netfilter: nf_tables: imbalance in flowtable binding - linux

diff options

author	Pablo Neira Ayuso <pablo@netfilter.org>	2025-01-02 13:01:13 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2025-01-09 13:29:38 +0100
commit	13210fc63f353fe78584048079343413a3cdf819 (patch)
tree	c4b9e5bde910e164ef0e9657a13c8a7aac9d9884 /security
parent	net: wwan: t7xx: Fix FSM command timeout issue (diff)
download	linux-13210fc63f353fe78584048079343413a3cdf819.tar.xz linux-13210fc63f353fe78584048079343413a3cdf819.zip

netfilter: nf_tables: imbalance in flowtable binding

All these cases cause imbalance between BIND and UNBIND calls: - Delete an interface from a flowtable with multiple interfaces - Add a (device to a) flowtable with --check flag - Delete a netns containing a flowtable - In an interactive nft session, create a table with owner flag and flowtable inside, then quit. Fix it by calling FLOW_BLOCK_UNBIND when unregistering hooks, then remove late FLOW_BLOCK_UNBIND call when destroying flowtable. Fixes: ff4bf2f42a40 ("netfilter: nf_tables: add nft_unregister_flowtable_hook()") Reported-by: Phil Sutter <phil@nwl.cc> Tested-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'security')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: