Gentwo Git Trees - linux/.git/commit

author	Phil Sutter <phil@nwl.cc>
	Thu, 7 Aug 2025 13:49:59 +0000 (15:49 +0200)
committer	Florian Westphal <fw@strlen.de>
	Thu, 4 Sep 2025 07:19:25 +0000 (09:19 +0200)
commit	4039ce7ef40474d5ba46f414c50cc7020b9cf8ae
tree	53b1f7235347160e5d670ab5479f10aa5641932c	tree \| snapshot
parent	661a4f307fe0f80c1d544e09476ccba9037e8e65	commit \| diff

netfilter: nf_tables: Introduce NFTA_DEVICE_PREFIX

This new attribute is supposed to be used instead of NFTA_DEVICE_NAME
for simple wildcard interface specs. It holds a NUL-terminated string
representing an interface name prefix to match on.

While kernel code to distinguish full names from prefixes in
NFTA_DEVICE_NAME is simpler than this solution, reusing the existing
attribute with different semantics leads to confusion between different
versions of kernel and user space though:

* With old kernels, wildcards submitted by user space are accepted yet
silently treated as regular names.
* With old user space, wildcards submitted by kernel may cause crashes
since libnftnl expects NUL-termination when there is none.

Using a distinct attribute type sanitizes these situations as the
receiving part detects and rejects the unexpected attribute nested in
*_HOOK_DEVS attributes.

Fixes: 6d07a289504a ("netfilter: nf_tables: Support wildcard netdev hook specs")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>

include/uapi/linux/netfilter/nf_tables.h		diff \| blob \| blame \| history
net/netfilter/nf_tables_api.c		diff \| blob \| blame \| history