diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2006-01-05 12:18:25 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-01-05 12:18:25 -0800 |
commit | d4d6bb41e09f07668ca2655da707eab936e8e8f0 (patch) | |
tree | a785fa9ade81b7591ff33c54a23fbcf234f296f5 /net | |
parent | 0368309cb45bbba99f84a01d5fc6a18780788480 (diff) | |
download | op-kernel-dev-d4d6bb41e09f07668ca2655da707eab936e8e8f0.zip op-kernel-dev-d4d6bb41e09f07668ca2655da707eab936e8e8f0.tar.gz |
[NETFILTER]: ctnetlink: fix conntrack mark race
Set conntrack mark before it is in hashes.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_netlink.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c index 04137d0..df04ad8 100644 --- a/net/ipv4/netfilter/ip_conntrack_netlink.c +++ b/net/ipv4/netfilter/ip_conntrack_netlink.c @@ -1031,6 +1031,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[], return err; } +#if defined(CONFIG_IP_NF_CONNTRACK_MARK) + if (cda[CTA_MARK-1]) + ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1])); +#endif + ct->helper = ip_conntrack_helper_find_get(rtuple); add_timer(&ct->timeout); @@ -1039,11 +1044,6 @@ ctnetlink_create_conntrack(struct nfattr *cda[], if (ct->helper) ip_conntrack_helper_put(ct->helper); -#if defined(CONFIG_IP_NF_CONNTRACK_MARK) - if (cda[CTA_MARK-1]) - ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1])); -#endif - DEBUGP("conntrack with id %u inserted\n", ct->id); return 0; |