diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-07-08 15:53:41 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-07-08 15:53:41 +0200 |
| commit | 1c450e1595afdc8d1bfabb4f640c9251808426eb (patch) | |
| tree | bcc93b87b40839518d7eeee1d9883f19e745a318 /src | |
| parent | 0aad81cf6196de8127e70f30c1bd99422054e22a (diff) | |
build: remove unrequired checking in the protocol information
This patch removes a checking that is performed before building the
protocol private information. This checking silently removed any
protocol attribute if the configuration is inconsistent. With this
change, the kernel reports the error to tell that some attributes
are missing.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/conntrack/build.c | 34 |
1 files changed, 10 insertions, 24 deletions
diff --git a/src/conntrack/build.c b/src/conntrack/build.c index 4c6a27e..c739396 100644 --- a/src/conntrack/build.c +++ b/src/conntrack/build.c @@ -106,13 +106,6 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size, switch(ct->tuple[__DIR_ORIG].protonum) { case IPPROTO_TCP: - if (!(test_bit(ATTR_TCP_STATE, ct->set) || - (test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) && - test_bit(ATTR_TCP_MASK_ORIG, ct->set)) || - (test_bit(ATTR_TCP_FLAGS_REPL, ct->set) && - test_bit(ATTR_TCP_MASK_REPL, ct->set)))) { - break; - } nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO); nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP); if (test_bit(ATTR_TCP_STATE, ct->set)) @@ -136,11 +129,6 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size, nfnl_nest_end(&req->nlh, nest); break; case IPPROTO_SCTP: - if (!(test_bit(ATTR_SCTP_STATE, ct->set) && - (test_bit(ATTR_SCTP_VTAG_ORIG, ct->set) && - test_bit(ATTR_SCTP_VTAG_REPL, ct->set)))) { - break; - } nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO); nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_SCTP); if (test_bit(ATTR_SCTP_STATE, ct->set)) @@ -160,20 +148,18 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size, nfnl_nest_end(&req->nlh, nest); break; case IPPROTO_DCCP: - if (!(test_bit(ATTR_DCCP_STATE, ct->set) && - test_bit(ATTR_DCCP_ROLE, ct->set))) - break; - nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO); nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_DCCP); - nfnl_addattr_l(&req->nlh, size, - CTA_PROTOINFO_DCCP_STATE, - &ct->protoinfo.dccp.state, - sizeof(u_int8_t)); - nfnl_addattr_l(&req->nlh, size, - CTA_PROTOINFO_DCCP_ROLE, - &ct->protoinfo.dccp.role, - sizeof(u_int8_t)); + if (test_bit(ATTR_DCCP_STATE, ct->set)) + nfnl_addattr_l(&req->nlh, size, + CTA_PROTOINFO_DCCP_STATE, + &ct->protoinfo.dccp.state, + sizeof(u_int8_t)); + if (test_bit(ATTR_DCCP_ROLE, ct->set)) + nfnl_addattr_l(&req->nlh, size, + CTA_PROTOINFO_DCCP_ROLE, + &ct->protoinfo.dccp.role, + sizeof(u_int8_t)); nfnl_nest_end(&req->nlh, nest_proto); nfnl_nest_end(&req->nlh, nest); default: |