|
|
@@ -777,10 +777,10 @@ static struct notifier_block nfqnl_rtnl_notifier = {
|
|
|
.notifier_call = nfqnl_rcv_nl_event,
|
|
|
};
|
|
|
|
|
|
-static const int nfqa_verdict_min[NFQA_MAX+1] = {
|
|
|
- [NFQA_VERDICT_HDR] = sizeof(struct nfqnl_msg_verdict_hdr),
|
|
|
- [NFQA_MARK] = sizeof(u_int32_t),
|
|
|
- [NFQA_PAYLOAD] = 0,
|
|
|
+static const struct nla_policy nfqa_verdict_policy[NFQA_MAX+1] = {
|
|
|
+ [NFQA_VERDICT_HDR] = { .len = sizeof(struct nfqnl_msg_verdict_hdr) },
|
|
|
+ [NFQA_MARK] = { .type = NLA_U32 },
|
|
|
+ [NFQA_PAYLOAD] = { .type = NLA_UNSPEC },
|
|
|
};
|
|
|
|
|
|
static int
|
|
|
@@ -796,11 +796,6 @@ nfqnl_recv_verdict(struct sock *ctnl, struct sk_buff *skb,
|
|
|
struct nfqnl_queue_entry *entry;
|
|
|
int err;
|
|
|
|
|
|
- if (nlattr_bad_size(nfqa, NFQA_MAX, nfqa_verdict_min)) {
|
|
|
- QDEBUG("bad attribute size\n");
|
|
|
- return -EINVAL;
|
|
|
- }
|
|
|
-
|
|
|
queue = instance_lookup_get(queue_num);
|
|
|
if (!queue)
|
|
|
return -ENODEV;
|
|
|
@@ -855,9 +850,9 @@ nfqnl_recv_unsupp(struct sock *ctnl, struct sk_buff *skb,
|
|
|
return -ENOTSUPP;
|
|
|
}
|
|
|
|
|
|
-static const int nfqa_cfg_min[NFQA_CFG_MAX+1] = {
|
|
|
- [NFQA_CFG_CMD] = sizeof(struct nfqnl_msg_config_cmd),
|
|
|
- [NFQA_CFG_PARAMS] = sizeof(struct nfqnl_msg_config_params),
|
|
|
+static const struct nla_policy nfqa_cfg_policy[NFQA_CFG_MAX+1] = {
|
|
|
+ [NFQA_CFG_CMD] = { .len = sizeof(struct nfqnl_msg_config_cmd) },
|
|
|
+ [NFQA_CFG_PARAMS] = { .len = sizeof(struct nfqnl_msg_config_params) },
|
|
|
};
|
|
|
|
|
|
static struct nf_queue_handler nfqh = {
|
|
|
@@ -876,11 +871,6 @@ nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
|
|
|
|
|
|
QDEBUG("entering for msg %u\n", NFNL_MSG_TYPE(nlh->nlmsg_type));
|
|
|
|
|
|
- if (nlattr_bad_size(nfqa, NFQA_CFG_MAX, nfqa_cfg_min)) {
|
|
|
- QDEBUG("bad attribute size\n");
|
|
|
- return -EINVAL;
|
|
|
- }
|
|
|
-
|
|
|
queue = instance_lookup_get(queue_num);
|
|
|
if (nfqa[NFQA_CFG_CMD]) {
|
|
|
struct nfqnl_msg_config_cmd *cmd;
|
|
|
@@ -964,9 +954,11 @@ static const struct nfnl_callback nfqnl_cb[NFQNL_MSG_MAX] = {
|
|
|
[NFQNL_MSG_PACKET] = { .call = nfqnl_recv_unsupp,
|
|
|
.attr_count = NFQA_MAX, },
|
|
|
[NFQNL_MSG_VERDICT] = { .call = nfqnl_recv_verdict,
|
|
|
- .attr_count = NFQA_MAX, },
|
|
|
+ .attr_count = NFQA_MAX,
|
|
|
+ .policy = nfqa_verdict_policy },
|
|
|
[NFQNL_MSG_CONFIG] = { .call = nfqnl_recv_config,
|
|
|
- .attr_count = NFQA_CFG_MAX, },
|
|
|
+ .attr_count = NFQA_CFG_MAX,
|
|
|
+ .policy = nfqa_cfg_policy },
|
|
|
};
|
|
|
|
|
|
static const struct nfnetlink_subsystem nfqnl_subsys = {
|
Patrick McHardy