[NETFILTER]: ctnetlink: check for status attribute existence on conntrack creation

Check that status flags are available in the netlink message received to create a new conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2006-11-29 01:35:31 (GMT)
committer: David S. Miller <davem@sunset.davemloft.net> 2006-12-03 05:31:27 (GMT)
commit: bbb3357d14f6becd156469220992ef7ab0f10e69 (patch)
tree: f24b5b6491c76d3b384bc09307d6b841fbc0370c /net/ipv4
parent: 1b683b551209ca46ae59b29572018001db5af078 (diff)
download: linux-fsl-qoriq-bbb3357d14f6becd156469220992ef7ab0f10e69.tar.xz
1 files changed, 5 insertions, 3 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 3d277aa..d5d2efd 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -945,9 +945,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
 	ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
 	ct->status |= IPS_CONFIRMED;
 
-	err = ctnetlink_change_status(ct, cda);
-	if (err < 0)
-		goto err;
+	if (cda[CTA_STATUS-1]) {
+		err = ctnetlink_change_status(ct, cda);
+		if (err < 0)
+			goto err;
+	}
 
 	if (cda[CTA_PROTOINFO-1]) {
 		err = ctnetlink_change_protoinfo(ct, cda);
author	Pablo Neira Ayuso <pablo@netfilter.org>	2006-11-29 01:35:31 (GMT)
committer	David S. Miller <davem@sunset.davemloft.net>	2006-12-03 05:31:27 (GMT)
commit	bbb3357d14f6becd156469220992ef7ab0f10e69 (patch)
tree	f24b5b6491c76d3b384bc09307d6b841fbc0370c /net/ipv4
parent	1b683b551209ca46ae59b29572018001db5af078 (diff)
download	linux-fsl-qoriq-bbb3357d14f6becd156469220992ef7ab0f10e69.tar.xz