diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2006-11-28 20:35:31 -0500 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-12-03 00:31:27 -0500 |
commit | bbb3357d14f6becd156469220992ef7ab0f10e69 (patch) | |
tree | f24b5b6491c76d3b384bc09307d6b841fbc0370c /net | |
parent | 1b683b551209ca46ae59b29572018001db5af078 (diff) |
[NETFILTER]: ctnetlink: check for status attribute existence on conntrack creation
Check that status flags are available in the netlink message received
to create a new conntrack.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_netlink.c | 8 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 8 |
2 files changed, 10 insertions, 6 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c index 3d277aa869dd..d5d2efddba57 100644 --- a/net/ipv4/netfilter/ip_conntrack_netlink.c +++ b/net/ipv4/netfilter/ip_conntrack_netlink.c | |||
@@ -945,9 +945,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[], | |||
945 | ct->timeout.expires = jiffies + ct->timeout.expires * HZ; | 945 | ct->timeout.expires = jiffies + ct->timeout.expires * HZ; |
946 | ct->status |= IPS_CONFIRMED; | 946 | ct->status |= IPS_CONFIRMED; |
947 | 947 | ||
948 | err = ctnetlink_change_status(ct, cda); | 948 | if (cda[CTA_STATUS-1]) { |
949 | if (err < 0) | 949 | err = ctnetlink_change_status(ct, cda); |
950 | goto err; | 950 | if (err < 0) |
951 | goto err; | ||
952 | } | ||
951 | 953 | ||
952 | if (cda[CTA_PROTOINFO-1]) { | 954 | if (cda[CTA_PROTOINFO-1]) { |
953 | err = ctnetlink_change_protoinfo(ct, cda); | 955 | err = ctnetlink_change_protoinfo(ct, cda); |
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 7357b8f47acd..ba77183be2f3 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
@@ -963,9 +963,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[], | |||
963 | ct->timeout.expires = jiffies + ct->timeout.expires * HZ; | 963 | ct->timeout.expires = jiffies + ct->timeout.expires * HZ; |
964 | ct->status |= IPS_CONFIRMED; | 964 | ct->status |= IPS_CONFIRMED; |
965 | 965 | ||
966 | err = ctnetlink_change_status(ct, cda); | 966 | if (cda[CTA_STATUS-1]) { |
967 | if (err < 0) | 967 | err = ctnetlink_change_status(ct, cda); |
968 | goto err; | 968 | if (err < 0) |
969 | goto err; | ||
970 | } | ||
969 | 971 | ||
970 | if (cda[CTA_PROTOINFO-1]) { | 972 | if (cda[CTA_PROTOINFO-1]) { |
971 | err = ctnetlink_change_protoinfo(ct, cda); | 973 | err = ctnetlink_change_protoinfo(ct, cda); |