aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2008-01-23 23:36:30 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 18:11:23 -0500
commit53b2bf3f8a652c9c8e86831f94ae2c5767ea54d7 (patch)
treeeba61efed08a932766a32b0b6a60e766f8b44bcb
parent6fa8c0144b770dac941cf2c15053b6e24f046c8a (diff)
[NET_SCHED]: Use nla_policy for attribute validation in actions
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/sched/act_gact.c15
-rw-r--r--net/sched/act_ipt.c19
-rw-r--r--net/sched/act_mirred.c9
-rw-r--r--net/sched/act_nat.c9
-rw-r--r--net/sched/act_pedit.c9
-rw-r--r--net/sched/act_police.c16
-rw-r--r--net/sched/act_simple.c7
7 files changed, 51 insertions, 33 deletions
diff --git a/net/sched/act_gact.c b/net/sched/act_gact.c
index df214d47fc92..422872c4f14b 100644
--- a/net/sched/act_gact.c
+++ b/net/sched/act_gact.c
@@ -53,6 +53,11 @@ typedef int (*g_rand)(struct tcf_gact *gact);
53static g_rand gact_rand[MAX_RAND]= { NULL, gact_net_rand, gact_determ }; 53static g_rand gact_rand[MAX_RAND]= { NULL, gact_net_rand, gact_determ };
54#endif /* CONFIG_GACT_PROB */ 54#endif /* CONFIG_GACT_PROB */
55 55
56static const struct nla_policy gact_policy[TCA_GACT_MAX + 1] = {
57 [TCA_GACT_PARMS] = { .len = sizeof(struct tc_gact) },
58 [TCA_GACT_PROB] = { .len = sizeof(struct tc_gact_p) },
59};
60
56static int tcf_gact_init(struct nlattr *nla, struct nlattr *est, 61static int tcf_gact_init(struct nlattr *nla, struct nlattr *est,
57 struct tc_action *a, int ovr, int bind) 62 struct tc_action *a, int ovr, int bind)
58{ 63{
@@ -66,20 +71,16 @@ static int tcf_gact_init(struct nlattr *nla, struct nlattr *est,
66 if (nla == NULL) 71 if (nla == NULL)
67 return -EINVAL; 72 return -EINVAL;
68 73
69 err = nla_parse_nested(tb, TCA_GACT_MAX, nla, NULL); 74 err = nla_parse_nested(tb, TCA_GACT_MAX, nla, gact_policy);
70 if (err < 0) 75 if (err < 0)
71 return err; 76 return err;
72 77
73 if (tb[TCA_GACT_PARMS] == NULL || 78 if (tb[TCA_GACT_PARMS] == NULL)
74 nla_len(tb[TCA_GACT_PARMS]) < sizeof(*parm))
75 return -EINVAL; 79 return -EINVAL;
76 parm = nla_data(tb[TCA_GACT_PARMS]); 80 parm = nla_data(tb[TCA_GACT_PARMS]);
77 81
82#ifndef CONFIG_GACT_PROB
78 if (tb[TCA_GACT_PROB] != NULL) 83 if (tb[TCA_GACT_PROB] != NULL)
79#ifdef CONFIG_GACT_PROB
80 if (nla_len(tb[TCA_GACT_PROB]) < sizeof(struct tc_gact_p))
81 return -EINVAL;
82#else
83 return -EOPNOTSUPP; 84 return -EOPNOTSUPP;
84#endif 85#endif
85 86
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c
index 7ab2419b44ec..da696fd3e341 100644
--- a/net/sched/act_ipt.c
+++ b/net/sched/act_ipt.c
@@ -92,6 +92,13 @@ static int tcf_ipt_release(struct tcf_ipt *ipt, int bind)
92 return ret; 92 return ret;
93} 93}
94 94
95static const struct nla_policy ipt_policy[TCA_IPT_MAX + 1] = {
96 [TCA_IPT_TABLE] = { .type = NLA_STRING, .len = IFNAMSIZ },
97 [TCA_IPT_HOOK] = { .type = NLA_U32 },
98 [TCA_IPT_INDEX] = { .type = NLA_U32 },
99 [TCA_IPT_TARG] = { .len = sizeof(struct ipt_entry_target) },
100};
101
95static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est, 102static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est,
96 struct tc_action *a, int ovr, int bind) 103 struct tc_action *a, int ovr, int bind)
97{ 104{
@@ -107,22 +114,20 @@ static int tcf_ipt_init(struct nlattr *nla, struct nlattr *est,
107 if (nla == NULL) 114 if (nla == NULL)
108 return -EINVAL; 115 return -EINVAL;
109 116
110 err = nla_parse_nested(tb, TCA_IPT_MAX, nla, NULL); 117 err = nla_parse_nested(tb, TCA_IPT_MAX, nla, ipt_policy);
111 if (err < 0) 118 if (err < 0)
112 return err; 119 return err;
113 120
114 if (tb[TCA_IPT_HOOK] == NULL || 121 if (tb[TCA_IPT_HOOK] == NULL)
115 nla_len(tb[TCA_IPT_HOOK]) < sizeof(u32))
116 return -EINVAL; 122 return -EINVAL;
117 if (tb[TCA_IPT_TARG] == NULL || 123 if (tb[TCA_IPT_TARG] == NULL)
118 nla_len(tb[TCA_IPT_TARG]) < sizeof(*t))
119 return -EINVAL; 124 return -EINVAL;
125
120 td = (struct ipt_entry_target *)nla_data(tb[TCA_IPT_TARG]); 126 td = (struct ipt_entry_target *)nla_data(tb[TCA_IPT_TARG]);
121 if (nla_len(tb[TCA_IPT_TARG]) < td->u.target_size) 127 if (nla_len(tb[TCA_IPT_TARG]) < td->u.target_size)
122 return -EINVAL; 128 return -EINVAL;
123 129
124 if (tb[TCA_IPT_INDEX] != NULL && 130 if (tb[TCA_IPT_INDEX] != NULL)
125 nla_len(tb[TCA_IPT_INDEX]) >= sizeof(u32))
126 index = nla_get_u32(tb[TCA_IPT_INDEX]); 131 index = nla_get_u32(tb[TCA_IPT_INDEX]);
127 132
128 pc = tcf_hash_check(index, a, bind, &ipt_hash_info); 133 pc = tcf_hash_check(index, a, bind, &ipt_hash_info);
diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c
index 6cb5e30dcf8c..1aff005d95cd 100644
--- a/net/sched/act_mirred.c
+++ b/net/sched/act_mirred.c
@@ -54,6 +54,10 @@ static inline int tcf_mirred_release(struct tcf_mirred *m, int bind)
54 return 0; 54 return 0;
55} 55}
56 56
57static const struct nla_policy mirred_policy[TCA_MIRRED_MAX + 1] = {
58 [TCA_MIRRED_PARMS] = { .len = sizeof(struct tc_mirred) },
59};
60
57static int tcf_mirred_init(struct nlattr *nla, struct nlattr *est, 61static int tcf_mirred_init(struct nlattr *nla, struct nlattr *est,
58 struct tc_action *a, int ovr, int bind) 62 struct tc_action *a, int ovr, int bind)
59{ 63{
@@ -68,12 +72,11 @@ static int tcf_mirred_init(struct nlattr *nla, struct nlattr *est,
68 if (nla == NULL) 72 if (nla == NULL)
69 return -EINVAL; 73 return -EINVAL;
70 74
71 err = nla_parse_nested(tb, TCA_MIRRED_MAX, nla, NULL); 75 err = nla_parse_nested(tb, TCA_MIRRED_MAX, nla, mirred_policy);
72 if (err < 0) 76 if (err < 0)
73 return err; 77 return err;
74 78
75 if (tb[TCA_MIRRED_PARMS] == NULL || 79 if (tb[TCA_MIRRED_PARMS] == NULL)
76 nla_len(tb[TCA_MIRRED_PARMS]) < sizeof(*parm))
