summaryrefslogtreecommitdiff
path: root/net/netfilter/nft_xfrm.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/netfilter/nft_xfrm.c')
-rw-r--r--net/netfilter/nft_xfrm.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/net/netfilter/nft_xfrm.c b/net/netfilter/nft_xfrm.c
index 452f8587adda..1c866757db55 100644
--- a/net/netfilter/nft_xfrm.c
+++ b/net/netfilter/nft_xfrm.c
@@ -235,6 +235,11 @@ static int nft_xfrm_validate(const struct nft_ctx *ctx, const struct nft_expr *e
const struct nft_xfrm *priv = nft_expr_priv(expr);
unsigned int hooks;
+ if (ctx->family != NFPROTO_IPV4 &&
+ ctx->family != NFPROTO_IPV6 &&
+ ctx->family != NFPROTO_INET)
+ return -EOPNOTSUPP;
+
switch (priv->dir) {
case XFRM_POLICY_IN:
hooks = (1 << NF_INET_FORWARD) |
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-11 18:29:16 +0000