netfilter: bitwise: only offload boolean operations.

Only boolean operations supports offloading, so check the type of the
operation and return an error for other types.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
index 41265134cf0b3f1e538a7fa35a19152f58425829..b4619d9989ead0c7132c6b006897b42d1a5653de 100644 (file)
--- a/net/netfilter/nft_bitwise.c
+++ b/net/netfilter/nft_bitwise.c
@@ -189,6 +189,9 @@ static int nft_bitwise_offload(struct nft_offload_ctx *ctx,
        const struct nft_bitwise *priv = nft_expr_priv(expr);
        struct nft_offload_reg *reg = &ctx->regs[priv->dreg];
 
+       if (priv->op != NFT_BITWISE_BOOL)
+               return -EOPNOTSUPP;
+
        if (memcmp(&priv->xor, &zero, sizeof(priv->xor)) ||
            priv->sreg != priv->dreg || priv->len != reg->len)
                return -EOPNOTSUPP;