git.samba.org / sfrench / cifs-2.6.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: eff3c55) | patch
netfilter: nf_tables: validate chain type update if available
authorPablo Neira Ayuso <pablo@netfilter.org>
Thu, 14 Dec 2023 21:43:22 +0000 (22:43 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 22 Dec 2023 11:15:28 +0000 (12:15 +0100)
commitaaba7ddc8507f4ad5bbd07988573967632bc2385
tree384dea5a798a45ae77aeb78c924558b3dd7a4a09tree
parenteff3c558bb7e61c41b53e4c8130e514a5a4df9bacommit | diff
netfilter: nf_tables: validate chain type update if available

Parse netlink attribute containing the chain type in this update, to
bail out if this is different from the existing type.

Otherwise, it is possible to define a chain with the same name, hook and
priority but different type, which is silently ignored.

Fixes: 96518518cc41 ("netfilter: add nftables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_tables_api.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.