[NETFILTER]: ctnetlink: use netlink policy (f73e924c) · Commits · e / devices / android_kernel_oneplus_sm7250

include/net/netfilter/nf_conntrack_l3proto.h

+2 −0

Original line number	Original line	Diff line number	Diff line
	@@ -12,6 +12,7 @@
	#ifndef _NF_CONNTRACK_L3PROTO_H		#ifndef _NF_CONNTRACK_L3PROTO_H
	#define _NF_CONNTRACK_L3PROTO_H		#define _NF_CONNTRACK_L3PROTO_H
	#include <linux/netlink.h>		#include <linux/netlink.h>
			#include <net/netlink.h>
	#include <linux/seq_file.h>		#include <linux/seq_file.h>
	#include <net/netfilter/nf_conntrack.h>		#include <net/netfilter/nf_conntrack.h>

	@@ -68,6 +69,7 @@ struct nf_conntrack_l3proto

	int (nlattr_to_tuple)(struct nlattr tb[],		int (nlattr_to_tuple)(struct nlattr tb[],
	struct nf_conntrack_tuple *t);		struct nf_conntrack_tuple *t);
			const struct nla_policy *nla_policy;

	#ifdef CONFIG_SYSCTL		#ifdef CONFIG_SYSCTL
	struct ctl_table_header *ctl_table_header;		struct ctl_table_header *ctl_table_header;

include/net/netfilter/nf_conntrack_l4proto.h

+3 −0

Original line number	Original line	Diff line number	Diff line
	@@ -10,6 +10,7 @@
	#ifndef _NF_CONNTRACK_L4PROTO_H		#ifndef _NF_CONNTRACK_L4PROTO_H
	#define _NF_CONNTRACK_L4PROTO_H		#define _NF_CONNTRACK_L4PROTO_H
	#include <linux/netlink.h>		#include <linux/netlink.h>
			#include <net/netlink.h>
	#include <net/netfilter/nf_conntrack.h>		#include <net/netfilter/nf_conntrack.h>

	struct seq_file;		struct seq_file;
	@@ -75,6 +76,7 @@ struct nf_conntrack_l4proto
	const struct nf_conntrack_tuple *t);		const struct nf_conntrack_tuple *t);
	int (nlattr_to_tuple)(struct nlattr tb[],		int (nlattr_to_tuple)(struct nlattr tb[],
	struct nf_conntrack_tuple *t);		struct nf_conntrack_tuple *t);
			const struct nla_policy *nla_policy;

	#ifdef CONFIG_SYSCTL		#ifdef CONFIG_SYSCTL
	struct ctl_table_header **ctl_table_header;		struct ctl_table_header **ctl_table_header;
	@@ -115,6 +117,7 @@ extern int nf_ct_port_tuple_to_nlattr(struct sk_buff *skb,
	const struct nf_conntrack_tuple *tuple);		const struct nf_conntrack_tuple *tuple);
	extern int nf_ct_port_nlattr_to_tuple(struct nlattr *tb[],		extern int nf_ct_port_nlattr_to_tuple(struct nlattr *tb[],
	struct nf_conntrack_tuple *t);		struct nf_conntrack_tuple *t);
			extern const struct nla_policy nf_ct_port_nla_policy[];

	/* Log invalid packets */		/* Log invalid packets */
	extern unsigned int nf_ct_log_invalid;		extern unsigned int nf_ct_log_invalid;

net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c

+4 −6

Original line number	Original line	Diff line number	Diff line
	@@ -373,9 +373,9 @@ static int ipv4_tuple_to_nlattr(struct sk_buff *skb,
	return -1;		return -1;
	}		}

	static const size_t cta_min_ip[CTA_IP_MAX+1] = {		static const struct nla_policy ipv4_nla_policy[CTA_IP_MAX+1] = {
	[CTA_IP_V4_SRC] = sizeof(u_int32_t),		[CTA_IP_V4_SRC] = { .type = NLA_U32 },
	[CTA_IP_V4_DST] = sizeof(u_int32_t),		[CTA_IP_V4_DST] = { .type = NLA_U32 },
	};		};

