nft: Increase rule parser strictness

Catch more unexpected conditions. Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2022-12-15 15:08:01 +0100
committer: Phil Sutter <phil@nwl.cc> 2022-12-20 21:49:38 +0100
commit: 9075c3aa983d96c4331cb28fab5f30afd52bbb21 (patch)
tree: 05160cf21b97dae51290a77922c087cb1b49e6f2 /iptables/nft-bridge.c
parent: f2c5e52863ea48838e9b9246ed94419053673b88 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index e223d197..83cbe315 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -287,6 +287,10 @@ static void nft_bridge_parse_payload(struct nft_xt_ctx *ctx,
 			fw->invflags |= EBT_IPROTO;
 		fw->bitmask &= ~EBT_NOPROTO;
 		break;
+	default:
+		DEBUGP("unknown payload offset %d\n", reg->payload.offset);
+		ctx->errmsg = "unknown payload offset";
+		break;
 	}
 }
author	Phil Sutter <phil@nwl.cc>	2022-12-15 15:08:01 +0100
committer	Phil Sutter <phil@nwl.cc>	2022-12-20 21:49:38 +0100
commit	9075c3aa983d96c4331cb28fab5f30afd52bbb21 (patch)
tree	05160cf21b97dae51290a77922c087cb1b49e6f2 /iptables/nft-bridge.c
parent	f2c5e52863ea48838e9b9246ed94419053673b88 (diff)