@@ -276,18 +276,24 @@ enum {
};
static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
- u_int16_t subsys_id)
+ __be16 __subsys_id)
{
struct sk_buff *oskb = skb;
struct net *net = sock_net(skb->sk);
const struct nfnetlink_subsystem *ss;
const struct nfnl_callback *nc;
static LIST_HEAD(err_list);
+ u16 subsys_id = ntohs(__subsys_id);
u32 status;
int err;
- if (subsys_id >= NFNL_SUBSYS_COUNT)
- return netlink_ack(skb, nlh, -EINVAL);
+ if (subsys_id >= NFNL_SUBSYS_COUNT) {
+ /* Work around old nft using host byte order */
+ if (NFNL_SUBSYS_NFTABLES != (__force __u16) __subsys_id)
+ return netlink_ack(skb, nlh, -EINVAL);
+
+ subsys_id = (__force __u16) __subsys_id;
+ }
replay:
status = 0;
The nfgenmsg res_id is __be16. Unfortunately nftables batch support uses host byte order. This adds a compat workaround for old nft userspace. Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Florian Westphal <fw@strlen.de> --- net/netfilter/nfnetlink.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-)