netfilter: nf_tables_offload: return EOPNOTSUPP if rule specifies no actions

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

If the rule only specifies the matching side, return EOPNOTSUPP.
Otherwise, the front-end relies on the drivers to reject this rule.

Fixes: c9626a2cbdb2 ("netfilter: nf_tables: add hardware offload support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso 6 years ago 81ec6107 fd57d0cb

1 changed file

expand all

net

netfilter

nf_tables_offload.c

net/netfilter/nf_tables_offload.c

··· 44 44 expr = nft_expr_next(expr); 45 45 } 46 46 47 + if (num_actions == 0) 48 + return ERR_PTR(-EOPNOTSUPP); 49 + 47 50 flow = nft_flow_rule_alloc(num_actions); 48 51 if (!flow) 49 52 return ERR_PTR(-ENOMEM);