Example:
nft add rule inet filter input meta l4proto udp reject with tcp reset
When we check if the transport protocol is tcp, we use the network context.
If we don't have this network context, we have a crash.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@xxxxxxxxx>
---
[no changes in v2]
src/evaluate.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/evaluate.c b/src/evaluate.c
index 4b7bda9..2f71e9b 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1339,6 +1339,13 @@ static int stmt_evaluate_reset(struct eval_ctx *ctx, struct stmt *stmt)
if (desc == NULL)
return 0;
+ if (base == NULL) {
+ if (strcmp(desc->name, "tcp") == 0)
+ return 0;
+ else
+ return stmt_error(ctx, stmt,
+ "you cannot use tcp reset with this protocol");
+ }
protonum = proto_find_num(base, desc);
switch (protonum) {
case IPPROTO_TCP:
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
