From 5f47ff72a4928bb989ca6347ce957dc03c0b929e Mon Sep 17 00:00:00 2001
From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org"
 </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>
Date: Mon, 4 Jun 2007 11:06:31 +0000
Subject: fix invalid argument error: status flags may not be present in update
 messages

---
 src/conntrack/build.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index e8d5276..774e3c5 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -252,8 +252,13 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
 	__build_tuple(req, size, &ct->tuple[__DIR_ORIG], CTA_TUPLE_ORIG);
 	__build_tuple(req, size, &ct->tuple[__DIR_REPL], CTA_TUPLE_REPLY);
 
-	/* always build IPS_CONFIRMED */
-	__build_status(req, size, ct);
+	if (test_bit(ATTR_STATUS, ct->set))
+		__build_status(req, size, ct);
+	else {
+		/* build IPS_CONFIRMED if we're creating a new conntrack */
+		if (type == IPCTNL_MSG_CT_NEW && flags & NLM_F_CREATE)
+			__build_status(req, size, ct);
+	}
 
 	if (test_bit(ATTR_TIMEOUT, ct->set))
 		__build_timeout(req, size, ct);
-- 
cgit v1.2.3