diff mbox series

[nf] netfilter: nft_fwd: really validate family

Message ID 20220821103813.734773-2-pablo@netfilter.org
State Not Applicable
Delegated to: Pablo Neira
Headers show
Series [nf] netfilter: nft_fwd: really validate family | expand

Commit Message

Pablo Neira Ayuso Aug. 21, 2022, 10:38 a.m. UTC 
This only supports for the netdev family, report EOPNOTSUPP otherwise.

Fixes: 76a109fac206 ("netfilter: nft_fwd_netdev: validate family and chain type")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nft_fwd_netdev.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Pablo Neira Ayuso Aug. 21, 2022, 2 p.m. UTC | #1 
On Sun, Aug 21, 2022 at 12:38:13PM +0200, Pablo Neira Ayuso wrote:
> This only supports for the netdev family, report EOPNOTSUPP otherwise.

Scratch this, this is already validated via .family field in
expression type.
diff mbox series

Patch

diff --git a/net/netfilter/nft_fwd_netdev.c b/net/netfilter/nft_fwd_netdev.c
index 7c5876dc9ff2..138313123da6 100644
--- a/net/netfilter/nft_fwd_netdev.c
+++ b/net/netfilter/nft_fwd_netdev.c
@@ -205,6 +205,9 @@  static int nft_fwd_validate(const struct nft_ctx *ctx,
 			    const struct nft_expr *expr,
 			    const struct nft_data **data)
 {
+	if (ctx->family != NFPROTO_NETDEV)
+		return -EOPNOTSUPP;
+
 	return nft_chain_validate_hooks(ctx->chain, (1 << NF_NETDEV_INGRESS) |
 						    (1 << NF_NETDEV_EGRESS));
 }