netfilter: nf_tables: reject unsupported chain flags

Bail out if userspace sends unsupported chain flags. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2020-07-04 02:51:28 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2020-07-04 02:51:28 +0200
commit: c1f79a2eefdcc0aef5d7a911c27a3f75f1936ecd (patch)
tree: b734a2cd2ed9ee3f00f7a7921ff49425b42e2a71 /include
parent: d0e2c7de92c7f2b3d355ad76b0bb9fc43d1beb87 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index e00b4ae6174e..42f351c1f5c5 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -189,6 +189,9 @@ enum nft_chain_flags {
 	NFT_CHAIN_HW_OFFLOAD	= (1 << 1),
 	NFT_CHAIN_BINDING	= (1 << 2),
 };
+#define NFT_CHAIN_FLAGS		(NFT_CHAIN_BASE		| \
+				 NFT_CHAIN_HW_OFFLOAD	| \
+				 NFT_CHAIN_BINDING)
 
 /**
  * enum nft_chain_attributes - nf_tables chain netlink attributes
author	Pablo Neira Ayuso <pablo@netfilter.org>	2020-07-04 02:51:28 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2020-07-04 02:51:28 +0200
commit	c1f79a2eefdcc0aef5d7a911c27a3f75f1936ecd (patch)
tree	b734a2cd2ed9ee3f00f7a7921ff49425b42e2a71 /include
parent	d0e2c7de92c7f2b3d355ad76b0bb9fc43d1beb87 (diff)