Commit bbb3357d authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by David S. Miller

[NETFILTER]: ctnetlink: check for status attribute existence on conntrack creation

Check that status flags are available in the netlink message received
to create a new conntrack.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 1b683b55
...@@ -945,9 +945,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[], ...@@ -945,9 +945,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
ct->timeout.expires = jiffies + ct->timeout.expires * HZ; ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
ct->status |= IPS_CONFIRMED; ct->status |= IPS_CONFIRMED;
err = ctnetlink_change_status(ct, cda); if (cda[CTA_STATUS-1]) {
if (err < 0) err = ctnetlink_change_status(ct, cda);
goto err; if (err < 0)
goto err;
}
if (cda[CTA_PROTOINFO-1]) { if (cda[CTA_PROTOINFO-1]) {
err = ctnetlink_change_protoinfo(ct, cda); err = ctnetlink_change_protoinfo(ct, cda);
......
...@@ -963,9 +963,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[], ...@@ -963,9 +963,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
ct->timeout.expires = jiffies + ct->timeout.expires * HZ; ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
ct->status |= IPS_CONFIRMED; ct->status |= IPS_CONFIRMED;
err = ctnetlink_change_status(ct, cda); if (cda[CTA_STATUS-1]) {
if (err < 0) err = ctnetlink_change_status(ct, cda);
goto err; if (err < 0)
goto err;
}
if (cda[CTA_PROTOINFO-1]) { if (cda[CTA_PROTOINFO-1]) {
err = ctnetlink_change_protoinfo(ct, cda); err = ctnetlink_change_protoinfo(ct, cda);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment