Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6

author: David S. Miller <davem@davemloft.net> 2010-02-19 15:45:20 -0500
committer: David S. Miller <davem@davemloft.net> 2010-02-19 15:45:20 -0500
commit: 927606a17e802fcf0c9ee82a74bc444b84726e67 (patch)
tree: b1aef00e333a9678448e11863da2572a7bb16db6 /net
parent: cf261b2392daa7b1a18b91707485e3648dda34d3 (diff)
parent: 64507fdbc29c3a622180378210ecea8659b14e40 (diff)
2 files changed, 12 insertions, 12 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 8b05f364b2f2..2b2af631d2b8 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1077,9 +1077,8 @@ ctnetlink_change_helper(struct nf_conn *ct, const struct nlattr * const cda[])
                /* need to zero data of old helper */
                memset(&help->help, 0, sizeof(help->help));
        } else {
-                help = nf_ct_helper_ext_add(ct, GFP_ATOMIC);
+                /* we cannot set a helper for an existing conntrack */
-                if (help == NULL)
+                return -EOPNOTSUPP;
-                        return -ENOMEM;
        }
        rcu_assign_pointer(help->helper, helper);
@@ -1263,7 +1262,6 @@ ctnetlink_create_conntrack(struct net *net, u16 zone,
        ct->timeout.expires = ntohl(nla_get_be32(cda[CTA_TIMEOUT]));
        ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
-        ct->status |= IPS_CONFIRMED;
        rcu_read_lock();
        if (cda[CTA_HELP]) {
@@ -1314,14 +1312,19 @@ ctnetlink_create_conntrack(struct net *net, u16 zone,
                        goto err2;
        }
-        if (cda[CTA_STATUS]) {
+        if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) {
-                err = ctnetlink_change_status(ct, cda);
+                err = ctnetlink_change_nat(ct, cda);
                if (err < 0)
                        goto err2;
        }
-        if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) {
+        nf_ct_acct_ext_add(ct, GFP_ATOMIC);
-                err = ctnetlink_change_nat(ct, cda);
+        nf_ct_ecache_ext_add(ct, 0, 0, GFP_ATOMIC);
+        /* we must add conntrack extensions before confirmation. */
+        ct->status |= IPS_CONFIRMED;
+        if (cda[CTA_STATUS]) {
+                err = ctnetlink_change_status(ct, cda);
                if (err < 0)
                        goto err2;
        }
@@ -1340,9 +1343,6 @@ ctnetlink_create_conntrack(struct net *net, u16 zone,
                        goto err2;
        }
-        nf_ct_acct_ext_add(ct, GFP_ATOMIC);
-        nf_ct_ecache_ext_add(ct, 0, 0, GFP_ATOMIC);
 #if defined(CONFIG_NF_CONNTRACK_MARK)
        if (cda[CTA_MARK])
                ct->mark = ntohl(nla_get_be32(cda[CTA_MARK]));
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index 3a6fd77f7761..ba095fd014e5 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -265,7 +265,6 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
                local_bh_disable();
                entry->okfn(skb);
                local_bh_enable();
-        case NF_STOLEN:
                break;
        case NF_QUEUE:
                if (!__nf_queue(skb, elem, entry->pf, entry->hook,
@@ -273,6 +272,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
                                verdict >> NF_VERDICT_BITS))
                        goto next_hook;
                break;
+        case NF_STOLEN:
        default:
                kfree_skb(skb);
        }
author	David S. Miller <davem@davemloft.net>	2010-02-19 15:45:20 -0500
committer	David S. Miller <davem@davemloft.net>	2010-02-19 15:45:20 -0500
commit	927606a17e802fcf0c9ee82a74bc444b84726e67 (patch)
tree	b1aef00e333a9678448e11863da2572a7bb16db6 /net
parent	cf261b2392daa7b1a18b91707485e3648dda34d3 (diff)
parent	64507fdbc29c3a622180378210ecea8659b14e40 (diff)