From 1d93a9cbad608f6398ba6c5b588c504ccd35a2ca Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 7 Jul 2007 22:15:35 -0700 Subject: [NETFILTER]: x_tables: switch xt_match->match to bool Switch the return type of match functions to boolean Signed-off-by: Jan Engelhardt Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/netfilter/xt_comment.c | 4 ++-- net/netfilter/xt_connbytes.c | 4 ++-- net/netfilter/xt_connmark.c | 4 ++-- net/netfilter/xt_conntrack.c | 24 ++++++++++++------------ net/netfilter/xt_dccp.c | 22 +++++++++++----------- net/netfilter/xt_dscp.c | 32 ++++++++++++++++---------------- net/netfilter/xt_esp.c | 12 ++++++------ net/netfilter/xt_hashlimit.c | 17 +++++++++-------- net/netfilter/xt_helper.c | 6 +++--- net/netfilter/xt_length.c | 4 ++-- net/netfilter/xt_limit.c | 6 +++--- net/netfilter/xt_mac.c | 2 +- net/netfilter/xt_mark.c | 2 +- net/netfilter/xt_multiport.c | 34 +++++++++++++++++----------------- net/netfilter/xt_physdev.c | 34 ++++++++++++++++------------------ net/netfilter/xt_pkttype.c | 2 +- net/netfilter/xt_policy.c | 26 +++++++++++++------------- net/netfilter/xt_quota.c | 6 +++--- net/netfilter/xt_realm.c | 2 +- net/netfilter/xt_sctp.c | 26 +++++++++++++------------- net/netfilter/xt_state.c | 2 +- net/netfilter/xt_statistic.c | 8 ++++---- net/netfilter/xt_string.c | 16 ++++++++-------- net/netfilter/xt_tcpmss.c | 4 ++-- net/netfilter/xt_tcpudp.c | 39 ++++++++++++++++++--------------------- 25 files changed, 167 insertions(+), 171 deletions(-) (limited to 'net/netfilter') diff --git a/net/netfilter/xt_comment.c b/net/netfilter/xt_comment.c index 20690ea0d466..aa9503ff90ba 100644 --- a/net/netfilter/xt_comment.c +++ b/net/netfilter/xt_comment.c @@ -15,7 +15,7 @@ MODULE_LICENSE("GPL"); MODULE_ALIAS("ipt_comment"); MODULE_ALIAS("ip6t_comment"); -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -26,7 +26,7 @@ match(const struct sk_buff *skb, bool *hotdrop) { /* We always match */ - return 1; + return true; } static struct xt_match xt_comment_match[] = { diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c index 8fe5775901e1..aada7b797549 100644 --- a/net/netfilter/xt_connbytes.c +++ b/net/netfilter/xt_connbytes.c @@ -15,7 +15,7 @@ MODULE_AUTHOR("Harald Welte "); MODULE_DESCRIPTION("iptables match for matching number of pkts/bytes per connection"); MODULE_ALIAS("ipt_connbytes"); -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -35,7 +35,7 @@ match(const struct sk_buff *skb, ct = nf_ct_get(skb, &ctinfo); if (!ct) - return 0; + return false; counters = ct->counters; switch (sinfo->what) { diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c index 8a6d58ab5d2b..3321b80aff4f 100644 --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c @@ -30,7 +30,7 @@ MODULE_DESCRIPTION("IP tables connmark match module"); MODULE_LICENSE("GPL"); MODULE_ALIAS("ipt_connmark"); -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -46,7 +46,7 @@ match(const struct sk_buff *skb, ct = nf_ct_get(skb, &ctinfo); if (!ct) - return 0; + return false; return (((ct->mark) & info->mask) == info->mark) ^ info->invert; } diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index 915c730d3b72..26901f95bf4b 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c @@ -19,7 +19,7 @@ MODULE_AUTHOR("Marc Boucher "); MODULE_DESCRIPTION("iptables connection tracking match module"); MODULE_ALIAS("ipt_conntrack"); -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -54,53 +54,53 @@ match(const struct sk_buff *skb, } if (FWINV((statebit & sinfo->statemask) == 0, XT_CONNTRACK_STATE)) - return 0; + return false; } if (ct == NULL) { if (sinfo->flags & ~XT_CONNTRACK_STATE) - return 0; - return 1; + return false; + return true; } if (sinfo->flags & XT_CONNTRACK_PROTO && FWINV(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum != sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum, XT_CONNTRACK_PROTO)) - return 