summaryrefslogtreecommitdiff
path: root/net/ipv4/netfilter/ipt_connmark.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv4/netfilter/ipt_connmark.c')
-rw-r--r--net/ipv4/netfilter/ipt_connmark.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/ipt_connmark.c b/net/ipv4/netfilter/ipt_connmark.c
index 2706f96cea5..bf8de47ce00 100644
--- a/net/ipv4/netfilter/ipt_connmark.c
+++ b/net/ipv4/netfilter/ipt_connmark.c
@@ -54,9 +54,16 @@ checkentry(const char *tablename,
unsigned int matchsize,
unsigned int hook_mask)
{
+ struct ipt_connmark_info *cm =
+ (struct ipt_connmark_info *)matchinfo;
if (matchsize != IPT_ALIGN(sizeof(struct ipt_connmark_info)))
return 0;
+ if (cm->mark > 0xffffffff || cm->mask > 0xffffffff) {
+ printk(KERN_WARNING "connmark: only support 32bit mark\n");
+ return 0;
+ }
+
return 1;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-17 12:32:12 +0000