| Message ID | 20150910092457.GB28436@gmail.com |
|---|---|
| State | Changes Requested |
| Delegated to: | Pablo Neira |
| Headers | show |
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 801af4e..40982c7 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -1224,6 +1224,11 @@ nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb, goto err_out_unlock; } #endif + if (flags & mask & NFQA_CFG_F_CONNTRACK && + rcu_dereference(nfq_ct_hook) == NULL) { + ret = -EOPNOTSUPP; + goto err_out_unlock; + } spin_lock_bh(&queue->lock); queue->flags &= ~mask; queue->flags |= flags & mask;
Current kernel ignores NFQA_CFG_F_CONNTRACK config flag request even if NETFILTER_NETLINK_QUEUE_CT is disabled. This patch enables to tell it user by returning error nlmsg. Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp> --- net/netfilter/nfnetlink_queue.c | 5 +++++ 1 file changed, 5 insertions(+)