[nft,v2,3/4] stmt_evaluate_reset: Have a generic fix for missing network context

Commit 17b495957b29e ("evaluate: reject: fix crash if we have transport
protocol conflict from inet") took care of a crash when using inet or
bridge families, but since then netdev family has been added which also
does not implicitly define the network context. Therefore the crash can
be reproduced again using the following example:

nft add rule netdev filter e1000-ingress \
		meta l4proto udp reject with tcp reset

In order to fix this in a more generic way, have stmt_evaluate_reset()
fall back to the generic proto_inet_service irrespective of the actual
proto context.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
Changes since v1:
- Found the real cause for the problem after some more code and git
  history research, so rewrote the patch from scratch.
---
 src/evaluate.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

On Tue, Aug 30, 2016 at 07:39:51PM +0200, Phil Sutter wrote:
> Commit 17b495957b29e ("evaluate: reject: fix crash if we have transport
> protocol conflict from inet") took care of a crash when using inet or
> bridge families, but since then netdev family has been added which also
> does not implicitly define the network context. Therefore the crash can
> be reproduced again using the following example:
> 
> nft add rule netdev filter e1000-ingress \
> 		meta l4proto udp reject with tcp reset
> 
> In order to fix this in a more generic way, have stmt_evaluate_reset()
> fall back to the generic proto_inet_service irrespective of the actual
> proto context.

Applied, thanks.

This reminds me that the reject code needs care, it is a bit tangled.
This was made by a GSoC student.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html