This patch adds four (actually two) attributes validation with
comparing to current kernel header.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
case NFQA_SECCTX:
case NFQA_UID:
case NFQA_GID:
+ case NFQA_CT_INFO:
if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
return MNL_CB_ERROR;
break;
return MNL_CB_ERROR;
}
break;
+ case NFQA_PACKET_HDR:
+ if (mnl_attr_validate2(attr, MNL_TYPE_UNSPEC,
+ sizeof(struct nfqnl_msg_packet_hdr)) < 0) {
+ return MNL_CB_ERROR;
+ }
+ break;
case NFQA_PAYLOAD:
+ case NFQA_CT:
+ case NFQA_EXP:
break;
}
tb[type] = attr;