summaryrefslogtreecommitdiff
path: root/net/netfilter/nft_lookup.c
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2018-07-24 19:21:58 -0700
committerDavid S. Miller <davem@davemloft.net>2018-07-24 19:21:58 -0700
commit19725496da5602b401eae389736ab00d1817e264 (patch)
tree4c1a94bf0121769110f1b9c08ee337a55679a48a /net/netfilter/nft_lookup.c
parentaea5f654e6b78a0c976f7a25950155932c77a53f (diff)
parent9981b4fb8684883dcc0daf088891ff32260b9794 (diff)
Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net
Diffstat (limited to 'net/netfilter/nft_lookup.c')
-rw-r--r--net/netfilter/nft_lookup.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c
index 42e6fadf1417..c2a1d84cdfc4 100644
--- a/net/netfilter/nft_lookup.c
+++ b/net/netfilter/nft_lookup.c
@@ -155,7 +155,9 @@ static int nft_lookup_validate_setelem(const struct nft_ctx *ctx,
struct nft_set_elem *elem)
{
const struct nft_set_ext *ext = nft_set_elem_ext(set, elem->priv);
+ struct nft_ctx *pctx = (struct nft_ctx *)ctx;
const struct nft_data *data;
+ int err;
if (nft_set_ext_exists(ext, NFT_SET_EXT_FLAGS) &&
*nft_set_ext_flags(ext) & NFT_SET_ELEM_INTERVAL_END)
@@ -165,10 +167,17 @@ static int nft_lookup_validate_setelem(const struct nft_ctx *ctx,
switch (data->verdict.code) {
case NFT_JUMP:
case NFT_GOTO:
- return nft_chain_validate(ctx, data->verdict.chain);
+ pctx->level++;
+ err = nft_chain_validate(ctx, data->verdict.chain);
+ if (err < 0)
+ return err;
+ pctx->level--;
+ break;
default:
- return 0;
+ break;
}
+
+ return 0;
}
static int nft_lookup_validate(const struct nft_ctx *ctx,