netfilter: nf_tables: validate chain type update if available
[ Upstream commit
aaba7ddc8507f4ad5bbd07988573967632bc2385 ]
Parse netlink attribute containing the chain type in this update, to
bail out if this is different from the existing type.
Otherwise, it is possible to define a chain with the same name, hook and
priority but different type, which is silently ignored.
Fixes:
96518518cc41 ("netfilter: add nftables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
projects / platform / kernel / linux-rpi.git / commit