Re: [PATCH V2 2/2] netfilter: ctnetlink: Fix regression in CTA_HELP processing

On Thu, Jan 26, 2017 at 02:49:44PM -0800, Kevin Cernekee wrote: > Prior to Linux 4.4, it was usually harmless to send a CTA_HELP attribute > containing the name of the current helper. That is no longer the case: > as of Linux 4.4, if ctnetlink_change_helper() returns an error from > the

Re: [PATCH V2 2/2] netfilter: ctnetlink: Fix regression in CTA_HELP processing

On Thu, Jan 26, 2017 at 02:49:44PM -0800, Kevin Cernekee wrote: > Prior to Linux 4.4, it was usually harmless to send a CTA_HELP attribute > containing the name of the current helper. That is no longer the case: > as of Linux 4.4, if ctnetlink_change_helper() returns an error from > the

[PATCH V2 2/2] netfilter: ctnetlink: Fix regression in CTA_HELP processing

Prior to Linux 4.4, it was usually harmless to send a CTA_HELP attribute containing the name of the current helper. That is no longer the case: as of Linux 4.4, if ctnetlink_change_helper() returns an error from the ct->master check, processing of the request will fail, skipping the NFQA_EXP

[PATCH V2 2/2] netfilter: ctnetlink: Fix regression in CTA_HELP processing

Prior to Linux 4.4, it was usually harmless to send a CTA_HELP attribute containing the name of the current helper. That is no longer the case: as of Linux 4.4, if ctnetlink_change_helper() returns an error from the ct->master check, processing of the request will fail, skipping the NFQA_EXP