Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 813d4549 authored by wenxu's avatar wenxu Committed by Greg Kroah-Hartman
Browse files

net/sched: act_ct: fix err check for nf_conntrack_confirm 



commit 8955b90c3cdad199137809aac8ccbbb585355913 upstream.

The confirm operation should be checked. If there are any failed,
the packet should be dropped like in ovs and netfilter.

Fixes: b57dc7c1 ("net/sched: Introduce action ct")
Signed-off-by: default avatarwenxu <wenxu@ucloud.cn>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 24973073

net/sched/act_ct.c

+2 −1
Original line number Diff line number Diff line
@@ -474,7 +474,8 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a, 
		/* This will take care of sending queued events

		 * even if the connection is already confirmed.

		 */

		nf_conntrack_confirm(skb);

		if (nf_conntrack_confirm(skb) != NF_ACCEPT)

			goto drop;

	}



out_push: