lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[NETFILTER]: ctnetlink: check for status attribute existence on conntrack creation

Browse Source 
Check that status flags are available in the netlink message received
to create a new conntrack.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
Pablo Neira Ayuso
2006-11-29 02:35:31 +01:00
committed by David S. Miller
parent 1b683b5512
commit bbb3357d14
2 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
net/ipv4/netfilter/ip_conntrack_netlink.c
View File

@@ -945,9 +945,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
ct->timeout.expires = jiffies + ct->timeout.expires * HZ; ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
ct->status |= IPS_CONFIRMED; ct->status |= IPS_CONFIRMED;
err = ctnetlink_change_status(ct, cda); if (cda[CTA_STATUS-1]) {
if (err < 0) err = ctnetlink_change_status(ct, cda);
goto err; if (err < 0)
goto err;
}
if (cda[CTA_PROTOINFO-1]) { if (cda[CTA_PROTOINFO-1]) {
err = ctnetlink_change_protoinfo(ct, cda); err = ctnetlink_change_protoinfo(ct, cda);

8
net/netfilter/nf_conntrack_netlink.c
View File

@@ -963,9 +963,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
ct->timeout.expires = jiffies + ct->timeout.expires * HZ; ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
ct->status |= IPS_CONFIRMED; ct->status |= IPS_CONFIRMED;
err = ctnetlink_change_status(ct, cda); if (cda[CTA_STATUS-1]) {
if (err < 0) err = ctnetlink_change_status(ct, cda);
goto err; if (err < 0)
goto err;
}
if (cda[CTA_PROTOINFO-1]) { if (cda[CTA_PROTOINFO-1]) {
err = ctnetlink_change_protoinfo(ct, cda); err = ctnetlink_change_protoinfo(ct, cda);