Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

[karo-tx-linux.git] / net / netfilter / ipvs / ip_vs_ctl.c

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 668d9643f0cc7a9e410a73f961ec1730fc57033d..1fa3c2307b6ea0173bbcf13c3d0b5cca8c68cba9 100644 (file)
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -3078,6 +3078,17 @@ nla_put_failure:
        return skb->len;
 }
 
+static bool ip_vs_is_af_valid(int af)
+{
+       if (af == AF_INET)
+               return true;
+#ifdef CONFIG_IP_VS_IPV6
+       if (af == AF_INET6 && ipv6_mod_enabled())
+               return true;
+#endif
+       return false;
+}
+
 static int ip_vs_genl_parse_service(struct netns_ipvs *ipvs,
                                    struct ip_vs_service_user_kern *usvc,
                                    struct nlattr *nla, int full_entry,
@@ -3105,11 +3116,7 @@ static int ip_vs_genl_parse_service(struct netns_ipvs *ipvs,
        memset(usvc, 0, sizeof(*usvc));
 
        usvc->af = nla_get_u16(nla_af);
-#ifdef CONFIG_IP_VS_IPV6
-       if (usvc->af != AF_INET && usvc->af != AF_INET6)
-#else
-       if (usvc->af != AF_INET)
-#endif
+       if (!ip_vs_is_af_valid(usvc->af))
                return -EAFNOSUPPORT;
 
        if (nla_fwmark) {
@@ -3612,6 +3619,11 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
                if (udest.af == 0)
                        udest.af = svc->af;
 
+               if (!ip_vs_is_af_valid(udest.af)) {
+                       ret = -EAFNOSUPPORT;
+                       goto out;
+               }
+
                if (udest.af != svc->af && cmd != IPVS_CMD_DEL_DEST) {
                        /* The synchronization protocol is incompatible
                         * with mixed family services