diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-07-11 00:43:20 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-07-11 02:42:55 +0200 |
commit | 586382d9a8389ee553db019fd9be14a8a7c0b8ec (patch) | |
tree | 5f00a12a32920319c95c5b0acafff0c9957131f5 /include/network.h | |
parent | 479a37a549abf197ce59a4ae1666d8cba80fe977 (diff) | |
download | conntrack-tools-586382d9a8389ee553db019fd9be14a8a7c0b8ec.tar.gz conntrack-tools-586382d9a8389ee553db019fd9be14a8a7c0b8ec.zip |
conntrackd: simplify expectation filtering
This patch simplifies the expectation filtering by looking up for the
master conntrack. If it does not exists, then we assume that we don't
want this expectation either.
This simplification also fixes the current broken expectation filtering,
since the master conntrack from expectations has neither reply tuple
nor state, however, the filtering code assumes the opposite.
This partially reverts (479a37a conntrackd: fix crash with IPv6 expectation
in the filtering code) since it was incorrectly setting the reply tuple
of the master conntrack.
Thanks to Bill Fink for providing feedback to resolve this issue.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/network.h')
0 files changed, 0 insertions, 0 deletions