diff options
author | Florian Westphal <fw@strlen.de> | 2016-05-06 00:51:47 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-05-06 11:50:01 +0200 |
commit | 03d7dc5cdfe6fd4e5bd04cfc2be7ae259f956428 (patch) | |
tree | 154c3f3f33680d9294dd10c50eb5217f2ace6887 /net/ipv4 | |
parent | netfilter: nf_tables: allow set names up to 32 bytes (diff) | |
download | linux-03d7dc5cdfe6fd4e5bd04cfc2be7ae259f956428.tar.xz linux-03d7dc5cdfe6fd4e5bd04cfc2be7ae259f956428.zip |
netfilter: conntrack: check netns when walking expect hash
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c index f8fc7ab201c9..2b4c729fcf8d 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c @@ -301,6 +301,9 @@ static int exp_seq_show(struct seq_file *s, void *v) exp = hlist_entry(n, struct nf_conntrack_expect, hnode); + if (!net_eq(nf_ct_net(exp->master), seq_file_net(s))) + return 0; + if (exp->tuple.src.l3num != AF_INET) return 0; |