summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2023-08-29 19:51:57 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2023-08-31 01:29:27 +0200
commit7e9be1124dbe7888907e82cab20164578e3f9ab7 (patch)
tree09fbb6809610a2bde1d514ac57a31b041ece18fb /kernel
parentnetfilter: xt_u32: validate user space input (diff)
downloadlinux-7e9be1124dbe7888907e82cab20164578e3f9ab7.tar.xz
linux-7e9be1124dbe7888907e82cab20164578e3f9ab7.zip
netfilter: nf_tables: Audit log setelem reset
Since set element reset is not integrated into nf_tables' transaction logic, an explicit log call is needed, similar to NFT_MSG_GETOBJ_RESET handling. For the sake of simplicity, catchall element reset will always generate a dedicated log entry. This relieves nf_tables_dump_set() from having to adjust the logged element count depending on whether a catchall element was found or not. Fixes: 079cd633219d7 ("netfilter: nf_tables: Introduce NFT_MSG_GETSETELEM_RESET") Signed-off-by: Phil Sutter <phil@nwl.cc> Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditsc.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index addeed3df15d..38481e318197 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -143,6 +143,7 @@ static const struct audit_nfcfgop_tab audit_nfcfgs[] = {
{ AUDIT_NFT_OP_OBJ_RESET, "nft_reset_obj" },
{ AUDIT_NFT_OP_FLOWTABLE_REGISTER, "nft_register_flowtable" },
{ AUDIT_NFT_OP_FLOWTABLE_UNREGISTER, "nft_unregister_flowtable" },
+ { AUDIT_NFT_OP_SETELEM_RESET, "nft_reset_setelem" },
{ AUDIT_NFT_OP_INVALID, "nft_invalid" },
};