netfilter: nf_tables: honor NFT_SET_OBJECT in set backend selection

Check for NFT_SET_OBJECT feature flag, otherwise we may end up selecting the wrong set backend. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2017-02-10 19:59:36 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2017-02-12 14:45:14 +0100
commit: 7286ff7fde9f963736c7e575572899d8e16b06b7 (patch)
tree: 19ac5d52d9197425b45840146028f91e8f03b2c5 /net/netfilter/nf_tables_api.c
parent: netfilter: update MAINTAINERS (diff)
download: wireguard-linux-7286ff7fde9f963736c7e575572899d8e16b06b7.tar.xz
wireguard-linux-7286ff7fde9f963736c7e575572899d8e16b06b7.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 6c782532615f..ff7304ae58ac 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2424,7 +2424,8 @@ nft_select_set_ops(const struct nlattr * const nla[],
 	features = 0;
 	if (nla[NFTA_SET_FLAGS] != NULL) {
 		features = ntohl(nla_get_be32(nla[NFTA_SET_FLAGS]));
-		features &= NFT_SET_INTERVAL | NFT_SET_MAP | NFT_SET_TIMEOUT;
+		features &= NFT_SET_INTERVAL | NFT_SET_MAP | NFT_SET_TIMEOUT |
+			    NFT_SET_OBJECT;
 	}
 
 	bops	    = NULL;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2017-02-10 19:59:36 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2017-02-12 14:45:14 +0100
commit	7286ff7fde9f963736c7e575572899d8e16b06b7 (patch)
tree	19ac5d52d9197425b45840146028f91e8f03b2c5 /net/netfilter/nf_tables_api.c
parent	netfilter: update MAINTAINERS (diff)
download	wireguard-linux-7286ff7fde9f963736c7e575572899d8e16b06b7.tar.xz wireguard-linux-7286ff7fde9f963736c7e575572899d8e16b06b7.zip