Commit 1d93a9cb authored by Jan Engelhardt's avatar Jan Engelhardt Committed by David S. Miller

[NETFILTER]: x_tables: switch xt_match->match to bool

Switch the return type of match functions to boolean
Signed-off-by: default avatarJan Engelhardt <jengelh@gmx.de>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent cff533ac
...@@ -141,14 +141,14 @@ struct xt_match ...@@ -141,14 +141,14 @@ struct xt_match
/* Arguments changed since 2.6.9, as this must now handle /* Arguments changed since 2.6.9, as this must now handle
non-linear skb, using skb_header_pointer and non-linear skb, using skb_header_pointer and
skb_ip_make_writable. */ skb_ip_make_writable. */
int (*match)(const struct sk_buff *skb, bool (*match)(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
const struct xt_match *match, const struct xt_match *match,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
bool *hotdrop); bool *hotdrop);
/* Called when user tries to insert an entry of this type. */ /* Called when user tries to insert an entry of this type. */
/* Should return true or false. */ /* Should return true or false. */
......
...@@ -183,19 +183,19 @@ ipt_error(struct sk_buff **pskb, ...@@ -183,19 +183,19 @@ ipt_error(struct sk_buff **pskb,
} }
static inline static inline
int do_match(struct ipt_entry_match *m, bool do_match(struct ipt_entry_match *m,
const struct sk_buff *skb, const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
int offset, int offset,
bool *hotdrop) bool *hotdrop)
{ {
/* Stop iteration if it doesn't match */ /* Stop iteration if it doesn't match */
if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data, if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
offset, ip_hdrlen(skb), hotdrop)) offset, ip_hdrlen(skb), hotdrop))
return 1; return true;
else else
return 0; return false;
} }
static inline struct ipt_entry * static inline struct ipt_entry *
...@@ -2105,16 +2105,16 @@ void ipt_unregister_table(struct xt_table *table) ...@@ -2105,16 +2105,16 @@ void ipt_unregister_table(struct xt_table *table)
} }
/* Returns 1 if the type and code is matched by the range, 0 otherwise */ /* Returns 1 if the type and code is matched by the range, 0 otherwise */
static inline int static inline bool
icmp_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code, icmp_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code,
u_int8_t type, u_int8_t code, u_int8_t type, u_int8_t code,
int invert) bool invert)
{ {
return ((test_type == 0xFF) || (type == test_type && code >= min_code && code <= max_code)) return ((test_type == 0xFF) || (type == test_type && code >= min_code && code <= max_code))
^ invert; ^ invert;
} }
static int static bool
icmp_match(const struct sk_buff *skb, icmp_match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -2129,7 +2129,7 @@ icmp_match(const struct sk_buff *skb, ...@@ -2129,7 +2129,7 @@ icmp_match(const struct sk_buff *skb,
/* Must not be a fragment. */ /* Must not be a fragment. */
if (offset) if (offset)
return 0; return false;
ic = skb_header_pointer(skb, protoff, sizeof(_icmph), &_icmph); ic = skb_header_pointer(skb, protoff, sizeof(_icmph), &_icmph);
if (ic == NULL) { if (ic == NULL) {
...@@ -2138,7 +2138,7 @@ icmp_match(const struct sk_buff *skb, ...@@ -2138,7 +2138,7 @@ icmp_match(const struct sk_buff *skb,
*/ */
duprintf("Dropping evil ICMP tinygram.\n"); duprintf("Dropping evil ICMP tinygram.\n");
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
return icmp_type_code_match(icmpinfo->type, return icmp_type_code_match(icmpinfo->type,
......
...@@ -22,19 +22,19 @@ MODULE_LICENSE("GPL"); ...@@ -22,19 +22,19 @@ MODULE_LICENSE("GPL");
MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
MODULE_DESCRIPTION("iptables addrtype match"); MODULE_DESCRIPTION("iptables addrtype match");
static inline int match_type(__be32 addr, u_int16_t mask) static inline bool match_type(__be32 addr, u_int16_t mask)
{ {
return !!(mask & (1 << inet_addr_type(addr))); return !!(mask & (1 << inet_addr_type(addr)));
} }
static int match(const struct sk_buff *skb, static bool match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo, const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop) int offset, unsigned int protoff, bool *hotdrop)
{ {
const struct ipt_addrtype_info *info = matchinfo; const struct ipt_addrtype_info *info = matchinfo;
const struct iphdr *iph = ip_hdr(skb); const struct iphdr *iph = ip_hdr(skb);
int ret = 1; bool ret = true;
if (info->source) if (info->source)
ret &= match_type(iph->saddr, info->source)^info->invert_source; ret &= match_type(iph->saddr, info->source)^info->invert_source;
......
...@@ -25,10 +25,10 @@ MODULE_DESCRIPTION("iptables AH SPI match module"); ...@@ -25,10 +25,10 @@ MODULE_DESCRIPTION("iptables AH SPI match module");
#endif #endif
/* Returns 1 if the spi is matched by the range, 0 otherwise */ /* Returns 1 if the spi is matched by the range, 0 otherwise */
static inline int static inline bool
spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
{ {
int r=0; bool r;
duprintf("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ', duprintf("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ',
min,spi,max); min,spi,max);
r=(spi >= min && spi <= max) ^ invert; r=(spi >= min && spi <= max) ^ invert;
...@@ -36,7 +36,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) ...@@ -36,7 +36,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
return r; return r;
} }
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -51,7 +51,7 @@ match(const struct sk_buff *skb, ...@@ -51,7 +51,7 @@ match(const struct sk_buff *skb,
/* Must not be a fragment. */ /* Must not be a fragment. */
if (offset) if (offset)
return 0; return false;
ah = skb_header_pointer(skb, protoff, ah = skb_header_pointer(skb, protoff,
sizeof(_ahdr), &_ahdr); sizeof(_ahdr), &_ahdr);
......
...@@ -22,15 +22,15 @@ MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); ...@@ -22,15 +22,15 @@ MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
MODULE_DESCRIPTION("iptables ECN matching module"); MODULE_DESCRIPTION("iptables ECN matching module");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
static inline int match_ip(const struct sk_buff *skb, static inline bool match_ip(const struct sk_buff *skb,
const struct ipt_ecn_info *einfo) const struct ipt_ecn_info *einfo)
{ {
return (ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect; return (ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect;
} }
static inline int match_tcp(const struct sk_buff *skb, static inline bool match_tcp(const struct sk_buff *skb,
const struct ipt_ecn_info *einfo, const struct ipt_ecn_info *einfo,
bool *hotdrop) bool *hotdrop)
{ {
struct tcphdr _tcph, *th; struct tcphdr _tcph, *th;
...@@ -40,51 +40,51 @@ static inline int match_tcp(const struct sk_buff *skb, ...@@ -40,51 +40,51 @@ static inline int match_tcp(const struct sk_buff *skb,
th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph); th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
if (th == NULL) { if (th == NULL) {
*hotdrop = false; *hotdrop = false;
return 0; return false;
} }
if (einfo->operation & IPT_ECN_OP_MATCH_ECE) { if (einfo->operation & IPT_ECN_OP_MATCH_ECE) {
if (einfo->invert & IPT_ECN_OP_MATCH_ECE) { if (einfo->invert & IPT_ECN_OP_MATCH_ECE) {
if (th->ece == 1) if (th->ece == 1)
return 0; return false;
} else { } else {
if (th->ece == 0) if (th->ece == 0)
return 0; return false;
} }
} }
if (einfo->operation & IPT_ECN_OP_MATCH_CWR) { if (einfo->operation & IPT_ECN_OP_MATCH_CWR) {
if (einfo->invert & IPT_ECN_OP_MATCH_CWR) { if (einfo->invert & IPT_ECN_OP_MATCH_CWR) {
if (th->cwr == 1) if (th->cwr == 1)
return 0; return false;
} else { } else {
if (th->cwr == 0) if (th->cwr == 0)
return 0; return false;
} }
} }
return 1; return true;
} }
static int match(const struct sk_buff *skb, static bool match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo, const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop) int offset, unsigned int protoff, bool *hotdrop)
{ {
const struct ipt_ecn_info *info = matchinfo; const struct ipt_ecn_info *info = matchinfo;
if (info->operation & IPT_ECN_OP_MATCH_IP) if (info->operation & IPT_ECN_OP_MATCH_IP)
if (!match_ip(skb, info)) if (!match_ip(skb, info))
return 0; return false;
if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) { if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) {
if (ip_hdr(skb)->protocol != IPPROTO_TCP) if (ip_hdr(skb)->protocol != IPPROTO_TCP)
return 0; return false;
if (!match_tcp(skb, info, hotdrop)) if (!match_tcp(skb, info, hotdrop))
return 0; return false;
} }
return 1; return true;
} }
static int checkentry(const char *tablename, const void *ip_void, static int checkentry(const char *tablename, const void *ip_void,
......
...@@ -23,7 +23,7 @@ MODULE_DESCRIPTION("iptables arbitrary IP range match module"); ...@@ -23,7 +23,7 @@ MODULE_DESCRIPTION("iptables arbitrary IP range match module");
#define DEBUGP(format, args...) #define DEBUGP(format, args...)
#endif #endif
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -44,7 +44,7 @@ match(const struct sk_buff *skb, ...@@ -44,7 +44,7 @@ match(const struct sk_buff *skb,
info->flags & IPRANGE_SRC_INV ? "(INV) " : "", info->flags & IPRANGE_SRC_INV ? "(INV) " : "",
NIPQUAD(info->src.min_ip), NIPQUAD(info->src.min_ip),
NIPQUAD(info->src.max_ip)); NIPQUAD(info->src.max_ip));
return 0; return false;
} }
} }
if (info->flags & IPRANGE_DST) { if (info->flags & IPRANGE_DST) {
...@@ -57,10 +57,10 @@ match(const struct sk_buff *skb, ...@@ -57,10 +57,10 @@ match(const struct sk_buff *skb,
info->flags & IPRANGE_DST_INV ? "(INV) " : "", info->flags & IPRANGE_DST_INV ? "(INV) " : "",
NIPQUAD(info->dst.min_ip), NIPQUAD(info->dst.min_ip),
NIPQUAD(info->dst.max_ip)); NIPQUAD(info->dst.max_ip));
return 0; return false;
} }
} }
return 1; return true;
} }
static struct xt_match iprange_match = { static struct xt_match iprange_match = {
......
...@@ -21,7 +21,7 @@ MODULE_LICENSE("GPL"); ...@@ -21,7 +21,7 @@ MODULE_LICENSE("GPL");
MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
MODULE_DESCRIPTION("iptables owner match"); MODULE_DESCRIPTION("iptables owner match");
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -34,21 +34,21 @@ match(const struct sk_buff *skb, ...@@ -34,21 +34,21 @@ match(const struct sk_buff *skb,
const struct ipt_owner_info *info = matchinfo; const struct ipt_owner_info *info = matchinfo;
if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file) if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file)
return 0; return false;
if(info->match & IPT_OWNER_UID) { if(info->match & IPT_OWNER_UID) {
if ((skb->sk->sk_socket->file->f_uid != info->uid) ^ if ((skb->sk->sk_socket->file->f_uid != info->uid) ^
!!(info->invert & IPT_OWNER_UID)) !!(info->invert & IPT_OWNER_UID))
return 0; return false;
} }
if(info->match & IPT_OWNER_GID) { if(info->match & IPT_OWNER_GID) {
if ((skb->sk->sk_socket->file->f_gid != info->gid) ^ if ((skb->sk->sk_socket->file->f_gid != info->gid) ^
!!(info->invert & IPT_OWNER_GID)) !!(info->invert & IPT_OWNER_GID))
return 0; return false;
} }
return 1; return true;
} }
static int static int
......
...@@ -169,7 +169,7 @@ static void recent_table_flush(struct recent_table *t) ...@@ -169,7 +169,7 @@ static void recent_table_flush(struct recent_table *t)
} }
} }
static int static bool
ipt_recent_match(const struct sk_buff *skb, ipt_recent_match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo, const struct xt_match *match, const void *matchinfo,
...@@ -180,7 +180,7 @@ ipt_recent_match(const struct sk_buff *skb, ...@@ -180,7 +180,7 @@ ipt_recent_match(const struct sk_buff *skb,
struct recent_entry *e; struct recent_entry *e;
__be32 addr; __be32 addr;
u_int8_t ttl; u_int8_t ttl;
int ret = info->invert; bool ret = info->invert;
if (info->side == IPT_RECENT_DEST) if (info->side == IPT_RECENT_DEST)
addr = ip_hdr(skb)->daddr; addr = ip_hdr(skb)->daddr;
...@@ -202,15 +202,15 @@ ipt_recent_match(const struct sk_buff *skb, ...@@ -202,15 +202,15 @@ ipt_recent_match(const struct sk_buff *skb,
e = recent_entry_init(t, addr, ttl); e = recent_entry_init(t, addr, ttl);
if (e == NULL) if (e == NULL)
*hotdrop = true; *hotdrop = true;
ret ^= 1; ret = !ret;
goto out; goto out;
} }
if (info->check_set & IPT_RECENT_SET) if (info->check_set & IPT_RECENT_SET)
ret ^= 1; ret = !ret;
else if (info->check_set & IPT_RECENT_REMOVE) { else if (info->check_set & IPT_RECENT_REMOVE) {
recent_entry_remove(t, e); recent_entry_remove(t, e);
ret ^= 1; ret = !ret;
} else if (info->check_set & (IPT_RECENT_CHECK | IPT_RECENT_UPDATE)) { } else if (info->check_set & (IPT_RECENT_CHECK | IPT_RECENT_UPDATE)) {
unsigned long t = jiffies - info->seconds * HZ; unsigned long t = jiffies - info->seconds * HZ;
unsigned int i, hits = 0; unsigned int i, hits = 0;
...@@ -219,7 +219,7 @@ ipt_recent_match(const struct sk_buff *skb, ...@@ -219,7 +219,7 @@ ipt_recent_match(const struct sk_buff *skb,
if (info->seconds && time_after(t, e->stamps[i])) if (info->seconds && time_after(t, e->stamps[i]))
continue; continue;
if (++hits >= info->hit_count) { if (++hits >= info->hit_count) {
ret ^= 1; ret = !ret;
break; break;
} }
} }
......
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("iptables TOS match module"); MODULE_DESCRIPTION("iptables TOS match module");
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
......
...@@ -18,10 +18,10 @@ MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); ...@@ -18,10 +18,10 @@ MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
MODULE_DESCRIPTION("IP tables TTL matching module"); MODULE_DESCRIPTION("IP tables TTL matching module");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
static int match(const struct sk_buff *skb, static bool match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo, const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop) int offset, unsigned int protoff, bool *hotdrop)
{ {
const struct ipt_ttl_info *info = matchinfo; const struct ipt_ttl_info *info = matchinfo;
const u8 ttl = ip_hdr(skb)->ttl; const u8 ttl = ip_hdr(skb)->ttl;
...@@ -42,10 +42,10 @@ static int match(const struct sk_buff *skb, ...@@ -42,10 +42,10 @@ static int match(const struct sk_buff *skb,
default: default:
printk(KERN_WARNING "ipt_ttl: unknown mode %d\n", printk(KERN_WARNING "ipt_ttl: unknown mode %d\n",
info->mode); info->mode);
return 0; return false;
} }
return 0; return false;
} }
static struct xt_match ttl_match = { static struct xt_match ttl_match = {
......
...@@ -96,7 +96,7 @@ ip6t_ext_hdr(u8 nexthdr) ...@@ -96,7 +96,7 @@ ip6t_ext_hdr(u8 nexthdr)
} }
/* Returns whether matches rule or not. */ /* Returns whether matches rule or not. */
static inline int static inline bool
ip6_packet_match(const struct sk_buff *skb, ip6_packet_match(const struct sk_buff *skb,
const char *indev, const char *indev,
const char *outdev, const char *outdev,
...@@ -122,7 +122,7 @@ ip6_packet_match(const struct sk_buff *skb, ...@@ -122,7 +122,7 @@ ip6_packet_match(const struct sk_buff *skb,
dprintf("DST: %u. Mask: %u. Target: %u.%s\n", ip->daddr, dprintf("DST: %u. Mask: %u. Target: %u.%s\n", ip->daddr,
ipinfo->dmsk.s_addr, ipinfo->dst.s_addr, ipinfo->dmsk.s_addr, ipinfo->dst.s_addr,
ipinfo->invflags & IP6T_INV_DSTIP ? " (INV)" : "");*/ ipinfo->invflags & IP6T_INV_DSTIP ? " (INV)" : "");*/
return 0; return false;
} }
/* Look for ifname matches; this should unroll nicely. */ /* Look for ifname matches; this should unroll nicely. */
...@@ -136,7 +136,7 @@ ip6_packet_match(const struct sk_buff *skb, ...@@ -136,7 +136,7 @@ ip6_packet_match(const struct sk_buff *skb,
dprintf("VIA in mismatch (%s vs %s).%s\n", dprintf("VIA in mismatch (%s vs %s).%s\n",
indev, ip6info->iniface, indev, ip6info->iniface,
ip6info->invflags&IP6T_INV_VIA_IN ?" (INV)":""); ip6info->invflags&IP6T_INV_VIA_IN ?" (INV)":"");
return 0; return false;
} }
for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) {
...@@ -149,7 +149,7 @@ ip6_packet_match(const struct sk_buff *skb, ...@@ -149,7 +149,7 @@ ip6_packet_match(const struct sk_buff *skb,
dprintf("VIA out mismatch (%s vs %s).%s\n", dprintf("VIA out mismatch (%s vs %s).%s\n",
outdev, ip6info->outiface, outdev, ip6info->outiface,
ip6info->invflags&IP6T_INV_VIA_OUT ?" (INV)":""); ip6info->invflags&IP6T_INV_VIA_OUT ?" (INV)":"");
return 0; return false;
} }
/* ... might want to do something with class and flowlabel here ... */ /* ... might want to do something with class and flowlabel here ... */
...@@ -163,7 +163,7 @@ ip6_packet_match(const struct sk_buff *skb, ...@@ -163,7 +163,7 @@ ip6_packet_match(const struct sk_buff *skb,
if (protohdr < 0) { if (protohdr < 0) {
if (_frag_off == 0) if (_frag_off == 0)
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
*fragoff = _frag_off; *fragoff = _frag_off;
...@@ -174,17 +174,17 @@ ip6_packet_match(const struct sk_buff *skb, ...@@ -174,17 +174,17 @@ ip6_packet_match(const struct sk_buff *skb,
if (ip6info->proto == protohdr) { if (ip6info->proto == protohdr) {
if(ip6info->invflags & IP6T_INV_PROTO) { if(ip6info->invflags & IP6T_INV_PROTO) {
return 0; return false;
} }
return 1; return true;
} }
/* We need match for the '-p all', too! */ /* We need match for the '-p all', too! */
if ((ip6info->proto != 0) && if ((ip6info->proto != 0) &&
!(ip6info->invflags & IP6T_INV_PROTO)) !(ip6info->invflags & IP6T_INV_PROTO))
return 0; return false;
} }
return 1; return true;
} }
/* should be ip6 safe */ /* should be ip6 safe */
...@@ -219,20 +219,20 @@ ip6t_error(struct sk_buff **pskb, ...@@ -219,20 +219,20 @@ ip6t_error(struct sk_buff **pskb,
} }
static inline static inline
int do_match(struct ip6t_entry_match *m, bool do_match(struct ip6t_entry_match *m,
const struct sk_buff *skb, const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
bool *hotdrop) bool *hotdrop)
{ {
/* Stop iteration if it doesn't match */ /* Stop iteration if it doesn't match */
if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data, if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
offset, protoff, hotdrop)) offset, protoff, hotdrop))
return 1; return true;
else else
return 0; return false;
} }
static inline struct ip6t_entry * static inline struct ip6t_entry *
...@@ -1291,7 +1291,7 @@ icmp6_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code, ...@@ -1291,7 +1291,7 @@ icmp6_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code,
^ invert; ^ invert;
} }
static int static bool
icmp6_match(const struct sk_buff *skb, icmp6_match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -1306,7 +1306,7 @@ icmp6_match(const struct sk_buff *skb, ...@@ -1306,7 +1306,7 @@ icmp6_match(const struct sk_buff *skb,
/* Must not be a fragment. */ /* Must not be a fragment. */
if (offset) if (offset)
return 0; return false;
ic = skb_header_pointer(skb, protoff, sizeof(_icmp), &_icmp); ic = skb_header_pointer(skb, protoff, sizeof(_icmp), &_icmp);
if (ic == NULL) { if (ic == NULL) {
...@@ -1314,7 +1314,7 @@ icmp6_match(const struct sk_buff *skb, ...@@ -1314,7 +1314,7 @@ icmp6_match(const struct sk_buff *skb,
can't. Hence, no choice but to drop. */ can't. Hence, no choice but to drop. */
duprintf("Dropping evil ICMP tinygram.\n"); duprintf("Dropping evil ICMP tinygram.\n");
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
return icmp6_type_code_match(icmpinfo->type, return icmp6_type_code_match(icmpinfo->type,
......
...@@ -30,10 +30,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); ...@@ -30,10 +30,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
#endif #endif
/* Returns 1 if the spi is matched by the range, 0 otherwise */ /* Returns 1 if the spi is matched by the range, 0 otherwise */
static inline int static inline bool
spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
{ {
int r=0; bool r;
DEBUGP("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ', DEBUGP("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ',
min,spi,max); min,spi,max);
r = (spi >= min && spi <= max) ^ invert; r = (spi >= min && spi <= max) ^ invert;
...@@ -41,7 +41,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) ...@@ -41,7 +41,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
return r; return r;
} }
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -61,13 +61,13 @@ match(const struct sk_buff *skb, ...@@ -61,13 +61,13 @@ match(const struct sk_buff *skb,
if (err < 0) { if (err < 0) {
if (err != -ENOENT) if (err != -ENOENT)
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah); ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
if (ah == NULL) { if (ah == NULL) {
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
hdrlen = (ah->hdrlen + 2) << 2; hdrlen = (ah->hdrlen + 2) << 2;
......
...@@ -19,7 +19,7 @@ MODULE_DESCRIPTION("IPv6 EUI64 address checking match"); ...@@ -19,7 +19,7 @@ MODULE_DESCRIPTION("IPv6 EUI64 address checking match");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -36,7 +36,7 @@ match(const struct sk_buff *skb, ...@@ -36,7 +36,7 @@ match(const struct sk_buff *skb,
(skb_mac_header(skb) + ETH_HLEN) <= skb->data) && (skb_mac_header(skb) + ETH_HLEN) <= skb->data) &&
offset != 0) { offset != 0) {
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
memset(eui64, 0, sizeof(eui64)); memset(eui64, 0, sizeof(eui64));
...@@ -55,11 +55,11 @@ match(const struct sk_buff *skb, ...@@ -55,11 +55,11 @@ match(const struct sk_buff *skb,
i++; i++;
if (i == 8) if (i == 8)
return 1; return true;
} }
} }
return 0; return false;
} }
static struct xt_match eui64_match = { static struct xt_match eui64_match = {
......
...@@ -29,10 +29,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); ...@@ -29,10 +29,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
#endif #endif
/* Returns 1 if the id is matched by the range, 0 otherwise */ /* Returns 1 if the id is matched by the range, 0 otherwise */
static inline int static inline bool
id_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert) id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
{ {
int r = 0; bool r;
DEBUGP("frag id_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ', DEBUGP("frag id_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ',
min, id, max); min, id, max);
r = (id >= min && id <= max) ^ invert; r = (id >= min && id <= max) ^ invert;
...@@ -40,7 +40,7 @@ id_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert) ...@@ -40,7 +40,7 @@ id_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert)
return r; return r;
} }
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -59,13 +59,13 @@ match(const struct sk_buff *skb, ...@@ -59,13 +59,13 @@ match(const struct sk_buff *skb,
if (err < 0) { if (err < 0) {
if (err != -ENOENT) if (err != -ENOENT)
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag); fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
if (fh == NULL) { if (fh == NULL) {
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
DEBUGP("INFO %04X ", fh->frag_off); DEBUGP("INFO %04X ", fh->frag_off);
......
...@@ -47,7 +47,7 @@ MODULE_ALIAS("ip6t_dst"); ...@@ -47,7 +47,7 @@ MODULE_ALIAS("ip6t_dst");
* 5 -> RTALERT 2 x x * 5 -> RTALERT 2 x x
*/ */
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -62,7 +62,7 @@ match(const struct sk_buff *skb, ...@@ -62,7 +62,7 @@ match(const struct sk_buff *skb,
unsigned int temp; unsigned int temp;
unsigned int ptr; unsigned int ptr;
unsigned int hdrlen = 0; unsigned int hdrlen = 0;
unsigned int ret = 0; bool ret = false;
u8 _opttype, *tp = NULL; u8 _opttype, *tp = NULL;
u8 _optlen, *lp = NULL; u8 _optlen, *lp = NULL;
unsigned int optlen; unsigned int optlen;
...@@ -72,19 +72,19 @@ match(const struct sk_buff *skb, ...@@ -72,19 +72,19 @@ match(const struct sk_buff *skb,
if (err < 0) { if (err < 0) {
if (err != -ENOENT) if (err != -ENOENT)
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh); oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
if (oh == NULL) { if (oh == NULL) {
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
hdrlen = ipv6_optlen(oh); hdrlen = ipv6_optlen(oh);
if (skb->len - ptr < hdrlen) { if (skb->len - ptr < hdrlen) {
/* Packet smaller than it's length field */ /* Packet smaller than it's length field */
return 0; return false;
} }
DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen); DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);
...@@ -123,7 +123,7 @@ match(const struct sk_buff *skb, ...@@ -123,7 +123,7 @@ match(const struct sk_buff *skb,
DEBUGP("Tbad %02X %02X\n", DEBUGP("Tbad %02X %02X\n",
*tp, *tp,
(optinfo->opts[temp] & 0xFF00) >> 8); (optinfo->opts[temp] & 0xFF00) >> 8);
return 0; return false;
} else { } else {
DEBUGP("Tok "); DEBUGP("Tok ");
} }
...@@ -144,7 +144,7 @@ match(const struct sk_buff *skb, ...@@ -144,7 +144,7 @@ match(const struct sk_buff *skb,
if (spec_len != 0x00FF && spec_len != *lp) { if (spec_len != 0x00FF && spec_len != *lp) {
DEBUGP("Lbad %02X %04X\n", *lp, DEBUGP("Lbad %02X %04X\n", *lp,
spec_len); spec_len);
return 0; return false;
} }
DEBUGP("Lok "); DEBUGP("Lok ");
optlen = *lp + 2; optlen = *lp + 2;
...@@ -167,10 +167,10 @@ match(const struct sk_buff *skb, ...@@ -167,10 +167,10 @@ match(const struct sk_buff *skb,
if (temp == optinfo->optsnr) if (temp == optinfo->optsnr)
return ret; return ret;
else else
return 0; return false;
} }
return 0; return false;
} }
/* Called when user tries to insert an entry of this type. */ /* Called when user tries to insert an entry of this type. */
......
...@@ -19,10 +19,10 @@ MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>"); ...@@ -19,10 +19,10 @@ MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
MODULE_DESCRIPTION("IP tables Hop Limit matching module"); MODULE_DESCRIPTION("IP tables Hop Limit matching module");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
static int match(const struct sk_buff *skb, static bool match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo, const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop) int offset, unsigned int protoff, bool *hotdrop)
{ {
const struct ip6t_hl_info *info = matchinfo; const struct ip6t_hl_info *info = matchinfo;
const struct ipv6hdr *ip6h = ipv6_hdr(skb); const struct ipv6hdr *ip6h = ipv6_hdr(skb);
...@@ -43,10 +43,10 @@ static int match(const struct sk_buff *skb, ...@@ -43,10 +43,10 @@ static int match(const struct sk_buff *skb,
default: default:
printk(KERN_WARNING "ip6t_hl: unknown mode %d\n", printk(KERN_WARNING "ip6t_hl: unknown mode %d\n",
info->mode); info->mode);
return 0; return false;
} }
return 0; return false;
} }
static struct xt_match hl_match = { static struct xt_match hl_match = {
......
...@@ -26,7 +26,7 @@ MODULE_LICENSE("GPL"); ...@@ -26,7 +26,7 @@ MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("IPv6 headers match"); MODULE_DESCRIPTION("IPv6 headers match");
MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
static int static bool
ipv6header_match(const struct sk_buff *skb, ipv6header_match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -58,7 +58,7 @@ ipv6header_match(const struct sk_buff *skb, ...@@ -58,7 +58,7 @@ ipv6header_match(const struct sk_buff *skb,
/* Is there enough space for the next ext header? */ /* Is there enough space for the next ext header? */
if (len < (int)sizeof(struct ipv6_opt_hdr)) if (len < (int)sizeof(struct ipv6_opt_hdr))
return 0; return false;
/* No more exthdr -> evaluate */ /* No more exthdr -> evaluate */
if (nexthdr == NEXTHDR_NONE) { if (nexthdr == NEXTHDR_NONE) {
temp |= MASK_NONE; temp |= MASK_NONE;
...@@ -99,7 +99,7 @@ ipv6header_match(const struct sk_buff *skb, ...@@ -99,7 +99,7 @@ ipv6header_match(const struct sk_buff *skb,
temp |= MASK_DSTOPTS; temp |= MASK_DSTOPTS;
break; break;
default: default:
return 0; return false;
break; break;
} }
......
...@@ -31,16 +31,13 @@ MODULE_LICENSE("GPL"); ...@@ -31,16 +31,13 @@ MODULE_LICENSE("GPL");
#endif #endif
/* Returns 1 if the type is matched by the range, 0 otherwise */ /* Returns 1 if the type is matched by the range, 0 otherwise */
static inline int static inline bool
type_match(u_int8_t min, u_int8_t max, u_int8_t type, int invert) type_match(u_int8_t min, u_int8_t max, u_int8_t type, bool invert)
{ {
int ret; return (type >= min && type <= max) ^ invert;
ret = (type >= min && type <= max) ^ invert;
return ret;
} }
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -55,7 +52,7 @@ match(const struct sk_buff *skb, ...@@ -55,7 +52,7 @@ match(const struct sk_buff *skb,
/* Must not be a fragment. */ /* Must not be a fragment. */
if (offset) if (offset)
return 0; return false;
mh = skb_header_pointer(skb, protoff, sizeof(_mh), &_mh); mh = skb_header_pointer(skb, protoff, sizeof(_mh), &_mh);
if (mh == NULL) { if (mh == NULL) {
...@@ -63,14 +60,14 @@ match(const struct sk_buff *skb, ...@@ -63,14 +60,14 @@ match(const struct sk_buff *skb,
can't. Hence, no choice but to drop. */ can't. Hence, no choice but to drop. */
duprintf("Dropping evil MH tinygram.\n"); duprintf("Dropping evil MH tinygram.\n");
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
if (mh->ip6mh_proto != IPPROTO_NONE) { if (mh->ip6mh_proto != IPPROTO_NONE) {
duprintf("Dropping invalid MH Payload Proto: %u\n", duprintf("Dropping invalid MH Payload Proto: %u\n",
mh->ip6mh_proto); mh->ip6mh_proto);
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
return type_match(mhinfo->types[0], mhinfo->types[1], mh->ip6mh_type, return type_match(mhinfo->types[0], mhinfo->types[1], mh->ip6mh_type,
......
...@@ -23,7 +23,7 @@ MODULE_DESCRIPTION("IP6 tables owner matching module"); ...@@ -23,7 +23,7 @@ MODULE_DESCRIPTION("IP6 tables owner matching module");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -36,21 +36,21 @@ match(const struct sk_buff *skb, ...@@ -36,21 +36,21 @@ match(const struct sk_buff *skb,
const struct ip6t_owner_info *info = matchinfo; const struct ip6t_owner_info *info = matchinfo;
if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file) if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file)
return 0; return false;
if (info->match & IP6T_OWNER_UID) { if (info->match & IP6T_OWNER_UID) {
if ((skb->sk->sk_socket->file->f_uid != info->uid) ^ if ((skb->sk->sk_socket->file->f_uid != info->uid) ^
!!(info->invert & IP6T_OWNER_UID)) !!(info->invert & IP6T_OWNER_UID))
return 0; return false;
} }
if (info->match & IP6T_OWNER_GID) { if (info->match & IP6T_OWNER_GID) {
if ((skb->sk->sk_socket->file->f_gid != info->gid) ^ if ((skb->sk->sk_socket->file->f_gid != info->gid) ^
!!(info->invert & IP6T_OWNER_GID)) !!(info->invert & IP6T_OWNER_GID))
return 0; return false;
} }
return 1; return true;
} }
static int static int
......
...@@ -31,10 +31,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); ...@@ -31,10 +31,10 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
#endif #endif
/* Returns 1 if the id is matched by the range, 0 otherwise */ /* Returns 1 if the id is matched by the range, 0 otherwise */
static inline int static inline bool
segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert) segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert)
{ {
int r = 0; bool r;
DEBUGP("rt segsleft_match:%c 0x%x <= 0x%x <= 0x%x", DEBUGP("rt segsleft_match:%c 0x%x <= 0x%x <= 0x%x",
invert ? '!' : ' ', min, id, max); invert ? '!' : ' ', min, id, max);
r = (id >= min && id <= max) ^ invert; r = (id >= min && id <= max) ^ invert;
...@@ -42,7 +42,7 @@ segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert) ...@@ -42,7 +42,7 @@ segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert)
return r; return r;
} }
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -57,7 +57,7 @@ match(const struct sk_buff *skb, ...@@ -57,7 +57,7 @@ match(const struct sk_buff *skb,
unsigned int temp; unsigned int temp;
unsigned int ptr; unsigned int ptr;
unsigned int hdrlen = 0; unsigned int hdrlen = 0;
unsigned int ret = 0; bool ret = false;
struct in6_addr *ap, _addr; struct in6_addr *ap, _addr;
int err; int err;
...@@ -65,19 +65,19 @@ match(const struct sk_buff *skb, ...@@ -65,19 +65,19 @@ match(const struct sk_buff *skb,
if (err < 0) { if (err < 0) {
if (err != -ENOENT) if (err != -ENOENT)
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route); rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
if (rh == NULL) { if (rh == NULL) {
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
hdrlen = ipv6_optlen(rh); hdrlen = ipv6_optlen(rh);
if (skb->len - ptr < hdrlen) { if (skb->len - ptr < hdrlen) {
/* Pcket smaller than its length field */ /* Pcket smaller than its length field */
return 0; return false;
} }
DEBUGP("IPv6 RT LEN %u %u ", hdrlen, rh->hdrlen); DEBUGP("IPv6 RT LEN %u %u ", hdrlen, rh->hdrlen);
...@@ -136,7 +136,7 @@ match(const struct sk_buff *skb, ...@@ -136,7 +136,7 @@ match(const struct sk_buff *skb,
DEBUGP("Not strict "); DEBUGP("Not strict ");
if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) { if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) {
DEBUGP("There isn't enough space\n"); DEBUGP("There isn't enough space\n");
return 0; return false;
} else { } else {
unsigned int i = 0; unsigned int i = 0;
...@@ -164,13 +164,13 @@ match(const struct sk_buff *skb, ...@@ -164,13 +164,13 @@ match(const struct sk_buff *skb,
if (i == rtinfo->addrnr) if (i == rtinfo->addrnr)
return ret; return ret;
else else
return 0; return false;
} }
} else { } else {
DEBUGP("Strict "); DEBUGP("Strict ");
if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) { if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) {
DEBUGP("There isn't enough space\n"); DEBUGP("There isn't enough space\n");
return 0; return false;
} else { } else {
DEBUGP("#%d ", rtinfo->addrnr); DEBUGP("#%d ", rtinfo->addrnr);
for (temp = 0; temp < rtinfo->addrnr; temp++) { for (temp = 0; temp < rtinfo->addrnr; temp++) {
...@@ -190,11 +190,11 @@ match(const struct sk_buff *skb, ...@@ -190,11 +190,11 @@ match(const struct sk_buff *skb,
(temp == (unsigned int)((hdrlen - 8) / 16))) (temp == (unsigned int)((hdrlen - 8) / 16)))
return ret; return ret;
else else
return 0; return false;
} }
} }
return 0; return false;
} }
/* Called when user tries to insert an entry of this type. */ /* Called when user tries to insert an entry of this type. */
......
...@@ -15,7 +15,7 @@ MODULE_LICENSE("GPL"); ...@@ -15,7 +15,7 @@ MODULE_LICENSE("GPL");
MODULE_ALIAS("ipt_comment"); MODULE_ALIAS("ipt_comment");
MODULE_ALIAS("ip6t_comment"); MODULE_ALIAS("ip6t_comment");
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -26,7 +26,7 @@ match(const struct sk_buff *skb, ...@@ -26,7 +26,7 @@ match(const struct sk_buff *skb,
bool *hotdrop) bool *hotdrop)
{ {
/* We always match */ /* We always match */
return 1; return true;
} }
static struct xt_match xt_comment_match[] = { static struct xt_match xt_comment_match[] = {
......
...@@ -15,7 +15,7 @@ MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); ...@@ -15,7 +15,7 @@ MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
MODULE_DESCRIPTION("iptables match for matching number of pkts/bytes per connection"); MODULE_DESCRIPTION("iptables match for matching number of pkts/bytes per connection");
MODULE_ALIAS("ipt_connbytes"); MODULE_ALIAS("ipt_connbytes");
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -35,7 +35,7 @@ match(const struct sk_buff *skb, ...@@ -35,7 +35,7 @@ match(const struct sk_buff *skb,
ct = nf_ct_get(skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo);
if (!ct) if (!ct)
return 0; return false;
counters = ct->counters; counters = ct->counters;
switch (sinfo->what) { switch (sinfo->what) {
......
...@@ -30,7 +30,7 @@ MODULE_DESCRIPTION("IP tables connmark match module"); ...@@ -30,7 +30,7 @@ MODULE_DESCRIPTION("IP tables connmark match module");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_ALIAS("ipt_connmark"); MODULE_ALIAS("ipt_connmark");
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -46,7 +46,7 @@ match(const struct sk_buff *skb, ...@@ -46,7 +46,7 @@ match(const struct sk_buff *skb,
ct = nf_ct_get(skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo);
if (!ct) if (!ct)
return 0; return false;
return (((ct->mark) & info->mask) == info->mark) ^ info->invert; return (((ct->mark) & info->mask) == info->mark) ^ info->invert;
} }
......
...@@ -19,7 +19,7 @@ MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); ...@@ -19,7 +19,7 @@ MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
MODULE_DESCRIPTION("iptables connection tracking match module"); MODULE_DESCRIPTION("iptables connection tracking match module");
MODULE_ALIAS("ipt_conntrack"); MODULE_ALIAS("ipt_conntrack");
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -54,53 +54,53 @@ match(const struct sk_buff *skb, ...@@ -54,53 +54,53 @@ match(const struct sk_buff *skb,
} }
if (FWINV((statebit & sinfo->statemask) == 0, if (FWINV((statebit & sinfo->statemask) == 0,
XT_CONNTRACK_STATE)) XT_CONNTRACK_STATE))
return 0; return false;
} }
if (ct == NULL) { if (ct == NULL) {
if (sinfo->flags & ~XT_CONNTRACK_STATE) if (sinfo->flags & ~XT_CONNTRACK_STATE)
return 0; return false;
return 1; return true;
} }
if (sinfo->flags & XT_CONNTRACK_PROTO && if (sinfo->flags & XT_CONNTRACK_PROTO &&
FWINV(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum != FWINV(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum !=
sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum, sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum,
XT_CONNTRACK_PROTO)) XT_CONNTRACK_PROTO))
return 0; return false;
if (sinfo->flags & XT_CONNTRACK_ORIGSRC && if (sinfo->flags & XT_CONNTRACK_ORIGSRC &&
FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip & FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip &
sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) != sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) !=
sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip, sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip,
XT_CONNTRACK_ORIGSRC)) XT_CONNTRACK_ORIGSRC))
return 0; return false;
if (sinfo->flags & XT_CONNTRACK_ORIGDST && if (sinfo->flags & XT_CONNTRACK_ORIGDST &&
FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip & FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip &
sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) != sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) !=
sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip, sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip,
XT_CONNTRACK_ORIGDST)) XT_CONNTRACK_ORIGDST))
return 0; return false;
if (sinfo->flags & XT_CONNTRACK_REPLSRC && if (sinfo->flags & XT_CONNTRACK_REPLSRC &&
FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip & FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip &
sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) != sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) !=
sinfo->tuple[IP_CT_DIR_REPLY].src.ip, sinfo->tuple[IP_CT_DIR_REPLY].src.ip,
XT_CONNTRACK_REPLSRC)) XT_CONNTRACK_REPLSRC))
return 0; return false;
if (sinfo->flags & XT_CONNTRACK_REPLDST && if (sinfo->flags & XT_CONNTRACK_REPLDST &&
FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip & FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip &
sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) != sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) !=
sinfo->tuple[IP_CT_DIR_REPLY].dst.ip, sinfo->tuple[IP_CT_DIR_REPLY].dst.ip,
XT_CONNTRACK_REPLDST)) XT_CONNTRACK_REPLDST))
return 0; return false;
if (sinfo->flags & XT_CONNTRACK_STATUS && if (sinfo->flags & XT_CONNTRACK_STATUS &&
FWINV((ct->status & sinfo->statusmask) == 0, FWINV((ct->status & sinfo->statusmask) == 0,
XT_CONNTRACK_STATUS)) XT_CONNTRACK_STATUS))
return 0; return false;
if(sinfo->flags & XT_CONNTRACK_EXPIRES) { if(sinfo->flags & XT_CONNTRACK_EXPIRES) {
unsigned long expires = timer_pending(&ct->timeout) ? unsigned long expires = timer_pending(&ct->timeout) ?
...@@ -109,9 +109,9 @@ match(const struct sk_buff *skb, ...@@ -109,9 +109,9 @@ match(const struct sk_buff *skb,
if (FWINV(!(expires >= sinfo->expires_min && if (FWINV(!(expires >= sinfo->expires_min &&
expires <= sinfo->expires_max), expires <= sinfo->expires_max),
XT_CONNTRACK_EXPIRES)) XT_CONNTRACK_EXPIRES))
return 0; return false;
} }
return 1; return true;
} }
static int static int
......
