netfilter: nft_dynset: disallow object maps

[ Upstream commit 23185c6aed1ffb8fc44087880ba2767aba493779 ] Do not allow to insert elements from datapath to objects maps. Fixes: 8aeff920dcc9 ("netfilter: nf_tables: add stateful object reference to set elements") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2023-08-15 15:39:02 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2023-08-30 16:31:48 +0200
commit: 255bb7fd670589c00cb2f8a1353b721306135ca3 (patch)
tree: a8ddd1a3e96a252182b02ba3c392ccd348d6bb99
parent: c55ba238333a9d45234542f2d95667ad4bf3bbe2 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
index 651c9784904c..a4c6aba7da7e 100644
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -144,6 +144,9 @@ static int nft_dynset_init(const struct nft_ctx *ctx,
 	if (IS_ERR(set))
 		return PTR_ERR(set);
 
+	if (set->flags & NFT_SET_OBJECT)
+		return -EOPNOTSUPP;
+
 	if (set->ops->update == NULL)
 		return -EOPNOTSUPP;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2023-08-15 15:39:02 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2023-08-30 16:31:48 +0200
commit	255bb7fd670589c00cb2f8a1353b721306135ca3 (patch)
tree	a8ddd1a3e96a252182b02ba3c392ccd348d6bb99
parent	c55ba238333a9d45234542f2d95667ad4bf3bbe2 (diff)