diff options
| author | David S. Miller <davem@davemloft.net> | 2022-05-27 13:08:12 +0300 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2022-05-27 13:08:12 +0300 |
| commit | 55919b32d14bfa8e47d0fe44f73ba069d1a2b3df (patch) | |
| tree | 16ca1e32a01ce041b933d03b7daf590ef3496223 /include | |
| parent | 02ded5a173619b11728b8bf75a3fd995a2c1ff28 (diff) | |
| parent | b53c116642502b0c85ecef78bff4f826a7dd4145 (diff) | |
| download | linux-55919b32d14bfa8e47d0fe44f73ba069d1a2b3df.tar.xz | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following contain more Netfilter fixes for net:
1) syzbot warning in nfnetlink bind, from Florian.
2) Refetch conntrack after __nf_conntrack_confirm(), from Florian Westphal.
3) Move struct nf_ct_timeout back at the bottom of the ctnl_time, to
where it before recent update, also from Florian.
4) Add NL_SET_BAD_ATTR() to nf_tables netlink for proper set element
commands error reporting.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/netfilter/nf_conntrack_core.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h index 6406cfee34c2..37866c8386e2 100644 --- a/include/net/netfilter/nf_conntrack_core.h +++ b/include/net/netfilter/nf_conntrack_core.h @@ -58,8 +58,13 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb) int ret = NF_ACCEPT; if (ct) { - if (!nf_ct_is_confirmed(ct)) + if (!nf_ct_is_confirmed(ct)) { ret = __nf_conntrack_confirm(skb); + + if (ret == NF_ACCEPT) + ct = (struct nf_conn *)skb_nfct(skb); + } + if (ret == NF_ACCEPT && nf_ct_ecache_exist(ct)) nf_ct_deliver_cached_events(ct); } |