77 return -EINVAL; 80 return -EINVAL;
78 parm = nla_data(tb[TCA_MIRRED_PARMS]); 81 parm = nla_data(tb[TCA_MIRRED_PARMS]);
79 82
diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
index 5a512d4dc37c..0a3c8339767a 100644
--- a/net/sched/act_nat.c
+++ b/net/sched/act_nat.c
@@ -40,6 +40,10 @@ static struct tcf_hashinfo nat_hash_info = {
40 .lock = &nat_lock, 40 .lock = &nat_lock,
41}; 41};
42 42
43static const struct nla_policy nat_policy[TCA_NAT_MAX + 1] = {
44 [TCA_NAT_PARMS] = { .len = sizeof(struct tc_nat) },
45};
46
43static int tcf_nat_init(struct nlattr *nla, struct nlattr *est, 47static int tcf_nat_init(struct nlattr *nla, struct nlattr *est,
44 struct tc_action *a, int ovr, int bind) 48 struct tc_action *a, int ovr, int bind)
45{ 49{
@@ -52,12 +56,11 @@ static int tcf_nat_init(struct nlattr *nla, struct nlattr *est,
52 if (nla == NULL) 56 if (nla == NULL)
53 return -EINVAL; 57 return -EINVAL;
54 58
55 err = nla_parse_nested(tb, TCA_NAT_MAX, nla, NULL); 59 err = nla_parse_nested(tb, TCA_NAT_MAX, nla, nat_policy);
56 if (err < 0) 60 if (err < 0)
57 return err; 61 return err;
58 62
59 if (tb[TCA_NAT_PARMS] == NULL || 63 if (tb[TCA_NAT_PARMS] == NULL)
60 nla_len(tb[TCA_NAT_PARMS]) < sizeof(*parm))
61 return -EINVAL; 64 return -EINVAL;
62 parm = nla_data(tb[TCA_NAT_PARMS]); 65 parm = nla_data(tb[TCA_NAT_PARMS]);
63 66
diff --git a/net/sched/act_pedit.c b/net/sched/act_pedit.c
index 1b9ca45a78e5..3cc4cb9e500e 100644
--- a/net/sched/act_pedit.c
+++ b/net/sched/act_pedit.c
@@ -33,6 +33,10 @@ static struct tcf_hashinfo pedit_hash_info = {
33 .lock = &pedit_lock, 33 .lock = &pedit_lock,
34}; 34};
35 35
36static const struct nla_policy pedit_policy[TCA_PEDIT_MAX + 1] = {
37 [TCA_PEDIT_PARMS] = { .len = sizeof(struct tcf_pedit) },
38};
39
36static int tcf_pedit_init(struct nlattr *nla, struct nlattr *est, 40static int tcf_pedit_init(struct nlattr *nla, struct nlattr *est,
37 struct tc_action *a, int ovr, int bind) 41 struct tc_action *a, int ovr, int bind)
38{ 42{
@@ -47,12 +51,11 @@ static int tcf_pedit_init(struct nlattr *nla, struct nlattr *est,
47 if (nla == NULL) 51 if (nla == NULL)
48 return -EINVAL; 52 return -EINVAL;
49 53
50 err = nla_parse_nested(tb, TCA_PEDIT_MAX, nla, NULL); 54 err = nla_parse_nested(tb, TCA_PEDIT_MAX, nla, pedit_policy);
51 if (err < 0) 55 if (err < 0)
52 return err; 56 return err;
53 57
54 if (tb[TCA_PEDIT_PARMS] == NULL || 58 if (tb[TCA_PEDIT_PARMS] == NULL)
55 nla_len(tb[TCA_PEDIT_PARMS]) < sizeof(*parm))
56 return -EINVAL; 59 return -EINVAL;
57 parm = nla_data(tb[TCA_PEDIT_PARMS]); 60 parm = nla_data(tb[TCA_PEDIT_PARMS]);
58 ksize = parm->nkeys * sizeof(struct tc_pedit_key); 61 ksize = parm->nkeys * sizeof(struct tc_pedit_key);
diff --git a/net/sched/act_police.c b/net/sched/act_police.c
