tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: nf_conntrack_expect: skip expectations in other netns via proc

Skip expectations that do not reside in this netns.

Similar to e77e6ff502ea ("netfilter: conntrack: do not dump other netns's
conntrack entries via proc").

Fixes: 9b03f38d0487 ("netfilter: netns nf_conntrack: per-netns expectations")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso 3db56479 02a3231b

+4
+4
net/netfilter/nf_conntrack_expect.c
··· 652 652 { 653 653 struct nf_conntrack_expect *expect; 654 654 struct nf_conntrack_helper *helper; 655 + struct net *net = seq_file_net(s); 655 656 struct hlist_node *n = v; 656 657 char *delim = ""; 657 658 658 659 expect = hlist_entry(n, struct nf_conntrack_expect, hnode); 660 + 661 + if (!net_eq(nf_ct_exp_net(expect), net)) 662 + return 0; 659 663 660 664 if (expect->timeout.function) 661 665 seq_printf(s, "%ld ", timer_pending(&expect->timeout)