aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-09-28 17:37:03 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 19:53:31 -0400
commitdf6fb868d6118686805c2fa566e213a8f31c8e4f (patch)
tree3a0d7d7e9c7d2d8c2d7a06b32e02702eecbfddf6
parent7c8d4cb4198d199e65a6ced8c81f71e3ac3f4cfc (diff)
[NETFILTER]: nfnetlink: convert to generic netlink attribute functions
Get rid of the duplicated rtnetlink macros and use the generic netlink attribute functions. The old duplicated stuff is moved to a new header file that exists just for userspace. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat
-rw-r--r--include/linux/netfilter/Kbuild1
-rw-r--r--include/linux/netfilter/nfnetlink.h78
-rw-r--r--include/linux/netfilter/nfnetlink_compat.h61
-rw-r--r--include/net/netfilter/nf_conntrack_l3proto.h5
-rw-r--r--include/net/netfilter/nf_conntrack_l4proto.h10
-rw-r--r--include/net/netfilter/nf_nat_protocol.h4
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c20
-rw-r--r--net/ipv4/netfilter/nf_conntrack_proto_icmp.c30
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c16
-rw-r--r--net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c20
-rw-r--r--net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c30
-rw-r--r--net/netfilter/nf_conntrack_core.c21
-rw-r--r--net/netfilter/nf_conntrack_netlink.c393
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c63
-rw-r--r--net/netfilter/nfnetlink.c39
-rw-r--r--net/netfilter/nfnetlink_log.c155
-rw-r--r--net/netfilter/nfnetlink_queue.c113
17 files changed, 527 insertions, 532 deletions
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
index ab57cb7d7c61..f2eaea2234ec 100644
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -40,5 +40,6 @@ unifdef-y += nf_conntrack_common.h
40unifdef-y += nf_conntrack_ftp.h 40unifdef-y += nf_conntrack_ftp.h
41unifdef-y += nf_conntrack_tcp.h 41unifdef-y += nf_conntrack_tcp.h
42unifdef-y += nfnetlink.h 42unifdef-y += nfnetlink.h
43unifdef-y += nfnetlink_compat.h
43unifdef-y += x_tables.h 44unifdef-y += x_tables.h
44unifdef-y += xt_physdev.h 45unifdef-y += xt_physdev.h
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index e32418bcc661..47457b4c8c62 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -1,16 +1,7 @@
1#ifndef _NFNETLINK_H 1#ifndef _NFNETLINK_H
2#define _NFNETLINK_H 2#define _NFNETLINK_H
3#include <linux/types.h> 3#include <linux/types.h>
4 4#include <linux/netfilter/nfnetlink_compat.h>
5#ifndef __KERNEL__
6/* nfnetlink groups: Up to 32 maximum - backwards compatibility for userspace */
7#define NF_NETLINK_CONNTRACK_NEW 0x00000001
8#define NF_NETLINK_CONNTRACK_UPDATE 0x00000002
9#define NF_NETLINK_CONNTRACK_DESTROY 0x00000004
10#define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008
11#define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010
12#define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020
13#endif
14 5
15enum nfnetlink_groups { 6enum nfnetlink_groups {
16 NFNLGRP_NONE, 7 NFNLGRP_NONE,
@@ -31,48 +22,6 @@ enum nfnetlink_groups {
31}; 22};
32#define NFNLGRP_MAX (__NFNLGRP_MAX - 1) 23#define NFNLGRP_MAX (__NFNLGRP_MAX - 1)
33 24
34/* Generic structure for encapsulation optional netfilter information.
35 * It is reminiscent of sockaddr, but with sa_family replaced
36 * with attribute type.
37 * ! This should someday be put somewhere generic as now rtnetlink and
38 * ! nfnetlink use the same attributes methods. - J. Schulist.
39 */
40
41struct nfattr
42{
43 u_int16_t nfa_len;
44 u_int16_t nfa_type; /* we use 15 bits for the type, and the highest
45 * bit to indicate whether the payload is nested */
46};
47
48/* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from
49 * rtnetlink.h, it's time to put this in a generic file */
50
51#define NFNL_NFA_NEST 0x8000
52#define NFA_TYPE(attr) ((attr)->nfa_type & 0x7fff)
53
54#define NFA_ALIGNTO 4
55#define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1))
56#define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \
57 && (nfa)->nfa_len <= (len))
58#define NFA_NEXT(nfa,attrlen) ((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \
59 (struct nfattr *)(((char *)(nfa)) + NFA_ALIGN((nfa)->nfa_len)))
60#define NFA_LENGTH(len) (NFA_ALIGN(sizeof(struct nfattr)) + (len))
61#define NFA_SPACE(len) NFA_ALIGN(NFA_LENGTH(len))
62#define NFA_DATA(nfa) ((void *)(((char *)(nfa)) + NFA_LENGTH(0)))
63#define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0))
64#define NFA_NEST(skb, type) \
65({ struct nfattr *__start = (struct nfattr *)skb_tail_pointer(skb); \
66 NFA_PUT(skb, (NFNL_NFA_NEST | type), 0, NULL); \
67 __start; })
68#define NFA_NEST_END(skb, start) \
69({ (start)->nfa_len = skb_tail_pointer(skb) - (unsigned char *)(start); \
70 (skb)->len; })
71#define NFA_NEST_CANCEL(skb, start) \
72({ if (start) \
73 skb_trim(skb, (unsigned char *) (start) - (skb)->data); \
74 -1; })
75
76/* General form of address family dependent message. 25/* General form of address family dependent message.
77 */ 26 */
78struct nfgenmsg { 27struct nfgenmsg {
@@ -83,10 +32,6 @@ struct nfgenmsg {
83 32
84#define NFNETLINK_V0 0 33#define NFNETLINK_V0 0
85 34
86#define NFM_NFA(n) ((struct nfattr *)(((char *)(n)) \
87 + NLMSG_ALIGN(sizeof(struct nfgenmsg))))
88#define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg))
89
90/* netfilter netlink message types are split in two pieces: 35/* netfilter netlink message types are split in two pieces:
91 * 8 bit subsystem, 8bit operation. 36 * 8 bit subsystem, 8bit operation.
92 */ 37 */
@@ -107,12 +52,13 @@ struct nfgenmsg {
107 52
108#include <linux/netlink.h> 53#include <linux/netlink.h>
109#include <linux/capability.h> 54#include <linux/capability.h>
55#include <net/netlink.h>
110 56
111struct nfnl_callback 57struct nfnl_callback
112{ 58{
113 int (*call)(struct sock *nl, struct sk_buff *skb, 59 int (*call)(struct sock *nl, struct sk_buff *skb,
114 struct nlmsghdr *nlh, struct nfattr *cda[]); 60 struct nlmsghdr *nlh, struct nlattr *cda[]);
115 u_int16_t attr_count; /* number of nfattr's */ 61 u_int16_t attr_count; /* number of nlattr's */
116}; 62};
117 63
118struct nfnetlink_subsystem 64struct nfnetlink_subsystem
@@ -123,27 +69,15 @@ struct nfnetlink_subsystem
123 const struct nfnl_callback *cb; /* callback for individual types */ 69 const struct nfnl_callback *cb; /* callback for individual types */
124}; 70};
125 71
126extern void __nfa_fill(struct sk_buff *skb, int attrtype,
127 int attrlen, const void *data);
128#define NFA_PUT(skb, attrtype, attrlen, data) \
129({ if (skb_tailroom(skb) < (int)NFA_SPACE(attrlen)) goto nfattr_failure; \
130 __nfa_fill(skb, attrtype, attrlen, data); })
131
132extern int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n); 72extern int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n);
133extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n); 73extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n);
134 74
135extern void nfattr_parse(struct nfattr *tb[], int maxattr,
136 struct nfattr *nfa, int len);
137
138#define nfattr_parse_nested(tb, max, nfa) \
139 nfattr_parse((tb), (max), NFA_DATA((nfa)), NFA_PAYLOAD((nfa)))
140
141#define nfattr_bad_size(tb, max, cta_min) \ 75#define nfattr_bad_size(tb, max, cta_min) \
142({ int __i, __res = 0; \ 76({ int __i, __res = 0; \
143 for (__i=0; __i<max; __i++) { \ 77 for (__i=1; __i <= max; __i++) { \
144 if (!cta_min[__i]) \ 78 if (!cta_min[__i]) \
145 continue; \ 79 continue; \
146 if (tb[__i] && NFA_PAYLOAD(tb[__i]) < cta_min[__i]){ \ 80 if (tb[__i] && nla_len(tb[__i]) < cta_min[__i]){ \
147 __res = 1; \ 81 __res = 1; \
148 break; \ 82 break; \
149 } \ 83 } \
diff --git a/include/linux/netfilter/nfnetlink_compat.h b/include/linux/netfilter/nfnetlink_compat.h
new file mode 100644
index 000000000000..02a42d875cf7
--- /dev/null
+++ b/include/linux/netfilter/nfnetlink_compat.h
@@ -0,0 +1,61 @@
1#ifndef _NFNETLINK_COMPAT_H
2#define _NFNETLINK_COMPAT_H
3#ifndef __KERNEL
4/* Old nfnetlink macros for userspace */
5
6/* nfnetlink groups: Up to 32 maximum */
7#define NF_NETLINK_CONNTRACK_NEW 0x00000001
8#define NF_NETLINK_CONNTRACK_UPDATE 0x00000002
9#define NF_NETLINK_CONNTRACK_DESTROY 0x00000004
10#define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008
11#define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010
12#define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020
13
14/* Generic structure for encapsulation optional netfilter information.
15 * It is reminiscent of sockaddr, but with sa_family replaced
16 * with attribute type.
17 * ! This should someday be put somewhere generic as now rtnetlink and
18 * ! nfnetlink use the same attributes methods. - J. Schulist.
19 */
20
21struct nfattr
22{
23 u_int16_t nfa_len;
24 u_int16_t nfa_type; /* we use 15 bits for the type, and the highest
25 * bit to indicate whether the payload is nested */
26};
27
28/* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from
29 * rtnetlink.h, it's time to put this in a generic file */
30
31#define NFNL_NFA_NEST 0x8000
32#define NFA_TYPE(attr) ((attr)->nfa_type & 0x7fff)
33
34#define NFA_ALIGNTO 4
35#define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1))
36#define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \
37 && (nfa)->nfa_len <= (len))
38#define NFA_NEXT(nfa,attrlen) ((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \
39 (struct nfattr *)(((char *)(nfa)) + NFA_ALIGN((nfa)->nfa_len)))
40#define NFA_LENGTH(len) (NFA_ALIGN(sizeof(struct nfattr)) + (len))
41#define NFA_SPACE(len) NFA_ALIGN(NFA_LENGTH(len))
42#define NFA_DATA(nfa) ((void *)(((char *)(nfa)) + NFA_LENGTH(0)))
43#define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0))
44#define NFA_NEST(skb, type) \
45({ struct nfattr *__start = (struct nfattr *)skb_tail_pointer(skb); \
46 NFA_PUT(skb, (NFNL_NFA_NEST | type), 0, NULL); \
47 __start; })
48#define NFA_NEST_END(skb, start) \
49({ (start)->nfa_len = skb_tail_pointer(skb) - (unsigned char *)(start); \
50 (skb)->len; })
51#define NFA_NEST_CANCEL(skb, start) \
52({ if (start) \
53 skb_trim(skb, (unsigned char *) (start) - (skb)->data); \
54 -1; })
55
56#define NFM_NFA(n) ((struct nfattr *)(((char *)(n)) \
57 + NLMSG_ALIGN(sizeof(struct nfgenmsg))))
58#define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg))
59
60#endif /* ! __KERNEL__ */
61#endif /* _NFNETLINK_COMPAT_H */
diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h
index 3c58a2c4df28..c02402d5ec36 100644
--- a/include/net/netfilter/nf_conntrack_l3proto.h
+++ b/include/net/netfilter/nf_conntrack_l3proto.h
@@ -11,11 +11,10 @@
11 11
12#ifndef _NF_CONNTRACK_L3PROTO_H 12#ifndef _NF_CONNTRACK_L3PROTO_H
13#define _NF_CONNTRACK_L3PROTO_H 13#define _NF_CONNTRACK_L3PROTO_H
14#include <linux/netlink.h>
14#include <linux/seq_file.h> 15#include <linux/seq_file.h>
15#include <net/netfilter/nf_conntrack.h> 16#include <net/netfilter/nf_conntrack.h>
16 17
17struct nfattr;
18
19struct nf_conntrack_l3proto 18struct nf_conntrack_l3proto
20{ 19{
21 /* L3 Protocol Family number. ex) PF_INET */ 20 /* L3 Protocol Family number. ex) PF_INET */
@@ -67,7 +66,7 @@ struct nf_conntrack_l3proto
67 int (*tuple_to_nfattr)(struct sk_buff *skb, 66 int (*tuple_to_nfattr)(struct sk_buff *skb,
68 const struct nf_conntrack_tuple *t); 67 const struct nf_conntrack_tuple *t);
69 68
70 int (*nfattr_to_tuple)(struct nfattr *tb[], 69 int (*nfattr_to_tuple)(struct nlattr *tb[],
71 struct nf_conntrack_tuple *t); 70 struct nf_conntrack_tuple *t);
72 71
73#ifdef CONFIG_SYSCTL 72#ifdef CONFIG_SYSCTL
diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h
index f46cb930414c..a43c4e484ea1 100644
--- a/include/net/netfilter/nf_conntrack_l4proto.h
+++ b/include/net/netfilter/nf_conntrack_l4proto.h
@@ -9,10 +9,10 @@
9 9
10#ifndef _NF_CONNTRACK_L4PROTO_H 10#ifndef _NF_CONNTRACK_L4PROTO_H
11#define _NF_CONNTRACK_L4PROTO_H 11#define _NF_CONNTRACK_L4PROTO_H
12#include <linux/netlink.h>
12#include <net/netfilter/nf_conntrack.h> 13#include <net/netfilter/nf_conntrack.h>
13 14
14struct seq_file; 15struct seq_file;
15struct nfattr;
16 16
17struct nf_conntrack_l4proto 17struct nf_conntrack_l4proto
18{ 18{
@@ -65,15 +65,15 @@ struct nf_conntrack_l4proto
65 int pf, unsigned int hooknum); 65 int pf, unsigned int hooknum);
66 66
67 /* convert protoinfo to nfnetink attributes */ 67 /* convert protoinfo to nfnetink attributes */
68 int (*to_nfattr)(struct sk_buff *skb, struct nfattr *nfa, 68 int (*to_nfattr)(struct sk_buff *skb, struct nlattr *nla,
69 const struct nf_conn *ct); 69 const struct nf_conn *ct);
70 70
71 /* convert nfnetlink attributes to protoinfo */ 71 /* convert nfnetlink attributes to protoinfo */
72 int (*from_nfattr)(struct nfattr *tb[], struct nf_conn *ct); 72 int (*from_nfattr)(struct nlattr *tb[], struct nf_conn *ct);
73 73
74 int (*tuple_to_nfattr)(struct sk_buff *skb, 74 int (*tuple_to_nfattr)(struct sk_buff *skb,
75 const struct nf_conntrack_tuple *t); 75 const struct nf_conntrack_tuple *t);
76 int (*nfattr_to_tuple)(struct nfattr *tb[], 76 int (*nfattr_to_tuple)(struct nlattr *tb[],
77 struct nf_conntrack_tuple *t); 77 struct nf_conntrack_tuple *t);
78 78
79#ifdef CONFIG_SYSCTL 79#ifdef CONFIG_SYSCTL
@@ -113,7 +113,7 @@ extern void nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *proto);
113/* Generic netlink helpers */ 113/* Generic netlink helpers */
114extern int nf_ct_port_tuple_to_nfattr(struct sk_buff *skb, 114extern int nf_ct_port_tuple_to_nfattr(struct sk_buff *skb,
115 const struct nf_conntrack_tuple *tuple); 115 const struct nf_conntrack_tuple *tuple);
116extern int nf_ct_port_nfattr_to_tuple(struct nfattr *tb[], 116extern int nf_ct_port_nfattr_to_tuple(struct nlattr *tb[],
117 struct nf_conntrack_tuple *t); 117 struct nf_conntrack_tuple *t);
118 118
119/* Log invalid packets */ 119/* Log invalid packets */
diff --git a/include/net/netfilter/nf_nat_protocol.h b/include/net/netfilter/nf_nat_protocol.h
index a9ec5ef61468..90a82de7e7e0 100644
--- a/include/net/netfilter/nf_nat_protocol.h
+++ b/include/net/netfilter/nf_nat_protocol.h
@@ -41,7 +41,7 @@ struct nf_nat_protocol
41 int (*range_to_nfattr)(struct sk_buff *skb, 41 int (*range_to_nfattr)(struct sk_buff *skb,
42 const struct nf_nat_range *range); 42 const struct nf_nat_range *range);
43 43
44 int (*nfattr_to_range)(struct nfattr *tb[], 44 int (*nfattr_to_range)(struct nlattr *tb[],
45 struct nf_nat_range *range); 45 struct nf_nat_range *range);
46}; 46};
47 47
@@ -64,7 +64,7 @@ extern struct nf_nat_protocol *find_nat_proto(u_int16_t protonum);
64 64
65extern int nf_nat_port_range_to_nfattr(struct sk_buff *skb, 65extern int nf_nat_port_range_to_nfattr(struct sk_buff *skb,
66 const struct nf_nat_range *range); 66 const struct nf_nat_range *range);
67extern int nf_nat_port_nfattr_to_range(struct nfattr *tb[], 67extern int nf_nat_port_nfattr_to_range(struct nlattr *tb[],
68 struct nf_nat_range *range); 68 struct nf_nat_range *range);
69 69
70#endif /*_NF_NAT_PROTO_H*/ 70#endif /*_NF_NAT_PROTO_H*/
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index f813e02aab30..f8771e058b9e 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -363,32 +363,32 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len)
363static int ipv4_tuple_to_nfattr(struct sk_buff *skb, 363static int ipv4_tuple_to_nfattr(struct sk_buff *skb,
364 const struct nf_conntrack_tuple *tuple) 364 const struct nf_conntrack_tuple *tuple)
365{ 365{
366 NFA_PUT(skb, CTA_IP_V4_SRC, sizeof(u_int32_t), 366 NLA_PUT(skb, CTA_IP_V4_SRC, sizeof(u_int32_t),
367 &tuple->src.u3.ip); 367 &tuple->src.u3.ip);
368 NFA_PUT(skb, CTA_IP_V4_DST, sizeof(u_int32_t), 368 NLA_PUT(skb, CTA_IP_V4_DST, sizeof(u_int32_t),
369 &tuple->dst.u3.ip); 369 &tuple->dst.u3.ip);
370 return 0; 370 return 0;
371 371
372nfattr_failure: 372nla_put_failure:
373 return -1; 373 return -1;
374} 374}
375 375
376static const size_t cta_min_ip[CTA_IP_MAX] = { 376static const size_t cta_min_ip[CTA_IP_MAX+1] = {
377 [CTA_IP_V4_SRC-1] = sizeof(u_int32_t), 377 [CTA_IP_V4_SRC] = sizeof(u_int32_t),
378 [CTA_IP_V4_DST-1] = sizeof(u_int32_t), 378 [CTA_IP_V4_DST] = sizeof(u_int32_t),
379}; 379};
380 380
381static int ipv4_nfattr_to_tuple(struct nfattr *tb[], 381static int ipv4_nfattr_to_tuple(struct nlattr *tb[],
382 struct nf_conntrack_tuple *t) 382 struct nf_conntrack_tuple *t)
383{ 383{
384 if (!tb[CTA_IP_V4_SRC-1] || !tb[CTA_IP_V4_DST-1]) 384 if (!tb[CTA_IP_V4_SRC] || !tb[CTA_IP_V4_DST])
385 return -EINVAL; 385 return -EINVAL;
386 386
387 if (nfattr_bad_size(tb, CTA_IP_MAX, cta_min_ip)) 387 if (nfattr_bad_size(tb, CTA_IP_MAX, cta_min_ip))
388 return -EINVAL; 388 return -EINVAL;
389 389
390 t->src.u3.ip = *(__be32 *)NFA_DATA(tb[CTA_IP_V4_SRC-1]); 390 t->src.u3.ip = *(__be32 *)nla_data(tb[CTA_IP_V4_SRC]);
391 t->dst.u3.ip = *(__be32 *)NFA_DATA(tb[CTA_IP_V4_DST-1]); 391 t->dst.u3.ip = *(__be32 *)nla_data(tb[CTA_IP_V4_DST]);
392 392
393 return 0; 393 return 0;
394} 394}
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index 6593fd2c5b10..714332b8869e 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -235,42 +235,42 @@ icmp_error(struct sk_buff *skb, unsigned int dataoff,
235static int icmp_tuple_to_nfattr(struct sk_buff *skb, 235static int icmp_tuple_to_nfattr(struct sk_buff *skb,
236 const struct nf_conntrack_tuple *t) 236 const struct nf_conntrack_tuple *t)
237{ 237{
238 NFA_PUT(skb, CTA_PROTO_ICMP_ID, sizeof(u_int16_t), 238 NLA_PUT(skb, CTA_PROTO_ICMP_ID, sizeof(u_int16_t),
239 &t->src.u.icmp.id); 239 &t->src.u.icmp.id);
240 NFA_PUT(skb, CTA_PROTO_ICMP_TYPE, sizeof(u_int8_t), 240 NLA_PUT(skb, CTA_PROTO_ICMP_TYPE, sizeof(u_int8_t),
241 &t->dst.u.icmp.type); 241 &t->dst.u.icmp.type);
242 NFA_PUT(skb, CTA_PROTO_ICMP_CODE, sizeof(u_int8_t), 242 NLA_PUT(skb, CTA_PROTO_ICMP_CODE, sizeof(u_int8_t),
243 &t->dst.u.icmp.code); 243 &t->dst.u.icmp.code);
244 244
245 return 0; 245 return 0;
246 246
247nfattr_failure: 247nla_put_failure:
248 return -1; 248 return -1;
249} 249}
250 250
251static const size_t cta_min_proto[CTA_PROTO_MAX] = { 251static const size_t cta_min_proto[CTA_PROTO_MAX+1] = {
252 [CTA_PROTO_ICMP_TYPE-1] = sizeof(u_int8_t), 252 [CTA_PROTO_ICMP_TYPE] = sizeof(u_int8_t),
253 [CTA_PROTO_ICMP_CODE-1] = sizeof(u_int8_t), 253 [CTA_PROTO_ICMP_CODE] = sizeof(u_int8_t),
254 [CTA_PROTO_ICMP_ID-1] = sizeof(u_int16_t) 254 [CTA_PROTO_ICMP_ID] = sizeof(u_int16_t)
255}; 255};
256 256
257static int icmp_nfattr_to_tuple(struct nfattr *tb[], 257static int icmp_nfattr_to_tuple(struct nlattr *tb[],
258 struct nf_conntrack_tuple *tuple) 258 struct nf_conntrack_tuple *tuple)
259{ 259{
260 if (!tb[CTA_PROTO_ICMP_TYPE-1] 260 if (!tb[CTA_PROTO_ICMP_TYPE]
261 || !tb[CTA_PROTO_ICMP_CODE-1] 261 || !tb[CTA_PROTO_ICMP_CODE]
262 || !tb[CTA_PROTO_ICMP_ID-1]) 262 || !tb[CTA_PROTO_ICMP_ID])
263 return -EINVAL; 263 return -EINVAL;
264 264
265 if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto)) 265 if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto))
266 return -EINVAL; 266 return -EINVAL;
267 267
268 tuple->dst.u.icmp.type = 268 tuple->dst.u.icmp.type =
269 *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMP_TYPE-1]); 269 *(u_int8_t *)nla_data(tb[CTA_PROTO_ICMP_TYPE]);
270 tuple->dst.u.icmp.code = 270 tuple->dst.u.icmp.code =
271 *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMP_CODE-1]); 271 *(u_int8_t *)nla_data(tb[CTA_PROTO_ICMP_CODE]);
272 tuple->src.u.icmp.id = 272 tuple->src.u.icmp.id =
273 *(__be16 *)NFA_DATA(tb[CTA_PROTO_ICMP_ID-1]); 273 *(__be16 *)nla_data(tb[CTA_PROTO_ICMP_ID]);
274 274
275 if (tuple->dst.u.icmp.type >= sizeof(invmap) 275 if (tuple->dst.u.icmp.type >= sizeof(invmap)
276 || !invmap[tuple->dst.u.icmp.type]) 276 || !invmap[tuple->dst.u.icmp.type])
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index deab27facbad..4bdbb128fe50 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -547,38 +547,38 @@ int
547nf_nat_port_range_to_nfattr(struct sk_buff *skb, 547nf_nat_port_range_to_nfattr(struct sk_buff *skb,
548 const struct nf_nat_range *range) 548 const struct nf_nat_range *range)
549{ 549{
550 NFA_PUT(skb, CTA_PROTONAT_PORT_MIN, sizeof(__be16), 550 NLA_PUT(skb, CTA_PROTONAT_PORT_MIN, sizeof(__be16),
551 &range->min.tcp.port); 551 &range->min.tcp.port);
552 NFA_PUT(skb, CTA_PROTONAT_PORT_MAX, sizeof(__be16), 552 NLA_PUT(skb, CTA_PROTONAT_PORT_MAX, sizeof(__be16),
553 &range->max.tcp.port); 553 &range->max.tcp.port);
554 554
555 return 0; 555 return 0;
556 556
557nfattr_failure: 557nla_put_failure:
558 return -1; 558 return -1;
559} 559}
560EXPORT_SYMBOL_GPL(nf_nat_port_nfattr_to_range); 560EXPORT_SYMBOL_GPL(nf_nat_port_nfattr_to_range);
561 561
562int 562int
563nf_nat_port_nfattr_to_range(struct nfattr *tb[], struct nf_nat_range *range) 563nf_nat_port_nfattr_to_range(struct nlattr *tb[], struct nf_nat_range *range)
564{ 564{
565 int ret = 0; 565 int ret = 0;
566 566
567 /* we have to return whether we actually parsed something or not */ 567 /* we have to return whether we actually parsed something or not */
568 568
569 if (tb[CTA_PROTONAT_PORT_MIN-1]) { 569 if (tb[CTA_PROTONAT_PORT_MIN]) {
570 ret = 1; 570 ret = 1;
571 range->min.tcp.port = 571 range->min.tcp.port =
572 *(__be16 *)NFA_DATA(tb[CTA_PROTONAT_PORT_MIN-1]); 572 *(__be16 *)nla_data(tb[CTA_PROTONAT_PORT_MIN]);
573 } 573 }
574 574
575 if (!tb[CTA_PROTONAT_PORT_MAX-1]) { 575 if (!tb[CTA_PROTONAT_PORT_MAX]) {
576 if (ret) 576 if (ret)
577 range->max.tcp.port = range->min.tcp.port; 577 range->max.tcp.port = range->min.tcp.port;
578 } else { 578 } else {
579 ret = 1; 579 ret = 1;
580 range->max.tcp.port = 580 range->max.tcp.port =
581 *(__be16 *)NFA_DATA(tb[CTA_PROTONAT_PORT_MAX-1]); 581 *(__be16 *)nla_data(tb[CTA_PROTONAT_PORT_MAX]);
582 } 582 }
583 583
584 return ret; 584 return ret;
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index 3153e15e0f7c..f0ea3fb51670 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -340,33 +340,33 @@ static ctl_table nf_ct_ipv6_sysctl_table[] = {
340static int ipv6_tuple_to_nfattr(struct sk_buff *skb, 340static int ipv6_tuple_to_nfattr(struct sk_buff *skb,
341 const struct nf_conntrack_tuple *tuple) 341 const struct nf_conntrack_tuple *tuple)
342{ 342{
343 NFA_PUT(skb, CTA_IP_V6_SRC, sizeof(u_int32_t) * 4, 343 NLA_PUT(skb, CTA_IP_V6_SRC, sizeof(u_int32_t) * 4,
344 &tuple->src.u3.ip6); 344 &tuple->src.u3.ip6);
345 NFA_PUT(skb, CTA_IP_V6_DST, sizeof(u_int32_t) * 4, 345 NLA_PUT(skb, CTA_IP_V6_DST, sizeof(u_int32_t) * 4,
346 &tuple->dst.u3.ip6); 346 &tuple->dst.u3.ip6);
347 return 0; 347 return 0;
348 348
349nfattr_failure: 349nla_put_failure:
350 return -1; 350 return -1;
351} 351}
352 352
353static const size_t cta_min_ip[CTA_IP_MAX] = { 353static const size_t cta_min_ip[CTA_IP_MAX+1] = {
354 [CTA_IP_V6_SRC-1] = sizeof(u_int32_t)*4, 354 [CTA_IP_V6_SRC] = sizeof(u_int32_t)*4,
355 [CTA_IP_V6_DST-1] = sizeof(u_int32_t)*4, 355 [CTA_IP_V6_DST] = sizeof(u_int32_t)*4,
356}; 356};
357 357
358static int ipv6_nfattr_to_tuple(struct nfattr *tb[], 358static int ipv6_nfattr_to_tuple(struct nlattr *tb[],
359 struct nf_conntrack_tuple *t) 359 struct nf_conntrack_tuple *t)
360{ 360{
361 if (!tb[CTA_IP_V6_SRC-1] || !tb[CTA_IP_V6_DST-1]) 361 if (!tb[CTA_IP_V6_SRC] || !tb[CTA_IP_V6_DST])
362 return -EINVAL; 362 return -EINVAL;
363 363
364 if (nfattr_bad_size(tb, CTA_IP_MAX, cta_min_ip)) 364 if (nfattr_bad_size(tb, CTA_IP_MAX, cta_min_ip))
365 return -EINVAL; 365 return -EINVAL;
366 366
367 memcpy(&t->src.u3.ip6, NFA_DATA(tb[CTA_IP_V6_SRC-1]), 367 memcpy(&t->src.u3.ip6, nla_data(tb[CTA_IP_V6_SRC]),
368 sizeof(u_int32_t) * 4); 368 sizeof(u_int32_t) * 4);
369 memcpy(&t->dst.u3.ip6, NFA_DATA(tb[CTA_IP_V6_DST-1]), 369 memcpy(&t->dst.u3.ip6, nla_data(tb[CTA_IP_V6_DST]),
370 sizeof(u_int32_t) * 4); 370 sizeof(u_int32_t) * 4);
371 371
372 return 0; 372 return 0;
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index ab154fb90018..c18183823faf 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -213,42 +213,42 @@ icmpv6_error(struct sk_buff *skb, unsigned int dataoff,
213static int icmpv6_tuple_to_nfattr(struct sk_buff *skb, 213static int icmpv6_tuple_to_nfattr(struct sk_buff *skb,
214 const struct nf_conntrack_tuple *t) 214 const struct nf_conntrack_tuple *t)
215{ 215{
216 NFA_PUT(skb, CTA_PROTO_ICMPV6_ID, sizeof(u_int16_t), 216 NLA_PUT(skb, CTA_PROTO_ICMPV6_ID, sizeof(u_int16_t),
217 &t->src.u.icmp.id); 217 &t->src.u.icmp.id);
218 NFA_PUT(skb, CTA_PROTO_ICMPV6_TYPE, sizeof(u_int8_t), 218 NLA_PUT(skb, CTA_PROTO_ICMPV6_TYPE, sizeof(u_int8_t),
219 &t->dst.u.icmp.type); 219 &t->dst.u.icmp.type);
220 NFA_PUT(skb, CTA_PROTO_ICMPV6_CODE, sizeof(u_int8_t), 220 NLA_PUT(skb, CTA_PROTO_ICMPV6_CODE, sizeof(u_int8_t),
221 &t->dst.u.icmp.code); 221 &t->dst.u.icmp.code);
222 222
223 return 0; 223 return 0;
224 224
225nfattr_failure: 225nla_put_failure:
226 return -1; 226 return -1;
227} 227}
228 228
229static const size_t cta_min_proto[CTA_PROTO_MAX] = { 229static const size_t cta_min_proto[CTA_PROTO_MAX+1] = {
230 [CTA_PROTO_ICMPV6_TYPE-1] = sizeof(u_int8_t), 230 [CTA_PROTO_ICMPV6_TYPE] = sizeof(u_int8_t),
231 [CTA_PROTO_ICMPV6_CODE-1] = sizeof(u_int8_t), 231 [CTA_PROTO_ICMPV6_CODE] = sizeof(u_int8_t),
232 [CTA_PROTO_ICMPV6_ID-1] = sizeof(u_int16_t) 232 [CTA_PROTO_ICMPV6_ID] = sizeof(u_int16_t)
233}; 233};
234 234
235static int icmpv6_nfattr_to_tuple(struct nfattr *tb[], 235static int icmpv6_nfattr_to_tuple(struct nlattr *tb[],
236 struct nf_conntrack_tuple *tuple) 236 struct nf_conntrack_tuple *tuple)
237{ 237{
238 if (!tb[CTA_PROTO_ICMPV6_TYPE-1] 238 if (!tb[CTA_PROTO_ICMPV6_TYPE]
239 || !tb[CTA_PROTO_ICMPV6_CODE-1] 239 || !tb[CTA_PROTO_ICMPV6_CODE]
240 || !tb[CTA_PROTO_ICMPV6_ID-1]) 240 || !tb[CTA_PROTO_ICMPV6_ID])
241 return -EINVAL; 241 return -EINVAL;
242 242
243 if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto)) 243 if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto))
244 return -EINVAL; 244 return -EINVAL;
245 245
246 tuple->dst.u.icmp.type = 246 tuple->dst.u.icmp.type =
247 *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMPV6_TYPE-1]); 247 *(u_int8_t *)nla_data(tb[CTA_PROTO_ICMPV6_TYPE]);
248 tuple->dst.u.icmp.code = 248 tuple->dst.u.icmp.code =
249 *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMPV6_CODE-1]); 249 *(u_int8_t *)nla_data(tb[CTA_PROTO_ICMPV6_CODE]);
250 tuple->src.u.icmp.id = 250 tuple->src.u.icmp.id =
251 *(__be16 *)NFA_DATA(tb[CTA_PROTO_ICMPV6_ID-1]); 251 *(__be16 *)nla_data(tb[CTA_PROTO_ICMPV6_ID]);
252 252
253 if (tuple->dst.u.icmp.type < 128 253 if (tuple->dst.u.icmp.type < 128
254 || tuple->dst.u.icmp.type - 128 >= sizeof(invmap) 254 || tuple->dst.u.icmp.type - 128 >= sizeof(invmap)
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 0fe11889ce14..b64656abc4e0 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -827,40 +827,39 @@ EXPORT_SYMBOL_GPL(__nf_ct_refresh_acct);
827#include <linux/netfilter/nfnetlink_conntrack.h> 827#include <linux/netfilter/nfnetlink_conntrack.h>
828#include <linux/mutex.h> 828#include <linux/mutex.h>
829 829
830
831/* Generic function for tcp/udp/sctp/dccp and alike. This needs to be 830/* Generic function for tcp/udp/sctp/dccp and alike. This needs to be
832 * in ip_conntrack_core, since we don't want the protocols to autoload 831 * in ip_conntrack_core, since we don't want the protocols to autoload
833 * or depend on ctnetlink */ 832 * or depend on ctnetlink */
834int nf_ct_port_tuple_to_nfattr(struct sk_buff *skb, 833int nf_ct_port_tuple_to_nfattr(struct sk_buff *skb,
835 const struct nf_conntrack_tuple *tuple) 834 const struct nf_conntrack_tuple *tuple)
836{ 835{
837 NFA_PUT(skb, CTA_PROTO_SRC_PORT, sizeof(u_int16_t), 836 NLA_PUT(skb, CTA_PROTO_SRC_PORT, sizeof(u_int16_t),
838 &tuple->src.u.tcp.port); 837 &tuple->src.u.tcp.port);
839 NFA_PUT(skb, CTA_PROTO_DST_PORT, sizeof(u_int16_t), 838 NLA_PUT(skb, CTA_PROTO_DST_PORT, sizeof(u_int16_t),
840 &tuple->dst.u.tcp.port); 839 &tuple->dst.u.tcp.port);
841 return 0; 840 return 0;
842 841
843nfattr_failure: 842nla_put_failure:
844 return -1; 843 return -1;
845} 844}
846EXPORT_SYMBOL_GPL(nf_ct_port_tuple_to_nfattr); 845EXPORT_SYMBOL_GPL(nf_ct_port_tuple_to_nfattr);
847 846
848static const size_t cta_min_proto[CTA_PROTO_MAX] = { 847static const size_t cta_min_proto[CTA_PROTO_MAX+1] = {
849 [CTA_PROTO_SRC_PORT-1] = sizeof(u_int16_t), 848 [CTA_PROTO_SRC_PORT] = sizeof(u_int16_t),
850 [CTA_PROTO_DST_PORT-1] = sizeof(u_int16_t) 849 [CTA_PROTO_DST_PORT] = sizeof(u_int16_t)
851}; 850};
852 851
853int nf_ct_port_nfattr_to_tuple(struct nfattr *tb[], 852int nf_ct_port_nfattr_to_tuple(struct nlattr *tb[],
854 struct nf_conntrack_tuple *t) 853 struct nf_conntrack_tuple *t)
855{ 854{
856 if (!tb[CTA_PROTO_SRC_PORT-1] || !tb[CTA_PROTO_DST_PORT-1]) 855 if (!tb[CTA_PROTO_SRC_PORT] || !tb[CTA_PROTO_DST_PORT])
857 return -EINVAL; 856 return -EINVAL;
858 857
859 if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto)) 858 if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto))
860 return -EINVAL; 859 return -EINVAL;
861 860
862 t->src.u.tcp.port = *(__be16 *)NFA_DATA(tb[CTA_PROTO_SRC_PORT-1]); 861 t->src.u.tcp.port = *(__be16 *)nla_data(tb[CTA_PROTO_SRC_PORT]);
863 t->dst.u.tcp.port = *(__be16 *)NFA_DATA(tb[CTA_PROTO_DST_PORT-1]); 862 t->dst.u.tcp.port = *(__be16 *)nla_data(tb[CTA_PROTO_DST_PORT]);
864 863
865 return 0; 864 return 0;
866} 865}
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 5080045fdc74..221c38f889bf 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -54,18 +54,21 @@ ctnetlink_dump_tuples_proto(struct sk_buff *skb,
54 struct nf_conntrack_l4proto *l4proto) 54 struct nf_conntrack_l4proto *l4proto)
55{ 55{
56 int ret = 0; 56 int ret = 0;
57 struct nfattr *nest_parms = NFA_NEST(skb, CTA_TUPLE_PROTO); 57 struct nlattr *nest_parms;
58 58
59 NFA_PUT(skb, CTA_PROTO_NUM, sizeof(u_int8_t), &tuple->dst.protonum); 59 nest_parms = nla_nest_start(skb, CTA_TUPLE_PROTO | NLA_F_NESTED);
60 if (!nest_parms)
61 goto nla_put_failure;
62 NLA_PUT(skb, CTA_PROTO_NUM, sizeof(u_int8_t), &tuple->dst.protonum);
60 63
61 if (likely(l4proto->tuple_to_nfattr)) 64 if (likely(l4proto->tuple_to_nfattr))
62 ret = l4proto->tuple_to_nfattr(skb, tuple); 65 ret = l4proto->tuple_to_nfattr(skb, tuple);
63 66
64 NFA_NEST_END(skb, nest_parms); 67 nla_nest_end(skb, nest_parms);
65 68
66 return ret; 69 return ret;
67 70
68nfattr_failure: 71nla_put_failure:
69 return -1; 72 return -1;
70} 73}
71 74
@@ -75,16 +78,20 @@ ctnetlink_dump_tuples_ip(struct sk_buff *skb,
75 struct nf_conntrack_l3proto *l3proto) 78 struct nf_conntrack_l3proto *l3proto)
76{ 79{
77 int ret = 0; 80 int ret = 0;
78 struct nfattr *nest_parms = NFA_NEST(skb, CTA_TUPLE_IP); 81 struct nlattr *nest_parms;
82
83 nest_parms = nla_nest_start(skb, CTA_TUPLE_IP | NLA_F_NESTED);
84 if (!nest_parms)
85 goto nla_put_failure;
79 86
80 if (likely(l3proto->tuple_to_nfattr)) 87 if (likely(l3proto->tuple_to_nfattr))
81 ret = l3proto->tuple_to_nfattr(skb, tuple); 88 ret = l3proto->tuple_to_nfattr(skb, tuple);
82 89
83 NFA_NEST_END(skb, nest_parms); 90 nla_nest_end(skb, nest_parms);
84 91
85 return ret; 92 return ret;
86 93
87nfattr_failure: 94nla_put_failure:
88 return -1; 95 return -1;
89} 96}
90 97
@@ -114,10 +121,10 @@ static inline int
114ctnetlink_dump_status(struct sk_buff *skb, const struct nf_conn *ct) 121ctnetlink_dump_status(struct sk_buff *skb, const struct nf_conn *ct)
115{ 122{
116 __be32 status = htonl((u_int32_t) ct->status); 123 __be32 status = htonl((u_int32_t) ct->status);
117 NFA_PUT(skb, CTA_STATUS, sizeof(status), &status); 124 NLA_PUT(skb, CTA_STATUS, sizeof(status), &status);
118 return 0; 125 return 0;
119 126
120nfattr_failure: 127nla_put_failure:
121 return -1; 128 return -1;
122} 129}
123 130
@@ -132,10 +139,10 @@ ctnetlink_dump_timeout(struct sk_buff *skb, const struct nf_conn *ct)
132 else 139 else
133 timeout = htonl(timeout_l / HZ); 140 timeout = htonl(timeout_l / HZ);
134 141
135 NFA_PUT(skb, CTA_TIMEOUT, sizeof(timeout), &timeout); 142 NLA_PUT(skb, CTA_TIMEOUT, sizeof(timeout), &timeout);
136 return 0; 143 return 0;
137 144
138nfattr_failure: 145nla_put_failure:
139 return -1; 146 return -1;
140} 147}
141 148
@@ -143,7 +150,7 @@ static inline int
143ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct nf_conn *ct) 150ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct nf_conn *ct)
144{ 151{
145 struct nf_conntrack_l4proto *l4proto = nf_ct_l4proto_find_get(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num, ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum); 152 struct nf_conntrack_l4proto *l4proto = nf_ct_l4proto_find_get(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num, ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum);
146 struct nfattr *nest_proto; 153 struct nlattr *nest_proto;
147 int ret; 154 int ret;
148 155
149 if (!l4proto->to_nfattr) { 156 if (!l4proto->to_nfattr) {
@@ -151,17 +158,19 @@ ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct nf_conn *ct)
151 return 0; 158 return 0;
152 } 159 }
153 160
154 nest_proto = NFA_NEST(skb, CTA_PROTOINFO); 161 nest_proto = nla_nest_start(skb, CTA_PROTOINFO | NLA_F_NESTED);
162 if (!nest_proto)
163 goto nla_put_failure;
155 164
156 ret = l4proto->to_nfattr(skb, nest_proto, ct); 165 ret = l4proto->to_nfattr(skb, nest_proto, ct);
157 166
158 nf_ct_l4proto_put(l4proto); 167 nf_ct_l4proto_put(l4proto);
159 168
160 NFA_NEST_END(skb, nest_proto); 169 nla_nest_end(skb, nest_proto);
161 170
162 return ret; 171 return ret;
163 172
164nfattr_failure: 173nla_put_failure:
165 nf_ct_l4proto_put(l4proto); 174 nf_ct_l4proto_put(l4proto);
166 return -1; 175 return -1;
167} 176}
@@ -169,7 +178,7 @@ nfattr_failure:
169static inline int 178static inline int
170ctnetlink_dump_helpinfo(struct sk_buff *skb, const struct nf_conn *ct) 179ctnetlink_dump_helpinfo(struct sk_buff *skb, const struct nf_conn *ct)
171{ 180{
172 struct nfattr *nest_helper; 181 struct nlattr *nest_helper;
173 const struct nf_conn_help *help = nfct_help(ct); 182 const struct nf_conn_help *help = nfct_help(ct);
174 struct nf_conntrack_helper *helper; 183 struct nf_conntrack_helper *helper;
175 184
@@ -181,18 +190,20 @@ ctnetlink_dump_helpinfo(struct sk_buff *skb, const struct nf_conn *ct)
181 if (!helper) 190 if (!helper)
182 goto out; 191 goto out;
183 192
184 nest_helper = NFA_NEST(skb, CTA_HELP); 193 nest_helper = nla_nest_start(skb, CTA_HELP | NLA_F_NESTED);
185 NFA_PUT(skb, CTA_HELP_NAME, strlen(helper->name), helper->name); 194 if (!nest_helper)
195 goto nla_put_failure;
196 NLA_PUT(skb, CTA_HELP_NAME, strlen(helper->name), helper->name);
186 197
187 if (helper->to_nfattr) 198 if (helper->to_nfattr)
188 helper->to_nfattr(skb, ct); 199 helper->to_nfattr(skb, ct);
189 200
190 NFA_NEST_END(skb, nest_helper); 201 nla_nest_end(skb, nest_helper);
191out: 202out:
192 rcu_read_unlock(); 203 rcu_read_unlock();
193 return 0; 204 return 0;
194 205
195nfattr_failure: 206nla_put_failure:
196 rcu_read_unlock(); 207 rcu_read_unlock();
197 return -1; 208 return -1;
198} 209}
@@ -203,20 +214,24 @@ ctnetlink_dump_counters(struct sk_buff *skb, const struct nf_conn *ct,
203 enum ip_conntrack_dir dir) 214 enum ip_conntrack_dir dir)
204{ 215{
205 enum ctattr_type type = dir ? CTA_COUNTERS_REPLY: CTA_COUNTERS_ORIG; 216 enum ctattr_type type = dir ? CTA_COUNTERS_REPLY: CTA_COUNTERS_ORIG;
206 struct nfattr *nest_count = NFA_NEST(skb, type); 217 struct nlattr *nest_count;
207 __be32 tmp; 218 __be32 tmp;
208 219
220 nest_count = nla_nest_start(skb, type | NLA_F_NESTED);
221 if (!nest_count)
222 goto nla_put_failure;
223
209 tmp = htonl(ct->counters[dir].packets); 224 tmp = htonl(ct->counters[dir].packets);
210 NFA_PUT(skb, CTA_COUNTERS32_PACKETS, sizeof(u_int32_t), &tmp); 225 NLA_PUT(skb, CTA_COUNTERS32_PACKETS, sizeof(u_int32_t), &tmp);
211 226
212 tmp = htonl(ct->counters[dir].bytes); 227 tmp = htonl(ct->counters[dir].bytes);
213 NFA_PUT(skb, CTA_COUNTERS32_BYTES, sizeof(u_int32_t), &tmp); 228 NLA_PUT(skb, CTA_COUNTERS32_BYTES, sizeof(u_int32_t), &tmp);
214 229
215 NFA_NEST_END(skb, nest_count); 230 nla_nest_end(skb, nest_count);
216 231
217 return 0; 232 return 0;
218 233
219nfattr_failure: 234nla_put_failure:
220 return -1; 235 return -1;
221} 236}
222#else 237#else
@@ -229,10 +244,10 @@ ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct)
229{ 244{
230 __be32 mark = htonl(ct->mark); 245 __be32 mark = htonl(ct->mark);
231 246
232 NFA_PUT(skb, CTA_MARK, sizeof(u_int32_t), &mark); 247 NLA_PUT(skb, CTA_MARK, sizeof(u_int32_t), &mark);
233 return 0; 248 return 0;
234 249
235nfattr_failure: 250nla_put_failure:
236 return -1; 251 return -1;
237} 252}
238#else 253#else
@@ -243,10 +258,10 @@ static inline int
243ctnetlink_dump_id(struct sk_buff *skb, const struct nf_conn *ct) 258ctnetlink_dump_id(struct sk_buff *skb, const struct nf_conn *ct)
244{ 259{
245 __be32 id = htonl(ct->id); 260 __be32 id = htonl(ct->id);
246 NFA_PUT(skb, CTA_ID, sizeof(u_int32_t), &id); 261 NLA_PUT(skb, CTA_ID, sizeof(u_int32_t), &id);
247 return 0; 262 return 0;
248 263
249nfattr_failure: 264nla_put_failure:
250 return -1; 265 return -1;
251} 266}
252 267
@@ -255,10 +270,10 @@ ctnetlink_dump_use(struct sk_buff *skb, const struct nf_conn *ct)
255{ 270{
256 __be32 use = htonl(atomic_read(&ct->ct_general.use)); 271 __be32 use = htonl(atomic_read(&ct->ct_general.use));
257 272
258 NFA_PUT(skb, CTA_USE, sizeof(u_int32_t), &use); 273 NLA_PUT(skb, CTA_USE, sizeof(u_int32_t), &use);
259 return 0; 274 return 0;
260 275
261nfattr_failure: 276nla_put_failure:
262 return -1; 277 return -1;
263} 278}
264 279
@@ -271,7 +286,7 @@ ctnetlink_fill_info(struct sk_buff *skb, u32 pid, u32 seq,
271{ 286{
272 struct nlmsghdr *nlh; 287 struct nlmsghdr *nlh;
273 struct nfgenmsg *nfmsg; 288 struct nfgenmsg *nfmsg;
274 struct nfattr *nest_parms; 289 struct nlattr *nest_parms;
275 unsigned char *b = skb_tail_pointer(skb); 290 unsigned char *b = skb_tail_pointer(skb);
276 291
277 event |= NFNL_SUBSYS_CTNETLINK << 8; 292 event |= NFNL_SUBSYS_CTNETLINK << 8;
@@ -284,15 +299,19 @@ ctnetlink_fill_info(struct sk_buff *skb, u32 pid, u32 seq,
284 nfmsg->version = NFNETLINK_V0; 299 nfmsg->version = NFNETLINK_V0;
285 nfmsg->res_id = 0; 300 nfmsg->res_id = 0;
286 301
287 nest_parms = NFA_NEST(skb, CTA_TUPLE_ORIG); 302 nest_parms = nla_nest_start(skb, CTA_TUPLE_ORIG | NLA_F_NESTED);
303 if (!nest_parms)
304 goto nla_put_failure;
288 if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_ORIGINAL)) < 0) 305 if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_ORIGINAL)) < 0)
289 goto nfattr_failure; 306 goto nla_put_failure;
290 NFA_NEST_END(skb, nest_parms); 307 nla_nest_end(skb, nest_parms);
291 308
292 nest_parms = NFA_NEST(skb, CTA_TUPLE_REPLY); 309 nest_parms = nla_nest_start(skb, CTA_TUPLE_REPLY | NLA_F_NESTED);
310 if (!nest_parms)
311 goto nla_put_failure;
293 if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0) 312 if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0)
294 goto nfattr_failure; 313 goto nla_put_failure;
295 NFA_NEST_END(skb, nest_parms); 314 nla_nest_end(skb, nest_parms);
296 315
297 if (ctnetlink_dump_status(skb, ct) < 0 || 316 if (ctnetlink_dump_status(skb, ct) < 0 ||
298 ctnetlink_dump_timeout(skb, ct) < 0 || 317 ctnetlink_dump_timeout(skb, ct) < 0 ||
@@ -303,13 +322,13 @@ ctnetlink_fill_info(struct sk_buff *skb, u32 pid, u32 seq,
303 ctnetlink_dump_mark(skb, ct) < 0 || 322 ctnetlink_dump_mark(skb, ct) < 0 ||
304 ctnetlink_dump_id(skb, ct) < 0 || 323 ctnetlink_dump_id(skb, ct) < 0 ||
305 ctnetlink_dump_use(skb, ct) < 0) 324 ctnetlink_dump_use(skb, ct) < 0)
306 goto nfattr_failure; 325 goto nla_put_failure;
307 326
308 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 327 nlh->nlmsg_len = skb_tail_pointer(skb) - b;
309 return skb->len; 328 return skb->len;
310 329
311nlmsg_failure: 330nlmsg_failure:
312nfattr_failure: 331nla_put_failure:
313 nlmsg_trim(skb, b); 332 nlmsg_trim(skb, b);
314 return -1; 333 return -1;
315} 334}
@@ -320,7 +339,7 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
320{ 339{
321 struct nlmsghdr *nlh; 340 struct nlmsghdr *nlh;
322 struct nfgenmsg *nfmsg; 341 struct nfgenmsg *nfmsg;
323 struct nfattr *nest_parms; 342 struct nlattr *nest_parms;
324 struct nf_conn *ct = (struct nf_conn *)ptr; 343 struct nf_conn *ct = (struct nf_conn *)ptr;
325 struct sk_buff *skb; 344 struct sk_buff *skb;
326 unsigned int type; 345 unsigned int type;
@@ -362,45 +381,49 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
362 nfmsg->version = NFNETLINK_V0; 381 nfmsg->version = NFNETLINK_V0;
363 nfmsg->res_id = 0; 382 nfmsg->res_id = 0;
364 383
365 nest_parms = NFA_NEST(skb, CTA_TUPLE_ORIG); 384 nest_parms = nla_nest_start(skb, CTA_TUPLE_ORIG | NLA_F_NESTED);
385 if (!nest_parms)
386 goto nla_put_failure;
366 if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_ORIGINAL)) < 0) 387 if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_ORIGINAL)) < 0)
367 goto nfattr_failure; 388 goto nla_put_failure;
368 NFA_NEST_END(skb, nest_parms); 389 nla_nest_end(skb, nest_parms);
369 390
370 nest_parms = NFA_NEST(skb, CTA_TUPLE_REPLY); 391 nest_parms = nla_nest_start(skb, CTA_TUPLE_REPLY | NLA_F_NESTED);
392 if (!nest_parms)
393 goto nla_put_failure;
371 if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0) 394 if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0)
372 goto nfattr_failure; 395 goto nla_put_failure;
373 NFA_NEST_END(skb, nest_parms); 396 nla_nest_end(skb, nest_parms);
374 397
375 if (events & IPCT_DESTROY) { 398 if (events & IPCT_DESTROY) {
376 if (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 || 399 if (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 ||
377 ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0) 400 ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0)
378 goto nfattr_failure; 401 goto nla_put_failure;
379 } else { 402 } else {
380 if (ctnetlink_dump_status(skb, ct) < 0) 403 if (ctnetlink_dump_status(skb, ct) < 0)
381 goto nfattr_failure; 404 goto nla_put_failure;
382 405
383 if (ctnetlink_dump_timeout(skb, ct) < 0) 406 if (ctnetlink_dump_timeout(skb, ct) < 0)
384 goto nfattr_failure; 407 goto nla_put_failure;
385 408
386 if (events & IPCT_PROTOINFO 409 if (events & IPCT_PROTOINFO
387 && ctnetlink_dump_protoinfo(skb, ct) < 0) 410 && ctnetlink_dump_protoinfo(skb, ct) < 0)
388 goto nfattr_failure; 411 goto nla_put_failure;
389 412
390 if ((events & IPCT_HELPER || nfct_help(ct)) 413 if ((events & IPCT_HELPER || nfct_help(ct))
391 && ctnetlink_dump_helpinfo(skb, ct) < 0) 414 && ctnetlink_dump_helpinfo(skb, ct) < 0)
392 goto nfattr_failure; 415 goto nla_put_failure;
393 416
394#ifdef CONFIG_NF_CONNTRACK_MARK 417#ifdef CONFIG_NF_CONNTRACK_MARK
395 if ((events & IPCT_MARK || ct->mark) 418 if ((events & IPCT_MARK || ct->mark)
396 && ctnetlink_dump_mark(skb, ct) < 0) 419 && ctnetlink_dump_mark(skb, ct) < 0)
397 goto nfattr_failure; 420 goto nla_put_failure;
398#endif 421#endif
399 422
400 if (events & IPCT_COUNTER_FILLING && 423 if (events & IPCT_COUNTER_FILLING &&
401 (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 || 424 (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 ||
402 ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0)) 425 ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0))
403 goto nfattr_failure; 426 goto nla_put_failure;
404 } 427 }
405 428
406 nlh->nlmsg_len = skb->tail - b; 429 nlh->nlmsg_len = skb->tail - b;
@@ -408,7 +431,7 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
408 return NOTIFY_DONE; 431 return NOTIFY_DONE;
409 432
410nlmsg_failure: 433nlmsg_failure:
411nfattr_failure: 434nla_put_failure:
412 kfree_skb(skb); 435 kfree_skb(skb);
413 return NOTIFY_DONE; 436 return NOTIFY_DONE;
414} 437}
@@ -479,13 +502,13 @@ out:
479} 502}
480 503
481static inline int 504static inline int
482ctnetlink_parse_tuple_ip(struct nfattr *attr, struct nf_conntrack_tuple *tuple) 505ctnetlink_parse_tuple_ip(struct nlattr *attr, struct nf_conntrack_tuple *tuple)
483{ 506{
484 struct nfattr *tb[CTA_IP_MAX]; 507 struct nlattr *tb[CTA_IP_MAX+1];
485 struct nf_conntrack_l3proto *l3proto; 508 struct nf_conntrack_l3proto *l3proto;
486 int ret = 0; 509 int ret = 0;
487 510
