mirror of https://github.com/torvalds/linux.git
75e8d06d43
The user can crash the kernel if it uses any of the existing NAT expressions from the wrong hook, so add some code to validate this when loading the rule. This patch introduces nft_chain_validate_hooks() which is based on an existing function in the bridge version of the reject expression. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
|---|---|---|
| .. | ||
| ipv4 | ||
| ipv6 | ||
| br_netfilter.h | ||
| nf_conntrack.h | ||
| nf_conntrack_acct.h | ||
| nf_conntrack_core.h | ||
| nf_conntrack_ecache.h | ||
| nf_conntrack_expect.h | ||
| nf_conntrack_extend.h | ||
| nf_conntrack_helper.h | ||
| nf_conntrack_l3proto.h | ||
| nf_conntrack_l4proto.h | ||
| nf_conntrack_labels.h | ||
| nf_conntrack_seqadj.h | ||
| nf_conntrack_synproxy.h | ||
| nf_conntrack_timeout.h | ||
| nf_conntrack_timestamp.h | ||
| nf_conntrack_tuple.h | ||
| nf_conntrack_zones.h | ||
| nf_log.h | ||
| nf_nat.h | ||
| nf_nat_core.h | ||
| nf_nat_helper.h | ||
| nf_nat_l3proto.h | ||
| nf_nat_l4proto.h | ||
| nf_nat_redirect.h | ||
| nf_queue.h | ||
| nf_tables.h | ||
| nf_tables_bridge.h | ||
| nf_tables_core.h | ||
| nf_tables_ipv4.h | ||
| nf_tables_ipv6.h | ||
| nfnetlink_log.h | ||
| nfnetlink_queue.h | ||
| nft_masq.h | ||
| nft_meta.h | ||
| nft_redir.h | ||
| nft_reject.h | ||
| xt_rateest.h | ||