Skip to content

Commit 3db5647

Browse files
ummakynesummakynes
committed
netfilter: nf_conntrack_expect: skip expectations in other netns via proc
Skip expectations that do not reside in this netns. Similar to e77e6ff ("netfilter: conntrack: do not dump other netns's conntrack entries via proc"). Fixes: 9b03f38 ("netfilter: netns nf_conntrack: per-netns expectations") Signed-off-by: Florian Westphal <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
1 parent 02a3231 commit 3db5647

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

net/netfilter/nf_conntrack_expect.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -652,11 +652,15 @@ static int exp_seq_show(struct seq_file *s, void *v)
652652
{
653653
struct nf_conntrack_expect *expect;
654654
struct nf_conntrack_helper *helper;
655+
struct net *net = seq_file_net(s);
655656
struct hlist_node *n = v;
656657
char *delim = "";
657658

658659
expect = hlist_entry(n, struct nf_conntrack_expect, hnode);
659660

661+
if (!net_eq(nf_ct_exp_net(expect), net))
662+
return 0;
663+
660664
if (expect->timeout.function)
661665
seq_printf(s, "%ld ", timer_pending(&expect->timeout)
662666
? (long)(expect->timeout.expires - jiffies)/HZ : 0);

0 commit comments

Comments
 (0)