codepoint %x out of mask\n",
|
||||||
einfo->ip_ect);
|
einfo->ip_ect);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR))
|
if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR))
|
||||||
&& (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) {
|
&& (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) {
|
||||||
printk(KERN_WARNING "ECN: cannot use TCP operations on a "
|
printk(KERN_WARNING "ECN: cannot use TCP operations on a "
|
||||||
"non-tcp rule\n");
|
"non-tcp rule\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_target ipt_ecn_reg = {
|
static struct xt_target ipt_ecn_reg = {
|
||||||
|
|
|
||||||
|
|
@ -435,7 +435,7 @@ ipt_log_target(struct sk_buff **pskb,
|
||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ipt_log_checkentry(const char *tablename,
|
static bool ipt_log_checkentry(const char *tablename,
|
||||||
const void *e,
|
const void *e,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
void *targinfo,
|
void *targinfo,
|
||||||
|
|
@ -445,14 +445,14 @@ static int ipt_log_checkentry(const char *tablename,
|
||||||
|
|
||||||
if (loginfo->level >= 8) {
|
if (loginfo->level >= 8) {
|
||||||
DEBUGP("LOG: level %u >= 8\n", loginfo->level);
|
DEBUGP("LOG: level %u >= 8\n", loginfo->level);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
|
if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
|
||||||
DEBUGP("LOG: prefix term %i\n",
|
DEBUGP("LOG: prefix term %i\n",
|
||||||
loginfo->prefix[sizeof(loginfo->prefix)-1]);
|
loginfo->prefix[sizeof(loginfo->prefix)-1]);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_target ipt_log_reg = {
|
static struct xt_target ipt_log_reg = {
|
||||||
|
|
|
||||||
|
|
@ -37,7 +37,7 @@ MODULE_DESCRIPTION("iptables MASQUERADE target module");
|
||||||
static DEFINE_RWLOCK(masq_lock);
|
static DEFINE_RWLOCK(masq_lock);
|
||||||
|
|
||||||
/* FIXME: Multiple targets. --RR */
|
/* FIXME: Multiple targets. --RR */
|
||||||
static int
|
static bool
|
||||||
masquerade_check(const char *tablename,
|
masquerade_check(const char *tablename,
|
||||||
const void *e,
|
const void *e,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
|
|
@ -48,13 +48,13 @@ masquerade_check(const char *tablename,
|
||||||
|
|
||||||
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
|
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
|
||||||
DEBUGP("masquerade_check: bad MAP_IPS.\n");
|
DEBUGP("masquerade_check: bad MAP_IPS.\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
if (mr->rangesize != 1) {
|
if (mr->rangesize != 1) {
|
||||||
DEBUGP("masquerade_check: bad rangesize %u.\n", mr->rangesize);
|
DEBUGP("masquerade_check: bad rangesize %u.\n", mr->rangesize);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int
|
static unsigned int
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,7 @@ MODULE_DESCRIPTION("iptables 1:1 NAT mapping of IP networks target");
|
||||||
#define DEBUGP(format, args...)
|
#define DEBUGP(format, args...)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static int
|
static bool
|
||||||
check(const char *tablename,
|
check(const char *tablename,
|
||||||
const void *e,
|
const void *e,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
|
|
@ -40,13 +40,13 @@ check(const char *tablename,
|
||||||
|
|
||||||
if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) {
|
if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) {
|
||||||
DEBUGP(MODULENAME":check: bad MAP_IPS.\n");
|
DEBUGP(MODULENAME":check: bad MAP_IPS.\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
if (mr->rangesize != 1) {
|
if (mr->rangesize != 1) {
|
||||||
DEBUGP(MODULENAME":check: bad rangesize %u.\n", mr->rangesize);
|
DEBUGP(MODULENAME":check: bad rangesize %u.\n", mr->rangesize);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int
|
static unsigned int
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,7 @@ MODULE_DESCRIPTION("iptables REDIRECT target module");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* FIXME: Take multiple ranges --RR */
|
/* FIXME: Take multiple ranges --RR */
|
||||||
static int
|
static bool
|
||||||
redirect_check(const char *tablename,
|
redirect_check(const char *tablename,
|
||||||
const void *e,
|
const void *e,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
|
|
@ -43,13 +43,13 @@ redirect_check(const char *tablename,
|
||||||
|
|
||||||
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
|
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
|
||||||
DEBUGP("redirect_check: bad MAP_IPS.\n");
|
DEBUGP("redirect_check: bad MAP_IPS.\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
if (mr->rangesize != 1) {
|
if (mr->rangesize != 1) {
|
||||||
DEBUGP("redirect_check: bad rangesize %u.\n", mr->rangesize);
|
DEBUGP("redirect_check: bad rangesize %u.\n", mr->rangesize);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int
|
static unsigned int
|
||||||
|
|
|
||||||
|
|
@ -217,7 +217,7 @@ static unsigned int reject(struct sk_buff **pskb,
|
||||||
return NF_DROP;
|
return NF_DROP;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int check(const char *tablename,
|
static bool check(const char *tablename,
|
||||||
const void *e_void,
|
const void *e_void,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
void *targinfo,
|
void *targinfo,
|
||||||
|
|
@ -228,16 +228,16 @@ static int check(const char *tablename,
|
||||||
|
|
||||||
if (rejinfo->with == IPT_ICMP_ECHOREPLY) {
|
if (rejinfo->with == IPT_ICMP_ECHOREPLY) {
|
||||||
printk("REJECT: ECHOREPLY no longer supported.\n");
|
printk("REJECT: ECHOREPLY no longer supported.\n");
|
||||||
return 0;
|
return false;
|
||||||
} else if (rejinfo->with == IPT_TCP_RESET) {
|
} else if (rejinfo->with == IPT_TCP_RESET) {
|
||||||
/* Must specify that it's a TCP packet */
|
/* Must specify that it's a TCP packet */
|
||||||
if (e->ip.proto != IPPROTO_TCP
|
if (e->ip.proto != IPPROTO_TCP
|
||||||
|| (e->ip.invflags & XT_INV_PROTO)) {
|
|| (e->ip.invflags & XT_INV_PROTO)) {
|
||||||
DEBUGP("REJECT: TCP_RESET invalid for non-tcp\n");
|
DEBUGP("REJECT: TCP_RESET invalid for non-tcp\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_target ipt_reject_reg = {
|
static struct xt_target ipt_reject_reg = {
|
||||||
|
|
|
||||||
|
|
@ -33,7 +33,7 @@ MODULE_DESCRIPTION("iptables special SNAT module for consistent sourceip");
|
||||||
#define DEBUGP(format, args...)
|
#define DEBUGP(format, args...)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static int
|
static bool
|
||||||
same_check(const char *tablename,
|
same_check(const char *tablename,
|
||||||
const void *e,
|
const void *e,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
|
|
