diff options
| author | Jeremy Sowden <jeremy@azazel.net> | 2020-01-15 20:05:55 +0000 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-01-16 15:52:01 +0100 |
| commit | ed991d43634b11e759a800850ba9656b5b467a56 (patch) | |
| tree | 8b0cb4761e218e1baab88017cfc619383103eb16 /net/netfilter | |
| parent | 4d57ca2be146bdb272b57892ec59cd273f9ef3fc (diff) | |
| download | linux-next-ed991d43634b11e759a800850ba9656b5b467a56.tar.gz | |
netfilter: bitwise: only offload boolean operations.
Only boolean operations supports offloading, so check the type of the
operation and return an error for other types.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nft_bitwise.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c index 41265134cf0b..b4619d9989ea 100644 --- a/net/netfilter/nft_bitwise.c +++ b/net/netfilter/nft_bitwise.c @@ -189,6 +189,9 @@ static int nft_bitwise_offload(struct nft_offload_ctx *ctx, const struct nft_bitwise *priv = nft_expr_priv(expr); struct nft_offload_reg *reg = &ctx->regs[priv->dreg]; + if (priv->op != NFT_BITWISE_BOOL) + return -EOPNOTSUPP; + if (memcmp(&priv->xor, &zero, sizeof(priv->xor)) || priv->sreg != priv->dreg || priv->len != reg->len) return -EOPNOTSUPP; |