[PATCH nf-next 0/2] netfilter: nf_tables: use NLA_POLICY_MASK instead of manual checks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

nf_tables still uses manual attribute validation in multiple places.
Make NLA_POLICY_MASK available with NLA_BE16/NLA_BE32 and then start
using it for flag attribute validation.

Florian Westphal (2):
  netlink: allow be16 and be32 types in all uint policy checks
  netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag
    options

 include/net/netlink.h      | 10 +++-------
 lib/nlattr.c               |  6 ++++++
 net/netfilter/nft_fib.c    | 13 +++++++------
 net/netfilter/nft_lookup.c |  6 ++----
 net/netfilter/nft_masq.c   |  8 +++-----
 net/netfilter/nft_nat.c    |  8 +++-----
 net/netfilter/nft_redir.c  |  8 +++-----
 7 files changed, 27 insertions(+), 32 deletions(-)

-- 
2.41.0
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux