From be2514fcfff82e143064113989179ccf26874118 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 9 Nov 2005 13:03:42 -0800
Subject: [PATCH] --- yaml --- r: 13650 b: refs/heads/master c:
 a856a19a9f3ee14fc0d555470f3af138aeb0245c h: refs/heads/master v: v3

---
 [refs]                                          | 2 +-
 trunk/net/ipv4/netfilter/ip_conntrack_netlink.c | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/[refs] b/[refs]
index 2f7f7a259e9a..6a6ab119ddf9 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: fcda46128d5cb50075339b79ce585ab767337e9e
+refs/heads/master: a856a19a9f3ee14fc0d555470f3af138aeb0245c
diff --git a/trunk/net/ipv4/netfilter/ip_conntrack_netlink.c b/trunk/net/ipv4/netfilter/ip_conntrack_netlink.c
index 7fe745659642..5c1c0a3d1c4b 100644
--- a/trunk/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/trunk/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -1293,6 +1293,14 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
 	if (!exp)
 		return -ENOENT;
 
+	if (cda[CTA_EXPECT_ID-1]) {
+		u_int32_t id = *(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_ID-1]);
+		if (exp->id != ntohl(id)) {
+			ip_conntrack_expect_put(exp);
+			return -ENOENT;
+		}
+	}	
+
 	err = -ENOMEM;
 	skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
 	if (!skb2)