Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ff4ca8273eafbba875a86d333e059e78f292107f
Commit:     ff4ca8273eafbba875a86d333e059e78f292107f
Parent:     3af8e31cf57646284b5f77f9d57d2c22fa77485a
Author:     Pablo Neira Ayuso <[EMAIL PROTECTED]>
AuthorDate: Tue Aug 7 18:11:26 2007 -0700
Committer:  David S. Miller <[EMAIL PROTECTED]>
CommitDate: Tue Aug 7 18:11:26 2007 -0700

    [NETFILTER]: ctnetlink: return EEXIST instead of EINVAL for existing nat'ed 
conntracks
    
    ctnetlink must return EEXIST for existing nat'ed conntracks instead of
    EINVAL. Only return EINVAL if we try to update a conntrack with NAT
    handlings (that is not allowed).
    
    Decadence:libnetfilter_conntrack/utils# ./conntrack_create_nat
    TEST: create conntrack (0)(Success)
    Decadence:libnetfilter_conntrack/utils# ./conntrack_create_nat
    TEST: create conntrack (-1)(Invalid argument)
    
    Signed-off-by: Pablo Neira Ayuso <[EMAIL PROTECTED]>
    Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]>
    Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
---
 net/netfilter/nf_conntrack_netlink.c |   17 +++++++++--------
 1 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/net/netfilter/nf_conntrack_netlink.c 
b/net/netfilter/nf_conntrack_netlink.c
index 6f89b10..2863e72 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1052,17 +1052,18 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct 
sk_buff *skb,
        }
        /* implicit 'else' */
 
-       /* we only allow nat config for new conntracks */
-       if (cda[CTA_NAT_SRC-1] || cda[CTA_NAT_DST-1]) {
-               err = -EINVAL;
-               goto out_unlock;
-       }
-
        /* We manipulate the conntrack inside the global conntrack table lock,
         * so there's no need to increase the refcount */
        err = -EEXIST;
-       if (!(nlh->nlmsg_flags & NLM_F_EXCL))
-               err = ctnetlink_change_conntrack(nf_ct_tuplehash_to_ctrack(h), 
cda);
+       if (!(nlh->nlmsg_flags & NLM_F_EXCL)) {
+               /* we only allow nat config for new conntracks */
+               if (cda[CTA_NAT_SRC-1] || cda[CTA_NAT_DST-1]) {
+                       err = -EINVAL;
+                       goto out_unlock;
+               }
+               err = ctnetlink_change_conntrack(nf_ct_tuplehash_to_ctrack(h),
+                                                cda);
+       }
 
 out_unlock:
        write_unlock_bh(&nf_conntrack_lock);
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to