Unverified Commit 42514171 authored May 17, 2024 by openeuler-ci-bot Committed by Gitee May 17, 2024

!7257 netfilter: nf_tables: disallow anonymous set with timeout flag

Merge Pull Request from: @ci-robot 
 
PR sync from: Guo Mengqi <guomengqi3@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/HUZKTHTXHPRGGCGGN7AUGDX47NXZSWWJ/ 
 
https://gitee.com/src-openeuler/kernel/issues/I9AK56 
 
Link:https://gitee.com/openeuler/kernel/pulls/7257

 

Reviewed-by: Yue Haibing <yuehaibing@huawei.com>
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

parents 2efde606 a49a03aa

net/netfilter/nf_tables_api.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -4358,6 +4358,9 @@ static int nf_tables_newset(struct net net, struct sock nlsk,
		if ((flags & (NFT_SET_EVAL \| NFT_SET_OBJECT)) ==
		(NFT_SET_EVAL \| NFT_SET_OBJECT))
		return -EOPNOTSUPP;
		if ((flags & (NFT_SET_ANONYMOUS \| NFT_SET_TIMEOUT \| NFT_SET_EVAL)) ==
		(NFT_SET_ANONYMOUS \| NFT_SET_TIMEOUT))
		return -EOPNOTSUPP;
		}

		dtype = 0;