netfilter: nft_tunnel: restrict it to netdev family
authorPablo Neira Ayuso <pablo@netfilter.org>
Sun, 21 Aug 2022 14:32:44 +0000 (16:32 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 24 Aug 2022 05:43:21 +0000 (07:43 +0200)
Only allow to use this expression from NFPROTO_NETDEV family.

Fixes: af308b94a2a4 ("netfilter: nf_tables: add tunnel support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_tunnel.c

index 5edaaded706d9cf018ad39ef64184507c99a6778..983ade4be3b39b1cb55396a0f7ca8e2e0d0c4cac 100644 (file)
@@ -161,6 +161,7 @@ static const struct nft_expr_ops nft_tunnel_get_ops = {
 
 static struct nft_expr_type nft_tunnel_type __read_mostly = {
        .name           = "tunnel",
+       .family         = NFPROTO_NETDEV,
        .ops            = &nft_tunnel_get_ops,
        .policy         = nft_tunnel_policy,
        .maxattr        = NFTA_TUNNEL_MAX,