|
 |
aca4c4 |
From afcbce6924dfe05af4b41bf46b21794f4a4d8302 Mon Sep 17 00:00:00 2001
|
|
|
aca4c4 |
From: Phil Sutter <phil@nwl.cc>
|
|
|
aca4c4 |
Date: Fri, 11 Feb 2022 17:39:24 +0100
|
|
|
aca4c4 |
Subject: [PATCH] libxtables: Register only the highest revision extension
|
|
|
aca4c4 |
|
|
|
aca4c4 |
When fully registering extensions, ignore all consecutive ones with same
|
|
|
aca4c4 |
name and family value. Since commit b3ac87038f4e4 ("libxtables: Make
|
|
|
aca4c4 |
sure extensions register in revision order"), one may safely assume the
|
|
|
aca4c4 |
list of pending extensions has highest revision numbers first. Since
|
|
|
aca4c4 |
iptables is only interested in the highest revision the kernel supports,
|
|
|
aca4c4 |
registration and compatibility checks may be skipped once the first
|
|
|
aca4c4 |
matching extension in pending list has validated.
|
|
|
aca4c4 |
|
|
|
aca4c4 |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
aca4c4 |
(cherry picked from commit 2dbb49d15fb44ddd521a734eca3be3f940b7c1ba)
|
|
|
aca4c4 |
---
|
|
|
aca4c4 |
libxtables/xtables.c | 10 ++++++++--
|
|
|
aca4c4 |
1 file changed, 8 insertions(+), 2 deletions(-)
|
|
|
aca4c4 |
|
|
|
aca4c4 |
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
|
|
|
aca4c4 |
index 4aee74acb6816..57ad0330a454c 100644
|
|
|
aca4c4 |
--- a/libxtables/xtables.c
|
|
|
aca4c4 |
+++ b/libxtables/xtables.c
|
|
|
aca4c4 |
@@ -701,6 +701,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
|
|
|
aca4c4 |
struct xtables_match **dptr;
|
|
|
aca4c4 |
struct xtables_match *ptr;
|
|
|
aca4c4 |
const char *icmp6 = "icmp6";
|
|
|
aca4c4 |
+ bool found = false;
|
|
|
aca4c4 |
|
|
|
aca4c4 |
if (strlen(name) >= XT_EXTENSION_MAXNAMELEN)
|
|
|
aca4c4 |
xtables_error(PARAMETER_PROBLEM,
|
|
|
aca4c4 |
@@ -719,7 +720,9 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
|
|
|
aca4c4 |
if (extension_cmp(name, (*dptr)->name, (*dptr)->family)) {
|
|
|
aca4c4 |
ptr = *dptr;
|
|
|
aca4c4 |
*dptr = (*dptr)->next;
|
|
|
aca4c4 |
- if (xtables_fully_register_pending_match(ptr, prev)) {
|
|
|
aca4c4 |
+ if (!found &&
|
|
|
aca4c4 |
+ xtables_fully_register_pending_match(ptr, prev)) {
|
|
|
aca4c4 |
+ found = true;
|
|
|
aca4c4 |
prev = ptr;
|
|
|
aca4c4 |
continue;
|
|
|
aca4c4 |
} else if (prev) {
|
|
|
aca4c4 |
@@ -821,6 +824,7 @@ xtables_find_target(const char *name, enum xtables_tryload tryload)
|
|
|
aca4c4 |
struct xtables_target *prev = NULL;
|
|
|
aca4c4 |
struct xtables_target **dptr;
|
|
|
aca4c4 |
struct xtables_target *ptr;
|
|
|
aca4c4 |
+ bool found = false;
|
|
|
aca4c4 |
|
|
|
aca4c4 |
/* Standard target? */
|
|
|
aca4c4 |
if (strcmp(name, "") == 0
|
|
|
aca4c4 |
@@ -839,7 +843,9 @@ xtables_find_target(const char *name, enum xtables_tryload tryload)
|
|
|
aca4c4 |
if (extension_cmp(name, (*dptr)->name, (*dptr)->family)) {
|
|
|
aca4c4 |
ptr = *dptr;
|
|
|
aca4c4 |
*dptr = (*dptr)->next;
|
|
|
aca4c4 |
- if (xtables_fully_register_pending_target(ptr, prev)) {
|
|
|
aca4c4 |
+ if (!found &&
|
|
|
aca4c4 |
+ xtables_fully_register_pending_target(ptr, prev)) {
|
|
|
aca4c4 |
+ found = true;
|
|
|
aca4c4 |
prev = ptr;
|
|
|
aca4c4 |
continue;
|
|
|
aca4c4 |
} else if (prev) {
|
|
|
aca4c4 |
--
|
|
|
aca4c4 |
2.34.1
|
|
|
aca4c4 |
|