diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-12-14 23:55:47 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-01-10 01:54:45 +0100 |
| commit | 2719bd93ad5f589139d8ede0726fa6a2ef2eb321 (patch) | |
| tree | 225497562af288b6d763811c6ddb1887219d470c /src | |
| parent | f33b72ca969994384a5db6122f8c85e62cfc46ce (diff) | |
| download | conntrack-tools-2719bd93ad5f589139d8ede0726fa6a2ef2eb321.tar.gz conntrack-tools-2719bd93ad5f589139d8ede0726fa6a2ef2eb321.zip | |
conntrackd: relax checkings in ct_filter_sanity_check
This is required to prepare the expectation support.
The master, expect and mask objects that are part of the
conntrack object do not have any reply information. This
allows the expectation support to re-use the existing
filtering infrastructure.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/filter.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/src/filter.c b/src/filter.c index 7c4ddc1..746a9bb 100644 --- a/src/filter.c +++ b/src/filter.c @@ -373,9 +373,7 @@ static inline int ct_filter_sanity_check(const struct nf_conntrack *ct) switch(nfct_get_attr_u8(ct, ATTR_L3PROTO)) { case AF_INET: if (!nfct_attr_is_set(ct, ATTR_IPV4_SRC) || - !nfct_attr_is_set(ct, ATTR_IPV4_DST) || - !nfct_attr_is_set(ct, ATTR_REPL_IPV4_SRC) || - !nfct_attr_is_set(ct, ATTR_REPL_IPV4_DST)) { + !nfct_attr_is_set(ct, ATTR_IPV4_DST)) { dlog(LOG_ERR, "missing IPv4 address. " "You forgot to load " "nf_conntrack_ipv4?"); @@ -384,9 +382,7 @@ static inline int ct_filter_sanity_check(const struct nf_conntrack *ct) break; case AF_INET6: if (!nfct_attr_is_set(ct, ATTR_IPV6_SRC) || - !nfct_attr_is_set(ct, ATTR_IPV6_DST) || - !nfct_attr_is_set(ct, ATTR_REPL_IPV6_SRC) || - !nfct_attr_is_set(ct, ATTR_REPL_IPV6_DST)) { + !nfct_attr_is_set(ct, ATTR_IPV6_DST)) { dlog(LOG_ERR, "missing IPv6 address. " "You forgot to load " "nf_conntrack_ipv6?"); |