netfilter: ctnetlink: allow changing NAT sequence adjustment in creation

This patch fixes an inconsistency in the current ctnetlink code since NAT sequence adjustment bit can only be updated but not set in the conntrack entry creation. This patch is used by conntrackd to successfully recover newly created entries that represent connections with helpers and NAT payload mangling. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2009-02-09 17:33:57 -0500
committer: David S. Miller <davem@davemloft.net> 2009-02-09 17:33:57 -0500
commit: c969aa7d2cd5621ad4129dae6b6551af422944c6 (patch)
tree: c100f3e21e1a2f073dfabe03e941669d4c5c449a /net
parent: 3f9007135c1dc896db9a9e35920aafc65b157230 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index c32a7e8e3a1b..9051bb4f81da 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1215,6 +1215,16 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
                }
        }
+#ifdef CONFIG_NF_NAT_NEEDED
+        if (cda[CTA_NAT_SEQ_ADJ_ORIG] || cda[CTA_NAT_SEQ_ADJ_REPLY]) {
+                err = ctnetlink_change_nat_seq_adj(ct, cda);
+                if (err < 0) {
+                        rcu_read_unlock();
+                        goto err;
+                }
+        }
+#endif
        if (cda[CTA_PROTOINFO]) {
                err = ctnetlink_change_protoinfo(ct, cda);
                if (err < 0) {
author	Pablo Neira Ayuso <pablo@netfilter.org>	2009-02-09 17:33:57 -0500
committer	David S. Miller <davem@davemloft.net>	2009-02-09 17:33:57 -0500
commit	c969aa7d2cd5621ad4129dae6b6551af422944c6 (patch)
tree	c100f3e21e1a2f073dfabe03e941669d4c5c449a /net
parent	3f9007135c1dc896db9a9e35920aafc65b157230 (diff)

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index c32a7e8e3a1b..9051bb4f81da 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1215,6 +1215,16 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
1215	}	1215	}
1216	}	1216	}
1217		1217
		1218	#ifdef CONFIG_NF_NAT_NEEDED
		1219	if (cda[CTA_NAT_SEQ_ADJ_ORIG] \|\| cda[CTA_NAT_SEQ_ADJ_REPLY]) {
		1220	err = ctnetlink_change_nat_seq_adj(ct, cda);
		1221	if (err < 0) {
		1222	rcu_read_unlock();
		1223	goto err;
		1224	}
		1225	}
		1226	#endif
		1227
1218	if (cda[CTA_PROTOINFO]) {	1228	if (cda[CTA_PROTOINFO]) {
1219	err = ctnetlink_change_protoinfo(ct, cda);	1229	err = ctnetlink_change_protoinfo(ct, cda);
1220	if (err < 0) {	1230	if (err < 0) {