Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: nft_osf: restrict it to ipv4
This expression only supports for ipv4, restrict it.
Fixes: b96af92d6eaf ("netfilter: nf_tables: implement Passive OS fingerprint module in nft_osf")
Acked-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+5
-1
+5
-1
net/netfilter/nft_osf.c
+5
-1
net/netfilter/nft_osf.c
···
28
28
struct nf_osf_data data;
29
29
struct tcphdr _tcph;
30
30
31
+
if (nft_pf(pkt) != NFPROTO_IPV4) {
32
+
regs->verdict.code = NFT_BREAK;
33
+
return;
34
+
}
35
+
31
36
if (pkt->tprot != IPPROTO_TCP) {
32
37
regs->verdict.code = NFT_BREAK;
33
38
return;
···
119
114
120
115
switch (ctx->family) {
121
116
case NFPROTO_IPV4:
122
-
case NFPROTO_IPV6:
123
117
case NFPROTO_INET:
124
118
hooks = (1 << NF_INET_LOCAL_IN) |
125
119
(1 << NF_INET_PRE_ROUTING) |