Commit 71ef842d authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nft_immediate: cancel register tracking for data destination register 



The immediate expression might clobber existing data on the registers,
cancel register tracking for the destination register.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 5da03b56

net/netfilter/nft_immediate.c

+12 −0
Original line number Diff line number Diff line
@@ -223,6 +223,17 @@ static bool nft_immediate_offload_action(const struct nft_expr *expr) 
	return false;

}



static bool nft_immediate_reduce(struct nft_regs_track *track,

				 const struct nft_expr *expr)

{

	const struct nft_immediate_expr *priv = nft_expr_priv(expr);



	if (priv->dreg != NFT_REG_VERDICT)

		nft_reg_track_cancel(track, priv->dreg, priv->dlen);



	return false;

}



static const struct nft_expr_ops nft_imm_ops = {

	.type		= &nft_imm_type,

	.size		= NFT_EXPR_SIZE(sizeof(struct nft_immediate_expr)),
@@ -233,6 +244,7 @@ static const struct nft_expr_ops nft_imm_ops = { 
	.destroy	= nft_immediate_destroy,

	.dump		= nft_immediate_dump,

	.validate	= nft_immediate_validate,

	.reduce		= nft_immediate_reduce,

	.offload	= nft_immediate_offload,

	.offload_action	= nft_immediate_offload_action,

};