forked from rpms/kernel
35 lines
921 B
Diff
35 lines
921 B
Diff
|
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
|
||
|
|
index c52a1dd1b..3ff44747e 100644
|
||
|
|
--- a/net/netfilter/nf_tables_api.c
|
||
|
|
+++ b/net/netfilter/nf_tables_api.c
|
||
|
|
@@ -8583,16 +8583,10 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data,
|
||
|
|
data->verdict.code = ntohl(nla_get_be32(tb[NFTA_VERDICT_CODE]));
|
||
|
|
|
||
|
|
switch (data->verdict.code) {
|
||
|
|
- default:
|
||
|
|
- switch (data->verdict.code & NF_VERDICT_MASK) {
|
||
|
|
- case NF_ACCEPT:
|
||
|
|
- case NF_DROP:
|
||
|
|
- case NF_QUEUE:
|
||
|
|
- break;
|
||
|
|
- default:
|
||
|
|
- return -EINVAL;
|
||
|
|
- }
|
||
|
|
- /* fall through */
|
||
|
|
+ case NF_ACCEPT:
|
||
|
|
+ case NF_DROP:
|
||
|
|
+ case NF_QUEUE:
|
||
|
|
+ break;
|
||
|
|
case NFT_CONTINUE:
|
||
|
|
case NFT_BREAK:
|
||
|
|
case NFT_RETURN:
|
||
|
|
@@ -8611,6 +8605,8 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data,
|
||
|
|
chain->use++;
|
||
|
|
data->verdict.chain = chain;
|
||
|
|
break;
|
||
|
|
+ default:
|
||
|
|
+ return -EINVAL;
|
||
|
|
}
|
||
|
|
|
||
|
|
desc->len = sizeof(data->verdict);
|