Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b067fa00 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: ctnetlink: honor IPS_OFFLOAD flag 



If this flag is set, timeout and state are irrelevant to userspace.

Fixes: 90964016 ("netfilter: nf_conntrack: add IPS_OFFLOAD status bit")
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 88209141

net/netfilter/nf_conntrack_netlink.c

+5 −2
Original line number Diff line number Diff line
@@ -553,10 +553,8 @@ ctnetlink_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type, 
		goto nla_put_failure;



	if (ctnetlink_dump_status(skb, ct) < 0 ||

	    ctnetlink_dump_timeout(skb, ct) < 0 ||

	    ctnetlink_dump_acct(skb, ct, type) < 0 ||

	    ctnetlink_dump_timestamp(skb, ct) < 0 ||

	    ctnetlink_dump_protoinfo(skb, ct) < 0 ||

	    ctnetlink_dump_helpinfo(skb, ct) < 0 ||

	    ctnetlink_dump_mark(skb, ct) < 0 ||

	    ctnetlink_dump_secctx(skb, ct) < 0 ||
@@ -568,6 +566,11 @@ ctnetlink_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type, 
	    ctnetlink_dump_ct_synproxy(skb, ct) < 0)

		goto nla_put_failure;



	if (!test_bit(IPS_OFFLOAD_BIT, &ct->status) &&

	    (ctnetlink_dump_timeout(skb, ct) < 0 ||

	     ctnetlink_dump_protoinfo(skb, ct) < 0))

		goto nla_put_failure;



	nlmsg_end(skb, nlh);

	return skb->len;