NLA_POLICY_MAX() can be used to let netlink core validate that the given integer attribute is within the given min-max interval. Add NLA_POLICY_MAX_BE to allow similar range check on unsigned integers when those are in network byte order (big endian). First patch adds the netlink change, second patch adds one user. Florian Westphal (2): netlink: introduce NLA_POLICY_MAX_BE netfilter: nft_payload: reject out-of-range attributes via policy include/net/netlink.h | 9 +++++++++ lib/nlattr.c | 31 +++++++++++++++++++++++++++---- net/netfilter/nft_payload.c | 6 +++--- 3 files changed, 39 insertions(+), 7 deletions(-) -- 2.35.1
