diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 10 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 12 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 10 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 12 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_core.c | 10 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 111 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_proto_gre.c | 1 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_proto_tcp.c | 22 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_proto_udp.c | 2 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_proto_udplite.c | 2 |
10 files changed, 92 insertions, 100 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 77ca556aad91..2fcb9249a8da 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
| @@ -373,9 +373,9 @@ nla_put_failure: | |||
| 373 | return -1; | 373 | return -1; |
| 374 | } | 374 | } |
| 375 | 375 | ||
| 376 | static const size_t cta_min_ip[CTA_IP_MAX+1] = { | 376 | static const struct nla_policy ipv4_nla_policy[CTA_IP_MAX+1] = { |
| 377 | [CTA_IP_V4_SRC] = sizeof(u_int32_t), | 377 | [CTA_IP_V4_SRC] = { .type = NLA_U32 }, |
| 378 | [CTA_IP_V4_DST] = sizeof(u_int32_t), | 378 | [CTA_IP_V4_DST] = { .type = NLA_U32 }, |
| 379 | }; | 379 | }; |
| 380 | 380 | ||
| 381 | static int ipv4_nlattr_to_tuple(struct nlattr *tb[], | 381 | static int ipv4_nlattr_to_tuple(struct nlattr *tb[], |
| @@ -384,9 +384,6 @@ static int ipv4_nlattr_to_tuple(struct nlattr *tb[], | |||
| 384 | if (!tb[CTA_IP_V4_SRC] || !tb[CTA_IP_V4_DST]) | 384 | if (!tb[CTA_IP_V4_SRC] || !tb[CTA_IP_V4_DST]) |
| 385 | return -EINVAL; | 385 | return -EINVAL; |
| 386 | 386 | ||
| 387 | if (nlattr_bad_size(tb, CTA_IP_MAX, cta_min_ip)) | ||
| 388 | return -EINVAL; | ||
| 389 | |||
| 390 | t->src.u3.ip = *(__be32 *)nla_data(tb[CTA_IP_V4_SRC]); | 387 | t->src.u3.ip = *(__be32 *)nla_data(tb[CTA_IP_V4_SRC]); |
| 391 | t->dst.u3.ip = *(__be32 *)nla_data(tb[CTA_IP_V4_DST]); | 388 | t->dst.u3.ip = *(__be32 *)nla_data(tb[CTA_IP_V4_DST]); |
| 392 | 389 | ||
| @@ -413,6 +410,7 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4 __read_mostly = { | |||
| 413 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) | 410 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) |
| 414 | .tuple_to_nlattr = ipv4_tuple_to_nlattr, | 411 | .tuple_to_nlattr = ipv4_tuple_to_nlattr, |
| 415 | .nlattr_to_tuple = ipv4_nlattr_to_tuple, | 412 | .nlattr_to_tuple = ipv4_nlattr_to_tuple, |
| 413 | .nla_policy = ipv4_nla_policy, | ||
| 416 | #endif | 414 | #endif |
| 417 | #if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) | 415 | #if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) |
| 418 | .ctl_table_path = nf_net_ipv4_netfilter_sysctl_path, | 416 | .ctl_table_path = nf_net_ipv4_netfilter_sysctl_path, |
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c index ca7252c10758..11fedc73049c 100644 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c | |||
| @@ -248,10 +248,10 @@ nla_put_failure: | |||
| 248 | return -1; | 248 | return -1; |
| 249 | } | 249 | } |
| 250 | 250 | ||
| 251 | static const size_t cta_min_proto[CTA_PROTO_MAX+1] = { | 251 | static const struct nla_policy icmp_nla_policy[CTA_PROTO_MAX+1] = { |
| 252 | [CTA_PROTO_ICMP_TYPE] = sizeof(u_int8_t), | 252 | [CTA_PROTO_ICMP_TYPE] = { .type = NLA_U8 }, |
| 253 | [CTA_PROTO_ICMP_CODE] = sizeof(u_int8_t), | 253 | [CTA_PROTO_ICMP_CODE] = { .type = NLA_U8 }, |
| 254 | [CTA_PROTO_ICMP_ID] = sizeof(u_int16_t) | 254 | [CTA_PROTO_ICMP_ID] = { .type = NLA_U16 }, |
| 255 | }; | 255 | }; |
| 256 | 256 | ||
| 257 | static int icmp_nlattr_to_tuple(struct nlattr *tb[], | 257 | static int icmp_nlattr_to_tuple(struct nlattr *tb[], |
| @@ -262,9 +262,6 @@ static int icmp_nlattr_to_tuple(struct nlattr *tb[], | |||
| 262 | || !tb[CTA_PROTO_ICMP_ID]) | 262 | || !tb[CTA_PROTO_ICMP_ID]) |
| 263 | return -EINVAL; | 263 | return -EINVAL; |
| 264 | 264 | ||
| 265 | if (nlattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto)) | ||