0; + return false; if (sinfo->flags & XT_CONNTRACK_ORIGSRC && FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip & sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) != sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip, XT_CONNTRACK_ORIGSRC)) - return 0; + return false; if (sinfo->flags & XT_CONNTRACK_ORIGDST && FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip & sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) != sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip, XT_CONNTRACK_ORIGDST)) - return 0; + return false; if (sinfo->flags & XT_CONNTRACK_REPLSRC && FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip & sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) != sinfo->tuple[IP_CT_DIR_REPLY].src.ip, XT_CONNTRACK_REPLSRC)) - return 0; + return false; if (sinfo->flags & XT_CONNTRACK_REPLDST && FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip & sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) != sinfo->tuple[IP_CT_DIR_REPLY].dst.ip, XT_CONNTRACK_REPLDST)) - return 0; + return false; if (sinfo->flags & XT_CONNTRACK_STATUS && FWINV((ct->status & sinfo->statusmask) == 0, XT_CONNTRACK_STATUS)) - return 0; + return false; if(sinfo->flags & XT_CONNTRACK_EXPIRES) { unsigned long expires = timer_pending(&ct->timeout) ? @@ -109,9 +109,9 @@ match(const struct sk_buff *skb, if (FWINV(!(expires >= sinfo->expires_min && expires <= sinfo->expires_max), XT_CONNTRACK_EXPIRES)) - return 0; + return false; } - return 1; + return true; } static int diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c index 3172e7308b35..b0eba4e2c53f 100644 --- a/net/netfilter/xt_dccp.c +++ b/net/netfilter/xt_dccp.c @@ -31,7 +31,7 @@ MODULE_ALIAS("ipt_dccp"); static unsigned char *dccp_optbuf; static DEFINE_SPINLOCK(dccp_buflock); -static inline int +static inline bool dccp_find_option(u_int8_t option, const struct sk_buff *skb, unsigned int protoff, @@ -46,11 +46,11 @@ dccp_find_option(u_int8_t option, if (dh->dccph_doff * 4 < __dccp_hdr_len(dh)) { *hotdrop = true; - return 0; + return false; } if (!optlen) - return 0; + return false; spin_lock_bh(&dccp_buflock); op = skb_header_pointer(skb, protoff + optoff, optlen, dccp_optbuf); @@ -58,13 +58,13 @@ dccp_find_option(u_int8_t option, /* If we don't have the whole header, drop packet. */ spin_unlock_bh(&dccp_buflock); *hotdrop = true; - return 0; + return false; } for (i = 0; i < optlen; ) { if (op[i] == option) { spin_unlock_bh(&dccp_buflock); - return 1; + return true; } if (op[i] < 2) @@ -74,24 +74,24 @@ dccp_find_option(u_int8_t option, } spin_unlock_bh(&dccp_buflock); - return 0; + return false; } -static inline int +static inline bool match_types(const struct dccp_hdr *dh, u_int16_t typemask) { return (typemask & (1 << dh->dccph_type)); } -static inline int +static inline bool match_option(u_int8_t option, const struct sk_buff *skb, unsigned int protoff, const struct dccp_hdr *dh, bool *hotdrop) { return dccp_find_option(option, skb, protoff, dh, hotdrop); } -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -105,12 +105,12 @@ match(const struct sk_buff *skb, struct dccp_hdr _dh, *dh; if (offset) - return 0; + return false; dh = skb_header_pointer(skb, protoff, sizeof(_dh), &_dh); if (dh == NULL) { *hotdrop = true; - return 0; + return false; } return DCCHECK(((ntohs(dh->dccph_sport) >= info->spts[0]) diff --git a/net/netfilter/xt_dscp.c b/net/netfilter/xt_dscp.c index c106d738da6d..c9c6518907a2 100644 --- a/net/netfilter/xt_dscp.c +++ b/net/netfilter/xt_dscp.c @@ -22,22 +22,7 @@ MODULE_LICENSE("GPL"); MODULE_ALIAS("ipt_dscp"); MODULE_ALIAS("ip6t_dscp"); -static int match(const struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - const struct xt_match *match, - const void *matchinfo, - int offset, - unsigned int protoff, - bool *hotdrop) -{ - const struct xt_dscp_info *info = matchinfo; - u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; - - return (dscp == info->dscp) ^ !!info->invert; -} - -static int match6(const struct sk_buff *skb, +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const struct xt_match *match, @@ -45,6 +30,21 @@ static int match6(const struct sk_buff *skb, int offset, unsigned int protoff, bool *hotdrop) +{ + const struct xt_dscp_info *info = matchinfo; + u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; + + return (dscp == info->dscp) ^ !!info->invert; +} + +static bool match6(const struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + const struct xt_match *match, + const void *matchinfo, + int offset, + unsigned int protoff, + bool *hotdrop) { const struct xt_dscp_info *info = matchinfo; u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; diff --git a/net/netfilter/xt_esp.c b/net/netfilter/xt_esp.c index 5d3421bcd850..1a945cb7c359 100644 --- a/net/netfilter/xt_esp.c +++ b/net/netfilter/xt_esp.c @@ -31,10 +31,10 @@ MODULE_ALIAS("ip6t_esp"); #endif /* Returns 1 if the spi is matched by the range, 0 otherwise */ -static inline int -spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) +static inline bool +spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert) { - int r = 0; + bool r; duprintf("esp spi_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ', min, spi, max); r = (spi >= min && spi <= max) ^ invert; @@ -42,7 +42,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) return r; } -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -57,7 +57,7 @@ match(const struct sk_buff *skb, /* Must not be a fragment. */ if (offset) - return 0; + return false; eh = skb_header_pointer(skb, protoff, sizeof(_esp), &_esp); if (eh == NULL) { @@ -66,7 +66,7 @@ match(const struct sk_buff *skb, */ duprintf("Dropping evil ESP tinygram.\n"); *hotdrop = true; - return 0; + return false; } return spi_match(espinfo->spis[0], espinfo->spis[1], ntohl(eh->spi), diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index cd5cba6978c3..21597b755cea 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c @@ -94,7 +94,8 @@ static DEFINE_MUTEX(hlimit_mutex); /* additional checkentry protection */ static HLIST_HEAD(hashlimit_htables); static struct kmem_cache *hashlimit_cachep __read_mostly; -static inline int dst_cmp(const struct dsthash_ent *ent, struct dsthash_dst *b) +static inline bool dst_cmp(const struct dsthash_ent *ent, + struct dsthash_dst *b) { return !memcmp(&ent->dst, b, sizeof(ent->dst)); } @@ -227,18 +228,18 @@ static int htable_create(struct xt_hashlimit_info *minfo, int family) return 0; } -static int select_all(struct xt_hashlimit_htable *ht, struct dsthash_ent *he) +static bool select_all(struct xt_hashlimit_htable *ht, struct dsthash_ent *he) { return 1; } -static int select_gc(struct xt_hashlimit_htable *ht, struct dsthash_ent *he) +static bool select_gc(struct xt_hashlimit_htable *ht, struct dsthash_ent *he) { return (jiffies >= he->expires); } static void htable_selective_cleanup(struct xt_hashlimit_htable *ht, - int (*select)(struct xt_hashlimit_htable *ht, + bool (*select)(struct xt_hashlimit_htable *ht, struct dsthash_ent *he)) { unsigned int i; @@ -432,7 +433,7 @@ hashlimit_init_dst(struct xt_hashlimit_htable *hinfo, struct dsthash_dst *dst, return 0; } -static int +static bool hashlimit_match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -478,17 +479,17 @@ hashlimit_match(const struct sk_buff *skb, /* We're underlimit. */ dh->rateinfo.credit -= dh->rateinfo.cost; spin_unlock_bh(&hinfo->lock); - return 1; + return true; } spin_unlock_bh(&hinfo->lock); /* default case: we're overlimit, thus don't match */ - return 0; + return false; hotdrop: *hotdrop = true; - return 0; + return false; } static int diff --git a/net/netfilter/xt_helper.c b/net/netfilter/xt_helper.c index 0aa090776e27..10c629b34abf 100644 --- a/net/netfilter/xt_helper.c +++ b/net/netfilter/xt_helper.c @@ -28,7 +28,7 @@ MODULE_ALIAS("ip6t_helper"); #define DEBUGP(format, args...) #endif -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -42,7 +42,7 @@ match(const struct sk_buff *skb, struct nf_conn *ct; struct nf_conn_help *master_help; enum ip_conntrack_info ctinfo; - int ret = info->invert; + bool ret = info->invert; ct = nf_ct_get((struct sk_buff *)skb, &ctinfo); if (!ct) { @@ -67,7 +67,7 @@ match(const struct sk_buff *skb, ct->master->helper->name, info->name); if (info->name[0] == '\0') - ret ^= 1; + ret = !ret; else ret ^= !strncmp(master_help->helper->name, info->name, strlen(master_help->helper->name)); diff --git a/net/netfilter/xt_length.c b/net/netfilter/xt_length.c index 621c9ee6d1c9..57bcfacde594 100644 --- a/net/netfilter/xt_length.c +++ b/net/netfilter/xt_length.c @@ -20,7 +20,7 @@ MODULE_LICENSE("GPL"); MODULE_ALIAS("ipt_length"); MODULE_ALIAS("ip6t_length"); -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -36,7 +36,7 @@ match(const struct sk_buff *skb, return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; } -static int +static bool match6(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c index 1133b4ca4904..0cfe241a0493 100644 --- a/net/netfilter/xt_limit.c +++ b/net/netfilter/xt_limit.c @@ -57,7 +57,7 @@ static DEFINE_SPINLOCK(limit_lock); #define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ) -static int +static bool ipt_limit_match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -79,11 +79,11 @@ ipt_limit_match(const struct sk_buff *skb, /* We're not limited. */ r->credit -= r->cost; spin_unlock_bh(&limit_lock); - return 1; + return true; } spin_unlock_bh(&limit_lock); - return 0; + return false; } /* Precision saver. */ diff --git a/net/netfilter/xt_mac.c b/net/netfilter/xt_mac.c index 0e6a28647206..86022027dd63 100644 --- a/net/netfilter/xt_mac.c +++ b/net/netfilter/xt_mac.c @@ -24,7 +24,7 @@ MODULE_DESCRIPTION("iptables mac matching module"); MODULE_ALIAS("ipt_mac"); MODULE_ALIAS("ip6t_mac"); -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, diff --git a/net/netfilter/xt_mark.c b/net/netfilter/xt_mark.c index 944d1ea56029..10c6799cd56a 100644 --- a/net/netfilter/xt_mark.c +++ b/net/netfilter/xt_mark.c @@ -19,7 +19,7 @@ MODULE_DESCRIPTION("iptables mark matching module"); MODULE_ALIAS("ipt_mark"); MODULE_ALIAS("ip6t_mark"); -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, diff --git a/net/netfilter/xt_multiport.c b/net/netfilter/xt_multiport.c index 1dc53ded9887..55feb3d737d4 100644 --- a/net/netfilter/xt_multiport.c +++ b/net/netfilter/xt_multiport.c @@ -33,24 +33,24 @@ MODULE_ALIAS("ip6t_multiport"); #endif /* Returns 1 if the port is matched by the test, 0 otherwise. */ -static inline int +static inline bool ports_match(const u_int16_t *portlist, enum xt_multiport_flags flags, u_int8_t count, u_int16_t src, u_int16_t dst) { unsigned int i; for (i = 0; i < count; i++) { if (flags != XT_MULTIPORT_DESTINATION && portlist[i] == src) - return 1; + return true; if (flags != XT_MULTIPORT_SOURCE && portlist[i] == dst) - return 1; + return true; } - return 0; + return false; } /* Returns 1 if the port is matched by the test, 0 otherwise. */ -static inline int +static inline bool ports_match_v1(const struct xt_multiport_v1 *minfo, u_int16_t src, u_int16_t dst) { @@ -67,34 +67,34 @@ ports_match_v1(const struct xt_multiport_v1 *minfo, if (minfo->flags == XT_MULTIPORT_SOURCE && src >= s && src <= e) - return 1 ^ minfo->invert; + return true ^ minfo->invert; if (minfo->flags == XT_MULTIPORT_DESTINATION && dst >= s && dst <= e) - return 1 ^ minfo->invert; + return true ^ minfo->invert; if (minfo->flags == XT_MULTIPORT_EITHER && ((dst >= s && dst <= e) || (src >= s && src <= e))) - return 1 ^ minfo->invert; + return true ^ minfo->invert; } else { /* exact port matching */ duprintf("src or dst matches with %d?