diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-08-18 21:30:55 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-08-18 21:30:55 -0700 |
commit | 1575e7ea018fec992b94a12a1a491ce693ae9eac (patch) | |
tree | 5a93c71ea8ac0cb1ad0703c0ee03cd52aa268707 /Kbuild | |
parent | 46faec9858e8943226464dac50e205bf210d9174 (diff) | |
download | kernel-crypto-1575e7ea018fec992b94a12a1a491ce693ae9eac.tar.gz kernel-crypto-1575e7ea018fec992b94a12a1a491ce693ae9eac.tar.xz kernel-crypto-1575e7ea018fec992b94a12a1a491ce693ae9eac.zip |
netfilter: ctnetlink: fix double helper assignation for NAT'ed conntracks
If we create a conntrack that has NAT handlings and a helper, the helper
is assigned twice. This happens because nf_nat_setup_info() - via
nf_conntrack_alter_reply() - sets the helper before ctnetlink, which
indeed does not check if the conntrack already has a helper as it thinks that
it is a brand new conntrack.
The fix moves the helper assignation before the set of the status flags.
This avoids a bogus assertion in __nf_ct_ext_add (if netfilter assertions are
enabled) which checks that the conntrack must not be confirmed.
This problem was introduced in 2.6.23 with the netfilter extension
infrastructure.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'Kbuild')
0 files changed, 0 insertions, 0 deletions