netfilter: nf_conntrack_expect: skip expectations in other netns via proc

Skip expectations that do not reside in this netns.

Similar to e77e6ff502ea ("netfilter: conntrack: do not dump other netns's
conntrack entries via proc").

Fixes: 9b03f38d0487 ("netfilter: netns nf_conntrack: per-netns expectations")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index db28801b1688a9cd84f63a72552bde089366a1df..24d0576d84b7f60f3bcec7333ff2bfae1b4158b2 100644 (file)
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -652,11 +652,15 @@ static int exp_seq_show(struct seq_file *s, void *v)
 {
        struct nf_conntrack_expect *expect;
        struct nf_conntrack_helper *helper;
+       struct net *net = seq_file_net(s);
        struct hlist_node *n = v;
        char *delim = "";
 
        expect = hlist_entry(n, struct nf_conntrack_expect, hnode);
 
+       if (!net_eq(nf_ct_exp_net(expect), net))
+               return 0;
+
        if (expect->timeout.function)
                seq_printf(s, "%ld ", timer_pending(&expect->timeout)
                           ? (long)(expect->timeout.expires - jiffies)/HZ : 0);