kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[NETFILTER]: x_tables: switch hotdrop to bool

Browse source 
Switch the "hotdrop" variables to boolean

Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Jan Engelhardt 2007-07-07 22:15:12 -07:00 committed by David S. Miller
parent 7bfe246116
commit cff533ac12
46 changed files with 92 additions and 92 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/linux/netfilter/x_tables.h
View file

@ -148,7 +148,7 @@ struct xt_match
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop); bool *hotdrop);
/* Called when user tries to insert an entry of this type. */ /* Called when user tries to insert an entry of this type. */
/* Should return true or false. */ /* Should return true or false. */

2
net/ipv4/netfilter/arp_tables.c
View file

@ -224,7 +224,7 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
static const char nulldevname[IFNAMSIZ]; static const char nulldevname[IFNAMSIZ];
unsigned int verdict = NF_DROP; unsigned int verdict = NF_DROP;
struct arphdr *arp; struct arphdr *arp;
int hotdrop = 0; bool hotdrop = false;
struct arpt_entry *e, *back; struct arpt_entry *e, *back;
const char *indev, *outdev; const char *indev, *outdev;
void *table_base; void *table_base;

8
net/ipv4/netfilter/ip_tables.c
View file

@ -188,7 +188,7 @@ int do_match(struct ipt_entry_match *m,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
int offset, int offset,
int *hotdrop) bool *hotdrop)
{ {
/* Stop iteration if it doesn't match */ /* Stop iteration if it doesn't match */
if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data, if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
@ -216,7 +216,7 @@ ipt_do_table(struct sk_buff **pskb,
u_int16_t offset; u_int16_t offset;
struct iphdr *ip; struct iphdr *ip;
u_int16_t datalen; u_int16_t datalen;
int hotdrop = 0; bool hotdrop = false;
/* Initializing verdict to NF_DROP keeps gcc happy. */ /* Initializing verdict to NF_DROP keeps gcc happy. */
unsigned int verdict = NF_DROP; unsigned int verdict = NF_DROP;
const char *indev, *outdev; const char *indev, *outdev;
@ -2122,7 +2122,7 @@ icmp_match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
struct icmphdr _icmph, *ic; struct icmphdr _icmph, *ic;
const struct ipt_icmp *icmpinfo = matchinfo; const struct ipt_icmp *icmpinfo = matchinfo;
@ -2137,7 +2137,7 @@ icmp_match(const struct sk_buff *skb,
* can't. Hence, no choice but to drop. * can't. Hence, no choice but to drop.
*/ */
duprintf("Dropping evil ICMP tinygram.\n"); duprintf("Dropping evil ICMP tinygram.\n");
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }

2
net/ipv4/netfilter/ipt_addrtype.c
View file

@ -30,7 +30,7 @@ static inline int match_type(__be32 addr, u_int16_t mask)
static int match(const struct sk_buff *skb, static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo, const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, int *hotdrop) int offset, unsigned int protoff, bool *hotdrop)
{ {
const struct ipt_addrtype_info *info = matchinfo; const struct ipt_addrtype_info *info = matchinfo;
const struct iphdr *iph = ip_hdr(skb); const struct iphdr *iph = ip_hdr(skb);

4
net/ipv4/netfilter/ipt_ah.c
View file

@ -44,7 +44,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
struct ip_auth_hdr _ahdr, *ah; struct ip_auth_hdr _ahdr, *ah;
const struct ipt_ah *ahinfo = matchinfo; const struct ipt_ah *ahinfo = matchinfo;
@ -60,7 +60,7 @@ match(const struct sk_buff *skb,
* can't. Hence, no choice but to drop. * can't. Hence, no choice but to drop.
*/ */
duprintf("Dropping evil AH tinygram.\n"); duprintf("Dropping evil AH tinygram.\n");
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }

6
net/ipv4/netfilter/ipt_ecn.c
View file

@ -30,7 +30,7 @@ static inline int match_ip(const struct sk_buff *skb,
static inline int match_tcp(const struct sk_buff *skb, static inline int match_tcp(const struct sk_buff *skb,
const struct ipt_ecn_info *einfo, const struct ipt_ecn_info *einfo,
int *hotdrop) bool *hotdrop)
{ {
struct tcphdr _tcph, *th; struct tcphdr _tcph, *th;
@ -39,7 +39,7 @@ static inline int match_tcp(const struct sk_buff *skb,
*/ */
th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph); th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
if (th == NULL) { if (th == NULL) {
*hotdrop = 0; *hotdrop = false;
return 0; return 0;
} }
@ -69,7 +69,7 @@ static inline int match_tcp(const struct sk_buff *skb,
static int match(const struct sk_buff *skb, static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo, const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, int *hotdrop) int offset, unsigned int protoff, bool *hotdrop)
{ {
const struct ipt_ecn_info *info = matchinfo; const struct ipt_ecn_info *info = matchinfo;

2
net/ipv4/netfilter/ipt_iprange.c
View file

@ -29,7 +29,7 @@ match(const struct sk_buff *skb,
const struct net_device *out, const struct net_device *out,
const struct xt_match *match, const struct xt_match *match,
const void *matchinfo, const void *matchinfo,
int offset, unsigned int protoff, int *hotdrop) int offset, unsigned int protoff, bool *hotdrop)
{ {
const struct ipt_iprange_info *info = matchinfo; const struct ipt_iprange_info *info = matchinfo;
const struct iphdr *iph = ip_hdr(skb); const struct iphdr *iph = ip_hdr(skb);

2
net/ipv4/netfilter/ipt_owner.c
View file

@ -29,7 +29,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct ipt_owner_info *info = matchinfo; const struct ipt_owner_info *info = matchinfo;

4
net/ipv4/netfilter/ipt_recent.c
View file

@ -173,7 +173,7 @@ static int
ipt_recent_match(const struct sk_buff *skb, ipt_recent_match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo, const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, int *hotdrop) int offset, unsigned int protoff, bool *hotdrop)
{ {
const struct ipt_recent_info *info = matchinfo; const struct ipt_recent_info *info = matchinfo;
struct recent_table *t; struct recent_table *t;
@ -201,7 +201,7 @@ ipt_recent_match(const struct sk_buff *skb,
goto out; goto out;
e = recent_entry_init(t, addr, ttl); e = recent_entry_init(t, addr, ttl);
if (e == NULL) if (e == NULL)
*hotdrop = 1; *hotdrop = true;
ret ^= 1; ret ^= 1;
goto out; goto out;
} }

2
net/ipv4/netfilter/ipt_tos.c
View file

@ -26,7 +26,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct ipt_tos_info *info = matchinfo; const struct ipt_tos_info *info = matchinfo;

2
net/ipv4/netfilter/ipt_ttl.c
View file

@ -21,7 +21,7 @@ MODULE_LICENSE("GPL");
static int match(const struct sk_buff *skb, static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo, const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, int *hotdrop) int offset, unsigned int protoff, bool *hotdrop)
{ {
const struct ipt_ttl_info *info = matchinfo; const struct ipt_ttl_info *info = matchinfo;
const u8 ttl = ip_hdr(skb)->ttl; const u8 ttl = ip_hdr(skb)->ttl;

12
net/ipv6/netfilter/ip6_tables.c
View file

@ -102,7 +102,7 @@ ip6_packet_match(const struct sk_buff *skb,
const char *outdev, const char *outdev,
const struct ip6t_ip6 *ip6info, const struct ip6t_ip6 *ip6info,
unsigned int *protoff, unsigned int *protoff,
int *fragoff, int *hotdrop) int *fragoff, bool *hotdrop)
{ {
size_t i; size_t i;
unsigned long ret; unsigned long ret;
@ -162,7 +162,7 @@ ip6_packet_match(const struct sk_buff *skb,
protohdr = ipv6_find_hdr(skb, protoff, -1, &_frag_off); protohdr = ipv6_find_hdr(skb, protoff, -1, &_frag_off);
if (protohdr < 0) { if (protohdr < 0) {
if (_frag_off == 0) if (_frag_off == 0)
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }
*fragoff = _frag_off; *fragoff = _frag_off;
@ -225,7 +225,7 @@ int do_match(struct ip6t_entry_match *m,
const struct net_device *out, const struct net_device *out,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
/* Stop iteration if it doesn't match */ /* Stop iteration if it doesn't match */
if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data, if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
@ -252,7 +252,7 @@ ip6t_do_table(struct sk_buff **pskb,
static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));
int offset = 0; int offset = 0;
unsigned int protoff = 0; unsigned int protoff = 0;
int hotdrop = 0; bool hotdrop = false;
/* Initializing verdict to NF_DROP keeps gcc happy. */ /* Initializing verdict to NF_DROP keeps gcc happy. */
unsigned int verdict = NF_DROP; unsigned int verdict = NF_DROP;
const char *indev, *outdev; const char *indev, *outdev;
@ -1299,7 +1299,7 @@ icmp6_match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
struct icmp6hdr _icmp, *ic; struct icmp6hdr _icmp, *ic;
const struct ip6t_icmp *icmpinfo = matchinfo; const struct ip6t_icmp *icmpinfo = matchinfo;
@ -1313,7 +1313,7 @@ icmp6_match(const struct sk_buff *skb,
/* We've been asked to examine this packet, and we /* We've been asked to examine this packet, and we
can't. Hence, no choice but to drop. */ can't. Hence, no choice but to drop. */
duprintf("Dropping evil ICMP tinygram.\n"); duprintf("Dropping evil ICMP tinygram.\n");
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }

6
net/ipv6/netfilter/ip6t_ah.c
View file

@ -49,7 +49,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
struct ip_auth_hdr *ah, _ah; struct ip_auth_hdr *ah, _ah;
const struct ip6t_ah *ahinfo = matchinfo; const struct ip6t_ah *ahinfo = matchinfo;
@ -60,13 +60,13 @@ match(const struct sk_buff *skb,
err = ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL); err = ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL);
if (err < 0) { if (err < 0) {
if (err != -ENOENT) if (err != -ENOENT)
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }
ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah); ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
if (ah == NULL) { if (ah == NULL) {
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }

4
net/ipv6/netfilter/ip6t_eui64.c
View file

@ -27,7 +27,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
unsigned char eui64[8]; unsigned char eui64[8];
int i = 0; int i = 0;
@ -35,7 +35,7 @@ match(const struct sk_buff *skb,
if (!(skb_mac_header(skb) >= skb->head && if (!(skb_mac_header(skb) >= skb->head &&
(skb_mac_header(skb) + ETH_HLEN) <= skb->data) && (skb_mac_header(skb) + ETH_HLEN) <= skb->data) &&
offset != 0) { offset != 0) {
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }

6
net/ipv6/netfilter/ip6t_frag.c
View file

@ -48,7 +48,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
struct frag_hdr _frag, *fh; struct frag_hdr _frag, *fh;
const struct ip6t_frag *fraginfo = matchinfo; const struct ip6t_frag *fraginfo = matchinfo;
@ -58,13 +58,13 @@ match(const struct sk_buff *skb,
err = ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL); err = ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL);
if (err < 0) { if (err < 0) {
if (err != -ENOENT) if (err != -ENOENT)
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }
fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag); fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
if (fh == NULL) { if (fh == NULL) {
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }

6
net/ipv6/netfilter/ip6t_hbh.c
View file

@ -55,7 +55,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
struct ipv6_opt_hdr _optsh, *oh; struct ipv6_opt_hdr _optsh, *oh;
const struct ip6t_opts *optinfo = matchinfo; const struct ip6t_opts *optinfo = matchinfo;
@ -71,13 +71,13 @@ match(const struct sk_buff *skb,
err = ipv6_find_hdr(skb, &ptr, match->data, NULL); err = ipv6_find_hdr(skb, &ptr, match->data, NULL);
if (err < 0) { if (err < 0) {
if (err != -ENOENT) if (err != -ENOENT)
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }
oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh); oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
if (oh == NULL) { if (oh == NULL) {
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }

2
net/ipv6/netfilter/ip6t_hl.c
View file

@ -22,7 +22,7 @@ MODULE_LICENSE("GPL");
static int match(const struct sk_buff *skb, static int match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo, const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, int *hotdrop) int offset, unsigned int protoff, bool *hotdrop)
{ {
const struct ip6t_hl_info *info = matchinfo; const struct ip6t_hl_info *info = matchinfo;
const struct ipv6hdr *ip6h = ipv6_hdr(skb); const struct ipv6hdr *ip6h = ipv6_hdr(skb);

