projects / platform / kernel / linux-rpi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f92b40a) | patch
netfilter: nf_tables: reject nat hook registration if prio is before conntrack
authorFlorian Westphal <fw@strlen.de>
Fri, 8 Dec 2017 16:01:55 +0000 (17:01 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 8 Jan 2018 17:01:14 +0000 (18:01 +0100)
commit84ba7dd71add05b52e55c60b4a3af9bb6194c73d
tree2ce13364a97e60958169bc966862215912317f07tree | snapshot
parentf92b40a8b2645af38bd6814651c59c1e690db53dcommit | diff
netfilter: nf_tables: reject nat hook registration if prio is before conntrack

No problem for iptables as priorities are fixed values defined in the
nat modules, but in nftables the priority its coming from userspace.

Reject in case we see that such a hook would not work.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_tables_api.c diff | blob | history
Domain: System / Kernel;