projects
/
platform
/
kernel
/
linux-starfive.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
02c6c24
)
netfilter: nft_dynset: disallow object maps
author
Pablo Neira Ayuso
<pablo@netfilter.org>
Tue, 15 Aug 2023 13:39:02 +0000
(15:39 +0200)
committer
Florian Westphal
<fw@strlen.de>
Tue, 15 Aug 2023 22:05:15 +0000
(
00:05
+0200)
Do not allow to insert elements from datapath to objects maps.
Fixes: 8aeff920dcc9 ("netfilter: nf_tables: add stateful object reference to set elements")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
net/netfilter/nft_dynset.c
patch
|
blob
|
history
diff --git
a/net/netfilter/nft_dynset.c
b/net/netfilter/nft_dynset.c
index 4fb34d76dbeaffa93629b8147e5a4750dd31ead5..5c5cc01c73c5a7eb1c68fddddc88c8491b3133f6 100644
(file)
--- a/
net/netfilter/nft_dynset.c
+++ b/
net/netfilter/nft_dynset.c
@@
-191,6
+191,9
@@
static int nft_dynset_init(const struct nft_ctx *ctx,
if (IS_ERR(set))
return PTR_ERR(set);
+ if (set->flags & NFT_SET_OBJECT)
+ return -EOPNOTSUPP;
+
if (set->ops->update == NULL)
return -EOPNOTSUPP;