summaryrefslogtreecommitdiffstats
path: root/net/bridge/netfilter/ebt_limit.c
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2021-04-26 12:14:40 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2021-04-26 18:16:56 +0200
commit47a6959fa331fe892a4fc3b48ca08e92045c6bda (patch)
tree02aaee18c39de580c05dc3bb186a3e642200b81d /net/bridge/netfilter/ebt_limit.c
parent50f2db9e368f73ecbbaa92da365183fa953aaba7 (diff)
downloadlinux-stable-47a6959fa331fe892a4fc3b48ca08e92045c6bda.tar.gz
linux-stable-47a6959fa331fe892a4fc3b48ca08e92045c6bda.tar.bz2
linux-stable-47a6959fa331fe892a4fc3b48ca08e92045c6bda.zip
netfilter: allow to turn off xtables compat layer
The compat layer needs to parse untrusted input (the ruleset) to translate it to a 64bit compatible format. We had a number of bugs in this department in the past, so allow users to turn this feature off. Add CONFIG_NETFILTER_XTABLES_COMPAT kconfig knob and make it default to y to keep existing behaviour. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/bridge/netfilter/ebt_limit.c')
-rw-r--r--net/bridge/netfilter/ebt_limit.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
index fa199556e122..e16183bd1bb8 100644
--- a/net/bridge/netfilter/ebt_limit.c
+++ b/net/bridge/netfilter/ebt_limit.c
@@ -87,7 +87,7 @@ static int ebt_limit_mt_check(const struct xt_mtchk_param *par)
}
-#ifdef CONFIG_COMPAT
+#ifdef CONFIG_NETFILTER_XTABLES_COMPAT
/*
* no conversion function needed --
* only avg/burst have meaningful values in userspace.
@@ -107,7 +107,7 @@ static struct xt_match ebt_limit_mt_reg __read_mostly = {
.checkentry = ebt_limit_mt_check,
.matchsize = sizeof(struct ebt_limit_info),
.usersize = offsetof(struct ebt_limit_info, prev),
-#ifdef CONFIG_COMPAT
+#ifdef CONFIG_NETFILTER_XTABLES_COMPAT
.compatsize = sizeof(struct ebt_compat_limit_info),
#endif
.me = THIS_MODULE,
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 08:54:55 +0000