aboutsummaryrefslogtreecommitdiff
path: root/net/netfilter
diff options
context:
space:
mode:
authorHarald Welte <laforge@netfilter.org>2005-08-09 20:03:54 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2005-08-29 15:40:06 -0700
commita42827b71b87fc9816d2f58626e825b0eb500efe (patch)
tree9f90bd210ca9d0d57bbdcd54beca2bc39c23c05d /net/netfilter
parent927ccbcc28dceee29dad876982768cca29738564 (diff)
[NETFILTER]: cleanup nfnetlink_check_attributes()
1) memset return parameter 'cda' (nfattr pointer array) only on success 2) a message without attributes and just a 'struct nfgenmsg' is valid, don't return -EINVAL 3) use likely() and unlikely() where apropriate Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter')
-rw-r--r--net/netfilter/nfnetlink.c19
1 files changed, 10 insertions, 9 deletions
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 578e4fe4094..84efffdbade 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -163,17 +163,16 @@ nfnetlink_check_attributes(struct nfnetlink_subsystem *subsys,
cb_id, subsys->cb_count);
return -EINVAL;
}
-
- attr_count = subsys->cb[cb_id].attr_count;
-
- memset(cda, 0, sizeof(struct nfattr *) * attr_count);
- /* check attribute lengths. */
min_len = NLMSG_ALIGN(sizeof(struct nfgenmsg));
- if (nlh->nlmsg_len < min_len)
+ if (unlikely(nlh->nlmsg_len < min_len))
return -EINVAL;
- if (nlh->nlmsg_len > min_len) {
+ attr_count = subsys->cb[cb_id].attr_count;
+ memset(cda, 0, sizeof(struct nfattr *) * attr_count);
+
+ /* check attribute lengths. */
+ if (likely(nlh->nlmsg_len > min_len)) {
struct nfattr *attr = NFM_NFA(NLMSG_DATA(nlh));
int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len);
@@ -186,8 +185,10 @@ nfnetlink_check_attributes(struct nfnetlink_subsystem *subsys,
}
attr = NFA_NEXT(attr, attrlen);
}
- } else
- return -EINVAL;
+ }
+
+ /* implicit: if nlmsg_len == min_len, we return 0, and an empty
+ * (zeroed) cda[] array. The message is valid, but empty. */
return 0;
}