netfilter: xtables: slightly better error reporting

[net-next-2.6.git] / net / netfilter / xt_SECMARK.c

diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
index 7a6f9e6f5dfaa6b7e4e5eb57890542a99065b0e3..a91d4a7d5a2c622f0a348cdb46066afa2fb55c6b 100644 (file)
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -12,6 +12,7 @@
  * published by the Free Software Foundation.
  *
  */
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/selinux.h>
@@ -49,7 +50,7 @@ secmark_tg(struct sk_buff *skb, const struct xt_target_param *par)
        return XT_CONTINUE;
 }
 
-static bool checkentry_selinux(struct xt_secmark_target_info *info)
+static int checkentry_selinux(struct xt_secmark_target_info *info)
 {
        int err;
        struct xt_secmark_target_selinux_info *sel = &info->u.sel;
@@ -59,58 +60,59 @@ static bool checkentry_selinux(struct xt_secmark_target_info *info)
        err = selinux_string_to_sid(sel->selctx, &sel->selsid);
        if (err) {
                if (err == -EINVAL)
-                       printk(KERN_INFO PFX "invalid SELinux context \'%s\'\n",
-                              sel->selctx);
-               return false;
+                       pr_info("invalid SELinux context \'%s\'\n",
+                               sel->selctx);
+               return err;
        }
 
        if (!sel->selsid) {
-               printk(KERN_INFO PFX "unable to map SELinux context \'%s\'\n",
-                      sel->selctx);
-               return false;
+               pr_info("unable to map SELinux context \'%s\'\n", sel->selctx);
+               return -ENOENT;
        }
 
        err = selinux_secmark_relabel_packet_permission(sel->selsid);
        if (err) {
-               printk(KERN_INFO PFX "unable to obtain relabeling permission\n");
-               return false;
+               pr_info("unable to obtain relabeling permission\n");
+               return err;
        }
 
        selinux_secmark_refcount_inc();
-       return true;
+       return 0;
 }
 
-static bool secmark_tg_check(const struct xt_tgchk_param *par)
+static int secmark_tg_check(const struct xt_tgchk_param *par)
 {
        struct xt_secmark_target_info *info = par->targinfo;
+       int err;
 
        if (strcmp(par->table, "mangle") != 0 &&
            strcmp(par->table, "security") != 0) {
-               printk(KERN_INFO PFX "target only valid in the \'mangle\' "
-                      "or \'security\' tables, not \'%s\'.\n", par->table);
-               return false;
+               pr_info("target only valid in the \'mangle\' "
+                       "or \'security\' tables, not \'%s\'.\n", par->table);
+               return -EINVAL;
        }
 
        if (mode && mode != info->mode) {
-               printk(KERN_INFO PFX "mode already set to %hu cannot mix with "
-                      "rules for mode %hu\n", mode, info->mode);
-               return false;
+               pr_info("mode already set to %hu cannot mix with "
+                       "rules for mode %hu\n", mode, info->mode);
+               return -EINVAL;
        }
 
        switch (info->mode) {
        case SECMARK_MODE_SEL:
-               if (!checkentry_selinux(info))
-                       return false;
+               err = checkentry_selinux(info);
+               if (err <= 0)
+                       return err;
                break;
 
        default:
-               printk(KERN_INFO PFX "invalid mode: %hu\n", info->mode);
-               return false;
+               pr_info("invalid mode: %hu\n", info->mode);
+               return -EINVAL;
        }
 
        if (!mode)
                mode = info->mode;
-       return true;
+       return 0;
 }
 
 static void secmark_tg_destroy(const struct xt_tgdtor_param *par)