diff options
| author | Paolo Abeni <pabeni@redhat.com> | 2023-04-26 10:17:46 +0200 |
|---|---|---|
| committer | Paolo Abeni <pabeni@redhat.com> | 2023-04-26 10:17:46 +0200 |
| commit | c248b27cfc0a8a5fee93e000d47e659bca335d0f (patch) | |
| tree | e4898df753acf2d2d9885844ea37b9f03ccf661c /net/netfilter/nf_conntrack_netlink.c | |
| parent | 28b17f6270f182e22cdad5a0fdc4979031e4486a (diff) | |
| parent | 50749f2dd6854a41830996ad302aef2ffaf011d8 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
No conflicts.
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Diffstat (limited to 'net/netfilter/nf_conntrack_netlink.c')
| -rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index fbc47e4b7bc3..d40544cd61a6 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -176,7 +176,12 @@ nla_put_failure: static int ctnetlink_dump_timeout(struct sk_buff *skb, const struct nf_conn *ct, bool skip_zero) { - long timeout = nf_ct_expires(ct) / HZ; + long timeout; + + if (nf_ct_is_confirmed(ct)) + timeout = nf_ct_expires(ct) / HZ; + else + timeout = ct->timeout / HZ; if (skip_zero && timeout == 0) return 0; @@ -2245,9 +2250,6 @@ ctnetlink_create_conntrack(struct net *net, if (!cda[CTA_TIMEOUT]) goto err1; - timeout = (u64)ntohl(nla_get_be32(cda[CTA_TIMEOUT])) * HZ; - __nf_ct_set_timeout(ct, timeout); - rcu_read_lock(); if (cda[CTA_HELP]) { char *helpname = NULL; @@ -2308,6 +2310,12 @@ ctnetlink_create_conntrack(struct net *net, nfct_seqadj_ext_add(ct); nfct_synproxy_ext_add(ct); + /* we must add conntrack extensions before confirmation. */ + ct->status |= IPS_CONFIRMED; + + timeout = (u64)ntohl(nla_get_be32(cda[CTA_TIMEOUT])) * HZ; + __nf_ct_set_timeout(ct, timeout); + if (cda[CTA_STATUS]) { err = ctnetlink_change_status(ct, cda); if (err < 0) |