netfilter: ctnetlink: honor IPS_OFFLOAD flag

[ Upstream commit b067fa00 ] If this flag is set, timeout and state are irrelevant to userspace. Fixes: 90964016 ("netfilter: nf_conntrack: add IPS_OFFLOAD status bit") Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: N Sasha Levin <sashal@kernel.org> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

netfilter: ctnetlink: honor IPS_OFFLOAD flag
[ Upstream commit b067fa00 ] If this flag is set, timeout and state are irrelevant to userspace. Fixes: 90964016 ("netfilter: nf_conntrack: add IPS_OFFLOAD status bit") Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: N Sasha Levin <sashal@kernel.org> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
0c767f22 · Pablo Neira Ayuso · Yang Yingliang · 9d4ec731 · 0c767f22
隐藏空白更改
内联并排

Showing with 5 addition and 2 deletion

net/netfilter/nf_conntrack_netlink.c net/netfilter/nf_conntrack_netlink.c +5 -2

未找到文件。
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -555,10 +555,8 @@ ctnetlink_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
 		goto nla_put_failure;
 	if (ctnetlink_dump_status(skb, ct) < 0 ||
-	    ctnetlink_dump_timeout(skb, ct) < 0 ||
 	    ctnetlink_dump_acct(skb, ct, type) < 0 ||
 	    ctnetlink_dump_timestamp(skb, ct) < 0 ||
-	    ctnetlink_dump_protoinfo(skb, ct) < 0 ||
 	    ctnetlink_dump_helpinfo(skb, ct) < 0 ||
 	    ctnetlink_dump_mark(skb, ct) < 0 ||
 	    ctnetlink_dump_secctx(skb, ct) < 0 ||
@@ -570,6 +568,11 @@ ctnetlink_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
 	    ctnetlink_dump_ct_synproxy(skb, ct) < 0)
 		goto nla_put_failure;
+	if (!test_bit(IPS_OFFLOAD_BIT, &ct->status) &&
+	    (ctnetlink_dump_timeout(skb, ct) < 0 ||
+	     ctnetlink_dump_protoinfo(skb, ct) < 0))
+		goto nla_put_failure;
 	nlmsg_end(skb, nlh);
 	return skb->len;