-----Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: ----- >On 02/09/10 11:21, rui.sousa@xxxxxxxxxxxxx wrote: >> Pablo Neira Ayuso wrote on 09/02/2010 >10:57:39 AM: >> >>> Hi Rui, >> >> Hi Pablo, >> >>> On 01/09/10 15:45, rui.sousa@xxxxxxxxxxxxx wrote: >>>> Hi, >>>> >>>> I have an application using libnetfilter_conntrack-0.100 that >started >>>> reporting errors after the commit: >>>> >>>> 1c450e1595afdc8d1bfabb4f640c9251808426eb. >>> >>> Looking at the source code, this seems to be already fixed in >>> libnetfilter_conntrack 0.0.102, please upgrade to latest. >> >> Hmm... looking at the git tree I see that the __build_conntrack() >code is >> still calling __build_protoinfo() unconditionally and inside the >function >> we always do: >> >> nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO); >> nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP); >> ... >> nfnl_nest_end(&req->nlh, nest_proto); >> nfnl_nest_end(&req->nlh, nest); >> >> even if none of the ATTR_TCP_xxx bits are set. This is what causes >the >> kernel to return -EINVAL >> and ignore the conntrack update. Or am I missing something? > >I see, I guess that you're using a Linux kernel <= 2.6.25 Correct. It's an ARM based embedded linux system still running 2.6.21. > since I >couldn't reproduce it with recent kernels. Please, could you give a >try >to the following patch? This patch fixed my problem. Thanks, Rui -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
