projects / linux-2.6-microblaze.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b135fc0)
netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type
authorPablo Neira Ayuso <pablo@netfilter.org>
Tue, 7 Apr 2020 12:10:11 +0000 (14:10 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 7 Apr 2020 16:22:46 +0000 (18:22 +0200)
EINVAL should be used for malformed netlink messages. New userspace
utility and old kernels might easily result in EINVAL when exercising
new set features, which is misleading.

Fixes: 8aeff920dcc9 ("netfilter: nf_tables: add stateful object reference to set elements")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_tables_api.c patch | blob | history

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index f91e96d..21cbde6 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3963,7 +3963,7 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk,
                              NFT_SET_INTERVAL | NFT_SET_TIMEOUT |
                              NFT_SET_MAP | NFT_SET_EVAL |
                              NFT_SET_OBJECT))
-                       return -EINVAL;
+                       return -EOPNOTSUPP;
                /* Only one of these operations is supported */
                if ((flags & (NFT_SET_MAP | NFT_SET_OBJECT)) ==
                             (NFT_SET_MAP | NFT_SET_OBJECT))
@@ -4001,7 +4001,7 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk,
                objtype = ntohl(nla_get_be32(nla[NFTA_SET_OBJ_TYPE]));
                if (objtype == NFT_OBJECT_UNSPEC ||
                    objtype > NFT_OBJECT_MAX)
-                       return -EINVAL;
+                       return -EOPNOTSUPP;
        } else if (flags & NFT_SET_OBJECT)
                return -EINVAL;
        else
MicroBlaze GIT Repository