diff mbox series

[nf-next] netfilter: nft_ct: make l3 protocol field optional for timeout object

Message ID 20180810172237.15119-1-harshasharmaiitr@gmail.com
State Accepted
Delegated to: Pablo Neira
Headers show
Series [nf-next] netfilter: nft_ct: make l3 protocol field optional for timeout object | expand

Commit Message

Harsha Sharma Aug. 10, 2018, 5:22 p.m. UTC 
If l3 protocol value is not specified for ct timeout object then use the
value from nft_ctx protocol family.

Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com>
---
 net/netfilter/nft_ct.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Comments

Harsha Sharma Aug. 13, 2018, 7:51 p.m. UTC | #1 
Hello,

On Fri, Aug 10, 2018 at 10:52 PM, Harsha Sharma
<harshasharmaiitr@gmail.com> wrote:
> If l3 protocol value is not specified for ct timeout object then use the
> value from nft_ctx protocol family.

I think I did this before but you asked me to change it (i.e put
L3PROTO condition with other fields).
But this is preferable as l3proto field is optional with nft syntax
for adding ct timeout object.
Also, the latest nft patch is based on this, so can you take this up ?
Thanks a lot.

Regards,
Harsha Sharma
Pablo Neira Ayuso Aug. 16, 2018, 5:15 p.m. UTC | #2 
On Tue, Aug 14, 2018 at 01:21:06AM +0530, Harsha Sharma wrote:
> Hello,
> 
> On Fri, Aug 10, 2018 at 10:52 PM, Harsha Sharma
> <harshasharmaiitr@gmail.com> wrote:
> > If l3 protocol value is not specified for ct timeout object then use the
> > value from nft_ctx protocol family.
> 
> I think I did this before but you asked me to change it (i.e put
> L3PROTO condition with other fields).
> But this is preferable as l3proto field is optional with nft syntax
> for adding ct timeout object.

Thanks for explaining, applied!
diff mbox series

Patch

diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index 4855d4ce1c8f..1c7ac6bde0b5 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -832,12 +832,12 @@  static int nft_ct_timeout_obj_init(const struct nft_ctx *ctx,
 	__u8 l4num;
 	int ret;
 
-	if (!tb[NFTA_CT_TIMEOUT_L3PROTO] ||
-	    !tb[NFTA_CT_TIMEOUT_L4PROTO] ||
-	    !tb[NFTA_CT_TIMEOUT_DATA])
+	if (!tb[NFTA_CT_TIMEOUT_L4PROTO] || !tb[NFTA_CT_TIMEOUT_DATA])
 		return -EINVAL;
 
-	l3num = ntohs(nla_get_be16(tb[NFTA_CT_TIMEOUT_L3PROTO]));
+	if (tb[NFTA_CT_TIMEOUT_L3PROTO])
+		l3num = ntohs(nla_get_be16(tb[NFTA_CT_TIMEOUT_L3PROTO]));
+
 	l4num = nla_get_u8(tb[NFTA_CT_TIMEOUT_L4PROTO]);
 	priv->l4proto = l4num;