netfilter: nf_tables: reject unbound chain set before commit phase (c34b2203) · Commits · Mirrors / github.com / raspberrypi_linux

Commit c34b2203 authored Jun 16, 2023 by

Pablo Neira Ayuso Committed by Greg Kroah-Hartman Jun 28, 2023

netfilter: nf_tables: reject unbound chain set before commit phase



[ Upstream commit 62e1e94b ]

Use binding list to track set transaction and to check for unbound
chains before entering the commit phase.

Bail out if chain binding remain unused before entering the commit
step.

Fixes: d0e2c7de ("netfilter: nf_tables: add NFT_CHAIN_BINDING")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 46f801ab

Hide whitespace changes

Inline Side-by-side

Please register or to comment