diff options
| author | Harald Welte | 2005-10-11 05:52:51 +0200 |
|---|---|---|
| committer | David S. Miller | 2005-10-11 05:52:51 +0200 |
| commit | d000eaf7720cb12cd03cd3d55f71be44357d27a9 (patch) | |
| tree | cbdb3e64a427adedf7f6ec4a75b338d1731bc9ee /net/ipv4 | |
| parent | [NETFILTER] nat: remove bogus structure member (diff) | |
| download | kernel-qcow2-linux-d000eaf7720cb12cd03cd3d55f71be44357d27a9.tar.gz kernel-qcow2-linux-d000eaf7720cb12cd03cd3d55f71be44357d27a9.tar.xz kernel-qcow2-linux-d000eaf7720cb12cd03cd3d55f71be44357d27a9.zip | |
[NETFILTER] conntrack_netlink: Fix endian issue with status from userspace
When we send "status" from userspace, we forget to convert the endianness.
This patch adds the reqired conversion. Thanks to Pablo Neira for
discovering this.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/ip_conntrack_netlink.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c index b08a432efcf8..eade2749915a 100644 --- a/net/ipv4/netfilter/ip_conntrack_netlink.c +++ b/net/ipv4/netfilter/ip_conntrack_netlink.c @@ -833,7 +833,8 @@ out: static inline int ctnetlink_change_status(struct ip_conntrack *ct, struct nfattr *cda[]) { - unsigned long d, status = *(u_int32_t *)NFA_DATA(cda[CTA_STATUS-1]); + unsigned long d; + unsigned status = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_STATUS-1])); d = ct->status ^ status; if (d & (IPS_EXPECTED|IPS_CONFIRMED|IPS_DYING)) |