aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/netfilter/nf_conntrack_netlink.c57
1 files changed, 23 insertions, 34 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 735ea9c1a96..d1fe9d15ac5 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1146,7 +1146,7 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
1146 return ERR_PTR(-ENOMEM); 1146 return ERR_PTR(-ENOMEM);
1147 1147
1148 if (!cda[CTA_TIMEOUT]) 1148 if (!cda[CTA_TIMEOUT])
1149 goto err; 1149 goto err1;
1150 ct->timeout.expires = ntohl(nla_get_be32(cda[CTA_TIMEOUT])); 1150 ct->timeout.expires = ntohl(nla_get_be32(cda[CTA_TIMEOUT]));
1151 1151
1152 ct->timeout.expires = jiffies + ct->timeout.expires * HZ; 1152 ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
@@ -1157,10 +1157,8 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
1157 char *helpname; 1157 char *helpname;
1158 1158
1159 err = ctnetlink_parse_help(cda[CTA_HELP], &helpname); 1159 err = ctnetlink_parse_help(cda[CTA_HELP], &helpname);
1160 if (err < 0) { 1160 if (err < 0)
1161 rcu_read_unlock(); 1161 goto err2;
1162 goto err;
1163 }
1164 1162
1165 helper = __nf_conntrack_helper_find_byname(helpname); 1163 helper = __nf_conntrack_helper_find_byname(helpname);
1166 if (helper == NULL) { 1164 if (helper == NULL) {
@@ -1168,28 +1166,26 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
1168#ifdef CONFIG_MODULES 1166#ifdef CONFIG_MODULES
1169 if (request_module("nfct-helper-%s", helpname) < 0) { 1167 if (request_module("nfct-helper-%s", helpname) < 0) {
1170 err = -EOPNOTSUPP; 1168 err = -EOPNOTSUPP;
1171 goto err; 1169 goto err1;
1172 } 1170 }
1173 1171
1174 rcu_read_lock(); 1172 rcu_read_lock();
1175 helper = __nf_conntrack_helper_find_byname(helpname); 1173 helper = __nf_conntrack_helper_find_byname(helpname);
1176 if (helper) { 1174 if (helper) {
1177 rcu_read_unlock();
1178 err = -EAGAIN; 1175 err = -EAGAIN;
1179 goto err; 1176 goto err2;
1180 } 1177 }
1181 rcu_read_unlock(); 1178 rcu_read_unlock();
1182#endif 1179#endif
1183 err = -EOPNOTSUPP; 1180 err = -EOPNOTSUPP;
1184 goto err; 1181 goto err1;
1185 } else { 1182 } else {
1186 struct nf_conn_help *help; 1183 struct nf_conn_help *help;
1187 1184
1188 help = nf_ct_helper_ext_add(ct, GFP_ATOMIC); 1185 help = nf_ct_helper_ext_add(ct, GFP_ATOMIC);
1189 if (help == NULL) { 1186 if (help == NULL) {
1190 rcu_read_unlock();
1191 err = -ENOMEM; 1187 err = -ENOMEM;
1192 goto err; 1188 goto err2;
1193 } 1189 }
1194 1190
1195 /* not in hash table yet so not strictly necessary */ 1191 /* not in hash table yet so not strictly necessary */
@@ -1198,44 +1194,34 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
1198 } else { 1194 } else {
1199 /* try an implicit helper assignation */ 1195 /* try an implicit helper assignation */
1200 err = __nf_ct_try_assign_helper(ct, GFP_ATOMIC); 1196 err = __nf_ct_try_assign_helper(ct, GFP_ATOMIC);
1201 if (err < 0) { 1197 if (err < 0)
1202 rcu_read_unlock(); 1198 goto err2;
1203 goto err;
1204 }
1205 } 1199 }
1206 1200
1207 if (cda[CTA_STATUS]) { 1201 if (cda[CTA_STATUS]) {
1208 err = ctnetlink_change_status(ct, cda); 1202 err = ctnetlink_change_status(ct, cda);
1209 if (err < 0) { 1203 if (err < 0)
1210 rcu_read_unlock(); 1204 goto err2;
1211 goto err;
1212 }
1213 } 1205 }
1214 1206
1215 if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) { 1207 if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) {
1216 err = ctnetlink_change_nat(ct, cda); 1208 err = ctnetlink_change_nat(ct, cda);
1217 if (err < 0) { 1209 if (err < 0)
1218 rcu_read_unlock(); 1210 goto err2;
1219 goto err;
1220 }
1221 } 1211 }
1222 1212
1223#ifdef CONFIG_NF_NAT_NEEDED 1213#ifdef CONFIG_NF_NAT_NEEDED
1224 if (cda[CTA_NAT_SEQ_ADJ_ORIG] || cda[CTA_NAT_SEQ_ADJ_REPLY]) { 1214 if (cda[CTA_NAT_SEQ_ADJ_ORIG] || cda[CTA_NAT_SEQ_ADJ_REPLY]) {
1225 err = ctnetlink_change_nat_seq_adj(ct, cda); 1215 err = ctnetlink_change_nat_seq_adj(ct, cda);
1226 if (err < 0) { 1216 if (err < 0)
1227 rcu_read_unlock(); 1217 goto err2;
1228 goto err;
1229 }
1230 } 1218 }
1231#endif 1219#endif
1232 1220
1233 if (cda[CTA_PROTOINFO]) { 1221 if (cda[CTA_PROTOINFO]) {
1234 err = ctnetlink_change_protoinfo(ct, cda); 1222 err = ctnetlink_change_protoinfo(ct, cda);
1235 if (err < 0) { 1223 if (err < 0)
1236 rcu_read_unlock(); 1224 goto err2;
1237 goto err;
1238 }
1239 } 1225 }
1240 1226
1241 nf_ct_acct_ext_add(ct, GFP_ATOMIC); 1227 nf_ct_acct_ext_add(ct, GFP_ATOMIC);
@@ -1253,12 +1239,12 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
1253 1239
1254 err = ctnetlink_parse_tuple(cda, &master, CTA_TUPLE_MASTER, u3); 1240 err = ctnetlink_parse_tuple(cda, &master, CTA_TUPLE_MASTER, u3);
1255 if (err < 0) 1241 if (err < 0)
1256 goto err; 1242 goto err2;
1257 1243
1258 master_h = __nf_conntrack_find(&init_net, &master); 1244 master_h = __nf_conntrack_find(&init_net, &master);
1259 if (master_h == NULL) { 1245 if (master_h == NULL) {
1260 err = -ENOENT; 1246 err = -ENOENT;
1261 goto err; 1247 goto err2;
1262 } 1248 }
1263 master_ct = nf_ct_tuplehash_to_ctrack(master_h); 1249 master_ct = nf_ct_tuplehash_to_ctrack(master_h);
1264 nf_conntrack_get(&master_ct->ct_general); 1250 nf_conntrack_get(&master_ct->ct_general);
@@ -1271,7 +1257,10 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
1271 rcu_read_unlock(); 1257 rcu_read_unlock();
1272 1258
1273 return ct; 1259 return ct;
1274err: 1260
1261err2:
1262 rcu_read_unlock();
1263err1:
1275 nf_conntrack_free(ct); 1264 nf_conntrack_free(ct);
1276 return ERR_PTR(err); 1265 return ERR_PTR(err);
1277} 1266}