[PATCH 5/6] cleanup nfnetlink_check_attributes()

Harald Welte Tue, 02 Aug 2005 04:00:22 -0700

[NETFILTER] cleanup nfnetlink_check_attributes()

1) memset return parameter 'cda' (nfattr pointer array) only on success
2) a message without attributes and just a 'struct nfgenmsg' is valid,
   don't return -EINVAL
3) use likely() and unlikely() where apropriate


Signed-off-by: Harald Welte <[EMAIL PROTECTED]>

---
commit 2f6e0aaca19a462e324ed78f01dfa06e36d73054
tree a0a8b02e5bf16da87d816baad7650151c355126e
parent 9ae30513b70ed5325f66adc02788a7d6ef69cb1e
author Harald Welte <[EMAIL PROTECTED]> Di, 02 Aug 2005 12:24:48 +0200
committer Harald Welte <[EMAIL PROTECTED]> Di, 02 Aug 2005 12:24:48 +0200

 net/netfilter/nfnetlink.c |   19 ++++++++++---------
 1 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -163,17 +163,16 @@ nfnetlink_check_attributes(struct nfnetl
                        cb_id, subsys->cb_count);
                return -EINVAL;
        }
-       
-       attr_count = subsys->cb[cb_id].attr_count;
-
-       memset(cda, 0, sizeof(struct nfattr *) * attr_count);
 
-       /* check attribute lengths. */
        min_len = NLMSG_ALIGN(sizeof(struct nfgenmsg));
-       if (nlh->nlmsg_len < min_len)
+       if (unlikely(nlh->nlmsg_len < min_len))
                return -EINVAL;
 
-       if (nlh->nlmsg_len > min_len) {
+       attr_count = subsys->cb[cb_id].attr_count;
+       memset(cda, 0, sizeof(struct nfattr *) * attr_count);
+
+       /* check attribute lengths. */
+       if (likely(nlh->nlmsg_len > min_len)) {
                struct nfattr *attr = NFM_NFA(NLMSG_DATA(nlh));
                int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len);
 
@@ -186,8 +185,10 @@ nfnetlink_check_attributes(struct nfnetl
                        }
                        attr = NFA_NEXT(attr, attrlen);
                }
-       } else
-               return -EINVAL;
+       }
+
+       /* implicit: if nlmsg_len == min_len, we return 0, and an empty
+        * (zeroed) cda[] array. The message is valid, but empty. */
 
         return 0;
 }
-- 
- Harald Welte <[EMAIL PROTECTED]>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

pgpl9YYoZogw7.pgp
Description: PGP signature

[PATCH 5/6] cleanup nfnetlink_check_attributes()

Reply via email to