git.ipfire.org Git - thirdparty/iptables.git/commit

author	Arturo Borrero <arturo.borrero.glez@gmail.com>
	Wed, 8 Apr 2015 17:42:19 +0000 (19:42 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 9 Apr 2015 17:03:07 +0000 (19:03 +0200)
commit	06d14d702e481f29d5fdc33afab4347e6efb678d
tree	d2ff0fd852958de0041f60d77599f6e8e1b1eb24	tree \| snapshot
parent	86a65af62b6b986aa2ae3cbf3c655ea8225b027a	commit \| diff

libxtables: find extensions based on family too

When using libxtables with an external program (nft) which switches family
contexts (using xtables_set_nfproto()), the xtables_find_{match,target}
functions need to compare the family too.

We want to avoid this situation:

1) user first sets afinfo to IPv6
2) xtables_find_target() finds & load ip6t_REJECT and uses it
3) afinfo change to IPv4
4) user then tries to use ipt_REJECT
5) xtables_find_target() finds ip6t_REJECT instead (same target name)
6) using ip6t_REJECT as ipt_REJECT can cause a lot of troubles

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>