	static int ipv4_nlattr_to_tuple(struct nlattr *tb[],		static int ipv4_nlattr_to_tuple(struct nlattr *tb[],
	@@ -384,9 +384,6 @@ static int ipv4_nlattr_to_tuple(struct nlattr *tb[],
	if (!tb[CTA_IP_V4_SRC] \|\| !tb[CTA_IP_V4_DST])		if (!tb[CTA_IP_V4_SRC] \|\| !tb[CTA_IP_V4_DST])
	return -EINVAL;		return -EINVAL;

	if (nlattr_bad_size(tb, CTA_IP_MAX, cta_min_ip))
	return -EINVAL;

	t->src.u3.ip = (__be32 )nla_data(tb[CTA_IP_V4_SRC]);		t->src.u3.ip = (__be32 )nla_data(tb[CTA_IP_V4_SRC]);
	t->dst.u3.ip = (__be32 )nla_data(tb[CTA_IP_V4_DST]);		t->dst.u3.ip = (__be32 )nla_data(tb[CTA_IP_V4_DST]);

	@@ -413,6 +410,7 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4 __read_mostly = {
	#if defined(CONFIG_NF_CT_NETLINK) \|\| defined(CONFIG_NF_CT_NETLINK_MODULE)		#if defined(CONFIG_NF_CT_NETLINK) \|\| defined(CONFIG_NF_CT_NETLINK_MODULE)
	.tuple_to_nlattr = ipv4_tuple_to_nlattr,		.tuple_to_nlattr = ipv4_tuple_to_nlattr,
	.nlattr_to_tuple = ipv4_nlattr_to_tuple,		.nlattr_to_tuple = ipv4_nlattr_to_tuple,
			.nla_policy = ipv4_nla_policy,
	#endif		#endif
	#if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)		#if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
	.ctl_table_path = nf_net_ipv4_netfilter_sysctl_path,		.ctl_table_path = nf_net_ipv4_netfilter_sysctl_path,

net/ipv4/netfilter/nf_conntrack_proto_icmp.c

+5 −7

Original line number	Original line	Diff line number	Diff line
	@@ -248,10 +248,10 @@ static int icmp_tuple_to_nlattr(struct sk_buff *skb,
	return -1;		return -1;
	}		}

	static const size_t cta_min_proto[CTA_PROTO_MAX+1] = {		static const struct nla_policy icmp_nla_policy[CTA_PROTO_MAX+1] = {
	[CTA_PROTO_ICMP_TYPE] = sizeof(u_int8_t),		[CTA_PROTO_ICMP_TYPE] = { .type = NLA_U8 },
	[CTA_PROTO_ICMP_CODE] = sizeof(u_int8_t),		[CTA_PROTO_ICMP_CODE] = { .type = NLA_U8 },
	[CTA_PROTO_ICMP_ID] = sizeof(u_int16_t)		[CTA_PROTO_ICMP_ID] = { .type = NLA_U16 },
	};		};

	static int icmp_nlattr_to_tuple(struct nlattr *tb[],		static int icmp_nlattr_to_tuple(struct nlattr *tb[],
	@@ -262,9 +262,6 @@ static int icmp_nlattr_to_tuple(struct nlattr *tb[],
	\|\| !tb[CTA_PROTO_ICMP_ID])		\|\| !tb[CTA_PROTO_ICMP_ID])
	return -EINVAL;		return -EINVAL;

	if (nlattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto))
	return -EINVAL;

