linux.git - Linux kernel source tree

diff options

author	Pablo Neira Ayuso <pablo@netfilter.org>	2026-03-31 23:08:02 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2026-04-01 11:55:30 +0200
commit	da107398cbd4bbdb6bffecb2ce86d5c9384f4cec (patch)
tree	f07cd6eb7ba50a53ce6f69ef03030150aa22b7ec /drivers/usb/input/git@git.tavy.me:linux.git
parent	3d5d488f11776738deab9da336038add95d342d1 (diff)

netfilter: nf_tables: reject immediate NF_QUEUE verdict

nft_queue is always used from userspace nftables to deliver the NF_QUEUE verdict. Immediately emitting an NF_QUEUE verdict is never used by the userspace nft tools, so reject immediate NF_QUEUE verdicts. The arp family does not provide queue support, but such an immediate verdict is still reachable. Globally reject NF_QUEUE immediate verdicts to address this issue. Fixes: f342de4e2f33 ("netfilter: nf_tables: reject QUEUE/DROP verdict parameters") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'drivers/usb/input/git@git.tavy.me:linux.git')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: