netfilter: ctnetlink: allow changing NAT sequence adjustment in creation

[linux-2.6-omap-h63xx.git] / net / netfilter / nf_conntrack_netlink.c

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 00e8c27130ff6ad6fa345b860948ddb8dca2bf4e..9051bb4f81da9a46e6a4a9f59953e2cba744ecf7 100644 (file)
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -831,13 +831,16 @@ ctnetlink_parse_nat_setup(struct nf_conn *ct,
        if (!parse_nat_setup) {
 #ifdef CONFIG_MODULES
                rcu_read_unlock();
+               spin_unlock_bh(&nf_conntrack_lock);
                nfnl_unlock();
                if (request_module("nf-nat-ipv4") < 0) {
                        nfnl_lock();
+                       spin_lock_bh(&nf_conntrack_lock);
                        rcu_read_lock();
                        return -EOPNOTSUPP;
                }
                nfnl_lock();
+               spin_lock_bh(&nf_conntrack_lock);
                rcu_read_lock();
                if (nfnetlink_parse_nat_setup_hook)
                        return -EAGAIN;
@@ -1134,7 +1137,7 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
        struct nf_conntrack_helper *helper;
 
        ct = nf_conntrack_alloc(&init_net, otuple, rtuple, GFP_ATOMIC);
-       if (ct == NULL || IS_ERR(ct))
+       if (IS_ERR(ct))
                return -ENOMEM;
 
        if (!cda[CTA_TIMEOUT])
@@ -1212,6 +1215,16 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
                }
        }
 
+#ifdef CONFIG_NF_NAT_NEEDED
+       if (cda[CTA_NAT_SEQ_ADJ_ORIG] || cda[CTA_NAT_SEQ_ADJ_REPLY]) {
+               err = ctnetlink_change_nat_seq_adj(ct, cda);
+               if (err < 0) {
+                       rcu_read_unlock();
+                       goto err;
+               }
+       }
+#endif
+
        if (cda[CTA_PROTOINFO]) {
                err = ctnetlink_change_protoinfo(ct, cda);
                if (err < 0) {