diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-03-23 02:07:41 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-03-23 02:09:43 +0100 |
commit | 3a39278a56d12ad13a41973cd0b50238206f11ef (patch) | |
tree | 9bf2170744e6bf6a10bd5564c9975a45b0af0b1c | |
parent | 0b2265da0d0dadfae5f0442700d6903ce3fe0bee (diff) |
conntrack: fix wrong building of ICMP reply tuple
For ICMP flows:
conntrack -U -s 192.168.1.114 -m 1
returned -EINVAL. It seems we were including the reply tuple
imcompletely.
Reported-by: <abirvalg@lavabit.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/conntrack/build.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/src/conntrack/build.c b/src/conntrack/build.c index 3ff2e13..2900027 100644 --- a/src/conntrack/build.c +++ b/src/conntrack/build.c @@ -436,10 +436,7 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh, test_bit(ATTR_REPL_PORT_SRC, ct->head.set) || test_bit(ATTR_REPL_PORT_DST, ct->head.set) || test_bit(ATTR_REPL_L3PROTO, ct->head.set) || - test_bit(ATTR_REPL_L4PROTO, ct->head.set) || - test_bit(ATTR_ICMP_TYPE, ct->head.set) || - test_bit(ATTR_ICMP_CODE, ct->head.set) || - test_bit(ATTR_ICMP_ID, ct->head.set)) + test_bit(ATTR_REPL_L4PROTO, ct->head.set)) __build_tuple(req, size, &ct->repl, CTA_TUPLE_REPLY); if (test_bit(ATTR_MASTER_IPV4_SRC, ct->head.set) || |