127917c29a432c3b798e014a1714e9c1af0f87fe - kernel/msm-4.19

commit	127917c29a432c3b798e014a1714e9c1af0f87fe	[log] [tgz]
author	Pablo Neira Ayuso <pablo@netfilter.org>	Mon Oct 27 14:08:17 2014 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	Fri Oct 31 12:50:09 2014 +0100
tree	9a488cb70c3b6e802829b4cf6060aad86850c47b
parent	523b929d5446c023e1219aa81455a8c766cac883 [diff]

netfilter: nft_reject_bridge: restrict reject to prerouting and input

Restrict the reject expression to the prerouting and input bridge
hooks. If we allow this to be used from forward or any other later
bridge hook, if the frame is flooded to several ports, we'll end up
sending several reject packets, one per cloned packet.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/bridge/netfilter/nft_reject_bridge.c[diff]

1 file changed

tree: 9a488cb70c3b6e802829b4cf6060aad86850c47b