On Wed, Apr 08, 2015 at 07:42:19PM +0200, Arturo Borrero Gonzalez wrote: > When using libxtables with an external program (nft) which switches family > contexts (using xtables_set_nfproto()), the extensions finding proccess > needs to be smarter and also know about the family. > > We want to avoid this situation: > > 1) user first sets context to IPv6 > 2) xtables_find_target() finds & load ip6t_REJECT and uses it > 3) context switch to IPv4 > 4) user then tries to use ipt_REJECT > 5) xtables_find_target() will find ip6t_REJECT instead (same target name) > 6) using ip6t_REJECT as ipt_REJECT can cause a lot of troubles Applied with minor changes: http://git.netfilter.org/iptables/commit/?id=06d14d702e481f29d5fdc33afab4347e6efb678d Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