	tuple->dst.u.icmp.type =		tuple->dst.u.icmp.type =
	(u_int8_t )nla_data(tb[CTA_PROTO_ICMP_TYPE]);		(u_int8_t )nla_data(tb[CTA_PROTO_ICMP_TYPE]);
	tuple->dst.u.icmp.code =		tuple->dst.u.icmp.code =
	@@ -329,6 +326,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly =
	#if defined(CONFIG_NF_CT_NETLINK) \|\| defined(CONFIG_NF_CT_NETLINK_MODULE)		#if defined(CONFIG_NF_CT_NETLINK) \|\| defined(CONFIG_NF_CT_NETLINK_MODULE)
	.tuple_to_nlattr = icmp_tuple_to_nlattr,		.tuple_to_nlattr = icmp_tuple_to_nlattr,
	.nlattr_to_tuple = icmp_nlattr_to_tuple,		.nlattr_to_tuple = icmp_nlattr_to_tuple,
			.nla_policy = icmp_nla_policy,
	#endif		#endif
	#ifdef CONFIG_SYSCTL		#ifdef CONFIG_SYSCTL
	.ctl_table_header = &icmp_sysctl_header,		.ctl_table_header = &icmp_sysctl_header,

net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c

+4 −6

Original line number	Original line	Diff line number	Diff line
	@@ -350,9 +350,9 @@ static int ipv6_tuple_to_nlattr(struct sk_buff *skb,
	return -1;		return -1;
	}		}

	static const size_t cta_min_ip[CTA_IP_MAX+1] = {		static const struct nla_policy ipv6_nla_policy[CTA_IP_MAX+1] = {
	[CTA_IP_V6_SRC] = sizeof(u_int32_t)*4,		[CTA_IP_V6_SRC] = { .len = sizeof(u_int32_t)*4 },
	[CTA_IP_V6_DST] = sizeof(u_int32_t)*4,		[CTA_IP_V6_DST] = { .len = sizeof(u_int32_t)*4 },
	};		};

	static int ipv6_nlattr_to_tuple(struct nlattr *tb[],		static int ipv6_nlattr_to_tuple(struct nlattr *tb[],
	@@ -361,9 +361,6 @@ static int ipv6_nlattr_to_tuple(struct nlattr *tb[],
	if (!tb[CTA_IP_V6_SRC] \|\| !tb[CTA_IP_V6_DST])		if (!tb[CTA_IP_V6_SRC] \|\| !tb[CTA_IP_V6_DST])
	return -EINVAL;		return -EINVAL;

	if (nlattr_bad_size(tb, CTA_IP_MAX, cta_min_ip))
	return -EINVAL;

	memcpy(&t->src.u3.ip6, nla_data(tb[CTA_IP_V6_SRC]),		memcpy(&t->src.u3.ip6, nla_data(tb[CTA_IP_V6_SRC]),
	sizeof(u_int32_t) * 4);		sizeof(u_int32_t) * 4);
	memcpy(&t->dst.u3.ip6, nla_data(tb[CTA_IP_V6_DST]),		memcpy(&t->dst.u3.ip6, nla_data(tb[CTA_IP_V6_DST]),
	@@ -384,6 +381,7 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6 __read_mostly = {
	#if defined(CONFIG_NF_CT_NETLINK) \|\| defined(CONFIG_NF_CT_NETLINK_MODULE)		#if defined(CONFIG_NF_CT_NETLINK) \|\| defined(CONFIG_NF_CT_NETLINK_MODULE)
	.tuple_to_nlattr = ipv6_tuple_to_nlattr,		.tuple_to_nlattr = ipv6_tuple_to_nlattr,
	.nlattr_to_tuple = ipv6_nlattr_to_tuple,		.nlattr_to_tuple = ipv6_nlattr_to_tuple,
			.nla_policy = ipv6_nla_policy,
	#endif		#endif
	#ifdef CONFIG_SYSCTL		#ifdef CONFIG_SYSCTL
	.ctl_table_path = nf_net_netfilter_sysctl_path,		.ctl_table_path = nf_net_netfilter_sysctl_path,