diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-10-15 18:19:35 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-10-18 08:16:12 -0400 |
| commit | 61cfac6b42af98ab46bcb3a47e150e7b20d5015e (patch) | |
| tree | bd5997465064bea63af8a1959c4a1ea7378a1fd7 /net | |
| parent | 5c819a39753d6a3ae9c0092236f59730a369b619 (diff) | |
netfilter: nft_nat: NFTA_NAT_REG_ADDR_MAX depends on NFTA_NAT_REG_ADDR_MIN
Interpret NFTA_NAT_REG_ADDR_MAX if NFTA_NAT_REG_ADDR_MIN is present,
otherwise, skip it. Same thing with NFTA_NAT_REG_PROTO_MAX.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nft_nat.c | 50 |
1 files changed, 28 insertions, 22 deletions
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c index 5078f1f1c569..a95e0c1addd3 100644 --- a/net/netfilter/nft_nat.c +++ b/net/netfilter/nft_nat.c | |||
| @@ -126,38 +126,44 @@ static int nft_nat_init(const struct nft_ctx *ctx, const struct nft_expr *expr, | |||
| 126 | priv->family = family; | 126 | priv->family = family; |
| 127 | 127 | ||
| 128 | if (tb[NFTA_NAT_REG_ADDR_MIN]) { | 128 | if (tb[NFTA_NAT_REG_ADDR_MIN]) { |
| 129 | priv->sreg_addr_min = ntohl(nla_get_be32( | 129 | priv->sreg_addr_min = |
| 130 | tb[NFTA_NAT_REG_ADDR_MIN])); | 130 | ntohl(nla_get_be32(tb[NFTA_NAT_REG_ADDR_MIN])); |
| 131 | |||
| 131 | err = nft_validate_input_register(priv->sreg_addr_min); | 132 | err = nft_validate_input_register(priv->sreg_addr_min); |
| 132 | if (err < 0) | 133 | if (err < 0) |
| 133 | return err; | 134 | return err; |
| 134 | } | ||
| 135 | 135 | ||
| 136 | if (tb[NFTA_NAT_REG_ADDR_MAX]) { | 136 | if (tb[NFTA_NAT_REG_ADDR_MAX]) { |
| 137 | priv->sreg_addr_max = ntohl(nla_get_be32( | 137 | priv->sreg_addr_max = |
| 138 | tb[NFTA_NAT_REG_ADDR_MAX])); | 138 | ntohl(nla_get_be32(tb[NFTA_NAT_REG_ADDR_MAX])); |
| 139 | err = nft_validate_input_register(priv->sreg_addr_max); | 139 | |
| 140 | if (err < 0) | 140 | err = nft_validate_input_register(priv->sreg_addr_max); |
| 141 | return err; | 141 | if (err < 0) |
| 142 | } else | 142 | return err; |
| 143 | priv->sreg_addr_max = priv->sreg_addr_min; | 143 | } else { |
| 144 | priv->sreg_addr_max = priv->sreg_addr_min; | ||
| 145 | } | ||
| 146 | } | ||
| 144 | 147 | ||
| 145 | if (tb[NFTA_NAT_REG_PROTO_MIN]) { | 148 | if (tb[NFTA_NAT_REG_PROTO_MIN]) { |
| 146 | priv->sreg_proto_min = ntohl(nla_get_be32( | 149 | priv->sreg_proto_min = |
| 147 | tb[NFTA_NAT_REG_PROTO_MIN])); | 150 | ntohl(nla_get_be32(tb[NFTA_NAT_REG_PROTO_MIN])); |
| 151 | |||
| 148 | err = nft_validate_input_register(priv->sreg_proto_min); | 152 | err = nft_validate_input_register(priv->sreg_proto_min); |
| 149 | if (err < 0) | 153 | if (err < 0) |
| 150 | return err; | 154 | return err; |
| 151 | } | ||
| 152 | 155 | ||
| 153 | if (tb[NFTA_NAT_REG_PROTO_MAX]) { | 156 | if (tb[NFTA_NAT_REG_PROTO_MAX]) { |
| 154 | priv->sreg_proto_max = ntohl(nla_get_be32( | 157 | priv->sreg_proto_max = |
| 155 | tb[NFTA_NAT_REG_PROTO_MAX])); | 158 | ntohl(nla_get_be32(tb[NFTA_NAT_REG_PROTO_MAX])); |
| 156 | err = nft_validate_input_register(priv->sreg_proto_max); | 159 | |
| 157 | if (err < 0) | 160 | err = nft_validate_input_register(priv->sreg_proto_max); |
| 158 | return err; | 161 | if (err < 0) |
| 159 | } else | 162 | return err; |
| 160 | priv->sreg_proto_max = priv->sreg_proto_min; | 163 | } else { |
| 164 | priv->sreg_proto_max = priv->sreg_proto_min; | ||
| 165 | } | ||
| 166 | } | ||
| 161 | 167 | ||
| 162 | if (tb[NFTA_NAT_FLAGS]) { | 168 | if (tb[NFTA_NAT_FLAGS]) { |
| 163 | priv->flags = ntohl(nla_get_be32(tb[NFTA_NAT_FLAGS])); | 169 | priv->flags = ntohl(nla_get_be32(tb[NFTA_NAT_FLAGS])); |