Phil Sutter <phil@xxxxxx> wrote: > If a requested extension exists as module and is not loaded, > ebt_check_match() might accidentally use an NFPROTO_UNSPEC one with same > name and fail. > > Reproduced with limit match: Given xt_limit and ebt_limit both built as > module, the following would fail: > > modprobe xt_limit > ebtables -I INPUT --limit 1/s -j ACCEPT > > The fix is to make ebt_check_match() distrust a found NFPROTO_UNSPEC > extension and retry after requesting an appropriate module. > > Cc: Florian Westphal <fw@xxxxxxxxx> Acked-by: Florian Westphal <fw@xxxxxxxxx> Thanks for handling this. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
