conntrack: do not set on NLM_F_ACK in IPCTNL_MSG_CT_GET requests

GET requests report either error via NLMSG_ERROR or the corresponding
entry, therefore, there is always a reply from the kernel.

The NLM_F_ACK flag results in two netlink messages as reply in case of
success for GET requests, one containing the entry and another with the
explicit acknowledgment.

nfct_mnl_request() leaves the explicit acknowledment in the buffer,
filling it up with unhandled netlink messages, leading to the following
error:

 conntrack v1.4.7 (conntrack-tools): Operation failed: No buffer space available

Fixes: b7a396b70015 ("conntrack: use libmnl for updating conntrack table")
Reported-by: Tony He <huangya90@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 2 insertions, 2 deletions

diff --git a/src/conntrack.c b/src/conntrack.c
index 980f14f..77c60b9 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -2202,7 +2202,7 @@ static int mnl_nfct_update_cb(const struct nlmsghdr *nlh, void *data)
 
 	res = nfct_mnl_request(modifier_sock, NFNL_SUBSYS_CTNETLINK,
 			       nfct_get_attr_u8(ct, ATTR_ORIG_L3PROTO),
-			       IPCTNL_MSG_CT_GET, NLM_F_ACK,
+			       IPCTNL_MSG_CT_GET, 0,
 			       mnl_nfct_print_cb, tmp, NULL);
 	if (res < 0) {
 		/* the entry has vanish in middle of the update */
@@ -3388,7 +3388,7 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd,
 
 	case CT_GET:
 		res = nfct_mnl_request(sock, NFNL_SUBSYS_CTNETLINK, cmd->family,
-				       IPCTNL_MSG_CT_GET, NLM_F_ACK,
+				       IPCTNL_MSG_CT_GET, 0,
 				       mnl_nfct_dump_cb, cmd->tmpl.ct, cmd);
 		break;