netfilter: xt_HL: add pr_fmt and checkentry validation

Add pr_fmt to prefix log messages with the module name for
easier debugging in dmesg.

Add checkentry functions for IPv4 (ttl_mt_check) and IPv6
(hl_mt6_check) to validate the match mode at rule registration
time, rejecting invalid modes with -EINVAL.

The evaluation function returns false in case the mode is
unknown, so this is a cleanup, not a bug fix.

Signed-off-by: Marino Dzalto <marino.dzalto@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/net/netfilter/xt_hl.c b/net/netfilter/xt_hl.c
index c1a70f8f044171b1d7febc3c874175128a30c47f..4a12a757ecbf86d4bacbf7b889ecc3c2a0d501fa 100644 (file)
--- a/net/netfilter/xt_hl.c
+++ b/net/netfilter/xt_hl.c
@@ -6,6 +6,7 @@
  * Hop Limit matching module
  * (C) 2001-2002 Maciej Soltysiak <solt@dns.toxicfilms.tv>
  */
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 
 #include <linux/ip.h>
 #include <linux/ipv6.h>
@@ -22,6 +23,18 @@ MODULE_LICENSE("GPL");
 MODULE_ALIAS("ipt_ttl");
 MODULE_ALIAS("ip6t_hl");
 
+static int ttl_mt_check(const struct xt_mtchk_param *par)
+{
+       const struct ipt_ttl_info *info = par->matchinfo;
+
+       if (info->mode > IPT_TTL_GT) {
+               pr_err("Unknown TTL match mode: %d\n", info->mode);
+               return -EINVAL;
+       }
+
+       return 0;
+}
+
 static bool ttl_mt(const struct sk_buff *skb, struct xt_action_param *par)
 {
        const struct ipt_ttl_info *info = par->matchinfo;
@@ -41,6 +54,18 @@ static bool ttl_mt(const struct sk_buff *skb, struct xt_action_param *par)
        return false;
 }
 
+static int hl_mt6_check(const struct xt_mtchk_param *par)
+{
+       const struct ip6t_hl_info *info = par->matchinfo;
+
+       if (info->mode > IP6T_HL_GT) {
+               pr_err("Unknown Hop Limit match mode: %d\n", info->mode);
+               return -EINVAL;
+       }
+
+       return 0;
+}
+
 static bool hl_mt6(const struct sk_buff *skb, struct xt_action_param *par)
 {
        const struct ip6t_hl_info *info = par->matchinfo;
@@ -65,6 +90,7 @@ static struct xt_match hl_mt_reg[] __read_mostly = {
                .name       = "ttl",
                .revision   = 0,
                .family     = NFPROTO_IPV4,
+               .checkentry = ttl_mt_check,
                .match      = ttl_mt,
                .matchsize  = sizeof(struct ipt_ttl_info),
                .me         = THIS_MODULE,
@@ -73,6 +99,7 @@ static struct xt_match hl_mt_reg[] __read_mostly = {
                .name       = "hl",
                .revision   = 0,
                .family     = NFPROTO_IPV6,
+               .checkentry = hl_mt6_check,
                .match      = hl_mt6,
                .matchsize  = sizeof(struct ip6t_hl_info),
                .me         = THIS_MODULE,