From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 07/07]: ipt action: use xt_check_target for basic verification
Date: Fri, 21 Apr 2006 03:06:57 +0200 (MEST) [thread overview]
Message-ID: <20060421010657.8466.36526.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20060421010648.8466.94593.sendpatchset@localhost.localdomain>
[NETFILTER]: ipt action: use xt_check_target for basic verification
The targets don't do the basic verification themselves anymore so
the ipt action needs to take care of it.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 42a2de55185ffa55f70e289e708d492eae2685c5
tree 49d5316c896a1801f2f1abedb73b8e052522c6c9
parent 81b536eef7989c16a2d59ced319aafaaf9e3ed03
author Patrick McHardy <kaber@trash.net> Fri, 21 Apr 2006 03:03:53 +0200
committer Patrick McHardy <kaber@trash.net> Fri, 21 Apr 2006 03:03:53 +0200
net/sched/act_ipt.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c
index 6056d20..37640c6 100644
--- a/net/sched/act_ipt.c
+++ b/net/sched/act_ipt.c
@@ -69,6 +69,11 @@ ipt_init_target(struct ipt_entry_target
DPRINTK("ipt_init_target: found %s\n", target->name);
t->u.kernel.target = target;
+ ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t),
+ table, hook, 0, 0);
+ if (ret)
+ return ret;
+
if (t->u.kernel.target->checkentry
&& !t->u.kernel.target->checkentry(table, NULL,
t->u.kernel.target, t->data,
next prev parent reply other threads:[~2006-04-21 1:06 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-21 1:06 [NETFILTER 00/07]: Netfilter fixes for 2.6.17 Patrick McHardy
2006-04-21 1:06 ` [NETFILTER 01/07]: nf_conntrack: Fix module refcount dropping too far Patrick McHardy
2006-04-21 1:06 ` [NETFILTER 02/07]: ULOG target is not obsolete Patrick McHardy
2006-04-21 1:06 ` [NETFILTER 03/07]: Fix compat_xt_counters alignment for non-x86 Patrick McHardy
2006-04-21 1:06 ` [NETFILTER 04/07]: nf_conntrack: kill unused callback init_conntrack Patrick McHardy
2006-04-21 1:06 ` [NETFILTER 05/07]: ip6_tables: remove broken comefrom debugging Patrick McHardy
2006-04-21 1:06 ` [NETFILTER 06/07]: x_tables: move table->lock initialization Patrick McHardy
2006-04-21 1:06 ` Patrick McHardy [this message]
2006-04-25 0:54 ` [NETFILTER 00/07]: Netfilter fixes for 2.6.17 David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060421010657.8466.36526.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.