Skip to content

Commit 336a3b3

Browse files
ummakynesummakynes
committed
netfilter: nfnetlink_log: consolidate check for instance in nfulnl_recv_config()
This patch consolidates the check for valid logger instance once we have passed the command handling: The config message that we receive may contain the following info: 1) Command only: We always get a valid instance pointer if we just created it. In case that the instance is being destroyed or the command is unknown, we jump to exit path of nfulnl_recv_config(). This patch doesn't modify this handling. 2) Config only: In this case, the instance must always exist since the user is asking for configuration updates. If the instance doesn't exist this returns -ENODEV. 3) No command and no configs are specified: This case is rare. The user is sending us a config message with neither commands nor config options. In this case, we have to check if the instance exists and bail out otherwise. Before this patch, it was possible to send a config message with no command and no config updates for an unexisting instance without triggering an error. So this is the only case that changes. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Tested-by: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
1 parent dbb526e commit 336a3b3

File tree

1 file changed

+5
-23
lines changed

1 file changed

+5
-23
lines changed

net/netfilter/nfnetlink_log.c

Lines changed: 5 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -874,58 +874,40 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
874874
ret = -ENOTSUPP;
875875
break;
876876
}
877+
} else if (!inst) {
878+
ret = -ENODEV;
879+
goto out;
877880
}
878881

879882
if (nfula[NFULA_CFG_MODE]) {
880-
struct nfulnl_msg_config_mode *params;
881-
params = nla_data(nfula[NFULA_CFG_MODE]);
883+
struct nfulnl_msg_config_mode *params =
884+
nla_data(nfula[NFULA_CFG_MODE]);
882885

883-
if (!inst) {
884-
ret = -ENODEV;
885-
goto out;
886-
}
887886
nfulnl_set_mode(inst, params->copy_mode,
888887
ntohl(params->copy_range));
889888
}
890889

891890
if (nfula[NFULA_CFG_TIMEOUT]) {
892891
__be32 timeout = nla_get_be32(nfula[NFULA_CFG_TIMEOUT]);
893892

894-
if (!inst) {
895-
ret = -ENODEV;
896-
goto out;
897-
}
898893
nfulnl_set_timeout(inst, ntohl(timeout));
899894
}
900895

901896
if (nfula[NFULA_CFG_NLBUFSIZ]) {
902897
__be32 nlbufsiz = nla_get_be32(nfula[NFULA_CFG_NLBUFSIZ]);
903898

904-
if (!inst) {
905-
ret = -ENODEV;
906-
goto out;
907-
}
908899
nfulnl_set_nlbufsiz(inst, ntohl(nlbufsiz));
909900
}
910901

911902
if (nfula[NFULA_CFG_QTHRESH]) {
912903
__be32 qthresh = nla_get_be32(nfula[NFULA_CFG_QTHRESH]);
913904

914-
if (!inst) {
915-
ret = -ENODEV;
916-
goto out;
917-
}
918905
nfulnl_set_qthresh(inst, ntohl(qthresh));
919906
}
920907

921908
if (nfula[NFULA_CFG_FLAGS]) {
922909
u16 flags = ntohs(nla_get_be16(nfula[NFULA_CFG_FLAGS]));
923910

924-
if (!inst) {
925-
ret = -ENODEV;
926-
goto out;
927-
}
928-
929911
if (flags & NFULNL_CFG_F_CONNTRACK &&
930912
!rcu_access_pointer(nfnl_ct_hook)) {
931913
#ifdef CONFIG_MODULES

0 commit comments

Comments
 (0)