netfilter: conntrack: convert nf_conntrack_update to netfilter verdicts - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Florian Westphal <fw@strlen.de>	2023-10-11 10:59:36 +0300
committer	Florian Westphal <fw@strlen.de>	2023-10-18 11:26:43 +0300
commit	6291b3a67ad55102f163f6a636bc540e460f892d (patch)
tree	5b74eed17ed806963d8542c2fb69518e09a8689f /net/netfilter/nf_nat_proto.c
parent	4d26ab0086aab2d77c54e54020e47737dc6ed165 (diff)
download	linux-6291b3a67ad55102f163f6a636bc540e460f892d.tar.xz

netfilter: conntrack: convert nf_conntrack_update to netfilter verdicts

This function calls helpers that can return nf-verdicts, but then those get converted to -1/0 as thats what the caller expects. Theoretically NF_DROP could have an errno number set in the upper 24 bits of the return value. Or any of those helpers could return NF_STOLEN, which would result in use-after-free. This is fine as-is, the called functions don't do this yet. But its better to avoid possible future problems if the upcoming patchset to add NF_DROP_REASON() support gains further users, so remove the 0/-1 translation from the picture and pass the verdicts down to the caller. Signed-off-by: Florian Westphal <fw@strlen.de>

Diffstat (limited to 'net/netfilter/nf_nat_proto.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: