netfilter: use sk_fullsock() helper

Upcoming request sockets have TCP_NEW_SYN_RECV state and should be special cased a bit like TCP_TIME_WAIT sockets. Signed-off-by; Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric Dumazet <edumazet@google.com> 2015-03-16 21:06:15 -0700
committer: David S. Miller <davem@davemloft.net> 2015-03-17 15:17:59 -0400
commit: a8399231f0b6e72bc140bcc4fecb0c622298a6bd (patch)
tree: 32b424cebe059e8081ca93b17cb37af36a235f23 /net/netfilter/nft_meta.c
parent: bpf: allow BPF programs access 'protocol' and 'vlan_tci' fields (diff)
download: linux-dev-a8399231f0b6e72bc140bcc4fecb0c622298a6bd.tar.xz
linux-dev-a8399231f0b6e72bc140bcc4fecb0c622298a6bd.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index e99911eda915..abe68119a76c 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -83,7 +83,7 @@ void nft_meta_get_eval(const struct nft_expr *expr,
 		*(u16 *)dest->data = out->type;
 		break;
 	case NFT_META_SKUID:
-		if (skb->sk == NULL || skb->sk->sk_state == TCP_TIME_WAIT)
+		if (skb->sk == NULL || !sk_fullsock(skb->sk))
 			goto err;
 
 		read_lock_bh(&skb->sk->sk_callback_lock);
@@ -99,7 +99,7 @@ void nft_meta_get_eval(const struct nft_expr *expr,
 		read_unlock_bh(&skb->sk->sk_callback_lock);
 		break;
 	case NFT_META_SKGID:
-		if (skb->sk == NULL || skb->sk->sk_state == TCP_TIME_WAIT)
+		if (skb->sk == NULL || !sk_fullsock(skb->sk))
 			goto err;
 
 		read_lock_bh(&skb->sk->sk_callback_lock);
author	Eric Dumazet <edumazet@google.com>	2015-03-16 21:06:15 -0700
committer	David S. Miller <davem@davemloft.net>	2015-03-17 15:17:59 -0400
commit	a8399231f0b6e72bc140bcc4fecb0c622298a6bd (patch)
tree	32b424cebe059e8081ca93b17cb37af36a235f23 /net/netfilter/nft_meta.c
parent	bpf: allow BPF programs access 'protocol' and 'vlan_tci' fields (diff)
download	linux-dev-a8399231f0b6e72bc140bcc4fecb0c622298a6bd.tar.xz linux-dev-a8399231f0b6e72bc140bcc4fecb0c622298a6bd.zip