diff options
author | Patrick McHardy <kaber@trash.net> | 2007-09-28 17:39:26 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:53:34 -0400 |
commit | 5bf758539388fa9383afd539d052ae93229544b9 (patch) | |
tree | e1a746f62b4a39ed9fd8d19616ad4114fd2ada9c /net | |
parent | fd8281adacd2ed68a92e7aa9dde239181f40ee15 (diff) |
[NETFILTER]: nfnetlink_queue: use netlink policy
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nfnetlink_queue.c | 30 |
1 files changed, 11 insertions, 19 deletions
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 1c34668588f1..48e095a7de2d 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c | |||
@@ -777,10 +777,10 @@ static struct notifier_block nfqnl_rtnl_notifier = { | |||
777 | .notifier_call = nfqnl_rcv_nl_event, | 777 | .notifier_call = nfqnl_rcv_nl_event, |
778 | }; | 778 | }; |
779 | 779 | ||
780 | static const int nfqa_verdict_min[NFQA_MAX+1] = { | 780 | static const struct nla_policy nfqa_verdict_policy[NFQA_MAX+1] = { |
781 | [NFQA_VERDICT_HDR] = sizeof(struct nfqnl_msg_verdict_hdr), | 781 | [NFQA_VERDICT_HDR] = { .len = sizeof(struct nfqnl_msg_verdict_hdr) }, |
782 | [NFQA_MARK] = sizeof(u_int32_t), | 782 | [NFQA_MARK] = { .type = NLA_U32 }, |
783 | [NFQA_PAYLOAD] = 0, | 783 | [NFQA_PAYLOAD] = { .type = NLA_UNSPEC }, |
784 | }; | 784 | }; |
785 | 785 | ||
786 | static int | 786 | static int |
@@ -796,11 +796,6 @@ nfqnl_recv_verdict(struct sock *ctnl, struct sk_buff *skb, | |||
796 | struct nfqnl_queue_entry *entry; | 796 | struct nfqnl_queue_entry *entry; |
797 | int err; | 797 | int err; |
798 | 798 | ||
799 | if (nlattr_bad_size(nfqa, NFQA_MAX, nfqa_verdict_min)) { | ||
800 | QDEBUG("bad attribute size\n"); | ||
801 | return -EINVAL; | ||
802 | } | ||
803 | |||
804 | queue = instance_lookup_get(queue_num); | 799 | queue = instance_lookup_get(queue_num); |
805 | if (!queue) | 800 | if (!queue) |
806 | return -ENODEV; | 801 | return -ENODEV; |
@@ -855,9 +850,9 @@ nfqnl_recv_unsupp(struct sock *ctnl, struct sk_buff *skb, | |||
855 | return -ENOTSUPP; | 850 | return -ENOTSUPP; |
856 | } | 851 | } |
857 | 852 | ||
858 | static const int nfqa_cfg_min[NFQA_CFG_MAX+1] = { | 853 | static const struct nla_policy nfqa_cfg_policy[NFQA_CFG_MAX+1] = { |
859 | [NFQA_CFG_CMD] = sizeof(struct nfqnl_msg_config_cmd), | 854 | [NFQA_CFG_CMD] = { .len = sizeof(struct nfqnl_msg_config_cmd) }, |
860 | [NFQA_CFG_PARAMS] = sizeof(struct nfqnl_msg_config_params), | 855 | [NFQA_CFG_PARAMS] = { .len = sizeof(struct nfqnl_msg_config_params) }, |
861 | }; | 856 | }; |
862 | 857 | ||
863 | static struct nf_queue_handler nfqh = { | 858 | static struct nf_queue_handler nfqh = { |
@@ -876,11 +871,6 @@ nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb, | |||
876 | 871 | ||
877 | QDEBUG("entering for msg %u\n", NFNL_MSG_TYPE(nlh->nlmsg_type)); | 872 | QDEBUG("entering for msg %u\n", NFNL_MSG_TYPE(nlh->nlmsg_type)); |
878 | 873 | ||
879 | if (nlattr_bad_size(nfqa, NFQA_CFG_MAX, nfqa_cfg_min)) { | ||
880 | QDEBUG("bad attribute size\n"); | ||
881 | return -EINVAL; | ||
882 | } | ||
883 | |||
884 | queue = instance_lookup_get(queue_num); | 874 | queue = instance_lookup_get(queue_num); |
885 | if (nfqa[NFQA_CFG_CMD]) { | 875 | if (nfqa[NFQA_CFG_CMD]) { |
886 | struct nfqnl_msg_config_cmd *cmd; | 876 | struct nfqnl_msg_config_cmd *cmd; |
@@ -964,9 +954,11 @@ static const struct nfnl_callback nfqnl_cb[NFQNL_MSG_MAX] = { | |||
964 | [NFQNL_MSG_PACKET] = { .call = nfqnl_recv_unsupp, | 954 | [NFQNL_MSG_PACKET] = { .call = nfqnl_recv_unsupp, |
965 | .attr_count = NFQA_MAX, }, | 955 | .attr_count = NFQA_MAX, }, |
966 | [NFQNL_MSG_VERDICT] = { .call = nfqnl_recv_verdict, | 956 | [NFQNL_MSG_VERDICT] = { .call = nfqnl_recv_verdict, |
967 | .attr_count = NFQA_MAX, }, | 957 | .attr_count = NFQA_MAX, |
958 | .policy = nfqa_verdict_policy }, | ||
968 | [NFQNL_MSG_CONFIG] = { .call = nfqnl_recv_config, | 959 | [NFQNL_MSG_CONFIG] = { .call = nfqnl_recv_config, |
969 | .attr_count = NFQA_CFG_MAX, }, | 960 | .attr_count = NFQA_CFG_MAX, |
961 | .policy = nfqa_cfg_policy }, | ||
970 | }; | 962 | }; |
971 | 963 | ||
972 | static const struct nfnetlink_subsystem nfqnl_subsys = { | 964 | static const struct nfnetlink_subsystem nfqnl_subsys = { |