...@@ -31,7 +31,7 @@ MODULE_ALIAS("ipt_dccp"); ...@@ -31,7 +31,7 @@ MODULE_ALIAS("ipt_dccp");
static unsigned char *dccp_optbuf; static unsigned char *dccp_optbuf;
static DEFINE_SPINLOCK(dccp_buflock); static DEFINE_SPINLOCK(dccp_buflock);
static inline int static inline bool
dccp_find_option(u_int8_t option, dccp_find_option(u_int8_t option,
const struct sk_buff *skb, const struct sk_buff *skb,
unsigned int protoff, unsigned int protoff,
...@@ -46,11 +46,11 @@ dccp_find_option(u_int8_t option, ...@@ -46,11 +46,11 @@ dccp_find_option(u_int8_t option,
if (dh->dccph_doff * 4 < __dccp_hdr_len(dh)) { if (dh->dccph_doff * 4 < __dccp_hdr_len(dh)) {
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
if (!optlen) if (!optlen)
return 0; return false;
spin_lock_bh(&dccp_buflock); spin_lock_bh(&dccp_buflock);
op = skb_header_pointer(skb, protoff + optoff, optlen, dccp_optbuf); op = skb_header_pointer(skb, protoff + optoff, optlen, dccp_optbuf);
...@@ -58,13 +58,13 @@ dccp_find_option(u_int8_t option, ...@@ -58,13 +58,13 @@ dccp_find_option(u_int8_t option,
/* If we don't have the whole header, drop packet. */ /* If we don't have the whole header, drop packet. */
spin_unlock_bh(&dccp_buflock); spin_unlock_bh(&dccp_buflock);
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
for (i = 0; i < optlen; ) { for (i = 0; i < optlen; ) {
if (op[i] == option) { if (op[i] == option) {
spin_unlock_bh(&dccp_buflock); spin_unlock_bh(&dccp_buflock);
return 1; return true;
} }
if (op[i] < 2) if (op[i] < 2)
...@@ -74,24 +74,24 @@ dccp_find_option(u_int8_t option, ...@@ -74,24 +74,24 @@ dccp_find_option(u_int8_t option,
} }
spin_unlock_bh(&dccp_buflock); spin_unlock_bh(&dccp_buflock);
return 0; return false;
} }
static inline int static inline bool
match_types(const struct dccp_hdr *dh, u_int16_t typemask) match_types(const struct dccp_hdr *dh, u_int16_t typemask)
{ {
return (typemask & (1 << dh->dccph_type)); return (typemask & (1 << dh->dccph_type));
} }
static inline int static inline bool
match_option(u_int8_t option, const struct sk_buff *skb, unsigned int protoff, match_option(u_int8_t option, const struct sk_buff *skb, unsigned int protoff,
const struct dccp_hdr *dh, bool *hotdrop) const struct dccp_hdr *dh, bool *hotdrop)
{ {
return dccp_find_option(option, skb, protoff, dh, hotdrop); return dccp_find_option(option, skb, protoff, dh, hotdrop);
} }
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -105,12 +105,12 @@ match(const struct sk_buff *skb, ...@@ -105,12 +105,12 @@ match(const struct sk_buff *skb,
struct dccp_hdr _dh, *dh; struct dccp_hdr _dh, *dh;
if (offset) if (offset)
return 0; return false;
dh = skb_header_pointer(skb, protoff, sizeof(_dh), &_dh); dh = skb_header_pointer(skb, protoff, sizeof(_dh), &_dh);
if (dh == NULL) { if (dh == NULL) {
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
return DCCHECK(((ntohs(dh->dccph_sport) >= info->spts[0]) return DCCHECK(((ntohs(dh->dccph_sport) >= info->spts[0])
......
...@@ -22,22 +22,7 @@ MODULE_LICENSE("GPL"); ...@@ -22,22 +22,7 @@ MODULE_LICENSE("GPL");
MODULE_ALIAS("ipt_dscp"); MODULE_ALIAS("ipt_dscp");
MODULE_ALIAS("ip6t_dscp"); MODULE_ALIAS("ip6t_dscp");
static int match(const struct sk_buff *skb, static bool match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const struct xt_match *match,
const void *matchinfo,
int offset,
unsigned int protoff,
bool *hotdrop)
{
const struct xt_dscp_info *info = matchinfo;
u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
return (dscp == info->dscp) ^ !!info->invert;
}
static int match6(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
const struct xt_match *match, const struct xt_match *match,
...@@ -45,6 +30,21 @@ static int match6(const struct sk_buff *skb, ...@@ -45,6 +30,21 @@ static int match6(const struct sk_buff *skb,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
bool *hotdrop) bool *hotdrop)
{
const struct xt_dscp_info *info = matchinfo;
u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
return (dscp == info->dscp) ^ !!info->invert;
}
static bool match6(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const struct xt_match *match,
const void *matchinfo,
int offset,
unsigned int protoff,
bool *hotdrop)
{ {
const struct xt_dscp_info *info = matchinfo; const struct xt_dscp_info *info = matchinfo;
u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT;
......
...@@ -31,10 +31,10 @@ MODULE_ALIAS("ip6t_esp"); ...@@ -31,10 +31,10 @@ MODULE_ALIAS("ip6t_esp");
#endif #endif
/* Returns 1 if the spi is matched by the range, 0 otherwise */ /* Returns 1 if the spi is matched by the range, 0 otherwise */
static inline int static inline bool
spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert)
{ {
int r = 0; bool r;
duprintf("esp spi_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ', duprintf("esp spi_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ',
min, spi, max); min, spi, max);
r = (spi >= min && spi <= max) ^ invert; r = (spi >= min && spi <= max) ^ invert;
...@@ -42,7 +42,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert) ...@@ -42,7 +42,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
return r; return r;
} }
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -57,7 +57,7 @@ match(const struct sk_buff *skb, ...@@ -57,7 +57,7 @@ match(const struct sk_buff *skb,
/* Must not be a fragment. */ /* Must not be a fragment. */
if (offset) if (offset)
return 0; return false;
eh = skb_header_pointer(skb, protoff, sizeof(_esp), &_esp); eh = skb_header_pointer(skb, protoff, sizeof(_esp), &_esp);
if (eh == NULL) { if (eh == NULL) {
...@@ -66,7 +66,7 @@ match(const struct sk_buff *skb, ...@@ -66,7 +66,7 @@ match(const struct sk_buff *skb,
*/ */
duprintf("Dropping evil ESP tinygram.\n"); duprintf("Dropping evil ESP tinygram.\n");
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
return spi_match(espinfo->spis[0], espinfo->spis[1], ntohl(eh->spi), return spi_match(espinfo->spis[0], espinfo->spis[1], ntohl(eh->spi),
......
...@@ -94,7 +94,8 @@ static DEFINE_MUTEX(hlimit_mutex); /* additional checkentry protection */ ...@@ -94,7 +94,8 @@ static DEFINE_MUTEX(hlimit_mutex); /* additional checkentry protection */
static HLIST_HEAD(hashlimit_htables); static HLIST_HEAD(hashlimit_htables);
static struct kmem_cache *hashlimit_cachep __read_mostly; static struct kmem_cache *hashlimit_cachep __read_mostly;
static inline int dst_cmp(const struct dsthash_ent *ent, struct dsthash_dst *b) static inline bool dst_cmp(const struct dsthash_ent *ent,
struct dsthash_dst *b)
{ {
return !memcmp(&ent->dst, b, sizeof(ent->dst)); return !memcmp(&ent->dst, b, sizeof(ent->dst));
} }
...@@ -227,18 +228,18 @@ static int htable_create(struct xt_hashlimit_info *minfo, int family) ...@@ -227,18 +228,18 @@ static int htable_create(struct xt_hashlimit_info *minfo, int family)
return 0; return 0;
} }
static int select_all(struct xt_hashlimit_htable *ht, struct dsthash_ent *he) static bool select_all(struct xt_hashlimit_htable *ht, struct dsthash_ent *he)
{ {
return 1; return 1;
} }
static int select_gc(struct xt_hashlimit_htable *ht, struct dsthash_ent *he) static bool select_gc(struct xt_hashlimit_htable *ht, struct dsthash_ent *he)
{ {
return (jiffies >= he->expires); return (jiffies >= he->expires);
} }
static void htable_selective_cleanup(struct xt_hashlimit_htable *ht, static void htable_selective_cleanup(struct xt_hashlimit_htable *ht,
int (*select)(struct xt_hashlimit_htable *ht, bool (*select)(struct xt_hashlimit_htable *ht,
struct dsthash_ent *he)) struct dsthash_ent *he))
{ {
unsigned int i; unsigned int i;
...@@ -432,7 +433,7 @@ hashlimit_init_dst(struct xt_hashlimit_htable *hinfo, struct dsthash_dst *dst, ...@@ -432,7 +433,7 @@ hashlimit_init_dst(struct xt_hashlimit_htable *hinfo, struct dsthash_dst *dst,
return 0; return 0;
} }
static int static bool
hashlimit_match(const struct sk_buff *skb, hashlimit_match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -478,17 +479,17 @@ hashlimit_match(const struct sk_buff *skb, ...@@ -478,17 +479,17 @@ hashlimit_match(const struct sk_buff *skb,
/* We're underlimit. */ /* We're underlimit. */
dh->rateinfo.credit -= dh->rateinfo.cost; dh->rateinfo.credit -= dh->rateinfo.cost;
spin_unlock_bh(&hinfo->lock); spin_unlock_bh(&hinfo->lock);
return 1; return true;
} }
spin_unlock_bh(&hinfo->lock); spin_unlock_bh(&hinfo->lock);
/* default case: we're overlimit, thus don't match */ /* default case: we're overlimit, thus don't match */
return 0; return false;
hotdrop: hotdrop:
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
static int static int
......
...@@ -28,7 +28,7 @@ MODULE_ALIAS("ip6t_helper"); ...@@ -28,7 +28,7 @@ MODULE_ALIAS("ip6t_helper");
#define DEBUGP(format, args...) #define DEBUGP(format, args...)
#endif #endif
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -42,7 +42,7 @@ match(const struct sk_buff *skb, ...@@ -42,7 +42,7 @@ match(const struct sk_buff *skb,
struct nf_conn *ct; struct nf_conn *ct;
struct nf_conn_help *master_help; struct nf_conn_help *master_help;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
int ret = info->invert; bool ret = info->invert;
ct = nf_ct_get((struct sk_buff *)skb, &ctinfo); ct = nf_ct_get((struct sk_buff *)skb, &ctinfo);
if (!ct) { if (!ct) {
...@@ -67,7 +67,7 @@ match(const struct sk_buff *skb, ...@@ -67,7 +67,7 @@ match(const struct sk_buff *skb,
ct->master->helper->name, info->name); ct->master->helper->name, info->name);
if (info->name[0] == '\0') if (info->name[0] == '\0')
ret ^= 1; ret = !ret;
else else
ret ^= !strncmp(master_help->helper->name, info->name, ret ^= !strncmp(master_help->helper->name, info->name,
strlen(master_help->helper->name)); strlen(master_help->helper->name));
......
