Commit 3db56479 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nf_conntrack_expect: skip expectations in other netns via proc 



Skip expectations that do not reside in this netns.

Similar to e77e6ff5 ("netfilter: conntrack: do not dump other netns's
conntrack entries via proc").

Fixes: 9b03f38d ("netfilter: netns nf_conntrack: per-netns expectations")
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 02a3231b

net/netfilter/nf_conntrack_expect.c

+4 −0
Original line number Diff line number Diff line
@@ -652,11 +652,15 @@ static int exp_seq_show(struct seq_file *s, void *v) 
{

	struct nf_conntrack_expect *expect;

	struct nf_conntrack_helper *helper;

	struct net *net = seq_file_net(s);

	struct hlist_node *n = v;

	char *delim = "";



	expect = hlist_entry(n, struct nf_conntrack_expect, hnode);



	if (!net_eq(nf_ct_exp_net(expect), net))

		return 0;



	if (expect->timeout.function)

		seq_printf(s, "%ld ", timer_pending(&expect->timeout)

			   ? (long)(expect->timeout.expires - jiffies)/HZ : 0);