netfilter: xtables: slightly better error reporting (4a5a5c73) · Commits · e / devices / android_kernel_xiaomi_markw

net/ipv4/netfilter/ipt_CLUSTERIP.c

+6 −5

Original line number	Diff line number	Diff line
		@@ -351,8 +351,8 @@ static int clusterip_tg_check(const struct xt_tgchk_param *par)
		{
		struct ipt_clusterip_tgt_info *cipinfo = par->targinfo;
		const struct ipt_entry *e = par->entryinfo;

		struct clusterip_config *config;
		int ret;

		if (cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP &&
		cipinfo->hash_mode != CLUSTERIP_HASHMODE_SIP_SPT &&
		@@ -387,7 +387,7 @@ static int clusterip_tg_check(const struct xt_tgchk_param *par)
		if (!dev) {
		pr_info("no such interface %s\n",
		e->ip.iniface);
		return -EINVAL;
		return -ENOENT;
		}

		config = clusterip_config_init(cipinfo,
		@@ -395,17 +395,18 @@ static int clusterip_tg_check(const struct xt_tgchk_param *par)
		if (!config) {
		pr_info("cannot allocate config\n");
		dev_put(dev);
		return -EINVAL;
		return -ENOMEM;
		}
		dev_mc_add(config->dev,config->clustermac, ETH_ALEN, 0);
		}
		}
		cipinfo->config = config;

		if (nf_ct_l3proto_try_module_get(par->family) < 0) {
		ret = nf_ct_l3proto_try_module_get(par->family);
		if (ret < 0) {
		pr_info("cannot load conntrack support for proto=%u\n",
		par->family);
		return -EINVAL;
		return ret;
		}

		return 0;

+5 −3

Original line number	Diff line number	Diff line
		@@ -87,6 +87,7 @@ connsecmark_tg(struct sk_buff skb, const struct xt_target_param par)
		static int connsecmark_tg_check(const struct xt_tgchk_param *par)
		{
		const struct xt_connsecmark_target_info *info = par->targinfo;
		int ret;

		if (strcmp(par->table, "mangle") != 0 &&
		strcmp(par->table, "security") != 0) {
		@@ -102,13 +103,14 @@ static int connsecmark_tg_check(const struct xt_tgchk_param *par)

		default:
		pr_info("invalid mode: %hu\n", info->mode);
		return false;
		return -EINVAL;
		}

		if (nf_ct_l3proto_try_module_get(par->family) < 0) {
		ret = nf_ct_l3proto_try_module_get(par->family);
		if (ret < 0) {
		pr_info("cannot load conntrack support for proto=%u\n",
		par->family);
		return -EINVAL;
		return ret;
		}
		return 0;
		}

+9 −2

Original line number	Diff line number	Diff line
		@@ -59,6 +59,7 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par)
		struct nf_conntrack_tuple t;
		struct nf_conn_help *help;
		struct nf_conn *ct;
		int ret = 0;
		u8 proto;

		if (info->flags & ~XT_CT_NOTRACK)
		@@ -75,28 +76,34 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par)
		goto err1;
		#endif

		if (nf_ct_l3proto_try_module_get(par->family) < 0)
		ret = nf_ct_l3proto_try_module_get(par->family);
		if (ret < 0)
		goto err1;

		memset(&t, 0, sizeof(t));
		ct = nf_conntrack_alloc(par->net, info->zone, &t, &t, GFP_KERNEL);
		ret = PTR_ERR(ct);
		if (IS_ERR(ct))
		goto err2;

		ret = 0;
		if ((info->ct_events \|\| info->exp_events) &&
		!nf_ct_ecache_ext_add(ct, info->ct_events, info->exp_events,
		GFP_KERNEL))
		goto err3;

		if (info->helper[0]) {
		ret = -ENOENT;
		proto = xt_ct_find_proto(par);
		if (!proto)
		goto err3;

		ret = -ENOMEM;
		help = nf_ct_helper_ext_add(ct, GFP_KERNEL);
		if (help == NULL)
		goto err3;

		ret = -ENOENT;
		help->helper = nf_conntrack_helper_try_module_get(info->helper,
		par->family,
		proto);
		@@ -115,7 +122,7 @@ err3:
		err2:
		nf_ct_l3proto_module_put(par->family);
		err1:
		return -EINVAL;
		return ret;
		}

		static void xt_ct_tg_destroy(const struct xt_tgdtor_param *par)

+1 −1

Original line number	Diff line number	Diff line
		@@ -66,7 +66,7 @@ static int dscp_tg_check(const struct xt_tgchk_param *par)

		if (info->dscp > XT_DSCP_MAX) {
		pr_info("dscp %x out of range\n", info->dscp);
		return -EINVAL;
		return -EDOM;
		}
		return 0;
		}

+1 −1

Original line number	Diff line number	Diff line
		@@ -107,7 +107,7 @@ static int ttl_tg_check(const struct xt_tgchk_param *par)

		if (info->mode > IPT_TTL_MAXMODE) {
		pr_info("TTL: invalid or unknown mode %u\n", info->mode);
		return false;
		return -EINVAL;
		}
		if (info->mode != IPT_TTL_SET && info->ttl == 0)
		return -EINVAL;