netfilter: nft_tproxy: restrict to prerouting hook (83ef55c4) · Commits · Mirrors / git.yoctoproject.org / linux-yocto

Commit 83ef55c4 authored Aug 20, 2022 by

Florian Westphal Committed by Greg Kroah-Hartman Feb 22, 2023

netfilter: nft_tproxy: restrict to prerouting hook



commit 18bbc321 upstream.

TPROXY is only allowed from prerouting, but nft_tproxy doesn't check this.
This fixes a crash (null dereference) when using tproxy from e.g. output.

Fixes: 4ed8eb65 ("netfilter: nf_tables: Add native tproxy support")
Reported-by: Shell Chen <xierch@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Qingfang DENG <dqfext@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent b6ac5e6b

Hide whitespace changes

Inline Side-by-side

Please register or to comment