don't add CTA_TIMEOUT_DATA nest if no policy attributes are present

Thus, we don't send empty nests to kernel-space. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2012-03-01 01:35:09 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2012-03-01 01:35:09 +0100
commit: 49dd3511e8b9190d146ec008edde322c61404def (patch)
tree: f46d70f4f23535444a33f69bd890fcb67e403a35 /src
parent: 4502e1d247473699d20d978344a09d9558ebfd47 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libnetfilter_cttimeout.c b/src/libnetfilter_cttimeout.c
index 2016e96..9de3837 100644
--- a/src/libnetfilter_cttimeout.c
+++ b/src/libnetfilter_cttimeout.c
@@ -433,7 +433,7 @@ nfct_timeout_nlmsg_build_payload(struct nlmsghdr *nlh,
 	if (t->attrset & (1 << NFCT_TIMEOUT_ATTR_L4PROTO))
 		mnl_attr_put_u8(nlh, CTA_TIMEOUT_L4PROTO, t->l4num);
 
-	if (t->attrset & (1 << NFCT_TIMEOUT_ATTR_POLICY)) {
+	if (t->attrset & (1 << NFCT_TIMEOUT_ATTR_POLICY) && t->polset) {
 		nest = mnl_attr_nest_start(nlh, CTA_TIMEOUT_DATA);
 
 		for (i=0; i<timeout_protocol[t->l4num].attr_max; i++) {
author	Pablo Neira Ayuso <pablo@netfilter.org>	2012-03-01 01:35:09 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2012-03-01 01:35:09 +0100
commit	49dd3511e8b9190d146ec008edde322c61404def (patch)
tree	f46d70f4f23535444a33f69bd890fcb67e403a35 /src
parent	4502e1d247473699d20d978344a09d9558ebfd47 (diff)