[NETFILTER] ctnetlink: Add support to identify expectations by ID's Signed-off-by: Pablo Neira Ayuso <[EMAIL PROTECTED]> Signed-off-by: Harald Welte <[EMAIL PROTECTED]>
---
commit b98f5d02ab4cecbe4c3b038287e064973be27dcb
tree 135f77d58d8b18a19dc91c83e6f01c094f810be1
parent 9cdec7d1acde0d0a9e15ba39b749d38e94179af4
author Pablo Neira Ayuso <[EMAIL PROTECTED]> Tue, 08 Nov 2005 15:54:43 +0100
committer Harald Welte <[EMAIL PROTECTED]> Tue, 08 Nov 2005 15:54:43 +0100
net/ipv4/netfilter/ip_conntrack_netlink.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c
b/net/ipv4/netfilter/ip_conntrack_netlink.c
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -1299,6 +1299,14 @@ ctnetlink_get_expect(struct sock *ctnl,
if (!exp)
return -ENOENT;
+ if (cda[CTA_EXPECT_ID-1]) {
+ u_int32_t id = *(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_ID-1]);
+ if (exp->id != ntohl(id)) {
+ ip_conntrack_expect_put(exp);
+ return -ENOENT;
+ }
+ }
+
err = -ENOMEM;
skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
if (!skb2)
--
- Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
pgpQuxdeJWIU4.pgp
Description: PGP signature
