commit | 6cd426bc7593ecf04a02c901d94e04093bdf69e4 | [log] [tgz] |
---|---|---|
author | Pablo Neira Ayuso <pablo@netfilter.org> | Tue Oct 08 12:13:57 2013 +0200 |
committer | Pablo Neira Ayuso <pablo@netfilter.org> | Mon Dec 30 23:50:52 2013 +0100 |
tree | 0ea7a510623f5debe46772178f545b75eae21bbc | |
parent | 5f6e384ac2a3d7b647a909654a3bdee1c0bcb3eb [diff] |
nft: fix bad length when comparing extension data area Use ->userspacesize to compare the extension data area, otherwise we also compare the internal private pointers which are only meaningful to the kernelspace. This fixes: xtables -4 -D INPUT -m connlimit \ --connlimit-above 10 --connlimit-mask 32 --connlimit-daddr But it also fixes many other matches/targets which use internal private data. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>