netfilter: change return types of match functions for ebtables extensions (8cc784ee) · Commits · e / devices / android_kernel_fairphone_FP5

include/linux/netfilter_bridge/ebtables.h

+1 −2

Original line number	Diff line number	Diff line
		@@ -207,8 +207,7 @@ struct ebt_match
		{
		struct list_head list;
		const char name[EBT_FUNCTION_MAXNAMELEN];
		/* 0 == it matches */
		int (match)(const struct sk_buff skb, const struct net_device *in,
		bool (match)(const struct sk_buff skb, const struct net_device *in,
		const struct net_device out, const void matchdata,
		unsigned int datalen);
		bool (check)(const char tablename, unsigned int hookmask,

net/bridge/netfilter/ebt_802_3.c

+7 −6

Original line number	Diff line number	Diff line
		@@ -12,7 +12,8 @@
		#include <linux/netfilter_bridge/ebtables.h>
		#include <linux/netfilter_bridge/ebt_802_3.h>

		static int ebt_filter_802_3(const struct sk_buff skb, const struct net_device in,
		static bool ebt_filter_802_3(const struct sk_buff *skb,
		const struct net_device *in,
		const struct net_device out, const void data, unsigned int datalen)
		{
		const struct ebt_802_3_info *info = data;
		@@ -21,19 +22,19 @@ static int ebt_filter_802_3(const struct sk_buff skb, const struct net_device

		if (info->bitmask & EBT_802_3_SAP) {
		if (FWINV(info->sap != hdr->llc.ui.ssap, EBT_802_3_SAP))
		return EBT_NOMATCH;
		return false;
		if (FWINV(info->sap != hdr->llc.ui.dsap, EBT_802_3_SAP))
		return EBT_NOMATCH;
		return false;
		}

		if (info->bitmask & EBT_802_3_TYPE) {
		if (!(hdr->llc.ui.dsap == CHECK_TYPE && hdr->llc.ui.ssap == CHECK_TYPE))
		return EBT_NOMATCH;
		return false;
		if (FWINV(info->type != type, EBT_802_3_TYPE))
		return EBT_NOMATCH;
		return false;
		}

		return EBT_MATCH;
		return true;
		}

		static struct ebt_match filter_802_3;

net/bridge/netfilter/ebt_among.c

+20 −24

Original line number	Diff line number	Diff line
		@@ -14,7 +14,7 @@
		#include <linux/if_arp.h>
		#include <linux/module.h>

		static int ebt_mac_wormhash_contains(const struct ebt_mac_wormhash *wh,
		static bool ebt_mac_wormhash_contains(const struct ebt_mac_wormhash *wh,
		const char *mac, __be32 ip)
		{
		/* You may be puzzled as to how this code works.
		@@ -33,23 +33,19 @@ static int ebt_mac_wormhash_contains(const struct ebt_mac_wormhash *wh,
		if (ip) {
		for (i = start; i < limit; i++) {
		p = &wh->pool[i];
		if (cmp[1] == p->cmp[1] && cmp[0] == p->cmp[0]) {
		if (p->ip == 0 \|\| p->ip == ip) {
		return 1;
		}
		}
		if (cmp[1] == p->cmp[1] && cmp[0] == p->cmp[0])
		if (p->ip == 0 \|\| p->ip == ip)
		return true;
		}
		} else {
		for (i = start; i < limit; i++) {
		p = &wh->pool[i];
		if (cmp[1] == p->cmp[1] && cmp[0] == p->cmp[0]) {
		if (p->ip == 0) {
		return 1;
		}
		}
		if (cmp[1] == p->cmp[1] && cmp[0] == p->cmp[0])
		if (p->ip == 0)
		return true;
		}
		}
		return 0;
		return false;
		}

		static int ebt_mac_wormhash_check_integrity(const struct ebt_mac_wormhash
		@@ -131,7 +127,7 @@ static int get_ip_src(const struct sk_buff skb, __be32 addr)
		return 0;
		}

		static int ebt_filter_among(const struct sk_buff *skb,
		static bool ebt_filter_among(const struct sk_buff *skb,
		const struct net_device *in,
		const struct net_device out, const void data,
		unsigned int datalen)
		@@ -147,34 +143,34 @@ static int ebt_filter_among(const struct sk_buff *skb,
		if (wh_src) {
		smac = eth_hdr(skb)->h_source;
		if (get_ip_src(skb, &sip))
		return EBT_NOMATCH;
		return false;
		if (!(info->bitmask & EBT_AMONG_SRC_NEG)) {
		/* we match only if it contains */
		if (!ebt_mac_wormhash_contains(wh_src, smac, sip))
		return EBT_NOMATCH;
		return false;
		} else {
		/* we match only if it DOES NOT contain */
		if (ebt_mac_wormhash_contains(wh_src, smac, sip))
		return EBT_NOMATCH;
		return false;
		}
		}

		if (wh_dst) {
		dmac = eth_hdr(skb)->h_dest;
		if (get_ip_dst(skb, &dip))
		return EBT_NOMATCH;
		return false;
		if (!(info->bitmask & EBT_AMONG_DST_NEG)) {
		/* we match only if it contains */
		if (!ebt_mac_wormhash_contains(wh_dst, dmac, dip))
		return EBT_NOMATCH;
		return false;
		} else {
		/* we match only if it DOES NOT contain */
		if (ebt_mac_wormhash_contains(wh_dst, dmac, dip))
		return EBT_NOMATCH;
		return false;
		}
		}

		return EBT_MATCH;
		return true;
		}

		static bool

net/bridge/netfilter/ebt_arp.c

+18 −17

Original line number	Diff line number	Diff line
		@@ -15,7 +15,8 @@
		#include <linux/netfilter_bridge/ebtables.h>
		#include <linux/netfilter_bridge/ebt_arp.h>

		static int ebt_filter_arp(const struct sk_buff skb, const struct net_device in,
		static bool ebt_filter_arp(const struct sk_buff *skb,
		const struct net_device *in,
		const struct net_device out, const void data, unsigned int datalen)
		{
		const struct ebt_arp_info *info = data;
		@@ -24,42 +25,42 @@ static int ebt_filter_arp(const struct sk_buff skb, const struct net_device in

		ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph);
		if (ah == NULL)
		return EBT_NOMATCH;
		return false;
		if (info->bitmask & EBT_ARP_OPCODE && FWINV(info->opcode !=
		ah->ar_op, EBT_ARP_OPCODE))
		return EBT_NOMATCH;
		return false;
		if (info->bitmask & EBT_ARP_HTYPE && FWINV(info->htype !=
		ah->ar_hrd, EBT_ARP_HTYPE))
		return EBT_NOMATCH;
		return false;
		if (info->bitmask & EBT_ARP_PTYPE && FWINV(info->ptype !=
		ah->ar_pro, EBT_ARP_PTYPE))
		return EBT_NOMATCH;
		return false;

		if (info->bitmask & (EBT_ARP_SRC_IP \| EBT_ARP_DST_IP \| EBT_ARP_GRAT)) {
		const __be32 sap, dap;
		__be32 saddr, daddr;

		if (ah->ar_pln != sizeof(__be32) \|\| ah->ar_pro != htons(ETH_P_IP))
		return EBT_NOMATCH;
		return false;
		sap = skb_header_pointer(skb, sizeof(struct arphdr) +
		ah->ar_hln, sizeof(saddr),
		&saddr);
		if (sap == NULL)
		return EBT_NOMATCH;
		return false;
		dap = skb_header_pointer(skb, sizeof(struct arphdr) +
		2*ah->ar_hln+sizeof(saddr),
		sizeof(daddr), &daddr);
		if (dap == NULL)
		return EBT_NOMATCH;
		return false;
		if (info->bitmask & EBT_ARP_SRC_IP &&
		FWINV(info->saddr != (*sap & info->smsk), EBT_ARP_SRC_IP))
		return EBT_NOMATCH;
		return false;
		if (info->bitmask & EBT_ARP_DST_IP &&
		FWINV(info->daddr != (*dap & info->dmsk), EBT_ARP_DST_IP))
		return EBT_NOMATCH;
		return false;
		if (info->bitmask & EBT_ARP_GRAT &&
		FWINV(dap != sap, EBT_ARP_GRAT))
		return EBT_NOMATCH;
		return false;
		}

		if (info->bitmask & (EBT_ARP_SRC_MAC \| EBT_ARP_DST_MAC)) {
		@@ -68,18 +69,18 @@ static int ebt_filter_arp(const struct sk_buff skb, const struct net_device in
		uint8_t verdict, i;

		if (ah->ar_hln != ETH_ALEN \|\| ah->ar_hrd != htons(ARPHRD_ETHER))
		return EBT_NOMATCH;
		return false;
		if (info->bitmask & EBT_ARP_SRC_MAC) {
		mp = skb_header_pointer(skb, sizeof(struct arphdr),
		sizeof(_mac), &_mac);
		if (mp == NULL)
		return EBT_NOMATCH;
		return false;
		verdict = 0;
		for (i = 0; i < 6; i++)
		verdict \|= (mp[i] ^ info->smaddr[i]) &
		info->smmsk[i];
		if (FWINV(verdict != 0, EBT_ARP_SRC_MAC))
		return EBT_NOMATCH;
		return false;
		}

		if (info->bitmask & EBT_ARP_DST_MAC) {
		@@ -87,17 +88,17 @@ static int ebt_filter_arp(const struct sk_buff skb, const struct net_device in
		ah->ar_hln + ah->ar_pln,
		sizeof(_mac), &_mac);
		if (mp == NULL)
		return EBT_NOMATCH;
		return false;
		verdict = 0;
		for (i = 0; i < 6; i++)
		verdict \|= (mp[i] ^ info->dmaddr[i]) &
		info->dmmsk[i];
		if (FWINV(verdict != 0, EBT_ARP_DST_MAC))
		return EBT_NOMATCH;
		return false;
		}
		}

		return EBT_MATCH;
		return true;
		}

		static bool ebt_arp_check(const char *tablename, unsigned int hookmask,

net/bridge/netfilter/ebt_ip.c

+13 −12

Original line number	Diff line number	Diff line
		@@ -24,7 +24,8 @@ struct tcpudphdr {
		__be16 dst;
		};

		static int ebt_filter_ip(const struct sk_buff skb, const struct net_device in,
		static bool ebt_filter_ip(const struct sk_buff *skb,
		const struct net_device *in,
		const struct net_device out, const void data,
		unsigned int datalen)
		{
		@@ -36,46 +37,46 @@ static int ebt_filter_ip(const struct sk_buff skb, const struct net_device in,

		ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph);
		if (ih == NULL)
		return EBT_NOMATCH;
		return false;
		if (info->bitmask & EBT_IP_TOS &&
		FWINV(info->tos != ih->tos, EBT_IP_TOS))
		return EBT_NOMATCH;
		return false;
		if (info->bitmask & EBT_IP_SOURCE &&
		FWINV((ih->saddr & info->smsk) !=
		info->saddr, EBT_IP_SOURCE))
		return EBT_NOMATCH;
		return false;
		if ((info->bitmask & EBT_IP_DEST) &&
		FWINV((ih->daddr & info->dmsk) !=
		info->daddr, EBT_IP_DEST))
		return EBT_NOMATCH;
		return false;
		if (info->bitmask & EBT_IP_PROTO) {
		if (FWINV(info->protocol != ih->protocol, EBT_IP_PROTO))
		return EBT_NOMATCH;
		return false;
		if (!(info->bitmask & EBT_IP_DPORT) &&
		!(info->bitmask & EBT_IP_SPORT))
		return EBT_MATCH;
		return true;
		if (ntohs(ih->frag_off) & IP_OFFSET)
		return EBT_NOMATCH;
		return false;
		pptr = skb_header_pointer(skb, ih->ihl*4,
		sizeof(_ports), &_ports);
		if (pptr == NULL)
		return EBT_NOMATCH;
		return false;
		if (info->bitmask & EBT_IP_DPORT) {
		u32 dst = ntohs(pptr->dst);
		if (FWINV(dst < info->dport[0] \|\|
		dst > info->dport[1],
		EBT_IP_DPORT))
		return EBT_NOMATCH;
		return false;
		}
		if (info->bitmask & EBT_IP_SPORT) {
		u32 src = ntohs(pptr->src);
		if (FWINV(src < info->sport[0] \|\|
		src > info->sport[1],
		EBT_IP_SPORT))
		return EBT_NOMATCH;
		return false;
		}
		}
		return EBT_MATCH;
		return true;
		}

		static bool ebt_ip_check(const char *tablename, unsigned int hookmask,