From 1af6ff8f04bf4db0a9d9207797bca8eaf660cbe2 Mon Sep 17 00:00:00 2001
From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org"
 </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>
Date: Mon, 21 May 2007 15:18:58 +0000
Subject: add missing ignore_conntrack in the overrun handler

---
 src/netlink.c    | 2 +-
 src/stats-mode.c | 3 +++
 src/sync-mode.c  | 3 +++
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/netlink.c b/src/netlink.c
index 94200b9..b1f9fd7 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -25,7 +25,7 @@
 #include <stdlib.h>
 #include "network.h"
 
-static int ignore_conntrack(struct nf_conntrack *ct)
+int ignore_conntrack(struct nf_conntrack *ct)
 {
 	/* ignore a certain protocol */
 	if (CONFIG(ignore_protocol)[nfct_get_attr_u8(ct, ATTR_ORIG_L4PROTO)])
diff --git a/src/stats-mode.c b/src/stats-mode.c
index 581c07d..22474e2 100644
--- a/src/stats-mode.c
+++ b/src/stats-mode.c
@@ -96,6 +96,9 @@ static int overrun_cb(enum nf_conntrack_msg_type type,
 		      struct nf_conntrack *ct,
 		      void *data)
 {
+	if (ignore_conntrack(ct))
+		return NFCT_CB_CONTINUE;
+
 	/* This is required by kernels < 2.6.20 */
 	nfct_attr_unset(ct, ATTR_TIMEOUT);
 	nfct_attr_unset(ct, ATTR_ORIG_COUNTER_BYTES);
diff --git a/src/sync-mode.c b/src/sync-mode.c
index 65a3c5b..d7bee9d 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -299,6 +299,9 @@ static int overrun_cb(enum nf_conntrack_msg_type type,
 {
 	struct us_conntrack *u;
 
+	if (ignore_conntrack(ct))
+		return NFCT_CB_CONTINUE;
+
 	/* This is required by kernels < 2.6.20 */
 	nfct_attr_unset(ct, ATTR_TIMEOUT);
 	nfct_attr_unset(ct, ATTR_ORIG_COUNTER_BYTES);
-- 
cgit v1.2.3