[NETFILTER]: ctnetlink: fix conntrack mark race
Set conntrack mark before it is in hashes. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
0368309cb4
commit
d4d6bb41e0
|
@ -1031,6 +1031,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
|
|||
return err;
|
||||
}
|
||||
|
||||
#if defined(CONFIG_IP_NF_CONNTRACK_MARK)
|
||||
if (cda[CTA_MARK-1])
|
||||
ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
|
||||
#endif
|
||||
|
||||
ct->helper = ip_conntrack_helper_find_get(rtuple);
|
||||
|
||||
add_timer(&ct->timeout);
|
||||
|
@ -1039,11 +1044,6 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
|
|||
if (ct->helper)
|
||||
ip_conntrack_helper_put(ct->helper);
|
||||
|
||||
#if defined(CONFIG_IP_NF_CONNTRACK_MARK)
|
||||
if (cda[CTA_MARK-1])
|
||||
ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
|
||||
#endif
|
||||
|
||||
DEBUGP("conntrack with id %u inserted\n", ct->id);
|
||||
return 0;
|
||||
|
||||
|
|
Loading…
Reference in New Issue