Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

[platform/kernel/linux-starfive.git] / net / netfilter / nft_tproxy.c

diff --git a/net/netfilter/nft_tproxy.c b/net/netfilter/nft_tproxy.c
index 18e79c0..b5b09a9 100644 (file)
--- a/net/netfilter/nft_tproxy.c
+++ b/net/netfilter/nft_tproxy.c
@@ -30,6 +30,12 @@ static void nft_tproxy_eval_v4(const struct nft_expr *expr,
        __be16 tport = 0;
        struct sock *sk;
 
+       if (pkt->tprot != IPPROTO_TCP &&
+           pkt->tprot != IPPROTO_UDP) {
+               regs->verdict.code = NFT_BREAK;
+               return;
+       }
+
        hp = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_hdr), &_hdr);
        if (!hp) {
                regs->verdict.code = NFT_BREAK;
@@ -91,7 +97,8 @@ static void nft_tproxy_eval_v6(const struct nft_expr *expr,
 
        memset(&taddr, 0, sizeof(taddr));
 
-       if (!pkt->tprot_set) {
+       if (pkt->tprot != IPPROTO_TCP &&
+           pkt->tprot != IPPROTO_UDP) {
                regs->verdict.code = NFT_BREAK;
                return;
        }