netfilter: nft_compat: use the match->table to validate dependencies

Instead of the match->name, which is of course not relevant.

Fixes: f3f5dde ("netfilter: nft_compat: validate chain type in match/target")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
index 70dc9651630556bafaaaae4661dbe88a3b343708..265e190f22187d83de1a9ed07913ef153cf1f03f 100644 (file)
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -346,7 +346,7 @@ nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
        union nft_entry e = {};
        int ret;
 
-       ret = nft_compat_chain_validate_dependency(match->name, ctx->chain);
+       ret = nft_compat_chain_validate_dependency(match->table, ctx->chain);
        if (ret < 0)
                goto err;
 
@@ -420,7 +420,7 @@ static int nft_match_validate(const struct nft_ctx *ctx,
                if (!(hook_mask & match->hooks))
                        return -EINVAL;
 
-               ret = nft_compat_chain_validate_dependency(match->name,
+               ret = nft_compat_chain_validate_dependency(match->table,
                                                           ctx->chain);
                if (ret < 0)
                        return ret;