netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV

Bail out on using the tunnel dst template from other than netdev family. Add the infrastructure to check for the family in objects. Fixes: af308b94a2a4 ("netfilter: nf_tables: add tunnel support") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2024-01-24 01:45:32 +0300
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2024-02-01 01:07:04 +0300
commit: 776d451648443f9884be4a1b4e38e8faf1c621f9 (patch)
tree: 89653106ce22d62733c460d45e19cd672c8a8510 /net/netfilter/nft_tunnel.c
parent: fb366fc7541a1de521ab3df58471746aa793b833 (diff)
download: linux-776d451648443f9884be4a1b4e38e8faf1c621f9.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nft_tunnel.c b/net/netfilter/nft_tunnel.c
index 9f21953c7433..f735d79d8be5 100644
--- a/net/netfilter/nft_tunnel.c
+++ b/net/netfilter/nft_tunnel.c
@@ -713,6 +713,7 @@ static const struct nft_object_ops nft_tunnel_obj_ops = {
 
 static struct nft_object_type nft_tunnel_obj_type __read_mostly = {
 	.type		= NFT_OBJECT_TUNNEL,
+	.family		= NFPROTO_NETDEV,
 	.ops		= &nft_tunnel_obj_ops,
 	.maxattr	= NFTA_TUNNEL_KEY_MAX,
 	.policy		= nft_tunnel_key_policy,
author	Pablo Neira Ayuso <pablo@netfilter.org>	2024-01-24 01:45:32 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2024-02-01 01:07:04 +0300
commit	776d451648443f9884be4a1b4e38e8faf1c621f9 (patch)
tree	89653106ce22d62733c460d45e19cd672c8a8510 /net/netfilter/nft_tunnel.c
parent	fb366fc7541a1de521ab3df58471746aa793b833 (diff)
download	linux-776d451648443f9884be4a1b4e38e8faf1c621f9.tar.xz