Blame SOURCES/0001-conntrack-don-t-cancel-nest-on-unknown-layer-4-proto.patch
|
 |
6765e4 |
From f94ca582531980f86fc2ffed9f1f55f7172e83f8 Mon Sep 17 00:00:00 2001
|
|
|
6765e4 |
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
6765e4 |
Date: Fri, 10 Dec 2021 12:18:23 +0100
|
|
|
6765e4 |
Subject: [PATCH] conntrack: don't cancel nest on unknown layer 4 protocols
|
|
|
6765e4 |
|
|
|
6765e4 |
It is valid to specify CTA_PROTO_NUM with a protocol that is not
|
|
|
6765e4 |
natively supported by conntrack. Do not cancel the CTA_TUPLE_PROTO
|
|
|
6765e4 |
nest in this case.
|
|
|
6765e4 |
|
|
|
6765e4 |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
6765e4 |
(cherry picked from commit 45ec4b51e8290759e0d87d9405965be1352a4325)
|
|
|
6765e4 |
---
|
|
|
6765e4 |
src/conntrack/build_mnl.c | 3 +--
|
|
|
6765e4 |
1 file changed, 1 insertion(+), 2 deletions(-)
|
|
|
6765e4 |
|
|
|
6765e4 |
diff --git a/src/conntrack/build_mnl.c b/src/conntrack/build_mnl.c
|
|
|
6765e4 |
index d9ad268cb8900..979c0c7e995a3 100644
|
|
|
6765e4 |
--- a/src/conntrack/build_mnl.c
|
|
|
6765e4 |
+++ b/src/conntrack/build_mnl.c
|
|
|
6765e4 |
@@ -73,8 +73,7 @@ nfct_build_tuple_proto(struct nlmsghdr *nlh, const struct __nfct_tuple *t)
|
|
|
6765e4 |
mnl_attr_put_u16(nlh, CTA_PROTO_ICMPV6_ID, t->l4src.icmp.id);
|
|
|
6765e4 |
break;
|
|
|
6765e4 |
default:
|
|
|
6765e4 |
- mnl_attr_nest_cancel(nlh, nest);
|
|
|
6765e4 |
- return -1;
|
|
|
6765e4 |
+ break;
|
|
|
6765e4 |
}
|
|
|
6765e4 |
mnl_attr_nest_end(nlh, nest);
|
|
|
6765e4 |
return 0;
|
|
|
6765e4 |
--
|
|
|
6765e4 |
2.38.0
|
|
|
6765e4 |
|