netfilter: nf_conntrack_expect: skip expectations in other netns via proc

Skip expectations that do not reside in this netns. Similar to e77e6ff502ea ("netfilter: conntrack: do not dump other netns's conntrack entries via proc"). Fixes: 9b03f38d0487 ("netfilter: netns nf_conntrack: per-netns expectations") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2026-03-25 14:11:06 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2026-03-26 13:28:03 +0100
commit: 3db5647984de03d9cae0dcddb509b058351f0ee4 (patch)
tree: 60beb225ca35ef9878aece85d6d6ab470eb7caf1 /net
parent: 02a3231b6d82efe750da6554ebf280e4a6f78756 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index db28801b1688..24d0576d84b7 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -652,11 +652,15 @@ static int exp_seq_show(struct seq_file *s, void *v)
 {
 	struct nf_conntrack_expect *expect;
 	struct nf_conntrack_helper *helper;
+	struct net *net = seq_file_net(s);
 	struct hlist_node *n = v;
 	char *delim = "";
 
 	expect = hlist_entry(n, struct nf_conntrack_expect, hnode);
 
+	if (!net_eq(nf_ct_exp_net(expect), net))
+		return 0;
+
 	if (expect->timeout.function)
 		seq_printf(s, "%ld ", timer_pending(&expect->timeout)
 			   ? (long)(expect->timeout.expires - jiffies)/HZ : 0);
author	Pablo Neira Ayuso <pablo@netfilter.org>	2026-03-25 14:11:06 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2026-03-26 13:28:03 +0100
commit	3db5647984de03d9cae0dcddb509b058351f0ee4 (patch)
tree	60beb225ca35ef9878aece85d6d6ab470eb7caf1 /net
parent	02a3231b6d82efe750da6554ebf280e4a6f78756 (diff)