netfilter: nft_ct: make l3 protocol field optional for timeout object

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

If l3 protocol value is not specified for ct timeout object then use the
value from nft_ctx protocol family.

Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Harsha Sharma and committed by

Pablo Neira Ayuso 7 years ago 3206c516 1bfc2bc7

+4 -3

1 changed file

expand all

net

netfilter

nft_ct.c

+4 -3

net/netfilter/nft_ct.c

··· 832 832 __u8 l4num; 833 833 int ret; 834 834 835 - if (!tb[NFTA_CT_TIMEOUT_L3PROTO] || 836 - !tb[NFTA_CT_TIMEOUT_L4PROTO] || 835 + if (!tb[NFTA_CT_TIMEOUT_L4PROTO] || 837 836 !tb[NFTA_CT_TIMEOUT_DATA]) 838 837 return -EINVAL; 839 838 840 - l3num = ntohs(nla_get_be16(tb[NFTA_CT_TIMEOUT_L3PROTO])); 839 + if (tb[NFTA_CT_TIMEOUT_L3PROTO]) 840 + l3num = ntohs(nla_get_be16(tb[NFTA_CT_TIMEOUT_L3PROTO])); 841 + 841 842 l4num = nla_get_u8(tb[NFTA_CT_TIMEOUT_L4PROTO]); 842 843 priv->l4proto = l4num; 843 844