On Thu, Jan 07, 2016 at 09:34:24PM +0100, Florian Westphal wrote:
> @@ -366,6 +398,13 @@ static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr)
> goto nla_put_failure;
>
> switch (priv->key) {
> + case NFT_CT_BYTES:
> + case NFT_CT_PKTS:
> + if ((priv->dir == IP_CT_DIR_ORIGINAL ||
> + priv->dir == IP_CT_DIR_REPLY) &&
> + nla_put_u8(skb, NFTA_CT_DIRECTION, priv->dir))
> + goto nla_put_failure;
> + break;
> case NFT_CT_PROTOCOL:
Any concern if I fold this change into your patch? It just simplifies
this check, see below:
switch (priv->key) {
case NFT_CT_BYTES:
case NFT_CT_PKTS:
- if ((priv->dir == IP_CT_DIR_ORIGINAL ||
- priv->dir == IP_CT_DIR_REPLY) &&
- nla_put_u8(skb, NFTA_CT_DIRECTION, priv->dir))
+ if (priv->dir < IP_CT_DIR_MAX &&
+ nla_put_u8(skb, NFTA_CT_DIRECTION, priv->dir))
goto nla_put_failure;
break;
case NFT_CT_PROTOCOL:
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
