From 3a39278a56d12ad13a41973cd0b50238206f11ef Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 23 Mar 2012 02:07:41 +0100
Subject: conntrack: fix wrong building of ICMP reply tuple

For ICMP flows:

 conntrack -U -s 192.168.1.114 -m 1

returned -EINVAL. It seems we were including the reply tuple
imcompletely.

Reported-by: <abirvalg@lavabit.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack/build.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'src/conntrack/build.c')

diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index 3ff2e13..2900027 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -436,10 +436,7 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
 	    test_bit(ATTR_REPL_PORT_SRC, ct->head.set) ||
 	    test_bit(ATTR_REPL_PORT_DST, ct->head.set) ||
 	    test_bit(ATTR_REPL_L3PROTO, ct->head.set)  ||
-	    test_bit(ATTR_REPL_L4PROTO, ct->head.set)  ||
-	    test_bit(ATTR_ICMP_TYPE, ct->head.set) 	  ||
-	    test_bit(ATTR_ICMP_CODE, ct->head.set)	  ||
-	    test_bit(ATTR_ICMP_ID, ct->head.set))
+	    test_bit(ATTR_REPL_L4PROTO, ct->head.set))
 		__build_tuple(req, size, &ct->repl, CTA_TUPLE_REPLY);
 
 	if (test_bit(ATTR_MASTER_IPV4_SRC, ct->head.set) ||
-- 
cgit v1.2.3