nf_tables still uses manual attribute validation in multiple places.
Make NLA_POLICY_MASK available with NLA_BE16/NLA_BE32 and then start
using it for flag attribute validation.
Florian Westphal (2):
netlink: allow be16 and be32 types in all uint policy checks
netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag
options
include/net/netlink.h | 10 +++-------
lib/nlattr.c | 6 ++++++
net/netfilter/nft_fib.c | 13 +++++++------
net/netfilter/nft_lookup.c | 6 ++----
net/netfilter/nft_masq.c | 8 +++-----
net/netfilter/nft_nat.c | 8 +++-----
net/netfilter/nft_redir.c | 8 +++-----
7 files changed, 27 insertions(+), 32 deletions(-)
nf_tables still uses manual attribute validation in multiple places. Make NLA_POLICY_MASK available with NLA_BE16/NLA_BE32 and then start using it for flag attribute validation. Florian Westphal (2): netlink: allow be16 and be32 types in all uint policy checks netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag options include/net/netlink.h | 10 +++------- lib/nlattr.c | 6 ++++++ net/netfilter/nft_fib.c | 13 +++++++------ net/netfilter/nft_lookup.c | 6 ++---- net/netfilter/nft_masq.c | 8 +++----- net/netfilter/nft_nat.c | 8 +++----- net/netfilter/nft_redir.c | 8 +++----- 7 files changed, 27 insertions(+), 32 deletions(-)