netfilter: nft_immediate: cancel register tracking for data destination register
The immediate expression might clobber existing data on the registers, cancel register tracking for the destination register. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso
parent
5da03b5666
commit
71ef842d73
|
|
@ -223,6 +223,17 @@ static bool nft_immediate_offload_action(const struct nft_expr *expr)
|
|||
return false;
|
||||
}
|
||||
|
||||
static bool nft_immediate_reduce(struct nft_regs_track *track,
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
const struct nft_immediate_expr *priv = nft_expr_priv(expr);
|
||||
|
||||
if (priv->dreg != NFT_REG_VERDICT)
|
||||
nft_reg_track_cancel(track, priv->dreg, priv->dlen);
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static const struct nft_expr_ops nft_imm_ops = {
|
||||
.type = &nft_imm_type,
|
||||
.size = NFT_EXPR_SIZE(sizeof(struct nft_immediate_expr)),
|
||||
|
|
@ -233,6 +244,7 @@ static const struct nft_expr_ops nft_imm_ops = {
|
|||
.destroy = nft_immediate_destroy,
|
||||
.dump = nft_immediate_dump,
|
||||
.validate = nft_immediate_validate,
|
||||
.reduce = nft_immediate_reduce,
|
||||
.offload = nft_immediate_offload,
|
||||
.offload_action = nft_immediate_offload_action,
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in New Issue