From patchwork Thu Sep 22 14:28:52 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Liping Zhang X-Patchwork-Id: 673431 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3sfzQt1mklz9t15 for ; Fri, 23 Sep 2016 00:29:42 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=163.com header.i=@163.com header.b=lx9Ha5Nr; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934187AbcIVO3l (ORCPT ); Thu, 22 Sep 2016 10:29:41 -0400 Received: from m12-13.163.com ([220.181.12.13]:41221 "EHLO m12-13.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934041AbcIVO3k (ORCPT ); Thu, 22 Sep 2016 10:29:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=HLsiBOkZ4XqzhZ7byH wuN8zRr3WItT+Km/nXb0uIRkE=; b=lx9Ha5Nr02w60PNEpf4PNehBX1wlb/0YOU QC5cKerUtzGrBjibS8YDu5+eTGKl7hWDAETPalnFtnQFgnOsJD+gyzHaQMWdc8IA UNpV2ouvJkMFhjhcYwdwS8XMwc/y2sP8CcbxbBw8jkPnBGF6EPzHej0UWt5kff/5 XhWA9BIpI= Received: from MiWiFi-R2D-srv.localdomain (unknown [180.170.252.41]) by smtp9 (Coremail) with SMTP id DcCowADnYyG96uNXsWy9AA--.2174S3; Thu, 22 Sep 2016 22:29:29 +0800 (CST) From: Liping Zhang To: pablo@netfilter.org Cc: netfilter-devel@vger.kernel.org, Liping Zhang Subject: [PATCH nf-next 2/2] netfilter: nft_ct: report error if mark and dir specified simultaneously Date: Thu, 22 Sep 2016 22:28:52 +0800 Message-Id: <1474554532-50664-2-git-send-email-zlpnobody@163.com> X-Mailer: git-send-email 2.5.5 In-Reply-To: <1474554532-50664-1-git-send-email-zlpnobody@163.com> References: <1474554532-50664-1-git-send-email-zlpnobody@163.com> X-CM-TRANSID: DcCowADnYyG96uNXsWy9AA--.2174S3 X-Coremail-Antispam: 1Uf129KBjvdXoW7Gw1fuFyfurWUXrWrJw4xZwb_yoW3Kwc_Zr Wvga95tF48XwnY9wsrXF42qr9rG3y8CF1fWr9Fqw1UZ343C3yvvFWkWF1F934fuwsrGFy8 J34kKF1jvry7KjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IU0Gii7UUUUU== X-Originating-IP: [180.170.252.41] X-CM-SenderInfo: x2os00perg5qqrwthudrp/xtbBZwnsl1etkPNffgAAst Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: Liping Zhang NFT_CT_MARK is unrelated to direction, so if NFTA_CT_DIRECTION attr is specified, report EINVAL to the userspace. This validation check was already done at nft_ct_get_init, but we missed it in nft_ct_set_init. Signed-off-by: Liping Zhang --- net/netfilter/nft_ct.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c index 825fbbc..d7b0d171 100644 --- a/net/netfilter/nft_ct.c +++ b/net/netfilter/nft_ct.c @@ -364,6 +364,8 @@ static int nft_ct_set_init(const struct nft_ctx *ctx, switch (priv->key) { #ifdef CONFIG_NF_CONNTRACK_MARK case NFT_CT_MARK: + if (tb[NFTA_CT_DIRECTION]) + return -EINVAL; len = FIELD_SIZEOF(struct nf_conn, mark); break; #endif