diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-01-23 23:45:32 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-01-31 23:07:04 +0100 |
| commit | 776d451648443f9884be4a1b4e38e8faf1c621f9 (patch) | |
| tree | 89653106ce22d62733c460d45e19cd672c8a8510 /net/netfilter/nft_tunnel.c | |
| parent | fb366fc7541a1de521ab3df58471746aa793b833 (diff) | |
netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
Bail out on using the tunnel dst template from other than netdev family.
Add the infrastructure to check for the family in objects.
Fixes: af308b94a2a4 ("netfilter: nf_tables: add tunnel support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_tunnel.c')
| -rw-r--r-- | net/netfilter/nft_tunnel.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nft_tunnel.c b/net/netfilter/nft_tunnel.c index 9f21953c7433..f735d79d8be5 100644 --- a/net/netfilter/nft_tunnel.c +++ b/net/netfilter/nft_tunnel.c @@ -713,6 +713,7 @@ static const struct nft_object_ops nft_tunnel_obj_ops = { static struct nft_object_type nft_tunnel_obj_type __read_mostly = { .type = NFT_OBJECT_TUNNEL, + .family = NFPROTO_NETDEV, .ops = &nft_tunnel_obj_ops, .maxattr = NFTA_TUNNEL_KEY_MAX, .policy = nft_tunnel_key_policy, |