index 62de806af3af..0898120bbcc0 100644
--- a/net/sched/act_police.c
+++ b/net/sched/act_police.c
@@ -119,6 +119,13 @@ static void tcf_police_destroy(struct tcf_police *p)
119 BUG_TRAP(0); 119 BUG_TRAP(0);
120} 120}
121 121
122static const struct nla_policy police_policy[TCA_POLICE_MAX + 1] = {
123 [TCA_POLICE_RATE] = { .len = TC_RTAB_SIZE },
124 [TCA_POLICE_PEAKRATE] = { .len = TC_RTAB_SIZE },
125 [TCA_POLICE_AVRATE] = { .type = NLA_U32 },
126 [TCA_POLICE_RESULT] = { .type = NLA_U32 },
127};
128
122static int tcf_act_police_locate(struct nlattr *nla, struct nlattr *est, 129static int tcf_act_police_locate(struct nlattr *nla, struct nlattr *est,
123 struct tc_action *a, int ovr, int bind) 130 struct tc_action *a, int ovr, int bind)
124{ 131{
@@ -133,7 +140,7 @@ static int tcf_act_police_locate(struct nlattr *nla, struct nlattr *est,
133 if (nla == NULL) 140 if (nla == NULL)
134 return -EINVAL; 141 return -EINVAL;
135 142
136 err = nla_parse_nested(tb, TCA_POLICE_MAX, nla, NULL); 143 err = nla_parse_nested(tb, TCA_POLICE_MAX, nla, police_policy);
137 if (err < 0) 144 if (err < 0)
138 return err; 145 return err;
139 146
@@ -144,13 +151,6 @@ static int tcf_act_police_locate(struct nlattr *nla, struct nlattr *est,
144 return -EINVAL; 151 return -EINVAL;
145 parm = nla_data(tb[TCA_POLICE_TBF]); 152 parm = nla_data(tb[TCA_POLICE_TBF]);
146 153
147 if (tb[TCA_POLICE_RESULT] != NULL &&
148 nla_len(tb[TCA_POLICE_RESULT]) != sizeof(u32))
149 return -EINVAL;
150 if (tb[TCA_POLICE_RESULT] != NULL &&
151 nla_len(tb[TCA_POLICE_RESULT]) != sizeof(u32))
152 return -EINVAL;
153
154 if (parm->index) { 154 if (parm->index) {
155 struct tcf_common *pc; 155 struct tcf_common *pc;
156 156
diff --git a/net/sched/act_simple.c b/net/sched/act_simple.c
index cedaadf18eb2..fbde461b716c 100644
--- a/net/sched/act_simple.c
+++ b/net/sched/act_simple.c
@@ -84,6 +84,10 @@ static int realloc_defdata(struct tcf_defact *d, u32 datalen, void *defdata)
84 return alloc_defdata(d, datalen, defdata); 84 return alloc_defdata(d, datalen, defdata);
85} 85}
86 86
87static const struct nla_policy simple_policy[TCA_DEF_MAX + 1] = {
88 [TCA_DEF_PARMS] = { .len = sizeof(struct tc_defact) },
89};
90
87static int tcf_simp_init(struct nlattr *nla, struct nlattr *est, 91static int tcf_simp_init(struct nlattr *nla, struct nlattr *est,
88 struct tc_action *a, int ovr, int bind) 92 struct tc_action *a, int ovr, int bind)
89{ 93{
@@ -102,8 +106,7 @@ static int tcf_simp_init(struct nlattr *nla, struct nlattr *est,
102 if (err < 0) 106 if (err < 0)
103 return err; 107 return err;
104 108
105 if (tb[TCA_DEF_PARMS] == NULL || 109 if (tb[TCA_DEF_PARMS] == NULL)
106 nla_len(tb[TCA_DEF_PARMS]) < sizeof(*parm))
107 return -EINVAL; 110 return -EINVAL;
108 111
109 parm = nla_data(tb[TCA_DEF_PARMS]); 112 parm = nla_data(tb[TCA_DEF_PARMS]);