GET requests report either error via NLMSG_ERROR or the corresponding
entry, therefore, there is always a reply from the kernel.
The NLM_F_ACK flag results in two netlink messages as reply in case of
success for GET requests, one containing the entry and another with the
explicit acknowledgment.
nfct_mnl_request() leaves the explicit acknowledment in the buffer,
filling it up with unhandled netlink messages, leading to the following
error:
conntrack v1.4.7 (conntrack-tools): Operation failed: No buffer space available
Fixes: b7a396b70015 ("conntrack: use libmnl for updating conntrack table")
Reported-by: Tony He <huangya90@xxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/conntrack.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/conntrack.c b/src/conntrack.c
index 20aeed52da0f..d95d3edee4f3 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -2202,7 +2202,7 @@ static int mnl_nfct_update_cb(const struct nlmsghdr *nlh, void *data)
res = nfct_mnl_request(modifier_sock, NFNL_SUBSYS_CTNETLINK,
nfct_get_attr_u8(ct, ATTR_ORIG_L3PROTO),
- IPCTNL_MSG_CT_GET, NLM_F_ACK,
+ IPCTNL_MSG_CT_GET, 0,
mnl_nfct_print_cb, tmp, NULL);
if (res < 0) {
/* the entry has vanish in middle of the update */
@@ -3389,7 +3389,7 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd,
case CT_GET:
res = nfct_mnl_request(sock, NFNL_SUBSYS_CTNETLINK, cmd->family,
- IPCTNL_MSG_CT_GET, NLM_F_ACK,
+ IPCTNL_MSG_CT_GET, 0,
mnl_nfct_dump_cb, cmd->tmpl.ct, cmd);
break;
--
2.30.2
