netfilter: ctnetlink: use expect instead of master tuple in get operation
authorPablo Neira Ayuso <pablo@netfilter.org>
Wed, 14 Dec 2011 11:45:22 +0000 (12:45 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Sun, 18 Dec 2011 00:31:47 +0000 (01:31 +0100)
Use the expect tuple (if possible) instead of the master tuple for
the get operation. If two or more expectations come from the same
master, the returned expectation may not be the one that user-space
is requesting.

This is how it works for the expect deletion operation.

Although I think that nobody has been seriously using this. We
accept both possibilities, using the expect tuple if possible.
I decided to do it like this to avoid breaking backward
compatibility.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_conntrack_netlink.c

index a36e6553ddb323149ebcf7a5e61d6e6a840f61e8..77d209c235a0c9a9497ee8158741250659e632eb 100644 (file)
@@ -1851,7 +1851,9 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
        if (err < 0)
                return err;
 
-       if (cda[CTA_EXPECT_MASTER])
+       if (cda[CTA_EXPECT_TUPLE])
+               err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE, u3);
+       else if (cda[CTA_EXPECT_MASTER])
                err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_MASTER, u3);
        else
                return -EINVAL;