Commit 914afea8 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

[NETFILTER]: nfnetlink_queue: fix EPERM when binding/unbinding and instance 0 exists 



Similar to the nfnetlink_log problem, nfnetlink_queue incorrectly
returns -EPERM when binding or unbinding to an address family and
queueing instance 0 exists and is owned by a different process. Unlike
nfnetlink_log it previously completes the operation, but it is still
incorrect.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent b7047a1c

net/netfilter/nfnetlink_queue.c

+4 −11
Original line number Diff line number Diff line
@@ -703,19 +703,12 @@ nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb, 
		/* Commands without queue context - might sleep */

		switch (cmd->command) {

		case NFQNL_CFG_CMD_PF_BIND:

			ret = nf_register_queue_handler(ntohs(cmd->pf),

			return nf_register_queue_handler(ntohs(cmd->pf),

							 &nfqh);

			break;

		case NFQNL_CFG_CMD_PF_UNBIND:

			ret = nf_unregister_queue_handler(ntohs(cmd->pf),

			return nf_unregister_queue_handler(ntohs(cmd->pf),

							   &nfqh);

			break;

		default:

			break;

		}



		if (ret < 0)

			return ret;

	}



	rcu_read_lock();

CRA Git | Maintained and supported by SUSTech CRA and CCSE