diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2008-10-08 05:35:13 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:13 -0400 |
| commit | 18219d3f7d6a5bc43825a41e0763158efbdb80d3 (patch) | |
| tree | aca133d934ec93fc441d5a26937b2428d23573bd /net/bridge/netfilter/ebt_snat.c | |
| parent | d2f26037a38ada4a5d40d1cf0b32bc5289f50312 (diff) | |
netfilter: ebtables: do centralized size checking
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/bridge/netfilter/ebt_snat.c')
| -rw-r--r-- | net/bridge/netfilter/ebt_snat.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c index 5425333dda0..abfbc6c9502 100644 --- a/net/bridge/netfilter/ebt_snat.c +++ b/net/bridge/netfilter/ebt_snat.c | |||
| @@ -7,14 +7,14 @@ | |||
| 7 | * June, 2002 | 7 | * June, 2002 |
| 8 | * | 8 | * |
| 9 | */ | 9 | */ |
| 10 | |||
| 11 | #include <linux/netfilter.h> | ||
| 12 | #include <linux/netfilter_bridge/ebtables.h> | ||
| 13 | #include <linux/netfilter_bridge/ebt_nat.h> | ||
| 14 | #include <linux/module.h> | 10 | #include <linux/module.h> |
| 15 | #include <net/sock.h> | 11 | #include <net/sock.h> |
| 16 | #include <linux/if_arp.h> | 12 | #include <linux/if_arp.h> |
| 17 | #include <net/arp.h> | 13 | #include <net/arp.h> |
| 14 | #include <linux/netfilter.h> | ||
| 15 | #include <linux/netfilter/x_tables.h> | ||
| 16 | #include <linux/netfilter_bridge/ebtables.h> | ||
| 17 | #include <linux/netfilter_bridge/ebt_nat.h> | ||
| 18 | 18 | ||
| 19 | static int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr, | 19 | static int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr, |
| 20 | const struct net_device *in, const struct net_device *out, | 20 | const struct net_device *in, const struct net_device *out, |
| @@ -49,8 +49,6 @@ static int ebt_target_snat_check(const char *tablename, unsigned int hookmask, | |||
| 49 | const struct ebt_nat_info *info = data; | 49 | const struct ebt_nat_info *info = data; |
| 50 | int tmp; | 50 | int tmp; |
| 51 | 51 | ||
| 52 | if (datalen != EBT_ALIGN(sizeof(struct ebt_nat_info))) | ||
| 53 | return -EINVAL; | ||
| 54 | tmp = info->target | ~EBT_VERDICT_BITS; | 52 | tmp = info->target | ~EBT_VERDICT_BITS; |
| 55 | if (BASE_CHAIN && tmp == EBT_RETURN) | 53 | if (BASE_CHAIN && tmp == EBT_RETURN) |
| 56 | return -EINVAL; | 54 | return -EINVAL; |
| @@ -72,6 +70,7 @@ static struct ebt_target snat __read_mostly = { | |||
| 72 | .name = EBT_SNAT_TARGET, | 70 | .name = EBT_SNAT_TARGET, |
| 73 | .target = ebt_target_snat, | 71 | .target = ebt_target_snat, |
| 74 | .check = ebt_target_snat_check, | 72 | .check = ebt_target_snat_check, |
| 73 | .targetsize = XT_ALIGN(sizeof(struct ebt_nat_info)), | ||
| 75 | .me = THIS_MODULE, | 74 | .me = THIS_MODULE, |
| 76 | }; | 75 | }; |
| 77 | 76 | ||