On Fri, Jan 12, 2024 at 04:54:35AM +0300, Cengiz Can wrote: > From: Phil Sutter <phil@xxxxxx> > > commit f1082dd31fe461d482d69da2a8eccfeb7bf07ac2 upstream. > > An nftables family is merely a hollow container, its family just a > number and such not reliant on compile-time options other than nftables > support itself. Add an artificial check so attempts at using a family > the kernel can't support fail as early as possible. This helps user > space detect kernels which lack e.g. NFPROTO_INET. > > Signed-off-by: Phil Sutter <phil@xxxxxx> > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > Signed-off-by: Cengiz Can <cengiz.can@xxxxxxxxxxxxx> > --- > net/netfilter/nf_tables_api.c | 27 +++++++++++++++++++++++++++ > 1 file changed, 27 insertions(+) Any specific reason you sent this to us for inclusion _AFTER_ you posted to oss-security, notifying the world of the issue? Anyway, I have queued them up already from that report, and just now got to these patches in my queue, making me a little bit less grumpy, but not a lot. Please be more considerate next time. greg k-h
