Commit f7fb77fc authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso

netfilter: nft_compat: check extension hook mask only if set

If the x_tables extension comes with no hook mask, skip this validation.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 3840538a
...@@ -305,7 +305,7 @@ static int nft_target_validate(const struct nft_ctx *ctx, ...@@ -305,7 +305,7 @@ static int nft_target_validate(const struct nft_ctx *ctx,
const struct nf_hook_ops *ops = &basechain->ops[0]; const struct nf_hook_ops *ops = &basechain->ops[0];
hook_mask = 1 << ops->hooknum; hook_mask = 1 << ops->hooknum;
if (!(hook_mask & target->hooks)) if (target->hooks && !(hook_mask & target->hooks))
return -EINVAL; return -EINVAL;
ret = nft_compat_chain_validate_dependency(target->table, ret = nft_compat_chain_validate_dependency(target->table,
...@@ -484,7 +484,7 @@ static int nft_match_validate(const struct nft_ctx *ctx, ...@@ -484,7 +484,7 @@ static int nft_match_validate(const struct nft_ctx *ctx,
const struct nf_hook_ops *ops = &basechain->ops[0]; const struct nf_hook_ops *ops = &basechain->ops[0];
hook_mask = 1 << ops->hooknum; hook_mask = 1 << ops->hooknum;
if (!(hook_mask & match->hooks)) if (match->hooks && !(hook_mask & match->hooks))
return -EINVAL; return -EINVAL;
ret = nft_compat_chain_validate_dependency(match->table, ret = nft_compat_chain_validate_dependency(match->table,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment