diff options
| -rw-r--r-- | src/evaluate.c | 6 | ||||
| -rwxr-xr-x | tests/shell/testcases/owner/0001-flowtable-uaf | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 35910b03..a1c3895c 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -4732,8 +4732,12 @@ static int flowtable_evaluate(struct eval_ctx *ctx, struct flowtable *ft) if (table == NULL) return table_not_found(ctx); - if (!ft_cache_find(table, ft->handle.flowtable.name)) + if (!ft_cache_find(table, ft->handle.flowtable.name)) { + if (!ft->hook.name) + return chain_error(ctx, ft, "missing hook and priority in flowtable declaration"); + ft_cache_add(flowtable_get(ft), table); + } if (ft->hook.name) { ft->hook.num = str2hooknum(NFPROTO_NETDEV, ft->hook.name); diff --git a/tests/shell/testcases/owner/0001-flowtable-uaf b/tests/shell/testcases/owner/0001-flowtable-uaf index 4efbe75c..8b7a551c 100755 --- a/tests/shell/testcases/owner/0001-flowtable-uaf +++ b/tests/shell/testcases/owner/0001-flowtable-uaf @@ -6,6 +6,7 @@ $NFT -f - <<EOF table t { flags owner flowtable f { + hook ingress priority 0 devices = { lo } } } @@ -16,6 +17,7 @@ $NFT -f - <<EOF table t { flags owner flowtable f { + hook ingress priority 0 devices = { lo } } } |