]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f632a31) | patch
netfilter: nft_tproxy: restrict to prerouting hook
authorFlorian Westphal <fw@strlen.de>
Sat, 20 Aug 2022 15:54:06 +0000 (17:54 +0200)
committerFlorian Westphal <fw@strlen.de>
Tue, 23 Aug 2022 19:24:34 +0000 (21:24 +0200)
commita0fd136278fcd4d3248abd399c047b1460329b38
tree26006a63f818301339915afbd8bfe501c8602a81tree | snapshot
parentf632a31f55bbb5eb053ee95ecf3e4ad1b9f28e64commit | diff
netfilter: nft_tproxy: restrict to prerouting hook

TPROXY is only allowed from prerouting, but nft_tproxy doesn't check this.
This fixes a crash (null dereference) when using tproxy from e.g. output.

Fixes: 7262e4a77dd2 ("netfilter: nf_tables: Add native tproxy support")
Reported-by: Shell Chen <xierch@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
net/netfilter/nft_tproxy.c diff | blob | history
Linux Kernel Source Tree.