On Thu, Feb 16, 2023 at 08:47:55PM +0800, Qingfang DENG wrote:
> From: Florian Westphal <fw@xxxxxxxxx>
>
> commit 18bbc3213383a82b05383827f4b1b882e3f0a5a5 upstream.
>
> TPROXY is only allowed from prerouting, but nft_tproxy doesn't check this.
> This fixes a crash (null dereference) when using tproxy from e.g. output.
>
> Fixes: 4ed8eb6570a4 ("netfilter: nf_tables: Add native tproxy support")
> Reported-by: Shell Chen <xierch@xxxxxxxxx>
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> Signed-off-by: Qingfang DENG <dqfext@xxxxxxxxx>
> ---
> net/netfilter/nft_tproxy.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
Now queued up, thanks.
greg k-h
