[NETFILTER] ctnetlink: Add support to identify expectations by ID's

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 7fe74565964243af54eec11c6babc5bc77c96c69..5c1c0a3d1c4bc5ba2a72230f1c53d79d4f8fcb89 100644 (file)
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -1293,6 +1293,14 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
        if (!exp)
                return -ENOENT;
 
+       if (cda[CTA_EXPECT_ID-1]) {
+               u_int32_t id = *(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_ID-1]);
+               if (exp->id != ntohl(id)) {
+                       ip_conntrack_expect_put(exp);
+                       return -ENOENT;
+               }
+       }       
+
        err = -ENOMEM;
        skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
        if (!skb2)