brain-hackers_pepepper-mirror
/
linux-brain
mirror of https://github.com/brain-hackers/linux-brain.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

net/sched: act_ct: fix err check for nf_conntrack_confirm 

commit 8955b90c3cdad199137809aac8ccbbb585355913 upstream.

The confirm operation should be checked. If there are any failed,
the packet should be dropped like in ovs and netfilter.

Fixes: b57dc7c13e ("net/sched: Introduce action ct")
Signed-off-by: wenxu <wenxu@ucloud.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
wenxu 2021-07-02 11:34:31 +08:00 committed by Greg Kroah-Hartman
parent 2497307356
commit 813d45499f
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
net/sched/act_ct.c
View File

@ -474,7 +474,8 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a,
/* This will take care of sending queued events
* even if the connection is already confirmed.
*/
nf_conntrack_confirm(skb);
if (nf_conntrack_confirm(skb) != NF_ACCEPT)
goto drop;
}
out_push: