Re: [PATCH V2 2/2] netfilter: ctnetlink: Fix regression in CTA_HELP processing

From: Pablo Neira Ayuso
Date: Mon Feb 06 2017 - 06:44:52 EST

Next message: Gustavo Padovan: "Re: [PATCH] drm/vc4: simplify exit path of a failed allocation of dsi_connector"
Previous message: Pablo Neira Ayuso: "Re: [PATCH V2 1/2] netfilter: ctnetlink: Fix regression in CTA_STATUS processing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 26, 2017 at 02:49:44PM -0800, Kevin Cernekee wrote:
> Prior to Linux 4.4, it was usually harmless to send a CTA_HELP attribute
> containing the name of the current helper. That is no longer the case:
> as of Linux 4.4, if ctnetlink_change_helper() returns an error from
> the ct->master check, processing of the request will fail, skipping the
> NFQA_EXP attribute (if present).
>
> This patch changes the behavior to improve compatibility with user
> programs that expect the kernel interface to work the way it did prior
> to Linux 4.4. If a user program specifies CTA_HELP but the argument
> matches the current conntrack helper name, ignore it instead of generating
> an error.

Also applied, thanks Kevin.

Next message: Gustavo Padovan: "Re: [PATCH] drm/vc4: simplify exit path of a failed allocation of dsi_connector"
Previous message: Pablo Neira Ayuso: "Re: [PATCH V2 1/2] netfilter: ctnetlink: Fix regression in CTA_STATUS processing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]