...@@ -20,7 +20,7 @@ MODULE_LICENSE("GPL"); ...@@ -20,7 +20,7 @@ MODULE_LICENSE("GPL");
MODULE_ALIAS("ipt_length"); MODULE_ALIAS("ipt_length");
MODULE_ALIAS("ip6t_length"); MODULE_ALIAS("ip6t_length");
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -36,7 +36,7 @@ match(const struct sk_buff *skb, ...@@ -36,7 +36,7 @@ match(const struct sk_buff *skb,
return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; return (pktlen >= info->min && pktlen <= info->max) ^ info->invert;
} }
static int static bool
match6(const struct sk_buff *skb, match6(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
......
...@@ -57,7 +57,7 @@ static DEFINE_SPINLOCK(limit_lock); ...@@ -57,7 +57,7 @@ static DEFINE_SPINLOCK(limit_lock);
#define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ) #define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ)
static int static bool
ipt_limit_match(const struct sk_buff *skb, ipt_limit_match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -79,11 +79,11 @@ ipt_limit_match(const struct sk_buff *skb, ...@@ -79,11 +79,11 @@ ipt_limit_match(const struct sk_buff *skb,
/* We're not limited. */ /* We're not limited. */
r->credit -= r->cost; r->credit -= r->cost;
spin_unlock_bh(&limit_lock); spin_unlock_bh(&limit_lock);
return 1; return true;
} }
spin_unlock_bh(&limit_lock); spin_unlock_bh(&limit_lock);
return 0; return false;
} }
/* Precision saver. */ /* Precision saver. */
......
...@@ -24,7 +24,7 @@ MODULE_DESCRIPTION("iptables mac matching module"); ...@@ -24,7 +24,7 @@ MODULE_DESCRIPTION("iptables mac matching module");
MODULE_ALIAS("ipt_mac"); MODULE_ALIAS("ipt_mac");
MODULE_ALIAS("ip6t_mac"); MODULE_ALIAS("ip6t_mac");
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
......
...@@ -19,7 +19,7 @@ MODULE_DESCRIPTION("iptables mark matching module"); ...@@ -19,7 +19,7 @@ MODULE_DESCRIPTION("iptables mark matching module");
MODULE_ALIAS("ipt_mark"); MODULE_ALIAS("ipt_mark");
MODULE_ALIAS("ip6t_mark"); MODULE_ALIAS("ip6t_mark");
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
......
...@@ -33,24 +33,24 @@ MODULE_ALIAS("ip6t_multiport"); ...@@ -33,24 +33,24 @@ MODULE_ALIAS("ip6t_multiport");
#endif #endif
/* Returns 1 if the port is matched by the test, 0 otherwise. */ /* Returns 1 if the port is matched by the test, 0 otherwise. */
static inline int static inline bool
ports_match(const u_int16_t *portlist, enum xt_multiport_flags flags, ports_match(const u_int16_t *portlist, enum xt_multiport_flags flags,
u_int8_t count, u_int16_t src, u_int16_t dst) u_int8_t count, u_int16_t src, u_int16_t dst)
{ {
unsigned int i; unsigned int i;
for (i = 0; i < count; i++) { for (i = 0; i < count; i++) {
if (flags != XT_MULTIPORT_DESTINATION && portlist[i] == src) if (flags != XT_MULTIPORT_DESTINATION && portlist[i] == src)
return 1; return true;
if (flags != XT_MULTIPORT_SOURCE && portlist[i] == dst) if (flags != XT_MULTIPORT_SOURCE && portlist[i] == dst)
return 1; return true;
} }
return 0; return false;
} }
/* Returns 1 if the port is matched by the test, 0 otherwise. */ /* Returns 1 if the port is matched by the test, 0 otherwise. */
static inline int static inline bool
ports_match_v1(const struct xt_multiport_v1 *minfo, ports_match_v1(const struct xt_multiport_v1 *minfo,
u_int16_t src, u_int16_t dst) u_int16_t src, u_int16_t dst)
{ {
...@@ -67,34 +67,34 @@ ports_match_v1(const struct xt_multiport_v1 *minfo, ...@@ -67,34 +67,34 @@ ports_match_v1(const struct xt_multiport_v1 *minfo,
if (minfo->flags == XT_MULTIPORT_SOURCE if (minfo->flags == XT_MULTIPORT_SOURCE
&& src >= s && src <= e) && src >= s && src <= e)
return 1 ^ minfo->invert; return true ^ minfo->invert;
if (minfo->flags == XT_MULTIPORT_DESTINATION if (minfo->flags == XT_MULTIPORT_DESTINATION
&& dst >= s && dst <= e) && dst >= s && dst <= e)
return 1 ^ minfo->invert; return true ^ minfo->invert;
if (minfo->flags == XT_MULTIPORT_EITHER if (minfo->flags == XT_MULTIPORT_EITHER
&& ((dst >= s && dst <= e) && ((dst >= s && dst <= e)
|| (src >= s && src <= e))) || (src >= s && src <= e)))
return 1 ^ minfo->invert; return true ^ minfo->invert;
} else { } else {
/* exact port matching */ /* exact port matching */
duprintf("src or dst matches with %d?\n", s); duprintf("src or dst matches with %d?\n", s);
if (minfo->flags == XT_MULTIPORT_SOURCE if (minfo->flags == XT_MULTIPORT_SOURCE
&& src == s) && src == s)
return 1 ^ minfo->invert; return true ^ minfo->invert;
if (minfo->flags == XT_MULTIPORT_DESTINATION if (minfo->flags == XT_MULTIPORT_DESTINATION
&& dst == s) && dst == s)
return 1 ^ minfo->invert; return true ^ minfo->invert;
if (minfo->flags == XT_MULTIPORT_EITHER if (minfo->flags == XT_MULTIPORT_EITHER
&& (src == s || dst == s)) && (src == s || dst == s))
return 1 ^ minfo->invert; return true ^ minfo->invert;
} }
} }
return minfo->invert; return minfo->invert;
} }
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -108,7 +108,7 @@ match(const struct sk_buff *skb, ...@@ -108,7 +108,7 @@ match(const struct sk_buff *skb,
const struct xt_multiport *multiinfo = matchinfo; const struct xt_multiport *multiinfo = matchinfo;
if (offset) if (offset)
return 0; return false;
pptr = skb_header_pointer(skb, protoff, sizeof(_ports), _ports); pptr = skb_header_pointer(skb, protoff, sizeof(_ports), _ports);
if (pptr == NULL) { if (pptr == NULL) {
...@@ -117,7 +117,7 @@ match(const struct sk_buff *skb, ...@@ -117,7 +117,7 @@ match(const struct sk_buff *skb,
*/ */
duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n");
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
return ports_match(multiinfo->ports, return ports_match(multiinfo->ports,
...@@ -125,7 +125,7 @@ match(const struct sk_buff *skb, ...@@ -125,7 +125,7 @@ match(const struct sk_buff *skb,
ntohs(pptr[0]), ntohs(pptr[1])); ntohs(pptr[0]), ntohs(pptr[1]));
} }
static int static bool
match_v1(const struct sk_buff *skb, match_v1(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -139,7 +139,7 @@ match_v1(const struct sk_buff *skb, ...@@ -139,7 +139,7 @@ match_v1(const struct sk_buff *skb,
const struct xt_multiport_v1 *multiinfo = matchinfo; const struct xt_multiport_v1 *multiinfo = matchinfo;
if (offset) if (offset)
return 0; return false;
pptr = skb_header_pointer(skb, protoff, sizeof(_ports), _ports); pptr = skb_header_pointer(skb, protoff, sizeof(_ports), _ports);
if (pptr == NULL) { if (pptr == NULL) {
...@@ -148,7 +148,7 @@ match_v1(const struct sk_buff *skb, ...@@ -148,7 +148,7 @@ match_v1(const struct sk_buff *skb,
*/ */
duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n");
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
return ports_match_v1(multiinfo, ntohs(pptr[0]), ntohs(pptr[1])); return ports_match_v1(multiinfo, ntohs(pptr[0]), ntohs(pptr[1]));
......
...@@ -14,8 +14,6 @@ ...@@ -14,8 +14,6 @@
#include <linux/netfilter/xt_physdev.h> #include <linux/netfilter/xt_physdev.h>
#include <linux/netfilter/x_tables.h> #include <linux/netfilter/x_tables.h>
#include <linux/netfilter_bridge.h> #include <linux/netfilter_bridge.h>
#define MATCH 1
#define NOMATCH 0
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>"); MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>");
...@@ -23,7 +21,7 @@ MODULE_DESCRIPTION("iptables bridge physical device match module"); ...@@ -23,7 +21,7 @@ MODULE_DESCRIPTION("iptables bridge physical device match module");
MODULE_ALIAS("ipt_physdev"); MODULE_ALIAS("ipt_physdev");
MODULE_ALIAS("ip6t_physdev"); MODULE_ALIAS("ip6t_physdev");
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -36,7 +34,7 @@ match(const struct sk_buff *skb, ...@@ -36,7 +34,7 @@ match(const struct sk_buff *skb,
int i; int i;
static const char nulldevname[IFNAMSIZ]; static const char nulldevname[IFNAMSIZ];
const struct xt_physdev_info *info = matchinfo; const struct xt_physdev_info *info = matchinfo;
unsigned int ret; bool ret;
const char *indev, *outdev; const char *indev, *outdev;
struct nf_bridge_info *nf_bridge; struct nf_bridge_info *nf_bridge;
...@@ -47,58 +45,58 @@ match(const struct sk_buff *skb, ...@@ -47,58 +45,58 @@ match(const struct sk_buff *skb,
/* Return MATCH if the invert flags of the used options are on */ /* Return MATCH if the invert flags of the used options are on */
if ((info->bitmask & XT_PHYSDEV_OP_BRIDGED) && if ((info->bitmask & XT_PHYSDEV_OP_BRIDGED) &&
!(info->invert & XT_PHYSDEV_OP_BRIDGED)) !(info->invert & XT_PHYSDEV_OP_BRIDGED))
return NOMATCH; return false;
if ((info->bitmask & XT_PHYSDEV_OP_ISIN) && if ((info->bitmask & XT_PHYSDEV_OP_ISIN) &&
!(info->invert & XT_PHYSDEV_OP_ISIN)) !(info->invert & XT_PHYSDEV_OP_ISIN))
return NOMATCH; return false;
if ((info->bitmask & XT_PHYSDEV_OP_ISOUT) && if ((info->bitmask & XT_PHYSDEV_OP_ISOUT) &&
!(info->invert & XT_PHYSDEV_OP_ISOUT)) !(info->invert & XT_PHYSDEV_OP_ISOUT))
return NOMATCH; return false;
if ((info->bitmask & XT_PHYSDEV_OP_IN) && if ((info->bitmask & XT_PHYSDEV_OP_IN) &&
!(info->invert & XT_PHYSDEV_OP_IN)) !(info->invert & XT_PHYSDEV_OP_IN))
return NOMATCH; return false;
if ((info->bitmask & XT_PHYSDEV_OP_OUT) && if ((info->bitmask & XT_PHYSDEV_OP_OUT) &&
!(info->invert & XT_PHYSDEV_OP_OUT)) !(info->invert & XT_PHYSDEV_OP_OUT))
return NOMATCH; return false;
return MATCH; return true;
} }
/* This only makes sense in the FORWARD and POSTROUTING chains */ /* This only makes sense in the FORWARD and POSTROUTING chains */
if ((info->bitmask & XT_PHYSDEV_OP_BRIDGED) && if ((info->bitmask & XT_PHYSDEV_OP_BRIDGED) &&
(!!(nf_bridge->mask & BRNF_BRIDGED) ^ (!!(nf_bridge->mask & BRNF_BRIDGED) ^
!(info->invert & XT_PHYSDEV_OP_BRIDGED))) !(info->invert & XT_PHYSDEV_OP_BRIDGED)))
return NOMATCH; return false;
if ((info->bitmask & XT_PHYSDEV_OP_ISIN && if ((info->bitmask & XT_PHYSDEV_OP_ISIN &&
(!nf_bridge->physindev ^ !!(info->invert & XT_PHYSDEV_OP_ISIN))) || (!nf_bridge->physindev ^ !!(info->invert & XT_PHYSDEV_OP_ISIN))) ||
(info->bitmask & XT_PHYSDEV_OP_ISOUT && (info->bitmask & XT_PHYSDEV_OP_ISOUT &&
(!nf_bridge->physoutdev ^ !!(info->invert & XT_PHYSDEV_OP_ISOUT)))) (!nf_bridge->physoutdev ^ !!(info->invert & XT_PHYSDEV_OP_ISOUT))))
return NOMATCH; return false;
if (!(info->bitmask & XT_PHYSDEV_OP_IN)) if (!(info->bitmask & XT_PHYSDEV_OP_IN))
goto match_outdev; goto match_outdev;
indev = nf_bridge->physindev ? nf_bridge->physindev->name : nulldevname; indev = nf_bridge->physindev ? nf_bridge->physindev->name : nulldevname;
for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned int); i++) { for (i = 0, ret = false; i < IFNAMSIZ/sizeof(unsigned int); i++) {
ret |= (((const unsigned int *)indev)[i] ret |= (((const unsigned int *)indev)[i]
^ ((const unsigned int *)info->physindev)[i]) ^ ((const unsigned int *)info->physindev)[i])
& ((const unsigned int *)info->in_mask)[i]; & ((const unsigned int *)info->in_mask)[i];
} }
if ((ret == 0) ^ !(info->invert & XT_PHYSDEV_OP_IN)) if (!ret ^ !(info->invert & XT_PHYSDEV_OP_IN))
return NOMATCH; return false;
match_outdev: match_outdev:
if (!(info->bitmask & XT_PHYSDEV_OP_OUT)) if (!(info->bitmask & XT_PHYSDEV_OP_OUT))
return MATCH; return true;
outdev = nf_bridge->physoutdev ? outdev = nf_bridge->physoutdev ?
nf_bridge->physoutdev->name : nulldevname; nf_bridge->physoutdev->name : nulldevname;
for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned int); i++) { for (i = 0, ret = false; i < IFNAMSIZ/sizeof(unsigned int); i++) {
ret |= (((const unsigned int *)outdev)[i] ret |= (((const unsigned int *)outdev)[i]
^ ((const unsigned int *)info->physoutdev)[i]) ^ ((const unsigned int *)info->physoutdev)[i])
& ((const unsigned int *)info->out_mask)[i]; & ((const unsigned int *)info->out_mask)[i];
} }
return (ret != 0) ^ !(info->invert & XT_PHYSDEV_OP_OUT); return ret ^ !(info->invert & XT_PHYSDEV_OP_OUT);
} }
static int static int
......
...@@ -21,7 +21,7 @@ MODULE_DESCRIPTION("IP tables match to match on linklayer packet type"); ...@@ -21,7 +21,7 @@ MODULE_DESCRIPTION("IP tables match to match on linklayer packet type");
MODULE_ALIAS("ipt_pkttype"); MODULE_ALIAS("ipt_pkttype");
MODULE_ALIAS("ip6t_pkttype"); MODULE_ALIAS("ip6t_pkttype");
static int match(const struct sk_buff *skb, static bool match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
const struct xt_match *match, const struct xt_match *match,
......
...@@ -20,7 +20,7 @@ MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); ...@@ -20,7 +20,7 @@ MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
MODULE_DESCRIPTION("Xtables IPsec policy matching module"); MODULE_DESCRIPTION("Xtables IPsec policy matching module");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
static inline int static inline bool
xt_addr_cmp(const union xt_policy_addr *a1, const union xt_policy_addr *m, xt_addr_cmp(const union xt_policy_addr *a1, const union xt_policy_addr *m,
const union xt_policy_addr *a2, unsigned short family) const union xt_policy_addr *a2, unsigned short family)
{ {
...@@ -30,10 +30,10 @@ xt_addr_cmp(const union xt_policy_addr *a1, const union xt_policy_addr *m, ...@@ -30,10 +30,10 @@ xt_addr_cmp(const union xt_policy_addr *a1, const union xt_policy_addr *m,
case AF_INET6: case AF_INET6:
return !ipv6_masked_addr_cmp(&a1->a6, &m->a6, &a2->a6); return !ipv6_masked_addr_cmp(&a1->a6, &m->a6, &a2->a6);
} }
return 0; return false;
} }
static inline int static inline bool
match_xfrm_state(struct xfrm_state *x, const struct xt_policy_elem *e, match_xfrm_state(struct xfrm_state *x, const struct xt_policy_elem *e,
unsigned short family) unsigned short family)
{ {
...@@ -108,14 +108,14 @@ match_policy_out(const struct sk_buff *skb, const struct xt_policy_info *info, ...@@ -108,14 +108,14 @@ match_policy_out(const struct sk_buff *skb, const struct xt_policy_info *info,
return strict ? i == info->len : 0; return strict ? i == info->len : 0;
} }
static int match(const struct sk_buff *skb, static bool match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
const struct xt_match *match, const struct xt_match *match,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
bool *hotdrop) bool *hotdrop)
{ {
const struct xt_policy_info *info = matchinfo; const struct xt_policy_info *info = matchinfo;
int ret; int ret;
...@@ -126,9 +126,9 @@ static int match(const struct sk_buff *skb, ...@@ -126,9 +126,9 @@ static int match(const struct sk_buff *skb,
ret = match_policy_out(skb, info, match->family); ret = match_policy_out(skb, info, match->family);
if (ret < 0) if (ret < 0)
ret = info->flags & XT_POLICY_MATCH_NONE ? 1 : 0; ret = info->flags & XT_POLICY_MATCH_NONE ? true : false;
else if (info->flags & XT_POLICY_MATCH_NONE) else if (info->flags & XT_POLICY_MATCH_NONE)
ret = 0; ret = false;
return ret; return ret;
} }
......
...@@ -16,19 +16,19 @@ MODULE_ALIAS("ip6t_quota"); ...@@ -16,19 +16,19 @@ MODULE_ALIAS("ip6t_quota");
static DEFINE_SPINLOCK(quota_lock); static DEFINE_SPINLOCK(quota_lock);
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo, const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop) int offset, unsigned int protoff, bool *hotdrop)
{ {
struct xt_quota_info *q = ((struct xt_quota_info *)matchinfo)->master; struct xt_quota_info *q = ((struct xt_quota_info *)matchinfo)->master;
int ret = q->flags & XT_QUOTA_INVERT ? 1 : 0; bool ret = q->flags & XT_QUOTA_INVERT;
spin_lock_bh(&quota_lock); spin_lock_bh(&quota_lock);
if (q->quota >= skb->len) { if (q->quota >= skb->len) {
q->quota -= skb->len; q->quota -= skb->len;
ret ^= 1; ret = !ret;
} else { } else {
/* we do not allow even small packets from now on */ /* we do not allow even small packets from now on */
q->quota = 0; q->quota = 0;
......
...@@ -21,7 +21,7 @@ MODULE_LICENSE("GPL"); ...@@ -21,7 +21,7 @@ MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("X_tables realm match"); MODULE_DESCRIPTION("X_tables realm match");
MODULE_ALIAS("ipt_realm"); MODULE_ALIAS("ipt_realm");
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
......
...@@ -23,7 +23,7 @@ MODULE_ALIAS("ipt_sctp"); ...@@ -23,7 +23,7 @@ MODULE_ALIAS("ipt_sctp");
#define SCCHECK(cond, option, flag, invflag) (!((flag) & (option)) \ #define SCCHECK(cond, option, flag, invflag) (!((flag) & (option)) \
|| (!!((invflag) & (option)) ^ (cond))) || (!!((invflag) & (option)) ^ (cond)))
static int static bool
match_flags(const struct xt_sctp_flag_info *flag_info, match_flags(const struct xt_sctp_flag_info *flag_info,
const int flag_count, const int flag_count,
u_int8_t chunktype, u_int8_t chunktype,
...@@ -37,10 +37,10 @@ match_flags(const struct xt_sctp_flag_info *flag_info, ...@@ -37,10 +37,10 @@ match_flags(const struct xt_sctp_flag_info *flag_info,
} }
} }
return 1; return true;
} }
static inline int static inline bool
match_packet(const struct sk_buff *skb, match_packet(const struct sk_buff *skb,
unsigned int offset, unsigned int offset,
const u_int32_t *chunkmap, const u_int32_t *chunkmap,
...@@ -65,7 +65,7 @@ match_packet(const struct sk_buff *skb, ...@@ -65,7 +65,7 @@ match_packet(const struct sk_buff *skb,
if (sch == NULL || sch->length == 0) { if (sch == NULL || sch->length == 0) {
duprintf("Dropping invalid SCTP packet.\n"); duprintf("Dropping invalid SCTP packet.\n");
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
duprintf("Chunk num: %d\toffset: %d\ttype: %d\tlength: %d\tflags: %x\n", duprintf("Chunk num: %d\toffset: %d\ttype: %d\tlength: %d\tflags: %x\n",
...@@ -80,7 +80,7 @@ match_packet(const struct sk_buff *skb, ...@@ -80,7 +80,7 @@ match_packet(const struct sk_buff *skb,
case SCTP_CHUNK_MATCH_ANY: case SCTP_CHUNK_MATCH_ANY:
if (match_flags(flag_info, flag_count, if (match_flags(flag_info, flag_count,
sch->type, sch->flags)) { sch->type, sch->flags)) {
return 1; return true;
} }
break; break;
...@@ -94,14 +94,14 @@ match_packet(const struct sk_buff *skb, ...@@ -94,14 +94,14 @@ match_packet(const struct sk_buff *skb,
case SCTP_CHUNK_MATCH_ONLY: case SCTP_CHUNK_MATCH_ONLY:
if (!match_flags(flag_info, flag_count, if (!match_flags(flag_info, flag_count,
sch->type, sch->flags)) { sch->type, sch->flags)) {
return 0; return false;
} }
break; break;
} }
} else { } else {
switch (chunk_match_type) { switch (chunk_match_type) {
case SCTP_CHUNK_MATCH_ONLY: case SCTP_CHUNK_MATCH_ONLY:
return 0; return false;
} }
} }
} while (offset < skb->len); } while (offset < skb->len);
...@@ -110,16 +110,16 @@ match_packet(const struct sk_buff *skb, ...@@ -110,16 +110,16 @@ match_packet(const struct sk_buff *skb,
case SCTP_CHUNK_MATCH_ALL: case SCTP_CHUNK_MATCH_ALL:
return SCTP_CHUNKMAP_IS_CLEAR(chunkmap); return SCTP_CHUNKMAP_IS_CLEAR(chunkmap);
case SCTP_CHUNK_MATCH_ANY: case SCTP_CHUNK_MATCH_ANY:
return 0; return false;
case SCTP_CHUNK_MATCH_ONLY: case SCTP_CHUNK_MATCH_ONLY:
return 1; return true;
} }
/* This will never be reached, but required to stop compiler whine */ /* This will never be reached, but required to stop compiler whine */
return 0; return false;
} }
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -134,14 +134,14 @@ match(const struct sk_buff *skb, ...@@ -134,14 +134,14 @@ match(const struct sk_buff *skb,
if (offset) { if (offset) {
duprintf("Dropping non-first fragment.. FIXME\n"); duprintf("Dropping non-first fragment.. FIXME\n");
return 0; return false;
} }
sh = skb_header_pointer(skb, protoff, sizeof(_sh), &_sh); sh = skb_header_pointer(skb, protoff, sizeof(_sh), &_sh);
if (sh == NULL) { if (sh == NULL) {
duprintf("Dropping evil TCP offset=0 tinygram.\n"); duprintf("Dropping evil TCP offset=0 tinygram.\n");
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest)); duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest));
......
...@@ -20,7 +20,7 @@ MODULE_DESCRIPTION("ip[6]_tables connection tracking state match module"); ...@@ -20,7 +20,7 @@ MODULE_DESCRIPTION("ip[6]_tables connection tracking state match module");
MODULE_ALIAS("ipt_state"); MODULE_ALIAS("ipt_state");
MODULE_ALIAS("ip6t_state"); MODULE_ALIAS("ip6t_state");
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
......
...@@ -24,26 +24,26 @@ MODULE_ALIAS("ip6t_statistic"); ...@@ -24,26 +24,26 @@ MODULE_ALIAS("ip6t_statistic");
static DEFINE_SPINLOCK(nth_lock); static DEFINE_SPINLOCK(nth_lock);
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo, const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop) int offset, unsigned int protoff, bool *hotdrop)
{ {
struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo; struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo;
int ret = info->flags & XT_STATISTIC_INVERT ? 1 : 0; bool ret = info->flags & XT_STATISTIC_INVERT;
switch (info->mode) { switch (info->mode) {
case XT_STATISTIC_MODE_RANDOM: case XT_STATISTIC_MODE_RANDOM:
if ((net_random() & 0x7FFFFFFF) < info->u.random.probability) if ((net_random() & 0x7FFFFFFF) < info->u.random.probability)
ret ^= 1; ret = !ret;
break; break;
case XT_STATISTIC_MODE_NTH: case XT_STATISTIC_MODE_NTH:
info = info->master; info = info->master;
spin_lock_bh(&nth_lock); spin_lock_bh(&nth_lock);
if (info->u.nth.count++ == info->u.nth.every) { if (info->u.nth.count++ == info->u.nth.every) {
info->u.nth.count = 0; info->u.nth.count = 0;
ret ^= 1; ret = !ret;
} }
spin_unlock_bh(&nth_lock); spin_unlock_bh(&nth_lock);
break; break;
......
...@@ -21,14 +21,14 @@ MODULE_LICENSE("GPL"); ...@@ -21,14 +21,14 @@ MODULE_LICENSE("GPL");
MODULE_ALIAS("ipt_string"); MODULE_ALIAS("ipt_string");
MODULE_ALIAS("ip6t_string"); MODULE_ALIAS("ip6t_string");
static int match(const struct sk_buff *skb, static bool match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
const struct xt_match *match, const struct xt_match *match,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
bool *hotdrop) bool *hotdrop)
{ {
const struct xt_string_info *conf = matchinfo; const struct xt_string_info *conf = matchinfo;
struct ts_state state; struct ts_state state;
......
...@@ -23,7 +23,7 @@ MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); ...@@ -23,7 +23,7 @@ MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
MODULE_DESCRIPTION("iptables TCP MSS match module"); MODULE_DESCRIPTION("iptables TCP MSS match module");
MODULE_ALIAS("ipt_tcpmss"); MODULE_ALIAS("ipt_tcpmss");
static int static bool
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -78,7 +78,7 @@ match(const struct sk_buff *skb, ...@@ -78,7 +78,7 @@ match(const struct sk_buff *skb,
dropit: dropit:
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
static struct xt_match xt_tcpmss_match[] = { static struct xt_match xt_tcpmss_match[] = {
......
...@@ -27,21 +27,18 @@ MODULE_ALIAS("ip6t_tcp"); ...@@ -27,21 +27,18 @@ MODULE_ALIAS("ip6t_tcp");
/* Returns 1 if the port is matched by the range, 0 otherwise */ /* Returns 1 if the port is matched by the range, 0 otherwise */
static inline int static inline bool
port_match(u_int16_t min, u_int16_t max, u_int16_t port, int invert) port_match(u_int16_t min, u_int16_t max, u_int16_t port, bool invert)
{ {
int ret; return (port >= min && port <= max) ^ invert;
ret = (port >= min && port <= max) ^ invert;
return ret;
} }
static int static bool
tcp_find_option(u_int8_t option, tcp_find_option(u_int8_t option,
const struct sk_buff *skb, const struct sk_buff *skb,
unsigned int protoff, unsigned int protoff,
unsigned int optlen, unsigned int optlen,
int invert, bool invert,
bool *hotdrop) bool *hotdrop)
{ {
/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
...@@ -58,7 +55,7 @@ tcp_find_option(u_int8_t option, ...@@ -58,7 +55,7 @@ tcp_find_option(u_int8_t option,
optlen, _opt); optlen, _opt);
if (op == NULL) { if (op == NULL) {
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
for (i = 0; i < optlen; ) { for (i = 0; i < optlen; ) {
...@@ -70,7 +67,7 @@ tcp_find_option(u_int8_t option, ...@@ -70,7 +67,7 @@ tcp_find_option(u_int8_t option,
return invert; return invert;
} }
static int static bool
tcp_match(const struct sk_buff *skb, tcp_match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -95,7 +92,7 @@ tcp_match(const struct sk_buff *skb, ...@@ -95,7 +92,7 @@ tcp_match(const struct sk_buff *skb,
*hotdrop = true; *hotdrop = true;
} }
/* Must not be a fragment. */ /* Must not be a fragment. */
return 0; return false;
} }
#define FWINVTCP(bool,invflg) ((bool) ^ !!(tcpinfo->invflags & invflg)) #define FWINVTCP(bool,invflg) ((bool) ^ !!(tcpinfo->invflags & invflg))
...@@ -106,33 +103,33 @@ tcp_match(const struct sk_buff *skb, ...@@ -106,33 +103,33 @@ tcp_match(const struct sk_buff *skb,
can't. Hence, no choice but to drop. */ can't. Hence, no choice but to drop. */
duprintf("Dropping evil TCP offset=0 tinygram.\n"); duprintf("Dropping evil TCP offset=0 tinygram.\n");
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
if (!port_match(tcpinfo->spts[0], tcpinfo->spts[1], if (!port_match(tcpinfo->spts[0], tcpinfo->spts[1],
ntohs(th->source), ntohs(th->source),
!!(tcpinfo->invflags & XT_TCP_INV_SRCPT))) !!(tcpinfo->invflags & XT_TCP_INV_SRCPT)))
return 0; return false;
if (!port_match(tcpinfo->dpts[0], tcpinfo->dpts[1], if (!port_match(tcpinfo->dpts[0], tcpinfo->dpts[1],
ntohs(th->dest), ntohs(th->dest),
!!(tcpinfo->invflags & XT_TCP_INV_DSTPT))) !!(tcpinfo->invflags & XT_TCP_INV_DSTPT)))
return 0; return false;
if (!FWINVTCP((((unsigned char *)th)[13] & tcpinfo->flg_mask) if (!FWINVTCP((((unsigned char *)th)[13] & tcpinfo->flg_mask)
== tcpinfo->flg_cmp, == tcpinfo->flg_cmp,
XT_TCP_INV_FLAGS)) XT_TCP_INV_FLAGS))
return 0; return false;
if (tcpinfo->option) { if (tcpinfo->option) {
if (th->doff * 4 < sizeof(_tcph)) { if (th->doff * 4 < sizeof(_tcph)) {
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
if (!tcp_find_option(tcpinfo->option, skb, protoff, if (!tcp_find_option(tcpinfo->option, skb, protoff,
th->doff*4 - sizeof(_tcph), th->doff*4 - sizeof(_tcph),
tcpinfo->invflags & XT_TCP_INV_OPTION, tcpinfo->invflags & XT_TCP_INV_OPTION,
hotdrop)) hotdrop))
return 0; return false;
} }
return 1; return true;
} }
/* Called when user tries to insert an entry of this type. */ /* Called when user tries to insert an entry of this type. */
...@@ -149,7 +146,7 @@ tcp_checkentry(const char *tablename, ...@@ -149,7 +146,7 @@ tcp_checkentry(const char *tablename,
return !(tcpinfo->invflags & ~XT_TCP_INV_MASK); return !(tcpinfo->invflags & ~XT_TCP_INV_MASK);
} }
static int static bool
udp_match(const struct sk_buff *skb, udp_match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
...@@ -164,7 +161,7 @@ udp_match(const struct sk_buff *skb, ...@@ -164,7 +161,7 @@ udp_match(const struct sk_buff *skb,
/* Must not be a fragment. */ /* Must not be a fragment. */
if (offset) if (offset)
return 0; return false;
uh = skb_header_pointer(skb, protoff, sizeof(_udph), &_udph); uh = skb_header_pointer(skb, protoff, sizeof(_udph), &_udph);
if (uh == NULL) { if (uh == NULL) {
...@@ -172,7 +169,7 @@ udp_match(const struct sk_buff *skb, ...@@ -172,7 +169,7 @@ udp_match(const struct sk_buff *skb,
can't. Hence, no choice but to drop. */ can't. Hence, no choice but to drop. */
duprintf("Dropping evil UDP tinygram.\n"); duprintf("Dropping evil UDP tinygram.\n");
*hotdrop = true; *hotdrop = true;
return 0; return false;
} }
return port_match(udpinfo->spts[0], udpinfo->spts[1], return port_match(udpinfo->spts[0], udpinfo->spts[1],
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment