diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-11-10 19:08:21 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-11-12 12:06:24 +0100 |
commit | afefb6f928ed42d5db452ee9251ce6de62673c67 (patch) | |
tree | c66b5b601862fa200b1613629e332a5d89d83ab7 | |
parent | netfilter: nft_compat: relax chain type validation (diff) | |
download | linux-afefb6f928ed42d5db452ee9251ce6de62673c67.tar.xz linux-afefb6f928ed42d5db452ee9251ce6de62673c67.zip |
netfilter: nft_compat: use the match->table to validate dependencies
Instead of the match->name, which is of course not relevant.
Fixes: f3f5dde ("netfilter: nft_compat: validate chain type in match/target")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | net/netfilter/nft_compat.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c index 70dc96516305..265e190f2218 100644 --- a/net/netfilter/nft_compat.c +++ b/net/netfilter/nft_compat.c @@ -346,7 +346,7 @@ nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr, union nft_entry e = {}; int ret; - ret = nft_compat_chain_validate_dependency(match->name, ctx->chain); + ret = nft_compat_chain_validate_dependency(match->table, ctx->chain); if (ret < 0) goto err; @@ -420,7 +420,7 @@ static int nft_match_validate(const struct nft_ctx *ctx, if (!(hook_mask & match->hooks)) return -EINVAL; - ret = nft_compat_chain_validate_dependency(match->name, + ret = nft_compat_chain_validate_dependency(match->table, ctx->chain); if (ret < 0) return ret; |