]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3b26e44) | patch
netfilter: nf_tables: reject nat hook registration if prio is before conntrack
authorFlorian Westphal <fw@strlen.de>
Fri, 8 Dec 2017 16:01:55 +0000 (17:01 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 8 Jan 2018 17:01:14 +0000 (18:01 +0100)
commit2b592c61e60acaff77bb520925442a47b0b10905
tree2ce13364a97e60958169bc966862215912317f07tree | snapshot
parent3b26e44a506021b9c1b9bbc8c7d45e527ff9d7e1commit | diff
netfilter: nf_tables: reject nat hook registration if prio is before conntrack

No problem for iptables as priorities are fixed values defined in the
nat modules, but in nftables the priority its coming from userspace.

Reject in case we see that such a hook would not work.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_tables_api.c diff | blob | history
Linux Kernel Source Tree.