Commit 9f7dd42f authored by Ivan Delalande's avatar Ivan Delalande Committed by Pablo Neira Ayuso
Browse files

netfilter: ctnetlink: revert to dumping mark regardless of event type 



It seems that change was unintentional, we have userspace code that
needs the mark while listening for events like REPLY, DESTROY, etc.
Also include 0-marks in requested dumps, as they were before that fix.

Fixes: 1feeae07 ("netfilter: ctnetlink: fix compilation warning after data race fixes in ct mark")
Signed-off-by: default avatarIvan Delalande <colona@arista.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 52812526

net/netfilter/nf_conntrack_netlink.c

+7 −7
Original line number Diff line number Diff line
@@ -328,11 +328,12 @@ ctnetlink_dump_timestamp(struct sk_buff *skb, const struct nf_conn *ct) 
}



#ifdef CONFIG_NF_CONNTRACK_MARK

static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct)

static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct,

			       bool dump)

{

	u32 mark = READ_ONCE(ct->mark);



	if (!mark)

	if (!mark && !dump)

		return 0;



	if (nla_put_be32(skb, CTA_MARK, htonl(mark)))
@@ -343,7 +344,7 @@ static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct) 
	return -1;

}

#else

#define ctnetlink_dump_mark(a, b) (0)

#define ctnetlink_dump_mark(a, b, c) (0)

#endif



#ifdef CONFIG_NF_CONNTRACK_SECMARK
@@ -548,7 +549,7 @@ static int ctnetlink_dump_extinfo(struct sk_buff *skb, 
static int ctnetlink_dump_info(struct sk_buff *skb, struct nf_conn *ct)

{

	if (ctnetlink_dump_status(skb, ct) < 0 ||

	    ctnetlink_dump_mark(skb, ct) < 0 ||

	    ctnetlink_dump_mark(skb, ct, true) < 0 ||

	    ctnetlink_dump_secctx(skb, ct) < 0 ||

	    ctnetlink_dump_id(skb, ct) < 0 ||

	    ctnetlink_dump_use(skb, ct) < 0 ||
@@ -831,8 +832,7 @@ ctnetlink_conntrack_event(unsigned int events, const struct nf_ct_event *item) 
	}



#ifdef CONFIG_NF_CONNTRACK_MARK

	if (events & (1 << IPCT_MARK) &&

	    ctnetlink_dump_mark(skb, ct) < 0)

	if (ctnetlink_dump_mark(skb, ct, events & (1 << IPCT_MARK)))

		goto nla_put_failure;

#endif

	nlmsg_end(skb, nlh);
@@ -2735,7 +2735,7 @@ static int __ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct) 
		goto nla_put_failure;



#ifdef CONFIG_NF_CONNTRACK_MARK

	if (ctnetlink_dump_mark(skb, ct) < 0)

	if (ctnetlink_dump_mark(skb, ct, true) < 0)

		goto nla_put_failure;

#endif

	if (ctnetlink_dump_labels(skb, ct) < 0)