conntrack-tools doesn't set the REPL attributes by default for updates,
so for ICMP flows, the update won't be sent as building the repl tuple
will fail.
Signed-off-by: Luuk Paulussen <luuk.paulussen@xxxxxxxxxxxxxxxxxxx>
---
src/conntrack/build_mnl.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/conntrack/build_mnl.c b/src/conntrack/build_mnl.c
index d9ad268..0067a1c 100644
--- a/src/conntrack/build_mnl.c
+++ b/src/conntrack/build_mnl.c
@@ -496,10 +496,7 @@ nfct_nlmsg_build(struct nlmsghdr *nlh, const struct nf_conntrack *ct)
test_bit(ATTR_REPL_PORT_DST, ct->head.set) ||
test_bit(ATTR_REPL_L3PROTO, ct->head.set) ||
test_bit(ATTR_REPL_L4PROTO, ct->head.set) ||
- test_bit(ATTR_REPL_ZONE, ct->head.set) ||
- test_bit(ATTR_ICMP_TYPE, ct->head.set) ||
- test_bit(ATTR_ICMP_CODE, ct->head.set) ||
- test_bit(ATTR_ICMP_ID, ct->head.set)) {
+ test_bit(ATTR_REPL_ZONE, ct->head.set)) {
const struct __nfct_tuple *t = &ct->repl;
struct nlattr *nest;
--
2.31.0