@ -47,13 +47,13 @@ same_check(const char *tablename,
|
||||||
|
|
||||||
if (mr->rangesize < 1) {
|
if (mr->rangesize < 1) {
|
||||||
DEBUGP("same_check: need at least one dest range.\n");
|
DEBUGP("same_check: need at least one dest range.\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
if (mr->rangesize > IPT_SAME_MAX_RANGE) {
|
if (mr->rangesize > IPT_SAME_MAX_RANGE) {
|
||||||
DEBUGP("same_check: too many ranges specified, maximum "
|
DEBUGP("same_check: too many ranges specified, maximum "
|
||||||
"is %u ranges\n",
|
"is %u ranges\n",
|
||||||
IPT_SAME_MAX_RANGE);
|
IPT_SAME_MAX_RANGE);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
for (count = 0; count < mr->rangesize; count++) {
|
for (count = 0; count < mr->rangesize; count++) {
|
||||||
if (ntohl(mr->range[count].min_ip) >
|
if (ntohl(mr->range[count].min_ip) >
|
||||||
|
|
@ -62,11 +62,11 @@ same_check(const char *tablename,
|
||||||
"range `%u.%u.%u.%u-%u.%u.%u.%u'.\n",
|
"range `%u.%u.%u.%u-%u.%u.%u.%u'.\n",
|
||||||
NIPQUAD(mr->range[count].min_ip),
|
NIPQUAD(mr->range[count].min_ip),
|
||||||
NIPQUAD(mr->range[count].max_ip));
|
NIPQUAD(mr->range[count].max_ip));
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
if (!(mr->range[count].flags & IP_NAT_RANGE_MAP_IPS)) {
|
if (!(mr->range[count].flags & IP_NAT_RANGE_MAP_IPS)) {
|
||||||
DEBUGP("same_check: bad MAP_IPS.\n");
|
DEBUGP("same_check: bad MAP_IPS.\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
rangeip = (ntohl(mr->range[count].max_ip) -
|
rangeip = (ntohl(mr->range[count].max_ip) -
|
||||||
ntohl(mr->range[count].min_ip) + 1);
|
ntohl(mr->range[count].min_ip) + 1);
|
||||||
|
|
@ -81,7 +81,7 @@ same_check(const char *tablename,
|
||||||
DEBUGP("same_check: Couldn't allocate %u bytes "
|
DEBUGP("same_check: Couldn't allocate %u bytes "
|
||||||
"for %u ipaddresses!\n",
|
"for %u ipaddresses!\n",
|
||||||
(sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
|
(sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
DEBUGP("same_check: Allocated %u bytes for %u ipaddresses.\n",
|
DEBUGP("same_check: Allocated %u bytes for %u ipaddresses.\n",
|
||||||
(sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
|
(sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
|
||||||
|
|
@ -97,7 +97,7 @@ same_check(const char *tablename,
|
||||||
index++;
|
index++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
|
|
||||||
|
|
@ -43,7 +43,7 @@ target(struct sk_buff **pskb,
|
||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static bool
|
||||||
checkentry(const char *tablename,
|
checkentry(const char *tablename,
|
||||||
const void *e_void,
|
const void *e_void,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
|
|
@ -58,9 +58,9 @@ checkentry(const char *tablename,
|
||||||
&& tos != IPTOS_MINCOST
|
&& tos != IPTOS_MINCOST
|
||||||
&& tos != IPTOS_NORMALSVC) {
|
&& tos != IPTOS_NORMALSVC) {
|
||||||
printk(KERN_WARNING "TOS: bad tos value %#x\n", tos);
|
printk(KERN_WARNING "TOS: bad tos value %#x\n", tos);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_target ipt_tos_reg = {
|
static struct xt_target ipt_tos_reg = {
|
||||||
|
|
|
||||||
|
|
@ -62,7 +62,7 @@ ipt_ttl_target(struct sk_buff **pskb,
|
||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ipt_ttl_checkentry(const char *tablename,
|
static bool ipt_ttl_checkentry(const char *tablename,
|
||||||
const void *e,
|
const void *e,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
void *targinfo,
|
void *targinfo,
|
||||||
|
|
@ -73,11 +73,11 @@ static int ipt_ttl_checkentry(const char *tablename,
|
||||||
if (info->mode > IPT_TTL_MAXMODE) {
|
if (info->mode > IPT_TTL_MAXMODE) {
|
||||||
printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n",
|
printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n",
