projects / platform / kernel / linux-starfive.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e240cd0) | patch
netfilter: nft_compat: explicitly reject ERROR and standard target
authorFlorian Westphal <fw@strlen.de>
Fri, 6 Jul 2018 18:06:05 +0000 (20:06 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 9 Jul 2018 14:06:19 +0000 (16:06 +0200)
commit21d5e078192d244df3d6049f9464fff2f72cfd68
treeedd4a10495e5c155cf53347fb58f99ebe025685etree | snapshot
parente240cd0df48185a28c153f83a39ba3940e3e9b86commit | diff
netfilter: nft_compat: explicitly reject ERROR and standard target

iptables-nft never requests these, but make this explicitly illegal.
If it were quested, kernel could oops as ->eval is NULL, furthermore,
the builtin targets have no owning module so its possible to rmmod
eb/ip/ip6_tables module even if they would be loaded.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_compat.c diff | blob | history
Domain: System / Kernel;