Unverified Commit 961759c0 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!1426 netfilter: nf_tables: do not ignore genmask when looking up chain by id 

Merge Pull Request from: @ci-robot 
 
PR sync from: Liu Jian <liujian56@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/PR7IN2IHBPPN57ADATMAXCK6IOVOB3OG/ 
 
https://gitee.com/src-openeuler/kernel/issues/I7ISR3 
 
Link:https://gitee.com/openeuler/kernel/pulls/1426

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents cf303cf3 ba0d52cb

net/netfilter/nf_tables_api.c

+7 −4
Original line number Diff line number Diff line
@@ -2278,7 +2278,7 @@ static int nf_tables_updchain(struct nft_ctx *ctx, u8 genmask, u8 policy, 


static struct nft_chain *nft_chain_lookup_byid(const struct net *net,

					       const struct nft_table *table,

					       const struct nlattr *nla)

					       const struct nlattr *nla, u8 genmask)

{

	u32 id = ntohl(nla_get_be32(nla));

	struct nft_trans *trans;
@@ -2288,7 +2288,8 @@ static struct nft_chain *nft_chain_lookup_byid(const struct net *net, 


		if (trans->msg_type == NFT_MSG_NEWCHAIN &&

		    chain->table == table &&

		    id == nft_trans_chain_id(trans))

		    id == nft_trans_chain_id(trans) &&

		    nft_active_genmask(chain, genmask))

			return chain;

	}

	return ERR_PTR(-ENOENT);
@@ -3197,7 +3198,8 @@ static int nf_tables_newrule(struct net *net, struct sock *nlsk, 
			return -EOPNOTSUPP;



	} else if (nla[NFTA_RULE_CHAIN_ID]) {

		chain = nft_chain_lookup_byid(net, table, nla[NFTA_RULE_CHAIN_ID]);

		chain = nft_chain_lookup_byid(net, table, nla[NFTA_RULE_CHAIN_ID],

					      genmask);

		if (IS_ERR(chain)) {

			NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_CHAIN_ID]);

			return PTR_ERR(chain);
@@ -8693,7 +8695,8 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data, 
						 genmask);

		} else if (tb[NFTA_VERDICT_CHAIN_ID]) {

			chain = nft_chain_lookup_byid(ctx->net, ctx->table,

						      tb[NFTA_VERDICT_CHAIN_ID]);

						      tb[NFTA_VERDICT_CHAIN_ID],

						      genmask);

			if (IS_ERR(chain))

				return PTR_ERR(chain);

		} else {