From 49dd3511e8b9190d146ec008edde322c61404def Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 1 Mar 2012 01:35:09 +0100
Subject: don't add CTA_TIMEOUT_DATA nest if no policy attributes are present

Thus, we don't send empty nests to kernel-space.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/libnetfilter_cttimeout.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libnetfilter_cttimeout.c b/src/libnetfilter_cttimeout.c
index 2016e96..9de3837 100644
--- a/src/libnetfilter_cttimeout.c
+++ b/src/libnetfilter_cttimeout.c
@@ -433,7 +433,7 @@ nfct_timeout_nlmsg_build_payload(struct nlmsghdr *nlh,
 	if (t->attrset & (1 << NFCT_TIMEOUT_ATTR_L4PROTO))
 		mnl_attr_put_u8(nlh, CTA_TIMEOUT_L4PROTO, t->l4num);
 
-	if (t->attrset & (1 << NFCT_TIMEOUT_ATTR_POLICY)) {
+	if (t->attrset & (1 << NFCT_TIMEOUT_ATTR_POLICY) && t->polset) {
 		nest = mnl_attr_nest_start(nlh, CTA_TIMEOUT_DATA);
 
 		for (i=0; i<timeout_protocol[t->l4num].attr_max; i++) {
-- 
cgit v1.2.3