diff --git a/extensions/compat_xtables.c b/extensions/compat_xtables.c index dbf5c11..7244d90 100644 --- a/extensions/compat_xtables.c +++ b/extensions/compat_xtables.c @@ -85,6 +85,20 @@ static bool xtnu_match_check(const char *table, const void *entry, } #endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28) && \ + LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 34) +static bool xtnu_match_check(const struct xt_mtchk_param *par) +{ + struct xtnu_match *nm = xtcompat_numatch(cm); + + if (nm == NULL) + return false; + if (nm->checkentry == NULL) + return true; + return nm->checkentry(par); +} +#endif + #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo, unsigned int matchinfosize) @@ -105,7 +119,7 @@ static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo) } #endif -#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34) int xtnu_register_match(struct xtnu_match *nt) { struct xt_match *ct; diff --git a/extensions/compat_xtables.h b/extensions/compat_xtables.h index 343fca6..92748a8 100644 --- a/extensions/compat_xtables.h +++ b/extensions/compat_xtables.h @@ -60,7 +60,7 @@ # define init_net__proc_net init_net.proc_net #endif -#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34) # define xt_match xtnu_match # define xt_register_match xtnu_register_match # define xt_unregister_match xtnu_unregister_match diff --git a/extensions/ipset/ipt_set.c b/extensions/ipset/ipt_set.c index c8af290..ec1a40f 100644 --- a/extensions/ipset/ipt_set.c +++ b/extensions/ipset/ipt_set.c @@ -47,7 +47,7 @@ match(const struct sk_buff *skb, const struct xt_match_param *par) info->match_set.flags[0] & IPSET_MATCH_INV); } -static bool +static int checkentry(const struct xt_mtchk_param *par) { struct ipt_set_info_match *info = par->matchinfo; @@ -56,7 +56,7 @@ checkentry(const struct xt_mtchk_param *par) #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) { ip_set_printk("invalid matchsize %d", matchsize); - return 0; + return -EINVAL; } #endif @@ -65,14 +65,14 @@ checkentry(const struct xt_mtchk_param *par) if (index == IP_SET_INVALID_ID) { ip_set_printk("Cannot find set indentified by id %u to match", info->match_set.index); - return 0; /* error */ + return -ENOENT; } if (info->match_set.flags[IP_SET_MAX_BINDINGS] != 0) { ip_set_printk("That's nasty!"); - return 0; /* error */ + return -EINVAL; } - return 1; + return 0; } static void destroy(const struct xt_mtdtor_param *par) diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c index 842654e..a700041 100644 --- a/extensions/pknock/xt_pknock.c +++ b/extensions/pknock/xt_pknock.c @@ -1064,9 +1064,9 @@ out: return ret; } -#define RETURN_ERR(err) do { printk(KERN_ERR PKNOCK err); return false; } while (false) +#define RETURN_ERR(err) do { printk(KERN_ERR PKNOCK err); return -EINVAL; } while (false) -static bool pknock_mt_check(const struct xt_mtchk_param *par) +static int pknock_mt_check(const struct xt_mtchk_param *par) { struct xt_pknock_mtinfo *info = par->matchinfo; @@ -1124,9 +1124,10 @@ static bool pknock_mt_check(const struct xt_mtchk_param *par) } if (!add_rule(info)) + /* should ENOMEM here */ RETURN_ERR("add_rule() error in checkentry() function.\n"); - return true; + return 0; } static void pknock_mt_destroy(const struct xt_mtdtor_param *par) diff --git a/extensions/xt_condition.c b/extensions/xt_condition.c index 3aed62c..f5fb98d 100644 --- a/extensions/xt_condition.c +++ b/extensions/xt_condition.c @@ -109,7 +109,7 @@ condition_mt(const struct sk_buff *skb, const struct xt_match_param *par) return x ^ info->invert; } -static bool condition_mt_check(const struct xt_mtchk_param *par) +static int condition_mt_check(const struct xt_mtchk_param *par) { struct xt_condition_mtinfo *info = par->matchinfo; struct condition_variable *var; @@ -121,21 +121,21 @@ static bool condition_mt_check(const struct xt_mtchk_param *par) printk(KERN_INFO KBUILD_MODNAME ": name not allowed or too " "long: \"%.*s\"\n", (unsigned int)sizeof(info->name), info->name); - return false; + return -EINVAL; } /* * Let's acquire the lock, check for the condition and add it * or increase the reference counter. */ if (mutex_lock_interruptible(&proc_lock) != 0) - return false; + return -EINTR; list_for_each_entry(var, &conditions_list, list) { if (strcmp(info->name, var->status_proc->name) == 0) { var->refcount++; mutex_unlock(&proc_lock); info->condvar = var; - return true; + return 0; } } @@ -143,7 +143,7 @@ static bool condition_mt_check(const struct xt_mtchk_param *par) var = kmalloc(sizeof(struct condition_variable), GFP_KERNEL); if (var == NULL) { mutex_unlock(&proc_lock); - return false; + return -ENOMEM; } /* Create the condition variable's proc file entry. */ @@ -152,7 +152,7 @@ static bool condition_mt_check(const struct xt_mtchk_param *par) if (var->status_proc == NULL) { kfree(var); mutex_unlock(&proc_lock); - return false; + return -ENOMEM; } var->refcount = 1; @@ -169,7 +169,7 @@ static bool condition_mt_check(const struct xt_mtchk_param *par) var->status_proc->gid = condition_gid_perms; mutex_unlock(&proc_lock); info->condvar = var; - return true; + return 0; } static void condition_mt_destroy(const struct xt_mtdtor_param *par) diff --git a/extensions/xt_fuzzy.c b/extensions/xt_fuzzy.c index 0775cf2..83903b2 100644 --- a/extensions/xt_fuzzy.c +++ b/extensions/xt_fuzzy.c @@ -125,7 +125,7 @@ fuzzy_mt(const struct sk_buff *skb, const struct xt_match_param *par) return false; } -static bool fuzzy_mt_check(const struct xt_mtchk_param *par) +static int fuzzy_mt_check(const struct xt_mtchk_param *par) { const struct xt_fuzzy_mtinfo *info = par->matchinfo; @@ -133,10 +133,10 @@ static bool fuzzy_mt_check(const struct xt_mtchk_param *par) info->maximum_rate > FUZZY_MAX_RATE || info->minimum_rate >= info->maximum_rate) { printk(KERN_INFO KBUILD_MODNAME ": bad values, please check.\n"); - return false; + return -EDOM; } - return true; + return 0; } static struct xt_match fuzzy_mt_reg[] __read_mostly = { diff --git a/extensions/xt_geoip.c b/extensions/xt_geoip.c index 8b9420d..76c643c 100644 --- a/extensions/xt_geoip.c +++ b/extensions/xt_geoip.c @@ -46,23 +46,28 @@ geoip_add_node(const struct geoip_country_user __user *umem_ptr) struct geoip_country_user umem; struct geoip_country_kernel *p; struct geoip_subnet *s; + int ret; if (copy_from_user(&umem, umem_ptr, sizeof(umem)) != 0) - return NULL; + return ERR_PTR(-EFAULT); p = kmalloc(sizeof(struct geoip_country_kernel), GFP_KERNEL); if (p == NULL) - return NULL; + return ERR_PTR(-ENOMEM); p->count = umem.count; p->cc = umem.cc; s = vmalloc(p->count * sizeof(struct geoip_subnet)); - if (s == NULL) + if (s == NULL) { + ret = -ENOMEM; goto free_p; + } if (copy_from_user(s, (const void __user *)(unsigned long)umem.subnets, - p->count * sizeof(struct geoip_subnet)) != 0) + p->count * sizeof(struct geoip_subnet)) != 0) { + ret = -EFAULT; goto free_s; + } p->subnets = s; atomic_set(&p->ref, 1); @@ -78,7 +83,7 @@ geoip_add_node(const struct geoip_country_user __user *umem_ptr) vfree(s); free_p: kfree(p); - return NULL; + return ERR_PTR(ret); } static void geoip_try_remove_node(struct geoip_country_kernel *p) @@ -168,7 +173,7 @@ xt_geoip_mt(const struct sk_buff *skb, const struct xt_match_param *par) return info->flags & XT_GEOIP_INV; } -static bool xt_geoip_mt_checkentry(const struct xt_mtchk_param *par) +static int xt_geoip_mt_checkentry(const struct xt_mtchk_param *par) { struct xt_geoip_match_info *info = par->matchinfo; struct geoip_country_kernel *node; @@ -176,13 +181,15 @@ static bool xt_geoip_mt_checkentry(const struct xt_mtchk_param *par) for (i = 0; i < info->count; i++) { node = find_node(info->cc[i]); - if (node == NULL) - if ((node = geoip_add_node((const void __user *)(unsigned long)info->mem[i].user)) == NULL) { + if (node == NULL) { + node = geoip_add_node((const void __user *)(unsigned long)info->mem[i].user); + if (IS_ERR(node)) { printk(KERN_ERR - "xt_geoip: unable to load '%c%c' into memory\n", - COUNTRY(info->cc[i])); - return false; + "xt_geoip: unable to load '%c%c' into memory: %ld\n", + COUNTRY(info->cc[i]), PTR_ERR(node)); + return PTR_ERR(node); } + } /* Overwrite the now-useless pointer info->mem[i] with * a pointer to the node's kernelspace structure. @@ -192,7 +199,7 @@ static bool xt_geoip_mt_checkentry(const struct xt_mtchk_param *par) info->mem[i].kernel = node; } - return true; + return 0; } static void xt_geoip_mt_destroy(const struct xt_mtdtor_param *par) diff --git a/extensions/xt_lscan.c b/extensions/xt_lscan.c index cf63a90..1f51f82 100644 --- a/extensions/xt_lscan.c +++ b/extensions/xt_lscan.c @@ -216,16 +216,16 @@ lscan_mt(const struct sk_buff *skb, const struct xt_match_param *par) (info->match_gr && ctdata->mark == mark_grscan); } -static bool lscan_mt_check(const struct xt_mtchk_param *par) +static int lscan_mt_check(const struct xt_mtchk_param *par) { const struct xt_lscan_mtinfo *info = par->matchinfo; if ((info->match_stealth & ~1) || (info->match_syn & ~1) || (info->match_cn & ~1) || (info->match_gr & ~1)) { printk(KERN_WARNING PFX "Invalid flags\n"); - return false; + return -EINVAL; } - return true; + return 0; } static struct xt_match lscan_mt_reg[] __read_mostly = { diff --git a/extensions/xt_quota2.c b/extensions/xt_quota2.c index f530b8b..ab9cb08 100644 --- a/extensions/xt_quota2.c +++ b/extensions/xt_quota2.c @@ -144,28 +144,28 @@ q2_get_counter(const struct xt_quota_mtinfo2 *q) return NULL; } -static bool quota_mt2_check(const struct xt_mtchk_param *par) +static int quota_mt2_check(const struct xt_mtchk_param *par) { struct xt_quota_mtinfo2 *q = par->matchinfo; if (q->flags & ~XT_QUOTA_MASK) - return false; + return -EINVAL; q->name[sizeof(q->name)-1] = '\0'; if (*q->name == '.' || strchr(q->name, '/') != NULL) { printk(KERN_ERR "xt_quota<%u>: illegal name\n", par->match->revision); - return false; + return -EINVAL; } q->master = q2_get_counter(q); if (q->master == NULL) { printk(KERN_ERR "xt_quota<%u>: memory alloc failure\n", par->match->revision); - return false; + return -ENOMEM; } - return true; + return 0; } static void quota_mt2_destroy(const struct xt_mtdtor_param *par)