[conntrack-tools] netlink: build TCP flags/mask only if this is a TCP connection
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Thu Dec 11 19:59:31 CET 2008
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=cda212571533762c525df18fdcf361a93a1a2c31
commit cda212571533762c525df18fdcf361a93a1a2c31
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Thu Dec 11 19:58:55 2008 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Thu Dec 11 19:58:55 2008 +0100
netlink: build TCP flags/mask only if this is a TCP connection
This patch includes the TCP flag/mask attributes if this is a TCP
connection, otherwise do not include.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via cda212571533762c525df18fdcf361a93a1a2c31 (commit)
from 9369fe5370341f72c15de8d72917d014a6c7e460 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cda212571533762c525df18fdcf361a93a1a2c31
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Thu Dec 11 19:58:55 2008 +0100
netlink: build TCP flags/mask only if this is a TCP connection
This patch includes the TCP flag/mask attributes if this is a TCP
connection, otherwise do not include.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
src/netlink.c | 14 ++++++++------
1 files changed, 8 insertions(+), 6 deletions(-)
This patch includes the TCP flag/mask attributes if this is a TCP
connection, otherwise do not include.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/src/netlink.c b/src/netlink.c
index 29281f4..2fabd8d 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -192,7 +192,6 @@ int nl_get_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct)
int nl_create_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig)
{
int ret;
- uint8_t flags;
struct nf_conntrack *ct;
ct = nfct_clone(orig);
@@ -211,11 +210,14 @@ int nl_create_conntrack(struct nfct_handle *h, const struct nf_conntrack *orig)
/*
* TCP flags to overpass window tracking for recovered connections
*/
- flags = IP_CT_TCP_FLAG_BE_LIBERAL | IP_CT_TCP_FLAG_SACK_PERM;
- nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_ORIG, flags);
- nfct_set_attr_u8(ct, ATTR_TCP_MASK_ORIG, flags);
- nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_REPL, flags);
- nfct_set_attr_u8(ct, ATTR_TCP_MASK_REPL, flags);
+ if (nfct_attr_is_set(ct, ATTR_TCP_STATE)) {
+ uint8_t flags = IP_CT_TCP_FLAG_BE_LIBERAL |
+ IP_CT_TCP_FLAG_SACK_PERM;
+ nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_ORIG, flags);
+ nfct_set_attr_u8(ct, ATTR_TCP_MASK_ORIG, flags);
+ nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_REPL, flags);
+ nfct_set_attr_u8(ct, ATTR_TCP_MASK_REPL, flags);
+ }
ret = nfct_query(h, NFCT_Q_CREATE, ct);
nfct_destroy(ct);
More information about the netfilter-cvslog
mailing list