Commit fd2481b4 authored by Florian Westphal's avatar Florian Westphal Committed by zhaoxiaoqiang11
Browse files

netfilter: nft_tproxy: restrict to prerouting hook 

stable inclusion
from stable-v5.10.169
commit eaba3f9b672c3a3f820da8ee9584b9520674eafa
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7V9QX

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=eaba3f9b672c3a3f820da8ee9584b9520674eafa



----------------------------------------------------

commit 18bbc321 upstream.

TPROXY is only allowed from prerouting, but nft_tproxy doesn't check this.
This fixes a crash (null dereference) when using tproxy from e.g. output.

Fixes: 4ed8eb65 ("netfilter: nf_tables: Add native tproxy support")
Reported-by: default avatarShell Chen <xierch@gmail.com>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarQingfang DENG <dqfext@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarzhaoxiaoqiang11 <zhaoxiaoqiang11@jd.com>
parent 51ff172e
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment