[NETFILTER] conntrack_netlink: Fix endian issue with status from userspace
When we send "status" from userspace, we forget to convert the endianness. This patch adds the reqired conversion. Thanks to Pablo Neira for discovering this. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
b3a91d037a
commit
d000eaf772
|
@ -833,7 +833,8 @@ out:
|
|||
static inline int
|
||||
ctnetlink_change_status(struct ip_conntrack *ct, struct nfattr *cda[])
|
||||
{
|
||||
unsigned long d, status = *(u_int32_t *)NFA_DATA(cda[CTA_STATUS-1]);
|
||||
unsigned long d;
|
||||
unsigned status = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_STATUS-1]));
|
||||
d = ct->status ^ status;
|
||||
|
||||
if (d & (IPS_EXPECTED|IPS_CONFIRMED|IPS_DYING))
|
||||
|
|
Loading…
Reference in New Issue