netfilter: nft_set_hash: skip fixed hash if timeout is specified

Fixed hash supports to timeouts, so skip it. Otherwise, userspace hits
EOPNOTSUPP.

Fixes: 6c03ae210ce3 ("netfilter: nft_set_hash: add non-resizable hashtable implementation")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c
index 3f1624ee056f96570254cf5d8737f38b82a87593..d40591fe1b2f64c3531b35abcadd8dbfc6d67c8a 100644 (file)
--- a/net/netfilter/nft_set_hash.c
+++ b/net/netfilter/nft_set_hash.c
@@ -674,7 +674,7 @@ static const struct nft_set_ops *
 nft_hash_select_ops(const struct nft_ctx *ctx, const struct nft_set_desc *desc,
                    u32 flags)
 {
-       if (desc->size) {
+       if (desc->size && !(flags & NFT_SET_TIMEOUT)) {
                switch (desc->klen) {
                case 4:
                        return &nft_hash_fast_ops;