Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote on 09/02/2010 10:57:39 AM: > Hi Rui, Hi Pablo, > On 01/09/10 15:45, rui.sousa@xxxxxxxxxxxxx wrote: > > Hi, > > > > I have an application using libnetfilter_conntrack-0.100 that started > > reporting errors after the commit: > > > > 1c450e1595afdc8d1bfabb4f640c9251808426eb. > > Looking at the source code, this seems to be already fixed in > libnetfilter_conntrack 0.0.102, please upgrade to latest. Hmm... looking at the git tree I see that the __build_conntrack() code is still calling __build_protoinfo() unconditionally and inside the function we always do: nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO); nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP); ... nfnl_nest_end(&req->nlh, nest_proto); nfnl_nest_end(&req->nlh, nest); even if none of the ATTR_TCP_xxx bits are set. This is what causes the kernel to return -EINVAL and ignore the conntrack update. Or am I missing something? Br, Rui -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
