netfilter: nft_dynset: disallow object maps

[ Upstream commit 23185c6aed ] Do not allow to insert elements from datapath to objects maps. Fixes: 8aeff920dc ("netfilter: nf_tables: add stateful object reference to set elements") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-09-30 06:10:56 +00:00 · 2023-08-15 15:39:02 +02:00 · 2023-08-15 15:39:02 +02:00 · bf221e5e4b
commit bf221e5e4b
parent 9177869b85
1 changed files with 3 additions and 0 deletions
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@ -191,6 +191,9 @@ static int nft_dynset_init(const struct nft_ctx *ctx,
 	if (IS_ERR(set))
 		return PTR_ERR(set);

+	if (set->flags & NFT_SET_OBJECT)
+		return -EOPNOTSUPP;
+
 	if (set->ops->update == NULL)
 		return -EOPNOTSUPP;