Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d4d6bb41 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by David S. Miller
Browse files

[NETFILTER]: ctnetlink: fix conntrack mark race 



Set conntrack mark before it is in hashes.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 0368309c

net/ipv4/netfilter/ip_conntrack_netlink.c

+5 −5
Original line number Diff line number Diff line
@@ -1031,6 +1031,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[], 
			return err;

	}



#if defined(CONFIG_IP_NF_CONNTRACK_MARK)

	if (cda[CTA_MARK-1])

		ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));

#endif



	ct->helper = ip_conntrack_helper_find_get(rtuple);



	add_timer(&ct->timeout);
@@ -1039,11 +1044,6 @@ ctnetlink_create_conntrack(struct nfattr *cda[], 
	if (ct->helper)

		ip_conntrack_helper_put(ct->helper);



#if defined(CONFIG_IP_NF_CONNTRACK_MARK)

	if (cda[CTA_MARK-1])

		ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));

#endif



	DEBUGP("conntrack with id %u inserted\n", ct->id);

	return 0;