summaryrefslogtreecommitdiffstats
path: root/tests/shell/testcases/owner/0001-flowtable-uaf
Commit message (Collapse)AuthorAgeFilesLines
* tests: shell: skip flowtable-uaf if we lack table owner supportFlorian Westphal2023-09-221-0/+2
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* evaluate: bail out if new flowtable does not specify hook and priorityPablo Neira Ayuso2023-04-241-0/+2
| | | | | | | | | | | | | | | | | | | | If user forgets to specify the hook and priority and the flowtable does not exist, then bail out: # cat flowtable-incomplete.nft table t { flowtable f { devices = { lo } } } # nft -f /tmp/k flowtable-incomplete.nft:2:12-12: Error: missing hook and priority in flowtable declaration flowtable f { ^ Update one existing tests/shell to specify a hook and priority. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tests: add test case for flowtable with owner flagFlorian Westphal2022-02-221-0/+22
BUG: KASAN: use-after-free in nf_hook_entries_grow+0x675/0x980 Read of size 4 at ... nft/19662 nf_hook_entries_grow+0x675/0x980 This is fixed by kernel commit 6069da443bf ("netfilter: nf_tables: unregister flowtable hooks on netns exit"). The test case here uses owner flag, netlink event handler doesn't release the flowtable, next attempt to add one then causes uaf because of dangling ingress hook reference. Signed-off-by: Florian Westphal <fw@strlen.de>