]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1d63599) | patch
netfilter: nft_meta: fix cgroup matching
authorPablo Neira Ayuso <pablo@netfilter.org>
Fri, 27 Mar 2015 11:14:13 +0000 (12:14 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 1 Apr 2015 09:33:00 +0000 (11:33 +0200)
commit68522536257ec945a16a94e51552ff6961d29c87
treed403a5f3f17acf2b1e0dc7946937dc008026072dtree | snapshot
parent1d63599c78a13a78a1423e71e04910a71c226b3ccommit | diff
netfilter: nft_meta: fix cgroup matching

We have to stop iterating on the rule expressions if the cgroup
mismatches. Moreover, make sure a non-full socket from the input path
leads us to a crash.

Fixes: 262f0d9 ("netfilter: nft_meta: add cgroup support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_meta.c diff | blob | history
Linux Kernel Source Tree.