Commit 620e67a3 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by sanglipeng
Browse files

netfilter: nft_dynset: disallow object maps 

stable inclusion
from stable-v5.10.192
commit a7653eaea0a59a6993c62d3653af5c880ce28533
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I933RF

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a7653eaea0a59a6993c62d3653af5c880ce28533



--------------------------------

[ Upstream commit 23185c6a ]

Do not allow to insert elements from datapath to objects maps.

Fixes: 8aeff920 ("netfilter: nf_tables: add stateful object reference to set elements")
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarsanglipeng <sanglipeng1@jd.com>
parent d3221a16

net/netfilter/nft_dynset.c

+3 −0
Original line number Diff line number Diff line
@@ -138,6 +138,9 @@ static int nft_dynset_init(const struct nft_ctx *ctx, 
	if (IS_ERR(set))

		return PTR_ERR(set);



	if (set->flags & NFT_SET_OBJECT)

		return -EOPNOTSUPP;



	if (set->ops->update == NULL)

		return -EOPNOTSUPP;