summaryrefslogtreecommitdiffstats
path: root/src/filter.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2011-12-14 23:55:47 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2012-01-10 01:54:45 +0100
commit2719bd93ad5f589139d8ede0726fa6a2ef2eb321 (patch)
tree225497562af288b6d763811c6ddb1887219d470c /src/filter.c
parentf33b72ca969994384a5db6122f8c85e62cfc46ce (diff)
conntrackd: relax checkings in ct_filter_sanity_check
This is required to prepare the expectation support. The master, expect and mask objects that are part of the conntrack object do not have any reply information. This allows the expectation support to re-use the existing filtering infrastructure. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/filter.c')
-rw-r--r--src/filter.c8
1 files changed, 2 insertions, 6 deletions
diff --git a/src/filter.c b/src/filter.c
index 7c4ddc1..746a9bb 100644
--- a/src/filter.c
+++ b/src/filter.c
@@ -373,9 +373,7 @@ static inline int ct_filter_sanity_check(const struct nf_conntrack *ct)
switch(nfct_get_attr_u8(ct, ATTR_L3PROTO)) {
case AF_INET:
if (!nfct_attr_is_set(ct, ATTR_IPV4_SRC) ||
- !nfct_attr_is_set(ct, ATTR_IPV4_DST) ||
- !nfct_attr_is_set(ct, ATTR_REPL_IPV4_SRC) ||
- !nfct_attr_is_set(ct, ATTR_REPL_IPV4_DST)) {
+ !nfct_attr_is_set(ct, ATTR_IPV4_DST)) {
dlog(LOG_ERR, "missing IPv4 address. "
"You forgot to load "
"nf_conntrack_ipv4?");
@@ -384,9 +382,7 @@ static inline int ct_filter_sanity_check(const struct nf_conntrack *ct)
break;
case AF_INET6:
if (!nfct_attr_is_set(ct, ATTR_IPV6_SRC) ||
- !nfct_attr_is_set(ct, ATTR_IPV6_DST) ||
- !nfct_attr_is_set(ct, ATTR_REPL_IPV6_SRC) ||
- !nfct_attr_is_set(ct, ATTR_REPL_IPV6_DST)) {
+ !nfct_attr_is_set(ct, ATTR_IPV6_DST)) {
dlog(LOG_ERR, "missing IPv6 address. "
"You forgot to load "
"nf_conntrack_ipv6?");