netfilter: ctnetlink: only assign helpers for matching protocols (794e6871) · Commits · e / devices / android_kernel_oneplus_sm7250

include/net/netfilter/nf_conntrack_helper.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -40,7 +40,7 @@ struct nf_conntrack_helper {
		};

		extern struct nf_conntrack_helper *
		__nf_conntrack_helper_find_byname(const char *name);
		__nf_conntrack_helper_find(const char *name, u16 l3num, u8 protonum);

		extern int nf_conntrack_helper_register(struct nf_conntrack_helper *);
		extern void nf_conntrack_helper_unregister(struct nf_conntrack_helper *);

net/netfilter/nf_conntrack_helper.c

+5 −3

Original line number	Diff line number	Diff line
		@@ -65,7 +65,7 @@ __nf_ct_helper_find(const struct nf_conntrack_tuple *tuple)
		}

		struct nf_conntrack_helper *
		__nf_conntrack_helper_find_byname(const char *name)
		__nf_conntrack_helper_find(const char *name, u16 l3num, u8 protonum)
		{
		struct nf_conntrack_helper *h;
		struct hlist_node *n;
		@@ -73,13 +73,15 @@ __nf_conntrack_helper_find_byname(const char *name)

		for (i = 0; i < nf_ct_helper_hsize; i++) {
		hlist_for_each_entry_rcu(h, n, &nf_ct_helper_hash[i], hnode) {
		if (!strcmp(h->name, name))
		if (!strcmp(h->name, name) &&
		h->tuple.src.l3num == l3num &&
		h->tuple.dst.protonum == protonum)
		return h;
		}
		}
		return NULL;
		}
		EXPORT_SYMBOL_GPL(__nf_conntrack_helper_find_byname);
		EXPORT_SYMBOL_GPL(__nf_conntrack_helper_find);

		struct nf_conn_help nf_ct_helper_ext_add(struct nf_conn ct, gfp_t gfp)
		{

net/netfilter/nf_conntrack_netlink.c

+11 −12

Original line number	Diff line number	Diff line
		@@ -1001,7 +1001,8 @@ ctnetlink_change_helper(struct nf_conn ct, const struct nlattr const cda[])
		return 0;
		}

		helper = __nf_conntrack_helper_find_byname(helpname);
		helper = __nf_conntrack_helper_find(helpname, nf_ct_l3num(ct),
		nf_ct_protonum(ct));
		if (helper == NULL) {
		#ifdef CONFIG_MODULES
		spin_unlock_bh(&nf_conntrack_lock);
		@@ -1012,7 +1013,8 @@ ctnetlink_change_helper(struct nf_conn ct, const struct nlattr const cda[])
		}

		spin_lock_bh(&nf_conntrack_lock);
		helper = __nf_conntrack_helper_find_byname(helpname);
		helper = __nf_conntrack_helper_find(helpname, nf_ct_l3num(ct),
		nf_ct_protonum(ct));
		if (helper)
		return -EAGAIN;
		#endif
		@@ -1211,7 +1213,8 @@ ctnetlink_create_conntrack(struct net *net,
		if (err < 0)
		goto err2;

		helper = __nf_conntrack_helper_find_byname(helpname);
		helper = __nf_conntrack_helper_find(helpname, nf_ct_l3num(ct),
		nf_ct_protonum(ct));
		if (helper == NULL) {
		rcu_read_unlock();
		#ifdef CONFIG_MODULES
		@@ -1221,7 +1224,9 @@ ctnetlink_create_conntrack(struct net *net,
		}

		rcu_read_lock();
		helper = __nf_conntrack_helper_find_byname(helpname);
		helper = __nf_conntrack_helper_find(helpname,
		nf_ct_l3num(ct),
		nf_ct_protonum(ct));
		if (helper) {
		err = -EAGAIN;
		goto err2;
		@@ -1714,7 +1719,6 @@ ctnetlink_del_expect(struct sock ctnl, struct sk_buff skb,
		struct net *net = sock_net(ctnl);
		struct nf_conntrack_expect *exp;
		struct nf_conntrack_tuple tuple;
		struct nf_conntrack_helper *h;
		struct nfgenmsg *nfmsg = nlmsg_data(nlh);
		struct hlist_node n, next;
		u_int8_t u3 = nfmsg->nfgen_family;
		@@ -1751,18 +1755,13 @@ ctnetlink_del_expect(struct sock ctnl, struct sk_buff skb,

		/* delete all expectations for this helper */
		spin_lock_bh(&nf_conntrack_lock);
		h = __nf_conntrack_helper_find_byname(name);
		if (!h) {
		spin_unlock_bh(&nf_conntrack_lock);
		return -EOPNOTSUPP;
		}
		for (i = 0; i < nf_ct_expect_hsize; i++) {
		hlist_for_each_entry_safe(exp, n, next,
		&net->ct.expect_hash[i],
		hnode) {
		m_help = nfct_help(exp->master);
		if (m_help->helper == h
		&& del_timer(&exp->timeout)) {
		if (!strcmp(m_help->helper->name, name) &&
		del_timer(&exp->timeout)) {
		nf_ct_unlink_expect(exp);
		nf_ct_expect_put(exp);
		}