[NETFILTER]: ctnetlink: fix expectation timeout dumping
When the timer is late its timeout might be before the current time,
in which case a very large value is dumped.
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
---
commit 56ffe07f8708058c5aab185ea4658257a5b9f709
tree 18f33542fe1a7ef7ac0ea0840b9686264ed5655b
parent 94c79530c678600dc80eb1ce09df60e6b059cddd
author Patrick McHardy <kaber@xxxxxxxxx> Mon, 17 Dec 2007 14:58:27 +0100
committer Patrick McHardy <kaber@xxxxxxxxx> Tue, 18 Dec 2007 00:24:57 +0100
net/netfilter/nf_conntrack_netlink.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index dcd0c9a..7501258 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1356,7 +1356,10 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb,
const struct nf_conntrack_expect *exp)
{
struct nf_conn *master = exp->master;
- __be32 timeout = htonl((exp->timeout.expires - jiffies) / HZ);
+ long timeout = (exp->timeout.expires - jiffies) / HZ;
+
+ if (timeout < 0)
+ timeout = 0;
if (ctnetlink_exp_dump_tuple(skb, &exp->tuple, CTA_EXPECT_TUPLE) < 0)
goto nla_put_failure;
@@ -1367,7 +1370,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb,
CTA_EXPECT_MASTER) < 0)
goto nla_put_failure;
- NLA_PUT_BE32(skb, CTA_EXPECT_TIMEOUT, timeout);
+ NLA_PUT_BE32(skb, CTA_EXPECT_TIMEOUT, htonl(timeout));
NLA_PUT_BE32(skb, CTA_EXPECT_ID, htonl((unsigned long)exp));
return 0;
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
