git.samba.org / sfrench / cifs-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
netfilter: nf_tables: reject new basechain after table flag update
[sfrench/cifs-2.6.git] / net / netfilter / nf_tables_api.c
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 17bf53cd0e848c83087958d0677c09ed52de2979..1eb51bf24fc2e52d0a26f9eebe5a30e91824107c 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2449,6 +2449,9 @@ static int nf_tables_addchain(struct nft_ctx *ctx, u8 family, u8 genmask,
                struct nft_stats __percpu *stats = NULL;
                struct nft_chain_hook hook = {};
 
+               if (table->flags & __NFT_TABLE_F_UPDATE)
+                       return -EINVAL;
+
                if (flags & NFT_CHAIN_BINDING)
                        return -EOPNOTSUPP;
 
Unnamed repository; edit this file 'description' to name the repository.