netfilter: expect: Make sure the max_expected limit is effective
authorGao Feng <fgao@ikuai8.com>
Fri, 24 Mar 2017 13:32:19 +0000 (21:32 +0800)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 6 Apr 2017 16:32:16 +0000 (18:32 +0200)
commit92f73221f9e9e143d242e3eca9c512dac969765e
tree9c493bd487511b3230393788568bfe3ae3ae81a2
parentf323d9546927a012cafbb7e503e6aa0e9fbff94b
netfilter: expect: Make sure the max_expected limit is effective

Because the type of expecting, the member of nf_conn_help, is u8, it
would overflow after reach U8_MAX(255). So it doesn't work when we
configure the max_expected exceeds 255 with expect policy.

Now add the check for max_expected. Return the -EINVAL when it exceeds
the limit.

Signed-off-by: Gao Feng <fgao@ikuai8.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_conntrack_expect.h
net/netfilter/nf_conntrack_helper.c
net/netfilter/nf_conntrack_irc.c
net/netfilter/nfnetlink_cthelper.c