diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2006-03-22 16:54:40 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-03-22 16:54:40 -0500 |
commit | f0d835835ba30686dc085e98c8eeac0b9c26e3b2 (patch) | |
tree | 85149be8e4154bda3fc9c979693fb5bf997d82f3 | |
parent | 1cde64365b0c4f576f8f45b834e6a6de081b5914 (diff) |
[NETFILTER]: nfnetlink_queue: fix nfnetlink message size
Fix oversized message, use NLMSG_SPACE just one since it reserves space
for the netlink header and NFA_SPACE for every attribute.
Thanks to Harald Welte for the feedback
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/netfilter/nfnetlink_queue.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 2cf5fb8322c4..b5701662182e 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c | |||
@@ -354,16 +354,17 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, | |||
354 | QDEBUG("entered\n"); | 354 | QDEBUG("entered\n"); |
355 | 355 | ||
356 | /* all macros expand to constant values at compile time */ | 356 | /* all macros expand to constant values at compile time */ |
357 | size = NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hdr)) | 357 | size = NLMSG_SPACE(sizeof(struct nfgenmsg)) + |
358 | + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ | 358 | + NFA_SPACE(sizeof(struct nfqnl_msg_packet_hdr)) |
359 | + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ | 359 | + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ |
360 | + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ | ||
360 | #ifdef CONFIG_BRIDGE_NETFILTER | 361 | #ifdef CONFIG_BRIDGE_NETFILTER |
361 | + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ | 362 | + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ |
362 | + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ | 363 | + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ |
363 | #endif | 364 | #endif |
364 | + NLMSG_SPACE(sizeof(u_int32_t)) /* mark */ | 365 | + NFA_SPACE(sizeof(u_int32_t)) /* mark */ |
365 | + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hw)) | 366 | + NFA_SPACE(sizeof(struct nfqnl_msg_packet_hw)) |
366 | + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_timestamp)); | 367 | + NFA_SPACE(sizeof(struct nfqnl_msg_packet_timestamp)); |
367 | 368 | ||
368 | outdev = entinf->outdev; | 369 | outdev = entinf->outdev; |
369 | 370 | ||
@@ -388,7 +389,7 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, | |||
388 | else | 389 | else |
389 | data_len = queue->copy_range; | 390 | data_len = queue->copy_range; |
390 | 391 | ||
391 | size += NLMSG_SPACE(data_len); | 392 | size += NFA_SPACE(data_len); |
392 | break; | 393 | break; |
393 | 394 | ||
394 | default: | 395 | default: |