[PATCH net-next v3 0/4] netfilter: conntrack: shared port parser for helpers
From: HACKE-RC
Date: Sun May 03 2026 - 04:33:00 EST
Both nf_conntrack_irc and nf_conntrack_amanda parse port numbers from
application-layer data using simple_strtoul(), which requires
NUL-terminated input and returns unsigned long without range validation.
This series introduces two shared helpers in the conntrack core:
nf_ct_helper_parse_uint() -- generic bounded integer parser that
operates on a length-delimited buffer without requiring NUL
termination.
nf_ct_helper_parse_port() -- calls nf_ct_helper_parse_uint() with
max=65535 and rejects port zero.
Patches 2 and 3 convert IRC and Amanda to use nf_ct_helper_parse_port().
Patch 4 converts the two port-parsing sites in nf_conntrack_sip to use
nf_ct_helper_parse_port() as well, retaining the SIP-specific minimum
port check (>= 1024).
v3: add nf_ct_helper_parse_uint() as the generic base; nf_ct_helper_parse_port()
is now a thin wrapper; extend the series with a fourth patch converting
nf_conntrack_sip (Phil Sutter)
v2: replace simple_strtoul() with a shared nf_ct_helper_parse_port()
in the conntrack helper core, modelled on 8cf6809cddcb (Florian Westphal)
v1: inline range checks in IRC and Amanda
HACKE-RC (4):
netfilter: conntrack: add shared port and uint parsers for helpers
netfilter: nf_conntrack_irc: use nf_ct_helper_parse_port()
netfilter: nf_conntrack_amanda: use nf_ct_helper_parse_port()
netfilter: nf_conntrack_sip: use nf_ct_helper_parse_port()
include/net/netfilter/nf_conntrack_helper.h | 5 +++
net/netfilter/nf_conntrack_amanda.c | 11 +++---
net/netfilter/nf_conntrack_helper.c | 39 +++++++++++++++++++++
net/netfilter/nf_conntrack_irc.c | 4 ++-
net/netfilter/nf_conntrack_sip.c | 14 ++++----
5 files changed, 61 insertions(+), 12 deletions(-)
--
2.54.0