netfilter: conntrack: validate cta_ip via parsing - wireguard-linux

diff options

author	Lin Ma <linma@zju.edu.cn>	2023-07-12 21:32:36 +0800
committer	Florian Westphal <fw@strlen.de>	2023-07-27 13:45:51 +0200
commit	0c805e80e35d042a41c8702fa13f453a504d2ede (patch)
tree	8f1e1d701b72f5fb21ad6f722771ac33cbe6b51c /lib
parent	netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag options (diff)
download	wireguard-linux-0c805e80e35d042a41c8702fa13f453a504d2ede.tar.xz wireguard-linux-0c805e80e35d042a41c8702fa13f453a504d2ede.zip

netfilter: conntrack: validate cta_ip via parsing

In current ctnetlink_parse_tuple_ip() function, nested parsing and validation is splitting as two parts, which could be cleanup to a simplified form. As the nla_parse_nested_deprecated function supports validation in the fly. These two finially reach same place __nla_validate_parse with same validate flag. nla_parse_nested_deprecated __nla_parse(.., NL_VALIDATE_LIBERAL, ..) __nla_validate_parse nla_validate_nested_deprecated __nla_validate_nested(.., NL_VALIDATE_LIBERAL, ..) __nla_validate __nla_validate_parse This commit removes the call to nla_validate_nested_deprecated and pass cta_ip_nla_policy when do parsing. Signed-off-by: Lin Ma <linma@zju.edu.cn> Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Florian Westphal <fw@strlen.de>

Diffstat (limited to 'lib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: