git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 15 Apr 2026 10:21:00 +0000 (12:21 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 20 Apr 2026 21:27:52 +0000 (23:27 +0200)
commit	b6fe26f86a1649f84e057f3f15605b08eda15497
tree	de3f33cbd26fd6909ea67769d4f46e2330ce0a92	tree \| snapshot
parent	6e7066bdb481a87fe88c4fa563e348c03b2d373d	commit \| diff

netfilter: xtables: restrict several matches to inet family

This is a partial revert of:

commit ab4f21e6fb1c ("netfilter: xtables: use NFPROTO_UNSPEC in more extensions")

to allow ipv4 and ipv6 only.

- xt_mac
- xt_owner
- xt_physdev

These extensions are not used by ebtables in userspace.

Moreover, xt_realm is only for ipv4, since dst->tclassid is ipv4
specific.

Fixes: ab4f21e6fb1c ("netfilter: xtables: use NFPROTO_UNSPEC in more extensions")
Reported-by: "Kito Xu (veritas501)" <hxzene@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/netfilter/xt_mac.c		diff \| blob \| blame \| history
net/netfilter/xt_owner.c		diff \| blob \| blame \| history
net/netfilter/xt_physdev.c		diff \| blob \| blame \| history
net/netfilter/xt_realm.c		diff \| blob \| blame \| history