diff options
author | Pablo Neira Ayuso | 2017-12-19 13:53:45 +0100 |
---|---|---|
committer | Pablo Neira Ayuso | 2018-01-10 15:32:04 +0100 |
commit | fe19c04ca13737a48277fad28d912efbd72c1772 (patch) | |
tree | 0f60983ed7648da60a5eeaad2f26e4eb33ccab98 /net/netfilter/nf_tables_api.c | |
parent | Merge branch 'r8169-improve-runtime-pm' (diff) | |
download | kernel-qcow2-linux-fe19c04ca13737a48277fad28d912efbd72c1772.tar.gz kernel-qcow2-linux-fe19c04ca13737a48277fad28d912efbd72c1772.tar.xz kernel-qcow2-linux-fe19c04ca13737a48277fad28d912efbd72c1772.zip |
netfilter: nf_tables: remove nhooks field from struct nft_af_info
We already validate the hook through bitmask, so this check is
superfluous. When removing this, this patch is also fixing a bug in the
new flowtable codebase, since ctx->afi points to the table family
instead of the netdev family which is where the flowtable is really
hooked in.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_tables_api.c')
-rw-r--r-- | net/netfilter/nf_tables_api.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 336b81689ac9..93e4e67e4b4d 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1328,9 +1328,6 @@ static int nft_chain_parse_hook(struct net *net, return -EINVAL; hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM])); - if (hook->num >= afi->nhooks) - return -EINVAL; - hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; @@ -4993,7 +4990,7 @@ static int nf_tables_flowtable_parse_hook(const struct nft_ctx *ctx, return -EINVAL; hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM])); - if (hooknum >= ctx->afi->nhooks) + if (hooknum != NF_NETDEV_INGRESS) return -EINVAL; priority = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_PRIORITY])); |