netfilter: nft_tproxy: restrict to prerouting hook (83ef55c4) · Commits · CodeLinaro / la / kernel / msm

Commit 83ef55c4 authored 2 years ago by Florian Westphal Committed by Greg Kroah-Hartman 2 years ago

netfilter: nft_tproxy: restrict to prerouting hook


commit 18bbc321 upstream.

TPROXY is only allowed from prerouting, but nft_tproxy doesn't check this.
This fixes a crash (null dereference) when using tproxy from e.g. output.

Fixes: 4ed8eb65 ("netfilter: nf_tables: Add native tproxy support")
Reported-by: Shell Chen <xierch@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Qingfang DENG <dqfext@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent b6ac5e6b

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 8 additions and 0 deletions

Please register or to comment