Skip to content

Commit

Permalink
netfilter: ctnetlink: use expect instead of master tuple in get opera…
Browse files Browse the repository at this point in the history 
…tion

Use the expect tuple (if possible) instead of the master tuple for
the get operation. If two or more expectations come from the same
master, the returned expectation may not be the one that user-space
is requesting.

This is how it works for the expect deletion operation.

Although I think that nobody has been seriously using this. We
accept both possibilities, using the expect tuple if possible.
I decided to do it like this to avoid breaking backward
compatibility.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Pablo Neira Ayuso committed Dec 18, 2011
1 parent b3e0bfa commit 35dba1d
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion net/netfilter/nf_conntrack_netlink.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1851,7 +1851,9 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
if (err < 0)
return err;

if (cda[CTA_EXPECT_MASTER])
if (cda[CTA_EXPECT_TUPLE])
err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE, u3);
else if (cda[CTA_EXPECT_MASTER])
err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_MASTER, u3);
else
return -EINVAL;
Expand Down

0 comments on commit 35dba1d

Please sign in to comment.