From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 5 Feb 2024 13:59:24 +0000 (+0100)
Subject: netfilter: nft_ct: reject direction for ct id
X-Git-Tag: v6.6.17~46
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=28c5407cd2e4550377a5092ab97f451588fd2ca4;p=platform%2Fkernel%2Flinux-starfive.git

netfilter: nft_ct: reject direction for ct id

[ Upstream commit 38ed1c7062ada30d7c11e7a7acc749bf27aa14aa ]

Direction attribute is ignored, reject it in case this ever needs to be
supported

Fixes: 3087c3f7c23b ("netfilter: nft_ct: Add ct id support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index aac98a3..bfd3e5a 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -476,6 +476,9 @@ static int nft_ct_get_init(const struct nft_ctx *ctx,
 		break;
 #endif
 	case NFT_CT_ID:
+		if (tb[NFTA_CT_DIRECTION])
+			return -EINVAL;
+
 		len = sizeof(u32);
 		break;
 	default: