netfilter: nft_lookup: use nft_validate_register_store() to validate types

In preparation of validating the length of a register store, use nft_validate_register_store() in nft_lookup instead of open coding the validation. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Patrick McHardy <kaber@trash.net> 2015-04-11 02:27:28 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-04-13 16:25:49 +0200
commit: 58f40ab6e2427532881a79e139a4aaae7fbe1826 (patch)
tree: f6f7998998dd1faafd5ebc90948ec8d4d4b74e6a /net/netfilter/nft_lookup.c
parent: netfilter: nf_tables: rename nft_validate_data_load() (diff)
download: linux-dev-58f40ab6e2427532881a79e139a4aaae7fbe1826.tar.xz
linux-dev-58f40ab6e2427532881a79e139a4aaae7fbe1826.zip
1 files changed, 4 insertions, 5 deletions
diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c
index d8cf86fb30fc..3e4d8efa76bc 100644
--- a/net/netfilter/nft_lookup.c
+++ b/net/netfilter/nft_lookup.c
@@ -84,11 +84,10 @@ static int nft_lookup_init(const struct nft_ctx *ctx,
 		if (err < 0)
 			return err;
 
-		if (priv->dreg == NFT_REG_VERDICT) {
-			if (set->dtype != NFT_DATA_VERDICT)
-				return -EINVAL;
-		} else if (set->dtype == NFT_DATA_VERDICT)
-			return -EINVAL;
+		err = nft_validate_register_store(ctx, priv->dreg, NULL,
+						  set->dtype, set->dlen);
+		if (err < 0)
+			return err;
 	} else if (set->flags & NFT_SET_MAP)
 		return -EINVAL;
author	Patrick McHardy <kaber@trash.net>	2015-04-11 02:27:28 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-04-13 16:25:49 +0200
commit	58f40ab6e2427532881a79e139a4aaae7fbe1826 (patch)
tree	f6f7998998dd1faafd5ebc90948ec8d4d4b74e6a /net/netfilter/nft_lookup.c
parent	netfilter: nf_tables: rename nft_validate_data_load() (diff)
download	linux-dev-58f40ab6e2427532881a79e139a4aaae7fbe1826.tar.xz linux-dev-58f40ab6e2427532881a79e139a4aaae7fbe1826.zip