diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-12-10 12:18:23 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-12-10 12:20:30 +0100 |
| commit | 45ec4b51e8290759e0d87d9405965be1352a4325 (patch) | |
| tree | 1c74b8e89a5aae15f2c2381f47dd00e8eca7a45a | |
| parent | dbfa07f4abdafca547accab48e14156e4b67d7cc (diff) | |
conntrack: don't cancel nest on unknown layer 4 protocols
It is valid to specify CTA_PROTO_NUM with a protocol that is not
natively supported by conntrack. Do not cancel the CTA_TUPLE_PROTO
nest in this case.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/conntrack/build_mnl.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/conntrack/build_mnl.c b/src/conntrack/build_mnl.c index c3198c5..af5d0e7 100644 --- a/src/conntrack/build_mnl.c +++ b/src/conntrack/build_mnl.c @@ -73,8 +73,7 @@ nfct_build_tuple_proto(struct nlmsghdr *nlh, const struct __nfct_tuple *t) mnl_attr_put_u16(nlh, CTA_PROTO_ICMPV6_ID, t->l4src.icmp.id); break; default: - mnl_attr_nest_cancel(nlh, nest); - return -1; + break; } mnl_attr_nest_end(nlh, nest); return 0; |