Commit b75a3e83 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso

netfilter: nf_tables: allow netdevice to be used only once per flowtable

Allow netdevice only once per flowtable, otherwise hit EEXIST.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 3f0465a9
...@@ -1538,6 +1538,19 @@ static struct nft_hook *nft_netdev_hook_alloc(struct net *net, ...@@ -1538,6 +1538,19 @@ static struct nft_hook *nft_netdev_hook_alloc(struct net *net,
return ERR_PTR(err); return ERR_PTR(err);
} }
static bool nft_hook_list_find(struct list_head *hook_list,
const struct nft_hook *this)
{
struct nft_hook *hook;
list_for_each_entry(hook, hook_list, list) {
if (this->ops.dev == hook->ops.dev)
return true;
}
return false;
}
static int nf_tables_parse_netdev_hooks(struct net *net, static int nf_tables_parse_netdev_hooks(struct net *net,
const struct nlattr *attr, const struct nlattr *attr,
struct list_head *hook_list) struct list_head *hook_list)
...@@ -1557,6 +1570,10 @@ static int nf_tables_parse_netdev_hooks(struct net *net, ...@@ -1557,6 +1570,10 @@ static int nf_tables_parse_netdev_hooks(struct net *net,
err = PTR_ERR(hook); err = PTR_ERR(hook);
goto err_hook; goto err_hook;
} }
if (nft_hook_list_find(hook_list, hook)) {
err = -EEXIST;
goto err_hook;
}
list_add_tail(&hook->list, hook_list); list_add_tail(&hook->list, hook_list);
n++; n++;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment