diff options
author | Florian Westphal <fw@strlen.de> | 2023-10-11 10:59:36 +0300 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2023-10-18 11:26:43 +0300 |
commit | 6291b3a67ad55102f163f6a636bc540e460f892d (patch) | |
tree | 5b74eed17ed806963d8542c2fb69518e09a8689f /net/netfilter/nf_nat_proto.c | |
parent | 4d26ab0086aab2d77c54e54020e47737dc6ed165 (diff) | |
download | linux-6291b3a67ad55102f163f6a636bc540e460f892d.tar.xz |
netfilter: conntrack: convert nf_conntrack_update to netfilter verdicts
This function calls helpers that can return nf-verdicts, but then
those get converted to -1/0 as thats what the caller expects.
Theoretically NF_DROP could have an errno number set in the upper 24
bits of the return value. Or any of those helpers could return
NF_STOLEN, which would result in use-after-free.
This is fine as-is, the called functions don't do this yet.
But its better to avoid possible future problems if the upcoming
patchset to add NF_DROP_REASON() support gains further users, so remove
the 0/-1 translation from the picture and pass the verdicts down to
the caller.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'net/netfilter/nf_nat_proto.c')
0 files changed, 0 insertions, 0 deletions