Unverified Commit ee052396 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!4125 [sync] PR-4022: netfilter: nf_tables: Reject tables of unsupported family 

Merge Pull Request from: @openeuler-sync-bot 
 

Origin pull request: 
https://gitee.com/openeuler/kernel/pulls/4022 
 
PR sync from: Liu Jian <liujian56@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/WN46WF6EJBG4JYCLJVK3AIS62D63QLZI/ 
 
https://gitee.com/src-openeuler/kernel/issues/I8VPKT 
 
Link:https://gitee.com/openeuler/kernel/pulls/4125

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents a6eddbeb bdb7c8bb

net/netfilter/nf_tables_api.c

+27 −0
Original line number Diff line number Diff line
@@ -1151,6 +1151,30 @@ static int nft_objname_hash_cmp(struct rhashtable_compare_arg *arg, 
	return strcmp(obj->key.name, k->name);

}



static bool nft_supported_family(u8 family)

{

	return false

#ifdef CONFIG_NF_TABLES_INET

		|| family == NFPROTO_INET

#endif

#ifdef CONFIG_NF_TABLES_IPV4

		|| family == NFPROTO_IPV4

#endif

#ifdef CONFIG_NF_TABLES_ARP

		|| family == NFPROTO_ARP

#endif

#ifdef CONFIG_NF_TABLES_NETDEV

		|| family == NFPROTO_NETDEV

#endif

#if IS_ENABLED(CONFIG_NF_TABLES_BRIDGE)

		|| family == NFPROTO_BRIDGE

#endif

#ifdef CONFIG_NF_TABLES_IPV6

		|| family == NFPROTO_IPV6

#endif

		;

}



static int nf_tables_newtable(struct net *net, struct sock *nlsk,

			      struct sk_buff *skb, const struct nlmsghdr *nlh,

			      const struct nlattr * const nla[],
@@ -1166,6 +1190,9 @@ static int nf_tables_newtable(struct net *net, struct sock *nlsk, 
	u32 flags = 0;

	int err;



	if (!nft_supported_family(family))

		return -EOPNOTSUPP;



	lockdep_assert_held(&nft_net->commit_mutex);

	attr = nla[NFTA_TABLE_NAME];

	table = nft_table_lookup(net, attr, family, genmask);