summaryrefslogtreecommitdiffstats
path: root/src/conntrack
diff options
context:
space:
mode:
authorLuuk Paulussen <luuk.paulussen@alliedtelesis.co.nz>2021-03-19 08:59:19 +1300
committerPablo Neira Ayuso <pablo@netfilter.org>2021-03-19 14:59:19 +0100
commit6113749c21c5188ad94d5e578fd3146333c05883 (patch)
tree8594aecab3054d9da1d22a75434a69c0c4ddf6da /src/conntrack
parentd05e9515b84074b0a0a49a2b49da31bd057bad7b (diff)
conntrack: Don't use ICMP attrs in decision to build repl tuple
conntrack-tools doesn't set the REPL attributes by default for updates, so for ICMP flows, the update won't be sent as building the repl tuple will fail. Signed-off-by: Luuk Paulussen <luuk.paulussen@alliedtelesis.co.nz> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack')
-rw-r--r--src/conntrack/build_mnl.c5
1 files changed, 1 insertions, 4 deletions
diff --git a/src/conntrack/build_mnl.c b/src/conntrack/build_mnl.c
index d9ad268..0067a1c 100644
--- a/src/conntrack/build_mnl.c
+++ b/src/conntrack/build_mnl.c
@@ -496,10 +496,7 @@ nfct_nlmsg_build(struct nlmsghdr *nlh, const struct nf_conntrack *ct)
test_bit(ATTR_REPL_PORT_DST, ct->head.set) ||
test_bit(ATTR_REPL_L3PROTO, ct->head.set) ||
test_bit(ATTR_REPL_L4PROTO, ct->head.set) ||
- test_bit(ATTR_REPL_ZONE, ct->head.set) ||
- test_bit(ATTR_ICMP_TYPE, ct->head.set) ||
- test_bit(ATTR_ICMP_CODE, ct->head.set) ||
- test_bit(ATTR_ICMP_ID, ct->head.set)) {
+ test_bit(ATTR_REPL_ZONE, ct->head.set)) {
const struct __nfct_tuple *t = &ct->repl;
struct nlattr *nest;