Stéphane Veyret <sveyret@xxxxxxxxx> wrote:
> +static void nft_ct_expect_obj_eval(struct nft_object *obj,
> + struct nft_regs *regs,
> + const struct nft_pktinfo *pkt)
> +{
> + const struct nft_ct_expect_obj *priv = nft_obj_data(obj);
> + enum ip_conntrack_info ctinfo;
> + struct nf_conn *ct = nf_ct_get(pkt->skb, ctinfo);
> + int dir = CTINFO2DIR(ctinfo);
> + struct nf_conntrack_expect *exp;
> +
> + exp = nf_ct_expect_alloc(ct);
> + if (exp == NULL) {
> + nf_ct_helper_log(skb, ct, "cannot allocate expectation");
> + regs->verdict.code = NF_DROP;
> + return;
> + }
> +
> + nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, priv->l3num,
> + &ct->tuplehash[!dir].tuple.src.u3, &ct->tuplehash[!dir].tuple.dst.u3,
> + priv->l4proto, NULL, &priv->dport);
> + if (priv->timeout)
> + exp->timeout.expires = jiffies + priv->timeout * HZ;
> +
> + if (nf_ct_expect_related(exp) != 0) {
> + nf_ct_helper_log(skb, ct, "cannot add expectation");
Please remove the nf_ct_helper_log() calls, it will crash in case there is no helper
attached to the conntrack.
Other than this I don't see any issues here, thanks for working on this!