2
net/ipv6/netfilter/ip6t_ipv6header.c
View file

@ -34,7 +34,7 @@ ipv6header_match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct ip6t_ipv6header_info *info = matchinfo; const struct ip6t_ipv6header_info *info = matchinfo;
unsigned int temp; unsigned int temp;

6
net/ipv6/netfilter/ip6t_mh.c
View file

@ -48,7 +48,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
struct ip6_mh _mh, *mh; struct ip6_mh _mh, *mh;
const struct ip6t_mh *mhinfo = matchinfo; const struct ip6t_mh *mhinfo = matchinfo;
@ -62,14 +62,14 @@ match(const struct sk_buff *skb,
/* We've been asked to examine this packet, and we /* We've been asked to examine this packet, and we
can't. Hence, no choice but to drop. */ can't. Hence, no choice but to drop. */
duprintf("Dropping evil MH tinygram.\n"); duprintf("Dropping evil MH tinygram.\n");
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }
if (mh->ip6mh_proto != IPPROTO_NONE) { if (mh->ip6mh_proto != IPPROTO_NONE) {
duprintf("Dropping invalid MH Payload Proto: %u\n", duprintf("Dropping invalid MH Payload Proto: %u\n",
mh->ip6mh_proto); mh->ip6mh_proto);
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }

2
net/ipv6/netfilter/ip6t_owner.c
View file

@ -31,7 +31,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct ip6t_owner_info *info = matchinfo; const struct ip6t_owner_info *info = matchinfo;

6
net/ipv6/netfilter/ip6t_rt.c
View file

@ -50,7 +50,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
struct ipv6_rt_hdr _route, *rh; struct ipv6_rt_hdr _route, *rh;
const struct ip6t_rt *rtinfo = matchinfo; const struct ip6t_rt *rtinfo = matchinfo;
@ -64,13 +64,13 @@ match(const struct sk_buff *skb,
err = ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL); err = ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL);
if (err < 0) { if (err < 0) {
if (err != -ENOENT) if (err != -ENOENT)
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }
rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route); rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
if (rh == NULL) { if (rh == NULL) {
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }

2
net/netfilter/xt_comment.c
View file

@ -23,7 +23,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protooff, unsigned int protooff,
int *hotdrop) bool *hotdrop)
{ {
/* We always match */ /* We always match */
return 1; return 1;

2
net/netfilter/xt_connbytes.c
View file

@ -23,7 +23,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_connbytes_info *sinfo = matchinfo; const struct xt_connbytes_info *sinfo = matchinfo;
struct nf_conn *ct; struct nf_conn *ct;

2
net/netfilter/xt_connmark.c
View file

@ -38,7 +38,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_connmark_info *info = matchinfo; const struct xt_connmark_info *info = matchinfo;
struct nf_conn *ct; struct nf_conn *ct;

2
net/netfilter/xt_conntrack.c
View file

@ -27,7 +27,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_conntrack_info *sinfo = matchinfo; const struct xt_conntrack_info *sinfo = matchinfo;
struct nf_conn *ct; struct nf_conn *ct;

