git-server-git.apps.pok.os.sepia.ceph.com Git

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 25 Mar 2026 21:39:55 +0000 (22:39 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 26 Mar 2026 12:24:40 +0000 (13:24 +0100)
commit	02a3231b6d82efe750da6554ebf280e4a6f78756
tree	943fe14bb5a0ebf25c3165753ce46d1c5e9ba6d8	tree \| snapshot
parent	bffcaad9afdfe45d7fc777397d3b83c1e3ebffe5	commit \| diff

netfilter: nf_conntrack_expect: store netns and zone in expectation

__nf_ct_expect_find() and nf_ct_expect_find_get() are called under
rcu_read_lock() but they dereference the master conntrack via
exp->master.

Since the expectation does not hold a reference on the master conntrack,
this could be dying conntrack or different recycled conntrack than the
real master due to SLAB_TYPESAFE_RCU.

Store the netns, the master_tuple and the zone in struct
nf_conntrack_expect as a safety measure.

This patch is required by the follow up fix not to dump expectations
that do not belong to this netns.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_conntrack_expect.h		diff \| blob \| history
net/netfilter/nf_conntrack_broadcast.c		diff \| blob \| history
net/netfilter/nf_conntrack_expect.c		diff \| blob \| history
net/netfilter/nf_conntrack_netlink.c		diff \| blob \| history