diff options
| author | Florian Westphal <fw@strlen.de> | 2026-04-04 13:09:05 +0300 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2026-04-10 13:16:26 +0300 |
| commit | 74feb7d373b32a63d7986a2caf9689c860c9a761 (patch) | |
| tree | 4e040652c5aa792aa48fcd1274f53b823bd3acd5 | |
| parent | 8df772afc9d016b597d22a1431e7011b90ce1fb3 (diff) | |
| download | linux-74feb7d373b32a63d7986a2caf9689c860c9a761.tar.xz | |
netfilter: nfnetlink: prefer skb_mac_header helpers
This adds implicit DEBUG_WARN_ON_ONCE for debug configurations.
No other changes intended.
Signed-off-by: Florian Westphal <fw@strlen.de>
| -rw-r--r-- | net/netfilter/nfnetlink_log.c | 19 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_queue.c | 25 |
2 files changed, 22 insertions, 22 deletions
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index b2c24cb919d4..2439cbbd5b26 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c @@ -401,7 +401,7 @@ nfulnl_timer(struct timer_list *t) static u32 nfulnl_get_bridge_size(const struct sk_buff *skb) { - u32 size = 0; + u32 mac_len, size = 0; if (!skb_mac_header_was_set(skb)) return 0; @@ -412,14 +412,17 @@ static u32 nfulnl_get_bridge_size(const struct sk_buff *skb) size += nla_total_size(sizeof(u16)); /* tag */ } - if (skb->network_header > skb->mac_header) - size += nla_total_size(skb->network_header - skb->mac_header); + mac_len = skb_mac_header_len(skb); + if (mac_len > 0) + size += nla_total_size(mac_len); return size; } static int nfulnl_put_bridge(struct nfulnl_instance *inst, const struct sk_buff *skb) { + u32 mac_len; + if (!skb_mac_header_was_set(skb)) return 0; @@ -437,12 +440,10 @@ static int nfulnl_put_bridge(struct nfulnl_instance *inst, const struct sk_buff nla_nest_end(inst->skb, nest); } - if (skb->mac_header < skb->network_header) { - int len = (int)(skb->network_header - skb->mac_header); - - if (nla_put(inst->skb, NFULA_L2HDR, len, skb_mac_header(skb))) - goto nla_put_failure; - } + mac_len = skb_mac_header_len(skb); + if (mac_len > 0 && + nla_put(inst->skb, NFULA_L2HDR, mac_len, skb_mac_header(skb))) + goto nla_put_failure; return 0; diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index c7ee6f6ff725..58304fd1f70f 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -579,6 +579,7 @@ static u32 nfqnl_get_bridge_size(struct nf_queue_entry *entry) { struct sk_buff *entskb = entry->skb; u32 nlalen = 0; + u32 mac_len; if (entry->state.pf != PF_BRIDGE || !skb_mac_header_was_set(entskb)) return 0; @@ -587,9 +588,9 @@ static u32 nfqnl_get_bridge_size(struct nf_queue_entry *entry) nlalen += nla_total_size(nla_total_size(sizeof(__be16)) + nla_total_size(sizeof(__be16))); - if (entskb->network_header > entskb->mac_header) - nlalen += nla_total_size((entskb->network_header - - entskb->mac_header)); + mac_len = skb_mac_header_len(entskb); + if (mac_len > 0) + nlalen += nla_total_size(mac_len); return nlalen; } @@ -597,6 +598,7 @@ static u32 nfqnl_get_bridge_size(struct nf_queue_entry *entry) static int nfqnl_put_bridge(struct nf_queue_entry *entry, struct sk_buff *skb) { struct sk_buff *entskb = entry->skb; + u32 mac_len; if (entry->state.pf != PF_BRIDGE || !skb_mac_header_was_set(entskb)) return 0; @@ -615,12 +617,10 @@ static int nfqnl_put_bridge(struct nf_queue_entry *entry, struct sk_buff *skb) nla_nest_end(skb, nest); } - if (entskb->mac_header < entskb->network_header) { - int len = (int)(entskb->network_header - entskb->mac_header); - - if (nla_put(skb, NFQA_L2HDR, len, skb_mac_header(entskb))) - goto nla_put_failure; - } + mac_len = skb_mac_header_len(entskb); + if (mac_len > 0 && + nla_put(skb, NFQA_L2HDR, mac_len, skb_mac_header(entskb))) + goto nla_put_failure; return 0; @@ -1004,13 +1004,13 @@ nf_queue_entry_dup(struct nf_queue_entry *e) static void nf_bridge_adjust_skb_data(struct sk_buff *skb) { if (nf_bridge_info_get(skb)) - __skb_push(skb, skb->network_header - skb->mac_header); + __skb_push(skb, skb_mac_header_len(skb)); } static void nf_bridge_adjust_segmented_data(struct sk_buff *skb) { if (nf_bridge_info_get(skb)) - __skb_pull(skb, skb->network_header - skb->mac_header); + __skb_pull(skb, skb_mac_header_len(skb)); } #else #define nf_bridge_adjust_skb_data(s) do {} while (0) @@ -1469,8 +1469,7 @@ static int nfqa_parse_bridge(struct nf_queue_entry *entry, } if (nfqa[NFQA_L2HDR]) { - int mac_header_len = entry->skb->network_header - - entry->skb->mac_header; + u32 mac_header_len = skb_mac_header_len(entry->skb); if (mac_header_len != nla_len(nfqa[NFQA_L2HDR])) return -EINVAL; |