12
net/netfilter/xt_dccp.c
View file

@ -36,7 +36,7 @@ dccp_find_option(u_int8_t option,
const struct sk_buff *skb, const struct sk_buff *skb,
unsigned int protoff, unsigned int protoff,
const struct dccp_hdr *dh, const struct dccp_hdr *dh,
int *hotdrop) bool *hotdrop)
{ {
/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
unsigned char *op; unsigned char *op;
@ -45,7 +45,7 @@ dccp_find_option(u_int8_t option,
unsigned int i; unsigned int i;
if (dh->dccph_doff * 4 < __dccp_hdr_len(dh)) { if (dh->dccph_doff * 4 < __dccp_hdr_len(dh)) {
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }
@ -57,7 +57,7 @@ dccp_find_option(u_int8_t option,
if (op == NULL) { if (op == NULL) {
/* If we don't have the whole header, drop packet. */ /* If we don't have the whole header, drop packet. */
spin_unlock_bh(&dccp_buflock); spin_unlock_bh(&dccp_buflock);
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }
@ -86,7 +86,7 @@ match_types(const struct dccp_hdr *dh, u_int16_t typemask)
static inline int static inline int
match_option(u_int8_t option, const struct sk_buff *skb, unsigned int protoff, match_option(u_int8_t option, const struct sk_buff *skb, unsigned int protoff,
const struct dccp_hdr *dh, int *hotdrop) const struct dccp_hdr *dh, bool *hotdrop)
{ {
return dccp_find_option(option, skb, protoff, dh, hotdrop); return dccp_find_option(option, skb, protoff, dh, hotdrop);
} }
@ -99,7 +99,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_dccp_info *info = matchinfo; const struct xt_dccp_info *info = matchinfo;
struct dccp_hdr _dh, *dh; struct dccp_hdr _dh, *dh;
@ -109,7 +109,7 @@ match(const struct sk_buff *skb,
dh = skb_header_pointer(skb, protoff, sizeof(_dh), &_dh); dh = skb_header_pointer(skb, protoff, sizeof(_dh), &_dh);
if (dh == NULL) { if (dh == NULL) {
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }

4
net/netfilter/xt_dscp.c
View file

@ -29,7 +29,7 @@ static int match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_dscp_info *info = matchinfo; const struct xt_dscp_info *info = matchinfo;
u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
@ -44,7 +44,7 @@ static int match6(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_dscp_info *info = matchinfo; const struct xt_dscp_info *info = matchinfo;
u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT;

4
net/netfilter/xt_esp.c
View file

@ -50,7 +50,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
struct ip_esp_hdr _esp, *eh; struct ip_esp_hdr _esp, *eh;
const struct xt_esp *espinfo = matchinfo; const struct xt_esp *espinfo = matchinfo;
@ -65,7 +65,7 @@ match(const struct sk_buff *skb,
* can't. Hence, no choice but to drop. * can't. Hence, no choice but to drop.
*/ */
duprintf("Dropping evil ESP tinygram.\n"); duprintf("Dropping evil ESP tinygram.\n");
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }

4
net/netfilter/xt_hashlimit.c
View file

@ -440,7 +440,7 @@ hashlimit_match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
struct xt_hashlimit_info *r = struct xt_hashlimit_info *r =
((struct xt_hashlimit_info *)matchinfo)->u.master; ((struct xt_hashlimit_info *)matchinfo)->u.master;
@ -487,7 +487,7 @@ hashlimit_match(const struct sk_buff *skb,
return 0; return 0;
hotdrop: hotdrop:
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }

2
net/netfilter/xt_helper.c
View file

@ -36,7 +36,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_helper_info *info = matchinfo; const struct xt_helper_info *info = matchinfo;
struct nf_conn *ct; struct nf_conn *ct;

4
net/netfilter/xt_length.c
View file

@ -28,7 +28,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_length_info *info = matchinfo; const struct xt_length_info *info = matchinfo;
u_int16_t pktlen = ntohs(ip_hdr(skb)->tot_len); u_int16_t pktlen = ntohs(ip_hdr(skb)->tot_len);
@ -44,7 +44,7 @@ match6(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_length_info *info = matchinfo; const struct xt_length_info *info = matchinfo;
const u_int16_t pktlen = (ntohs(ipv6_hdr(skb)->payload_len) + const u_int16_t pktlen = (ntohs(ipv6_hdr(skb)->payload_len) +

2
net/netfilter/xt_limit.c
View file

@ -65,7 +65,7 @@ ipt_limit_match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
struct xt_rateinfo *r = ((struct xt_rateinfo *)matchinfo)->master; struct xt_rateinfo *r = ((struct xt_rateinfo *)matchinfo)->master;
unsigned long now = jiffies; unsigned long now = jiffies;

2
net/netfilter/xt_mac.c
View file

@ -32,7 +32,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_mac_info *info = matchinfo; const struct xt_mac_info *info = matchinfo;

2
net/netfilter/xt_mark.c
View file

@ -27,7 +27,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_mark_info *info = matchinfo; const struct xt_mark_info *info = matchinfo;

8
net/netfilter/xt_multiport.c
View file

@ -102,7 +102,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
__be16 _ports[2], *pptr; __be16 _ports[2], *pptr;
const struct xt_multiport *multiinfo = matchinfo; const struct xt_multiport *multiinfo = matchinfo;
@ -116,7 +116,7 @@ match(const struct sk_buff *skb,
* can't. Hence, no choice but to drop. * can't. Hence, no choice but to drop.
*/ */
duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n");
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }
@ -133,7 +133,7 @@ match_v1(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
__be16 _ports[2], *pptr; __be16 _ports[2], *pptr;
const struct xt_multiport_v1 *multiinfo = matchinfo; const struct xt_multiport_v1 *multiinfo = matchinfo;
@ -147,7 +147,7 @@ match_v1(const struct sk_buff *skb,
* can't. Hence, no choice but to drop. * can't. Hence, no choice but to drop.
*/ */
duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n"); duprintf("xt_multiport: Dropping evil offset=0 tinygram.\n");
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }

2
net/netfilter/xt_physdev.c
View file

@ -31,7 +31,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
int i; int i;
static const char nulldevname[IFNAMSIZ]; static const char nulldevname[IFNAMSIZ];

2
net/netfilter/xt_pkttype.c
View file

@ -28,7 +28,7 @@ static int match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
u_int8_t type; u_int8_t type;
const struct xt_pkttype_info *info = matchinfo; const struct xt_pkttype_info *info = matchinfo;

2
net/netfilter/xt_policy.c
View file

@ -115,7 +115,7 @@ static int match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_policy_info *info = matchinfo; const struct xt_policy_info *info = matchinfo;
int ret; int ret;

2
net/netfilter/xt_quota.c
View file

@ -20,7 +20,7 @@ static int
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo, const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, int *hotdrop) int offset, unsigned int protoff, bool *hotdrop)
{ {
struct xt_quota_info *q = ((struct xt_quota_info *)matchinfo)->master; struct xt_quota_info *q = ((struct xt_quota_info *)matchinfo)->master;
int ret = q->flags & XT_QUOTA_INVERT ? 1 : 0; int ret = q->flags & XT_QUOTA_INVERT ? 1 : 0;

2
net/netfilter/xt_realm.c
View file

@ -29,7 +29,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_realm_info *info = matchinfo; const struct xt_realm_info *info = matchinfo;
struct dst_entry *dst = skb->dst; struct dst_entry *dst = skb->dst;

8
net/netfilter/xt_sctp.c
View file

@ -47,7 +47,7 @@ match_packet(const struct sk_buff *skb,
int chunk_match_type, int chunk_match_type,
const struct xt_sctp_flag_info *flag_info, const struct xt_sctp_flag_info *flag_info,
const int flag_count, const int flag_count,
int *hotdrop) bool *hotdrop)
{ {
u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)]; u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)];
sctp_chunkhdr_t _sch, *sch; sctp_chunkhdr_t _sch, *sch;
@ -64,7 +64,7 @@ match_packet(const struct sk_buff *skb,
sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch); sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch);
if (sch == NULL || sch->length == 0) { if (sch == NULL || sch->length == 0) {
duprintf("Dropping invalid SCTP packet.\n"); duprintf("Dropping invalid SCTP packet.\n");
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }
@ -127,7 +127,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_sctp_info *info = matchinfo; const struct xt_sctp_info *info = matchinfo;
sctp_sctphdr_t _sh, *sh; sctp_sctphdr_t _sh, *sh;
@ -140,7 +140,7 @@ match(const struct sk_buff *skb,
sh = skb_header_pointer(skb, protoff, sizeof(_sh), &_sh); sh = skb_header_pointer(skb, protoff, sizeof(_sh), &_sh);
if (sh == NULL) { if (sh == NULL) {
duprintf("Dropping evil TCP offset=0 tinygram.\n"); duprintf("Dropping evil TCP offset=0 tinygram.\n");
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }
duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest)); duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest));

2
net/netfilter/xt_state.c
View file

@ -28,7 +28,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_state_info *sinfo = matchinfo; const struct xt_state_info *sinfo = matchinfo;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;

