netfilter: nft_ct: reject direction for ct id

Direction attribute is ignored, reject it in case this ever needs to be supported Fixes: 3087c3f7c23b ("netfilter: nft_ct: Add ct id support") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2024-02-05 14:59:24 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2024-02-08 12:10:19 +0100
commit: 38ed1c7062ada30d7c11e7a7acc749bf27aa14aa (patch)
tree: 5ec0a4ce8640a267b1807e6cf157cfbd48ea7acb /net/netfilter
parent: fa173a1b4e3fd1ab5451cbc57de6fc624c824b0a (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index aac98a3c966e..bfd3e5a14dab 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -476,6 +476,9 @@ static int nft_ct_get_init(const struct nft_ctx *ctx,
 		break;
 #endif
 	case NFT_CT_ID:
+		if (tb[NFTA_CT_DIRECTION])
+			return -EINVAL;
+
 		len = sizeof(u32);
 		break;
 	default:
author	Pablo Neira Ayuso <pablo@netfilter.org>	2024-02-05 14:59:24 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2024-02-08 12:10:19 +0100
commit	38ed1c7062ada30d7c11e7a7acc749bf27aa14aa (patch)
tree	5ec0a4ce8640a267b1807e6cf157cfbd48ea7acb /net/netfilter
parent	fa173a1b4e3fd1ab5451cbc57de6fc624c824b0a (diff)