diff options
| -rw-r--r-- | include/linux/netfilter/nfnetlink.h | 12 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink.c | 4 |
2 files changed, 10 insertions, 6 deletions
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h index 1d5b10ae2399..f08e870100f4 100644 --- a/include/linux/netfilter/nfnetlink.h +++ b/include/linux/netfilter/nfnetlink.h | |||
| @@ -41,11 +41,15 @@ enum nfnetlink_groups { | |||
| 41 | struct nfattr | 41 | struct nfattr |
| 42 | { | 42 | { |
| 43 | u_int16_t nfa_len; | 43 | u_int16_t nfa_len; |
| 44 | u_int16_t nfa_type; | 44 | u_int16_t nfa_type; /* we use 15 bits for the type, and the highest |
| 45 | * bit to indicate whether the payload is nested */ | ||
| 45 | } __attribute__ ((packed)); | 46 | } __attribute__ ((packed)); |
| 46 | 47 | ||
| 47 | /* FIXME: Shamelessly copy and pasted from rtnetlink.h, it's time | 48 | /* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from |
| 48 | * to put this in a generic file */ | 49 | * rtnetlink.h, it's time to put this in a generic file */ |
| 50 | |||
| 51 | #define NFNL_NFA_NEST 0x8000 | ||
| 52 | #define NFA_TYPE(attr) ((attr)->nfa_type & 0x7fff) | ||
| 49 | 53 | ||
| 50 | #define NFA_ALIGNTO 4 | 54 | #define NFA_ALIGNTO 4 |
| 51 | #define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1)) | 55 | #define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1)) |
| @@ -59,7 +63,7 @@ struct nfattr | |||
| 59 | #define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0)) | 63 | #define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0)) |
| 60 | #define NFA_NEST(skb, type) \ | 64 | #define NFA_NEST(skb, type) \ |
| 61 | ({ struct nfattr *__start = (struct nfattr *) (skb)->tail; \ | 65 | ({ struct nfattr *__start = (struct nfattr *) (skb)->tail; \ |
| 62 | NFA_PUT(skb, type, 0, NULL); \ | 66 | NFA_PUT(skb, (NFNL_NFA_NEST | type), 0, NULL); \ |
| 63 | __start; }) | 67 | __start; }) |
| 64 | #define NFA_NEST_END(skb, start) \ | 68 | #define NFA_NEST_END(skb, start) \ |
| 65 | ({ (start)->nfa_len = ((skb)->tail - (unsigned char *) (start)); \ | 69 | ({ (start)->nfa_len = ((skb)->tail - (unsigned char *) (start)); \ |
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c index 1caaca06f698..4bc27a6334c1 100644 --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c | |||
| @@ -133,7 +133,7 @@ int nfattr_parse(struct nfattr *tb[], int maxattr, struct nfattr *nfa, int len) | |||
| 133 | memset(tb, 0, sizeof(struct nfattr *) * maxattr); | 133 | memset(tb, 0, sizeof(struct nfattr *) * maxattr); |
| 134 | 134 | ||
| 135 | while (NFA_OK(nfa, len)) { | 135 | while (NFA_OK(nfa, len)) { |
| 136 | unsigned flavor = nfa->nfa_type; | 136 | unsigned flavor = NFA_TYPE(nfa); |
| 137 | if (flavor && flavor <= maxattr) | 137 | if (flavor && flavor <= maxattr) |
| 138 | tb[flavor-1] = nfa; | 138 | tb[flavor-1] = nfa; |
| 139 | nfa = NFA_NEXT(nfa, len); | 139 | nfa = NFA_NEXT(nfa, len); |
| @@ -177,7 +177,7 @@ nfnetlink_check_attributes(struct nfnetlink_subsystem *subsys, | |||
| 177 | int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len); | 177 | int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len); |
| 178 | 178 | ||
| 179 | while (NFA_OK(attr, attrlen)) { | 179 | while (NFA_OK(attr, attrlen)) { |
| 180 | unsigned flavor = attr->nfa_type; | 180 | unsigned flavor = NFA_TYPE(attr); |
| 181 | if (flavor) { | 181 | if (flavor) { |
| 182 | if (flavor > attr_count) | 182 | if (flavor > attr_count) |
| 183 | return -EINVAL; | 183 | return -EINVAL; |