On Thu, Dec 13, 2018 at 7:26 AM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > On Wed, Dec 05, 2018 at 08:56:29PM +0800, Yafang Shao wrote: > > nf_ct_l4proto_net() may return NULL. > > That may happens if some module forget to set both l4proto->get_net_proto > > and l4proto->net_id. > > We'd check the return value here, in case crash happens. > > > > Signed-off-by: Yafang Shao <laoar.shao@xxxxxxxxx> > > --- > > net/netfilter/nf_conntrack_proto.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c > > index 154e8c0..316fef3 100644 > > --- a/net/netfilter/nf_conntrack_proto.c > > +++ b/net/netfilter/nf_conntrack_proto.c > > @@ -946,6 +946,9 @@ int nf_conntrack_proto_pernet_init(struct net *net) > > struct nf_proto_net *pn = nf_ct_l4proto_net(net, > > &nf_conntrack_l4proto_generic); > > There is another spot missing in this file that is missing the check > for NULL. > > We can probably simplify all this is we place the gre conntracker in > the conntrack core, as it's been suggested already. It's the only one > remaining as a module and it now supports for IPv6, so it's probably > better follow that path. Got it. Thanks for your explanation. Thanks Yafang