| 266 | return -EINVAL; | ||
| 267 | |||
| 268 | tuple->dst.u.icmp.type = | 265 | tuple->dst.u.icmp.type = |
| 269 | *(u_int8_t *)nla_data(tb[CTA_PROTO_ICMP_TYPE]); | 266 | *(u_int8_t *)nla_data(tb[CTA_PROTO_ICMP_TYPE]); |
| 270 | tuple->dst.u.icmp.code = | 267 | tuple->dst.u.icmp.code = |
| @@ -329,6 +326,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly = | |||
| 329 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) | 326 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) |
| 330 | .tuple_to_nlattr = icmp_tuple_to_nlattr, | 327 | .tuple_to_nlattr = icmp_tuple_to_nlattr, |
| 331 | .nlattr_to_tuple = icmp_nlattr_to_tuple, | 328 | .nlattr_to_tuple = icmp_nlattr_to_tuple, |
| 329 | .nla_policy = icmp_nla_policy, | ||
| 332 | #endif | 330 | #endif |
| 333 | #ifdef CONFIG_SYSCTL | 331 | #ifdef CONFIG_SYSCTL |
| 334 | .ctl_table_header = &icmp_sysctl_header, | 332 | .ctl_table_header = &icmp_sysctl_header, |
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index 567fbe230ce6..37a3db926953 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | |||
| @@ -350,9 +350,9 @@ nla_put_failure: | |||
| 350 | return -1; | 350 | return -1; |
| 351 | } | 351 | } |
| 352 | 352 | ||
| 353 | static const size_t cta_min_ip[CTA_IP_MAX+1] = { | 353 | static const struct nla_policy ipv6_nla_policy[CTA_IP_MAX+1] = { |
| 354 | [CTA_IP_V6_SRC] = sizeof(u_int32_t)*4, | 354 | [CTA_IP_V6_SRC] = { .len = sizeof(u_int32_t)*4 }, |
| 355 | [CTA_IP_V6_DST] = sizeof(u_int32_t)*4, | 355 | [CTA_IP_V6_DST] = { .len = sizeof(u_int32_t)*4 }, |
| 356 | }; | 356 | }; |
| 357 | 357 | ||
| 358 | static int ipv6_nlattr_to_tuple(struct nlattr *tb[], | 358 | static int ipv6_nlattr_to_tuple(struct nlattr *tb[], |
| @@ -361,9 +361,6 @@ static int ipv6_nlattr_to_tuple(struct nlattr *tb[], | |||
| 361 | if (!tb[CTA_IP_V6_SRC] || !tb[CTA_IP_V6_DST]) | 361 | if (!tb[CTA_IP_V6_SRC] || !tb[CTA_IP_V6_DST]) |
| 362 | return -EINVAL; | 362 | return -EINVAL; |
| 363 | 363 | ||
| 364 | if (nlattr_bad_size(tb, CTA_IP_MAX, cta_min_ip)) | ||
| 365 | return -EINVAL; | ||
| 366 | |||
| 367 | memcpy(&t->src.u3.ip6, nla_data(tb[CTA_IP_V6_SRC]), | 364 | memcpy(&t->src.u3.ip6, nla_data(tb[CTA_IP_V6_SRC]), |
| 368 | sizeof(u_int32_t) * 4); | 365 | sizeof(u_int32_t) * 4); |
| 369 | memcpy(&t->dst.u3.ip6, nla_data(tb[CTA_IP_V6_DST]), | 366 | memcpy(&t->dst.u3.ip6, nla_data(tb[CTA_IP_V6_DST]), |
| @@ -384,6 +381,7 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6 __read_mostly = { | |||
| 384 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) | 381 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) |
| 385 | .tuple_to_nlattr = ipv6_tuple_to_nlattr, | 382 | .tuple_to_nlattr = ipv6_tuple_to_nlattr, |
| 386 | .nlattr_to_tuple = ipv6_nlattr_to_tuple, | 383 | .nlattr_to_tuple = ipv6_nlattr_to_tuple, |
| 384 | .nla_policy = ipv6_nla_policy, | ||
| 387 | #endif | 385 | #endif |
| 388 | #ifdef CONFIG_SYSCTL | 386 | #ifdef CONFIG_SYSCTL |
| 389 | .ctl_table_path = nf_net_netfilter_sysctl_path, | 387 | .ctl_table_path = nf_net_netfilter_sysctl_path, |
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c index 238ea6bc864e..fbdc66920de4 100644 --- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c +++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | |||
| @@ -226,10 +226,10 @@ nla_put_failure: | |||
| 226 | return -1; | 226 | return -1; |
| 227 | } | 227 | } |
| 228 | 228 | ||
| 229 | static const size_t cta_min_proto[CTA_PROTO_MAX+1] = { | 229 | static const struct nla_policy icmpv6_nla_policy[CTA_PROTO_MAX+1] = { |
| 230 | [CTA_PROTO_ICMPV6_TYPE] = sizeof(u_int8_t), | 230 | [CTA_PROTO_ICMPV6_TYPE] = { .type = NLA_U8 }, |
| 231 | [CTA_PROTO_ICMPV6_CODE] = sizeof(u_int8_t), | 231 | [CTA_PROTO_ICMPV6_CODE] = { .type = NLA_U8 }, |
| 232 | [CTA_PROTO_ICMPV6_ID] = sizeof(u_int16_t) | 232 | [CTA_PROTO_ICMPV6_ID] = { .type = NLA_U16 }, |
| 233 | }; | 233 | }; |
| 234 | 234 | ||
| 235 | static int icmpv6_nlattr_to_tuple(struct nlattr *tb[], | 235 | static int icmpv6_nlattr_to_tuple(struct nlattr *tb[], |
| @@ -240,9 +240,6 @@ static int icmpv6_nlattr_to_tuple(struct nlattr *tb[], | |||
| 240 | || !tb[CTA_PROTO_ICMPV6_ID]) | 240 | || !tb[CTA_PROTO_ICMPV6_ID]) |
| 241 | return -EINVAL; | 241 | return -EINVAL; |
| 242 | 242 | ||
| 243 | if (nlattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto)) | ||
| 244 | return -EINVAL; | ||
| 245 | |||
| 246 | tuple->dst.u.icmp.type = | 243 | tuple->dst.u.icmp.type = |
| 247 | *(u_int8_t *)nla_data(tb[CTA_PROTO_ICMPV6_TYPE]); | 244 | *(u_int8_t *)nla_data(tb[CTA_PROTO_ICMPV6_TYPE]); |
| 248 | tuple->dst.u.icmp.code = | 245 | tuple->dst.u.icmp.code = |
| @@ -291,6 +288,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 __read_mostly = | |||
| 291 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) | 288 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) |
| 292 | .tuple_to_nlattr = icmpv6_tuple_to_nlattr, | 289 | .tuple_to_nlattr = icmpv6_tuple_to_nlattr, |
| 293 | .nlattr_to_tuple = icmpv6_nlattr_to_tuple, | 290 | .nlattr_to_tuple = icmpv6_nlattr_to_tuple, |
| 291 | .nla_policy = icmpv6_nla_policy, | ||
| 294 | #endif | 292 | #endif |
| 295 | #ifdef CONFIG_SYSCTL | 293 | #ifdef CONFIG_SYSCTL |
| 296 | .ctl_table_header = &icmpv6_sysctl_header, | 294 | .ctl_table_header = &icmpv6_sysctl_header, |
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 9edaaf2d57e7..f9d36cab70f4 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
| @@ -844,10 +844,11 @@ nla_put_failure: | |||
| 844 | } | 844 | } |
| 845 | EXPORT_SYMBOL_GPL(nf_ct_port_tuple_to_nlattr); | 845 | EXPORT_SYMBOL_GPL(nf_ct_port_tuple_to_nlattr); |
| 846 | 846 | ||
| 847 | static const size_t cta_min_proto[CTA_PROTO_MAX+1] = { | 847 | const struct nla_policy nf_ct_port_nla_policy[CTA_PROTO_MAX+1] = { |
| 848 | [CTA_PROTO_SRC_PORT] = sizeof(u_int16_t), | 848 | [CTA_PROTO_SRC_PORT] = { .type = NLA_U16 }, |
| 849 | [CTA_PROTO_DST_PORT] = sizeof(u_int16_t) | 849 | [CTA_PROTO_DST_PORT] = { .type = NLA_U16 }, |
| 850 | }; | 850 | }; |
| 851 | EXPORT_SYMBOL_GPL(nf_ct_port_nla_policy); | ||
| 851 | 852 | ||
| 852 | int nf_ct_port_nlattr_to_tuple(struct nlattr *tb[], | 853 | int nf_ct_port_nlattr_to_tuple(struct nlattr *tb[], |
| 853 | struct nf_conntrack_tuple *t) | 854 | struct nf_conntrack_tuple *t) |
| @@ -855,9 +856,6 @@ int nf_ct_port_nlattr_to_tuple(struct nlattr *tb[], | |||
| 855 | if (!tb[CTA_PROTO_SRC_PORT] || !tb[CTA_PROTO_DST_PORT]) | 856 | if (!tb[CTA_PROTO_SRC_PORT] || !tb[CTA_PROTO_DST_PORT]) |
| 856 | return -EINVAL; | 857 | return -EINVAL; |
| 857 | 858 | ||
| 858 | if (nlattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto)) | ||
| 859 | return -EINVAL; | ||
| 860 | |||
| 861 | t->src.u.tcp.port = *(__be16 *)nla_data(tb[CTA_PROTO_SRC_PORT]); | 859 | t->src.u.tcp.port = *(__be16 *)nla_data(tb[CTA_PROTO_SRC_PORT]); |
| 862 | t->dst.u.tcp.port = *(__be16 *)nla_data(tb[CTA_PROTO_DST_PORT]); | 860 | t->dst.u.tcp.port = *(__be16 *)nla_data(tb[CTA_PROTO_DST_PORT]); |
| 863 | 861 | ||
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 9f9bef2446a1..ce3581266b87 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
| @@ -512,16 +512,20 @@ ctnetlink_parse_tuple_ip(struct nlattr *attr, struct nf_conntrack_tuple *tuple) | |||
| 512 | 512 | ||
| 513 | l3proto = nf_ct_l3proto_find_get(tuple->src.l3num); | 513 | l3proto = nf_ct_l3proto_find_get(tuple->src.l3num); |
| 514 | 514 | ||
| 515 | if (likely(l3proto->nlattr_to_tuple)) | 515 | if (likely(l3proto->nlattr_to_tuple)) { |
| 516 | ret = l3proto->nlattr_to_tuple(tb, tuple); | 516 | ret = nla_validate_nested(attr, CTA_IP_MAX, |
| 517 | l3proto->nla_policy); | ||
| 518 | if (ret == 0) | ||
| 519 | ret = l3proto->nlattr_to_tuple(tb, tuple); | ||
| 520 | } | ||
| 517 | 521 | ||
| 518 | nf_ct_l3proto_put(l3proto); | 522 | nf_ct_l3proto_put(l3proto); |
| 519 | 523 | ||
| 520 | return ret; | 524 | return ret; |
| 521 | } | 525 | } |
| 522 | 526 | ||
| 523 | static const size_t cta_min_proto[CTA_PROTO_MAX+1] = { | 527 | static const struct nla_policy proto_nla_policy[CTA_PROTO_MAX+1] = { |
| 524 | [CTA_PROTO_NUM] = sizeof(u_int8_t), | 528 | [CTA_PROTO_NUM] = { .type = NLA_U8 }, |
| 525 | }; | 529 | }; |
| 526 | 530 | ||
| 527 | static inline int | 531 | static inline int |
| @@ -532,10 +536,9 @@ ctnetlink_parse_tuple_proto(struct nlattr *attr, | |||
| 532 | struct nf_conntrack_l4proto *l4proto; | 536 | struct nf_conntrack_l4proto *l4proto; |
| 533 | int ret = 0; | 537 | int ret = 0; |
| 534 | 538 | ||
| 535 | nla_parse_nested(tb, CTA_PROTO_MAX, attr, NULL); | 539 | ret = nla_parse_nested(tb, CTA_PROTO_MAX, attr, proto_nla_policy); |
| 536 | 540 | if (ret < 0) | |
| 537 | if (nlattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto)) | 541 | return ret; |
| 538 | return -EINVAL; | ||
| 539 | 542 | ||
| 540 | if (!tb[CTA_PROTO_NUM]) | 543 | if (!tb[CTA_PROTO_NUM]) |
| 541 | return -EINVAL; | 544 | return -EINVAL; |
| @@ -543,8 +546,12 @@ ctnetlink_parse_tuple_proto(struct nlattr *attr, | |||
| 543 | 546 | ||
| 544 | l4proto = nf_ct_l4proto_find_get(tuple->src.l3num, tuple->dst.protonum); | 547 | l4proto = nf_ct_l4proto_find_get(tuple->src.l3num, tuple->dst.protonum); |
| 545 | 548 | ||
| 546 | if (likely(l4proto->nlattr_to_tuple)) | 549 | if (likely(l4proto->nlattr_to_tuple)) { |
| 547 | ret = l4proto->nlattr_to_tuple(tb, tuple); | 550 | ret = nla_validate_nested(attr, CTA_PROTO_MAX, |
| 551 | l4proto->nla_policy); | ||
| 552 | if (ret == 0) | ||
| 553 | ret = l4proto->nlattr_to_tuple(tb, tuple); | ||
| 554 | } | ||
| 548 | 555 | ||
| 549 | nf_ct_l4proto_put(l4proto); | 556 | nf_ct_l4proto_put(l4proto); |
| 550 | 557 | ||
| @@ -588,9 +595,9 @@ ctnetlink_parse_tuple(struct nlattr *cda[], struct nf_conntrack_tuple *tuple, | |||
| 588 | } | 595 | } |
| 589 | 596 | ||
| 590 | #ifdef CONFIG_NF_NAT_NEEDED | 597 | #ifdef CONFIG_NF_NAT_NEEDED |
| 591 | static const size_t cta_min_protonat[CTA_PROTONAT_MAX+1] = { | 598 | static const struct nla_policy protonat_nla_policy[CTA_PROTONAT_MAX+1] = { |
| 592 | [CTA_PROTONAT_PORT_MIN] = sizeof(u_int16_t), | 599 | [CTA_PROTONAT_PORT_MIN] = { .type = NLA_U16 }, |
| 593 | [CTA_PROTONAT_PORT_MAX] = sizeof(u_int16_t), | 600 | [CTA_PROTONAT_PORT_MAX] = { .type = NLA_U16 }, |
| 594 | }; | 601 | }; |
| 595 | 602 | ||
| 596 | static int nfnetlink_parse_nat_proto(struct nlattr *attr, | 603 | static int nfnetlink_parse_nat_proto(struct nlattr *attr, |
| @@ -599,11 +606,11 @@ static int nfnetlink_parse_nat_proto(struct nlattr *attr, | |||
| 599 | { | 606 | { |
| 600 | struct nlattr *tb[CTA_PROTONAT_MAX+1]; | 607 | struct nlattr *tb[CTA_PROTONAT_MAX+1]; |
| 601 | struct nf_nat_protocol *npt; | 608 | struct nf_nat_protocol *npt; |
| 609 | int err; | ||
| 602 | 610 | ||
| 603 | nla_parse_nested(tb, CTA_PROTONAT_MAX, attr, NULL); | 611 | err = nla_parse_nested(tb, CTA_PROTONAT_MAX, attr, protonat_nla_policy); |
| 604 | 612 | if (err < 0) | |
| 605 | if (nlattr_bad_size(tb, CTA_PROTONAT_MAX, cta_min_protonat)) | 613 | return err; |
| 606 | return -EINVAL; | ||
| 607 | 614 | ||
| 608 | npt = nf_nat_proto_find_get(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum); | 615 | npt = nf_nat_proto_find_get(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum); |
| 609 | 616 | ||
| @@ -621,9 +628,9 @@ static int nfnetlink_parse_nat_proto(struct nlattr *attr, | |||
| 621 | return 0; | 628 | return 0; |
| 622 | } | 629 | } |
| 623 | 630 | ||
| 624 | static const size_t cta_min_nat[CTA_NAT_MAX+1] = { | 631 | static const struct nla_policy nat_nla_policy[CTA_NAT_MAX+1] = { |
| 625 | [CTA_NAT_MINIP] = sizeof(u_int32_t), | 632 | [CTA_NAT_MINIP] = { .type = NLA_U32 }, |
| 626 | [CTA_NAT_MAXIP] = sizeof(u_int32_t), | 633 | [CTA_NAT_MAXIP] = { .type = NLA_U32 }, |
| 627 | }; | 634 | }; |
| 628 | 635 | ||
| 629 | static inline int | 636 | static inline int |
| @@ -635,10 +642,9 @@ nfnetlink_parse_nat(struct nlattr *nat, | |||
| 635 | 642 | ||
| 636 | memset(range, 0, sizeof(*range)); | 643 | memset(range, 0, sizeof(*range)); |
| 637 | 644 | ||
| 638 | nla_parse_nested(tb, CTA_NAT_MAX, nat, NULL); | 645 | err = nla_parse_nested(tb, CTA_NAT_MAX, nat, nat_nla_policy); |
| 639 | 646 | if (err < 0) | |
| 640 | if (nlattr_bad_size(tb, CTA_NAT_MAX, cta_min_nat)) | 647 | return err; |
| 641 | return -EINVAL; | ||
| 642 | 648 | ||
| 643 | if (tb[CTA_NAT_MINIP]) | 649 | if (tb[CTA_NAT_MINIP]) |
| 644 | range->min_ip = *(__be32 *)nla_data(tb[CTA_NAT_MINIP]); | 650 | range->min_ip = *(__be32 *)nla_data(tb[CTA_NAT_MINIP]); |
| @@ -677,12 +683,12 @@ ctnetlink_parse_help(struct nlattr *attr, char **helper_name) | |||
| 677 | return 0; | 683 | return 0; |
| 678 | } | 684 | } |
| 679 | 685 | ||
| 680 | static const size_t cta_min[CTA_MAX+1] = { | 686 | static const struct nla_policy ct_nla_policy[CTA_MAX+1] = { |
| 681 | [CTA_STATUS] = sizeof(u_int32_t), | 687 | [CTA_STATUS] = { .type = NLA_U32 }, |
| 682 | [CTA_TIMEOUT] = sizeof(u_int32_t), | 688 | [CTA_TIMEOUT] = { .type = NLA_U32 }, |
| 683 | [CTA_MARK] = sizeof(u_int32_t), | 689 | [CTA_MARK] = { .type = NLA_U32 }, |
| 684 | [CTA_USE] = sizeof(u_int32_t), | 690 | [CTA_USE] = { .type = NLA_U32 }, |
| 685 | [CTA_ID] = sizeof(u_int32_t) | 691 | [CTA_ID] = { .type = NLA_U32 }, |
| 686 | }; | 692 | }; |
| 687 | 693 | ||
| 688 | static int | 694 | static int |
| @@ -696,9 +702,6 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb, | |||
| 696 | u_int8_t u3 = nfmsg->nfgen_family; | 702 | u_int8_t u3 = nfmsg->nfgen_family; |
| 697 | int err = 0; | 703 | int err = 0; |
| 698 | 704 | ||
| 699 | if (nlattr_bad_size(cda, CTA_MAX, cta_min)) | ||
| 700 | return -EINVAL; | ||
| 701 | |||
| 702 | if (cda[CTA_TUPLE_ORIG]) | 705 | if (cda[CTA_TUPLE_ORIG]) |
| 703 | err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG, u3); | 706 | err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG, u3); |
| 704 | else if (cda[CTA_TUPLE_REPLY]) | 707 | else if (cda[CTA_TUPLE_REPLY]) |
| @@ -754,9 +757,6 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb, | |||
| 754 | ctnetlink_done); | 757 | ctnetlink_done); |
| 755 | } | 758 | } |
| 756 | 759 | ||
| 757 | if (nlattr_bad_size(cda, CTA_MAX, cta_min)) | ||
| 758 | return -EINVAL; | ||
| 759 | |||
| 760 | if (cda[CTA_TUPLE_ORIG]) | 760 | if (cda[CTA_TUPLE_ORIG]) |
| 761 | err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG, u3); | 761 | err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG, u3); |
| 762 | else if (cda[CTA_TUPLE_REPLY]) | 762 | else if (cda[CTA_TUPLE_REPLY]) |
| @@ -1045,9 +1045,6 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb, | |||
| 1045 | u_int8_t u3 = nfmsg->nfgen_family; | 1045 | u_int8_t u3 = nfmsg->nfgen_family; |
| 1046 | int err = 0; | 1046 | int err = 0; |
| 1047 | 1047 | ||
| 1048 | if (nlattr_bad_size(cda, CTA_MAX, cta_min)) | ||
| 1049 | return -EINVAL; | ||
| 1050 | |||
| 1051 | if (cda[CTA_TUPLE_ORIG]) { | 1048 | if (cda[CTA_TUPLE_ORIG]) { |
| 1052 | err = ctnetlink_parse_tuple(cda, &otuple, CTA_TUPLE_ORIG, u3); | 1049 | err = ctnetlink_parse_tuple(cda, &otuple, CTA_TUPLE_ORIG, u3); |
| 1053 | if (err < 0) | 1050 | if (err < 0) |
| @@ -1313,9 +1310,9 @@ out: | |||
| 1313 | return skb->len; | 1310 | return skb->len; |
| 1314 | } | 1311 | } |
| 1315 | 1312 | ||
| 1316 | static const size_t cta_min_exp[CTA_EXPECT_MAX+1] = { | 1313 | static const struct nla_policy exp_nla_policy[CTA_EXPECT_MAX+1] = { |
| 1317 | [CTA_EXPECT_TIMEOUT] = sizeof(u_int32_t), | 1314 | [CTA_EXPECT_TIMEOUT] = { .type = NLA_U32 }, |
| 1318 | [CTA_EXPECT_ID] = sizeof(u_int32_t) | 1315 | [CTA_EXPECT_ID] = { .type = NLA_U32 }, |
| 1319 | }; | 1316 | }; |
| 1320 | 1317 | ||
| 1321 | static int | 1318 | static int |
| @@ -1329,9 +1326,6 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb, | |||
| 1329 | u_int8_t u3 = nfmsg->nfgen_family; | 1326 | u_int8_t u3 = nfmsg->nfgen_family; |
| 1330 | int err = 0; | 1327 | int err = 0; |
| 1331 | 1328 | ||
| 1332 | if (nlattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp)) | ||
| 1333 | return -EINVAL; | ||
| 1334 | |||
| 1335 | if (nlh->nlmsg_flags & NLM_F_DUMP) { | 1329 | if (nlh->nlmsg_flags & NLM_F_DUMP) { |
| 1336 | return netlink_dump_start(ctnl, skb, nlh, | 1330 | return netlink_dump_start(ctnl, skb, nlh, |
| 1337 | ctnetlink_exp_dump_table, | 1331 | ctnetlink_exp_dump_table, |
| @@ -1393,9 +1387,6 @@ ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb, | |||
| 1393 | unsigned int i; | 1387 | unsigned int i; |
| 1394 | int err; | 1388 | int err; |
| 1395 | 1389 | ||
| 1396 | if (nlattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp)) | ||
| 1397 | return -EINVAL; | ||
| 1398 | |||
| 1399 | if (cda[CTA_EXPECT_TUPLE]) { | 1390 | if (cda[CTA_EXPECT_TUPLE]) { |
| 1400 | /* delete a single expect by tuple */ | 1391 | /* delete a single expect by tuple */ |
| 1401 | err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE, u3); | 1392 | err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE, u3); |
| @@ -1534,9 +1525,6 @@ ctnetlink_new_expect(struct sock *ctnl, struct sk_buff *skb, | |||
| 1534 | u_int8_t u3 = nfmsg->nfgen_family; | 1525 | u_int8_t u3 = nfmsg->nfgen_family; |
| 1535 | int err = 0; | 1526 | int err = 0; |
| 1536 | 1527 | ||
| 1537 | if (nlattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp)) | ||
| 1538 | return -EINVAL; | ||
| 1539 | |||
| 1540 | if (!cda[CTA_EXPECT_TUPLE] | 1528 | if (!cda[CTA_EXPECT_TUPLE] |
| 1541 | || !cda[CTA_EXPECT_MASK] | 1529 | || !cda[CTA_EXPECT_MASK] |
| 1542 | || !cda[CTA_EXPECT_MASTER]) | 1530 | || !cda[CTA_EXPECT_MASTER]) |
| @@ -1577,22 +1565,29 @@ static struct notifier_block ctnl_notifier_exp = { | |||
| 1577 | 1565 | ||
| 1578 | static const struct nfnl_callback ctnl_cb[IPCTNL_MSG_MAX] = { | 1566 | static const struct nfnl_callback ctnl_cb[IPCTNL_MSG_MAX] = { |
| 1579 | [IPCTNL_MSG_CT_NEW] = { .call = ctnetlink_new_conntrack, | 1567 | [IPCTNL_MSG_CT_NEW] = { .call = ctnetlink_new_conntrack, |
| 1580 | .attr_count = CTA_MAX, }, | 1568 | .attr_count = CTA_MAX, |
| 1569 | .policy = ct_nla_policy }, | ||
| 1581 | [IPCTNL_MSG_CT_GET] = { .call = ctnetlink_get_conntrack, | 1570 | [IPCTNL_MSG_CT_GET] = { .call = ctnetlink_get_conntrack, |
| 1582 | .attr_count = CTA_MAX, }, | 1571 | .attr_count = CTA_MAX, |
| 1572 | .policy = ct_nla_policy }, | ||
| 1583 | [IPCTNL_MSG_CT_DELETE] = { .call = ctnetlink_del_conntrack, | 1573 | [IPCTNL_MSG_CT_DELETE] = { .call = ctnetlink_del_conntrack, |
| 1584 | .attr_count = CTA_MAX, }, | 1574 | .attr_count = CTA_MAX, |
| 1575 | .policy = ct_nla_policy }, | ||
| 1585 | [IPCTNL_MSG_CT_GET_CTRZERO] = { .call = ctnetlink_get_conntrack, | 1576 | [IPCTNL_MSG_CT_GET_CTRZERO] = { .call = ctnetlink_get_conntrack, |
| 1586 | .attr_count = CTA_MAX, }, | 1577 | .attr_count = CTA_MAX, |
| 1578 | .policy = ct_nla_policy }, | ||
| 1587 | }; | 1579 | }; |
| 1588 | 1580 | ||
| 1589 | static const struct nfnl_callback ctnl_exp_cb[IPCTNL_MSG_EXP_MAX] = { | 1581 | static const struct nfnl_callback ctnl_exp_cb[IPCTNL_MSG_EXP_MAX] = { |
| 1590 | [IPCTNL_MSG_EXP_GET] = { .call = ctnetlink_get_expect, | 1582 | [IPCTNL_MSG_EXP_GET] = { .call = ctnetlink_get_expect, |
| 1591 | .attr_count = CTA_EXPECT_MAX, }, | 1583 | .attr_count = CTA_EXPECT_MAX, |
| 1584 | .policy = exp_nla_policy }, | ||
| 1592 | [IPCTNL_MSG_EXP_NEW] = { .call = ctnetlink_new_expect, | 1585 | [IPCTNL_MSG_EXP_NEW] = { .call = ctnetlink_new_expect, |
| 1593 | .attr_count = CTA_EXPECT_MAX, }, | 1586 | .attr_count = CTA_EXPECT_MAX, |
| 1587 | .policy = exp_nla_policy }, | ||
| 1594 | [IPCTNL_MSG_EXP_DELETE] = { .call = ctnetlink_del_expect, | 1588 | [IPCTNL_MSG_EXP_DELETE] = { .call = ctnetlink_del_expect, |
| 1595 | .attr_count = CTA_EXPECT_MAX, }, | 1589 | .attr_count = CTA_EXPECT_MAX, |
| 1590 | .policy = exp_nla_policy }, | ||
| 1596 | }; | 1591 | }; |
| 1597 | 1592 | ||
| 1598 | static const struct nfnetlink_subsystem ctnl_subsys = { | 1593 | static const struct nfnetlink_subsystem ctnl_subsys = { |
diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c index ff8d03b88402..4a185f6aa65a 100644 --- a/net/netfilter/nf_conntrack_proto_gre.c +++ b/net/netfilter/nf_conntrack_proto_gre.c | |||
| @@ -276,6 +276,7 @@ static struct nf_conntrack_l4proto nf_conntrack_l4proto_gre4 __read_mostly = { | |||
| 276 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) | 276 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) |
| 277 | .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, | 277 | .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, |
| 278 | .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, | 278 | .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, |
| 279 | .nla_policy = nf_ct_port_nla_policy, | ||
| 279 | #endif | 280 | #endif |
| 280 | }; | 281 | }; |
| 281 | 282 | ||
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index 84f47bc90f63..df718e7c7ee4 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c | |||
| @@ -1105,28 +1105,28 @@ nla_put_failure: | |||
| 1105 | return -1; | 1105 | return -1; |
| 1106 | } | 1106 | } |
| 1107 | 1107 | ||
| 1108 | static const size_t cta_min_tcp[CTA_PROTOINFO_TCP_MAX+1] = { | 1108 | static const struct nla_policy tcp_nla_policy[CTA_PROTOINFO_TCP_MAX+1] = { |
| 1109 | [CTA_PROTOINFO_TCP_STATE] = sizeof(u_int8_t), | 1109 | [CTA_PROTOINFO_TCP_STATE] = { .type = NLA_U8 }, |
| 1110 | [CTA_PROTOINFO_TCP_WSCALE_ORIGINAL] = sizeof(u_int8_t), | 1110 | [CTA_PROTOINFO_TCP_WSCALE_ORIGINAL] = { .type = NLA_U8 }, |
| 1111 | [CTA_PROTOINFO_TCP_WSCALE_REPLY] = sizeof(u_int8_t), | 1111 | [CTA_PROTOINFO_TCP_WSCALE_REPLY] = { .type = NLA_U8 }, |
| 1112 | [CTA_PROTOINFO_TCP_FLAGS_ORIGINAL] = sizeof(struct nf_ct_tcp_flags), | 1112 | [CTA_PROTOINFO_TCP_FLAGS_ORIGINAL] = { .len = sizeof(struct nf_ct_tcp_flags) }, |
| 1113 | [CTA_PROTOINFO_TCP_FLAGS_REPLY] = sizeof(struct nf_ct_tcp_flags) | 1113 | [CTA_PROTOINFO_TCP_FLAGS_REPLY] = { .len = sizeof(struct nf_ct_tcp_flags) }, |
| 1114 | }; | 1114 | }; |
| 1115 | 1115 | ||
| 1116 | static int nlattr_to_tcp(struct nlattr *cda[], struct nf_conn *ct) | 1116 | static int nlattr_to_tcp(struct nlattr *cda[], struct nf_conn *ct) |
| 1117 | { | 1117 | { |
| 1118 | struct nlattr *attr = cda[CTA_PROTOINFO_TCP]; | 1118 | struct nlattr *attr = cda[CTA_PROTOINFO_TCP]; |
| 1119 | struct nlattr *tb[CTA_PROTOINFO_TCP_MAX+1]; | 1119 | struct nlattr *tb[CTA_PROTOINFO_TCP_MAX+1]; |
| 1120 | int err; | ||
| 1120 | 1121 | ||
| 1121 | /* updates could not contain anything about the private | 1122 | /* updates could not contain anything about the private |
| 1122 | * protocol info, in that case skip the parsing */ | 1123 | * protocol info, in that case skip the parsing */ |
| 1123 | if (!attr) | 1124 | if (!attr) |
| 1124 | return 0; | 1125 | return 0; |
| 1125 | 1126 | ||
| 1126 | nla_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr, NULL); | 1127 | err = nla_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr, tcp_nla_policy); |
| 1127 | 1128 | if (err < 0) | |
| 1128 | if (nlattr_bad_size(tb, CTA_PROTOINFO_TCP_MAX, cta_min_tcp)) | 1129 | return err; |
| 1129 | return -EINVAL; | ||
| 1130 | 1130 | ||
| 1131 | if (!tb[CTA_PROTOINFO_TCP_STATE]) | 1131 | if (!tb[CTA_PROTOINFO_TCP_STATE]) |
| 1132 | return -EINVAL; | 1132 | return -EINVAL; |
| @@ -1391,6 +1391,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 __read_mostly = | |||
| 1391 | .from_nlattr = nlattr_to_tcp, | 1391 | .from_nlattr = nlattr_to_tcp, |
| 1392 | .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, | 1392 | .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, |
| 1393 | .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, | 1393 | .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, |
| 1394 | .nla_policy = nf_ct_port_nla_policy, | ||
| 1394 | #endif | 1395 | #endif |
| 1395 | #ifdef CONFIG_SYSCTL | 1396 | #ifdef CONFIG_SYSCTL |
| 1396 | .ctl_table_users = &tcp_sysctl_table_users, | 1397 | .ctl_table_users = &tcp_sysctl_table_users, |
| @@ -1420,6 +1421,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6 __read_mostly = | |||
| 1420 | .from_nlattr = nlattr_to_tcp, | 1421 | .from_nlattr = nlattr_to_tcp, |
| 1421 | .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, | 1422 | .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, |
| 1422 | .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, | 1423 | .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, |
| 1424 | .nla_policy = nf_ct_port_nla_policy, | ||
| 1423 | #endif | 1425 | #endif |
| 1424 | #ifdef CONFIG_SYSCTL | 1426 | #ifdef CONFIG_SYSCTL |
| 1425 | .ctl_table_users = &tcp_sysctl_table_users, | 1427 | .ctl_table_users = &tcp_sysctl_table_users, |
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c index 751ff7e2a0d9..ba80e1a1ea17 100644 --- a/net/netfilter/nf_conntrack_proto_udp.c +++ b/net/netfilter/nf_conntrack_proto_udp.c | |||
| @@ -205,6 +205,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 __read_mostly = | |||
| 205 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) | 205 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) |
| 206 | .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, | 206 | .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, |
| 207 | .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, | 207 | .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, |
| 208 | .nla_policy = nf_ct_port_nla_policy, | ||
| 208 | #endif | 209 | #endif |
| 209 | #ifdef CONFIG_SYSCTL | 210 | #ifdef CONFIG_SYSCTL |
| 210 | .ctl_table_users = &udp_sysctl_table_users, | 211 | .ctl_table_users = &udp_sysctl_table_users, |
| @@ -232,6 +233,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 __read_mostly = | |||
| 232 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) | 233 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) |
| 233 | .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, | 234 | .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, |
| 234 | .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, | 235 | .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, |
| 236 | .nla_policy = nf_ct_port_nla_policy, | ||
| 235 | #endif | 237 | #endif |
| 236 | #ifdef CONFIG_SYSCTL | 238 | #ifdef CONFIG_SYSCTL |
| 237 | .ctl_table_users = &udp_sysctl_table_users, | 239 | .ctl_table_users = &udp_sysctl_table_users, |
diff --git a/net/netfilter/nf_conntrack_proto_udplite.c b/net/netfilter/nf_conntrack_proto_udplite.c index 4209ddb8fbaf..b8981dd922be 100644 --- a/net/netfilter/nf_conntrack_proto_udplite.c +++ b/net/netfilter/nf_conntrack_proto_udplite.c | |||
| @@ -205,6 +205,7 @@ static struct nf_conntrack_l4proto nf_conntrack_l4proto_udplite4 __read_mostly = | |||
| 205 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) | 205 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) |
| 206 | .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, | 206 | .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, |
| 207 | .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, | 207 | .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, |
| 208 | .nla_policy = nf_ct_port_nla_policy, | ||
| 208 | #endif | 209 | #endif |
| 209 | #ifdef CONFIG_SYSCTL | 210 | #ifdef CONFIG_SYSCTL |
| 210 | .ctl_table_users = &udplite_sysctl_table_users, | 211 | .ctl_table_users = &udplite_sysctl_table_users, |
| @@ -228,6 +229,7 @@ static struct nf_conntrack_l4proto nf_conntrack_l4proto_udplite6 __read_mostly = | |||
| 228 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) | 229 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) |
| 229 | .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, | 230 | .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, |
| 230 | .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, | 231 | .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, |
| 232 | .nla_policy = nf_ct_port_nla_policy, | ||
| 231 | #endif | 233 | #endif |
| 232 | #ifdef CONFIG_SYSCTL | 234 | #ifdef CONFIG_SYSCTL |
| 233 | .ctl_table_users = &udplite_sysctl_table_users, | 235 | .ctl_table_users = &udplite_sysctl_table_users, |