summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2014-11-10 19:08:21 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2014-11-12 12:06:24 +0100
commitafefb6f928ed42d5db452ee9251ce6de62673c67 (patch)
treec66b5b601862fa200b1613629e332a5d89d83ab7
parentnetfilter: nft_compat: relax chain type validation (diff)
downloadlinux-afefb6f928ed42d5db452ee9251ce6de62673c67.tar.xz
linux-afefb6f928ed42d5db452ee9251ce6de62673c67.zip
netfilter: nft_compat: use the match->table to validate dependencies
Instead of the match->name, which is of course not relevant. Fixes: f3f5dde ("netfilter: nft_compat: validate chain type in match/target") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/netfilter/nft_compat.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
index 70dc96516305..265e190f2218 100644
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -346,7 +346,7 @@ nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
union nft_entry e = {};
int ret;
- ret = nft_compat_chain_validate_dependency(match->name, ctx->chain);
+ ret = nft_compat_chain_validate_dependency(match->table, ctx->chain);
if (ret < 0)
goto err;
@@ -420,7 +420,7 @@ static int nft_match_validate(const struct nft_ctx *ctx,
if (!(hook_mask & match->hooks))
return -EINVAL;
- ret = nft_compat_chain_validate_dependency(match->name,
+ ret = nft_compat_chain_validate_dependency(match->table,
ctx->chain);
if (ret < 0)
return ret;