netfilter: nf_tables: perform type checking for existing sets - kernel/linux.git

diff options

author	Pablo Neira Ayuso <pablo@netfilter.org>	2022-12-19 22:09:00 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2022-12-21 19:34:00 +0300
commit	f6594c372afd5cec8b1e9ee9ea8f8819d59c6fb1 (patch)
tree	cc2ee356ca8a8ab21b4f7e9048c9b0c370e26f8f /.mailmap
parent	a8fe4154fa5a1bae590b243ed60f871e5a5e1378 (diff)
download	linux-f6594c372afd5cec8b1e9ee9ea8f8819d59c6fb1.tar.xz

netfilter: nf_tables: perform type checking for existing sets

If a ruleset declares a set name that matches an existing set in the kernel, then validate that this declaration really refers to the same set, otherwise bail out with EEXIST. Currently, the kernel reports success when adding a set that already exists in the kernel. This usually results in EINVAL errors at a later stage, when the user adds elements to the set, if the set declaration mismatches the existing set representation in the kernel. Add a new function to check that the set declaration really refers to the same existing set in the kernel. Fixes: 96518518cc41 ("netfilter: add nftables") Reported-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to '.mailmap')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: