Special thanks to Deti Fiegl from the Leibniz Supercomputing Centre in Munich, Germany for providing the "fast" hardware to reproduce spurious bugs ;)

List of changes:
o Replace misleading flag NFCT_ANY_GROUP by NFCT_ALL_GROUPS
o Update test file to use NFCT_ALL_GROUPS
o Add missing check of CTA_PROTOINFO_TCP that resulted in a segfault in 
conjuction with events.
o Fix ICMP conntracks output
o Add missing prototype definition of nfct_default_expect_display_id in 
libnetfilter_conntrack.h

2 files changed, 13 insertions, 1 deletions

diff --git a/extensions/libnetfilter_conntrack_icmp.c b/extensions/libnetfilter_conntrack_icmp.c
index 07997d1..d1ae1b4 100644
--- a/extensions/libnetfilter_conntrack_icmp.c
+++ b/extensions/libnetfilter_conntrack_icmp.c
@@ -52,7 +52,7 @@ static int print_proto(char *buf, struct nfct_tuple *t)
 					         t->l4dst.icmp.code);
 	/* ID only makes sense with ECHO */
 	if (t->l4dst.icmp.type == 8)
-		size += sprintf(buf, "id=%d ", t->l4src.icmp.id);
+		size += sprintf(buf+size, "id=%d ", ntohs(t->l4src.icmp.id));
 
 	return size;
 }
diff --git a/extensions/libnetfilter_conntrack_tcp.c b/extensions/libnetfilter_conntrack_tcp.c
index 32a0971..bb96698 100644
--- a/extensions/libnetfilter_conntrack_tcp.c
+++ b/extensions/libnetfilter_conntrack_tcp.c
@@ -42,6 +42,18 @@ static void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple)
 static void parse_protoinfo(struct nfattr *cda[], struct nfct_conntrack *ct)
 {
 	struct nfattr *tb[CTA_PROTOINFO_TCP_MAX];
+
+	/*
+	 * Listen to me carefully: This is easy to trigger with events ;). 
+	 * The conntrack event messages don't always contain all the
+	 * information about a conntrack, just those fields that have changed.
+	 * So you can receive a message about a TCP connection with no bits 
+	 * talking about the private protocol information. 
+	 *
+	 * 						--pablo 05/10/31
+	 */
+	if (!cda[CTA_PROTOINFO_TCP-1])
+		return;
 	
 	nfnl_parse_nested(tb,CTA_PROTOINFO_TCP_MAX, cda[CTA_PROTOINFO_TCP-1]);