Commit 5c65ed5c authored Feb 23, 2017 by Jarno Rajahalme Committed by Greg Kroah-Hartman Oct 21, 2017

netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value.




[ Upstream commit 4b86c459c7bee3acaf92f0e2b4c6ac803eaa1a58 ]

Commit 4dee62b1b9b4 ("netfilter: nf_ct_expect: nf_ct_expect_insert()
returns void") inadvertently changed the successful return value of
nf_ct_expect_related_report() from 0 to 1 due to
__nf_ct_expect_check() returning 1 on success.  Prevent this
regression in the future by changing the return value of
__nf_ct_expect_check() to 0 on success.

Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 743a3ce1

net/netfilter/nf_conntrack_expect.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -395,7 +395,7 @@ static inline int __nf_ct_expect_check(struct nf_conntrack_expect *expect)
		struct net *net = nf_ct_exp_net(expect);
		struct hlist_node *next;
		unsigned int h;
		int ret = 1;
		int ret = 0;

		if (!master_help) {
		ret = -ESHUTDOWN;
		@@ -445,7 +445,7 @@ int nf_ct_expect_related_report(struct nf_conntrack_expect *expect,

		spin_lock_bh(&nf_conntrack_expect_lock);
		ret = __nf_ct_expect_check(expect);
		if (ret <= 0)
		if (ret < 0)
		goto out;

		ret = nf_ct_expect_insert(expect);