diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-12-21 13:25:04 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-12-21 13:25:04 +0100 |
commit | 0f2017b930a312f693950fd14c987805d9bf6a48 (patch) | |
tree | 99a3482c7a21a411f5fbeae2b4c803cf88a3a338 /src/conntrack/objopt.c | |
parent | fab03af67c659c54043aab13581a19dead5718dd (diff) |
setobjopt: don't autocomplete the reply tuple for ICMP[v6]
This patch fixes the autocomplete feature for ICMP[v6] entries
that makes the kernel return EINVAL. Basically, we skip the
autocomplete since this is already done in the setter.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack/objopt.c')
-rw-r--r-- | src/conntrack/objopt.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/src/conntrack/objopt.c b/src/conntrack/objopt.c index 4b36817..7e6e5e2 100644 --- a/src/conntrack/objopt.c +++ b/src/conntrack/objopt.c @@ -21,8 +21,21 @@ static void __autocomplete(struct nf_conntrack *ct, int dir) &ct->tuple[other].src.v6, sizeof(union __nfct_address)); - ct->tuple[dir].l4src.all = ct->tuple[other].l4dst.all; - ct->tuple[dir].l4dst.all = ct->tuple[other].l4src.all; + switch(ct->tuple[dir].protonum) { + case IPPROTO_UDP: + case IPPROTO_TCP: + case IPPROTO_SCTP: + case IPPROTO_DCCP: + case IPPROTO_GRE: + case IPPROTO_UDPLITE: + ct->tuple[dir].l4src.all = ct->tuple[other].l4dst.all; + ct->tuple[dir].l4dst.all = ct->tuple[other].l4src.all; + break; + case IPPROTO_ICMP: + case IPPROTO_ICMPV6: + /* the setter already autocompletes the reply tuple. */ + break; + } /* XXX: this is safe but better convert bitset to uint64_t */ ct->set[0] |= TS_ORIG | TS_REPL; |