netfilter: ctnetlink: use expect instead of master tuple in get operation

Use the expect tuple (if possible) instead of the master tuple for the get operation. If two or more expectations come from the same master, the returned expectation may not be the one that user-space is requesting. This is how it works for the expect deletion operation. Although I think that nobody has been seriously using this. We accept both possibilities, using the expect tuple if possible. I decided to do it like this to avoid breaking backward compatibility. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2011-12-14 06:45:22 -0500
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2011-12-17 19:31:47 -0500
commit: 35dba1d7f3ae669128a42c969d599ab8c604d61d (patch)
tree: f6274fda0bb5e8dd592f4a61cf67db1794589156
parent: b3e0bfa71b1db9d7a9fbea6965867784fd00ca3c (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index a36e6553ddb3..77d209c235a0 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1851,7 +1851,9 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
        if (err < 0)
                return err;
-        if (cda[CTA_EXPECT_MASTER])
+        if (cda[CTA_EXPECT_TUPLE])
+                err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE, u3);
+        else if (cda[CTA_EXPECT_MASTER])
                err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_MASTER, u3);
        else
                return -EINVAL;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2011-12-14 06:45:22 -0500
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2011-12-17 19:31:47 -0500
commit	35dba1d7f3ae669128a42c969d599ab8c604d61d (patch)
tree	f6274fda0bb5e8dd592f4a61cf67db1794589156
parent	b3e0bfa71b1db9d7a9fbea6965867784fd00ca3c (diff)