Stéphane Veyret <[email protected]> wrote: > +static void nft_ct_expect_obj_eval(struct nft_object *obj, > + struct nft_regs *regs, > + const struct nft_pktinfo *pkt) > +{ > + const struct nft_ct_expect_obj *priv = nft_obj_data(obj); > + enum ip_conntrack_info ctinfo; > + struct nf_conn *ct = nf_ct_get(pkt->skb, ctinfo); > + int dir = CTINFO2DIR(ctinfo); > + struct nf_conntrack_expect *exp; > + > + exp = nf_ct_expect_alloc(ct); > + if (exp == NULL) { > + nf_ct_helper_log(skb, ct, "cannot allocate expectation"); > + regs->verdict.code = NF_DROP; > + return; > + } > + > + nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, priv->l3num, > + &ct->tuplehash[!dir].tuple.src.u3, > &ct->tuplehash[!dir].tuple.dst.u3, > + priv->l4proto, NULL, &priv->dport); > + if (priv->timeout) > + exp->timeout.expires = jiffies + priv->timeout * HZ; > + > + if (nf_ct_expect_related(exp) != 0) { > + nf_ct_helper_log(skb, ct, "cannot add expectation");
Please remove the nf_ct_helper_log() calls, it will crash in case there is no helper attached to the conntrack. Other than this I don't see any issues here, thanks for working on this!