488 nfattr_parse_nested(tb, CTA_IP_MAX, attr); 511 nla_parse_nested(tb, CTA_IP_MAX, attr, NULL);
489 512
490 l3proto = nf_ct_l3proto_find_get(tuple->src.l3num); 513 l3proto = nf_ct_l3proto_find_get(tuple->src.l3num);
491 514
@@ -497,26 +520,26 @@ ctnetlink_parse_tuple_ip(struct nfattr *attr, struct nf_conntrack_tuple *tuple)
497 return ret; 520 return ret;
498} 521}
499 522
500static const size_t cta_min_proto[CTA_PROTO_MAX] = { 523static const size_t cta_min_proto[CTA_PROTO_MAX+1] = {
501 [CTA_PROTO_NUM-1] = sizeof(u_int8_t), 524 [CTA_PROTO_NUM] = sizeof(u_int8_t),
502}; 525};
503 526
504static inline int 527static inline int
505ctnetlink_parse_tuple_proto(struct nfattr *attr, 528ctnetlink_parse_tuple_proto(struct nlattr *attr,
506 struct nf_conntrack_tuple *tuple) 529 struct nf_conntrack_tuple *tuple)
507{ 530{
508 struct nfattr *tb[CTA_PROTO_MAX]; 531 struct nlattr *tb[CTA_PROTO_MAX+1];
509 struct nf_conntrack_l4proto *l4proto; 532 struct nf_conntrack_l4proto *l4proto;
510 int ret = 0; 533 int ret = 0;
511 534
512 nfattr_parse_nested(tb, CTA_PROTO_MAX, attr); 535 nla_parse_nested(tb, CTA_PROTO_MAX, attr, NULL);
513 536
514 if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto)) 537 if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto))
515 return -EINVAL; 538 return -EINVAL;
516 539
517 if (!tb[CTA_PROTO_NUM-1]) 540 if (!tb[CTA_PROTO_NUM])
518 return -EINVAL; 541 return -EINVAL;
519 tuple->dst.protonum = *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_NUM-1]); 542 tuple->dst.protonum = *(u_int8_t *)nla_data(tb[CTA_PROTO_NUM]);
520 543
521 l4proto = nf_ct_l4proto_find_get(tuple->src.l3num, tuple->dst.protonum); 544 l4proto = nf_ct_l4proto_find_get(tuple->src.l3num, tuple->dst.protonum);
522 545
@@ -529,29 +552,29 @@ ctnetlink_parse_tuple_proto(struct nfattr *attr,
529} 552}
530 553
531static inline int 554static inline int
532ctnetlink_parse_tuple(struct nfattr *cda[], struct nf_conntrack_tuple *tuple, 555ctnetlink_parse_tuple(struct nlattr *cda[], struct nf_conntrack_tuple *tuple,
533 enum ctattr_tuple type, u_int8_t l3num) 556 enum ctattr_tuple type, u_int8_t l3num)
534{ 557{
535 struct nfattr *tb[CTA_TUPLE_MAX]; 558 struct nlattr *tb[CTA_TUPLE_MAX+1];
536 int err; 559 int err;
537 560
538 memset(tuple, 0, sizeof(*tuple)); 561 memset(tuple, 0, sizeof(*tuple));
539 562
540 nfattr_parse_nested(tb, CTA_TUPLE_MAX, cda[type-1]); 563 nla_parse_nested(tb, CTA_TUPLE_MAX, cda[type], NULL);
541 564
542 if (!tb[CTA_TUPLE_IP-1]) 565 if (!tb[CTA_TUPLE_IP])
543 return -EINVAL; 566 return -EINVAL;
544 567
545 tuple->src.l3num = l3num; 568 tuple->src.l3num = l3num;
546 569
547 err = ctnetlink_parse_tuple_ip(tb[CTA_TUPLE_IP-1], tuple); 570 err = ctnetlink_parse_tuple_ip(tb[CTA_TUPLE_IP], tuple);
548 if (err < 0) 571 if (err < 0)
549 return err; 572 return err;
550 573
551 if (!tb[CTA_TUPLE_PROTO-1]) 574 if (!tb[CTA_TUPLE_PROTO])
552 return -EINVAL; 575 return -EINVAL;
553 576
554 err = ctnetlink_parse_tuple_proto(tb[CTA_TUPLE_PROTO-1], tuple); 577 err = ctnetlink_parse_tuple_proto(tb[CTA_TUPLE_PROTO], tuple);
555 if (err < 0) 578 if (err < 0)
556 return err; 579 return err;
557 580
@@ -565,19 +588,19 @@ ctnetlink_parse_tuple(struct nfattr *cda[], struct nf_conntrack_tuple *tuple,
565} 588}
566 589
567#ifdef CONFIG_NF_NAT_NEEDED 590#ifdef CONFIG_NF_NAT_NEEDED
568static const size_t cta_min_protonat[CTA_PROTONAT_MAX] = { 591static const size_t cta_min_protonat[CTA_PROTONAT_MAX+1] = {
569 [CTA_PROTONAT_PORT_MIN-1] = sizeof(u_int16_t), 592 [CTA_PROTONAT_PORT_MIN] = sizeof(u_int16_t),
570 [CTA_PROTONAT_PORT_MAX-1] = sizeof(u_int16_t), 593 [CTA_PROTONAT_PORT_MAX] = sizeof(u_int16_t),
571}; 594};
572 595
573static int nfnetlink_parse_nat_proto(struct nfattr *attr, 596static int nfnetlink_parse_nat_proto(struct nlattr *attr,
574 const struct nf_conn *ct, 597 const struct nf_conn *ct,
575 struct nf_nat_range *range) 598 struct nf_nat_range *range)
576{ 599{
577 struct nfattr *tb[CTA_PROTONAT_MAX]; 600 struct nlattr *tb[CTA_PROTONAT_MAX+1];
578 struct nf_nat_protocol *npt; 601 struct nf_nat_protocol *npt;
579 602
580 nfattr_parse_nested(tb, CTA_PROTONAT_MAX, attr); 603 nla_parse_nested(tb, CTA_PROTONAT_MAX, attr, NULL);
581 604
582 if (nfattr_bad_size(tb, CTA_PROTONAT_MAX, cta_min_protonat)) 605 if (nfattr_bad_size(tb, CTA_PROTONAT_MAX, cta_min_protonat))
583 return -EINVAL; 606 return -EINVAL;
@@ -598,40 +621,40 @@ static int nfnetlink_parse_nat_proto(struct nfattr *attr,
598 return 0; 621 return 0;
599} 622}
600 623
601static const size_t cta_min_nat[CTA_NAT_MAX] = { 624static const size_t cta_min_nat[CTA_NAT_MAX+1] = {
602 [CTA_NAT_MINIP-1] = sizeof(u_int32_t), 625 [CTA_NAT_MINIP] = sizeof(u_int32_t),
603 [CTA_NAT_MAXIP-1] = sizeof(u_int32_t), 626 [CTA_NAT_MAXIP] = sizeof(u_int32_t),
604}; 627};
605 628
606static inline int 629static inline int
607nfnetlink_parse_nat(struct nfattr *nat, 630nfnetlink_parse_nat(struct nlattr *nat,
608 const struct nf_conn *ct, struct nf_nat_range *range) 631 const struct nf_conn *ct, struct nf_nat_range *range)
609{ 632{
610 struct nfattr *tb[CTA_NAT_MAX]; 633 struct nlattr *tb[CTA_NAT_MAX+1];
611 int err; 634 int err;
612 635
613 memset(range, 0, sizeof(*range)); 636 memset(range, 0, sizeof(*range));
614 637
615 nfattr_parse_nested(tb, CTA_NAT_MAX, nat); 638 nla_parse_nested(tb, CTA_NAT_MAX, nat, NULL);
616 639
617 if (nfattr_bad_size(tb, CTA_NAT_MAX, cta_min_nat)) 640 if (nfattr_bad_size(tb, CTA_NAT_MAX, cta_min_nat))
618 return -EINVAL; 641 return -EINVAL;
619 642
620 if (tb[CTA_NAT_MINIP-1]) 643 if (tb[CTA_NAT_MINIP])
621 range->min_ip = *(__be32 *)NFA_DATA(tb[CTA_NAT_MINIP-1]); 644 range->min_ip = *(__be32 *)nla_data(tb[CTA_NAT_MINIP]);
622 645
623 if (!tb[CTA_NAT_MAXIP-1]) 646 if (!tb[CTA_NAT_MAXIP])
624 range->max_ip = range->min_ip; 647 range->max_ip = range->min_ip;
625 else 648 else
626 range->max_ip = *(__be32 *)NFA_DATA(tb[CTA_NAT_MAXIP-1]); 649 range->max_ip = *(__be32 *)nla_data(tb[CTA_NAT_MAXIP]);
627 650
628 if (range->min_ip) 651 if (range->min_ip)
629 range->flags |= IP_NAT_RANGE_MAP_IPS; 652 range->flags |= IP_NAT_RANGE_MAP_IPS;
630 653
631 if (!tb[CTA_NAT_PROTO-1]) 654 if (!tb[CTA_NAT_PROTO])
632 return 0; 655 return 0;
633 656
634 err = nfnetlink_parse_nat_proto(tb[CTA_NAT_PROTO-1], ct, range); 657 err = nfnetlink_parse_nat_proto(tb[CTA_NAT_PROTO], ct, range);
635 if (err < 0) 658 if (err < 0)
636 return err; 659 return err;
637 660
@@ -640,31 +663,31 @@ nfnetlink_parse_nat(struct nfattr *nat,
640#endif 663#endif
641 664
642static inline int 665static inline int
643ctnetlink_parse_help(struct nfattr *attr, char **helper_name) 666ctnetlink_parse_help(struct nlattr *attr, char **helper_name)
644{ 667{
645 struct nfattr *tb[CTA_HELP_MAX]; 668 struct nlattr *tb[CTA_HELP_MAX+1];
646 669
647 nfattr_parse_nested(tb, CTA_HELP_MAX, attr); 670 nla_parse_nested(tb, CTA_HELP_MAX, attr, NULL);
648 671
649 if (!tb[CTA_HELP_NAME-1]) 672 if (!tb[CTA_HELP_NAME])
650 return -EINVAL; 673 return -EINVAL;
651 674
652 *helper_name = NFA_DATA(tb[CTA_HELP_NAME-1]); 675 *helper_name = nla_data(tb[CTA_HELP_NAME]);
653 676
654 return 0; 677 return 0;
655} 678}
656 679
657static const size_t cta_min[CTA_MAX] = { 680static const size_t cta_min[CTA_MAX+1] = {
658 [CTA_STATUS-1] = sizeof(u_int32_t), 681 [CTA_STATUS] = sizeof(u_int32_t),
659 [CTA_TIMEOUT-1] = sizeof(u_int32_t), 682 [CTA_TIMEOUT] = sizeof(u_int32_t),
660 [CTA_MARK-1] = sizeof(u_int32_t), 683 [CTA_MARK] = sizeof(u_int32_t),
661 [CTA_USE-1] = sizeof(u_int32_t), 684 [CTA_USE] = sizeof(u_int32_t),
662 [CTA_ID-1] = sizeof(u_int32_t) 685 [CTA_ID] = sizeof(u_int32_t)
663}; 686};
664 687
665static int 688static int
666ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb, 689ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
667 struct nlmsghdr *nlh, struct nfattr *cda[]) 690 struct nlmsghdr *nlh, struct nlattr *cda[])
668{ 691{
669 struct nf_conntrack_tuple_hash *h; 692 struct nf_conntrack_tuple_hash *h;
670 struct nf_conntrack_tuple tuple; 693 struct nf_conntrack_tuple tuple;
@@ -676,9 +699,9 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
676 if (nfattr_bad_size(cda, CTA_MAX, cta_min)) 699 if (nfattr_bad_size(cda, CTA_MAX, cta_min))
677 return -EINVAL; 700 return -EINVAL;
678 701
679 if (cda[CTA_TUPLE_ORIG-1]) 702 if (cda[CTA_TUPLE_ORIG])
680 err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG, u3); 703 err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG, u3);
681 else if (cda[CTA_TUPLE_REPLY-1]) 704 else if (cda[CTA_TUPLE_REPLY])
682 err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_REPLY, u3); 705 err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_REPLY, u3);
683 else { 706 else {
684 /* Flush the whole table */ 707 /* Flush the whole table */
@@ -695,8 +718,8 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
695 718
696 ct = nf_ct_tuplehash_to_ctrack(h); 719 ct = nf_ct_tuplehash_to_ctrack(h);
697 720
698 if (cda[CTA_ID-1]) { 721 if (cda[CTA_ID]) {
699 u_int32_t id = ntohl(*(__be32 *)NFA_DATA(cda[CTA_ID-1])); 722 u_int32_t id = ntohl(*(__be32 *)nla_data(cda[CTA_ID]));
700 if (ct->id != id) { 723 if (ct->id != id) {
701 nf_ct_put(ct); 724 nf_ct_put(ct);
702 return -ENOENT; 725 return -ENOENT;
@@ -712,7 +735,7 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
712 735
713static int 736static int
714ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb, 737ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
715 struct nlmsghdr *nlh, struct nfattr *cda[]) 738 struct nlmsghdr *nlh, struct nlattr *cda[])
716{ 739{
717 struct nf_conntrack_tuple_hash *h; 740 struct nf_conntrack_tuple_hash *h;
718 struct nf_conntrack_tuple tuple; 741 struct nf_conntrack_tuple tuple;
@@ -734,9 +757,9 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
734 if (nfattr_bad_size(cda, CTA_MAX, cta_min)) 757 if (nfattr_bad_size(cda, CTA_MAX, cta_min))
735 return -EINVAL; 758 return -EINVAL;
736 759
737 if (cda[CTA_TUPLE_ORIG-1]) 760 if (cda[CTA_TUPLE_ORIG])
738 err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG, u3); 761 err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG, u3);
739 else if (cda[CTA_TUPLE_REPLY-1]) 762 else if (cda[CTA_TUPLE_REPLY])
740 err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_REPLY, u3); 763 err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_REPLY, u3);
741 else 764 else
742 return -EINVAL; 765 return -EINVAL;
@@ -776,10 +799,10 @@ out:
776} 799}
777 800
778static inline int 801static inline int
779ctnetlink_change_status(struct nf_conn *ct, struct nfattr *cda[]) 802ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[])
780{ 803{
781 unsigned long d; 804 unsigned long d;
782 unsigned int status = ntohl(*(__be32 *)NFA_DATA(cda[CTA_STATUS-1])); 805 unsigned int status = ntohl(*(__be32 *)nla_data(cda[CTA_STATUS]));
783 d = ct->status ^ status; 806 d = ct->status ^ status;
784 807
785 if (d & (IPS_EXPECTED|IPS_CONFIRMED|IPS_DYING)) 808 if (d & (IPS_EXPECTED|IPS_CONFIRMED|IPS_DYING))
@@ -795,14 +818,14 @@ ctnetlink_change_status(struct nf_conn *ct, struct nfattr *cda[])
795 /* ASSURED bit can only be set */ 818 /* ASSURED bit can only be set */
796 return -EINVAL; 819 return -EINVAL;
797 820
798 if (cda[CTA_NAT_SRC-1] || cda[CTA_NAT_DST-1]) { 821 if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) {
799#ifndef CONFIG_NF_NAT_NEEDED 822#ifndef CONFIG_NF_NAT_NEEDED
800 return -EINVAL; 823 return -EINVAL;
801#else 824#else
802 struct nf_nat_range range; 825 struct nf_nat_range range;
803 826
804 if (cda[CTA_NAT_DST-1]) { 827 if (cda[CTA_NAT_DST]) {
805 if (nfnetlink_parse_nat(cda[CTA_NAT_DST-1], ct, 828 if (nfnetlink_parse_nat(cda[CTA_NAT_DST], ct,
806 &range) < 0) 829 &range) < 0)
807 return -EINVAL; 830 return -EINVAL;
808 if (nf_nat_initialized(ct, 831 if (nf_nat_initialized(ct,
@@ -810,8 +833,8 @@ ctnetlink_change_status(struct nf_conn *ct, struct nfattr *cda[])
810 return -EEXIST; 833 return -EEXIST;
811 nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); 834 nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING);
812 } 835 }
813 if (cda[CTA_NAT_SRC-1]) { 836 if (cda[CTA_NAT_SRC]) {
814 if (nfnetlink_parse_nat(cda[CTA_NAT_SRC-1], ct, 837 if (nfnetlink_parse_nat(cda[CTA_NAT_SRC], ct,
815 &range) < 0) 838 &range) < 0)
816 return -EINVAL; 839 return -EINVAL;
817 if (nf_nat_initialized(ct, 840 if (nf_nat_initialized(ct,
@@ -831,7 +854,7 @@ ctnetlink_change_status(struct nf_conn *ct, struct nfattr *cda[])
831 854
832 855
833static inline int 856static inline int
834ctnetlink_change_helper(struct nf_conn *ct, struct nfattr *cda[]) 857ctnetlink_change_helper(struct nf_conn *ct, struct nlattr *cda[])
835{ 858{
836 struct nf_conntrack_helper *helper; 859 struct nf_conntrack_helper *helper;
837 struct nf_conn_help *help = nfct_help(ct); 860 struct nf_conn_help *help = nfct_help(ct);
@@ -842,7 +865,7 @@ ctnetlink_change_helper(struct nf_conn *ct, struct nfattr *cda[])
842 if (ct->master) 865 if (ct->master)
843 return -EINVAL; 866 return -EINVAL;
844 867
845 err = ctnetlink_parse_help(cda[CTA_HELP-1], &helpname); 868 err = ctnetlink_parse_help(cda[CTA_HELP], &helpname);
846 if (err < 0) 869 if (err < 0)
847 return err; 870 return err;
848 871
@@ -879,9 +902,9 @@ ctnetlink_change_helper(struct nf_conn *ct, struct nfattr *cda[])
879} 902}
880 903
881static inline int 904static inline int
882ctnetlink_change_timeout(struct nf_conn *ct, struct nfattr *cda[]) 905ctnetlink_change_timeout(struct nf_conn *ct, struct nlattr *cda[])
883{ 906{
884 u_int32_t timeout = ntohl(*(__be32 *)NFA_DATA(cda[CTA_TIMEOUT-1])); 907 u_int32_t timeout = ntohl(*(__be32 *)nla_data(cda[CTA_TIMEOUT]));
885 908
886 if (!del_timer(&ct->timeout)) 909 if (!del_timer(&ct->timeout))
887 return -ETIME; 910 return -ETIME;
@@ -893,15 +916,15 @@ ctnetlink_change_timeout(struct nf_conn *ct, struct nfattr *cda[])
893} 916}
894 917
895static inline int 918static inline int
896ctnetlink_change_protoinfo(struct nf_conn *ct, struct nfattr *cda[]) 919ctnetlink_change_protoinfo(struct nf_conn *ct, struct nlattr *cda[])
897{ 920{
898 struct nfattr *tb[CTA_PROTOINFO_MAX], *attr = cda[CTA_PROTOINFO-1]; 921 struct nlattr *tb[CTA_PROTOINFO_MAX+1], *attr = cda[CTA_PROTOINFO];
899 struct nf_conntrack_l4proto *l4proto; 922 struct nf_conntrack_l4proto *l4proto;
900 u_int16_t npt = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum; 923 u_int16_t npt = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum;
901 u_int16_t l3num = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; 924 u_int16_t l3num = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
902 int err = 0; 925 int err = 0;
903 926
