netfilter: nft_ct: make l3 protocol field optional for timeout object

If l3 protocol value is not specified for ct timeout object then use the
value from nft_ctx protocol family.

Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index 4855d4c..26a8bae 100644 (file)
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -832,12 +832,13 @@ static int nft_ct_timeout_obj_init(const struct nft_ctx *ctx,
        __u8 l4num;
        int ret;
 
-       if (!tb[NFTA_CT_TIMEOUT_L3PROTO] ||
-           !tb[NFTA_CT_TIMEOUT_L4PROTO] ||
+       if (!tb[NFTA_CT_TIMEOUT_L4PROTO] ||
            !tb[NFTA_CT_TIMEOUT_DATA])
                return -EINVAL;
 
-       l3num = ntohs(nla_get_be16(tb[NFTA_CT_TIMEOUT_L3PROTO]));
+       if (tb[NFTA_CT_TIMEOUT_L3PROTO])
+               l3num = ntohs(nla_get_be16(tb[NFTA_CT_TIMEOUT_L3PROTO]));
+
        l4num = nla_get_u8(tb[NFTA_CT_TIMEOUT_L4PROTO]);
        priv->l4proto = l4num;