* [PATCH nf] netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY
@ 2021-11-03 22:21 Florent Fourcot
2021-11-03 22:21 ` [PATCH nf] netfilter: ctnetlink: do not erase error code with EINVAL Florent Fourcot
2021-11-08 10:37 ` [PATCH nf] netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY Pablo Neira Ayuso
0 siblings, 2 replies; 4+ messages in thread
From: Florent Fourcot @ 2021-11-03 22:21 UTC (permalink / raw)
To: netfilter-devel; +Cc: Florent Fourcot
filter->orig_flags was used for a reply context.
Signed-off-by: Florent Fourcot <florent.fourcot@wifirst.fr>
Fixes: cb8aa9a3affb ("netfilter: ctnetlink: add kernel side filtering for dump")
---
net/netfilter/nf_conntrack_netlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index f1e5443fe7c7..2663764d0b6e 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1011,7 +1011,7 @@ ctnetlink_alloc_filter(const struct nlattr * const cda[], u8 family)
CTA_TUPLE_REPLY,
filter->family,
&filter->zone,
- filter->orig_flags);
+ filter->reply_flags);
if (err < 0) {
err = -EINVAL;
goto err_filter;
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH nf] netfilter: ctnetlink: do not erase error code with EINVAL
2021-11-03 22:21 [PATCH nf] netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY Florent Fourcot
@ 2021-11-03 22:21 ` Florent Fourcot
2021-11-08 10:37 ` Pablo Neira Ayuso
2021-11-08 10:37 ` [PATCH nf] netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY Pablo Neira Ayuso
1 sibling, 1 reply; 4+ messages in thread
From: Florent Fourcot @ 2021-11-03 22:21 UTC (permalink / raw)
To: netfilter-devel; +Cc: Florent Fourcot
And be consistent in error management for both orig/reply filtering
Signed-off-by: Florent Fourcot <florent.fourcot@wifirst.fr>
Fixes: cb8aa9a3affb ("netfilter: ctnetlink: add kernel side filtering for dump")
---
net/netfilter/nf_conntrack_netlink.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 2663764d0b6e..c7708bde057c 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1012,10 +1012,8 @@ ctnetlink_alloc_filter(const struct nlattr * const cda[], u8 family)
filter->family,
&filter->zone,
filter->reply_flags);
- if (err < 0) {
- err = -EINVAL;
+ if (err < 0)
goto err_filter;
- }
}
return filter;
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH nf] netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY
2021-11-03 22:21 [PATCH nf] netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY Florent Fourcot
2021-11-03 22:21 ` [PATCH nf] netfilter: ctnetlink: do not erase error code with EINVAL Florent Fourcot
@ 2021-11-08 10:37 ` Pablo Neira Ayuso
1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2021-11-08 10:37 UTC (permalink / raw)
To: Florent Fourcot; +Cc: netfilter-devel
On Wed, Nov 03, 2021 at 11:21:54PM +0100, Florent Fourcot wrote:
> filter->orig_flags was used for a reply context.
Applied, thanks
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH nf] netfilter: ctnetlink: do not erase error code with EINVAL
2021-11-03 22:21 ` [PATCH nf] netfilter: ctnetlink: do not erase error code with EINVAL Florent Fourcot
@ 2021-11-08 10:37 ` Pablo Neira Ayuso
0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2021-11-08 10:37 UTC (permalink / raw)
To: Florent Fourcot; +Cc: netfilter-devel
On Wed, Nov 03, 2021 at 11:21:55PM +0100, Florent Fourcot wrote:
> And be consistent in error management for both orig/reply filtering
Also applied.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-11-08 10:37 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-11-03 22:21 [PATCH nf] netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY Florent Fourcot
2021-11-03 22:21 ` [PATCH nf] netfilter: ctnetlink: do not erase error code with EINVAL Florent Fourcot
2021-11-08 10:37 ` Pablo Neira Ayuso
2021-11-08 10:37 ` [PATCH nf] netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.