diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-09-09 15:38:12 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-09-12 20:32:57 +0200 |
commit | ecfcdfec7e0cc64215a194044305f02a5a836e6d (patch) | |
tree | 955326d1fee680de672f6bb320bb418d56a83c96 /net | |
parent | netfilter: nft_chain_route: re-route before skb is queued to userspace (diff) | |
download | linux-ecfcdfec7e0cc64215a194044305f02a5a836e6d.tar.xz linux-ecfcdfec7e0cc64215a194044305f02a5a836e6d.zip |
netfilter: nf_nat: handle NF_DROP from nfnetlink_parse_nat_setup()
nf_nat_setup_info() returns NF_* verdicts, so convert them to error
codes that is what ctnelink expects. This has passed overlook without
having any impact since this nf_nat_setup_info() has always returned
NF_ACCEPT so far. Since 870190a9ec90 ("netfilter: nat: convert nat bysrc
hash to rhashtable"), this is problem.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_nat_core.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c index de31818417b8..19c081e1b328 100644 --- a/net/netfilter/nf_nat_core.c +++ b/net/netfilter/nf_nat_core.c @@ -807,7 +807,7 @@ nfnetlink_parse_nat_setup(struct nf_conn *ct, if (err < 0) return err; - return nf_nat_setup_info(ct, &range, manip); + return nf_nat_setup_info(ct, &range, manip) == NF_DROP ? -ENOMEM : 0; } #else static int |