diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2005-11-09 22:03:42 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-11-09 22:03:42 +0100 |
commit | a856a19a9f3ee14fc0d555470f3af138aeb0245c (patch) | |
tree | 52b79f12f4780e9b4afea6e2e6ed0f33d6948d92 /net | |
parent | [NETFILTER] ctnetlink: propagate error instaed of returning -EPERM (diff) | |
download | linux-a856a19a9f3ee14fc0d555470f3af138aeb0245c.tar.xz linux-a856a19a9f3ee14fc0d555470f3af138aeb0245c.zip |
[NETFILTER] ctnetlink: Add support to identify expectations by ID's
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_netlink.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c index 7fe745659642..5c1c0a3d1c4b 100644 --- a/net/ipv4/netfilter/ip_conntrack_netlink.c +++ b/net/ipv4/netfilter/ip_conntrack_netlink.c @@ -1293,6 +1293,14 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb, if (!exp) return -ENOENT; + if (cda[CTA_EXPECT_ID-1]) { + u_int32_t id = *(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_ID-1]); + if (exp->id != ntohl(id)) { + ip_conntrack_expect_put(exp); + return -ENOENT; + } + } + err = -ENOMEM; skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); if (!skb2) |