[NETFILTER]: ctnetlink: check for status attribute existence on conntrack creation
Check that status flags are available in the netlink message received to create a new conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
parent
1b683b5512
commit
bbb3357d14
@ -945,9 +945,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
|
||||
ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
|
||||
ct->status |= IPS_CONFIRMED;
|
||||
|
||||
err = ctnetlink_change_status(ct, cda);
|
||||
if (err < 0)
|
||||
goto err;
|
||||
if (cda[CTA_STATUS-1]) {
|
||||
err = ctnetlink_change_status(ct, cda);
|
||||
if (err < 0)
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (cda[CTA_PROTOINFO-1]) {
|
||||
err = ctnetlink_change_protoinfo(ct, cda);
|
||||
|
@ -963,9 +963,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
|
||||
ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
|
||||
ct->status |= IPS_CONFIRMED;
|
||||
|
||||
err = ctnetlink_change_status(ct, cda);
|
||||
if (err < 0)
|
||||
goto err;
|
||||
if (cda[CTA_STATUS-1]) {
|
||||
err = ctnetlink_change_status(ct, cda);
|
||||
if (err < 0)
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (cda[CTA_PROTOINFO-1]) {
|
||||
err = ctnetlink_change_protoinfo(ct, cda);
|
||||
|
Loading…
Reference in New Issue
Block a user