Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f699edb1 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nft_ct: enable conntrack for helpers 



Enable conntrack if the user defines a helper to be used from the
ruleset policy.

Fixes: 1a64edf5 ("netfilter: nft_ct: add helper set support")
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 7e0b2b57

net/netfilter/nft_ct.c

+14 −0
Original line number Diff line number Diff line
@@ -963,6 +963,7 @@ static int nft_ct_helper_obj_init(const struct nft_ctx *ctx, 
	struct nf_conntrack_helper *help4, *help6;

	char name[NF_CT_HELPER_NAME_LEN];

	int family = ctx->family;

	int err;



	if (!tb[NFTA_CT_HELPER_NAME] || !tb[NFTA_CT_HELPER_L4PROTO])

		return -EINVAL;
@@ -1013,7 +1014,18 @@ static int nft_ct_helper_obj_init(const struct nft_ctx *ctx, 
	priv->helper4 = help4;

	priv->helper6 = help6;



	err = nf_ct_netns_get(ctx->net, ctx->family);

	if (err < 0)

		goto err_put_helper;



	return 0;



err_put_helper:

	if (priv->helper4)

		nf_conntrack_helper_put(priv->helper4);

	if (priv->helper6)

		nf_conntrack_helper_put(priv->helper6);

	return err;

}



static void nft_ct_helper_obj_destroy(const struct nft_ctx *ctx,
@@ -1025,6 +1037,8 @@ static void nft_ct_helper_obj_destroy(const struct nft_ctx *ctx, 
		nf_conntrack_helper_put(priv->helper4);

	if (priv->helper6)

		nf_conntrack_helper_put(priv->helper6);



	nf_ct_netns_put(ctx->net, ctx->family);

}



static void nft_ct_helper_obj_eval(struct nft_object *obj,