Merge 6.8-rc3 into usb-next

We need the USB fixes in here as well. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-02-04 06:19:37 -0800
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-02-04 06:19:37 -0800
commit: ed5551279c9100aff6adf337d809057a7532b6f7 (patch)
tree: 32835b919718c82f7a414041d7951971733c2dfe /net/netfilter/nft_synproxy.c
parent: f1a27f081c1fa1eeebf38406e45f29636114470f (diff)
parent: 54be6c6c5ae8e0d93a6c4641cb7528eb0b6ba478 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/net/netfilter/nft_synproxy.c b/net/netfilter/nft_synproxy.c
index 13da882669a4..1d737f89dfc1 100644
--- a/net/netfilter/nft_synproxy.c
+++ b/net/netfilter/nft_synproxy.c
@@ -186,7 +186,6 @@ static int nft_synproxy_do_init(const struct nft_ctx *ctx,
 		break;
 #endif
 	case NFPROTO_INET:
-	case NFPROTO_BRIDGE:
 		err = nf_synproxy_ipv4_init(snet, ctx->net);
 		if (err)
 			goto nf_ct_failure;
@@ -219,7 +218,6 @@ static void nft_synproxy_do_destroy(const struct nft_ctx *ctx)
 		break;
 #endif
 	case NFPROTO_INET:
-	case NFPROTO_BRIDGE:
 		nf_synproxy_ipv4_fini(snet, ctx->net);
 		nf_synproxy_ipv6_fini(snet, ctx->net);
 		break;
@@ -253,6 +251,11 @@ static int nft_synproxy_validate(const struct nft_ctx *ctx,
 				 const struct nft_expr *expr,
 				 const struct nft_data **data)
 {
+	if (ctx->family != NFPROTO_IPV4 &&
+	    ctx->family != NFPROTO_IPV6 &&
+	    ctx->family != NFPROTO_INET)
+		return -EOPNOTSUPP;
+
 	return nft_chain_validate_hooks(ctx->chain, (1 << NF_INET_LOCAL_IN) |
 						    (1 << NF_INET_FORWARD));
 }
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-02-04 06:19:37 -0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-02-04 06:19:37 -0800
commit	ed5551279c9100aff6adf337d809057a7532b6f7 (patch)
tree	32835b919718c82f7a414041d7951971733c2dfe /net/netfilter/nft_synproxy.c
parent	f1a27f081c1fa1eeebf38406e45f29636114470f (diff)
parent	54be6c6c5ae8e0d93a6c4641cb7528eb0b6ba478 (diff)