net, cls: also reject deleting all filters when TCA_KIND present

When we check for RTM_DELTFILTER, we should also reject the request for deleting all filters under a given parent when TCA_KIND attribute is present. If present, it's currently just ignored but there's also no point to let it pass in the first place either since this doesn't have any meaning with wild-card removal. Fixes: ea7f8277 ("net, cls: allow for deleting all filters for given parent") Signed-off-by: N Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: N David S. Miller <davem@davemloft.net>

net, cls: also reject deleting all filters when TCA_KIND present
When we check for RTM_DELTFILTER, we should also reject the request for deleting all filters under a given parent when TCA_KIND attribute is present. If present, it's currently just ignored but there's also no point to let it pass in the first place either since this doesn't have any meaning with wild-card removal. Fixes: ea7f8277 ("net, cls: allow for deleting all filters for given parent") Signed-off-by: N Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: N David S. Miller <davem@davemloft.net>
9f6ed032 · Daniel Borkmann · David S. Miller · 5b706e5c · 9f6ed032
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

net/sched/cls_api.c net/sched/cls_api.c +1 -1

未找到文件。
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -169,7 +169,7 @@ static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n)
 	if (prio == 0) {
 		switch (n->nlmsg_type) {
 		case RTM_DELTFILTER:
-			if (protocol || t->tcm_handle)
+			if (protocol || t->tcm_handle || tca[TCA_KIND])
 				return -ENOENT;
 			break;
 		case RTM_NEWTFILTER: