]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9cd0fe4) | patch
netfilter: nf_tables: validate hooks in NAT expressions
authorPablo Neira Ayuso <pablo@netfilter.org>
Wed, 14 Jan 2015 14:33:57 +0000 (15:33 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 19 Jan 2015 13:52:39 +0000 (14:52 +0100)
commit7deeabaccb0f59e0ff724c3aeb4abadcfd06f74d
tree64fcef16df64c35c2f3ceca20982d3723a2637c4tree | snapshot
parent9cd0fe41a3ecd2150873891ec69079202b18443ecommit | diff
netfilter: nf_tables: validate hooks in NAT expressions

The user can crash the kernel if it uses any of the existing NAT
expressions from the wrong hook, so add some code to validate this
when loading the rule.

This patch introduces nft_chain_validate_hooks() which is based on
an existing function in the bridge version of the reject expression.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_tables.h diff | blob | history
net/bridge/netfilter/nft_reject_bridge.c diff | blob | history
net/netfilter/nf_tables_api.c diff | blob | history
net/netfilter/nft_masq.c diff | blob | history
net/netfilter/nft_nat.c diff | blob | history
net/netfilter/nft_redir.c diff | blob | history
Linux Kernel Source Tree.