提交 d4d6bb41 编写于 作者: P Pablo Neira Ayuso 提交者: David S. Miller

[NETFILTER]: ctnetlink: fix conntrack mark race

Set conntrack mark before it is in hashes.
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 0368309c
...@@ -1031,6 +1031,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[], ...@@ -1031,6 +1031,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
return err; return err;
} }
#if defined(CONFIG_IP_NF_CONNTRACK_MARK)
if (cda[CTA_MARK-1])
ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
#endif
ct->helper = ip_conntrack_helper_find_get(rtuple); ct->helper = ip_conntrack_helper_find_get(rtuple);
add_timer(&ct->timeout); add_timer(&ct->timeout);
...@@ -1039,11 +1044,6 @@ ctnetlink_create_conntrack(struct nfattr *cda[], ...@@ -1039,11 +1044,6 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
if (ct->helper) if (ct->helper)
ip_conntrack_helper_put(ct->helper); ip_conntrack_helper_put(ct->helper);
#if defined(CONFIG_IP_NF_CONNTRACK_MARK)
if (cda[CTA_MARK-1])
ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
#endif
DEBUGP("conntrack with id %u inserted\n", ct->id); DEBUGP("conntrack with id %u inserted\n", ct->id);
return 0; return 0;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册