netfilter: conntrack: check netns when walking expect hash

Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2016-05-06 00:51:47 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-05-06 11:50:01 +0200
commit: 03d7dc5cdfe6fd4e5bd04cfc2be7ae259f956428 (patch)
tree: 154c3f3f33680d9294dd10c50eb5217f2ace6887 /net/ipv4
parent: cb39ad8b8ef224c544074962780bf763077d6141 (diff)
download: linux-03d7dc5cdfe6fd4e5bd04cfc2be7ae259f956428.tar.gz
linux-03d7dc5cdfe6fd4e5bd04cfc2be7ae259f956428.tar.bz2
linux-03d7dc5cdfe6fd4e5bd04cfc2be7ae259f956428.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
index f8fc7ab201c9..2b4c729fcf8d 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
@@ -301,6 +301,9 @@ static int exp_seq_show(struct seq_file *s, void *v)
 
 	exp = hlist_entry(n, struct nf_conntrack_expect, hnode);
 
+	if (!net_eq(nf_ct_net(exp->master), seq_file_net(s)))
+		return 0;
+
 	if (exp->tuple.src.l3num != AF_INET)
 		return 0;
author	Florian Westphal <fw@strlen.de>	2016-05-06 00:51:47 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-05-06 11:50:01 +0200
commit	03d7dc5cdfe6fd4e5bd04cfc2be7ae259f956428 (patch)
tree	154c3f3f33680d9294dd10c50eb5217f2ace6887 /net/ipv4
parent	cb39ad8b8ef224c544074962780bf763077d6141 (diff)
download	linux-03d7dc5cdfe6fd4e5bd04cfc2be7ae259f956428.tar.gz linux-03d7dc5cdfe6fd4e5bd04cfc2be7ae259f956428.tar.bz2 linux-03d7dc5cdfe6fd4e5bd04cfc2be7ae259f956428.zip