From patchwork Wed Jun 27 10:59:56 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Krishna Kumar X-Patchwork-Id: 167617 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 5F93AB6FFC for ; Wed, 27 Jun 2012 21:00:09 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757152Ab2F0LAG (ORCPT ); Wed, 27 Jun 2012 07:00:06 -0400 Received: from e23smtp08.au.ibm.com ([202.81.31.141]:56460 "EHLO e23smtp08.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757123Ab2F0LAF (ORCPT ); Wed, 27 Jun 2012 07:00:05 -0400 Received: from /spool/local by e23smtp08.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 27 Jun 2012 10:56:51 +1000 Received: from d23relay03.au.ibm.com (202.81.31.245) by e23smtp08.au.ibm.com (202.81.31.205) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 27 Jun 2012 10:56:47 +1000 Received: from d23av01.au.ibm.com (d23av01.au.ibm.com [9.190.234.96]) by d23relay03.au.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id q5RAxxJY57212944 for ; Wed, 27 Jun 2012 20:59:59 +1000 Received: from d23av01.au.ibm.com (loopback [127.0.0.1]) by d23av01.au.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id q5RAxx1c000954 for ; Wed, 27 Jun 2012 20:59:59 +1000 Received: from localhost.localdomain ([9.124.96.55]) by d23av01.au.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id q5RAxvxo000931; Wed, 27 Jun 2012 20:59:57 +1000 From: Krishna Kumar To: pablo@netfilter.org Cc: fw@strlen.de, netfilter-devel@vger.kernel.org, Krishna Kumar Date: Wed, 27 Jun 2012 16:29:56 +0530 Message-Id: <20120627105956.26473.95573.sendpatchset@localhost.localdomain> Subject: [RFC] [PATCH] netfilter: nfnetlink_queue: Don't set random flag bits x-cbid: 12062700-5140-0000-0000-000001A5BEC0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Allow setting of only supported flag bits in queue->flags. If this is OK, I can send a patch to add this flag to libnetfilter_queue too. Signed-off-by: Krishna Kumar --- include/linux/netfilter/nfnetlink_queue.h | 2 ++ net/netfilter/nfnetlink_queue_core.c | 6 ++++++ 2 files changed, 8 insertions(+) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff -ruNp org/include/linux/netfilter/nfnetlink_queue.h new/include/linux/netfilter/nfnetlink_queue.h --- org/include/linux/netfilter/nfnetlink_queue.h 2012-06-18 08:36:53.000000000 +0530 +++ new/include/linux/netfilter/nfnetlink_queue.h 2012-06-27 16:25:54.297619352 +0530 @@ -96,4 +96,6 @@ enum nfqnl_attr_config { #define NFQA_CFG_F_FAIL_OPEN (1 << 0) #define NFQA_CFG_F_CONNTRACK (1 << 1) +#define NFQA_CFG_F_FLAGS_MAX (1 << 2) + #endif /* _NFNETLINK_QUEUE_H */ diff -ruNp org/net/netfilter/nfnetlink_queue_core.c new/net/netfilter/nfnetlink_queue_core.c --- org/net/netfilter/nfnetlink_queue_core.c 2012-06-27 12:34:02.000000000 +0530 +++ new/net/netfilter/nfnetlink_queue_core.c 2012-06-27 14:00:46.153670918 +0530 @@ -910,6 +910,12 @@ nfqnl_recv_config(struct sock *ctnl, str flags = ntohl(nla_get_be32(nfqa[NFQA_CFG_FLAGS])); mask = ntohl(nla_get_be32(nfqa[NFQA_CFG_MASK])); + if (flags >= NFQA_CFG_F_FLAGS_MAX) { + /* flags has more bits than what is supported */ + ret = -EOPNOTSUPP; + goto err_out_unlock; + } + spin_lock_bh(&queue->lock); queue->flags &= ~mask; queue->flags |= flags & mask;