[conntrack-tools] use only the original tuple to check if a conntrack is present

[Pablo Neira]

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=807f1e477baf2eb7a642e65017ede0a079ebeb4d
commit 807f1e477baf2eb7a642e65017ede0a079ebeb4d
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Mon Jun 16 01:43:11 2008 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Mon Jun 16 01:43:11 2008 +0200

    use only the original tuple to check if a conntrack is present
       via  807f1e477baf2eb7a642e65017ede0a079ebeb4d (commit)
      from  40598325d5ff7a6b928640e456a377001aeae285 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 807f1e477baf2eb7a642e65017ede0a079ebeb4d
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Mon Jun 16 01:43:11 2008 +0200

    use only the original tuple to check if a conntrack is present

-----------------------------------------------------------------------

 src/netlink.c |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/src/netlink.c b/src/netlink.c
index 10c4643..387062d 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -23,6 +23,7 @@
 #include "log.h"
 #include "debug.h"
 
+#include <string.h>
 #include <errno.h>
 
 int ignore_conntrack(struct nf_conntrack *ct)
@@ -219,8 +220,15 @@ int nl_overrun_request_resync(void)
 int nl_exist_conntrack(struct nf_conntrack *ct)
 {
 	int ret;
+	char __tmp[nfct_maxsize()];
+	struct nf_conntrack *tmp = (struct nf_conntrack *) (void *)__tmp;
 
-	ret = nfct_query(STATE(dump), NFCT_Q_GET, ct);
+	memset(__tmp, 0, sizeof(__tmp));
+
+	/* use the original tuple to check if it is there */
+	nfct_copy(tmp, ct, NFCT_CP_ORIG);
+
+	ret = nfct_query(STATE(dump), NFCT_Q_GET, tmp);
 	if (ret == -1)
 		return errno == ENOENT ? 0 : -1;