Commit c969aa7d authored Feb 09, 2009 by Pablo Neira Ayuso Committed by David S. Miller Feb 09, 2009

netfilter: ctnetlink: allow changing NAT sequence adjustment in creation



This patch fixes an inconsistency in the current ctnetlink code
since NAT sequence adjustment bit can only be updated but not set
in the conntrack entry creation.

This patch is used by conntrackd to successfully recover newly
created entries that represent connections with helpers and NAT
payload mangling.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 3f900713

net/netfilter/nf_conntrack_netlink.c

+10 −0

Original line number	Diff line number	Diff line
		@@ -1215,6 +1215,16 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
		}
		}

		#ifdef CONFIG_NF_NAT_NEEDED
		if (cda[CTA_NAT_SEQ_ADJ_ORIG] \|\| cda[CTA_NAT_SEQ_ADJ_REPLY]) {
		err = ctnetlink_change_nat_seq_adj(ct, cda);
		if (err < 0) {
		rcu_read_unlock();
		goto err;
		}
		}
		#endif

		if (cda[CTA_PROTOINFO]) {
		err = ctnetlink_change_protoinfo(ct, cda);
		if (err < 0) {