\n", s); if (minfo->flags == XT_MULTIPORT_SOURCE && src == s) - return 1 ^ minfo->invert; + return true ^ minfo->invert; if (minfo->flags == XT_MULTIPORT_DESTINATION && dst == s) - return 1 ^ minfo->invert; + return true ^ minfo->invert; if (minfo->flags == XT_MULTIPORT_EITHER && (src == s || dst == s)) - return 1 ^ minfo->invert; + return true ^ minfo->invert; } } return minfo->invert; } -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -108,7 +108,7 @@ match(const struct sk_buff *skb, const struct xt_multiport *multiinfo = matchinfo; if (offset) - return 0; + return false; pptr = skb_header_pointer(skb, protoff, sizeof(_ports), _ports); if (pptr == NULL) { @@ -117,7 +117,7 @@ match(const struct sk_buff *skb, */ duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); *hotdrop = true; - return 0; + return false; } return ports_match(multiinfo->ports, @@ -125,7 +125,7 @@ match(const struct sk_buff *skb, ntohs(pptr[0]), ntohs(pptr[1])); } -static int +static bool match_v1(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -139,7 +139,7 @@ match_v1(const struct sk_buff *skb, const struct xt_multiport_v1 *multiinfo = matchinfo; if (offset) - return 0; + return false; pptr = skb_header_pointer(skb, protoff, sizeof(_ports), _ports); if (pptr == NULL) { @@ -148,7 +148,7 @@ match_v1(const struct sk_buff *skb, */ duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); *hotdrop = true; - return 0; + return false; } return ports_match_v1(multiinfo, ntohs(pptr[0]), ntohs(pptr[1])); diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c index a6de512fa840..70de6708e884 100644 --- a/net/netfilter/xt_physdev.c +++ b/net/netfilter/xt_physdev.c @@ -14,8 +14,6 @@ #include #include #include -#define MATCH 1 -#define NOMATCH 0 MODULE_LICENSE("GPL"); MODULE_AUTHOR("Bart De Schuymer "); @@ -23,7 +21,7 @@ MODULE_DESCRIPTION("iptables bridge physical device match module"); MODULE_ALIAS("ipt_physdev"); MODULE_ALIAS("ip6t_physdev"); -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -36,7 +34,7 @@ match(const struct sk_buff *skb, int i; static const char nulldevname[IFNAMSIZ]; const struct xt_physdev_info *info = matchinfo; - unsigned int ret; + bool ret; const char *indev, *outdev; struct nf_bridge_info *nf_bridge; @@ -47,58 +45,58 @@ match(const struct sk_buff *skb, /* Return MATCH if the invert flags of the used options are on */ if ((info->bitmask & XT_PHYSDEV_OP_BRIDGED) && !(info->invert & XT_PHYSDEV_OP_BRIDGED)) - return NOMATCH; + return false; if ((info->bitmask & XT_PHYSDEV_OP_ISIN) && !(info->invert & XT_PHYSDEV_OP_ISIN)) - return NOMATCH; + return false; if ((info->bitmask & XT_PHYSDEV_OP_ISOUT) && !(info->invert & XT_PHYSDEV_OP_ISOUT)) - return NOMATCH; + return false; if ((info->bitmask & XT_PHYSDEV_OP_IN) && !(info->invert & XT_PHYSDEV_OP_IN)) - return NOMATCH; + return false; if ((info->bitmask & XT_PHYSDEV_OP_OUT) && !(info->invert & XT_PHYSDEV_OP_OUT)) - return NOMATCH; - return MATCH; + return false; + return true; } /* This only makes sense in the FORWARD and POSTROUTING chains */ if ((info->bitmask & XT_PHYSDEV_OP_BRIDGED) && (!!(nf_bridge->mask & BRNF_BRIDGED) ^ !(info->invert & XT_PHYSDEV_OP_BRIDGED))) - return NOMATCH; + return false; if ((info->bitmask & XT_PHYSDEV_OP_ISIN && (!nf_bridge->physindev ^ !!(info->invert & XT_PHYSDEV_OP_ISIN))) || (info->bitmask & XT_PHYSDEV_OP_ISOUT && (!nf_bridge->physoutdev ^ !!(info->invert & XT_PHYSDEV_OP_ISOUT)))) - return NOMATCH; + return false; if (!(info->bitmask & XT_PHYSDEV_OP_IN)) goto match_outdev; indev = nf_bridge->physindev ? nf_bridge->physindev->name : nulldevname; - for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned int); i++) { + for (i = 0, ret = false; i < IFNAMSIZ/sizeof(unsigned int); i++) { ret |= (((const unsigned int *)indev)[i] ^ ((const unsigned int *)info->physindev)[i]) & ((const unsigned int *)info->in_mask)[i]; } - if ((ret == 0) ^ !(info->invert & XT_PHYSDEV_OP_IN)) - return NOMATCH; + if (!ret ^ !(info->invert & XT_PHYSDEV_OP_IN)) + return false; match_outdev: if (!(info->bitmask & XT_PHYSDEV_OP_OUT)) - return MATCH; + return true; outdev = nf_bridge->physoutdev ? nf_bridge->physoutdev->name : nulldevname; - for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned int); i++) { + for (i = 0, ret = false; i < IFNAMSIZ/sizeof(unsigned int); i++) { ret |= (((const unsigned int *)outdev)[i] ^ ((const unsigned int *)info->physoutdev)[i]) & ((const unsigned int *)info->out_mask)[i]; } - return (ret != 0) ^ !(info->invert & XT_PHYSDEV_OP_OUT); + return ret ^ !(info->invert & XT_PHYSDEV_OP_OUT); } static int diff --git a/net/netfilter/xt_pkttype.c b/net/netfilter/xt_pkttype.c index 692581f40c5f..63239727bc22 100644 --- a/net/netfilter/xt_pkttype.c +++ b/net/netfilter/xt_pkttype.c @@ -21,7 +21,7 @@ MODULE_DESCRIPTION("IP tables match to match on linklayer packet type"); MODULE_ALIAS("ipt_pkttype"); MODULE_ALIAS("ip6t_pkttype"); -static int match(const struct sk_buff *skb, +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const struct xt_match *match, diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c index 6878482cd527..0aa487b1f3b8 100644 --- a/net/netfilter/xt_policy.c +++ b/net/netfilter/xt_policy.c @@ -20,7 +20,7 @@ MODULE_AUTHOR("Patrick McHardy "); MODULE_DESCRIPTION("Xtables IPsec policy matching module"); MODULE_LICENSE("GPL"); -static inline int +static inline bool xt_addr_cmp(const union xt_policy_addr *a1, const union xt_policy_addr *m, const union xt_policy_addr *a2, unsigned short family) { @@ -30,10 +30,10 @@ xt_addr_cmp(const union xt_policy_addr *a1, const union xt_policy_addr *m, case AF_INET6: return !ipv6_masked_addr_cmp(&a1->a6, &m->a6, &a2->a6); } - return 0; + return false; } -static inline int +static inline bool match_xfrm_state(struct xfrm_state *x, const struct xt_policy_elem *e, unsigned short family) { @@ -108,14 +108,14 @@ match_policy_out(const struct sk_buff *skb, const struct xt_policy_info *info, return strict ? i == info->len : 0; } -static int match(const struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - const struct xt_match *match, - const void *matchinfo, - int offset, - unsigned int protoff, - bool *hotdrop) +static bool match(const struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + const struct xt_match *match, + const void *matchinfo, + int offset, + unsigned int protoff, + bool *hotdrop) { const struct xt_policy_info *info = matchinfo; int ret; @@ -126,9 +126,9 @@ static int match(const struct sk_buff *skb, ret = match_policy_out(skb, info, match->family); if (ret < 0) - ret = info->flags & XT_POLICY_MATCH_NONE ? 1 : 0; + ret = info->flags & XT_POLICY_MATCH_NONE ? true : false; else if (info->flags & XT_POLICY_MATCH_NONE) - ret = 0; + ret = false; return ret; } diff --git a/net/netfilter/xt_quota.c b/net/netfilter/xt_quota.c index 53c71ac980fc..6091347e38b3 100644 --- a/net/netfilter/xt_quota.c +++ b/net/netfilter/xt_quota.c @@ -16,19 +16,19 @@ MODULE_ALIAS("ip6t_quota"); static DEFINE_SPINLOCK(quota_lock); -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const struct xt_match *match, const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) { struct xt_quota_info *q = ((struct xt_quota_info *)matchinfo)->master; - int ret = q->flags & XT_QUOTA_INVERT ? 1 : 0; + bool ret = q->flags & XT_QUOTA_INVERT; spin_lock_bh("a_lock); if (q->quota >= skb->len) { q->quota -= skb->len; - ret ^= 1; + ret = !ret; } else { /* we do not allow even small packets from now on */ q->quota = 0; diff --git a/net/netfilter/xt_realm.c b/net/netfilter/xt_realm.c index 41451f57919c..ad82c132694c 100644 --- a/net/netfilter/xt_realm.c +++ b/net/netfilter/xt_realm.c @@ -21,7 +21,7 @@ MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("X_tables realm match"); MODULE_ALIAS("ipt_realm"); -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c index e581afe89098..a118a4c71563 100644 --- a/net/netfilter/xt_sctp.c +++ b/net/netfilter/xt_sctp.c @@ -23,7 +23,7 @@ MODULE_ALIAS("ipt_sctp"); #define SCCHECK(cond, option, flag, invflag) (!