[netfilter-cvslog] r6764 - trunk/libnetfilter_conntrack/src/conntrack

pablo at netfilter.org pablo at netfilter.org
Tue Feb 27 21:30:46 CET 2007 

Author: pablo at netfilter.org
Date: 2007-02-27 21:30:46 +0100 (Tue, 27 Feb 2007)
New Revision: 6764

Modified:
   trunk/libnetfilter_conntrack/src/conntrack/objopt.c
   trunk/libnetfilter_conntrack/src/conntrack/setter.c
Log:
- fix inconsistency in the behaviour of nfct_set_attr with ATTR_STATUS: now status flags bits of conntrack objects in userspace can be set and unset as it happens with other attributes.
- nfct_get_objopt with NAT detectors previously checks if the status attribute is set, otherwise it just skips it.



Modified: trunk/libnetfilter_conntrack/src/conntrack/objopt.c
===================================================================
--- trunk/libnetfilter_conntrack/src/conntrack/objopt.c	2007-02-27 01:44:02 UTC (rev 6763)
+++ trunk/libnetfilter_conntrack/src/conntrack/objopt.c	2007-02-27 20:30:46 UTC (rev 6764)
@@ -46,22 +46,26 @@
 
 	switch(option) {
 	case NFCT_GOPT_IS_SNAT:
-		ret = (ct->status & IPS_SRC_NAT_DONE &&
-		       ct->tuple[__DIR_REPL].dst.v4 !=
+		ret = (test_bit(ATTR_STATUS, ct->set) ? 
+		       ct->status & IPS_SRC_NAT_DONE : 1 &&
+		       ct->tuple[__DIR_REPL].dst.v4 != 
 		       ct->tuple[__DIR_ORIG].src.v4);
 		break;
 	case NFCT_GOPT_IS_DNAT:
-		ret = (ct->status & IPS_DST_NAT_DONE &&
+		ret = (test_bit(ATTR_STATUS, ct->set) ? 
+		       ct->status & IPS_DST_NAT_DONE : 1 &&
 		       ct->tuple[__DIR_REPL].src.v4 !=
 		       ct->tuple[__DIR_ORIG].dst.v4);
 		break;
 	case NFCT_GOPT_IS_SPAT:
-		ret = (ct->status & IPS_SRC_NAT_DONE &&
+		ret = (test_bit(ATTR_STATUS, ct->set) ? 
+		       ct->status & IPS_SRC_NAT_DONE : 1 &&
 		       ct->tuple[__DIR_REPL].l4dst.tcp.port !=
 		       ct->tuple[__DIR_ORIG].l4src.tcp.port);
 		break;
 	case NFCT_GOPT_IS_DPAT:
-		ret = (ct->status & IPS_DST_NAT_DONE &&
+		ret = (test_bit(ATTR_STATUS, ct->set) ? 
+		       ct->status & IPS_DST_NAT_DONE : 1 &&
 		       ct->tuple[__DIR_REPL].l4src.tcp.port !=
 		       ct->tuple[__DIR_ORIG].l4dst.tcp.port);
 		break;

Modified: trunk/libnetfilter_conntrack/src/conntrack/setter.c
===================================================================
--- trunk/libnetfilter_conntrack/src/conntrack/setter.c	2007-02-27 01:44:02 UTC (rev 6763)
+++ trunk/libnetfilter_conntrack/src/conntrack/setter.c	2007-02-27 20:30:46 UTC (rev 6764)
@@ -139,7 +139,7 @@
 
 static void set_attr_status(struct nf_conntrack *ct, const void *value)
 {
-	ct->status |= *((u_int32_t *) value);
+	ct->status = *((u_int32_t *) value);
 }
 
 set_attr set_attr_array[] = {

More information about the netfilter-cvslog mailing list