Почетна Преглед Помоћ
Пријавите се
PUBLIC_REPOS
/
ti-processor-sdk-linux
2
0
Креирај огранак 0
Датотеке Дискусије 0 Захтеви за спајање 0 Вики
Преглед изворни кода

netfilter: synproxy: fix conntrackd interaction

This patch fixes the creation of connection tracking entry from
netlink when synproxy is used. It was missing the addition of
the synproxy extension.

This was causing kernel crashes when a conntrack entry created by
conntrackd was used after the switch of traffic from active node
to the passive node.

Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Eric Leblond пре 8 година
родитељ
324318f024
комит
87e94dbc21
1 измењених фајлова са 4 додато и 0 уклоњено
Подељен поглед Покажи статистику Diff
  1. 4 0
      net/netfilter/nf_conntrack_netlink.c

+ 4 - 0
net/netfilter/nf_conntrack_netlink.c
Прегледај датотеку 

@@ -45,6 +45,8 @@
 
 #include <net/netfilter/nf_conntrack_zones.h>
 
 #include <net/netfilter/nf_conntrack_timestamp.h>
 
 #include <net/netfilter/nf_conntrack_labels.h>
 
+#include <net/netfilter/nf_conntrack_seqadj.h>
 
+#include <net/netfilter/nf_conntrack_synproxy.h>
 
 #ifdef CONFIG_NF_NAT_NEEDED
 
 #include <net/netfilter/nf_nat_core.h>
 
 #include <net/netfilter/nf_nat_l4proto.h>
 
@@ -1827,6 +1829,8 @@ ctnetlink_create_conntrack(struct net *net,
 
 	nf_ct_tstamp_ext_add(ct, GFP_ATOMIC);
 
 	nf_ct_ecache_ext_add(ct, 0, 0, GFP_ATOMIC);
 
 	nf_ct_labels_ext_add(ct);
 
+	nfct_seqadj_ext_add(ct);
 
+	nfct_synproxy_ext_add(ct);
 
 
 	/* we must add conntrack extensions before confirmation. */
 
 	ct->status |= IPS_CONFIRMED;