add missing ignore_conntrack in the overrun handler

3 files changed, 7 insertions, 1 deletions

diff --git a/src/netlink.c b/src/netlink.c
index 94200b9..b1f9fd7 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -25,7 +25,7 @@
 #include <stdlib.h>
 #include "network.h"
 
-static int ignore_conntrack(struct nf_conntrack *ct)
+int ignore_conntrack(struct nf_conntrack *ct)
 {
 	/* ignore a certain protocol */
 	if (CONFIG(ignore_protocol)[nfct_get_attr_u8(ct, ATTR_ORIG_L4PROTO)])
diff --git a/src/stats-mode.c b/src/stats-mode.c
index 581c07d..22474e2 100644
--- a/src/stats-mode.c
+++ b/src/stats-mode.c
@@ -96,6 +96,9 @@ static int overrun_cb(enum nf_conntrack_msg_type type,
 		      struct nf_conntrack *ct,
 		      void *data)
 {
+	if (ignore_conntrack(ct))
+		return NFCT_CB_CONTINUE;
+
 	/* This is required by kernels < 2.6.20 */
 	nfct_attr_unset(ct, ATTR_TIMEOUT);
 	nfct_attr_unset(ct, ATTR_ORIG_COUNTER_BYTES);
diff --git a/src/sync-mode.c b/src/sync-mode.c
index 65a3c5b..d7bee9d 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -299,6 +299,9 @@ static int overrun_cb(enum nf_conntrack_msg_type type,
 {
 	struct us_conntrack *u;
 
+	if (ignore_conntrack(ct))
+		return NFCT_CB_CONTINUE;
+
 	/* This is required by kernels < 2.6.20 */
 	nfct_attr_unset(ct, ATTR_TIMEOUT);
 	nfct_attr_unset(ct, ATTR_ORIG_COUNTER_BYTES);