diff --git a/extensions/ACCOUNT/xt_ACCOUNT.c b/extensions/ACCOUNT/xt_ACCOUNT.c index 1c5b1e0..2e0263d 100644 --- a/extensions/ACCOUNT/xt_ACCOUNT.c +++ b/extensions/ACCOUNT/xt_ACCOUNT.c @@ -264,7 +264,7 @@ static int ipt_acc_table_insert(const char *name, __be32 ip, __be32 netmask) return -1; } -static bool ipt_acc_checkentry(const struct xt_tgchk_param *par) +static int ipt_acc_checkentry(const struct xt_tgchk_param *par) { struct ipt_acc_info *info = par->targinfo; int table_nr; @@ -276,13 +276,13 @@ static bool ipt_acc_checkentry(const struct xt_tgchk_param *par) if (table_nr == -1) { printk("ACCOUNT: Table insert problem. Aborting\n"); - return false; + return -EINVAL; } /* Table nr caching so we don't have to do an extra string compare for every packet */ info->table_nr = table_nr; - return true; + return 0; } static void ipt_acc_destroy(const struct xt_tgdtor_param *par) diff --git a/extensions/compat_xtables.c b/extensions/compat_xtables.c index 7244d90..3747e53 100644 --- a/extensions/compat_xtables.c +++ b/extensions/compat_xtables.c @@ -84,6 +84,19 @@ static bool xtnu_match_check(const char *table, const void *entry, return nm->checkentry(&local_par); } #endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28) && \ + LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34) +static bool xtnu_match_check(const struct xt_mtchk_param *par) +{ + struct xtnu_match *nm = xtcompat_numatch(cm); + + if (nm == NULL) + return false; + if (nm->checkentry == NULL) + return true; + return nm->checkentry(par) == 0 ? true : false; +} +#endif #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28) && \ LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 34) @@ -264,6 +277,20 @@ static bool xtnu_target_check(const char *table, const void *entry, } #endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28) && \ + LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 34) +static bool xtnu_target_check(const struct xt_tgchk_param *par) +{ + struct xtnu_target *nt = xtcompat_nutarget(cm); + + if (nt == NULL) + return false; + if (nt->checkentry == NULL) + return true; + return nt->checkentry(par) == 0 ? true : false; +} +#endif + #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo, unsigned int targinfosize) @@ -306,7 +333,7 @@ int xtnu_register_target(struct xtnu_target *nt) ct->hooks = nt->hooks; ct->proto = nt->proto; ct->target = xtnu_target_run; -#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34) ct->checkentry = xtnu_target_check; ct->destroy = xtnu_target_destroy; #else diff --git a/extensions/compat_xtnu.h b/extensions/compat_xtnu.h index f4477d1..89ca715 100644 --- a/extensions/compat_xtnu.h +++ b/extensions/compat_xtnu.h @@ -85,7 +85,7 @@ struct xtnu_match { struct list_head list; char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)]; bool (*match)(const struct sk_buff *, const struct xt_match_param *); - bool (*checkentry)(const struct xt_mtchk_param *); + int (*checkentry)(const struct xt_mtchk_param *); void (*destroy)(const struct xt_mtdtor_param *); struct module *me; const char *table; @@ -101,7 +101,7 @@ struct xtnu_target { char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)]; unsigned int (*target)(struct sk_buff **, const struct xt_target_param *); - bool (*checkentry)(const struct xt_tgchk_param *); + int (*checkentry)(const struct xt_tgchk_param *); void (*destroy)(const struct xt_tgdtor_param *); struct module *me; const char *table; diff --git a/extensions/ipset/ipt_SET.c b/extensions/ipset/ipt_SET.c index 6960309..9dfe3c9 100644 --- a/extensions/ipset/ipt_SET.c +++ b/extensions/ipset/ipt_SET.c @@ -45,7 +45,7 @@ target(struct sk_buff **pskb, const struct xt_target_param *par) return XT_CONTINUE; } -static bool +static int checkentry(const struct xt_tgchk_param *par) { struct ipt_set_info_target *info = par->targinfo; @@ -54,7 +54,7 @@ checkentry(const struct xt_tgchk_param *par) #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) if (targinfosize != IPT_ALIGN(sizeof(*info))) { DP("bad target info size %u", targinfosize); - return 0; + return -EINVAL; } #endif @@ -63,7 +63,7 @@ checkentry(const struct xt_tgchk_param *par) if (index == IP_SET_INVALID_ID) { ip_set_printk("cannot find add_set index %u as target", info->add_set.index); - return 0; /* error */ + return -EINVAL; } } @@ -72,16 +72,16 @@ checkentry(const struct xt_tgchk_param *par) if (index == IP_SET_INVALID_ID) { ip_set_printk("cannot find del_set index %u as target", info->del_set.index); - return 0; /* error */ + return -EINVAL; } } if (info->add_set.flags[IP_SET_MAX_BINDINGS] != 0 || info->del_set.flags[IP_SET_MAX_BINDINGS] != 0) { ip_set_printk("That's nasty!"); - return 0; /* error */ + return -EINVAL; } - return 1; + return 0; } static void destroy(const struct xt_tgdtor_param *par) diff --git a/extensions/xt_CHAOS.c b/extensions/xt_CHAOS.c index 394a649..63e5482 100644 --- a/extensions/xt_CHAOS.c +++ b/extensions/xt_CHAOS.c @@ -141,22 +141,22 @@ chaos_tg(struct sk_buff **pskb, const struct xt_target_param *par) return NF_DROP; } -static bool chaos_tg_check(const struct xt_tgchk_param *par) +static int chaos_tg_check(const struct xt_tgchk_param *par) { const struct xt_chaos_tginfo *info = par->targinfo; if (info->variant == XTCHAOS_DELUDE && !have_delude) { printk(KERN_WARNING PFX "Error: Cannot use --delude when " "DELUDE module not available\n"); - return false; + return -EINVAL; } if (info->variant == XTCHAOS_TARPIT && !have_tarpit) { printk(KERN_WARNING PFX "Error: Cannot use --tarpit when " "TARPIT module not available\n"); - return false; + return -EINVAL; } - return true; + return 0; } static struct xt_target chaos_tg_reg = { diff --git a/extensions/xt_LOGMARK.c b/extensions/xt_LOGMARK.c index 917a809..5fadf09 100644 --- a/extensions/xt_LOGMARK.c +++ b/extensions/xt_LOGMARK.c @@ -81,17 +81,17 @@ logmark_tg(struct sk_buff **pskb, const struct xt_target_param *par) return XT_CONTINUE; } -static bool +static int logmark_tg_check(const struct xt_tgchk_param *par) { const struct xt_logmark_tginfo *info = par->targinfo; if (info->level >= 8) { pr_debug("LOGMARK: level %u >= 8\n", info->level); - return false; + return -EINVAL; } - return true; + return 0; } static struct xt_target logmark_tg_reg[] __read_mostly = { diff --git a/extensions/xt_RAWNAT.c b/extensions/xt_RAWNAT.c index b8c7bc7..4bb44ee 100644 --- a/extensions/xt_RAWNAT.c +++ b/extensions/xt_RAWNAT.c @@ -283,15 +283,15 @@ rawdnat_tg6(struct sk_buff **pskb, const struct xt_target_param *par) } #endif -static bool rawnat_tg_check(const struct xt_tgchk_param *par) +static int rawnat_tg_check(const struct xt_tgchk_param *par) { if (strcmp(par->table, "raw") == 0 || strcmp(par->table, "rawpost") == 0) - return true; + return 0; printk(KERN_ERR KBUILD_MODNAME " may only be used in the \"raw\" or " "\"rawpost\" table.\n"); - return false; + return -EINVAL; } static struct xt_target rawnat_tg_reg[] __read_mostly = { diff --git a/extensions/xt_SYSRQ.c b/extensions/xt_SYSRQ.c index ffcb6ee..3356165 100644 --- a/extensions/xt_SYSRQ.c +++ b/extensions/xt_SYSRQ.c @@ -253,9 +253,8 @@ sysrq_tg6(struct sk_buff **pskb, const struct xt_target_param *par) } #endif -static bool sysrq_tg_check(const struct xt_tgchk_param *par) +static int sysrq_tg_check(const struct xt_tgchk_param *par) { - if (par->target->family == NFPROTO_IPV4) { const struct ipt_entry *entry = par->entryinfo; @@ -272,11 +271,11 @@ static bool sysrq_tg_check(const struct xt_tgchk_param *par) goto out; } - return true; + return 0; out: printk(KERN_ERR KBUILD_MODNAME ": only available for UDP and UDP-Lite"); - return false; + return -EINVAL; } static struct xt_target sysrq_tg_reg[] __read_mostly = { diff --git a/extensions/xt_TEE.c b/extensions/xt_TEE.c index c9a4bda..747e2a1 100644 --- a/extensions/xt_TEE.c +++ b/extensions/xt_TEE.c @@ -288,13 +288,13 @@ tee_tg6(struct sk_buff **pskb, const struct xt_target_param *par) } #endif /* WITH_IPV6 */ -static bool tee_tg_check(const struct xt_tgchk_param *par) +static int tee_tg_check(const struct xt_tgchk_param *par) { const struct xt_tee_tginfo *info = par->targinfo; /* 0.0.0.0 and :: not allowed */ - return memcmp(&info->gw, &tee_zero_address, - sizeof(tee_zero_address)) != 0; + return (memcmp(&info->gw, &tee_zero_address, + sizeof(tee_zero_address)) == 0) ? -EINVAL : 0; } static struct xt_target tee_tg_reg[] __read_mostly = {