Re: [PATCH 1/2 v5.10] netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jun 07, 2024 at 02:37:34PM -0700, Kuntal Nayak wrote:
> From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> 
> [ upstream commit 776d451648443f9884be4a1b4e38e8faf1c621f9 ]
> 
> Bail out on using the tunnel dst template from other than netdev family.
> Add the infrastructure to check for the family in objects.
> 
> Fixes: af308b94a2a4 ("netfilter: nf_tables: add tunnel support")
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> [KN: Backport patch according to v5.10.x source]
> Signed-off-by: Kuntal Nayak <kuntal.nayak@xxxxxxxxxxxx>
> ---
>  include/net/netfilter/nf_tables.h |  2 ++
>  net/netfilter/nf_tables_api.c     | 14 +++++++++-----
>  net/netfilter/nft_tunnel.c        |  1 +
>  3 files changed, 12 insertions(+), 5 deletions(-)

Both now queued up, thanks.

greg k-h




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux