Re: [PATCH 3/3] netfilter: nf_tables: do not allow RULE_ID to refer to another chain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 09, 2022 at 02:01:48PM -0300, Thadeu Lima de Souza Cascardo wrote:
> When doing lookups for rules on the same batch by using its ID, a rule from
> a different chain can be used. If a rule is added to a chain but tries to
> be positioned next to a rule from a different chain, it will be linked to
> chain2, but the use counter on chain1 would be the one to be incremented.
> 
> When looking for rules by ID, use the chain that was used for the lookup by
> name. The chain used in the context copied to the transaction needs to
> match that same chain. That way, struct nft_rule does not need to get
> enlarged with another member.

Series applied, thanks



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux