From a652efb17254a13c74f7a3adf034f52c835096de Mon Sep 17 00:00:00 2001
From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter
 Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org"
 </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org>
Date: Wed, 17 May 2006 14:42:03 +0000
Subject: we cannot return -EINVAL when we encounter attributes >
 subsys->cb_count, since that compromises interoperability with future kernels
 which might introduce new attributes.

---
 src/libnfnetlink.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/libnfnetlink.c b/src/libnfnetlink.c
index 8be9306..b864338 100644
--- a/src/libnfnetlink.c
+++ b/src/libnfnetlink.c
@@ -927,8 +927,13 @@ int nfnl_check_attributes(const struct nfnl_handle *h,
 		while (NFA_OK(attr, attrlen)) {
 			unsigned int flavor = NFA_TYPE(attr);
 			if (flavor) {
-				if (flavor > cb->attr_count)
-					return -EINVAL;
+				if (flavor > cb->attr_count) {
+					/* we have received an attribute from
+					 * the kernel which we don't understand
+					 * yet. We have to silently ignore this
+					 * for the sake of future compatibility */
+					continue;
+				}
 				nfa[flavor - 1] = attr;
 			}
 			attr = NFA_NEXT(attr, attrlen);
-- 
cgit v1.2.3