summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarsha Sharma <harshasharmaiitr@gmail.com>2018-08-10 19:22:37 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2018-08-16 19:37:08 +0200
commit3206c516ce4e4b56d7b99341814c261ec190f6df (patch)
tree3d7a31ef5feebf253ca60386645a76e1069b75c2
parentnetfilter: doc: Add nf_tables part in tproxy.txt (diff)
downloadlinux-3206c516ce4e4b56d7b99341814c261ec190f6df.tar.xz
linux-3206c516ce4e4b56d7b99341814c261ec190f6df.zip
netfilter: nft_ct: make l3 protocol field optional for timeout object
If l3 protocol value is not specified for ct timeout object then use the value from nft_ctx protocol family. Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/netfilter/nft_ct.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index 4855d4ce1c8f..26a8baebd072 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -832,12 +832,13 @@ static int nft_ct_timeout_obj_init(const struct nft_ctx *ctx,
__u8 l4num;
int ret;
- if (!tb[NFTA_CT_TIMEOUT_L3PROTO] ||
- !tb[NFTA_CT_TIMEOUT_L4PROTO] ||
+ if (!tb[NFTA_CT_TIMEOUT_L4PROTO] ||
!tb[NFTA_CT_TIMEOUT_DATA])
return -EINVAL;
- l3num = ntohs(nla_get_be16(tb[NFTA_CT_TIMEOUT_L3PROTO]));
+ if (tb[NFTA_CT_TIMEOUT_L3PROTO])
+ l3num = ntohs(nla_get_be16(tb[NFTA_CT_TIMEOUT_L3PROTO]));
+
l4num = nla_get_u8(tb[NFTA_CT_TIMEOUT_L4PROTO]);
priv->l4proto = l4num;