diff options
| author | Anisse Astier <aastier@freebox.fr> | 2021-05-05 16:29:24 (GMT) |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2022-03-04 11:12:23 (GMT) |
| commit | 0688bc631367ceaa79fe3755b9467cd6e30df875 (patch) | |
| tree | ea3f2f05a5d1906f9383aa3606d95b1bc4ff9dfc /lib/netfilter | |
| parent | 5d925168a459e841e0bc929af099e9df2e645502 (diff) | |
| download | libnl-0688bc631367ceaa79fe3755b9467cd6e30df875.zip libnl-0688bc631367ceaa79fe3755b9467cd6e30df875.tar.gz libnl-0688bc631367ceaa79fe3755b9467cd6e30df875.tar.bz2 | |
netfilter/ct: fix use of reply/orig for conntrack requests
https://github.com/thom311/libnl/issues/281
https://github.com/thom311/libnl/pull/282
Diffstat (limited to 'lib/netfilter')
| -rw-r--r-- | lib/netfilter/ct.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/lib/netfilter/ct.c b/lib/netfilter/ct.c index 58f0469..63614fe 100644 --- a/lib/netfilter/ct.c +++ b/lib/netfilter/ct.c @@ -501,20 +501,24 @@ static int nfnl_ct_build_message(const struct nfnl_ct *ct, int cmd, int flags, { struct nl_msg *msg; int err; + int reply = 0; msg = nfnlmsg_alloc_simple(NFNL_SUBSYS_CTNETLINK, cmd, flags, nfnl_ct_get_family(ct), 0); if (msg == NULL) return -NLE_NOMEM; - if ((err = nfnl_ct_build_tuple(msg, ct, 0)) < 0) - goto err_out; - - /* REPLY tuple is optional, dont add unless at least src/dst specified */ - - if ( nfnl_ct_get_src(ct, 1) && nfnl_ct_get_dst(ct, 1) ) + /* We use REPLY || ORIG, depending on requests. */ + if (nfnl_ct_get_src(ct, 1) || nfnl_ct_get_dst(ct, 1)) { + reply = 1; if ((err = nfnl_ct_build_tuple(msg, ct, 1)) < 0) goto err_out; + } + + if (!reply || nfnl_ct_get_src(ct, 0) || nfnl_ct_get_dst(ct, 0)) { + if ((err = nfnl_ct_build_tuple(msg, ct, 0)) < 0) + goto err_out; + } if (nfnl_ct_test_status(ct)) NLA_PUT_U32(msg, CTA_STATUS, htonl(nfnl_ct_get_status(ct))); |