]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
projects / thirdparty / kernel / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6813985) | patch
netfilter: nft_compat: run xt_check_hooks_{match,target}() from .validate
authorPablo Neira Ayuso <pablo@netfilter.org>
Tue, 28 Apr 2026 17:04:07 +0000 (19:04 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 30 Apr 2026 06:03:22 +0000 (08:03 +0200)
commit2f768d638d977eff824f64dcc9639e3fea32da8f
tree2c214cf5400291613bc1da42b0e1b71c8ffc53e0tree | snapshot
parent6813985ca456d1f5677ad9554f55805cbf27e16fcommit | diff
netfilter: nft_compat: run xt_check_hooks_{match,target}() from .validate

Several matches and one target check that the hook is correct from
checkentry(), however, the basechain is only available from
nft_table_validate().

This patch uses xt_check_hooks_{match,target}() from the nft_compat
expression .validate path.

This patch sets the table in the nft_ctx struct in nft_table_validate()
which is required by this patch.

Based on patch from Florian Westphal.

Fixes: 0ca743a55991 ("netfilter: nf_tables: add compatibility layer for x_tables")
Reported-by: Xiang Mei <xmei5@asu.edu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_tables_api.c diff | blob | blame | history
net/netfilter/nft_compat.c diff | blob | blame | history
A mirror of Linus' kernel repository