((flag) & (option)) \ || (!!((invflag) & (option)) ^ (cond))) -static int +static bool match_flags(const struct xt_sctp_flag_info *flag_info, const int flag_count, u_int8_t chunktype, @@ -37,10 +37,10 @@ match_flags(const struct xt_sctp_flag_info *flag_info, } } - return 1; + return true; } -static inline int +static inline bool match_packet(const struct sk_buff *skb, unsigned int offset, const u_int32_t *chunkmap, @@ -65,7 +65,7 @@ match_packet(const struct sk_buff *skb, if (sch == NULL || sch->length == 0) { duprintf("Dropping invalid SCTP packet.\n"); *hotdrop = true; - return 0; + return false; } duprintf("Chunk num: %d\toffset: %d\ttype: %d\tlength: %d\tflags: %x\n", @@ -80,7 +80,7 @@ match_packet(const struct sk_buff *skb, case SCTP_CHUNK_MATCH_ANY: if (match_flags(flag_info, flag_count, sch->type, sch->flags)) { - return 1; + return true; } break; @@ -94,14 +94,14 @@ match_packet(const struct sk_buff *skb, case SCTP_CHUNK_MATCH_ONLY: if (!match_flags(flag_info, flag_count, sch->type, sch->flags)) { - return 0; + return false; } break; } } else { switch (chunk_match_type) { case SCTP_CHUNK_MATCH_ONLY: - return 0; + return false; } } } while (offset < skb->len); @@ -110,16 +110,16 @@ match_packet(const struct sk_buff *skb, case SCTP_CHUNK_MATCH_ALL: return SCTP_CHUNKMAP_IS_CLEAR(chunkmap); case SCTP_CHUNK_MATCH_ANY: - return 0; + return false; case SCTP_CHUNK_MATCH_ONLY: - return 1; + return true; } /* This will never be reached, but required to stop compiler whine */ - return 0; + return false; } -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -134,14 +134,14 @@ match(const struct sk_buff *skb, if (offset) { duprintf("Dropping non-first fragment.. FIXME\n"); - return 0; + return false; } sh = skb_header_pointer(skb, protoff, sizeof(_sh), &_sh); if (sh == NULL) { duprintf("Dropping evil TCP offset=0 tinygram.\n"); *hotdrop = true; - return 0; + return false; } duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest)); diff --git a/net/netfilter/xt_state.c b/net/netfilter/xt_state.c index 74fe069fc3aa..f77f74ad5c97 100644 --- a/net/netfilter/xt_state.c +++ b/net/netfilter/xt_state.c @@ -20,7 +20,7 @@ MODULE_DESCRIPTION("ip[6]_tables connection tracking state match module"); MODULE_ALIAS("ipt_state"); MODULE_ALIAS("ip6t_state"); -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, diff --git a/net/netfilter/xt_statistic.c b/net/netfilter/xt_statistic.c index 4e5ed81e9ce1..989924f9024e 100644 --- a/net/netfilter/xt_statistic.c +++ b/net/netfilter/xt_statistic.c @@ -24,26 +24,26 @@ MODULE_ALIAS("ip6t_statistic"); static DEFINE_SPINLOCK(nth_lock); -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const struct xt_match *match, const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) { struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo; - int ret = info->flags & XT_STATISTIC_INVERT ? 1 : 0; + bool ret = info->flags & XT_STATISTIC_INVERT; switch (info->mode) { case XT_STATISTIC_MODE_RANDOM: if ((net_random() & 0x7FFFFFFF) < info->u.random.probability) - ret ^= 1; + ret = !ret; break; case XT_STATISTIC_MODE_NTH: info = info->master; spin_lock_bh(&nth_lock); if (info->u.nth.count++ == info->u.nth.every) { info->u.nth.count = 0; - ret ^= 1; + ret = !ret; } spin_unlock_bh(&nth_lock); break; diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c index 7552d8927570..3aea43d37339 100644 --- a/net/netfilter/xt_string.c +++ b/net/netfilter/xt_string.c @@ -21,14 +21,14 @@ MODULE_LICENSE("GPL"); MODULE_ALIAS("ipt_string"); MODULE_ALIAS("ip6t_string"); -static int match(const struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - const struct xt_match *match, - const void *matchinfo, - int offset, - unsigned int protoff, - bool *hotdrop) +static bool match(const struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + const struct xt_match *match, + const void *matchinfo, + int offset, + unsigned int protoff, + bool *hotdrop) { const struct xt_string_info *conf = matchinfo; struct ts_state state; diff --git a/net/netfilter/xt_tcpmss.c b/net/netfilter/xt_tcpmss.c index 0db4f5362180..e9bfd3dd3c81 100644 --- a/net/netfilter/xt_tcpmss.c +++ b/net/netfilter/xt_tcpmss.c @@ -23,7 +23,7 @@ MODULE_AUTHOR("Marc Boucher "); MODULE_DESCRIPTION("iptables TCP MSS match module"); MODULE_ALIAS("ipt_tcpmss"); -static int +static bool match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -78,7 +78,7 @@ out: dropit: *hotdrop = true; - return 0; + return false; } static struct xt_match xt_tcpmss_match[] = { diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c index ca9ccdd931bc..9ecc4a5bd529 100644 --- a/net/netfilter/xt_tcpudp.c +++ b/net/netfilter/xt_tcpudp.c @@ -27,21 +27,18 @@ MODULE_ALIAS("ip6t_tcp"); /* Returns 1 if the port is matched by the range, 0 otherwise */ -static inline int -port_match(u_int16_t min, u_int16_t max, u_int16_t port, int invert) +static inline bool +port_match(u_int16_t min, u_int16_t max, u_int16_t port, bool invert) { - int ret; - - ret = (port >= min && port <= max) ^ invert; - return ret; + return (port >= min && port <= max) ^ invert; } -static int +static bool tcp_find_option(u_int8_t option, const struct sk_buff *skb, unsigned int protoff, unsigned int optlen, - int invert, + bool invert, bool *hotdrop) { /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ @@ -58,7 +55,7 @@ tcp_find_option(u_int8_t option, optlen, _opt); if (op == NULL) { *hotdrop = true; - return 0; + return false; } for (i = 0; i < optlen; ) { @@ -70,7 +67,7 @@ tcp_find_option(u_int8_t option, return invert; } -static int +static bool tcp_match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -95,7 +92,7 @@ tcp_match(const struct sk_buff *skb, *hotdrop = true; } /* Must not be a fragment. */ - return 0; + return false; } #define FWINVTCP(bool,invflg) ((bool) ^ !!(tcpinfo->invflags & invflg)) @@ -106,33 +103,33 @@ tcp_match(const struct sk_buff *skb, can't. Hence, no choice but to drop. */ duprintf("Dropping evil TCP offset=0 tinygram.\n"); *hotdrop = true; - return 0; + return false; } if (!port_match(tcpinfo->spts[0], tcpinfo->spts[1], ntohs(th->source), !!(tcpinfo->invflags & XT_TCP_INV_SRCPT))) - return 0; + return false; if (!port_match(tcpinfo->dpts[0], tcpinfo->dpts[1], ntohs(th->dest), !!(tcpinfo->invflags & XT_TCP_INV_DSTPT))) - return 0; + return false; if (!FWINVTCP((((unsigned char *)th)[13] & tcpinfo->flg_mask) == tcpinfo->flg_cmp, XT_TCP_INV_FLAGS)) - return 0; + return false; if (tcpinfo->option) { if (th->doff * 4 < sizeof(_tcph)) { *hotdrop = true; - return 0; + return false; } if (!tcp_find_option(tcpinfo->option, skb, protoff, th->doff*4 - sizeof(_tcph), tcpinfo->invflags & XT_TCP_INV_OPTION, hotdrop)) - return 0; + return false; } - return 1; + return true; } /* Called when user tries to insert an entry of this type. */ @@ -149,7 +146,7 @@ tcp_checkentry(const char *tablename, return !(tcpinfo->invflags & ~XT_TCP_INV_MASK); } -static int +static bool udp_match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -164,7 +161,7 @@ udp_match(const struct sk_buff *skb, /* Must not be a fragment. */ if (offset) - return 0; + return false; uh = skb_header_pointer(skb, protoff, sizeof(_udph), &_udph); if (uh == NULL) { @@ -172,7 +169,7 @@ udp_match(const struct sk_buff *skb, can't. Hence, no choice but to drop. */ duprintf("Dropping evil UDP tinygram.\n"); *hotdrop = true; - return 0; + return false; } return port_match(udpinfo->spts[0], udpinfo->spts[1], -- cgit v1.2.3