From 1c450e1595afdc8d1bfabb4f640c9251808426eb Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 8 Jul 2009 15:53:41 +0200
Subject: build: remove unrequired checking in the protocol information

This patch removes a checking that is performed before building the
protocol private information. This checking silently removed any
protocol attribute if the configuration is inconsistent. With this
change, the kernel reports the error to tell that some attributes
are missing.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack/build.c | 34 ++++++++++------------------------
 1 file changed, 10 insertions(+), 24 deletions(-)

(limited to 'src')

diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index 4c6a27e..c739396 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -106,13 +106,6 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size,
 
 	switch(ct->tuple[__DIR_ORIG].protonum) {
 	case IPPROTO_TCP:
-		if (!(test_bit(ATTR_TCP_STATE, ct->set) ||
-		      (test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) &&
-		       test_bit(ATTR_TCP_MASK_ORIG, ct->set)) ||
-		      (test_bit(ATTR_TCP_FLAGS_REPL, ct->set) &&
-		       test_bit(ATTR_TCP_MASK_REPL, ct->set)))) {
-			break;
-		}
 		nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
 		nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP);
 		if (test_bit(ATTR_TCP_STATE, ct->set))
@@ -136,11 +129,6 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size,
 		nfnl_nest_end(&req->nlh, nest);
 		break;
 	case IPPROTO_SCTP:
-		if (!(test_bit(ATTR_SCTP_STATE, ct->set) &&
-		      (test_bit(ATTR_SCTP_VTAG_ORIG, ct->set) &&
-		       test_bit(ATTR_SCTP_VTAG_REPL, ct->set)))) {
-			break;
-		}
 		nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
 		nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_SCTP);
 		if (test_bit(ATTR_SCTP_STATE, ct->set))
@@ -160,20 +148,18 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size,
 		nfnl_nest_end(&req->nlh, nest);
 		break;
 	case IPPROTO_DCCP:
-		if (!(test_bit(ATTR_DCCP_STATE, ct->set) &&
-		      test_bit(ATTR_DCCP_ROLE, ct->set)))
-			break;
-
 		nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
 		nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_DCCP);
-		nfnl_addattr_l(&req->nlh, size,
-			       CTA_PROTOINFO_DCCP_STATE,
-			       &ct->protoinfo.dccp.state,
-			       sizeof(u_int8_t));
-		nfnl_addattr_l(&req->nlh, size,
-			       CTA_PROTOINFO_DCCP_ROLE,
-			       &ct->protoinfo.dccp.role,
-			       sizeof(u_int8_t));
+		if (test_bit(ATTR_DCCP_STATE, ct->set))
+			nfnl_addattr_l(&req->nlh, size,
+				       CTA_PROTOINFO_DCCP_STATE,
+				       &ct->protoinfo.dccp.state,
+				       sizeof(u_int8_t));
+		if (test_bit(ATTR_DCCP_ROLE, ct->set))
+			nfnl_addattr_l(&req->nlh, size,
+				       CTA_PROTOINFO_DCCP_ROLE,
+				       &ct->protoinfo.dccp.role,
+				       sizeof(u_int8_t));
 		nfnl_nest_end(&req->nlh, nest_proto);
 		nfnl_nest_end(&req->nlh, nest);
 	default:
-- 
cgit v1.2.3