[NETFILTER]: ctnetlink: check for status attribute existence on conntrack creation

Check that status flags are available in the netlink message received to create a new conntrack. Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: N Patrick McHardy <kaber@trash.net>

[NETFILTER]: ctnetlink: check for status attribute existence on conntrack creation
Check that status flags are available in the netlink message received to create a new conntrack. Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: N Patrick McHardy <kaber@trash.net>
bbb3357d · Pablo Neira Ayuso · David S. Miller · 1b683b55 · bbb3357d · bbb3357d
隐藏空白更改
内联并排

Showing with 10 addition and 6 deletion

net/ipv4/netfilter/ip_conntrack_netlink.c net/ipv4/netfilter/ip_conntrack_netlink.c +5 -3

net/netfilter/nf_conntrack_netlink.c net/netfilter/nf_conntrack_netlink.c +5 -3

未找到文件。
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -945,9 +945,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
 	ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
 	ct->status |= IPS_CONFIRMED;

-	err = ctnetlink_change_status(ct, cda);
-	if (err < 0)
-		goto err;
+	if (cda[CTA_STATUS-1]) {
+		err = ctnetlink_change_status(ct, cda);
+		if (err < 0)
+			goto err;
+	}

 	if (cda[CTA_PROTOINFO-1]) {
 		err = ctnetlink_change_protoinfo(ct, cda);

--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -963,9 +963,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
 	ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
 	ct->status |= IPS_CONFIRMED;

-	err = ctnetlink_change_status(ct, cda);
-	if (err < 0)
-		goto err;
+	if (cda[CTA_STATUS-1]) {
+		err = ctnetlink_change_status(ct, cda);
+		if (err < 0)
+			goto err;
+	}

 	if (cda[CTA_PROTOINFO-1]) {
 		err = ctnetlink_change_protoinfo(ct, cda);