From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 9 Nov 2005 21:03:42 +0000 (-0800)
Subject: [NETFILTER] ctnetlink: Add support to identify expectations by ID's
X-Git-Tag: firefly_0821_release~40184^2~4
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=a856a19a9f3ee14fc0d555470f3af138aeb0245c;p=firefly-linux-kernel-4.4.55.git

[NETFILTER] ctnetlink: Add support to identify expectations by ID's

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 7fe745659642..5c1c0a3d1c4b 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -1293,6 +1293,14 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
 	if (!exp)
 		return -ENOENT;
 
+	if (cda[CTA_EXPECT_ID-1]) {
+		u_int32_t id = *(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_ID-1]);
+		if (exp->id != ntohl(id)) {
+			ip_conntrack_expect_put(exp);
+			return -ENOENT;
+		}
+	}	
+
 	err = -ENOMEM;
 	skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
 	if (!skb2)