On Tue, Apr 12, 2016 at 01:31:14AM +0200, Phil Sutter wrote: > If a requested extension exists as module and is not loaded, > ebt_check_match() might accidentally use an NFPROTO_UNSPEC one with same > name and fail. > > Reproduced with limit match: Given xt_limit and ebt_limit both built as > module, the following would fail: > > modprobe xt_limit > ebtables -I INPUT --limit 1/s -j ACCEPT > > The fix is to make ebt_check_match() distrust a found NFPROTO_UNSPEC > extension and retry after requesting an appropriate module. Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html