summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2016-09-09 15:38:12 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2016-09-12 20:32:57 +0200
commitecfcdfec7e0cc64215a194044305f02a5a836e6d (patch)
tree955326d1fee680de672f6bb320bb418d56a83c96
parentnetfilter: nft_chain_route: re-route before skb is queued to userspace (diff)
downloadlinux-ecfcdfec7e0cc64215a194044305f02a5a836e6d.tar.xz
linux-ecfcdfec7e0cc64215a194044305f02a5a836e6d.zip
netfilter: nf_nat: handle NF_DROP from nfnetlink_parse_nat_setup()
nf_nat_setup_info() returns NF_* verdicts, so convert them to error codes that is what ctnelink expects. This has passed overlook without having any impact since this nf_nat_setup_info() has always returned NF_ACCEPT so far. Since 870190a9ec90 ("netfilter: nat: convert nat bysrc hash to rhashtable"), this is problem. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/netfilter/nf_nat_core.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index de31818417b8..19c081e1b328 100644
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -807,7 +807,7 @@ nfnetlink_parse_nat_setup(struct nf_conn *ct,
if (err < 0)
return err;
- return nf_nat_setup_info(ct, &range, manip);
+ return nf_nat_setup_info(ct, &range, manip) == NF_DROP ? -ENOMEM : 0;
}
#else
static int