diff options
| -rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 8b05f364b2f..2b2af631d2b 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
| @@ -1077,9 +1077,8 @@ ctnetlink_change_helper(struct nf_conn *ct, const struct nlattr * const cda[]) | |||
| 1077 | /* need to zero data of old helper */ | 1077 | /* need to zero data of old helper */ |
| 1078 | memset(&help->help, 0, sizeof(help->help)); | 1078 | memset(&help->help, 0, sizeof(help->help)); |
| 1079 | } else { | 1079 | } else { |
| 1080 | help = nf_ct_helper_ext_add(ct, GFP_ATOMIC); | 1080 | /* we cannot set a helper for an existing conntrack */ |
| 1081 | if (help == NULL) | 1081 | return -EOPNOTSUPP; |
| 1082 | return -ENOMEM; | ||
| 1083 | } | 1082 | } |
| 1084 | 1083 | ||
| 1085 | rcu_assign_pointer(help->helper, helper); | 1084 | rcu_assign_pointer(help->helper, helper); |
| @@ -1263,7 +1262,6 @@ ctnetlink_create_conntrack(struct net *net, u16 zone, | |||
| 1263 | ct->timeout.expires = ntohl(nla_get_be32(cda[CTA_TIMEOUT])); | 1262 | ct->timeout.expires = ntohl(nla_get_be32(cda[CTA_TIMEOUT])); |
| 1264 | 1263 | ||
| 1265 | ct->timeout.expires = jiffies + ct->timeout.expires * HZ; | 1264 | ct->timeout.expires = jiffies + ct->timeout.expires * HZ; |
| 1266 | ct->status |= IPS_CONFIRMED; | ||
| 1267 | 1265 | ||
| 1268 | rcu_read_lock(); | 1266 | rcu_read_lock(); |
| 1269 | if (cda[CTA_HELP]) { | 1267 | if (cda[CTA_HELP]) { |
| @@ -1314,14 +1312,19 @@ ctnetlink_create_conntrack(struct net *net, u16 zone, | |||
| 1314 | goto err2; | 1312 | goto err2; |
| 1315 | } | 1313 | } |
| 1316 | 1314 | ||
| 1317 | if (cda[CTA_STATUS]) { | 1315 | if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) { |
| 1318 | err = ctnetlink_change_status(ct, cda); | 1316 | err = ctnetlink_change_nat(ct, cda); |
| 1319 | if (err < 0) | 1317 | if (err < 0) |
| 1320 | goto err2; | 1318 | goto err2; |
| 1321 | } | 1319 | } |
| 1322 | 1320 | ||
| 1323 | if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) { | 1321 | nf_ct_acct_ext_add(ct, GFP_ATOMIC); |
| 1324 | err = ctnetlink_change_nat(ct, cda); | 1322 | nf_ct_ecache_ext_add(ct, 0, 0, GFP_ATOMIC); |
| 1323 | /* we must add conntrack extensions before confirmation. */ | ||
| 1324 | ct->status |= IPS_CONFIRMED; | ||
| 1325 | |||
| 1326 | if (cda[CTA_STATUS]) { | ||
| 1327 | err = ctnetlink_change_status(ct, cda); | ||
| 1325 | if (err < 0) | 1328 | if (err < 0) |
| 1326 | goto err2; | 1329 | goto err2; |
| 1327 | } | 1330 | } |
| @@ -1340,9 +1343,6 @@ ctnetlink_create_conntrack(struct net *net, u16 zone, | |||
| 1340 | goto err2; | 1343 | goto err2; |
| 1341 | } | 1344 | } |
| 1342 | 1345 | ||
| 1343 | nf_ct_acct_ext_add(ct, GFP_ATOMIC); | ||
| 1344 | nf_ct_ecache_ext_add(ct, 0, 0, GFP_ATOMIC); | ||
| 1345 | |||
| 1346 | #if defined(CONFIG_NF_CONNTRACK_MARK) | 1346 | #if defined(CONFIG_NF_CONNTRACK_MARK) |
| 1347 | if (cda[CTA_MARK]) | 1347 | if (cda[CTA_MARK]) |
| 1348 | ct->mark = ntohl(nla_get_be32(cda[CTA_MARK])); | 1348 | ct->mark = ntohl(nla_get_be32(cda[CTA_MARK])); |