diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-06-16 01:43:11 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-06-16 01:43:11 +0200 |
| commit | 807f1e477baf2eb7a642e65017ede0a079ebeb4d (patch) | |
| tree | 25b787fb8af006197d7d7bc5abb9f5e980f6eeb3 /src/netlink.c | |
| parent | 40598325d5ff7a6b928640e456a377001aeae285 (diff) | |
| download | conntrack-tools-807f1e477baf2eb7a642e65017ede0a079ebeb4d.tar.gz conntrack-tools-807f1e477baf2eb7a642e65017ede0a079ebeb4d.zip | |
use only the original tuple to check if a conntrack is present
Diffstat (limited to 'src/netlink.c')
| -rw-r--r-- | src/netlink.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/netlink.c b/src/netlink.c index 10c4643..387062d 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -23,6 +23,7 @@ #include "log.h" #include "debug.h" +#include <string.h> #include <errno.h> int ignore_conntrack(struct nf_conntrack *ct) @@ -219,8 +220,15 @@ int nl_overrun_request_resync(void) int nl_exist_conntrack(struct nf_conntrack *ct) { int ret; + char __tmp[nfct_maxsize()]; + struct nf_conntrack *tmp = (struct nf_conntrack *) (void *)__tmp; - ret = nfct_query(STATE(dump), NFCT_Q_GET, ct); + memset(__tmp, 0, sizeof(__tmp)); + + /* use the original tuple to check if it is there */ + nfct_copy(tmp, ct, NFCT_CP_ORIG); + + ret = nfct_query(STATE(dump), NFCT_Q_GET, tmp); if (ret == -1) return errno == ENOENT ? 0 : -1; |