projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d1a6cba)
netfilter: nf_nat: handle NF_DROP from nfnetlink_parse_nat_setup()
authorPablo Neira Ayuso <pablo@netfilter.org>
Fri, 9 Sep 2016 13:38:12 +0000 (15:38 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 12 Sep 2016 18:32:57 +0000 (20:32 +0200)
nf_nat_setup_info() returns NF_* verdicts, so convert them to error
codes that is what ctnelink expects. This has passed overlook without
having any impact since this nf_nat_setup_info() has always returned
NF_ACCEPT so far. Since 870190a9ec90 ("netfilter: nat: convert nat bysrc
hash to rhashtable"), this is problem.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_nat_core.c patch | blob | blame | history

diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index de31818417b88a6ebf04ee623d8f34c50bdc0f50..19c081e1b3285ca751b0f9554c86c719f0b6fb02 100644 (file)
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -807,7 +807,7 @@ nfnetlink_parse_nat_setup(struct nf_conn *ct,
        if (err < 0)
                return err;
 
-       return nf_nat_setup_info(ct, &range, manip);
+       return nf_nat_setup_info(ct, &range, manip) == NF_DROP ? -ENOMEM : 0;
 }
 #else
 static int