summaryrefslogtreecommitdiffstats
path: root/net/netfilter/nft_socket.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/netfilter/nft_socket.c')
-rw-r--r--net/netfilter/nft_socket.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/net/netfilter/nft_socket.c b/net/netfilter/nft_socket.c
index 74e1b3bd6954..998c2b546f6d 100644
--- a/net/netfilter/nft_socket.c
+++ b/net/netfilter/nft_socket.c
@@ -23,6 +23,9 @@ static void nft_socket_eval(const struct nft_expr *expr,
struct sock *sk = skb->sk;
u32 *dest = &regs->data[priv->dreg];
+ if (sk && !net_eq(nft_net(pkt), sock_net(sk)))
+ sk = NULL;
+
if (!sk)
switch(nft_pf(pkt)) {
case NFPROTO_IPV4:
@@ -39,7 +42,7 @@ static void nft_socket_eval(const struct nft_expr *expr,
return;
}
- if(!sk) {
+ if (!sk) {
nft_reg_store8(dest, 0);
return;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-03 04:49:51 +0000