On Tue, Jun 25, 2019 at 12:16:30PM -0400, Felix Kaechele wrote:
> On 2019-06-25 11:08 a.m., Kristian Evensen wrote:
>
> > Pablos patch implements
> > the first thing that I wanted to try (only read and use version/family
> > when flushing), and I see that Nicolas has made some suggestions. If
> > you could first try Pablo's patch with Nicolas' changes, that would be
> > great as the change should revert behavior of delete back to how it
> > was before my change.
>
> Yes, these changes fix the issue for me.
>
> I have attached the patch I used, which is probably the change that Pablo
> initially intended.
That's the right fix indeed, would you mind to submit it including a
patch description and Signed-off-by: tag?
This should apply via git-am.
Thanks.
> diff --git a/net/netfilter/nf_conntrack_netlink.c
> b/net/netfilter/nf_conntrack_netlink.c
> index d2715b4d2e72..061bdab37b1a 100644
> --- a/net/netfilter/nf_conntrack_netlink.c
> +++ b/net/netfilter/nf_conntrack_netlink.c
> @@ -1254,7 +1254,6 @@ static int ctnetlink_del_conntrack(struct net *net,
> struct sock *ctnl,
> struct nf_conntrack_tuple tuple;
> struct nf_conn *ct;
> struct nfgenmsg *nfmsg = nlmsg_data(nlh);
> - u_int8_t u3 = nfmsg->version ? nfmsg->nfgen_family : AF_UNSPEC;
> struct nf_conntrack_zone zone;
> int err;
>
> @@ -1264,11 +1263,13 @@ static int ctnetlink_del_conntrack(struct net *net,
> struct sock *ctnl,
>
> if (cda[CTA_TUPLE_ORIG])
> err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG,
> - u3, &zone);
> + nfmsg->nfgen_family, &zone);
> else if (cda[CTA_TUPLE_REPLY])
> err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_REPLY,
> - u3, &zone);
> + nfmsg->nfgen_family, &zone);
> else {
> + u_int8_t u3 = nfmsg->version ? nfmsg->nfgen_family : AF_UNSPEC;
> +
> return ctnetlink_flush_conntrack(net, cda,
> NETLINK_CB(skb).portid,
> nlmsg_report(nlh), u3);
