[NETFILTER]: ctnetlink: fix conntrack mark race
authorPablo Neira Ayuso <pablo@netfilter.org>
Thu, 5 Jan 2006 20:18:25 +0000 (12:18 -0800)
committerDavid S. Miller <davem@davemloft.net>
Thu, 5 Jan 2006 20:18:25 +0000 (12:18 -0800)
Set conntrack mark before it is in hashes.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/netfilter/ip_conntrack_netlink.c

index 04137d0c164cb8add91ab4f85bdfe872dbcf4f0f..df04ad873cc2c261fee5a3681874c9d1efac335b 100644 (file)
@@ -1031,6 +1031,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
                        return err;
        }
 
+#if defined(CONFIG_IP_NF_CONNTRACK_MARK)
+       if (cda[CTA_MARK-1])
+               ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
+#endif
+
        ct->helper = ip_conntrack_helper_find_get(rtuple);
 
        add_timer(&ct->timeout);
@@ -1039,11 +1044,6 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
        if (ct->helper)
                ip_conntrack_helper_put(ct->helper);
 
-#if defined(CONFIG_IP_NF_CONNTRACK_MARK)
-       if (cda[CTA_MARK-1])
-               ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
-#endif
-
        DEBUGP("conntrack with id %u inserted\n", ct->id);
        return 0;