summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2012-03-23 02:07:41 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2012-03-23 02:09:43 +0100
commit3a39278a56d12ad13a41973cd0b50238206f11ef (patch)
tree9bf2170744e6bf6a10bd5564c9975a45b0af0b1c
parent0b2265da0d0dadfae5f0442700d6903ce3fe0bee (diff)
conntrack: fix wrong building of ICMP reply tuple
For ICMP flows: conntrack -U -s 192.168.1.114 -m 1 returned -EINVAL. It seems we were including the reply tuple imcompletely. Reported-by: <abirvalg@lavabit.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/conntrack/build.c5
1 files changed, 1 insertions, 4 deletions
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index 3ff2e13..2900027 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -436,10 +436,7 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
test_bit(ATTR_REPL_PORT_SRC, ct->head.set) ||
test_bit(ATTR_REPL_PORT_DST, ct->head.set) ||
test_bit(ATTR_REPL_L3PROTO, ct->head.set) ||
- test_bit(ATTR_REPL_L4PROTO, ct->head.set) ||
- test_bit(ATTR_ICMP_TYPE, ct->head.set) ||
- test_bit(ATTR_ICMP_CODE, ct->head.set) ||
- test_bit(ATTR_ICMP_ID, ct->head.set))
+ test_bit(ATTR_REPL_L4PROTO, ct->head.set))
__build_tuple(req, size, &ct->repl, CTA_TUPLE_REPLY);
if (test_bit(ATTR_MASTER_IPV4_SRC, ct->head.set) ||