netfilter: nft_ct: reject direction for ct id

ummakynes · smb49 · commit 99a927096767 · 2024-06-07T14:55:50.000+02:00
BugLink: https://bugs.launchpad.net/bugs/2059991 [ Upstream commit 38ed1c7 ] Direction attribute is ignored, reject it in case this ever needs to be supported Fixes: 3087c3f ("netfilter: nft_ct: Add ct id support") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Portia Stephens <portia.stephens@canonical.com> Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
@@ -474,6 +474,9 @@ static int nft_ct_get_init(const struct nft_ctx *ctx,
 		break;
 #endif
 	case NFT_CT_ID:
+		if (tb[NFTA_CT_DIRECTION])
+			return -EINVAL;
+
 		len = sizeof(u32);
 		break;
 	default:
