aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter/nft_socket.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/netfilter/nft_socket.c')
-rw-r--r--net/netfilter/nft_socket.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/net/netfilter/nft_socket.c b/net/netfilter/nft_socket.c
index 7e4f7063f481..c7b78e4ef459 100644
--- a/net/netfilter/nft_socket.c
+++ b/net/netfilter/nft_socket.c
@@ -139,6 +139,11 @@ static int nft_socket_validate(const struct nft_ctx *ctx,
const struct nft_expr *expr,
const struct nft_data **data)
{
+ if (ctx->family != NFPROTO_IPV4 &&
+ ctx->family != NFPROTO_IPV6 &&
+ ctx->family != NFPROTO_INET)
+ return -EOPNOTSUPP;
+
return nft_chain_validate_hooks(ctx->chain,
(1 << NF_INET_PRE_ROUTING) |
(1 << NF_INET_LOCAL_IN) |
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-25 13:27:18 +0000