|
||||||
info->mode);
|
info->mode);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
if ((info->mode != IPT_TTL_SET) && (info->ttl == 0))
|
if ((info->mode != IPT_TTL_SET) && (info->ttl == 0))
|
||||||
return 0;
|
return false;
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_target ipt_TTL = {
|
static struct xt_target ipt_TTL = {
|
||||||
|
|
|
||||||
|
|
@ -328,7 +328,7 @@ static void ipt_logfn(unsigned int pf,
|
||||||
ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
|
ipt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ipt_ulog_checkentry(const char *tablename,
|
static bool ipt_ulog_checkentry(const char *tablename,
|
||||||
const void *e,
|
const void *e,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
void *targinfo,
|
void *targinfo,
|
||||||
|
|
@ -339,14 +339,14 @@ static int ipt_ulog_checkentry(const char *tablename,
|
||||||
if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
|
if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
|
||||||
DEBUGP("ipt_ULOG: prefix term %i\n",
|
DEBUGP("ipt_ULOG: prefix term %i\n",
|
||||||
loginfo->prefix[sizeof(loginfo->prefix) - 1]);
|
loginfo->prefix[sizeof(loginfo->prefix) - 1]);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
if (loginfo->qthreshold > ULOG_MAX_QLEN) {
|
if (loginfo->qthreshold > ULOG_MAX_QLEN) {
|
||||||
DEBUGP("ipt_ULOG: queue threshold %i > MAX_QLEN\n",
|
DEBUGP("ipt_ULOG: queue threshold %i > MAX_QLEN\n",
|
||||||
loginfo->qthreshold);
|
loginfo->qthreshold);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_COMPAT
|
#ifdef CONFIG_COMPAT
|
||||||
|
|
|
||||||
|
|
@ -140,7 +140,7 @@ static unsigned int ipt_dnat_target(struct sk_buff **pskb,
|
||||||
return nf_nat_setup_info(ct, &mr->range[0], hooknum);
|
return nf_nat_setup_info(ct, &mr->range[0], hooknum);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ipt_snat_checkentry(const char *tablename,
|
static bool ipt_snat_checkentry(const char *tablename,
|
||||||
const void *entry,
|
const void *entry,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
void *targinfo,
|
void *targinfo,
|
||||||
|
|
@ -151,12 +151,12 @@ static int ipt_snat_checkentry(const char *tablename,
|
||||||
/* Must be a valid range */
|
/* Must be a valid range */
|
||||||
if (mr->rangesize != 1) {
|
if (mr->rangesize != 1) {
|
||||||
printk("SNAT: multiple ranges no longer supported\n");
|
printk("SNAT: multiple ranges no longer supported\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ipt_dnat_checkentry(const char *tablename,
|
static bool ipt_dnat_checkentry(const char *tablename,
|
||||||
const void *entry,
|
const void *entry,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
void *targinfo,
|
void *targinfo,
|
||||||
|
|
@ -167,9 +167,9 @@ static int ipt_dnat_checkentry(const char *tablename,
|
||||||
/* Must be a valid range */
|
/* Must be a valid range */
|
||||||
if (mr->rangesize != 1) {
|
if (mr->rangesize != 1) {
|
||||||
printk("DNAT: multiple ranges no longer supported\n");
|
printk("DNAT: multiple ranges no longer supported\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
inline unsigned int
|
inline unsigned int
|
||||||
|
|
|
||||||
|
|
@ -58,7 +58,7 @@ static unsigned int ip6t_hl_target(struct sk_buff **pskb,
|
||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ip6t_hl_checkentry(const char *tablename,
|
static bool ip6t_hl_checkentry(const char *tablename,
|
||||||
const void *entry,
|
const void *entry,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
void *targinfo,
|
void *targinfo,
|
||||||
|
|
@ -69,14 +69,14 @@ static int ip6t_hl_checkentry(const char *tablename,
|
||||||
if (info->mode > IP6T_HL_MAXMODE) {
|
if (info->mode > IP6T_HL_MAXMODE) {
|
||||||
printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n",
|
printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n",
|
||||||
info->mode);
|
info->mode);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
if ((info->mode != IP6T_HL_SET) && (info->hop_limit == 0)) {
|
if ((info->mode != IP6T_HL_SET) && (info->hop_limit == 0)) {
|
||||||
printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
|
printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
|
||||||
"make sense with value 0\n");
|
"make sense with value 0\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_target ip6t_HL = {
|
static struct xt_target ip6t_HL = {
|
||||||
|
|
|
||||||
|
|
@ -448,7 +448,7 @@ ip6t_log_target(struct sk_buff **pskb,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int ip6t_log_checkentry(const char *tablename,
|
static bool ip6t_log_checkentry(const char *tablename,
|
||||||
const void *entry,
|
const void *entry,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
void *targinfo,
|
void *targinfo,
|
||||||
|
|
@ -458,14 +458,14 @@ static int ip6t_log_checkentry(const char *tablename,
|
||||||
|
|
||||||
if (loginfo->level >= 8) {
|
if (loginfo->level >= 8) {
|
||||||
DEBUGP("LOG: level %u >= 8\n", loginfo->level);
|
DEBUGP("LOG: level %u >= 8\n", loginfo->level);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
|
if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
|
||||||
DEBUGP("LOG: prefix term %i\n",
|
DEBUGP("LOG: prefix term %i\n",
|
||||||
loginfo->prefix[sizeof(loginfo->prefix)-1]);
|
loginfo->prefix[sizeof(loginfo->prefix)-1]);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_target ip6t_log_reg = {
|
static struct xt_target ip6t_log_reg = {
|
||||||
|
|
|
||||||
|
|
@ -221,7 +221,7 @@ static unsigned int reject6_target(struct sk_buff **pskb,
|
||||||
return NF_DROP;
|
return NF_DROP;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int check(const char *tablename,
|
static bool check(const char *tablename,
|
||||||
const void *entry,
|
const void *entry,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
void *targinfo,
|
void *targinfo,
|
||||||
|
|
@ -232,16 +232,16 @@ static int check(const char *tablename,
|
||||||
|
|
||||||
if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) {
|
if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) {
|
||||||
printk("ip6t_REJECT: ECHOREPLY is not supported.\n");
|
printk("ip6t_REJECT: ECHOREPLY is not supported.\n");
|
||||||
return 0;
|
return false;
|
||||||
} else if (rejinfo->with == IP6T_TCP_RESET) {
|
} else if (rejinfo->with == IP6T_TCP_RESET) {
|
||||||
/* Must specify that it's a TCP packet */
|
/* Must specify that it's a TCP packet */
|
||||||
if (e->ipv6.proto != IPPROTO_TCP
|
if (e->ipv6.proto != IPPROTO_TCP
|
||||||
|| (e->ipv6.invflags & XT_INV_PROTO)) {
|
|| (e->ipv6.invflags & XT_INV_PROTO)) {
|
||||||
DEBUGP("ip6t_REJECT: TCP_RESET illegal for non-tcp\n");
|
DEBUGP("ip6t_REJECT: TCP_RESET illegal for non-tcp\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_target ip6t_reject_reg = {
|
static struct xt_target ip6t_reject_reg = {
|
||||||
|
|
|
||||||
|
|
@ -76,7 +76,7 @@ target(struct sk_buff **pskb,
|
||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static bool
|
||||||
checkentry(const char *tablename,
|
checkentry(const char *tablename,
|
||||||
const void *entry,
|
const void *entry,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
|
|
@ -88,21 +88,21 @@ checkentry(const char *tablename,
|
||||||
if (nf_ct_l3proto_try_module_get(target->family) < 0) {
|
if (nf_ct_l3proto_try_module_get(target->family) < 0) {
|
||||||
printk(KERN_WARNING "can't load conntrack support for "
|
printk(KERN_WARNING "can't load conntrack support for "
|
||||||
"proto=%d\n", target->family);
|
"proto=%d\n", target->family);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
if (matchinfo->mode == XT_CONNMARK_RESTORE) {
|
if (matchinfo->mode == XT_CONNMARK_RESTORE) {
|
||||||
if (strcmp(tablename, "mangle") != 0) {
|
if (strcmp(tablename, "mangle") != 0) {
|
||||||
printk(KERN_WARNING "CONNMARK: restore can only be "
|
printk(KERN_WARNING "CONNMARK: restore can only be "
|
||||||
"called from \"mangle\" table, not \"%s\"\n",
|
"called from \"mangle\" table, not \"%s\"\n",
|
||||||
tablename);
|
tablename);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (matchinfo->mark > 0xffffffff || matchinfo->mask > 0xffffffff) {
|
if (matchinfo->mark > 0xffffffff || matchinfo->mask > 0xffffffff) {
|
||||||
printk(KERN_WARNING "CONNMARK: Only supports 32bit mark\n");
|
printk(KERN_WARNING "CONNMARK: Only supports 32bit mark\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
|
|
||||||
|
|
@ -85,7 +85,7 @@ static unsigned int target(struct sk_buff **pskb, const struct net_device *in,
|
||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int checkentry(const char *tablename, const void *entry,
|
static bool checkentry(const char *tablename, const void *entry,
|
||||||
const struct xt_target *target, void *targinfo,
|
const struct xt_target *target, void *targinfo,
|
||||||
unsigned int hook_mask)
|
unsigned int hook_mask)
|
||||||
{
|
{
|
||||||
|
|
@ -94,7 +94,7 @@ static int checkentry(const char *tablename, const void *entry,
|
||||||
if (nf_ct_l3proto_try_module_get(target->family) < 0) {
|
if (nf_ct_l3proto_try_module_get(target->family) < 0) {
|
||||||
printk(KERN_WARNING "can't load conntrack support for "
|
printk(KERN_WARNING "can't load conntrack support for "
|
||||||
"proto=%d\n", target->family);
|
"proto=%d\n", target->family);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
switch (info->mode) {
|
switch (info->mode) {
|
||||||
case CONNSECMARK_SAVE:
|
case CONNSECMARK_SAVE:
|
||||||
|
|
@ -103,10 +103,10 @@ static int checkentry(const char *tablename, const void *entry,
|
||||||
|
|
||||||
default:
|
default:
|
||||||
printk(KERN_INFO PFX "invalid mode: %hu\n", info->mode);
|
printk(KERN_INFO PFX "invalid mode: %hu\n", info->mode);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
|
|
||||||
|
|
@ -66,7 +66,7 @@ static unsigned int target6(struct sk_buff **pskb,
|
||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int checkentry(const char *tablename,
|
static bool checkentry(const char *tablename,
|
||||||
const void *e_void,
|
const void *e_void,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
void *targinfo,
|
void *targinfo,
|
||||||
|
|
@ -76,9 +76,9 @@ static int checkentry(const char *tablename,
|
||||||
|
|
||||||
if ((dscp > XT_DSCP_MAX)) {
|
if ((dscp > XT_DSCP_MAX)) {
|
||||||
printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp);
|
printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_target xt_dscp_target[] = {
|
static struct xt_target xt_dscp_target[] = {
|
||||||
|
|
|
||||||
|
|
@ -65,7 +65,7 @@ target_v1(struct sk_buff **pskb,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int
|
static bool
|
||||||
checkentry_v0(const char *tablename,
|
checkentry_v0(const char *tablename,
|
||||||
const void *entry,
|
const void *entry,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
|
|
@ -76,12 +76,12 @@ checkentry_v0(const char *tablename,
|
||||||
|
|
||||||
if (markinfo->mark > 0xffffffff) {
|
if (markinfo->mark > 0xffffffff) {
|
||||||
printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n");
|
printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static bool
|
||||||
checkentry_v1(const char *tablename,
|
checkentry_v1(const char *tablename,
|
||||||
const void *entry,
|
const void *entry,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
|
|
@ -95,13 +95,13 @@ checkentry_v1(const char *tablename,
|
||||||
&& markinfo->mode != XT_MARK_OR) {
|
&& markinfo->mode != XT_MARK_OR) {
|
||||||
printk(KERN_WARNING "MARK: unknown mode %u\n",
|
printk(KERN_WARNING "MARK: unknown mode %u\n",
|
||||||
markinfo->mode);
|
markinfo->mode);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
if (markinfo->mark > 0xffffffff) {
|
if (markinfo->mark > 0xffffffff) {
|
||||||
printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n");
|
printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_COMPAT
|
#ifdef CONFIG_COMPAT
|
||||||
|
|
|
||||||
|
|
@ -38,7 +38,7 @@ nflog_target(struct sk_buff **pskb,
|
||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static bool
|
||||||
nflog_checkentry(const char *tablename, const void *entry,
|
nflog_checkentry(const char *tablename, const void *entry,
|
||||||
const struct xt_target *target, void *targetinfo,
|
const struct xt_target *target, void *targetinfo,
|
||||||
unsigned int hookmask)
|
unsigned int hookmask)
|
||||||
|
|
@ -46,10 +46,10 @@ nflog_checkentry(const char *tablename, const void *entry,
|
||||||
struct xt_nflog_info *info = targetinfo;
|
struct xt_nflog_info *info = targetinfo;
|
||||||
|
|
||||||
if (info->flags & ~XT_NFLOG_MASK)
|
if (info->flags & ~XT_NFLOG_MASK)
|
||||||
return 0;
|
return false;
|
||||||
if (info->prefix[sizeof(info->prefix) - 1] != '\0')
|
if (info->prefix[sizeof(info->prefix) - 1] != '\0')
|
||||||
return 0;
|
return false;
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_target xt_nflog_target[] = {
|
static struct xt_target xt_nflog_target[] = {
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,7 @@ static unsigned int target(struct sk_buff **pskb, const struct net_device *in,
|
||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int checkentry_selinux(struct xt_secmark_target_info *info)
|
static bool checkentry_selinux(struct xt_secmark_target_info *info)
|
||||||
{
|
{
|
||||||
int err;
|
int err;
|
||||||
struct xt_secmark_target_selinux_info *sel = &info->u.sel;
|
struct xt_secmark_target_selinux_info *sel = &info->u.sel;
|
||||||
|
|
@ -63,25 +63,25 @@ static int checkentry_selinux(struct xt_secmark_target_info *info)
|
||||||
if (err == -EINVAL)
|
if (err == -EINVAL)
|
||||||
printk(KERN_INFO PFX "invalid SELinux context \'%s\'\n",
|
printk(KERN_INFO PFX "invalid SELinux context \'%s\'\n",
|
||||||
sel->selctx);
|
sel->selctx);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!sel->selsid) {
|
if (!sel->selsid) {
|
||||||
printk(KERN_INFO PFX "unable to map SELinux context \'%s\'\n",
|
printk(KERN_INFO PFX "unable to map SELinux context \'%s\'\n",
|
||||||
sel->selctx);
|
sel->selctx);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
err = selinux_relabel_packet_permission(sel->selsid);
|
err = selinux_relabel_packet_permission(sel->selsid);
|
||||||
if (err) {
|
if (err) {
|
||||||
printk(KERN_INFO PFX "unable to obtain relabeling permission\n");
|
printk(KERN_INFO PFX "unable to obtain relabeling permission\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int checkentry(const char *tablename, const void *entry,
|
static bool checkentry(const char *tablename, const void *entry,
|
||||||
const struct xt_target *target, void *targinfo,
|
const struct xt_target *target, void *targinfo,
|
||||||
unsigned int hook_mask)
|
unsigned int hook_mask)
|
||||||
{
|
{
|
||||||
|
|
@ -90,23 +90,23 @@ static int checkentry(const char *tablename, const void *entry,
|
||||||
if (mode && mode != info->mode) {
|
if (mode && mode != info->mode) {
|
||||||
printk(KERN_INFO PFX "mode already set to %hu cannot mix with "
|
printk(KERN_INFO PFX "mode already set to %hu cannot mix with "
|
||||||
"rules for mode %hu\n", mode, info->mode);
|
"rules for mode %hu\n", mode, info->mode);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
switch (info->mode) {
|
switch (info->mode) {
|
||||||
case SECMARK_MODE_SEL:
|
case SECMARK_MODE_SEL:
|
||||||
if (!checkentry_selinux(info))
|
if (!checkentry_selinux(info))
|
||||||
return 0;
|
return false;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
printk(KERN_INFO PFX "invalid mode: %hu\n", info->mode);
|
printk(KERN_INFO PFX "invalid mode: %hu\n", info->mode);
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!mode)
|
if (!mode)
|
||||||
mode = info->mode;
|
mode = info->mode;
|
||||||
return 1;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct xt_target xt_secmark_target[] = {
|
static struct xt_target xt_secmark_target[] = {
|
||||||
|
|
|
||||||
|
|
@ -197,19 +197,19 @@ xt_tcpmss_target6(struct sk_buff **pskb,
|
||||||
#define TH_SYN 0x02
|
#define TH_SYN 0x02
|
||||||
|
|
||||||
/* Must specify -p tcp --syn */
|
/* Must specify -p tcp --syn */
|
||||||
static inline int find_syn_match(const struct xt_entry_match *m)
|
static inline bool find_syn_match(const struct xt_entry_match *m)
|
||||||
{
|
{
|
||||||
const struct xt_tcp *tcpinfo = (const struct xt_tcp *)m->data;
|
const struct xt_tcp *tcpinfo = (const struct xt_tcp *)m->data;
|
||||||
|
|
||||||
if (strcmp(m->u.kernel.match->name, "tcp") == 0 &&
|
if (strcmp(m->u.kernel.match->name, "tcp") == 0 &&
|
||||||
tcpinfo->flg_cmp & TH_SYN &&
|
tcpinfo->flg_cmp & TH_SYN &&
|
||||||
!(tcpinfo->invflags & XT_TCP_INV_FLAGS))
|
!(tcpinfo->invflags & XT_TCP_INV_FLAGS))
|
||||||
return 1;
|
return true;
|
||||||
|
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static bool
|
||||||
xt_tcpmss_checkentry4(const char *tablename,
|
xt_tcpmss_checkentry4(const char *tablename,
|
||||||
const void *entry,
|
const void *entry,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
|
|
@ -225,16 +225,16 @@ xt_tcpmss_checkentry4(const char *tablename,
|
||||||
(1 << NF_IP_POST_ROUTING))) != 0) {
|
(1 << NF_IP_POST_ROUTING))) != 0) {
|
||||||
printk("xt_TCPMSS: path-MTU clamping only supported in "
|
printk("xt_TCPMSS: path-MTU clamping only supported in "
|
||||||
"FORWARD, OUTPUT and POSTROUTING hooks\n");
|
"FORWARD, OUTPUT and POSTROUTING hooks\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
if (IPT_MATCH_ITERATE(e, find_syn_match))
|
if (IPT_MATCH_ITERATE(e, find_syn_match))
|
||||||
return 1;
|
return true;
|
||||||
printk("xt_TCPMSS: Only works on TCP SYN packets\n");
|
printk("xt_TCPMSS: Only works on TCP SYN packets\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
|
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
|
||||||
static int
|
static bool
|
||||||
xt_tcpmss_checkentry6(const char *tablename,
|
xt_tcpmss_checkentry6(const char *tablename,
|
||||||
const void *entry,
|
const void *entry,
|
||||||
const struct xt_target *target,
|
const struct xt_target *target,
|
||||||
|
|
@ -250,12 +250,12 @@ xt_tcpmss_checkentry6(const char *tablename,
|
||||||
(1 << NF_IP6_POST_ROUTING))) != 0) {
|
(1 << NF_IP6_POST_ROUTING))) != 0) {
|
||||||
printk("xt_TCPMSS: path-MTU clamping only supported in "
|
printk("xt_TCPMSS: path-MTU clamping only supported in "
|
||||||
"FORWARD, OUTPUT and POSTROUTING hooks\n");
|
"FORWARD, OUTPUT and POSTROUTING hooks\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
if (IP6T_MATCH_ITERATE(e, find_syn_match))
|
if (IP6T_MATCH_ITERATE(e, find_syn_match))
|
||||||
return 1;
|
return true;
|
||||||
printk("xt_TCPMSS: Only works on TCP SYN packets\n");
|
printk("xt_TCPMSS: Only works on TCP SYN packets\n");
|
||||||
return 0;
|
return false;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче