Le 25/06/2019 à 01:58, Pablo Neira Ayuso a écrit :
> On Sun, Jun 23, 2019 at 11:44:09PM -0400, Felix Kaechele wrote:
> [...]
>> [felix@x1 utils]$ sudo ./conntrack_delete
>>
>> TEST: delete conntrack (-1)(No such file or directory)
>
> Could you give a try to this patch?
>
>
> x.patch
>
> diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
> index 7db79c1b8084..4886b1599014 100644
> --- a/net/netfilter/nf_conntrack_netlink.c
> +++ b/net/netfilter/nf_conntrack_netlink.c
> @@ -1256,7 +1256,6 @@ static int ctnetlink_del_conntrack(struct net *net, struct sock *ctnl,
> struct nf_conntrack_tuple tuple;
> struct nf_conn *ct;
> struct nfgenmsg *nfmsg = nlmsg_data(nlh);
> - u_int8_t u3 = nfmsg->version ? nfmsg->nfgen_family : AF_UNSPEC;
> struct nf_conntrack_zone zone;
> int err;
>
> @@ -1266,11 +1265,13 @@ static int ctnetlink_del_conntrack(struct net *net, struct sock *ctnl,
>
> if (cda[CTA_TUPLE_ORIG])
> err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG,
> - u3, &zone);
> + nfmsg->version, &zone);
nfmsg->nfgen_family?
> else if (cda[CTA_TUPLE_REPLY])
> err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_REPLY,
> - u3, &zone);
> + nfmsg->version, &zone);
Same here?
> else {
> + u_int8_t u3 = nfmsg->version ? nfmsg->nfgen_family : AF_UNSPEC;
> +
> return ctnetlink_flush_conntrack(net, cda,
> NETLINK_CB(skb).portid,
> nlmsg_report(nlh), u3);
>
