netfilter: nfnetlink: prefer skb_mac_header helpers

author Florian Westphal <fw@strlen.de>

Sat, 4 Apr 2026 10:09:05 +0000 (12:09 +0200)

committer Florian Westphal <fw@strlen.de>

Fri, 10 Apr 2026 10:16:26 +0000 (12:16 +0200)
author Florian Westphal <fw@strlen.de>
Sat, 4 Apr 2026 10:09:05 +0000 (12:09 +0200)
committer Florian Westphal <fw@strlen.de>
Fri, 10 Apr 2026 10:16:26 +0000 (12:16 +0200)
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c

index b2c24cb919d4ba72259ab731cf4df7586068eba5..2439cbbd5b268e6de9fdd6b96f7abcbfc2b9d1fd 100644 (file)
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -401,7 +401,7 @@ nfulnl_timer(struct timer_list *t)
  
  static u32 nfulnl_get_bridge_size(const struct sk_buff *skb)
  {
-       u32 size = 0;
+       u32 mac_len, size = 0;
  
         if (!skb_mac_header_was_set(skb))
                 return 0;
@@ -412,14 +412,17 @@ static u32 nfulnl_get_bridge_size(const struct sk_buff *skb)
                 size += nla_total_size(sizeof(u16)); /* tag */
         }
  
-       if (skb->network_header > skb->mac_header)
-               size += nla_total_size(skb->network_header - skb->mac_header);
+       mac_len = skb_mac_header_len(skb);
+       if (mac_len > 0)
+               size += nla_total_size(mac_len);
  
         return size;
  }
  
  static int nfulnl_put_bridge(struct nfulnl_instance *inst, const struct sk_buff *skb)
  {
+       u32 mac_len;
+
         if (!skb_mac_header_was_set(skb))
                 return 0;
  
@@ -437,12 +440,10 @@ static int nfulnl_put_bridge(struct nfulnl_instance *inst, const struct sk_buff
                 nla_nest_end(inst->skb, nest);
         }
  
-       if (skb->mac_header < skb->network_header) {
-               int len = (int)(skb->network_header - skb->mac_header);
-
-               if (nla_put(inst->skb, NFULA_L2HDR, len, skb_mac_header(skb)))
-                       goto nla_put_failure;
-       }
+       mac_len = skb_mac_header_len(skb);
+       if (mac_len > 0 &&
+           nla_put(inst->skb, NFULA_L2HDR, mac_len, skb_mac_header(skb)))
+               goto nla_put_failure;
  
         return 0;
  
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c

index c7ee6f6ff725da2af3cd4dcff8ec7e15958d1cfd..58304fd1f70ffde4fb617a517552288ae9154a63 100644 (file)
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -579,6 +579,7 @@ static u32 nfqnl_get_bridge_size(struct nf_queue_entry *entry)
  {
         struct sk_buff *entskb = entry->skb;
         u32 nlalen = 0;
+       u32 mac_len;
  
         if (entry->state.pf != PF_BRIDGE || !skb_mac_header_was_set(entskb))
                 return 0;
@@ -587,9 +588,9 @@ static u32 nfqnl_get_bridge_size(struct nf_queue_entry *entry)
                 nlalen += nla_total_size(nla_total_size(sizeof(__be16)) +
                                          nla_total_size(sizeof(__be16)));
  
-       if (entskb->network_header > entskb->mac_header)
-               nlalen += nla_total_size((entskb->network_header -
-                                         entskb->mac_header));
+       mac_len = skb_mac_header_len(entskb);
+       if (mac_len > 0)
+               nlalen += nla_total_size(mac_len);
  
         return nlalen;
  }
@@ -597,6 +598,7 @@ static u32 nfqnl_get_bridge_size(struct nf_queue_entry *entry)
  static int nfqnl_put_bridge(struct nf_queue_entry *entry, struct sk_buff *skb)
  {
         struct sk_buff *entskb = entry->skb;
+       u32 mac_len;
  
         if (entry->state.pf != PF_BRIDGE || !skb_mac_header_was_set(entskb))
                 return 0;
@@ -615,12 +617,10 @@ static int nfqnl_put_bridge(struct nf_queue_entry *entry, struct sk_buff *skb)
                 nla_nest_end(skb, nest);
         }
  
-       if (entskb->mac_header < entskb->network_header) {
-               int len = (int)(entskb->network_header - entskb->mac_header);
-
-               if (nla_put(skb, NFQA_L2HDR, len, skb_mac_header(entskb)))
-                       goto nla_put_failure;
-       }
+       mac_len = skb_mac_header_len(entskb);
+       if (mac_len > 0 &&
+           nla_put(skb, NFQA_L2HDR, mac_len, skb_mac_header(entskb)))
+               goto nla_put_failure;
  
         return 0;
  
@@ -1004,13 +1004,13 @@ nf_queue_entry_dup(struct nf_queue_entry *e)
  static void nf_bridge_adjust_skb_data(struct sk_buff *skb)
  {
         if (nf_bridge_info_get(skb))
-               __skb_push(skb, skb->network_header - skb->mac_header);
+               __skb_push(skb, skb_mac_header_len(skb));
  }
  
  static void nf_bridge_adjust_segmented_data(struct sk_buff *skb)
  {
         if (nf_bridge_info_get(skb))
-               __skb_pull(skb, skb->network_header - skb->mac_header);
+               __skb_pull(skb, skb_mac_header_len(skb));
  }
  #else
  #define nf_bridge_adjust_skb_data(s) do {} while (0)
@@ -1469,8 +1469,7 @@ static int nfqa_parse_bridge(struct nf_queue_entry *entry,
         }
  
         if (nfqa[NFQA_L2HDR]) {
-               int mac_header_len = entry->skb->network_header -
-                       entry->skb->mac_header;
+               u32 mac_header_len = skb_mac_header_len(entry->skb);
  
                 if (mac_header_len != nla_len(nfqa[NFQA_L2HDR]))
                         return -EINVAL;
author	Florian Westphal <fw@strlen.de>
	Sat, 4 Apr 2026 10:09:05 +0000 (12:09 +0200)
committer	Florian Westphal <fw@strlen.de>
	Fri, 10 Apr 2026 10:16:26 +0000 (12:16 +0200)
net/netfilter/nfnetlink_log.c		patch \| blob \| blame \| history
net/netfilter/nfnetlink_queue.c		patch \| blob \| blame \| history