git.ipfire.org Git - thirdparty/linux.git/commit

author	Florian Westphal <fw@strlen.de>
	Thu, 18 Jun 2026 06:16:18 +0000 (08:16 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sat, 20 Jun 2026 22:18:26 +0000 (00:18 +0200)
commit	bff1c8b49a9cb5c04af20f4e7d43bf4af5863bc6
tree	9148f22e6235d9c2bba5b08cb66a94288ba69b67	tree \| snapshot
parent	213be32f46a29ca15a314df06c3424ecffd6c90a	commit \| diff

netfilter: nft_meta_bridge: add validate callback for get operations

Blamed commit added NFT_META_BRI_IIFHWADDR to the set validate callback,
yet this is a get operation.

Add a get validate callback and move the NFT_META_BRI_IIFHWADDR key
there.

AFAICS this is harmless, NFT_META_BRI_IIFHWADDR can deal with a NULL
input device and the set handler ignores a NFT_META_BRI_IIFHWADDR
operation, but it allows to read 4 bytes off bridge skb->cb[].

Fixes: cbd2257dc96e ("netfilter: nft_meta_bridge: introduce NFT_META_BRI_IIFHWADDR support")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nft_meta.h		diff \| blob \| blame \| history
net/bridge/netfilter/nft_meta_bridge.c		diff \| blob \| blame \| history
net/netfilter/nft_meta.c		diff \| blob \| blame \| history