diff options
author | David S. Miller <davem@davemloft.net> | 2015-02-03 04:30:53 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-02-03 04:30:53 +0100 |
commit | 3ae55826ae15cfb3bfa58d0dac29c53fc5fd1088 (patch) | |
tree | 87ef313c7cbde01c992984f5879a4d3ff55608dd /include | |
parent | Documentation: Update netlink_mmap.txt (diff) | |
parent | netfilter: nf_tables: fix leaks in error path of nf_tables_newchain() (diff) | |
download | linux-3ae55826ae15cfb3bfa58d0dac29c53fc5fd1088.tar.xz linux-3ae55826ae15cfb3bfa58d0dac29c53fc5fd1088.zip |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter/IPVS fixes for net
The following patchset contains Netfilter/IPVS fixes for your net tree,
they are:
1) Validate hooks for nf_tables NAT expressions, otherwise users can
crash the kernel when using them from the wrong hook. We already
got one user trapped on this when configuring masquerading.
2) Fix a BUG splat in nf_tables with CONFIG_DEBUG_PREEMPT=y. Reported
by Andreas Schultz.
3) Avoid unnecessary reroute of traffic in the local input path
in IPVS that triggers a crash in in xfrm. Reported by Florian
Wiessner and fixes by Julian Anastasov.
4) Fix memory and module refcount leak from the error path of
nf_tables_newchain().
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/net/netfilter/nf_tables.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index 3ae969e3acf0..9eaaa7884586 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -530,6 +530,8 @@ enum nft_chain_type { int nft_chain_validate_dependency(const struct nft_chain *chain, enum nft_chain_type type); +int nft_chain_validate_hooks(const struct nft_chain *chain, + unsigned int hook_flags); struct nft_stats { u64 bytes; |