netfilter: synproxy: fix conntrackd interaction

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This patch fixes the creation of connection tracking entry from
netlink when synproxy is used. It was missing the addition of
the synproxy extension.

This was causing kernel crashes when a conntrack entry created by
conntrackd was used after the switch of traffic from active node
to the passive node.

Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Eric Leblond and committed by

Pablo Neira Ayuso 9 years ago 87e94dbc 324318f0

1 changed file

expand all

net

netfilter

nf_conntrack_netlink.c

net/netfilter/nf_conntrack_netlink.c

··· 45 45 #include <net/netfilter/nf_conntrack_zones.h> 46 46 #include <net/netfilter/nf_conntrack_timestamp.h> 47 47 #include <net/netfilter/nf_conntrack_labels.h> 48 + #include <net/netfilter/nf_conntrack_seqadj.h> 49 + #include <net/netfilter/nf_conntrack_synproxy.h> 48 50 #ifdef CONFIG_NF_NAT_NEEDED 49 51 #include <net/netfilter/nf_nat_core.h> 50 52 #include <net/netfilter/nf_nat_l4proto.h> ··· 1829 1827 nf_ct_tstamp_ext_add(ct, GFP_ATOMIC); 1830 1828 nf_ct_ecache_ext_add(ct, 0, 0, GFP_ATOMIC); 1831 1829 nf_ct_labels_ext_add(ct); 1830 + nfct_seqadj_ext_add(ct); 1831 + nfct_synproxy_ext_add(ct); 1832 1832 1833 1833 /* we must add conntrack extensions before confirmation. */ 1834 1834 ct->status |= IPS_CONFIRMED;