Luuk Paulussen <Luuk.Paulussen@xxxxxxxxxxxxxxxxxxx> wrote: > However, in libnetfilter-conntrack the way that the message is built has been changed, and in nfct_nlmsg_build, the check about whether to build the REPL tuple has been extended to include > test_bit(ATTR_ICMP_TYPE, ct->head.set) || > test_bit(ATTR_ICMP_CODE, ct->head.set) || > test_bit(ATTR_ICMP_ID, ct->head.set) That looks like a bug, those checks should only be done for ORIG.
