[NETFILTER]: ctnetlink: fix conntrack mark race

Set conntrack mark before it is in hashes. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2006-01-05 15:18:25 -0500
committer: David S. Miller <davem@davemloft.net> 2006-01-05 15:18:25 -0500
commit: d4d6bb41e09f07668ca2655da707eab936e8e8f0 (patch)
tree: a785fa9ade81b7591ff33c54a23fbcf234f296f5 /net/ipv4
parent: 0368309cb45bbba99f84a01d5fc6a18780788480 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 04137d0c164c..df04ad873cc2 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -1031,6 +1031,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
                        return err;
        }
+#if defined(CONFIG_IP_NF_CONNTRACK_MARK)
+        if (cda[CTA_MARK-1])
+                ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
+#endif
        ct->helper = ip_conntrack_helper_find_get(rtuple);
        add_timer(&ct->timeout);
@@ -1039,11 +1044,6 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
        if (ct->helper)
                ip_conntrack_helper_put(ct->helper);
-#if defined(CONFIG_IP_NF_CONNTRACK_MARK)
-        if (cda[CTA_MARK-1])
-                ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
-#endif
        DEBUGP("conntrack with id %u inserted\n", ct->id);
        return 0;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2006-01-05 15:18:25 -0500
committer	David S. Miller <davem@davemloft.net>	2006-01-05 15:18:25 -0500
commit	d4d6bb41e09f07668ca2655da707eab936e8e8f0 (patch)
tree	a785fa9ade81b7591ff33c54a23fbcf234f296f5 /net/ipv4
parent	0368309cb45bbba99f84a01d5fc6a18780788480 (diff)