From: Liping Zhang <zlpnobody@xxxxxxxxx> Currently, when we create cthelper via nfnetlink, -EINVAL will be returned if the NFCTH_PRIV_DATA_LEN attribute is empty. But enforcing the user to specify the NFCTH_PRIV_DATA_LEN attr seems unnecessary, so it's better to set the helper->data_len to zero if the NFCTH_PRIV_DATA_LEN attribute is empty. Found by running example program from libnetfilter_cthelper: # ./libnetfilter_cthelper/examples/nfct-helper-add test 1 error: Invalid argument Signed-off-by: Liping Zhang <zlpnobody@xxxxxxxxx> --- net/netfilter/nfnetlink_cthelper.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_cthelper.c index 2defe73..9c24301 100644 --- a/net/netfilter/nfnetlink_cthelper.c +++ b/net/netfilter/nfnetlink_cthelper.c @@ -205,7 +205,7 @@ nfnl_cthelper_create(const struct nlattr * const tb[], struct nf_conntrack_helper *helper; int ret; - if (!tb[NFCTH_TUPLE] || !tb[NFCTH_POLICY] || !tb[NFCTH_PRIV_DATA_LEN]) + if (!tb[NFCTH_TUPLE] || !tb[NFCTH_POLICY]) return -EINVAL; helper = kzalloc(sizeof(struct nf_conntrack_helper), GFP_KERNEL); @@ -217,7 +217,8 @@ nfnl_cthelper_create(const struct nlattr * const tb[], goto err1; strncpy(helper->name, nla_data(tb[NFCTH_NAME]), NF_CT_HELPER_NAME_LEN); - helper->data_len = ntohl(nla_get_be32(tb[NFCTH_PRIV_DATA_LEN])); + if (tb[NFCTH_PRIV_DATA_LEN]) + helper->data_len = ntohl(nla_get_be32(tb[NFCTH_PRIV_DATA_LEN])); helper->flags |= NF_CT_HELPER_F_USERSPACE; memcpy(&helper->tuple, tuple, sizeof(struct nf_conntrack_tuple)); -- 2.5.5 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
