It is valid to specify CTA_PROTO_NUM with a protocol that is not natively supported by conntrack. Do not cancel the CTA_TUPLE_PROTO nest in this case. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- src/conntrack/build_mnl.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/conntrack/build_mnl.c b/src/conntrack/build_mnl.c index c3198c57cdcd..af5d0e7ce290 100644 --- a/src/conntrack/build_mnl.c +++ b/src/conntrack/build_mnl.c @@ -73,8 +73,7 @@ nfct_build_tuple_proto(struct nlmsghdr *nlh, const struct __nfct_tuple *t) mnl_attr_put_u16(nlh, CTA_PROTO_ICMPV6_ID, t->l4src.icmp.id); break; default: - mnl_attr_nest_cancel(nlh, nest); - return -1; + break; } mnl_attr_nest_end(nlh, nest); return 0; -- 2.30.2
