use only the original tuple to check if a conntrack is present

author: Pablo Neira Ayuso <pablo@netfilter.org> 2008-06-16 01:43:11 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2008-06-16 01:43:11 +0200
commit: 807f1e477baf2eb7a642e65017ede0a079ebeb4d (patch)
tree: 25b787fb8af006197d7d7bc5abb9f5e980f6eeb3 /src/netlink.c
parent: 40598325d5ff7a6b928640e456a377001aeae285 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/src/netlink.c b/src/netlink.c
index 10c4643..387062d 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -23,6 +23,7 @@
 #include "log.h"
 #include "debug.h"
 
+#include <string.h>
 #include <errno.h>
 
 int ignore_conntrack(struct nf_conntrack *ct)
@@ -219,8 +220,15 @@ int nl_overrun_request_resync(void)
 int nl_exist_conntrack(struct nf_conntrack *ct)
 {
 	int ret;
+	char __tmp[nfct_maxsize()];
+	struct nf_conntrack *tmp = (struct nf_conntrack *) (void *)__tmp;
 
-	ret = nfct_query(STATE(dump), NFCT_Q_GET, ct);
+	memset(__tmp, 0, sizeof(__tmp));
+
+	/* use the original tuple to check if it is there */
+	nfct_copy(tmp, ct, NFCT_CP_ORIG);
+
+	ret = nfct_query(STATE(dump), NFCT_Q_GET, tmp);
 	if (ret == -1)
 		return errno == ENOENT ? 0 : -1;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2008-06-16 01:43:11 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2008-06-16 01:43:11 +0200
commit	807f1e477baf2eb7a642e65017ede0a079ebeb4d (patch)
tree	25b787fb8af006197d7d7bc5abb9f5e980f6eeb3 /src/netlink.c
parent	40598325d5ff7a6b928640e456a377001aeae285 (diff)