conntrack: mnl: clean up check for mismatching l3num and tuple filter

Remove boolean, directly check for NFCT_FILTER_DUMP_L3NUM and make sure
it is consistent to what has been described in NFCT_FILTER_DUMP_STATUS.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 4 insertions, 3 deletions

diff --git a/src/conntrack/build_mnl.c b/src/conntrack/build_mnl.c
index eed0679..e563c4e 100644
--- a/src/conntrack/build_mnl.c
+++ b/src/conntrack/build_mnl.c
@@ -641,7 +641,6 @@ static uint32_t get_flags_from_ct(const struct nf_conntrack *ct, int family)
 int nfct_nlmsg_build_filter(struct nlmsghdr *nlh,
 			    const struct nfct_filter_dump *filter_dump)
 {
-	bool l3num_changed = false;
 	struct nfgenmsg *nfg;
 
 	if (filter_dump->set & (1 << NFCT_FILTER_DUMP_MARK)) {
@@ -651,7 +650,6 @@ int nfct_nlmsg_build_filter(struct nlmsghdr *nlh,
 	if (filter_dump->set & (1 << NFCT_FILTER_DUMP_L3NUM)) {
 		nfg = mnl_nlmsg_get_payload(nlh);
 		nfg->nfgen_family = filter_dump->l3num;
-		l3num_changed = true;
 	}
 	if (filter_dump->set & (1 << NFCT_FILTER_DUMP_STATUS)) {
 		mnl_attr_put_u32(nlh, CTA_STATUS, htonl(filter_dump->status.val));
@@ -677,8 +675,11 @@ int nfct_nlmsg_build_filter(struct nlmsghdr *nlh,
 		nfg = mnl_nlmsg_get_payload(nlh);
 
 		if (test_bit(ATTR_ORIG_L3PROTO, ct->head.set)) {
-			if (l3num_changed && filter_dump->l3num != ct->head.orig.l3protonum)
+			if (filter_dump->set & (1 << NFCT_FILTER_DUMP_L3NUM) &&
+			    filter_dump->l3num != ct->head.orig.l3protonum) {
+				errno = EINVAL;
 				return -1;
+			}
 
 			nfg->nfgen_family = ct->head.orig.l3protonum;
 		}