angler-fishThe Vulnerability History Project

netfilter: nftables: netlink support for several set element expressions

      This patch adds three new netlink attributes to encapsulate a list of
expressions per set elements:

- NFTA_SET_EXPRESSIONS: this attribute provides the set definition in
  terms of expressions. New set elements get attached the list of
  expressions that is specified by this new netlink attribute.
- NFTA_SET_ELEM_EXPRESSIONS: this attribute allows users to restore (or
  initialize) the stateful information of set elements when adding an
  element to the set.
- NFTA_DYNSET_EXPRESSIONS: this attribute specifies the list of
  expressions that the set element gets when it is inserted from the
  packet path.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
by Laverne the Sea Squirt 2020-12-07 16:37:14 UTC
commit 48b0ae046ee96eac999839f6d26c624b8c93ed66
Linux Kernel VCC Initialize First CVE-2021-46283
include/uapi/linux/netfilter/nf_tables.h
+6
net/netfilter/nf_tables_api.c
+90 -3
net/netfilter/nft_dynset.c
+53 -3
expand_less