[NETFILTER]: ctnetlink: check for status attribute existence on conntrack creation
authorPablo Neira Ayuso <pablo@netfilter.org>
Wed, 29 Nov 2006 01:35:31 +0000 (02:35 +0100)
committerDavid S. Miller <davem@sunset.davemloft.net>
Sun, 3 Dec 2006 05:31:27 +0000 (21:31 -0800)
Check that status flags are available in the netlink message received
to create a new conntrack.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
net/ipv4/netfilter/ip_conntrack_netlink.c
net/netfilter/nf_conntrack_netlink.c

index 3d277aa869dd853aa618273a88e90e993eb1abb0..d5d2efddba574350caa7e30da079e85991aa7472 100644 (file)
@@ -945,9 +945,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
        ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
        ct->status |= IPS_CONFIRMED;
 
-       err = ctnetlink_change_status(ct, cda);
-       if (err < 0)
-               goto err;
+       if (cda[CTA_STATUS-1]) {
+               err = ctnetlink_change_status(ct, cda);
+               if (err < 0)
+                       goto err;
+       }
 
        if (cda[CTA_PROTOINFO-1]) {
                err = ctnetlink_change_protoinfo(ct, cda);
index 7357b8f47acd31dcf69527560c378922c2d424fe..ba77183be2f3ae3be7acc610065c614c15434dab 100644 (file)
@@ -963,9 +963,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
        ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
        ct->status |= IPS_CONFIRMED;
 
-       err = ctnetlink_change_status(ct, cda);
-       if (err < 0)
-               goto err;
+       if (cda[CTA_STATUS-1]) {
+               err = ctnetlink_change_status(ct, cda);
+               if (err < 0)
+                       goto err;
+       }
 
        if (cda[CTA_PROTOINFO-1]) {
                err = ctnetlink_change_protoinfo(ct, cda);