904 nfattr_parse_nested(tb, CTA_PROTOINFO_MAX, attr); 927 nla_parse_nested(tb, CTA_PROTOINFO_MAX, attr, NULL);
905 928
906 l4proto = nf_ct_l4proto_find_get(l3num, npt); 929 l4proto = nf_ct_l4proto_find_get(l3num, npt);
907 930
@@ -913,44 +936,44 @@ ctnetlink_change_protoinfo(struct nf_conn *ct, struct nfattr *cda[])
913} 936}
914 937
915static int 938static int
916ctnetlink_change_conntrack(struct nf_conn *ct, struct nfattr *cda[]) 939ctnetlink_change_conntrack(struct nf_conn *ct, struct nlattr *cda[])
917{ 940{
918 int err; 941 int err;
919 942
920 if (cda[CTA_HELP-1]) { 943 if (cda[CTA_HELP]) {
921 err = ctnetlink_change_helper(ct, cda); 944 err = ctnetlink_change_helper(ct, cda);
922 if (err < 0) 945 if (err < 0)
923 return err; 946 return err;
924 } 947 }
925 948
926 if (cda[CTA_TIMEOUT-1]) { 949 if (cda[CTA_TIMEOUT]) {
927 err = ctnetlink_change_timeout(ct, cda); 950 err = ctnetlink_change_timeout(ct, cda);
928 if (err < 0) 951 if (err < 0)
929 return err; 952 return err;
930 } 953 }
931 954
932 if (cda[CTA_STATUS-1]) { 955 if (cda[CTA_STATUS]) {
933 err = ctnetlink_change_status(ct, cda); 956 err = ctnetlink_change_status(ct, cda);
934 if (err < 0) 957 if (err < 0)
935 return err; 958 return err;
936 } 959 }
937 960
938 if (cda[CTA_PROTOINFO-1]) { 961 if (cda[CTA_PROTOINFO]) {
939 err = ctnetlink_change_protoinfo(ct, cda); 962 err = ctnetlink_change_protoinfo(ct, cda);
940 if (err < 0) 963 if (err < 0)
941 return err; 964 return err;
942 } 965 }
943 966
944#if defined(CONFIG_NF_CONNTRACK_MARK) 967#if defined(CONFIG_NF_CONNTRACK_MARK)
945 if (cda[CTA_MARK-1]) 968 if (cda[CTA_MARK])
946 ct->mark = ntohl(*(__be32 *)NFA_DATA(cda[CTA_MARK-1])); 969 ct->mark = ntohl(*(__be32 *)nla_data(cda[CTA_MARK]));
947#endif 970#endif
948 971
949 return 0; 972 return 0;
950} 973}
951 974
952static int 975static int
953ctnetlink_create_conntrack(struct nfattr *cda[], 976ctnetlink_create_conntrack(struct nlattr *cda[],
954 struct nf_conntrack_tuple *otuple, 977 struct nf_conntrack_tuple *otuple,
955 struct nf_conntrack_tuple *rtuple) 978 struct nf_conntrack_tuple *rtuple)
956{ 979{
@@ -963,28 +986,28 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
963 if (ct == NULL || IS_ERR(ct)) 986 if (ct == NULL || IS_ERR(ct))
964 return -ENOMEM; 987 return -ENOMEM;
965 988
966 if (!cda[CTA_TIMEOUT-1]) 989 if (!cda[CTA_TIMEOUT])
967 goto err; 990 goto err;
968 ct->timeout.expires = ntohl(*(__be32 *)NFA_DATA(cda[CTA_TIMEOUT-1])); 991 ct->timeout.expires = ntohl(*(__be32 *)nla_data(cda[CTA_TIMEOUT]));
969 992
970 ct->timeout.expires = jiffies + ct->timeout.expires * HZ; 993 ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
971 ct->status |= IPS_CONFIRMED; 994 ct->status |= IPS_CONFIRMED;
972 995
973 if (cda[CTA_STATUS-1]) { 996 if (cda[CTA_STATUS]) {
974 err = ctnetlink_change_status(ct, cda); 997 err = ctnetlink_change_status(ct, cda);
975 if (err < 0) 998 if (err < 0)
976 goto err; 999 goto err;
977 } 1000 }
978 1001
979 if (cda[CTA_PROTOINFO-1]) { 1002 if (cda[CTA_PROTOINFO]) {
980 err = ctnetlink_change_protoinfo(ct, cda); 1003 err = ctnetlink_change_protoinfo(ct, cda);
981 if (err < 0) 1004 if (err < 0)
982 goto err; 1005 goto err;
983 } 1006 }
984 1007
985#if defined(CONFIG_NF_CONNTRACK_MARK) 1008#if defined(CONFIG_NF_CONNTRACK_MARK)
986 if (cda[CTA_MARK-1]) 1009 if (cda[CTA_MARK])
987 ct->mark = ntohl(*(__be32 *)NFA_DATA(cda[CTA_MARK-1])); 1010 ct->mark = ntohl(*(__be32 *)nla_data(cda[CTA_MARK]));
988#endif 1011#endif
989 1012
990 helper = nf_ct_helper_find_get(rtuple); 1013 helper = nf_ct_helper_find_get(rtuple);
@@ -1014,7 +1037,7 @@ err:
1014 1037
1015static int 1038static int
1016ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb, 1039ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1017 struct nlmsghdr *nlh, struct nfattr *cda[]) 1040 struct nlmsghdr *nlh, struct nlattr *cda[])
1018{ 1041{
1019 struct nf_conntrack_tuple otuple, rtuple; 1042 struct nf_conntrack_tuple otuple, rtuple;
1020 struct nf_conntrack_tuple_hash *h = NULL; 1043 struct nf_conntrack_tuple_hash *h = NULL;
@@ -1025,22 +1048,22 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1025 if (nfattr_bad_size(cda, CTA_MAX, cta_min)) 1048 if (nfattr_bad_size(cda, CTA_MAX, cta_min))
1026 return -EINVAL; 1049 return -EINVAL;
1027 1050
1028 if (cda[CTA_TUPLE_ORIG-1]) { 1051 if (cda[CTA_TUPLE_ORIG]) {
1029 err = ctnetlink_parse_tuple(cda, &otuple, CTA_TUPLE_ORIG, u3); 1052 err = ctnetlink_parse_tuple(cda, &otuple, CTA_TUPLE_ORIG, u3);
1030 if (err < 0) 1053 if (err < 0)
1031 return err; 1054 return err;
1032 } 1055 }
1033 1056
1034 if (cda[CTA_TUPLE_REPLY-1]) { 1057 if (cda[CTA_TUPLE_REPLY]) {
1035 err = ctnetlink_parse_tuple(cda, &rtuple, CTA_TUPLE_REPLY, u3); 1058 err = ctnetlink_parse_tuple(cda, &rtuple, CTA_TUPLE_REPLY, u3);
1036 if (err < 0) 1059 if (err < 0)
1037 return err; 1060 return err;
1038 } 1061 }
1039 1062
1040 write_lock_bh(&nf_conntrack_lock); 1063 write_lock_bh(&nf_conntrack_lock);
1041 if (cda[CTA_TUPLE_ORIG-1]) 1064 if (cda[CTA_TUPLE_ORIG])
1042 h = __nf_conntrack_find(&otuple, NULL); 1065 h = __nf_conntrack_find(&otuple, NULL);
1043 else if (cda[CTA_TUPLE_REPLY-1]) 1066 else if (cda[CTA_TUPLE_REPLY])
1044 h = __nf_conntrack_find(&rtuple, NULL); 1067 h = __nf_conntrack_find(&rtuple, NULL);
1045 1068
1046 if (h == NULL) { 1069 if (h == NULL) {
@@ -1057,7 +1080,7 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1057 err = -EEXIST; 1080 err = -EEXIST;
1058 if (!(nlh->nlmsg_flags & NLM_F_EXCL)) { 1081 if (!(nlh->nlmsg_flags & NLM_F_EXCL)) {
1059 /* we only allow nat config for new conntracks */ 1082 /* we only allow nat config for new conntracks */
1060 if (cda[CTA_NAT_SRC-1] || cda[CTA_NAT_DST-1]) { 1083 if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) {
1061 err = -EINVAL; 1084 err = -EINVAL;
1062 goto out_unlock; 1085 goto out_unlock;
1063 } 1086 }
@@ -1079,16 +1102,18 @@ ctnetlink_exp_dump_tuple(struct sk_buff *skb,
1079 const struct nf_conntrack_tuple *tuple, 1102 const struct nf_conntrack_tuple *tuple,
1080 enum ctattr_expect type) 1103 enum ctattr_expect type)
1081{ 1104{
1082 struct nfattr *nest_parms = NFA_NEST(skb, type); 1105 struct nlattr *nest_parms;
1083 1106
1107 nest_parms = nla_nest_start(skb, type | NLA_F_NESTED);
1108 if (!nest_parms)
1109 goto nla_put_failure;
1084 if (ctnetlink_dump_tuples(skb, tuple) < 0) 1110 if (ctnetlink_dump_tuples(skb, tuple) < 0)
1085 goto nfattr_failure; 1111 goto nla_put_failure;
1086 1112 nla_nest_end(skb, nest_parms);
1087 NFA_NEST_END(skb, nest_parms);
1088 1113
1089 return 0; 1114 return 0;
1090 1115
1091nfattr_failure: 1116nla_put_failure:
1092 return -1; 1117 return -1;
1093} 1118}
1094 1119
@@ -1101,32 +1126,34 @@ ctnetlink_exp_dump_mask(struct sk_buff *skb,
1101 struct nf_conntrack_l3proto *l3proto; 1126 struct nf_conntrack_l3proto *l3proto;
1102 struct nf_conntrack_l4proto *l4proto; 1127 struct nf_conntrack_l4proto *l4proto;
1103 struct nf_conntrack_tuple m; 1128 struct nf_conntrack_tuple m;
1104 struct nfattr *nest_parms; 1129 struct nlattr *nest_parms;
1105 1130
1106 memset(&m, 0xFF, sizeof(m)); 1131 memset(&m, 0xFF, sizeof(m));
1107 m.src.u.all = mask->src.u.all; 1132 m.src.u.all = mask->src.u.all;
1108 memcpy(&m.src.u3, &mask->src.u3, sizeof(m.src.u3)); 1133 memcpy(&m.src.u3, &mask->src.u3, sizeof(m.src.u3));
1109 1134
1110 nest_parms = NFA_NEST(skb, CTA_EXPECT_MASK); 1135 nest_parms = nla_nest_start(skb, CTA_EXPECT_MASK | NLA_F_NESTED);
1136 if (!nest_parms)
1137 goto nla_put_failure;
1111 1138
1112 l3proto = nf_ct_l3proto_find_get(tuple->src.l3num); 1139 l3proto = nf_ct_l3proto_find_get(tuple->src.l3num);
1113 ret = ctnetlink_dump_tuples_ip(skb, &m, l3proto); 1140 ret = ctnetlink_dump_tuples_ip(skb, &m, l3proto);
1114 nf_ct_l3proto_put(l3proto); 1141 nf_ct_l3proto_put(l3proto);
1115 1142
1116 if (unlikely(ret < 0)) 1143 if (unlikely(ret < 0))
1117 goto nfattr_failure; 1144 goto nla_put_failure;
1118 1145
1119 l4proto = nf_ct_l4proto_find_get(tuple->src.l3num, tuple->dst.protonum); 1146 l4proto = nf_ct_l4proto_find_get(tuple->src.l3num, tuple->dst.protonum);
1120 ret = ctnetlink_dump_tuples_proto(skb, &m, l4proto); 1147 ret = ctnetlink_dump_tuples_proto(skb, &m, l4proto);
1121 nf_ct_l4proto_put(l4proto); 1148 nf_ct_l4proto_put(l4proto);
1122 if (unlikely(ret < 0)) 1149 if (unlikely(ret < 0))
1123 goto nfattr_failure; 1150 goto nla_put_failure;
1124 1151
1125 NFA_NEST_END(skb, nest_parms); 1152 nla_nest_end(skb, nest_parms);
1126 1153
1127 return 0; 1154 return 0;
1128 1155
1129nfattr_failure: 1156nla_put_failure:
1130 return -1; 1157 return -1;
1131} 1158}
1132 1159
@@ -1139,20 +1166,20 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb,
1139 __be32 id = htonl(exp->id); 1166 __be32 id = htonl(exp->id);
1140 1167
1141 if (ctnetlink_exp_dump_tuple(skb, &exp->tuple, CTA_EXPECT_TUPLE) < 0) 1168 if (ctnetlink_exp_dump_tuple(skb, &exp->tuple, CTA_EXPECT_TUPLE) < 0)
1142 goto nfattr_failure; 1169 goto nla_put_failure;
1143 if (ctnetlink_exp_dump_mask(skb, &exp->tuple, &exp->mask) < 0) 1170 if (ctnetlink_exp_dump_mask(skb, &exp->tuple, &exp->mask) < 0)
1144 goto nfattr_failure; 1171 goto nla_put_failure;
1145 if (ctnetlink_exp_dump_tuple(skb, 1172 if (ctnetlink_exp_dump_tuple(skb,
1146 &master->tuplehash[IP_CT_DIR_ORIGINAL].tuple, 1173 &master->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
1147 CTA_EXPECT_MASTER) < 0) 1174 CTA_EXPECT_MASTER) < 0)
1148 goto nfattr_failure; 1175 goto nla_put_failure;
1149 1176
1150 NFA_PUT(skb, CTA_EXPECT_TIMEOUT, sizeof(timeout), &timeout); 1177 NLA_PUT(skb, CTA_EXPECT_TIMEOUT, sizeof(timeout), &timeout);
1151 NFA_PUT(skb, CTA_EXPECT_ID, sizeof(u_int32_t), &id); 1178 NLA_PUT(skb, CTA_EXPECT_ID, sizeof(u_int32_t), &id);
1152 1179
1153 return 0; 1180 return 0;
1154 1181
1155nfattr_failure: 1182nla_put_failure:
1156 return -1; 1183 return -1;
1157} 1184}
1158 1185
@@ -1176,13 +1203,13 @@ ctnetlink_exp_fill_info(struct sk_buff *skb, u32 pid, u32 seq,
1176 nfmsg->res_id = 0; 1203 nfmsg->res_id = 0;
1177 1204
1178 if (ctnetlink_exp_dump_expect(skb, exp) < 0) 1205 if (ctnetlink_exp_dump_expect(skb, exp) < 0)
1179 goto nfattr_failure; 1206 goto nla_put_failure;
1180 1207
1181 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 1208 nlh->nlmsg_len = skb_tail_pointer(skb) - b;
1182 return skb->len; 1209 return skb->len;
1183 1210
1184nlmsg_failure: 1211nlmsg_failure:
1185nfattr_failure: 1212nla_put_failure:
1186 nlmsg_trim(skb, b); 1213 nlmsg_trim(skb, b);
1187 return -1; 1214 return -1;
1188} 1215}
@@ -1224,14 +1251,14 @@ static int ctnetlink_expect_event(struct notifier_block *this,
1224 nfmsg->res_id = 0; 1251 nfmsg->res_id = 0;
1225 1252
1226 if (ctnetlink_exp_dump_expect(skb, exp) < 0) 1253 if (ctnetlink_exp_dump_expect(skb, exp) < 0)
1227 goto nfattr_failure; 1254 goto nla_put_failure;
1228 1255
1229 nlh->nlmsg_len = skb->tail - b; 1256 nlh->nlmsg_len = skb->tail - b;
1230 nfnetlink_send(skb, 0, NFNLGRP_CONNTRACK_EXP_NEW, 0); 1257 nfnetlink_send(skb, 0, NFNLGRP_CONNTRACK_EXP_NEW, 0);
1231 return NOTIFY_DONE; 1258 return NOTIFY_DONE;
1232 1259
1233nlmsg_failure: 1260nlmsg_failure:
1234nfattr_failure: 1261nla_put_failure:
1235 kfree_skb(skb); 1262 kfree_skb(skb);
1236 return NOTIFY_DONE; 1263 return NOTIFY_DONE;
1237} 1264}
@@ -1286,14 +1313,14 @@ out:
1286 return skb->len; 1313 return skb->len;
1287} 1314}
1288 1315
1289static const size_t cta_min_exp[CTA_EXPECT_MAX] = { 1316static const size_t cta_min_exp[CTA_EXPECT_MAX+1] = {
1290 [CTA_EXPECT_TIMEOUT-1] = sizeof(u_int32_t), 1317 [CTA_EXPECT_TIMEOUT] = sizeof(u_int32_t),
1291 [CTA_EXPECT_ID-1] = sizeof(u_int32_t) 1318 [CTA_EXPECT_ID] = sizeof(u_int32_t)
1292}; 1319};
1293 1320
1294static int 1321static int
1295ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb, 1322ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
1296 struct nlmsghdr *nlh, struct nfattr *cda[]) 1323 struct nlmsghdr *nlh, struct nlattr *cda[])
1297{ 1324{
1298 struct nf_conntrack_tuple tuple; 1325 struct nf_conntrack_tuple tuple;
1299 struct nf_conntrack_expect *exp; 1326 struct nf_conntrack_expect *exp;
@@ -1311,7 +1338,7 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
1311 ctnetlink_exp_done); 1338 ctnetlink_exp_done);
1312 } 1339 }
1313 1340
1314 if (cda[CTA_EXPECT_MASTER-1]) 1341 if (cda[CTA_EXPECT_MASTER])
1315 err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_MASTER, u3); 1342 err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_MASTER, u3);
1316 else 1343 else
1317 return -EINVAL; 1344 return -EINVAL;
@@ -1323,8 +1350,8 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
1323 if (!exp) 1350 if (!exp)
1324 return -ENOENT; 1351 return -ENOENT;
1325 1352
1326 if (cda[CTA_EXPECT_ID-1]) { 1353 if (cda[CTA_EXPECT_ID]) {
1327 __be32 id = *(__be32 *)NFA_DATA(cda[CTA_EXPECT_ID-1]); 1354 __be32 id = *(__be32 *)nla_data(cda[CTA_EXPECT_ID]);
1328 if (exp->id != ntohl(id)) { 1355 if (exp->id != ntohl(id)) {
1329 nf_ct_expect_put(exp); 1356 nf_ct_expect_put(exp);
1330 return -ENOENT; 1357 return -ENOENT;
@@ -1355,7 +1382,7 @@ out:
1355 1382
1356static int 1383static int
1357ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb, 1384ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb,
1358 struct nlmsghdr *nlh, struct nfattr *cda[]) 1385 struct nlmsghdr *nlh, struct nlattr *cda[])
1359{ 1386{
1360 struct nf_conntrack_expect *exp; 1387 struct nf_conntrack_expect *exp;
1361 struct nf_conntrack_tuple tuple; 1388 struct nf_conntrack_tuple tuple;
@@ -1369,7 +1396,7 @@ ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb,
1369 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp)) 1396 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp))
1370 return -EINVAL; 1397 return -EINVAL;
1371 1398
1372 if (cda[CTA_EXPECT_TUPLE-1]) { 1399 if (cda[CTA_EXPECT_TUPLE]) {
1373 /* delete a single expect by tuple */ 1400 /* delete a single expect by tuple */
1374 err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE, u3); 1401 err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE, u3);
1375 if (err < 0) 1402 if (err < 0)
@@ -1380,8 +1407,8 @@ ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb,
1380 if (!exp) 1407 if (!exp)
1381 return -ENOENT; 1408 return -ENOENT;
1382 1409
1383 if (cda[CTA_EXPECT_ID-1]) { 1410 if (cda[CTA_EXPECT_ID]) {
1384 __be32 id = *(__be32 *)NFA_DATA(cda[CTA_EXPECT_ID-1]); 1411 __be32 id = *(__be32 *)nla_data(cda[CTA_EXPECT_ID]);
1385 if (exp->id != ntohl(id)) { 1412 if (exp->id != ntohl(id)) {
1386 nf_ct_expect_put(exp); 1413 nf_ct_expect_put(exp);
1387 return -ENOENT; 1414 return -ENOENT;
@@ -1393,8 +1420,8 @@ ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb,
1393 /* have to put what we 'get' above. 1420 /* have to put what we 'get' above.
1394 * after this line usage count == 0 */ 1421 * after this line usage count == 0 */
1395 nf_ct_expect_put(exp); 1422 nf_ct_expect_put(exp);
1396 } else if (cda[CTA_EXPECT_HELP_NAME-1]) { 1423 } else if (cda[CTA_EXPECT_HELP_NAME]) {
1397 char *name = NFA_DATA(cda[CTA_EXPECT_HELP_NAME-1]); 1424 char *name = nla_data(cda[CTA_EXPECT_HELP_NAME]);
1398 struct nf_conn_help *m_help; 1425 struct nf_conn_help *m_help;
1399 1426
1400 /* delete all expectations for this helper */ 1427 /* delete all expectations for this helper */
@@ -1436,13 +1463,13 @@ ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb,
1436 return 0; 1463 return 0;
1437} 1464}
1438static int 1465static int
1439ctnetlink_change_expect(struct nf_conntrack_expect *x, struct nfattr *cda[]) 1466ctnetlink_change_expect(struct nf_conntrack_expect *x, struct nlattr *cda[])
1440{ 1467{
1441 return -EOPNOTSUPP; 1468 return -EOPNOTSUPP;
1442} 1469}
1443 1470
1444static int 1471static int
1445ctnetlink_create_expect(struct nfattr *cda[], u_int8_t u3) 1472ctnetlink_create_expect(struct nlattr *cda[], u_int8_t u3)
1446{ 1473{
1447 struct nf_conntrack_tuple tuple, mask, master_tuple; 1474 struct nf_conntrack_tuple tuple, mask, master_tuple;
1448 struct nf_conntrack_tuple_hash *h = NULL; 1475 struct nf_conntrack_tuple_hash *h = NULL;
@@ -1499,7 +1526,7 @@ out:
1499 1526
1500static int 1527static int
1501ctnetlink_new_expect(struct sock *ctnl, struct sk_buff *skb, 1528ctnetlink_new_expect(struct sock *ctnl, struct sk_buff *skb,
1502 struct nlmsghdr *nlh, struct nfattr *cda[]) 1529 struct nlmsghdr *nlh, struct nlattr *cda[])
1503{ 1530{
1504 struct nf_conntrack_tuple tuple; 1531 struct nf_conntrack_tuple tuple;
1505 struct nf_conntrack_expect *exp; 1532 struct nf_conntrack_expect *exp;
@@ -1510,9 +1537,9 @@ ctnetlink_new_expect(struct sock *ctnl, struct sk_buff *skb,
1510 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp)) 1537 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp))
1511 return -EINVAL; 1538 return -EINVAL;
1512 1539
1513 if (!cda[CTA_EXPECT_TUPLE-1] 1540 if (!cda[CTA_EXPECT_TUPLE]
1514 || !cda[CTA_EXPECT_MASK-1] 1541 || !cda[CTA_EXPECT_MASK]
1515 || !cda[CTA_EXPECT_MASTER-1]) 1542 || !cda[CTA_EXPECT_MASTER])
1516 return -EINVAL; 1543 return -EINVAL;
1517 1544
1518 err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE, u3); 1545 err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE, u3);
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index eb3fe7401466..1d167e61cc44 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -1067,93 +1067,96 @@ static int tcp_new(struct nf_conn *conntrack,
1067#include <linux/netfilter/nfnetlink.h> 1067#include <linux/netfilter/nfnetlink.h>
1068#include <linux/netfilter/nfnetlink_conntrack.h> 1068#include <linux/netfilter/nfnetlink_conntrack.h>
1069 1069
1070static int tcp_to_nfattr(struct sk_buff *skb, struct nfattr *nfa, 1070static int tcp_to_nfattr(struct sk_buff *skb, struct nlattr *nla,
1071 const struct nf_conn *ct) 1071 const struct nf_conn *ct)
1072{ 1072{
1073 struct nfattr *nest_parms; 1073 struct nlattr *nest_parms;
1074 struct nf_ct_tcp_flags tmp = {}; 1074 struct nf_ct_tcp_flags tmp = {};
1075 1075
1076 read_lock_bh(&tcp_lock); 1076 read_lock_bh(&tcp_lock);
1077 nest_parms = NFA_NEST(skb, CTA_PROTOINFO_TCP); 1077 nest_parms = nla_nest_start(skb, CTA_PROTOINFO_TCP | NLA_F_NESTED);
1078 NFA_PUT(skb, CTA_PROTOINFO_TCP_STATE, sizeof(u_int8_t), 1078 if (!nest_parms)
1079 goto nla_put_failure;
1080
1081 NLA_PUT(skb, CTA_PROTOINFO_TCP_STATE, sizeof(u_int8_t),
1079 &ct->proto.tcp.state); 1082 &ct->proto.tcp.state);
1080 1083
1081 NFA_PUT(skb, CTA_PROTOINFO_TCP_WSCALE_ORIGINAL, sizeof(u_int8_t), 1084 NLA_PUT(skb, CTA_PROTOINFO_TCP_WSCALE_ORIGINAL, sizeof(u_int8_t),
1082 &ct->proto.tcp.seen[0].td_scale); 1085 &ct->proto.tcp.seen[0].td_scale);
1083 1086
1084 NFA_PUT(skb, CTA_PROTOINFO_TCP_WSCALE_REPLY, sizeof(u_int8_t), 1087 NLA_PUT(skb, CTA_PROTOINFO_TCP_WSCALE_REPLY, sizeof(u_int8_t),
1085 &ct->proto.tcp.seen[1].td_scale); 1088 &ct->proto.tcp.seen[1].td_scale);
1086 1089
1087 tmp.flags = ct->proto.tcp.seen[0].flags; 1090 tmp.flags = ct->proto.tcp.seen[0].flags;
1088 NFA_PUT(skb, CTA_PROTOINFO_TCP_FLAGS_ORIGINAL, 1091 NLA_PUT(skb, CTA_PROTOINFO_TCP_FLAGS_ORIGINAL,
1089 sizeof(struct nf_ct_tcp_flags), &tmp); 1092 sizeof(struct nf_ct_tcp_flags), &tmp);
1090 1093
1091 tmp.flags = ct->proto.tcp.seen[1].flags; 1094 tmp.flags = ct->proto.tcp.seen[1].flags;
1092 NFA_PUT(skb, CTA_PROTOINFO_TCP_FLAGS_REPLY, 1095 NLA_PUT(skb, CTA_PROTOINFO_TCP_FLAGS_REPLY,
1093 sizeof(struct nf_ct_tcp_flags), &tmp); 1096 sizeof(struct nf_ct_tcp_flags), &tmp);
1094 read_unlock_bh(&tcp_lock); 1097 read_unlock_bh(&tcp_lock);
1095 1098
1096 NFA_NEST_END(skb, nest_parms); 1099 nla_nest_end(skb, nest_parms);
1097 1100
1098 return 0; 1101 return 0;
1099 1102
1100nfattr_failure: 1103nla_put_failure:
1101 read_unlock_bh(&tcp_lock); 1104 read_unlock_bh(&tcp_lock);
1102 return -1; 1105 return -1;
1103} 1106}
1104 1107
1105static const size_t cta_min_tcp[CTA_PROTOINFO_TCP_MAX] = { 1108static const size_t cta_min_tcp[CTA_PROTOINFO_TCP_MAX+1] = {
1106 [CTA_PROTOINFO_TCP_STATE-1] = sizeof(u_int8_t), 1109 [CTA_PROTOINFO_TCP_STATE] = sizeof(u_int8_t),
1107 [CTA_PROTOINFO_TCP_WSCALE_ORIGINAL-1] = sizeof(u_int8_t), 1110 [CTA_PROTOINFO_TCP_WSCALE_ORIGINAL] = sizeof(u_int8_t),
1108 [CTA_PROTOINFO_TCP_WSCALE_REPLY-1] = sizeof(u_int8_t), 1111 [CTA_PROTOINFO_TCP_WSCALE_REPLY] = sizeof(u_int8_t),
1109 [CTA_PROTOINFO_TCP_FLAGS_ORIGINAL-1] = sizeof(struct nf_ct_tcp_flags), 1112 [CTA_PROTOINFO_TCP_FLAGS_ORIGINAL] = sizeof(struct nf_ct_tcp_flags),
1110 [CTA_PROTOINFO_TCP_FLAGS_REPLY-1] = sizeof(struct nf_ct_tcp_flags) 1113 [CTA_PROTOINFO_TCP_FLAGS_REPLY] = sizeof(struct nf_ct_tcp_flags)
1111}; 1114};
1112 1115
1113static int nfattr_to_tcp(struct nfattr *cda[], struct nf_conn *ct) 1116static int nfattr_to_tcp(struct nlattr *cda[], struct nf_conn *ct)
1114{ 1117{
1115 struct nfattr *attr = cda[CTA_PROTOINFO_TCP-1]; 1118 struct nlattr *attr = cda[CTA_PROTOINFO_TCP];
1116 struct nfattr *tb[CTA_PROTOINFO_TCP_MAX]; 1119 struct nlattr *tb[CTA_PROTOINFO_TCP_MAX+1];
1117 1120
1118 /* updates could not contain anything about the private 1121 /* updates could not contain anything about the private
1119 * protocol info, in that case skip the parsing */ 1122 * protocol info, in that case skip the parsing */
1120 if (!attr) 1123 if (!attr)
1121 return 0; 1124 return 0;
1122 1125
1123 nfattr_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr); 1126 nla_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr, NULL);
1124 1127
1125 if (nfattr_bad_size(tb, CTA_PROTOINFO_TCP_MAX, cta_min_tcp)) 1128 if (nfattr_bad_size(tb, CTA_PROTOINFO_TCP_MAX, cta_min_tcp))
1126 return -EINVAL; 1129 return -EINVAL;
1127 1130
1128 if (!tb[CTA_PROTOINFO_TCP_STATE-1]) 1131 if (!tb[CTA_PROTOINFO_TCP_STATE])
1129 return -EINVAL; 1132 return -EINVAL;
1130 1133
1131 write_lock_bh(&tcp_lock); 1134 write_lock_bh(&tcp_lock);
1132 ct->proto.tcp.state = 1135 ct->proto.tcp.state =
1133 *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_TCP_STATE-1]); 1136 *(u_int8_t *)nla_data(tb[CTA_PROTOINFO_TCP_STATE]);
1134 1137
1135 if (tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL-1]) { 1138 if (tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL]) {
1136 struct nf_ct_tcp_flags *attr = 1139 struct nf_ct_tcp_flags *attr =
1137 NFA_DATA(tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL-1]); 1140 nla_data(tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL]);
1138 ct->proto.tcp.seen[0].flags &= ~attr->mask; 1141 ct->proto.tcp.seen[0].flags &= ~attr->mask;
1139 ct->proto.tcp.seen[0].flags |= attr->flags & attr->mask; 1142 ct->proto.tcp.seen[0].flags |= attr->flags & attr->mask;
1140 } 1143 }
1141 1144
1142 if (tb[CTA_PROTOINFO_TCP_FLAGS_REPLY-1]) { 1145 if (tb[CTA_PROTOINFO_TCP_FLAGS_REPLY]) {
1143 struct nf_ct_tcp_flags *attr = 1146 struct nf_ct_tcp_flags *attr =
1144 NFA_DATA(tb[CTA_PROTOINFO_TCP_FLAGS_REPLY-1]); 1147 nla_data(tb[CTA_PROTOINFO_TCP_FLAGS_REPLY]);
1145 ct->proto.tcp.seen[1].flags &= ~attr->mask; 1148 ct->proto.tcp.seen[1].flags &= ~attr->mask;
1146 ct->proto.tcp.seen[1].flags |= attr->flags & attr->mask; 1149 ct->proto.tcp.seen[1].flags |= attr->flags & attr->mask;
1147 } 1150 }
1148 1151
1149 if (tb[CTA_PROTOINFO_TCP_WSCALE_ORIGINAL-1] && 1152 if (tb[CTA_PROTOINFO_TCP_WSCALE_ORIGINAL] &&
1150 tb[CTA_PROTOINFO_TCP_WSCALE_REPLY-1] && 1153 tb[CTA_PROTOINFO_TCP_WSCALE_REPLY] &&
1151 ct->proto.tcp.seen[0].flags & IP_CT_TCP_FLAG_WINDOW_SCALE && 1154 ct->proto.tcp.seen[0].flags & IP_CT_TCP_FLAG_WINDOW_SCALE &&
1152 ct->proto.tcp.seen[1].flags & IP_CT_TCP_FLAG_WINDOW_SCALE) { 1155 ct->proto.tcp.seen[1].flags & IP_CT_TCP_FLAG_WINDOW_SCALE) {
1153 ct->proto.tcp.seen[0].td_scale = *(u_int8_t *) 1156 ct->proto.tcp.seen[0].td_scale = *(u_int8_t *)
1154 NFA_DATA(tb[CTA_PROTOINFO_TCP_WSCALE_ORIGINAL-1]); 1157 nla_data(tb[CTA_PROTOINFO_TCP_WSCALE_ORIGINAL]);
1155 ct->proto.tcp.seen[1].td_scale = *(u_int8_t *) 1158 ct->proto.tcp.seen[1].td_scale = *(u_int8_t *)
1156 NFA_DATA(tb[CTA_PROTOINFO_TCP_WSCALE_REPLY-1]); 1159 nla_data(tb[CTA_PROTOINFO_TCP_WSCALE_REPLY]);
1157 } 1160 }
1158 write_unlock_bh(&tcp_lock); 1161 write_unlock_bh(&tcp_lock);
1159 1162
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 032224c1409f..3cfa76b89a20 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -111,44 +111,17 @@ nfnetlink_find_client(u_int16_t type, const struct nfnetlink_subsystem *ss)
111 return &ss->cb[cb_id]; 111 return &ss->cb[cb_id];
112} 112}
113 113
114void __nfa_fill(struct sk_buff *skb, int attrtype, int attrlen,
115 const void *data)
116{
117 struct nfattr *nfa;
118 int size = NFA_LENGTH(attrlen);
119
120 nfa = (struct nfattr *)skb_put(skb, NFA_ALIGN(size));
121 nfa->nfa_type = attrtype;
122 nfa->nfa_len = size;
123 memcpy(NFA_DATA(nfa), data, attrlen);
124 memset(NFA_DATA(nfa) + attrlen, 0, NFA_ALIGN(size) - size);
125}
126EXPORT_SYMBOL_GPL(__nfa_fill);
127
128void nfattr_parse(struct nfattr *tb[], int maxattr, struct nfattr *nfa, int len)
129{
130 memset(tb, 0, sizeof(struct nfattr *) * maxattr);
131
132 while (NFA_OK(nfa, len)) {
133 unsigned flavor = NFA_TYPE(nfa);
134 if (flavor && flavor <= maxattr)
135 tb[flavor-1] = nfa;
136 nfa = NFA_NEXT(nfa, len);
137 }
138}
139EXPORT_SYMBOL_GPL(nfattr_parse);
140
141/** 114/**
142 * nfnetlink_check_attributes - check and parse nfnetlink attributes 115 * nfnetlink_check_attributes - check and parse nfnetlink attributes
143 * 116 *
144 * subsys: nfnl subsystem for which this message is to be parsed 117 * subsys: nfnl subsystem for which this message is to be parsed
145 * nlmsghdr: netlink message to be checked/parsed 118 * nlmsghdr: netlink message to be checked/parsed
146 * cda: array of pointers, needs to be at least subsys->attr_count big 119 * cda: array of pointers, needs to be at least subsys->attr_count+1 big
147 * 120 *
148 */ 121 */
149static int 122static int
150nfnetlink_check_attributes(const struct nfnetlink_subsystem *subsys, 123nfnetlink_check_attributes(const struct nfnetlink_subsystem *subsys,
151 struct nlmsghdr *nlh, struct nfattr *cda[]) 124 struct nlmsghdr *nlh, struct nlattr *cda[])
152{ 125{
153 int min_len = NLMSG_SPACE(sizeof(struct nfgenmsg)); 126 int min_len = NLMSG_SPACE(sizeof(struct nfgenmsg));
154 u_int8_t cb_id = NFNL_MSG_TYPE(nlh->nlmsg_type); 127 u_int8_t cb_id = NFNL_MSG_TYPE(nlh->nlmsg_type);
@@ -156,9 +129,9 @@ nfnetlink_check_attributes(const struct nfnetlink_subsystem *subsys,
156 129
157 /* check attribute lengths. */ 130 /* check attribute lengths. */
158 if (likely(nlh->nlmsg_len > min_len)) { 131 if (likely(nlh->nlmsg_len > min_len)) {
159 struct nfattr *attr = NFM_NFA(NLMSG_DATA(nlh)); 132 struct nlattr *attr = (void *)nlh + NLMSG_ALIGN(min_len);
160 int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len); 133 int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len);
161 nfattr_parse(cda, attr_count, attr, attrlen); 134 nla_parse(cda, attr_count, attr, attrlen, NULL);
162 } 135 }
163 136
164 /* implicit: if nlmsg_len == min_len, we return 0, and an empty 137 /* implicit: if nlmsg_len == min_len, we return 0, and an empty
@@ -230,9 +203,9 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
230 { 203 {
231 u_int16_t attr_count = 204 u_int16_t attr_count =
232 ss->cb[NFNL_MSG_TYPE(nlh->nlmsg_type)].attr_count; 205 ss->cb[NFNL_MSG_TYPE(nlh->nlmsg_type)].attr_count;
233 struct nfattr *cda[attr_count]; 206 struct nlattr *cda[attr_count+1];
234 207
235 memset(cda, 0, sizeof(struct nfattr *) * attr_count); 208 memset(cda, 0, sizeof(struct nlattr *) * attr_count);
236 209
237 err = nfnetlink_check_attributes(ss, nlh, cda); 210 err = nfnetlink_check_attributes(ss, nlh, cda);
238 if (err < 0) 211 if (err < 0)
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index c3aa8918035f..c7fd82f6cb7d 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -244,7 +244,7 @@ nfulnl_set_mode(struct nfulnl_instance *inst, u_int8_t mode,
244 244
245 case NFULNL_COPY_PACKET: 245 case NFULNL_COPY_PACKET:
246 inst->copy_mode = mode; 246 inst->copy_mode = mode;
247 /* we're using struct nfattr which has 16bit nfa_len */ 247 /* we're using struct nlattr which has 16bit nfa_len */
248 if (range > 0xffff) 248 if (range > 0xffff)
249 inst->copy_range = 0xffff; 249 inst->copy_range = 0xffff;
250 else 250 else
@@ -409,36 +409,36 @@ __build_packet_message(struct nfulnl_instance *inst,
409 pmsg.hw_protocol = skb->protocol; 409 pmsg.hw_protocol = skb->protocol;
410 pmsg.hook = hooknum; 410 pmsg.hook = hooknum;
411 411
412 NFA_PUT(inst->skb, NFULA_PACKET_HDR, sizeof(pmsg), &pmsg); 412 NLA_PUT(inst->skb, NFULA_PACKET_HDR, sizeof(pmsg), &pmsg);
413 413
414 if (prefix) 414 if (prefix)
415 NFA_PUT(inst->skb, NFULA_PREFIX, plen, prefix); 415 NLA_PUT(inst->skb, NFULA_PREFIX, plen, prefix);
416 416
417 if (indev) { 417 if (indev) {
418 tmp_uint = htonl(indev->ifindex); 418 tmp_uint = htonl(indev->ifindex);
419#ifndef CONFIG_BRIDGE_NETFILTER 419#ifndef CONFIG_BRIDGE_NETFILTER
420 NFA_PUT(inst->skb, NFULA_IFINDEX_INDEV, sizeof(tmp_uint), 420 NLA_PUT(inst->skb, NFULA_IFINDEX_INDEV, sizeof(tmp_uint),
421 &tmp_uint); 421 &tmp_uint);
422#else 422#else
423 if (pf == PF_BRIDGE) { 423 if (pf == PF_BRIDGE) {
424 /* Case 1: outdev is physical input device, we need to 424 /* Case 1: outdev is physical input device, we need to
425 * look for bridge group (when called from 425 * look for bridge group (when called from
426 * netfilter_bridge) */ 426 * netfilter_bridge) */
427 NFA_PUT(inst->skb, NFULA_IFINDEX_PHYSINDEV, 427 NLA_PUT(inst->skb, NFULA_IFINDEX_PHYSINDEV,
428 sizeof(tmp_uint), &tmp_uint); 428 sizeof(tmp_uint), &tmp_uint);
429 /* this is the bridge group "brX" */ 429 /* this is the bridge group "brX" */
430 tmp_uint = htonl(indev->br_port->br->dev->ifindex); 430 tmp_uint = htonl(indev->br_port->br->dev->ifindex);
431 NFA_PUT(inst->skb, NFULA_IFINDEX_INDEV, 431 NLA_PUT(inst->skb, NFULA_IFINDEX_INDEV,
432 sizeof(tmp_uint), &tmp_uint); 432 sizeof(tmp_uint), &tmp_uint);
433 } else { 433 } else {
434 /* Case 2: indev is bridge group, we need to look for 434 /* Case 2: indev is bridge group, we need to look for
435 * physical device (when called from ipv4) */ 435 * physical device (when called from ipv4) */
436 NFA_PUT(inst->skb, NFULA_IFINDEX_INDEV, 436 NLA_PUT(inst->skb, NFULA_IFINDEX_INDEV,
437 sizeof(tmp_uint), &tmp_uint); 437 sizeof(tmp_uint), &tmp_uint);
438 if (skb->nf_bridge && skb->nf_bridge->physindev) { 438 if (skb->nf_bridge && skb->nf_bridge->physindev) {
439 tmp_uint = 439 tmp_uint =
440 htonl(skb->nf_bridge->physindev->ifindex); 440 htonl(skb->nf_bridge->physindev->ifindex);
441 NFA_PUT(inst->skb, NFULA_IFINDEX_PHYSINDEV, 441 NLA_PUT(inst->skb, NFULA_IFINDEX_PHYSINDEV,
442 sizeof(tmp_uint), &tmp_uint); 442 sizeof(tmp_uint), &tmp_uint);
443 } 443 }
444 } 444 }
@@ -448,28 +448,28 @@ __build_packet_message(struct nfulnl_instance *inst,
448 if (outdev) { 448 if (outdev) {
449 tmp_uint = htonl(outdev->ifindex); 449 tmp_uint = htonl(outdev->ifindex);
450#ifndef CONFIG_BRIDGE_NETFILTER 450#ifndef CONFIG_BRIDGE_NETFILTER
451 NFA_PUT(inst->skb, NFULA_IFINDEX_OUTDEV, sizeof(tmp_uint), 451 NLA_PUT(inst->skb, NFULA_IFINDEX_OUTDEV, sizeof(tmp_uint),
452 &tmp_uint); 452 &tmp_uint);
453#else 453#else
454 if (pf == PF_BRIDGE) { 454 if (pf == PF_BRIDGE) {
455 /* Case 1: outdev is physical output device, we need to 455 /* Case 1: outdev is physical output device, we need to
456 * look for bridge group (when called from 456 * look for bridge group (when called from
457 * netfilter_bridge) */ 457 * netfilter_bridge) */
458 NFA_PUT(inst->skb, NFULA_IFINDEX_PHYSOUTDEV, 458 NLA_PUT(inst->skb, NFULA_IFINDEX_PHYSOUTDEV,
459 sizeof(tmp_uint), &tmp_uint); 459 sizeof(tmp_uint), &tmp_uint);
460 /* this is the bridge group "brX" */ 460 /* this is the bridge group "brX" */
461 tmp_uint = htonl(outdev->br_port->br->dev->ifindex); 461 tmp_uint = htonl(outdev->br_port->br->dev->ifindex);
462 NFA_PUT(inst->skb, NFULA_IFINDEX_OUTDEV, 462 NLA_PUT(inst->skb, NFULA_IFINDEX_OUTDEV,
463 sizeof(tmp_uint), &tmp_uint); 463 sizeof(tmp_uint), &tmp_uint);
464 } else { 464 } else {
465 /* Case 2: indev is a bridge group, we need to look 465 /* Case 2: indev is a bridge group, we need to look
466 * for physical device (when called from ipv4) */ 466 * for physical device (when called from ipv4) */
467 NFA_PUT(inst->skb, NFULA_IFINDEX_OUTDEV, 467 NLA_PUT(inst->skb, NFULA_IFINDEX_OUTDEV,
468 sizeof(tmp_uint), &tmp_uint); 468 sizeof(tmp_uint), &tmp_uint);
469 if (skb->nf_bridge && skb->nf_bridge->physoutdev) { 469 if (skb->nf_bridge && skb->nf_bridge->physoutdev) {
470 tmp_uint = 470 tmp_uint =
471 htonl(skb->nf_bridge->physoutdev->ifindex); 471 htonl(skb->nf_bridge->physoutdev->ifindex);
472 NFA_PUT(inst->skb, NFULA_IFINDEX_PHYSOUTDEV, 472 NLA_PUT(inst->skb, NFULA_IFINDEX_PHYSOUTDEV,
473 sizeof(tmp_uint), &tmp_uint); 473 sizeof(tmp_uint), &tmp_uint);
474 } 474 }
475 } 475 }
@@ -478,7 +478,7 @@ __build_packet_message(struct nfulnl_instance *inst,
478 478
479 if (skb->mark) { 479 if (skb->mark) {
480 tmp_uint = htonl(skb->mark); 480 tmp_uint = htonl(skb->mark);
481 NFA_PUT(inst->skb, NFULA_MARK, sizeof(tmp_uint), &tmp_uint); 481 NLA_PUT(inst->skb, NFULA_MARK, sizeof(tmp_uint), &tmp_uint);
482 } 482 }
483 483
484 if (indev && skb->dev) { 484 if (indev && skb->dev) {
@@ -486,7 +486,7 @@ __build_packet_message(struct nfulnl_instance *inst,
486 int len = dev_parse_header(skb, phw.hw_addr); 486 int len = dev_parse_header(skb, phw.hw_addr);
487 if (len > 0) { 487 if (len > 0) {
488 phw.hw_addrlen = htons(len); 488 phw.hw_addrlen = htons(len);
489 NFA_PUT(inst->skb, NFULA_HWADDR, sizeof(phw), &phw); 489 NLA_PUT(inst->skb, NFULA_HWADDR, sizeof(phw), &phw);
490 } 490 }
491 } 491 }
492 492
@@ -496,7 +496,7 @@ __build_packet_message(struct nfulnl_instance *inst,
496 ts.sec = cpu_to_be64(tv.tv_sec); 496 ts.sec = cpu_to_be64(tv.tv_sec);
497 ts.usec = cpu_to_be64(tv.tv_usec); 497 ts.usec = cpu_to_be64(tv.tv_usec);
498 498
499 NFA_PUT(inst->skb, NFULA_TIMESTAMP, sizeof(ts), &ts); 499 NLA_PUT(inst->skb, NFULA_TIMESTAMP, sizeof(ts), &ts);
500 } 500 }
501 501
502 /* UID */ 502 /* UID */
@@ -504,9 +504,9 @@ __build_packet_message(struct nfulnl_instance *inst,
504 read_lock_bh(&skb->sk->sk_callback_lock); 504 read_lock_bh(&skb->sk->sk_callback_lock);
505 if (skb->sk->sk_socket && skb->sk->sk_socket->file) { 505 if (skb->sk->sk_socket && skb->sk->sk_socket->file) {
506 __be32 uid = htonl(skb->sk->sk_socket->file->f_uid); 506 __be32 uid = htonl(skb->sk->sk_socket->file->f_uid);
507 /* need to unlock here since NFA_PUT may goto */ 507 /* need to unlock here since NLA_PUT may goto */
508 read_unlock_bh(&skb->sk->sk_callback_lock); 508 read_unlock_bh(&skb->sk->sk_callback_lock);
509 NFA_PUT(inst->skb, NFULA_UID, sizeof(uid), &uid); 509 NLA_PUT(inst->skb, NFULA_UID, sizeof(uid), &uid);
510 } else 510 } else
511 read_unlock_bh(&skb->sk->sk_callback_lock); 511 read_unlock_bh(&skb->sk->sk_callback_lock);
512 } 512 }
@@ -514,28 +514,28 @@ __build_packet_message(struct nfulnl_instance *inst,
514 /* local sequence number */ 514 /* local sequence number */
515 if (inst->flags & NFULNL_CFG_F_SEQ) { 515 if (inst->flags & NFULNL_CFG_F_SEQ) {
516 tmp_uint = htonl(inst->seq++); 516 tmp_uint = htonl(inst->seq++);
517 NFA_PUT(inst->skb, NFULA_SEQ, sizeof(tmp_uint), &tmp_uint); 517 NLA_PUT(inst->skb, NFULA_SEQ, sizeof(tmp_uint), &tmp_uint);
518 } 518 }
519 /* global sequence number */ 519 /* global sequence number */
520 if (inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) { 520 if (inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) {
521 tmp_uint = htonl(atomic_inc_return(&global_seq)); 521 tmp_uint = htonl(atomic_inc_return(&global_seq));
522 NFA_PUT(inst->skb, NFULA_SEQ_GLOBAL, sizeof(tmp_uint), &tmp_uint); 522 NLA_PUT(inst->skb, NFULA_SEQ_GLOBAL, sizeof(tmp_uint), &tmp_uint);
523 } 523 }
524 524
525 if (data_len) { 525 if (data_len) {
526 struct nfattr *nfa; 526 struct nlattr *nla;
527 int size = NFA_LENGTH(data_len); 527 int size = nla_attr_size(data_len);
528 528
529 if (skb_tailroom(inst->skb) < (int)NFA_SPACE(data_len)) { 529 if (skb_tailroom(inst->skb) < nla_total_size(data_len)) {
530 printk(KERN_WARNING "nfnetlink_log: no tailroom!\n"); 530 printk(KERN_WARNING "nfnetlink_log: no tailroom!\n");
531 goto nlmsg_failure; 531 goto nlmsg_failure;
532 } 532 }
533 533
534 nfa = (struct nfattr *)skb_put(inst->skb, NFA_ALIGN(size)); 534 nla = (struct nlattr *)skb_put(inst->skb, nla_total_size(data_len));
535 nfa->nfa_type = NFULA_PAYLOAD; 535 nla->nla_type = NFULA_PAYLOAD;
536 nfa->nfa_len = size; 536 nla->nla_len = size;
537 537
538 if (skb_copy_bits(skb, 0, NFA_DATA(nfa), data_len)) 538 if (skb_copy_bits(skb, 0, nla_data(nla), data_len))
539 BUG(); 539 BUG();
540 } 540 }
541 541
@@ -544,7 +544,7 @@ __build_packet_message(struct nfulnl_instance *inst,
544 544
545nlmsg_failure: 545nlmsg_failure:
546 UDEBUG("nlmsg_failure\n"); 546 UDEBUG("nlmsg_failure\n");
547nfattr_failure: 547nla_put_failure:
548 PRINTR(KERN_ERR "nfnetlink_log: error creating log nlmsg\n"); 548 PRINTR(KERN_ERR "nfnetlink_log: error creating log nlmsg\n");
549 return -1; 549 return -1;
550} 550}
@@ -591,32 +591,31 @@ nfulnl_log_packet(unsigned int pf,
591 if (prefix) 591 if (prefix)
592 plen = strlen(prefix) + 1; 592 plen = strlen(prefix) + 1;
593 593
594 /* all macros expand to constant values at compile time */
595 /* FIXME: do we want to make the size calculation conditional based on 594 /* FIXME: do we want to make the size calculation conditional based on
596 * what is actually present? way more branches and checks, but more 595 * what is actually present? way more branches and checks, but more
597 * memory efficient... */ 596 * memory efficient... */
598 size = NLMSG_SPACE(sizeof(struct nfgenmsg)) 597 size = NLMSG_ALIGN(sizeof(struct nfgenmsg))
599 + NFA_SPACE(sizeof(struct nfulnl_msg_packet_hdr)) 598 + nla_total_size(sizeof(struct nfulnl_msg_packet_hdr))
600 + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ 599 + nla_total_size(sizeof(u_int32_t)) /* ifindex */
601 + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ 600 + nla_total_size(sizeof(u_int32_t)) /* ifindex */
602#ifdef CONFIG_BRIDGE_NETFILTER 601#ifdef CONFIG_BRIDGE_NETFILTER
603 + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ 602 + nla_total_size(sizeof(u_int32_t)) /* ifindex */
604 + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ 603 + nla_total_size(sizeof(u_int32_t)) /* ifindex */
605#endif 604#endif
606 + NFA_SPACE(sizeof(u_int32_t)) /* mark */ 605 + nla_total_size(sizeof(u_int32_t)) /* mark */
607 + NFA_SPACE(sizeof(u_int32_t)) /* uid */ 606 + nla_total_size(sizeof(u_int32_t)) /* uid */
608 + NFA_SPACE(plen) /* prefix */ 607 + nla_total_size(plen) /* prefix */
609 + NFA_SPACE(sizeof(struct nfulnl_msg_packet_hw)) 608 + nla_total_size(sizeof(struct nfulnl_msg_packet_hw))
610 + NFA_SPACE(sizeof(struct nfulnl_msg_packet_timestamp)); 609 + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp));
611 610
612 UDEBUG("initial size=%u\n", size); 611 UDEBUG("initial size=%u\n", size);
613 612
614 spin_lock_bh(&inst->lock); 613 spin_lock_bh(&inst->lock);
615 614
616 if (inst->flags & NFULNL_CFG_F_SEQ) 615 if (inst->flags & NFULNL_CFG_F_SEQ)
617 size += NFA_SPACE(sizeof(u_int32_t)); 616 size += nla_total_size(sizeof(u_int32_t));
618 if (inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) 617 if (inst->flags & NFULNL_CFG_F_SEQ_GLOBAL)
619 size += NFA_SPACE(sizeof(u_int32_t)); 618 size += nla_total_size(sizeof(u_int32_t));
620 619
621 qthreshold = inst->qthreshold; 620 qthreshold = inst->qthreshold;
622 /* per-rule qthreshold overrides per-instance */ 621 /* per-rule qthreshold overrides per-instance */
@@ -636,7 +635,7 @@ nfulnl_log_packet(unsigned int pf,
636 else 635 else
637 data_len = inst->copy_range; 636 data_len = inst->copy_range;
638 637
639 size += NFA_SPACE(data_len); 638 size += nla_total_size(data_len);
640 UDEBUG("copy_packet, therefore size now %u\n", size); 639 UDEBUG("copy_packet, therefore size now %u\n", size);
641 break; 640 break;
642 641
@@ -723,7 +722,7 @@ static struct notifier_block nfulnl_rtnl_notifier = {
723 722
724static int 723static int
725nfulnl_recv_unsupp(struct sock *ctnl, struct sk_buff *skb, 724nfulnl_recv_unsupp(struct sock *ctnl, struct sk_buff *skb,
726 struct nlmsghdr *nlh, struct nfattr *nfqa[]) 725 struct nlmsghdr *nlh, struct nlattr *nfqa[])
727{ 726{
728 return -ENOTSUPP; 727 return -ENOTSUPP;
729} 728}
@@ -734,34 +733,34 @@ static struct nf_logger nfulnl_logger = {
734 .me = THIS_MODULE, 733 .me = THIS_MODULE,
735}; 734};
736 735
737static const int nfula_min[NFULA_MAX] = { 736static const int nfula_min[NFULA_MAX+1] = {
738 [NFULA_PACKET_HDR-1] = sizeof(struct nfulnl_msg_packet_hdr), 737 [NFULA_PACKET_HDR] = sizeof(struct nfulnl_msg_packet_hdr),
739 [NFULA_MARK-1] = sizeof(u_int32_t), 738 [NFULA_MARK] = sizeof(u_int32_t),
740 [NFULA_TIMESTAMP-1] = sizeof(struct nfulnl_msg_packet_timestamp), 739 [NFULA_TIMESTAMP] = sizeof(struct nfulnl_msg_packet_timestamp),
741 [NFULA_IFINDEX_INDEV-1] = sizeof(u_int32_t), 740 [NFULA_IFINDEX_INDEV] = sizeof(u_int32_t),
742 [NFULA_IFINDEX_OUTDEV-1]= sizeof(u_int32_t), 741 [NFULA_IFINDEX_OUTDEV] = sizeof(u_int32_t),
743 [NFULA_IFINDEX_PHYSINDEV-1] = sizeof(u_int32_t), 742 [NFULA_IFINDEX_PHYSINDEV] = sizeof(u_int32_t),
744 [NFULA_IFINDEX_PHYSOUTDEV-1] = sizeof(u_int32_t), 743 [NFULA_IFINDEX_PHYSOUTDEV] = sizeof(u_int32_t),
745 [NFULA_HWADDR-1] = sizeof(struct nfulnl_msg_packet_hw), 744 [NFULA_HWADDR] = sizeof(struct nfulnl_msg_packet_hw),
746 [NFULA_PAYLOAD-1] = 0, 745 [NFULA_PAYLOAD] = 0,
747 [NFULA_PREFIX-1] = 0, 746 [NFULA_PREFIX] = 0,
748 [NFULA_UID-1] = sizeof(u_int32_t), 747 [NFULA_UID] = sizeof(u_int32_t),
749 [NFULA_SEQ-1] = sizeof(u_int32_t), 748 [NFULA_SEQ] = sizeof(u_int32_t),
750 [NFULA_SEQ_GLOBAL-1] = sizeof(u_int32_t), 749 [NFULA_SEQ_GLOBAL] = sizeof(u_int32_t),
751}; 750};
752 751
753static const int nfula_cfg_min[NFULA_CFG_MAX] = { 752static const int nfula_cfg_min[NFULA_CFG_MAX+1] = {
754 [NFULA_CFG_CMD-1] = sizeof(struct nfulnl_msg_config_cmd), 753 [NFULA_CFG_CMD] = sizeof(struct nfulnl_msg_config_cmd),
755 [NFULA_CFG_MODE-1] = sizeof(struct nfulnl_msg_config_mode), 754 [NFULA_CFG_MODE] = sizeof(struct nfulnl_msg_config_mode),
756 [NFULA_CFG_TIMEOUT-1] = sizeof(u_int32_t), 755 [NFULA_CFG_TIMEOUT] = sizeof(u_int32_t),
757 [NFULA_CFG_QTHRESH-1] = sizeof(u_int32_t), 756 [NFULA_CFG_QTHRESH] = sizeof(u_int32_t),
758 [NFULA_CFG_NLBUFSIZ-1] = sizeof(u_int32_t), 757 [NFULA_CFG_NLBUFSIZ] = sizeof(u_int32_t),
759 [NFULA_CFG_FLAGS-1] = sizeof(u_int16_t), 758 [NFULA_CFG_FLAGS] = sizeof(u_int16_t),
760}; 759};
761 760
762static int 761static int
763nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb, 762nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
764 struct nlmsghdr *nlh, struct nfattr *nfula[]) 763 struct nlmsghdr *nlh, struct nlattr *nfula[])
765{ 764{
766 struct nfgenmsg *nfmsg = NLMSG_DATA(nlh); 765 struct nfgenmsg *nfmsg = NLMSG_DATA(nlh);
767 u_int16_t group_num = ntohs(nfmsg->res_id); 766 u_int16_t group_num = ntohs(nfmsg->res_id);
@@ -776,10 +775,10 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
776 } 775 }
777 776
778 inst = instance_lookup_get(group_num); 777 inst = instance_lookup_get(group_num);
779 if (nfula[NFULA_CFG_CMD-1]) { 778 if (nfula[NFULA_CFG_CMD]) {
780 u_int8_t pf = nfmsg->nfgen_family; 779 u_int8_t pf = nfmsg->nfgen_family;
781 struct nfulnl_msg_config_cmd *cmd; 780 struct nfulnl_msg_config_cmd *cmd;
782 cmd = NFA_DATA(nfula[NFULA_CFG_CMD-1]); 781 cmd = nla_data(nfula[NFULA_CFG_CMD]);
783 UDEBUG("found CFG_CMD for\n"); 782 UDEBUG("found CFG_CMD for\n");
784 783
785 switch (cmd->command) { 784 switch (cmd->command) {
@@ -842,38 +841,38 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
842 } 841 }
843 } 842 }
844 843
845 if (nfula[NFULA_CFG_MODE-1]) { 844 if (nfula[NFULA_CFG_MODE]) {
846 struct nfulnl_msg_config_mode *params; 845 struct nfulnl_msg_config_mode *params;
847 params = NFA_DATA(nfula[NFULA_CFG_MODE-1]); 846 params = nla_data(nfula[NFULA_CFG_MODE]);
848 847
849 nfulnl_set_mode(inst, params->copy_mode, 848 nfulnl_set_mode(inst, params->copy_mode,
850 ntohl(params->copy_range)); 849 ntohl(params->copy_range));
851 } 850 }
852 851
853 if (nfula[NFULA_CFG_TIMEOUT-1]) { 852 if (nfula[NFULA_CFG_TIMEOUT]) {
854 __be32 timeout = 853 __be32 timeout =
855 *(__be32 *)NFA_DATA(nfula[NFULA_CFG_TIMEOUT-1]); 854 *(__be32 *)nla_data(nfula[NFULA_CFG_TIMEOUT]);
856 855
857 nfulnl_set_timeout(inst, ntohl(timeout)); 856 nfulnl_set_timeout(inst, ntohl(timeout));
858 } 857 }
859 858
860 if (nfula[NFULA_CFG_NLBUFSIZ-1]) { 859 if (nfula[NFULA_CFG_NLBUFSIZ]) {
861 __be32 nlbufsiz = 860 __be32 nlbufsiz =
862 *(__be32 *)NFA_DATA(nfula[NFULA_CFG_NLBUFSIZ-1]); 861 *(__be32 *)nla_data(nfula[NFULA_CFG_NLBUFSIZ]);
863 862
864 nfulnl_set_nlbufsiz(inst, ntohl(nlbufsiz)); 863 nfulnl_set_nlbufsiz(inst, ntohl(nlbufsiz));
865 } 864 }
866 865
867 if (nfula[NFULA_CFG_QTHRESH-1]) { 866 if (nfula[NFULA_CFG_QTHRESH]) {
868 __be32 qthresh = 867 __be32 qthresh =
869 *(__be32 *)NFA_DATA(nfula[NFULA_CFG_QTHRESH-1]); 868 *(__be32 *)nla_data(nfula[NFULA_CFG_QTHRESH]);
870 869
871 nfulnl_set_qthresh(inst, ntohl(qthresh)); 870 nfulnl_set_qthresh(inst, ntohl(qthresh));
872 } 871 }
873 872
874 if (nfula[NFULA_CFG_FLAGS-1]) { 873 if (nfula[NFULA_CFG_FLAGS]) {
875 __be16 flags = 874 __be16 flags =
876 *(__be16 *)NFA_DATA(nfula[NFULA_CFG_FLAGS-1]); 875 *(__be16 *)nla_data(nfula[NFULA_CFG_FLAGS]);
877 nfulnl_set_flags(inst, ntohs(flags)); 876 nfulnl_set_flags(inst, ntohs(flags));
878 } 877 }
879 878
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index bfcc0563bfd4..068e88b46ba0 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -299,7 +299,7 @@ __nfqnl_set_mode(struct nfqnl_instance *queue,
299 299
300 case NFQNL_COPY_PACKET: 300 case NFQNL_COPY_PACKET:
301 queue->copy_mode = mode; 301 queue->copy_mode = mode;
302 /* we're using struct nfattr which has 16bit nfa_len */ 302 /* we're using struct nlattr which has 16bit nla_len */
303 if (range > 0xffff) 303 if (range > 0xffff)
304 queue->copy_range = 0xffff; 304 queue->copy_range = 0xffff;
305 else 305 else
@@ -353,18 +353,17 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
353 353
354 QDEBUG("entered\n"); 354 QDEBUG("entered\n");
355 355
356 /* all macros expand to constant values at compile time */ 356 size = NLMSG_ALIGN(sizeof(struct nfgenmsg))
357 size = NLMSG_SPACE(sizeof(struct nfgenmsg)) + 357 + nla_total_size(sizeof(struct nfqnl_msg_packet_hdr))
358 + NFA_SPACE(sizeof(struct nfqnl_msg_packet_hdr)) 358 + nla_total_size(sizeof(u_int32_t)) /* ifindex */
359 + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ 359 + nla_total_size(sizeof(u_int32_t)) /* ifindex */
360 + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */
361#ifdef CONFIG_BRIDGE_NETFILTER 360#ifdef CONFIG_BRIDGE_NETFILTER
362 + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ 361 + nla_total_size(sizeof(u_int32_t)) /* ifindex */
363 + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ 362 + nla_total_size(sizeof(u_int32_t)) /* ifindex */
364#endif 363#endif
365 + NFA_SPACE(sizeof(u_int32_t)) /* mark */ 364 + nla_total_size(sizeof(u_int32_t)) /* mark */
366 + NFA_SPACE(sizeof(struct nfqnl_msg_packet_hw)) 365 + nla_total_size(sizeof(struct nfqnl_msg_packet_hw))
367 + NFA_SPACE(sizeof(struct nfqnl_msg_packet_timestamp)); 366 + nla_total_size(sizeof(struct nfqnl_msg_packet_timestamp));
368 367
369 outdev = entinf->outdev; 368 outdev = entinf->outdev;
370 369
@@ -389,7 +388,7 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
389 else 388 else
390 data_len = queue->copy_range; 389 data_len = queue->copy_range;
391 390
392 size += NFA_SPACE(data_len); 391 size += nla_total_size(data_len);
393 break; 392 break;
394 393
395 default: 394 default:
@@ -417,33 +416,33 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
417 pmsg.hw_protocol = entskb->protocol; 416 pmsg.hw_protocol = entskb->protocol;
418 pmsg.hook = entinf->hook; 417 pmsg.hook = entinf->hook;
419 418
420 NFA_PUT(skb, NFQA_PACKET_HDR, sizeof(pmsg), &pmsg); 419 NLA_PUT(skb, NFQA_PACKET_HDR, sizeof(pmsg), &pmsg);
421 420
422 indev = entinf->indev; 421 indev = entinf->indev;
423 if (indev) { 422 if (indev) {
424 tmp_uint = htonl(indev->ifindex); 423 tmp_uint = htonl(indev->ifindex);
425#ifndef CONFIG_BRIDGE_NETFILTER 424#ifndef CONFIG_BRIDGE_NETFILTER
426 NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint); 425 NLA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint);
427#else 426#else
428 if (entinf->pf == PF_BRIDGE) { 427 if (entinf->pf == PF_BRIDGE) {
429 /* Case 1: indev is physical input device, we need to 428 /* Case 1: indev is physical input device, we need to
430 * look for bridge group (when called from 429 * look for bridge group (when called from
431 * netfilter_bridge) */ 430 * netfilter_bridge) */
432 NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, sizeof(tmp_uint), 431 NLA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, sizeof(tmp_uint),
433 &tmp_uint); 432 &tmp_uint);
434 /* this is the bridge group "brX" */ 433 /* this is the bridge group "brX" */
435 tmp_uint = htonl(indev->br_port->br->dev->ifindex); 434 tmp_uint = htonl(indev->br_port->br->dev->ifindex);
436 NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), 435 NLA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint),
437 &tmp_uint); 436 &tmp_uint);
438 } else { 437 } else {
439 /* Case 2: indev is bridge group, we need to look for 438 /* Case 2: indev is bridge group, we need to look for
440 * physical device (when called from ipv4) */ 439 * physical device (when called from ipv4) */
441 NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), 440 NLA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint),
442 &tmp_uint); 441 &tmp_uint);
443 if (entskb->nf_bridge 442 if (entskb->nf_bridge
444 && entskb->nf_bridge->physindev) { 443 && entskb->nf_bridge->physindev) {
445 tmp_uint = htonl(entskb->nf_bridge->physindev->ifindex); 444 tmp_uint = htonl(entskb->nf_bridge->physindev->ifindex);
446 NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, 445 NLA_PUT(skb, NFQA_IFINDEX_PHYSINDEV,
447 sizeof(tmp_uint), &tmp_uint); 446 sizeof(tmp_uint), &tmp_uint);
448 } 447 }
449 } 448 }
@@ -453,27 +452,27 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
453 if (outdev) { 452 if (outdev) {
454 tmp_uint = htonl(outdev->ifindex); 453 tmp_uint = htonl(outdev->ifindex);
455#ifndef CONFIG_BRIDGE_NETFILTER 454#ifndef CONFIG_BRIDGE_NETFILTER
456 NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint); 455 NLA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint);
457#else 456#else
458 if (entinf->pf == PF_BRIDGE) { 457 if (entinf->pf == PF_BRIDGE) {
459 /* Case 1: outdev is physical output device, we need to 458 /* Case 1: outdev is physical output device, we need to
460 * look for bridge group (when called from 459 * look for bridge group (when called from
461 * netfilter_bridge) */ 460 * netfilter_bridge) */
462 NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, sizeof(tmp_uint), 461 NLA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, sizeof(tmp_uint),
463 &tmp_uint); 462 &tmp_uint);
464 /* this is the bridge group "brX" */ 463 /* this is the bridge group "brX" */
465 tmp_uint = htonl(outdev->br_port->br->dev->ifindex); 464 tmp_uint = htonl(outdev->br_port->br->dev->ifindex);
466 NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), 465 NLA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint),
467 &tmp_uint); 466 &tmp_uint);
468 } else { 467 } else {
469 /* Case 2: outdev is bridge group, we need to look for 468 /* Case 2: outdev is bridge group, we need to look for
470 * physical output device (when called from ipv4) */ 469 * physical output device (when called from ipv4) */
471 NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), 470 NLA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint),
472 &tmp_uint); 471 &tmp_uint);
473 if (entskb->nf_bridge 472 if (entskb->nf_bridge
474 && entskb->nf_bridge->physoutdev) { 473 && entskb->nf_bridge->physoutdev) {
475 tmp_uint = htonl(entskb->nf_bridge->physoutdev->ifindex); 474 tmp_uint = htonl(entskb->nf_bridge->physoutdev->ifindex);
476 NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, 475 NLA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV,
477 sizeof(tmp_uint), &tmp_uint); 476 sizeof(tmp_uint), &tmp_uint);
478 } 477 }
479 } 478 }
@@ -482,7 +481,7 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
482 481
483 if (entskb->mark) { 482 if (entskb->mark) {
484 tmp_uint = htonl(entskb->mark); 483 tmp_uint = htonl(entskb->mark);
485 NFA_PUT(skb, NFQA_MARK, sizeof(u_int32_t), &tmp_uint); 484 NLA_PUT(skb, NFQA_MARK, sizeof(u_int32_t), &tmp_uint);
486 } 485 }
487 486
488 if (indev && entskb->dev) { 487 if (indev && entskb->dev) {
@@ -490,7 +489,7 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
490 int len = dev_parse_header(entskb, phw.hw_addr); 489 int len = dev_parse_header(entskb, phw.hw_addr);
491 if (len) { 490 if (len) {
492 phw.hw_addrlen = htons(len); 491 phw.hw_addrlen = htons(len);
493 NFA_PUT(skb, NFQA_HWADDR, sizeof(phw), &phw); 492 NLA_PUT(skb, NFQA_HWADDR, sizeof(phw), &phw);
494 } 493 }
495 } 494 }
496 495
@@ -500,23 +499,23 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
500 ts.sec = cpu_to_be64(tv.tv_sec); 499 ts.sec = cpu_to_be64(tv.tv_sec);
501 ts.usec = cpu_to_be64(tv.tv_usec); 500 ts.usec = cpu_to_be64(tv.tv_usec);
502 501
503 NFA_PUT(skb, NFQA_TIMESTAMP, sizeof(ts), &ts); 502 NLA_PUT(skb, NFQA_TIMESTAMP, sizeof(ts), &ts);
504 } 503 }
505 504
506 if (data_len) { 505 if (data_len) {
507 struct nfattr *nfa; 506 struct nlattr *nla;
508 int size = NFA_LENGTH(data_len); 507 int size = nla_attr_size(data_len);
509 508
510 if (skb_tailroom(skb) < (int)NFA_SPACE(data_len)) { 509 if (skb_tailroom(skb) < nla_total_size(data_len)) {
511 printk(KERN_WARNING "nf_queue: no tailroom!\n"); 510 printk(KERN_WARNING "nf_queue: no tailroom!\n");
512 goto nlmsg_failure; 511 goto nlmsg_failure;
513 } 512 }
514 513
515 nfa = (struct nfattr *)skb_put(skb, NFA_ALIGN(size)); 514 nla = (struct nlattr *)skb_put(skb, nla_total_size(data_len));
516 nfa->nfa_type = NFQA_PAYLOAD; 515 nla->nla_type = NFQA_PAYLOAD;
517 nfa->nfa_len = size; 516 nla->nla_len = size;
518 517
519 if (skb_copy_bits(entskb, 0, NFA_DATA(nfa), data_len)) 518 if (skb_copy_bits(entskb, 0, nla_data(nla), data_len))
520 BUG(); 519 BUG();
521 } 520 }
522 521
@@ -524,7 +523,7 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
524 return skb; 523 return skb;
525 524
526nlmsg_failure: 525nlmsg_failure:
527nfattr_failure: 526nla_put_failure:
528 if (skb) 527 if (skb)
529 kfree_skb(skb); 528 kfree_skb(skb);
530 *errp = -EINVAL; 529 *errp = -EINVAL;
@@ -778,15 +777,15 @@ static struct notifier_block nfqnl_rtnl_notifier = {
778 .notifier_call = nfqnl_rcv_nl_event, 777 .notifier_call = nfqnl_rcv_nl_event,
779}; 778};
780 779
781static const int nfqa_verdict_min[NFQA_MAX] = { 780static const int nfqa_verdict_min[NFQA_MAX+1] = {
782 [NFQA_VERDICT_HDR-1] = sizeof(struct nfqnl_msg_verdict_hdr), 781 [NFQA_VERDICT_HDR] = sizeof(struct nfqnl_msg_verdict_hdr),
783 [NFQA_MARK-1] = sizeof(u_int32_t), 782 [NFQA_MARK] = sizeof(u_int32_t),
784 [NFQA_PAYLOAD-1] = 0, 783 [NFQA_PAYLOAD] = 0,
785}; 784};
786 785
787static int 786static int
788nfqnl_recv_verdict(struct sock *ctnl, struct sk_buff *skb, 787nfqnl_recv_verdict(struct sock *ctnl, struct sk_buff *skb,
789 struct nlmsghdr *nlh, struct nfattr *nfqa[]) 788 struct nlmsghdr *nlh, struct nlattr *nfqa[])
790{ 789{
791 struct nfgenmsg *nfmsg = NLMSG_DATA(nlh); 790 struct nfgenmsg *nfmsg = NLMSG_DATA(nlh);
792 u_int16_t queue_num = ntohs(nfmsg->res_id); 791 u_int16_t queue_num = ntohs(nfmsg->res_id);
@@ -811,12 +810,12 @@ nfqnl_recv_verdict(struct sock *ctnl, struct sk_buff *skb,
811 goto err_out_put; 810 goto err_out_put;
812 } 811 }
813 812
814 if (!nfqa[NFQA_VERDICT_HDR-1]) { 813 if (!nfqa[NFQA_VERDICT_HDR]) {
815 err = -EINVAL; 814 err = -EINVAL;
816 goto err_out_put; 815 goto err_out_put;
817 } 816 }
818 817
819 vhdr = NFA_DATA(nfqa[NFQA_VERDICT_HDR-1]); 818 vhdr = nla_data(nfqa[NFQA_VERDICT_HDR]);
820 verdict = ntohl(vhdr->verdict); 819 verdict = ntohl(vhdr->verdict);
821 820
822 if ((verdict & NF_VERDICT_MASK) > NF_MAX_VERDICT) { 821 if ((verdict & NF_VERDICT_MASK) > NF_MAX_VERDICT) {
@@ -830,15 +829,15 @@ nfqnl_recv_verdict(struct sock *ctnl, struct sk_buff *skb,
830 goto err_out_put; 829 goto err_out_put;
831 } 830 }
832 831
833 if (nfqa[NFQA_PAYLOAD-1]) { 832 if (nfqa[NFQA_PAYLOAD]) {
834 if (nfqnl_mangle(NFA_DATA(nfqa[NFQA_PAYLOAD-1]), 833 if (nfqnl_mangle(nla_data(nfqa[NFQA_PAYLOAD]),
835 NFA_PAYLOAD(nfqa[NFQA_PAYLOAD-1]), entry) < 0) 834 nla_len(nfqa[NFQA_PAYLOAD]), entry) < 0)
836 verdict = NF_DROP; 835 verdict = NF_DROP;
837 } 836 }
838 837
839 if (nfqa[NFQA_MARK-1]) 838 if (nfqa[NFQA_MARK])
840 entry->skb->mark = ntohl(*(__be32 *) 839 entry->skb->mark = ntohl(*(__be32 *)
841 NFA_DATA(nfqa[NFQA_MARK-1])); 840 nla_data(nfqa[NFQA_MARK]));
842 841
843 issue_verdict(entry, verdict); 842 issue_verdict(entry, verdict);
844 instance_put(queue); 843 instance_put(queue);
@@ -851,14 +850,14 @@ err_out_put:
851 850
852static int 851static int
853nfqnl_recv_unsupp(struct sock *ctnl, struct sk_buff *skb, 852nfqnl_recv_unsupp(struct sock *ctnl, struct sk_buff *skb,
854 struct nlmsghdr *nlh, struct nfattr *nfqa[]) 853 struct nlmsghdr *nlh, struct nlattr *nfqa[])
855{ 854{
856 return -ENOTSUPP; 855 return -ENOTSUPP;
857} 856}
858 857
859static const int nfqa_cfg_min[NFQA_CFG_MAX] = { 858static const int nfqa_cfg_min[NFQA_CFG_MAX+1] = {
860 [NFQA_CFG_CMD-1] = sizeof(struct nfqnl_msg_config_cmd), 859 [NFQA_CFG_CMD] = sizeof(struct nfqnl_msg_config_cmd),
861 [NFQA_CFG_PARAMS-1] = sizeof(struct nfqnl_msg_config_params), 860 [NFQA_CFG_PARAMS] = sizeof(struct nfqnl_msg_config_params),
862}; 861};
863 862
864static struct nf_queue_handler nfqh = { 863static struct nf_queue_handler nfqh = {
@@ -868,7 +867,7 @@ static struct nf_queue_handler nfqh = {
868 867
869static int 868static int
870nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb, 869nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
871 struct nlmsghdr *nlh, struct nfattr *nfqa[]) 870 struct nlmsghdr *nlh, struct nlattr *nfqa[])
872{ 871{
873 struct nfgenmsg *nfmsg = NLMSG_DATA(nlh); 872 struct nfgenmsg *nfmsg = NLMSG_DATA(nlh);
874 u_int16_t queue_num = ntohs(nfmsg->res_id); 873 u_int16_t queue_num = ntohs(nfmsg->res_id);
@@ -883,9 +882,9 @@ nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
883 } 882 }
884 883
885 queue = instance_lookup_get(queue_num); 884 queue = instance_lookup_get(queue_num);
886 if (nfqa[NFQA_CFG_CMD-1]) { 885 if (nfqa[NFQA_CFG_CMD]) {
887 struct nfqnl_msg_config_cmd *cmd; 886 struct nfqnl_msg_config_cmd *cmd;
888 cmd = NFA_DATA(nfqa[NFQA_CFG_CMD-1]); 887 cmd = nla_data(nfqa[NFQA_CFG_CMD]);
889 QDEBUG("found CFG_CMD\n"); 888 QDEBUG("found CFG_CMD\n");
890 889
891 switch (cmd->command) { 890 switch (cmd->command) {
@@ -936,21 +935,21 @@ nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
936 } 935 }
937 } 936 }
938 937
939 if (nfqa[NFQA_CFG_PARAMS-1]) { 938 if (nfqa[NFQA_CFG_PARAMS]) {
940 struct nfqnl_msg_config_params *params; 939 struct nfqnl_msg_config_params *params;
941 940
942 if (!queue) { 941 if (!queue) {
943 ret = -ENOENT; 942 ret = -ENOENT;
944 goto out_put; 943 goto out_put;
945 } 944 }
946 params = NFA_DATA(nfqa[NFQA_CFG_PARAMS-1]); 945 params = nla_data(nfqa[NFQA_CFG_PARAMS]);
947 nfqnl_set_mode(queue, params->copy_mode, 946 nfqnl_set_mode(queue, params->copy_mode,
948 ntohl(params->copy_range)); 947 ntohl(params->copy_range));
949 } 948 }
950 949
951 if (nfqa[NFQA_CFG_QUEUE_MAXLEN-1]) { 950 if (nfqa[NFQA_CFG_QUEUE_MAXLEN]) {
952 __be32 *queue_maxlen; 951 __be32 *queue_maxlen;
953 queue_maxlen = NFA_DATA(nfqa[NFQA_CFG_QUEUE_MAXLEN-1]); 952 queue_maxlen = nla_data(nfqa[NFQA_CFG_QUEUE_MAXLEN]);
954 spin_lock_bh(&queue->lock); 953 spin_lock_bh(&queue->lock);
955 queue->queue_maxlen = ntohl(*queue_maxlen); 954 queue->queue_maxlen = ntohl(*queue_maxlen);
956 spin_unlock_bh(&queue->lock); 955 spin_unlock_bh(&queue->lock);
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-20 02:53:02 -0500