Commit 27c44305 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Lee Jones
Browse files

UPSTREAM: netfilter: nf_tables: disallow anonymous set with timeout flag 



commit 16603605 upstream.

Anonymous sets are never used with timeout from userspace, reject this.
Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.

Bug: 329055463
Cc: stable@vger.kernel.org
Fixes: 761da293 ("netfilter: nf_tables: add set timeout API support")
Reported-by: default avatarlonial con <kongln9170@gmail.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 72c1efe3)
Signed-off-by: default avatarLee Jones <joneslee@google.com>
Change-Id: I8c1c818e3d155d5edefee0b741568104081efb38
parent 56ba301c
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment