[PATCH nf-next 1/1] netfilter: nfnetlink_queue: return -EOPNOTSUPP if QUEUE_CT is disabled

Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx> · Thu, 10 Sep 2015 18:24:57 +0900

Current kernel ignores NFQA_CFG_F_CONNTRACK config flag request even
if NETFILTER_NETLINK_QUEUE_CT is disabled. This patch enables to tell
it user by returning error nlmsg.

Signed-off-by: Ken-ichirou MATSUZAWA <chamas@xxxxxxxxxxxxx>
---
 net/netfilter/nfnetlink_queue.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 801af4e..40982c7 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -1224,6 +1224,11 @@ nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
 			goto err_out_unlock;
 		}
 #endif
+		if (flags & mask & NFQA_CFG_F_CONNTRACK &&
+		    rcu_dereference(nfq_ct_hook) == NULL) {
+			ret = -EOPNOTSUPP;
+			goto err_out_unlock;
+		}
 		spin_lock_bh(&queue->lock);
 		queue->flags &= ~mask;
 		queue->flags |= flags & mask;
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






