]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9fe5d1b) | patch
netlink_delinearize: incorrect meta protocol dependency kill again
authorPablo Neira Ayuso <pablo@netfilter.org>
Mon, 30 Aug 2021 21:31:59 +0000 (23:31 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 3 Sep 2021 16:33:11 +0000 (18:33 +0200)
commite2a5f72549cc5c45f16883fc82a799b0f09d66d9
tree78896fa4d6e6792eecc8dd60e6d34d7f81367953tree
parent9fe5d1bc18cfaed2ecf717e3dd9a97ff5b0e183ccommit | diff
netlink_delinearize: incorrect meta protocol dependency kill again

This patch adds __meta_dependency_may_kill() to consolidate inspection
of the meta protocol, nfproto and ether type expression to validate
dependency removal on listings.

Phil reports that 567ea4774e13 includes an update on the ip and ip6
families that is not described in the patch, moreover, it flips the
default verdict from true to false.

Fixes: 567ea4774e13 ("netlink_delinearize: incorrect meta protocol dependency kill")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/netlink_delinearize.c diff | blob | blame | history
tests/shell/testcases/optimizations/dependency_kill [new file with mode: 0755] blob
tests/shell/testcases/optimizations/dumps/dependency_kill.nft [new file with mode: 0644] blob
Mirror of git://git.netfilter.org/nftables