This patch is a fix. It sets IPS_EXPECTED for related conntracks.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
--
"Los honestos son inadaptados sociales" -- Les Luthiers
[PATCH][CTNETLINK] Set expected bit for related conntracks
This patch is a fix. It sets IPS_EXPECTED for related conntracks.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Index: net-2.6.git/net/netfilter/nf_conntrack_netlink.c
===================================================================
--- net-2.6.git.orig/net/netfilter/nf_conntrack_netlink.c 2007-12-08 20:10:04.000000000 +0100
+++ net-2.6.git/net/netfilter/nf_conntrack_netlink.c 2007-12-08 20:11:08.000000000 +0100
@@ -1146,8 +1146,10 @@ ctnetlink_create_conntrack(struct nlattr
}
/* setup master conntrack: this is a confirmed expectation */
- if (master_ct)
+ if (master_ct) {
+ __set_bit(IPS_EXPECTED_BIT, &ct->status);
ct->master = master_ct;
+ }
add_timer(&ct->timeout);
nf_conntrack_hash_insert(ct);