2
net/netfilter/xt_statistic.c
View file

@ -28,7 +28,7 @@ static int
match(const struct sk_buff *skb, match(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
const struct xt_match *match, const void *matchinfo, const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, int *hotdrop) int offset, unsigned int protoff, bool *hotdrop)
{ {
struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo; struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo;
int ret = info->flags & XT_STATISTIC_INVERT ? 1 : 0; int ret = info->flags & XT_STATISTIC_INVERT ? 1 : 0;

2
net/netfilter/xt_string.c
View file

@ -28,7 +28,7 @@ static int match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_string_info *conf = matchinfo; const struct xt_string_info *conf = matchinfo;
struct ts_state state; struct ts_state state;

4
net/netfilter/xt_tcpmss.c
View file

@ -31,7 +31,7 @@ match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
const struct xt_tcpmss_match_info *info = matchinfo; const struct xt_tcpmss_match_info *info = matchinfo;
struct tcphdr _tcph, *th; struct tcphdr _tcph, *th;
@ -77,7 +77,7 @@ out:
return info->invert; return info->invert;
dropit: dropit:
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }

16
net/netfilter/xt_tcpudp.c
View file

@ -42,7 +42,7 @@ tcp_find_option(u_int8_t option,
unsigned int protoff, unsigned int protoff,
unsigned int optlen, unsigned int optlen,
int invert, int invert,
int *hotdrop) bool *hotdrop)
{ {
/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
u_int8_t _opt[60 - sizeof(struct tcphdr)], *op; u_int8_t _opt[60 - sizeof(struct tcphdr)], *op;
@ -57,7 +57,7 @@ tcp_find_option(u_int8_t option,
op = skb_header_pointer(skb, protoff + sizeof(struct tcphdr), op = skb_header_pointer(skb, protoff + sizeof(struct tcphdr),
optlen, _opt); optlen, _opt);
if (op == NULL) { if (op == NULL) {
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }
@ -78,7 +78,7 @@ tcp_match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
struct tcphdr _tcph, *th; struct tcphdr _tcph, *th;
const struct xt_tcp *tcpinfo = matchinfo; const struct xt_tcp *tcpinfo = matchinfo;
@ -92,7 +92,7 @@ tcp_match(const struct sk_buff *skb,
*/ */
if (offset == 1) { if (offset == 1) {
duprintf("Dropping evil TCP offset=1 frag.\n"); duprintf("Dropping evil TCP offset=1 frag.\n");
*hotdrop = 1; *hotdrop = true;
} }
/* Must not be a fragment. */ /* Must not be a fragment. */
return 0; return 0;
@ -105,7 +105,7 @@ tcp_match(const struct sk_buff *skb,
/* We've been asked to examine this packet, and we /* We've been asked to examine this packet, and we
can't. Hence, no choice but to drop. */ can't. Hence, no choice but to drop. */
duprintf("Dropping evil TCP offset=0 tinygram.\n"); duprintf("Dropping evil TCP offset=0 tinygram.\n");
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }
@ -123,7 +123,7 @@ tcp_match(const struct sk_buff *skb,
return 0; return 0;
if (tcpinfo->option) { if (tcpinfo->option) {
if (th->doff * 4 < sizeof(_tcph)) { if (th->doff * 4 < sizeof(_tcph)) {
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }
if (!tcp_find_option(tcpinfo->option, skb, protoff, if (!tcp_find_option(tcpinfo->option, skb, protoff,
@ -157,7 +157,7 @@ udp_match(const struct sk_buff *skb,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
unsigned int protoff, unsigned int protoff,
int *hotdrop) bool *hotdrop)
{ {
struct udphdr _udph, *uh; struct udphdr _udph, *uh;
const struct xt_udp *udpinfo = matchinfo; const struct xt_udp *udpinfo = matchinfo;
@ -171,7 +171,7 @@ udp_match(const struct sk_buff *skb,
/* We've been asked to examine this packet, and we /* We've been asked to examine this packet, and we
can't. Hence, no choice but to drop. */ can't. Hence, no choice but to drop. */
duprintf("Dropping evil UDP tinygram.\n"); duprintf("Dropping evil UDP tinygram.\n");
*hotdrop = 1; *hotdrop = true;
return 0; return 0;
} }