On 02/09/10 11:21, rui.sousa@mindspeed.com wrote:
> Pablo Neira Ayuso <pablo@netfilter.org> wrote on 09/02/2010 10:57:39 AM:
> 
>> Hi Rui,
> 
> Hi Pablo,
> 
>> On 01/09/10 15:45, rui.sousa@mindspeed.com wrote:
>>> Hi,
>>>
>>> I have an application using libnetfilter_conntrack-0.100 that started 
>>> reporting errors after the commit: 
>>>
>>> 1c450e1595afdc8d1bfabb4f640c9251808426eb.
>>
>> Looking at the source code, this seems to be already fixed in
>> libnetfilter_conntrack 0.0.102, please upgrade to latest.
> 
> Hmm... looking at the git tree I see that the __build_conntrack() code is
> still calling __build_protoinfo() unconditionally and inside the function
> we always do:
> 
> nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
> nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP);
> ...
> nfnl_nest_end(&req->nlh, nest_proto);
> nfnl_nest_end(&req->nlh, nest);
> 
> even if none of the ATTR_TCP_xxx bits are set. This is what causes the 
> kernel to return -EINVAL
> and ignore the conntrack update. Or am I missing something?

I see, I guess that you're using a Linux kernel <= 2.6.25 since I
couldn't reproduce it with recent kernels. Please, could you give a try
to the following patch?