projects / platform / kernel / linux-starfive.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b60c0ce) | patch
netfilter: nf_tables: reject unbound anonymous set before commit phase
authorPablo Neira Ayuso <pablo@netfilter.org>
Fri, 16 Jun 2023 13:21:33 +0000 (15:21 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 28 Jun 2023 09:12:32 +0000 (11:12 +0200)
commit46f801ab5fb90d8aadeecd00bd2582cb0acc43b6
treea0acbfd8a0875a71059f1afe01f28ac0401a95eetree | snapshot
parentb60c0ce0ff3107b8cbabda46769b104890381046commit | diff
netfilter: nf_tables: reject unbound anonymous set before commit phase

[ Upstream commit 938154b93be8cd611ddfd7bafc1849f3c4355201 ]

Add a new list to track set transaction and to check for unbound
anonymous sets before entering the commit phase.

Bail out at the end of the transaction handling if an anonymous set
remains unbound.

Fixes: 96518518cc41 ("netfilter: add nftables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
include/net/netfilter/nf_tables.h diff | blob | history
net/netfilter/nf_tables_api.c diff | blob | history
Domain: System / Kernel;