projects / platform / kernel / linux-starfive.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 31a9c29) | patch
netfilter: nft_socket: Break evaluation if no socket found
authorMáté Eckl <ecklm94@gmail.com>
Thu, 12 Jul 2018 15:18:46 +0000 (17:18 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 18 Jul 2018 09:26:51 +0000 (11:26 +0200)
commit365b5a36f352e9884e85c47aa33026fd4df18633
tree3fec6e319e62c7265b089e11b2b3df18ca49f564tree | snapshot
parent31a9c29210e2d8129d2e81acb89babb56916c6c9commit | diff
netfilter: nft_socket: Break evaluation if no socket found

Actual implementation stores 0 in the destination register if no socket
is found by the lookup, but that is not intentional as it is not really
a value of any socket metadata.

This patch fixes this and breaks rule evaluation in this case.

Fixes: 554ced0a6e29 ("netfilter: nf_tables: add support for native socket matching")
Signed-off-by: Máté Eckl <ecklm94@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_socket.c diff | blob | history
Domain: System / Kernel;