diff options
author | Ronald Wahl <ronald.wahl@raritan.com> | 2018-05-09 10:32:19 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-05-09 10:36:52 +0200 |
commit | 2bcbae4c14b253176d7570e6f6acc56e521ceb5e (patch) | |
tree | 95b2bb1d3a7de560cb01ae571c9454cb25780dad | |
parent | 88610abee7e58f4da7ec6f198e00ff70a92c870f (diff) |
conntrack: -f family filter does not work
"conntrack -L -f ipv4" and "conntrack -L -f ipv6" each prints both
protocols. This is because the family filtering is now enabled only if
filter_mark_kernel_set is true.
Fixes: 8b8377163697 ("conntrack: send mark filter to kernel iff set")
Signed-off-by: Ronald Wahl <ronald.wahl@raritan.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/conntrack.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/conntrack.c b/src/conntrack.c index 06f60e8..d638a6a 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -2608,10 +2608,10 @@ int main(int argc, char *argv[]) nfct_filter_dump_set_attr(filter_dump, NFCT_FILTER_DUMP_MARK, &tmpl.filter_mark_kernel); - nfct_filter_dump_set_attr_u8(filter_dump, - NFCT_FILTER_DUMP_L3NUM, - family); } + nfct_filter_dump_set_attr_u8(filter_dump, + NFCT_FILTER_DUMP_L3NUM, + family); if (options & CT_OPT_ZERO) res = nfct_query(cth, NFCT_Q_DUMP_FILTER_RESET, @@ -2714,10 +2714,10 @@ int main(int argc, char *argv[]) nfct_filter_dump_set_attr(filter_dump, NFCT_FILTER_DUMP_MARK, &tmpl.filter_mark_kernel); - nfct_filter_dump_set_attr_u8(filter_dump, - NFCT_FILTER_DUMP_L3NUM, - family); } + nfct_filter_dump_set_attr_u8(filter_dump, + NFCT_FILTER_DUMP_L3NUM, + family); res = nfct_query(cth, NFCT_Q_DUMP_FILTER, filter_dump); |