netfilter: nft_compat: use the match->table to validate dependencies
Instead of the match->name, which is of course not relevant.
Fixes: f3f5dde
("netfilter: nft_compat: validate chain type in match/target")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
c918687f5e
commit
afefb6f928
@ -346,7 +346,7 @@ nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
|
|||||||
union nft_entry e = {};
|
union nft_entry e = {};
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
ret = nft_compat_chain_validate_dependency(match->name, ctx->chain);
|
ret = nft_compat_chain_validate_dependency(match->table, ctx->chain);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
@ -420,7 +420,7 @@ static int nft_match_validate(const struct nft_ctx *ctx,
|
|||||||
if (!(hook_mask & match->hooks))
|
if (!(hook_mask & match->hooks))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
ret = nft_compat_chain_validate_dependency(match->name,
|
ret = nft_compat_chain_validate_dependency(match->table,
|
||||||
ctx->chain);
|
ctx->chain);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
Loading…
Reference in New Issue
Block a user