1 files changed, 26 insertions, 35 deletions

diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c
index 2662cac..b9b688e 100644
--- a/src/obj/ct_timeout.c
+++ b/src/obj/ct_timeout.c
@@ -21,7 +21,7 @@
 
 #include "obj.h"
 
-static const char *const tcp_state_to_name[] = {
+static const char *const tcp_state_to_name[NFTNL_CTTIMEOUT_TCP_MAX] = {
 	[NFTNL_CTTIMEOUT_TCP_SYN_SENT]		= "SYN_SENT",
 	[NFTNL_CTTIMEOUT_TCP_SYN_RECV]		= "SYN_RECV",
 	[NFTNL_CTTIMEOUT_TCP_ESTABLISHED]	= "ESTABLISHED",
@@ -35,7 +35,7 @@ static const char *const tcp_state_to_name[] = {
 	[NFTNL_CTTIMEOUT_TCP_UNACK]		= "UNACKNOWLEDGED",
 };
 
-static uint32_t tcp_dflt_timeout[] = {
+static uint32_t tcp_dflt_timeout[NFTNL_CTTIMEOUT_TCP_MAX] = {
 	[NFTNL_CTTIMEOUT_TCP_SYN_SENT]		= 120,
 	[NFTNL_CTTIMEOUT_TCP_SYN_RECV]		= 60,
 	[NFTNL_CTTIMEOUT_TCP_ESTABLISHED]	= 432000,
@@ -49,12 +49,12 @@ static uint32_t tcp_dflt_timeout[] = {
 	[NFTNL_CTTIMEOUT_TCP_UNACK]		= 300,
 };
 
-static const char *const udp_state_to_name[] = {
+static const char *const udp_state_to_name[NFTNL_CTTIMEOUT_UDP_MAX] = {
 	[NFTNL_CTTIMEOUT_UDP_UNREPLIED]		= "UNREPLIED",
 	[NFTNL_CTTIMEOUT_UDP_REPLIED]		= "REPLIED",
 };
 
-static uint32_t udp_dflt_timeout[] = {
+static uint32_t udp_dflt_timeout[NFTNL_CTTIMEOUT_UDP_MAX] = {
 	[NFTNL_CTTIMEOUT_UDP_UNREPLIED]		= 30,
 	[NFTNL_CTTIMEOUT_UDP_REPLIED]		= 180,
 };
@@ -150,17 +150,18 @@ static int nftnl_obj_ct_timeout_set(struct nftnl_obj *e, uint16_t type,
 
 	switch (type) {
 	case NFTNL_OBJ_CT_TIMEOUT_L3PROTO:
-		memcpy(&timeout->l3proto, data, sizeof(timeout->l3proto));
+		memcpy(&timeout->l3proto, data, data_len);
 		break;
 	case NFTNL_OBJ_CT_TIMEOUT_L4PROTO:
-		memcpy(&timeout->l4proto, data, sizeof(timeout->l4proto));
+		memcpy(&timeout->l4proto, data, data_len);
 		break;
 	case NFTNL_OBJ_CT_TIMEOUT_ARRAY:
+		if (data_len < sizeof(uint32_t) * NFTNL_CTTIMEOUT_ARRAY_MAX)
+			return -1;
+
 		memcpy(timeout->timeout, data,
 		       sizeof(uint32_t) * NFTNL_CTTIMEOUT_ARRAY_MAX);
 		break;
-	default:
-		return -1;
 	}
 	return 0;
 }
@@ -257,21 +258,21 @@ nftnl_obj_ct_timeout_parse(struct nftnl_obj *e, struct nlattr *attr)
 	return 0;
 }
 
-static int nftnl_obj_ct_timeout_snprintf_default(char *buf, size_t len,
-					       const struct nftnl_obj *e)
+static int nftnl_obj_ct_timeout_snprintf(char *buf, size_t remain,
+				       uint32_t flags,
+				       const struct nftnl_obj *e)
 {
-	int ret = 0;
-	int offset = 0, remain = len;
+	int ret = 0, offset = 0;
 
 	struct nftnl_obj_ct_timeout *timeout = nftnl_obj_data(e);
 
 	if (e->flags & (1 << NFTNL_OBJ_CT_TIMEOUT_L3PROTO)) {
-		ret = snprintf(buf + offset, len, "family %d ",
+		ret = snprintf(buf + offset, remain, "family %d ",
 			       timeout->l3proto);
 		SNPRINTF_BUFFER_SIZE(ret, remain, offset);
 	}
 	if (e->flags & (1 << NFTNL_OBJ_CT_TIMEOUT_L4PROTO)) {
-		ret = snprintf(buf + offset, len, "protocol %d ",
+		ret = snprintf(buf + offset, remain, "protocol %d ",
 				timeout->l4proto);
 		SNPRINTF_BUFFER_SIZE(ret, remain, offset);
 	}
@@ -283,7 +284,7 @@ static int nftnl_obj_ct_timeout_snprintf_default(char *buf, size_t len,
 		if (timeout_protocol[timeout->l4proto].attr_max == 0)
 			l4num = IPPROTO_RAW;
 
-		ret = snprintf(buf + offset, len, "policy = {");
+		ret = snprintf(buf + offset, remain, "policy = {");
 		SNPRINTF_BUFFER_SIZE(ret, remain, offset);
 
 		for (i = 0; i < timeout_protocol[l4num].attr_max; i++) {
@@ -293,13 +294,13 @@ static int nftnl_obj_ct_timeout_snprintf_default(char *buf, size_t len,
 				"UNKNOWN";
 
 			if (timeout->timeout[i] != timeout_protocol[l4num].dflt_timeout[i]) {
-				ret = snprintf(buf + offset, len,
+				ret = snprintf(buf + offset, remain,
 					"%s = %u,", state_name, timeout->timeout[i]);
 				SNPRINTF_BUFFER_SIZE(ret, remain, offset);
 			}
 		}
 
-		ret = snprintf(buf + offset, len, "}");
+		ret = snprintf(buf + offset, remain, "}");
 		SNPRINTF_BUFFER_SIZE(ret, remain, offset);
 	}
 	buf[offset] = '\0';
@@ -307,31 +308,21 @@ static int nftnl_obj_ct_timeout_snprintf_default(char *buf, size_t len,
 	return offset;
 }
 
-static int nftnl_obj_ct_timeout_snprintf(char *buf, size_t len, uint32_t type,
-				       uint32_t flags,
-				       const struct nftnl_obj *e)
-{
-	if (len)
-		buf[0] = '\0';
-
-	switch (type) {
-	case NFTNL_OUTPUT_DEFAULT:
-		return nftnl_obj_ct_timeout_snprintf_default(buf, len, e);
-	case NFTNL_OUTPUT_JSON:
-	default:
-		break;
-	}
-	return -1;
-}
+static struct attr_policy
+obj_ct_timeout_attr_policy[__NFTNL_OBJ_CT_TIMEOUT_MAX] = {
+	[NFTNL_OBJ_CT_TIMEOUT_L3PROTO]	= { .maxlen = sizeof(uint16_t) },
+	[NFTNL_OBJ_CT_TIMEOUT_L4PROTO]	= { .maxlen = sizeof(uint8_t) },
+};
 
 struct obj_ops obj_ops_ct_timeout = {
 	.name		= "ct_timeout",
 	.type		= NFT_OBJECT_CT_TIMEOUT,
 	.alloc_len	= sizeof(struct nftnl_obj_ct_timeout),
-	.max_attr	= NFTA_CT_TIMEOUT_MAX,
+	.nftnl_max_attr	= __NFTNL_OBJ_CT_TIMEOUT_MAX - 1,
+	.attr_policy	= obj_ct_timeout_attr_policy,
 	.set		= nftnl_obj_ct_timeout_set,
 	.get		= nftnl_obj_ct_timeout_get,
 	.parse		= nftnl_obj_ct_timeout_parse,
 	.build		= nftnl_obj_ct_timeout_build,
-	.snprintf	= nftnl_obj_ct_timeout_snprintf,
+	.output		= nftnl_obj_ct_timeout_snprintf,
 };