On Tue, Nov 28, 2017 at 01:12:06PM +0100, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > static int ctnetlink_flush_conntrack(struct net *net,
> > @@ -1174,6 +1177,13 @@ static int ctnetlink_del_conntrack(struct net *net, struct sock *ctnl,
> > nf_ct_put(ct);
> > return -ENOENT;
> > }
> > + } else if (cda[CTA_ID64]) {
> > + u64 id = ntohl(nla_get_be64(cda[CTA_ID64]));
>
> be64_to_cpu()?
>
> But at this point we already uniquely identified the conntrack entry
> so the ID check appears to be unneeded?
>
> I never understood existing test either, so this remark isn't specific
> to your patch.
When the ID was incremental, not a memory address, you could use it to
specifically refer to a conntrack through tuple + id.
If a conntrack with tuple X is gone, then created again, you refer to
the right object.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
