git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Sun, 20 Oct 2024 12:49:51 +0000 (14:49 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 1 Nov 2024 01:02:36 +0000 (02:02 +0100)
commit	e92e991748484a8b158cd05e348002d2eeefd1f0
tree	d58e38ddac0aaa106af979e6cb2cca9d20794825	tree \| snapshot
parent	3c2a3619d565fe16bf59b0a047bab103a2ee4490	commit \| diff

netfilter: xtables: fix typo causing some targets not to load on IPv6

[ Upstream commit 306ed1728e8438caed30332e1ab46b28c25fe3d8 ]

- There is no NFPROTO_IPV6 family for mark and NFLOG.
- TRACE is also missing module autoload with NFPROTO_IPV6.

This results in ip6tables failing to restore a ruleset. This issue has been
reported by several users providing incomplete patches.

Very similar to Ilya Katsnelson's patch including a missing chunk in the
TRACE extension.

Fixes: 0bfcb7b71e73 ("netfilter: xtables: avoid NFPROTO_UNSPEC where needed")
Reported-by: Ignat Korchagin <ignat@cloudflare.com>
Reported-by: Ilya Katsnelson <me@0upti.me>
Reported-by: Krzysztof Olędzki <ole@ans.pl>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

net/netfilter/xt_NFLOG.c		diff \| blob \| blame \| history
net/netfilter/xt_TRACE.c		diff \| blob \| blame \| history
net/netfilter/xt_mark.c		diff \| blob \| blame \| history