Fix nla_policies to fully support NL_VALIDATE_STRICT

Since v5.2 (commit "netlink: re-add parse/validate functions in
strict mode") NL_VALIDATE_STRICT is enabled. Fix the ipset nla_policies
which did not support strict mode and thus the corresponding ipset
commands failed.

1 files changed, 10 insertions, 2 deletions

diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index 7c7ff41..4d8e8b1 100644
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -1481,6 +1481,14 @@ dump_attrs(struct nlmsghdr *nlh)
 	}
 }
 
+static const struct nla_policy
+ip_set_dump_policy[IPSET_ATTR_CMD_MAX + 1] = {
+	[IPSET_ATTR_PROTOCOL]	= { .type = NLA_U8 },
+	[IPSET_ATTR_SETNAME]	= { .type = NLA_NUL_STRING,
+				    .len = IPSET_MAXNAMELEN - 1 },
+	[IPSET_ATTR_FLAGS]	= { .type = NLA_U32 },
+};
+
 static int
 dump_init(struct netlink_callback *cb, struct ip_set_net *inst)
 {
@@ -1494,7 +1502,7 @@ dump_init(struct netlink_callback *cb, struct ip_set_net *inst)
 
 	ret = NLA_PARSE(cda, IPSET_ATTR_CMD_MAX, attr,
 			nlh->nlmsg_len - min_len,
-			ip_set_setname_policy, NULL);
+			ip_set_dump_policy, NULL);
 	if (ret)
 		return ret;
 
@@ -2186,7 +2194,7 @@ static const struct nfnl_callback ip_set_netlink_subsys_cb[IPSET_MSG_MAX] = {
 	[IPSET_CMD_LIST]	= {
 		.call		= ip_set_dump,
 		.attr_count	= IPSET_ATTR_CMD_MAX,
-		.policy		= ip_set_setname_policy,
+		.policy		= ip_set_dump_policy,
 	},
 	[IPSET_CMD_SAVE]	= {
 		.call		= ip_set_dump,