Message ID | 1471880633-21640-1-git-send-email-zlpnobody@163.com |
---|---|
State | Accepted |
Delegated to: | Pablo Neira |
Headers | show |
On Mon, Aug 22, 2016 at 11:43:53PM +0800, Liping Zhang wrote: > From: Liping Zhang <liping.zhang@spreadtrum.com> > > Reject expr is only valid in input/forward/output chain, > and if user can add reject expr in prerouting chain, kernel > panic will happen. > > So add a simple test case to cover this situation. Also applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/tests/shell/testcases/chains/0012reject_in_prerouting_1 b/tests/shell/testcases/chains/0012reject_in_prerouting_1 new file mode 100755 index 0000000..81cda0c --- /dev/null +++ b/tests/shell/testcases/chains/0012reject_in_prerouting_1 @@ -0,0 +1,9 @@ +#!/bin/bash + +set -e + +$NFT add table t +$NFT add chain t prerouting {type filter hook prerouting priority 0 \; } +# wrong hook prerouting, only input/forward/output is valid +$NFT add rule t prerouting reject 2>/dev/null +echo "E: accepted reject in prerouting hook" >&2