]> git.ipfire.org Git - thirdparty/iptables.git/commit
projects / thirdparty / iptables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c3d5053) | patch
nft: Support replacing a rule added in the same batch master
authorPhil Sutter <phil@nwl.cc>
Thu, 20 Nov 2025 12:55:38 +0000 (13:55 +0100)
committerPhil Sutter <phil@nwl.cc>
Thu, 27 Nov 2025 20:07:02 +0000 (21:07 +0100)
commit78d7a5f8619f3965ec2da13003a876c808c40cfb
treef84a00f9cafa4809eb43d7d8ff917e3401f432c2tree | snapshot
parentc3d5053db05f99bd72219aebeefc7fb0195ac041commit | diff
nft: Support replacing a rule added in the same batch

As reported in nfbz#1820, trying to add a rule and replacing it in the
same batch would crash iptables due to a stale rule pointer left in an
obj_update.

Doing this is perfectly fine in legacy iptables, so implement the
missing feature instead of merely preventing the crash.

Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1820
Fixes: b199aca80da57 ("nft: Fix leak when replacing a rule")
Signed-off-by: Phil Sutter <phil@nwl.cc>
iptables/nft.c diff | blob | blame | history
iptables/tests/shell/testcases/ipt-restore/0018-replace-new_0 [new file with mode: 0755] blob
Mirror of git://git.netfilter.org/iptables