[PATCH nf-next 10/19] netfilter: nft_payload: allow offload in the netlink

[Boris Sukholitko <boris.sukholitko@xxxxxxxxxxxx>]

Userspace may send NFT_PAYLOAD_CAN_OFFLOAD in NFTA_PAYLOAD_CSUM_FLAGS now.

Signed-off-by: Boris Sukholitko <boris.sukholitko@xxxxxxxxxxxx>
---
 net/netfilter/nft_payload.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
index 9e11df7389ca..a633f851316e 100644
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -898,7 +898,7 @@ static int nft_payload_set_init(const struct nft_ctx *ctx,
 		u32 flags;
 
 		flags = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_FLAGS]));
-		if (flags & ~NFT_PAYLOAD_L4CSUM_PSEUDOHDR)
+		if (flags & ~(NFT_PAYLOAD_L4CSUM_PSEUDOHDR | NFT_PAYLOAD_CAN_OFFLOAD))
 			return -EINVAL;
 
 		priv->csum_flags = flags;
-- 
2.32.0

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature