bcf4934288
If a requested extension exists as module and is not loaded, ebt_check_match() might accidentally use an NFPROTO_UNSPEC one with same name and fail. Reproduced with limit match: Given xt_limit and ebt_limit both built as module, the following would fail: modprobe xt_limit ebtables -I INPUT --limit 1/s -j ACCEPT The fix is to make ebt_check_match() distrust a found NFPROTO_UNSPEC extension and retry after requesting an appropriate module. Cc: Florian Westphal <fw@strlen.de> Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
---|---|---|
.. | ||
netfilter | ||
Kconfig | ||
Makefile | ||
br.c | ||
br_device.c | ||
br_fdb.c | ||
br_forward.c | ||
br_if.c | ||
br_input.c | ||
br_ioctl.c | ||
br_mdb.c | ||
br_multicast.c | ||
br_netfilter_hooks.c | ||
br_netfilter_ipv6.c | ||
br_netlink.c | ||
br_nf_core.c | ||
br_private.h | ||
br_private_stp.h | ||
br_stp.c | ||
br_stp_bpdu.c | ||
br_stp_if.c | ||
br_stp_timer.c | ||
br_sysfs_br.c | ||
br_sysfs_if.c | ||
br_vlan.c |