diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2006-03-22 21:54:15 (GMT) |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2006-03-22 21:54:15 (GMT) |
| commit | 1cde64365b0c4f576f8f45b834e6a6de081b5914 (patch) | |
| tree | 86f35fc9f292365c87b7ff90e0933e9d38db2863 /net/netfilter/nfnetlink_queue.c | |
| parent | 50b521aa54f415a626bfd63d1a9b72120e9fbe88 (diff) | |
| download | linux-fsl-qoriq-1cde64365b0c4f576f8f45b834e6a6de081b5914.tar.xz | |
[NETFILTER]: ctnetlink: Fix expectaction mask dumping
The expectation mask has some particularities that requires a different
handling. The protocol number fields can be set to non-valid protocols,
ie. l3num is set to 0xFFFF. Since that protocol does not exist, the mask
tuple will not be dumped. Moreover, this results in a kernel panic when
nf_conntrack accesses the array of protocol handlers, that is PF_MAX (0x1F)
long.
This patch introduces the function ctnetlink_exp_dump_mask, that correctly
dumps the expectation mask. Such function uses the l3num value from the
expectation tuple that is a valid layer 3 protocol number. The value of the
l3num mask isn't dumped since it is meaningless from the userspace side.
Thanks to Yasuyuki Kozakai and Patrick McHardy for the feedback.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter/nfnetlink_queue.c')
0 files changed, 0 insertions, 0 deletions